加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

为 docker 中的 nginx 配置 https

发布时间:2020-12-16 03:57:25 所属栏目:安全 来源:网络整理
导读:$ docker pull ljfpower/ - -d --restart=always --expose= --network=webnet --name= /nodedemo $ -p nginx/ -p logs/{nginx,letsencrypt} error_log /var/log/nginx/span style="color: #000000"error.log warn; pid /var/run/span style="color: #000000"

$ docker pull ljfpower/--d --restart=always --expose=--network=webnet --name=/nodedemo

$ -p nginx/ -p logs/{nginx,letsencrypt}

error_log /var/log/nginx/<span style="color: #000000">error.log warn;
pid /var/run/<span style="color: #000000">nginx.pid;

events {
worker_connections <span style="color: #800080">2048<span style="color: #000000">;
}

http {
include /etc/nginx/<span style="color: #000000">mime.types;
default_type application/octet-<span style="color: #000000">stream;

sendfile        on;
keepalive_timeout    </span><span style="color: #800080"&gt;65</span><span style="color: #000000"&gt;;
client_max_body_size 10M;

include </span>/etc/nginx/conf.d<span style="color: #008000"&gt;/*</span><span style="color: #008000"&gt;.conf;

}

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; { default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;; root </span>/usr/share/nginx/<span style="color: #000000"&gt;html; } location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; { return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;; } location </span>/<span style="color: #000000"&gt; { proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}

Let's Encrypt First Time Cert Issue Site Hello HTTPS!

$ docker run --p :-v $()/nginx/conf.d:/etc/nginx/-v $()/nginx/nginx.conf:/etc/nginx/-v $()/logs/nginx:/var/log/-v $()/nginx/html:/usr/share/nginx/--restart=--name=--network=

FROM alpine:--]

$ docker build -t certbot: .

#!/bin/==( ==/usr/share/nginx/ domain ${LIST[@]};---v ${WEBDIR}/nginx/conf.crt:/etc/-v ${WEBDIR}/logs/letsencrypt:/var/log/-v ${WEBDIR}/nginx/--verbose --noninteractive --quiet --agree---webroot ---email=-d =$? [ $CODE -ne ]; += output failed domains

<span style="color: #0000ff">if [ ${#FAILED_LIST[@]} -ne <span style="color: #800080">0 ];<span style="color: #0000ff">then
<span style="color: #0000ff">echo <span style="color: #800000">'<span style="color: #800000">failed domain:<span style="color: #800000">'
<span style="color: #0000ff">for (( i=<span style="color: #800080">0; i<${#FAILED_LIST[@]}; i++<span style="color: #000000"> ));
<span style="color: #0000ff">do
<span style="color: #0000ff">echo<span style="color: #000000"> ${FAILED_LIST[$i]}
<span style="color: #0000ff">done
<span style="color: #0000ff">fi

server {
listen <span style="color: #800080">80<span style="color: #000000">;
listen [::]:<span style="color: #800080">80<span style="color: #000000">;
server_name filterinto.com www.filterinto.com;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
return </span><span style="color: #800080"&gt;301</span> https:<span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;$server_name$request_uri;</span>

<span style="color: #000000">}
server {
listen <span style="color: #800080">443<span style="color: #000000">;
listen [::]:<span style="color: #800080">443<span style="color: #000000">;
server_name filterinto.com;

# enable ssl
ssl                       on;
ssl_protocols TLSv1 TLSv1.</span><span style="color: #800080"&gt;1</span> TLSv1.<span style="color: #800080"&gt;2</span><span style="color: #000000"&gt;;
ssl_prefer_server_ciphers on;
ssl_ciphers               </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;

# config ssl certificate

<span style="color: #ff0000"> ssl_certificate conf.crt<span style="color: #ff0000">/live/filterinto.com/fullchain.pem;
ssl_certificate_key conf.crt/live/filterinto.com/<span style="color: #000000"><span style="color: #ff0000">privkey.pem;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
        return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
location </span>/<span style="color: #000000"&gt; {
    proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}
server {
listen <span style="color: #800080">443<span style="color: #000000">;
listen [::]:<span style="color: #800080">443<span style="color: #000000">;
server_name www.filterinto.com;

# enable ssl
ssl                       on;
ssl_protocols TLSv1 TLSv1.</span><span style="color: #800080"&gt;1</span> TLSv1.<span style="color: #800080"&gt;2</span><span style="color: #000000"&gt;;
ssl_prefer_server_ciphers on;
ssl_ciphers               </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;

# config ssl certificate

<span style="color: #ff0000"> ssl_certificate conf.crt<span style="color: #ff0000">/live/www.filterinto.com/fullchain.pem;
ssl_certificate_key conf.crt/live/www.filterinto.com/<span style="color: #000000"><span style="color: #ff0000">privkey.pem;

location </span>^~ /.well-known/acme-challenge/<span style="color: #000000"&gt; {
    default_type </span><span style="color: #800000"&gt;"</span><span style="color: #800000"&gt;text/plain</span><span style="color: #800000"&gt;"</span><span style="color: #000000"&gt;;
    root </span>/usr/share/nginx/<span style="color: #000000"&gt;html;
}
location </span>= /.well-known/acme-challenge/<span style="color: #000000"&gt; {
        return </span><span style="color: #800080"&gt;404</span><span style="color: #000000"&gt;;
}
location </span>/<span style="color: #000000"&gt; {
    proxy_pass http:</span><span style="color: #008000"&gt;//</span><span style="color: #008000"&gt;web;</span>

<span style="color: #000000"> }
}

$ docker run --p :-p :-v $()/nginx/conf.d:/etc/nginx/-v $()/nginx/nginx.conf:/etc/nginx/-v $()/logs/nginx:/var/log/-v $()/nginx/html:/usr/share/nginx/--restart=--name=--network=

* * /home/nick/certbot/renew_cert. /home/nick >> /home/nick/logs/cert.log >> /home/nick/logs/ * * docker exec gateway nginx -s reload

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同