docker installs nginx and configure methods accessed through https
- 2021-01-02 22:03:49
- OfStack
1. Download the latest nginx docker image
$ docker pull nginx:latest
2. Start the nginx container
Run the following command to start nginx container
docker run --detach \
--name wx-nginx \
-p 443:443\
-p 80:80 \
-v /home/evan/workspace/wxserver/nginx/data:/usr/share/nginx/html:rw\
-v /home/evan/workspace/wxserver/nginx/config/nginx.conf:/etc/nginx/nginx.conf/:rw\
-v /home/evan/workspace/wxserver/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf:rw\
-v /home/evan/workspace/wxserver/nginx/logs:/var/log/nginx/:rw\
-v /home/evan/workspace/wxserver/nginx/ssl:/ssl/:rw\
-d nginx
Map port 443 for https requests
Map port 80 for http requests;
The default home page html nginx storage directory mapping to host disk directory, / home/evan/workspace/wxserver/nginx/data
nginx configuration file mapping to host disk file, / home/evan/workspace/wxserver/nginx/config/nginx conf
Here you need to prepare the following files,
1. Configuration file of nginx
The first is the ES45en.conf file. The default configuration file is shown below
# run nginx The user
user nginx;
# The startup process is set to and CPU Equal number
worker_processes 1;
# Global error log and PID File location
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# Working mode and upper limit of connections
events {
# A single background work The maximum number of concurrent processes is set to 1024
worker_connections 1024;
}
http {
# set mime type
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Set log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Sets the connection timeout event
keepalive_timeout 65;
# open GZIP The compression
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
Can see the last 1 row 1 configuration file also contains the other conf. d/default conf, used to configure server fields
server {
listen 80; # To listen to 80 Port, if forced all access must be HTTPs This line needs to be logged off
server_name www.buagengen.com; # The domain name
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
# Define the home page index directory and name
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# Define the error message page
#error_page 404 /404.html;
# Redirect the error page to /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
2. html file of the default homepage of nginx
This html can define one of its own, any one of them.
At this point, you can access the html file defined by nginx directly through the IP address. However, at this time, the access is only for http, but the access to https is still not enough, we need to add the certificate to the nginx server.
3. Generate certificates through openssl
Set server. key. The password needs to be set twice:
openssl genrsa -des3 -out server.key 1024
Parameter setting. First, you need to enter the password previously set:
openssl req -new -key server.key -out server.csr
And then you need to type in the following information, so maybe you just need to fill in 1, which is for testing anyway
Country Name (2 letter code) [AU]: State the name of the
State or Province Name (full name) [Some-State]: province
Locality Name (eg, city) []: city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company name
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: Website domain name
Email Address []: email
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: A password is required here
An optional company name []:
Write the RSA secret key (the previous password is also required here) :
openssl rsa -in server.key -out server_nopwd.key
Obtain private key:
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
After this step, we have the certificate file and private key we need
server.crt server.key
4. Configure nginx server to support https access
The previous step 1 of the generated file copy to host ssl directory, / home evan workspace/wxserver/nginx/ssl.
Then modify the configuration file ES118en.conf to add ssl support,
server {
listen 80; # To listen to 80 Port, if forced all access must be HTTPs This line needs to be logged off
listen 443 ssl;
server_name www.buagengen.com; # The domain name
# increase ssl
#ssl on; # If the force HTTPs Access, this line has to be open
ssl_certificate /ssl/server.crt;
ssl_certificate_key /ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# Specify password as openssl Supported formats
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; # Password encryption method
ssl_prefer_server_ciphers on; # Rely on SSLv3 and TLSv1 The server password for the protocol will take precedence over the client password
# Define the home page index directory and name
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# Redirect the error page to /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Restart the nginx container and you can now access the nginx server via https