Of Stack

Start nginxssl configuration based on docker

  • 2021-09-25 00:06:00
  • OfStack

Precondition

1 cloud server (centOS of Alibaba Cloud, Tencent Cloud, etc.) There should be docker on the server (the installation method is not introduced here) 1 domain name ssl certificate (two files: 1 key suffix, 1 pem suffix; there are many ways to generate it not covered here)

Download the latest nginx docker image

docker pull nginx:latest

Create a directory nginx to store the following related things

mkdir -p /home/nginx/www /home/nginx/logs /home/nginx/conf

Put our static HTML page under the/home/nginx/www folder;

Create a file called nginx. conf under the/home/nginx/conf folder as follows: 


user nginx;
worker_processes 1;
 
error_log /var/log/nginx/error.log warn;
pid    /var/run/nginx.pid;
 
 
events {
  worker_connections 1024;
}
 
 
http {
  include    /etc/nginx/mime.types;
  default_type application/octet-stream;
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';
 
  access_log /var/log/nginx/access.log main;
 
  sendfile    on;
  #tcp_nopush   on;
 
  keepalive_timeout 65;
 
  #gzip on;
 
  include /etc/nginx/conf.d/*.conf;

Deploy nginx

docker run-d-p 80: 80-p 443: 443-name nginx-server-v/home/nginx/www:/usr/share/conf/home/home/conf/conf/conf/conf/nginx/var nginx

Command description:

-p 80: 80: Maps port 80 of the container to port 80 of the host.

-p 443: 443: Maps port 80 of the container to port 443 of the host.
--name nginx-server: Name the container nginx-server.

-v/home/nginx/www:/usr/share/nginx/html: Mount our own www directory into the/usr/share/nginx/html of the container.

-v/home/nginx/conf/nginx. conf: etc/nginx/nginx. conf: Mount our own nginx/nginx/nginx. conf into the container.

-v/home/nginx/logs:/var/log/nginx: Mount our own logs onto the container's/var/log/nginx.

After startup, we can access our HTML page through domain name, but we are not finished yet

Modification of nginx. conf

Insert the following into the nginx. conf file we just created: (Be careful not to restart yet) 


server {
  listen    443 ssl;
  server_name fightingtop.cn www.fightingtop.cn;
  root     /usr/share/nginx/html;
  ssl_certificate   /ssl/certificate.pem;
  ssl_certificate_key /ssl/2832429_fightingtop.cn.key;
  ssl_session_timeout 5m;
  ssl_session_cache  shared:SSL:1m;
  ssl_ciphers     ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
  ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
 
  location / {
    root  /usr/share/nginx/html;
    index index.html index.htm;
  }
}
 
server {
  listen 80;
  server_name fightingtop.cn www.fightingtop.cn;
  rewrite ^ https://$host$1 permanent;
}

Copy two certificate files to the nginx container

First enter the nginx container and create an ssl folder in the root directory to put the certificate

docker exec -it aa5badebd38a /bin/bash < br data-filtered="filtered" > cd / < br data-filtered="filtered" > mkdir ssl

Start copying certificates

docker cp /home/ssl/certificate.key aa5badebd38a:/ssl/
docker cp /home/ssl/certificate.pem aa5badebd38a:/ssl/

You're done, restart it!

Related articles: