nginx配置ssl证书
1.下载ssl的Nginx文件并放到Linux主机的/opt/nginx/ssl/中
cd /opt/nginx/ssl/
2.备份配置文件
cp nginx.conf nginx.conf.ssl
3.修改配置文件
vim /opt/nginx/conf/nginx.conf.ssl
error_log /var/log/nginx/error.log notice;#配置错误日志的存放路径
pid /var/run/nginx.pid;#配置进程PID存放路径 events {worker_connections 1024;#设置允许每一个worker process同时开启的最大连接数
}http {include /etc/nginx/mime.types;#引入配置文件 default_type application/octet-stream;#定义网络资源的媒体类型 log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';#自定义服务日志 access_log /var/log/nginx/access.log main;#配置正常访问的服务日志位置keepalive_timeout 65;#配置连接超时时间sendfile on;#开启文件高效传输模式#tcp_nopush on;#当有数据时,先不着急发送,确保数据包已经装满数据,避免网络拥塞。server{#监听443端口listen 443 ssl;#对应的域名server_name jkw.life;ssl on;ssl_certificate /etc/nginx/ssl/jkw.life.pem;ssl_certificate_key /etc/nginx/ssl/jkw.life.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;location / {root /usr/share/nginx/html;index index.html;}}server {listen 80;server_name jkw.life;rewrite ^/(.*) https://jkw.life/$1 permanent;}include /etc/nginx/conf.d/*.conf;}
4.创建容器卷
docker volume create nginx8025
cd /var/lib/docker/volumes/nginx8025/_data
5.创建nginx容器
docker run --rm -d -p 8025:80 --name nginx8025 -v nginx8025:/usr/share/nginx/html -v /opt/nginx/conf/nginx.conf.ssl:/etc/nginx/nginx.conf nginx
6.把Linux中ssl文件放到docker的nginx中
docker cp /opt/nginx/ssl nginx8025:/etc/nginx/ssl
7.查看docker的nginx中ssl文件
docker exec -it nginx8025 /bin/bash
cd /etc/nginx/ss