Nginx 配置一级和二级证书以及作为静态资源服务器
Docker 启动 nginx 容器
version: '3'
services:
root-nginx:
restart: always
container_name: root-nginx
image: nginx:latest
ports:
- 443:443
volumes:
- /path/ssl:/etc/nginx/conf.d/ssl
- ./conf.d/default.conf:/etc/nginx/conf.d/default.conf
卷挂载中的 ssl 证书替换为自己 ssl 证书的位置。
关于 nginx *.conf 配置文件不过多描述!
配置一级证书
server{
listen 443 ssl;
server_name test.com;
charset utf-8;
http2 on;
ssl_certificate /etc/nginx/conf.d/ssl/ssl.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
# 默认 nginx 欢迎页
root /usr/share/nginx/html;
try_files $uri $uri/ =404;
index index.html index.htm;
# 反向代理配置
# proxy_pass http://172.16.2.17:8010;
}
}
配置二级证书
在同一个 default.conf 文件中写 server 就可以。
server {
listen 443 ssl;
# 正则切割获得二级域名前缀
# 这里的 server_name 属性 必须 要是 *.test.com 格式
server_name ~^(?<sub>.+)\.test\.com$;
http2 on;
ssl_certificate /etc/nginx/conf.d/ssl/ssl.cer;
ssl_certificate_key /etc/nginx/conf.d/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
# nginx 欢迎页
root /usr/share/nginx/html;
try_files $uri $uri/ =404;
index index.html index.htm;
# 根据前缀匹配不同的代理服务
location / {
if ($sub = "portainer") {
proxy_pass http://172.16.2.17:8004;
}
if ($sub = "cp") {
proxy_pass http://172.16.2.17:8085;
}
if ($sub = "static") {
proxy_pass http://172.16.2.17:8995;
}
if ($sub = "esm") {
proxy_pass http://172.16.2.17:8994;
}
}
}
静态资源服务器配置
只作为简单静态资源服务器!
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
# 服务器中的静态资源目录,如使用 docker 部署时,必须要保证正确的卷挂载,不然 404 !
root /usr/share/nginx/html/static;
# 开启自动目录索引
autoindex on;
}
}
