ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl
这个为全部配置, 需要替换你自己的域名,配置中强制https了
server {
listen ;
server_name xxx.cn www.xxx.cn;
return https://$host$request_uri;
}
server {
listen ssl;
server_name xxx.cn www.xxx.cn; #填写绑定证书的域名
ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1. TLSv1.; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
charset utf-;
access_log /var/log/nginx/xxx.access.log main;
error_log /var/log/nginx/xxx.error.log warn;
#对 / 所有做负载均衡+反向代理
location / {
proxy_pass http://127.0.0.1:83;
}
#静态文件,nginx自己处理,不去backend请求
location /media {
alias /data/xxx/media;
}
location /static {
alias /data/xxx/static;
}
location ~ /.well-known{ # https证书自动更新
proxy_pass http://127.0.0.1:88; # certon自动更新接口
}
}
ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem;
是证书的绝对路径。 另外附上nginx的docker-compose配置
version: '' services:
web:
image: nginx
container_name: nginx.web
restart: always
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./log/nginx:/var/log/nginx
- ./conf.d:/etc/nginx/conf.d
- ./ssl:/etc/letsencrypt:ro
ports:
- "80:80"
- "443:443"
network_mode: "host"