Nginx(Docker 安装的nginx)配置域名SSL证书

1.首先确保Linux环境上已经安装了docker（可参考VMware使用和Linux安装Docker_wmware直接部署linux和安装docker后-CSDN博客

2.通过docker 安装nginx（可参考Linux 环境安装Nginx—源码和Dokcer-CSDN博客）

3.安装SSL证书

3.1 在宿主机中创建证书目录并上传证书（主要是xxx.pem和xxx.key文件）

在nginx目录下创建cert/目录（/home/data/nginx/cert/），将证书放在cert/目录下

3.2修改Nginx配置文件（nginx.conf），修改与证书相关的配置内容

#user  nobody;
worker_processes auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections 65535;
    use epoll;
    multi_accept on;
    accept_mutex off;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$host"';

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    client_max_body_size 10m;

    upstream javaServerHost {
      server 服务器ip:端口;
    }

    server {
        listen       80 ssl;# 这里加上ssl
        server_name 你的域名;
        if ($request_method = 'OPTIONS') {
                return 200;
        }
        #https证书
       ssl_certificate   "xxx.pem";#证书全路径
       ssl_certificate_key  "xxx.key";#证书全路径
       ssl_session_timeout 5m;
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_prefer_server_ciphers on;
       ssl_session_cache shared:SSL:1m;
       #fastcgi_param HTTPS on;
       #fastcgi_param HTTPS_SCHEME https;
       #end

        add_header Access-Control-Allow-Origin '*';
        add_header Access-Control-Allow-Headers '*';
        add_header Access-Control-Allow-Methods 'GET,POST,OPTIONS,PUT,DELETE';
        #将所有HTTP请求通过rewrite指令重定向到HTTPS。
        #rewrite ^(.*) https://$server_name$1 permanent;
        #rewrite ^(.*)$ https://$host$1 permanent;
        #return 301 https://$host$request_uri;
        location / {
            root   /home/data/web/;
            try_files $uri $uri/index.html =404;
        }

        location /api {
            rewrite ^/api/(.*)$ /$1 break;
            proxy_pass http://javaServerHost;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X_Real_IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_read_timeout 300;
            proxy_send_timeout 300;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

3.3修改启动nginx脚本，重启nginx

port=8006

if [ -z $1 ]; then
  echo 使用默认端口8006
else
  port=$1
  echo 使用指定端口$1
fi

docker rm -f 容器名称

docker run -d \
--name 容器名称 \
--ulimit nofile=65535:65535 \
--ulimit nproc=65535:65535 \
-v /home/data/xxx/web/:/home/data/web/ \
-v /home/data/xxx/nginx.conf:/etc/nginx/nginx.conf \
-v /home/data/xxx/nginx_cert/:/etc/nginx/cert/ \
-p $port:80 \
-e TZ=Asiz/Shanghai \
--restart=always \
nginx

说明：/home/data/xxx/web/:/home/data/web/ 前者是服务器主机路径，后者是docker容器路径

使用：docker exec -it 容器名 /bin/bash  进入前容器

           docker logs 容器名   查看日志

3.4验证SSL证书是否安装成功