执行编译操作环境如下
CentOS Linux release 7.9.2009 (Core)
执行编译操作的目录为/root/openresty
- 编译gmssl
gmssl下载地址:https://github.com/guanzhi/GmSSL/
./config
make
make install
- 编译安装openresty
openresty下载地址:https://openresty.org/download/openresty-1.19.3.1.tar.gz
yum -y install pcre-devel
yum install -y zlib-devel
./configure
make j4
make install
编译完成后的包地址在 /usr/local/openresty,将其移动到Dockerfile所在目录/openresty下,便于COPY。
Dockerfile
FROM centos:7
# nginx需要pcre依赖所以安装pcre
RUN yum install -y net-tools pcre pcre-devel
# 有可能运行时,找不到libpcre.so.3做个软连接即可
RUN ln -s /usr/lib64/libpcre.so.1 /usr/lib64/libpcre.so.3
# 把刚刚编译好的openresty和gmssl拷贝到容器中
COPY ./openresty /usr/local/openresty
# 把libcrypto.so、libcrypto.so.1.1、libssl.so、libssl.so.1.1 拷贝进去(因为我是已经把这几个文件放到了/usr/local/openresty/nginx/sbin下了,所以我这儿直接拷贝),原路径为 /usr/local/GmSSL-master/下
COPY ./GmSSL-master/ /usr/lib64/
# 拷贝gmssl
COPY ./GmSSL-master/ /usr/local/GmSSL-master/
# Add additional binaries into PATH for convenience
ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
CMD ["openresty", "-s", "reload;"]
# Use SIGQUIT instead of default SIGTERM to cleanly drain requests
# See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls
STOPSIGNAL SIGQUIT
- 构建镜像
docker build -t openresty-gm:v1 .
- 启动
docker run -it -p 80:80 -p 443:443 -v /root/openresty/cert:/usr/local/cert -v /root/openresty/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf openresty-gm:v1 bash
nginx.conf内容
worker_processes 2;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server
{
listen 0.0.0.0:80;
listen 0.0.0.0:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECDHE-SM4-GCM-SM3;
ssl_verify_client off;
ssl_certificate /usr/local/cert/test.cn_RSA.crt;
ssl_certificate_key /usr/local/cert/test.cn_RSA.key;
ssl_certificate /usr/local/cert/test.cn_sm2_sign.crt;
ssl_certificate_key /usr/local/cert/test.cn_SM2.key;
ssl_certificate /usr/local/cert/test.cn_sm2_encrypt.crt;
ssl_certificate_key /usr/local/cert/test.gov.cn_SM2.key;
location /
{
root html;
index index.html index.htm;
}
}
}
- 客户端访问
参考文章