nginx（docker容器） 配置 https

本实例是前后端分离的项目，一个前台项目一个管理平台，所以配置了两个服务，请根据自己实际的项目情况进行参考。

以下是nginx的配置文件：nginx.conf 内容：

worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    autoindex        on;
    keepalive_timeout  65;
    # 开启gzip压缩
    gzip on;
    # 不压缩临界值，大于1K的才压缩，一般不用改
    gzip_min_length 1k;
    # 压缩缓冲区
    gzip_buffers 16 64K;
    # 压缩版本（默认1.1，前端如果是squid2.5请使用1.0）
    gzip_http_version 1.1;
    # 压缩级别，1-10，数字越大压缩的越好，时间也越长
    gzip_comp_level 5;
    # 进行压缩的文件类型
    gzip_types image/jpeg image/gif image/png text/plain application/x-javascript text/css application/xml application/javascript;
    # 跟Squid等缓存服务有关，on的话会在Header里增加"Vary: Accept-Encoding"
    gzip_vary on;
    # IE6对Gzip不怎么友好，不给它Gzip了
    gzip_disable "MSIE [1-6]\.";

    upstream aaa { //别名
        server eaas-server:8080 weight=1; //eaas-server是docker容器的name
    }
    upstream bbb { //别名
        server system-server:8081 weight=1; //system-server是docker容器的name
    }

    server {
        listen       443 ssl;
        server_name  xxxx; //域名
        #ssl on;
        #ssl证书的pem文件路径
        ssl_certificate  /etc/nginx/cret/xxxx.pem; //https对应的证书文件
        #ssl证书的key文件路径
        ssl_certificate_key /etc/nginx/cret/xxxx.key; //https对应的证书文件
        # 开启解压缩静态文件
        gzip_static on;

        location / {
            root   path/xxxx; //静态文件路径
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }      

    	location ~/xxx/ { //请求路径前缀匹配
    		proxy_set_header Host $http_host;
    		proxy_set_header X-Real-IP $remote_addr;
    		proxy_set_header REMOTE-HOST $remote_addr;
    		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    		proxy_pass http://aaa;
    	}
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
        listen       443 ssl;
        server_name  xxxx; //二级域名
        #ssl on;
        #ssl证书的pem文件路径
        ssl_certificate  /etc/nginx/cret/xxxx.pem; //https证书文件
        #ssl证书的key文件路径
        ssl_certificate_key /etc/nginx/cret/xxxx.key; //https证书文件

        # 开启解压缩静态文件
        gzip_static on;

        location / {
            root   xxx/xxx; //静态文件路径
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }     

        location ~/xxxx/ { //请求路径前缀匹配
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://bbb;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    server {
        listen 80;
        server_name xxxx; //域名
        #将请求转成https
        rewrite ^(.*)$ https://$host$1 permanent;
    }

    server {
        listen 80;
        server_name xxxx; // 二级域名
        #将请求转成https
        rewrite ^(.*)$ https://$host$1 permanent;
    }

    include /etc/nginx/conf.d/*.conf;
}