1、在腾讯云控制台中申请的https证书下载,选择nginx版本
一般证书有四个文件
2、使用finalshell工具将证书上传到linux服务器主机目录下
(1)、docker-compose路径为yuanjin-start目录,因此nginx配置挂在目录如下
yuanjin-nginx:
container_name: yuanjin-nginx
image: nginx
build:
context: .
dockerfile: nginx-dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- ./dist:/home/joolun/projects/joolun-ui
- ./conf/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/logs:/var/log/nginx
- ./nginx/conf.d:/etc/nginx/conf.d
#将容器中https证书目录(/etc/nginx/https,此处为容器中绝对路劲)挂到宿主机的相对路径https目录下
- ./nginx/https/:/etc/nginx/https
depends_on:
- yuanjin-server
links:
- yuanjin-server
(2)nginx中配置如下
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
#请填写绑定证书的域名
server_name zyuanjin.cn;
#把http的域名请求转成https
return 301 https://$host$request_uri;
location / {
proxy_pass https://zyuanjin.cn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
#SSL 默认访问端口号为 443
listen 443 ssl;
#请填写绑定证书的域名
server_name zyuanjin.cn;
#请填写证书文件的相对路径或绝对路径
ssl_certificate /etc/nginx/https/zyuanjin.cn_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key /etc/nginx/https/zyuanjin.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /home/joolun/projects/joolun-ui;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://yuanjin-server:7500/;
}
location /img/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:81/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}# requirepass 123456
3、启动成功后,在腾讯云中打开443端口
4、尝试使用https访问成功