1、openssl生成自签名证书和私钥
在部署服务器上,新建cert目录,执行以下指令,然后生成.crt和.key文件
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 3650 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=10.1.58.5/emailAddress=123@qq.com"
- -days 3650:设置为10年
- 10.1.58.5:修改为服务器ip
2、nginx.conf配置ssl
在原来的配置上新增ssl配置,可使用任意端口,
listen后注意增加ssl
server {
listen 80 ssl;
server_name localhost;
ssl_certificate "/etc/nginx/cert/cert.crt";
ssl_certificate_key "/etc/nginx/cert/rsa_private.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {
return 403;
}
root /usr/share/nginx/html;
try_files $uri /index.html;
}
location /prism/ {
proxy_pass http://prism-server:18892;
}
}
3、docker-compose挂载
为了便于前端vue项目容器化部署,将服务器
cert目录与容器内/etc/nginx/cert关联
prism-front:
image: 10.1.58.6:5000/prism-front
container_name: prism-front
restart: always
links:
- prism-server
ports:
- "8098:80"
volumes:
- ./cert:/etc/nginx/cert
