1、在腾讯云控制台中申请的https证书下载,选择nginx版本

一般证书有四个文件

nginx中如何安装https证书-linux版本_https


nginx中如何安装https证书-linux版本_nginx_02


nginx中如何安装https证书-linux版本_nginx_03


2、使用finalshell工具将证书上传到linux服务器主机目录下

(1)、docker-compose路径为yuanjin-start目录,因此nginx配置挂在目录如下

yuanjin-nginx:
    container_name: yuanjin-nginx
    image: nginx
    build:
      context: .
      dockerfile: nginx-dockerfile
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./dist:/home/joolun/projects/joolun-ui
      - ./conf/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/logs:/var/log/nginx
      - ./nginx/conf.d:/etc/nginx/conf.d
      #将容器中https证书目录(/etc/nginx/https,此处为容器中绝对路劲)挂到宿主机的相对路径https目录下
      - ./nginx/https/:/etc/nginx/https
    depends_on:
      - yuanjin-server
    links:
      - yuanjin-server

nginx中如何安装https证书-linux版本_https_04


nginx中如何安装https证书-linux版本_redis_05


(2)nginx中配置如下

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen 80;
        #请填写绑定证书的域名
        server_name zyuanjin.cn;
        #把http的域名请求转成https
        return 301 https://$host$request_uri;
        location / {
            proxy_pass https://zyuanjin.cn;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    server {
        #SSL 默认访问端口号为 443
        listen 443 ssl;
        #请填写绑定证书的域名
        server_name zyuanjin.cn;
        #请填写证书文件的相对路径或绝对路径
        ssl_certificate /etc/nginx/https/zyuanjin.cn_bundle.crt;
        #请填写私钥文件的相对路径或绝对路径
        ssl_certificate_key /etc/nginx/https/zyuanjin.cn.key;
        ssl_session_timeout 5m;
        #请按照以下协议配置
        ssl_protocols TLSv1.2 TLSv1.3;
        #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

		location / {
            root   /home/joolun/projects/joolun-ui;
			try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }
		
		location /prod-api/{
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://yuanjin-server:7500/;
		}
		location /img/{
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://localhost:81/;
		}
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}# requirepass 123456

3、启动成功后,在腾讯云中打开443端口

nginx中如何安装https证书-linux版本_https_06


4、尝试使用https访问成功

nginx中如何安装https证书-linux版本_相对路径_07