Start nginxssl configuration based on docker
- 2021-09-25 00:06:00
- OfStack
Precondition
Download the latest nginx docker image
docker pull nginx:latest
Create a directory nginx to store the following related things
mkdir -p /home/nginx/www /home/nginx/logs /home/nginx/conf
Put our static HTML page under the/home/nginx/www folder;
Create a file called nginx. conf under the/home/nginx/conf folder as follows:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
Deploy nginx
docker run-d-p 80: 80-p 443: 443-name nginx-server-v/home/nginx/www:/usr/share/conf/home/home/conf/conf/conf/conf/nginx/var nginx
Command description:
-p 80: 80: Maps port 80 of the container to port 80 of the host.
-p 443: 443: Maps port 80 of the container to port 443 of the host.
--name nginx-server: Name the container nginx-server.-v/home/nginx/www:/usr/share/nginx/html: Mount our own www directory into the/usr/share/nginx/html of the container.
-v/home/nginx/conf/nginx. conf: etc/nginx/nginx. conf: Mount our own nginx/nginx/nginx. conf into the container.
-v/home/nginx/logs:/var/log/nginx: Mount our own logs onto the container's/var/log/nginx.
After startup, we can access our HTML page through domain name, but we are not finished yet
Modification of nginx. conf
Insert the following into the nginx. conf file we just created: (Be careful not to restart yet)
server {
listen 443 ssl;
server_name fightingtop.cn www.fightingtop.cn;
root /usr/share/nginx/html;
ssl_certificate /ssl/certificate.pem;
ssl_certificate_key /ssl/2832429_fightingtop.cn.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name fightingtop.cn www.fightingtop.cn;
rewrite ^ https://$host$1 permanent;
}
Copy two certificate files to the nginx container
First enter the nginx container and create an ssl folder in the root directory to put the certificate
docker exec -it aa5badebd38a /bin/bash
<
br data-filtered="filtered"
>
cd /
<
br data-filtered="filtered"
>
mkdir ssl
Start copying certificates
docker cp /home/ssl/certificate.key aa5badebd38a:/ssl/
docker cp /home/ssl/certificate.pem aa5badebd38a:/ssl/
You're done, restart it!