Docker配置Nginx支持SSL
1.Docker中拉取Nginx
docker pull nginx
2.宿主机中创建配置目录
cd /home
mkdir -p nginx/{ssl,logs}
说明:
ssl放域名对应证书
logs放nginx日志
3.复制默认配置文件
docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/conf.d /home/nginx
docker rm -f nginx
此时宿主机中conf.d文件夹具有了配置文件default.conf
4.修改配置文件
cd /home/nginx/conf.d vim default.conf
server { listen 80; server_name www.abc.com.cn; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443; server_name www.abc.com.cn; access_log /var/log/nginx/abc.log; error_log /var/log/nginx/abc.log debug; ssl on; ssl_certificate /etc/nginx/ssl/abc.com.cn_bundle.pem; ssl_certificate_key /etc/nginx/ssl/abc.com.cn.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; root /usr/share/nginx/html; try_files $uri $uri/ /index.html; } location /api { proxy_pass http://192.168.0.1:9090; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; # 支持websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
5.启动docker
docker run --name webrtc_nginx -p 443:443 -p 80:80
-v /home/arrow/web:/usr/share/nginx/html
-v /home/nginx/conf.d:/etc/nginx/conf.d
-v /home/nginx/logs:/var/log/nginx/
-v /home/nginx/ssl:/etc/nginx/ssl/
--privileged=true -d --restart=always nginx