Docker 部署 Nginx
先运行一次
docker run -itd --rm --name nginx nginx
把Nginx文件夹复制出来
mkdir /webapps
docker cp nginx:/etc/nginx /webapps/
停止Nginx
docker stop nginx
正确启动Nginx
docker run -itd \
--name nginx \
--restart always \
-p 80:80 -p 443:443 \
-v /webapps/nginx:/etc/nginx \
nginx
配置Nginx (http强制跳转https)
vim /webapps/nginx/conf.d/default.conf
server {
listen 80;
#填写绑定证书的域名
server_name jinzhengba.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
#填写绑定证书的域名
server_name jinzhengba.com;
#证书文件名称
ssl_certificate /etc/nginx/cert/jinzhengba.com_bundle.crt;
#私钥文件名称
ssl_certificate_key /etc/nginx/cert/jinzhengba.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
alias /etc/nginx/web/; # 这里存放前端文件
index index.html index.htm;
try_files $uri $uri/ /index.html;
proxy_set_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
proxy_set_header Pragma "no-cache";
proxy_set_header Expires -1;
}
# 配置反向代理
location /api {
proxy_ssl_server_name on;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# 如果反向代理api.weixin.qq.com , 上面一行改为 proxy_set_header Host api.weixin.qq.com
proxy_redirect off;
expires off;
sendfile off;
proxy_pass https://xxx.xxx.xxx.xxx:xxx;
}
# 开启目录浏览(不需要可删掉)
location /files/ {
alias /etc/nginx/files/; # 对应的宿主机目录是 /webapps/nginx/files
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
proxy_set_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
proxy_set_header Pragma "no-cache";
proxy_set_header Expires -1;
}
}
重启Nginx
docker restart nginx
NginxProxyManager
先运行一次
docker run -itd --rm --name nginx-proxy-manager jc21/nginx-proxy-manager
把Nginx文件夹复制出来
mkdir /webapps/nginx-proxy-manager
docker cp nginx-proxy-manager:/etc/nginx /webapps/nginx-proxy-manager/
停止NginxProxyManager
docker stop nginx-proxy-manager
正确启动NginxProxyManager
docker run -d \
--name nginx-proxy-manager \
--restart always \
--log-opt max-size=100m --log-opt max-file=3 \
-p 10080:80 \
-p 10081:81 \
-v /webapps/nginx-proxy-manager/nginx:/etc/nginx \
jc21/nginx-proxy-manager:latest
打开 ip:10081
Email: admin@example.com
Password: changeme
生成SSL证书
# 生成私钥
openssl genpkey -algorithm RSA -out /etc/nginx/ssl/jinzhengba.com.key -aes256
# 生成自签名证书(有效期36500天)
openssl req -new -x509 -sha256 -key /etc/nginx/ssl/api_smxx_com.key -out /etc/nginx/ssl/jinzhengba.com.crt -days 36500
# 移除密码
openssl rsa -in /etc/nginx/ssl/jinzhengba.com.key -out /etc/nginx/ssl/jinzhengba.com.nopass.key
在生成证书时,
openssl
会要求你输入以下信息:
Country Name (2 letter code): 国家代码(例如:
CN
、US
)。State or Province Name: 省或州的名称(例如:
Guangdong
)。Locality Name (eg, city): 城市名称(例如:
Shenzhen
)。Organization Name (eg, company): 组织或公司名称(例如:
My Company
)。Organizational Unit Name (eg, section): 组织单位(例如:
IT Department
,此项可为空)。Common Name (e.g. server FQDN or YOUR name): 这个字段非常重要,它通常是你要为其生成证书的域名,比如
jinzhengba.com
。如果你是为jinzhengba.com
生成证书,Common Name
就应该填写jinzhengba.com
。
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
One piece!
喜欢就支持一下吧