为 docker 中的 nginx 配置 https

发布时间:2019-11-02 发布网站:大佬教程
大佬教程收集整理的这篇文章主要介绍了为 docker 中的 nginx 配置 https大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

就是一个提供免费 SSL/TLS 证书的网站,由于其证书期限只有三个月,所以需要我们用自动化的方式去更新证书。本文将介绍如何为通过 docker 运行的 nginx 中的站点添加 https 支持,并自动完成证书的更新。本文的演示环境为:运行在 Azure 上的 Ubuntu 16.04 主机(此图来自互联网):

为 docker 中的 nginx 配置 https

为 docker 中的 nginx 配置 https

为 docker 中的 nginx 配置 https

$ docker pull ljfpower/--d --restart=always --expose=--network=webnet --name=/nodedemo

$ -p nginx/ -p logs/{nginx,letsencrypt}

为 docker 中的 nginx 配置 https

error_log /var/log/nginx/<span style="color: #000000">error.log warn;
pid /var/run/<span style="color: #000000">nginx.pid;

events {
worker_connections <span style="color: #800080">2048<span style="color: #000000">;
}

http {
include /etc/nginx/<span style="color: #000000">mime.types;
default_type application/octet-<span style="color: #000000">stream;

sendfile        on;
keepalive_timeout    </span><span style="color: #800080"&gt;65</span><span style="color: #000000"&gt;;
client_max_body_size 10M;

include </span>/etc/nginx/conf.d<span style="color: #008000"&gt;/*</span><span style="color: #008000"&gt;.conf;

}

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; { default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;; root </span>/usr/share/nginx/<span style="color: #000000"&gt;html; } location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; { return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;; } location </span>/<span style="color: #000000"&gt; { proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}

Let's Encrypt First Time Cert Issue Site Hello HTTPS!

$ docker run --p :-v $()/nginx/conf.d:/etc/nginx/-v $()/nginx/nginx.conf:/etc/nginx/-v $()/logs/nginx:/var/log/-v $()/nginx/html:/usr/share/nginx/--restart=--name=--network=

为 docker 中的 nginx 配置 https

是一个提供免费 SSL/TLS 证书的网站,它为用户提供了 certbot 工具用来生成 SSL/TLS 证书。方便起见,我们把 certbot 简单的封装到容器中。在用户的家目录下创建 certbot 目录,进入 certbot 目录并把下面的内容保存到 Dockerfile 文件中:

FROM alpine:--]

$ docker build -t certbot: .

#!/bin/==( ==/usr/share/nginx/ domain ${LIST[@]};---v ${WEBDIR}/nginx/conf.crt:/etc/-v ${WEBDIR}/logs/letsencrypt:/var/log/-v ${WEBDIR}/nginx/--verbose --noninteractive --quiet --agree---webroot ---email=-d =$? [ $CODE -ne ]; += output failed domains

<span style="color: #0000ff">if [ ${#FAILED_LIST[@]} -ne <span style="color: #800080">0 ];<span style="color: #0000ff">then
<span style="color: #0000ff">echo <span style="color: #800000">'<span style="color: #800000">failed domain:<span style="color: #800000">'
<span style="color: #0000ff">for (( i=<span style="color: #800080">0; i<${#FAILED_LIST[@]}; i++<span style="color: #000000"> ));
<span style="color: #0000ff">do
<span style="color: #0000ff">echo<span style="color: #000000"> ${FAILED_LIST[$i]}
<span style="color: #0000ff">done
<span style="color: #0000ff">fi

为 docker 中的 nginx 配置 https

为 docker 中的 nginx 配置 https

server {
listen
<span style="color: #800080">80
<span style="color: #000000">;
listen [::]:
<span style="color: #800080">80<span style="color: #000000">;
server_name filterinto.com www.filterinto.com;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
return </span><span style="color: #800080"&gt;301</span> https:<span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;$server_name$request_uri;</span>

<span style="color: #000000">}
server {
listen <span style="color: #800080">443<span style="color: #000000">;
listen [::]:<span style="color: #800080">443<span style="color: #000000">;
server_name filterinto.com;

# enable ssl
ssl                       on;
ssl_protocols TLSv1 TLSv1.</span><span style="color: #800080"&gt;1</span> TLSv1.<span style="color: #800080"&gt;2</span><span style="color: #000000"&gt;;
ssl_prefer_server_ciphers on;
ssl_ciphers               </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;

# config ssl certificate

<span style="color: #ff0000"> ssl_certificate conf.crt<span style="color: #ff0000">/live/filterinto.com/fullchain.pem;
ssl_certificate_key conf.crt/live/filterinto.com/
<span style="color: #000000"><span style="color: #ff0000">privkey.pem;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
        return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
location </span>/<span style="color: #000000"&gt; {
    proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}
server {
listen <span style="color: #800080">443<span style="color: #000000">;
listen [::]:<span style="color: #800080">443<span style="color: #000000">;
server_name www.filterinto.com;

# enable ssl
ssl                       on;
ssl_protocols TLSv1 TLSv1.</span><span style="color: #800080"&gt;1</span> TLSv1.<span style="color: #800080"&gt;2</span><span style="color: #000000"&gt;;
ssl_prefer_server_ciphers on;
ssl_ciphers               </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;

# config ssl certificate

<span style="color: #ff0000"> ssl_certificate conf.crt<span style="color: #ff0000">/live/www.filterinto.com/fullchain.pem;
ssl_certificate_key conf.crt/live/www.filterinto.com/
<span style="color: #000000"><span style="color: #ff0000">privkey.pem;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
        return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
location </span>/<span style="color: #000000"&gt; {
    proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}

$ docker run --p :-p :-v $()/nginx/conf.d:/etc/nginx/-v $()/nginx/nginx.conf:/etc/nginx/-v $()/logs/nginx:/var/log/-v $()/nginx/html:/usr/share/nginx/--restart=--name=--network=

为 docker 中的 nginx 配置 https

* * /home/nick/certbot/renew_cert. /home/nick >> /home/nick/logs/cert.log >> /home/nick/logs/ * * docker exec gateway nginx -s reload

大佬总结

以上是大佬教程为你收集整理的为 docker 中的 nginx 配置 https全部内容,希望文章能够帮你解决为 docker 中的 nginx 配置 https所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ群:277859234,请注明来意。