docker容器nignx配置反向代理，配置ssl。-陌上烟雨遥

一、创建nginx实例环境

1、随便启动一个nginx实例，只是为了复制出配置


docker run -p 80:80 --name nginx -d nginx:1.10
docker run -p 80:80 --name nginx -d nginx:1.10
docker run -p 80:80 --name nginx -d nginx:1.10

2、创建/mydata/nginx目录


cd /mydata mkdir nginx
cd /mydata mkdir nginx
cd /mydata mkdir nginx

3、将容器内的配置文件拷贝到当前目录：


docker container cp nginx:/etc/nginx .
docker container cp nginx:/etc/nginx .
docker container cp nginx:/etc/nginx .

注意：最后的点

4、修改文件名称：


mv nginx conf
mv nginx conf
mv nginx conf

5、把这个conf移动到/mydata/nginx下

6、终止原容器：


docker stop nginx
docker stop nginx
docker stop nginx

7、执行命令删除原容器：


docker rm $ContainerId
docker rm $ContainerId
docker rm $ContainerId

8、创建新的nginx；执行以下命令


docker run -p 80:80 -p 443:443 --name nginx \ -v /mydata/nginx/html:/usr/share/nginx/html/:rw \ -v /mydata/nginx/logs:/var/log/nginx/:rw \ -v /mydata/nginx/conf:/etc/nginx/:rw \ -v /mydata/nginx/ssl:/ssl/:rw \ -d nginx:1.10
docker run -p 80:80 -p 443:443 --name nginx \ -v /mydata/nginx/html:/usr/share/nginx/html/:rw \ -v /mydata/nginx/logs:/var/log/nginx/:rw \ -v /mydata/nginx/conf:/etc/nginx/:rw \ -v /mydata/nginx/ssl:/ssl/:rw \ -d nginx:1.10
docker run -p 80:80 -p 443:443 --name nginx \ -v /mydata/nginx/html:/usr/share/nginx/html/:rw \ -v /mydata/nginx/logs:/var/log/nginx/:rw \ -v /mydata/nginx/conf:/etc/nginx/:rw \ -v /mydata/nginx/ssl:/ssl/:rw \ -d nginx:1.10

9、设置nginx开机自启动


docker update nginx --restart=always
docker update nginx --restart=always
docker update nginx --restart=always

二、配置反向代理

1、修改nginx配置文件，conf/nginx.conf，增加服务节点


#配置wlds.zwfw.com:80对应的服务器监听端口 upstream wlds.zwfw.com { server 192.168.10.110:8081; } 
#配置wlds.zwfw.com:80对应的服务器监听端口 upstream wlds.zwfw.com { server 192.168.10.110:8081; } 
#配置wlds.zwfw.com:80对应的服务器监听端口 upstream wlds.zwfw.com { server 192.168.10.110:8081; }

docker容器nignx配置反向代理，配置ssl。插图

2、进入conf/conf.d目录，拷贝default.conf为wlds.zwfw.conf，编辑wlds.zwfw.conf


server { listen 80; listen 443 ssl; server_name wlds.zwfw.com; #增加ssl #ssl on; #如果强制HTTPs访问，这行要打开 ssl_certificate /ssl/server.crt; ssl_certificate_key /ssl/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; #制定密码为openssl支持的格式 ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #密码加密方式 ssl_prefer_server_ciphers on; #依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { proxy_pass http://wlds.zwfw.com; #配置默认访问页，这里就会访问wlds.zwfw.com里面的首页 index index.html index.htm index.jsp; } location /ac-product/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://wlds.zwfw.com/ac-product/; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } 
server { listen 80; listen 443 ssl; server_name wlds.zwfw.com; #增加ssl #ssl on; #如果强制HTTPs访问，这行要打开 ssl_certificate /ssl/server.crt; ssl_certificate_key /ssl/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; #制定密码为openssl支持的格式 ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #密码加密方式 ssl_prefer_server_ciphers on; #依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { proxy_pass http://wlds.zwfw.com; #配置默认访问页，这里就会访问wlds.zwfw.com里面的首页 index index.html index.htm index.jsp; } location /ac-product/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://wlds.zwfw.com/ac-product/; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } 
server { listen 80; listen 443 ssl; server_name wlds.zwfw.com; #增加ssl #ssl on; #如果强制HTTPs访问，这行要打开 ssl_certificate /ssl/server.crt; ssl_certificate_key /ssl/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; #制定密码为openssl支持的格式 ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #密码加密方式 ssl_prefer_server_ciphers on; #依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { proxy_pass http://wlds.zwfw.com; #配置默认访问页，这里就会访问wlds.zwfw.com里面的首页 index index.html index.htm index.jsp; } location /ac-product/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://wlds.zwfw.com/ac-product/; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }

docker容器nignx配置反向代理，配置ssl。插图1

三、配置ssl

1、设置server.key，这里需要设置两遍密码:


openssl genrsa -des3 -out server.key 1024
openssl genrsa -des3 -out server.key 1024
openssl genrsa -des3 -out server.key 1024

2、参数设置，首先这里需要输入之前设置的密码:


openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -out server.csr
openssl req -new -key server.key -out server.csr

docker容器nignx配置反向代理，配置ssl。插图2

3、写RSA秘钥（这里也要求输入之前设置的密码）：


openssl rsa -in server.key -out server_nopwd.key
openssl rsa -in server.key -out server_nopwd.key
openssl rsa -in server.key -out server_nopwd.key

docker容器nignx配置反向代理，配置ssl。插图3

4、获取密钥


openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt 
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt 
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

docker容器nignx配置反向代理，配置ssl。插图4

5、改变密钥文件，将原来的server.key重命名，并把server_nopwd.key重命名为server.key

docker容器nignx配置反向代理，配置ssl。插图5

四、重启nginx，测试访问


docerk restart nginx
docerk restart nginx
docerk restart nginx

原文链接：https://blog.csdn.net/u011101295/article/details/122257377

声明📢本站内容均来自互联网，归原创作者所有，如有侵权必删除。本站文章皆由CC-4.0协议发布，如无来源则为原创，转载请注明出处。

THE END

群晖