Docker部署nginx配置SSL多目录

对自己第一次搭建nginx做个简要的笔记

 

第一步:创建宿主机挂载点目录

mkdir -p /home/nginx/{conf,conf.d,html,log,ssl}

 

第二步:安装简易版nginx,复制配置文件到挂载点,删除nginx

docker run -d -p 8988:443 --name nginx-web  nginx

docker cp 31c68cef79c6:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf
docker cp 31c68cef79c6:/etc/nginx/conf.d/ /home/nginx/
docker cp 31c68cef79c6:/usr/share/nginx/html/ /home/nginx/
docker cp 31c68cef79c6:/var/log/nginx/ /home/nginx/logs/

docker rm -f 31c68cef79c6

 

第三步:安装挂载点的nginx

docker run -d -p 8988:443 --name nginx-web \
  -v /home/nginx/html:/usr/share/nginx/html \
  -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
  -v /home/nginx/log:/var/log/nginx \
  -v /home/nginx/conf.d/:/etc/nginx/conf.d \
  -v /home/nginx/ssl/:/etc/nginx/cert \
  nginx

 

第四步:配置nginx

server {
  
   #listen    80;       #侦听80端口,如果强制所有的访问都必须是HTTPs的,这行需要注销掉
    listen    443 ssl;
   # listen  [::]:80;
    server_name  localhost;
    client_max_body_size 50M;
    #access_log  /var/log/nginx/host.access.log  main;

# 增加ssl
   ssl on;        #如果强制HTTPs访问,这行要打开
    ssl_certificate /etc/nginx/cert/server.crt;
    ssl_certificate_key /etc/nginx/cert/server.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

     # 指定密码为openssl支持的格式
     ssl_protocols  SSLv2 SSLv3 TLSv1.2;

     ssl_ciphers  HIGH:!aNULL:!MD5;  # 密码加密方式
     ssl_prefer_server_ciphers  on;   # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码

    location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;

   }

#location /download/index.html {
#root /usr/share/nginx/html;
#index  index.html index.htm;
#}

location /download/ {
alias /usr/share/nginx/html/download/;
index  index.html index.htm;
}



location /hotcode/ {
alias /usr/share/nginx/html/hotcode/;
index __UNI__894689A.wgt;
}

location /share/ {
alias /usr/share/nginx/html/share/;
index  index.html index.htm;
}


location  /swagger/ {
proxy_pass   http://172.16.8.187:8040/;
}

location /api/ {
proxy_pass   http://172.16.8.187:8040;
}

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }


    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
上一篇:SSL工作过程


下一篇:CentOS7(1708)制作docker镜像之后,开启sshd服务失败的处理办法