Docker配置Nginx支持SSL

1.Docker中拉取Nginx

docker pull nginx

2.宿主机中创建配置目录

cd /home
mkdir -p nginx/{ssl,logs}

说明：

ssl放域名对应证书

logs放nginx日志

3.复制默认配置文件

docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/conf.d /home/nginx
docker rm -f nginx

此时宿主机中conf.d文件夹具有了配置文件default.conf

4.修改配置文件

cd /home/nginx/conf.d
vim default.conf

server {
        listen 80;
        server_name www.abc.com.cn;
        rewrite ^(.*) https://$server_name$1 permanent;
}
    
server {
        listen 443;
        server_name www.abc.com.cn;

       access_log /var/log/nginx/abc.log;
       error_log /var/log/nginx/abc.log debug;
 
        ssl on;
        ssl_certificate  /etc/nginx/ssl/abc.com.cn_bundle.pem;
        ssl_certificate_key /etc/nginx/ssl/abc.com.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
 
        location / {
               proxy_set_header   X-Real-IP         $remote_addr;
               proxy_set_header   Host              $http_host;
               proxy_set_header   X-Forwarded-For       $proxy_add_x_forwarded_for;
               root   /usr/share/nginx/html;
               try_files $uri $uri/ /index.html;
        }

        location /api {
            proxy_pass http://192.168.0.1:9090;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
          
            # 支持websocket   
            proxy_http_version  1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
}

　　

5.启动docker

docker run --name webrtc_nginx -p 443:443 -p 80:80 
-v /home/arrow/web:/usr/share/nginx/html 
-v /home/nginx/conf.d:/etc/nginx/conf.d 
-v /home/nginx/logs:/var/log/nginx/ 
-v /home/nginx/ssl:/etc/nginx/ssl/ 
--privileged=true -d --restart=always nginx