1.下载ssl的Nginx文件并放到Linux主机的/opt/nginx/ssl/中
cd /opt/nginx/ssl/
2.备份配置文件
cp nginx.conf nginx.conf.ssl
3.修改配置文件
vim /opt/nginx/conf/nginx.conf.ssl
error_log /var/log/nginx/error.log notice;#配置错误日志的存放路径
pid /var/run/nginx.pid;#配置进程PID存放路径
events {
worker_connections 1024;#设置允许每一个worker process同时开启的最大连接数
}
http {
include /etc/nginx/mime.types;#引入配置文件
default_type application/octet-stream;#定义网络资源的媒体类型
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';#自定义服务日志
access_log /var/log/nginx/access.log main;#配置正常访问的服务日志位置
keepalive_timeout 65;#配置连接超时时间
sendfile on;#开启文件高效传输模式
#tcp_nopush on;#当有数据时,先不着急发送,确保数据包已经装满数据,避免网络拥塞。
server{
#监听443端口
listen 443 ssl;
#对应的域名
server_name jkw.life;
ssl on;
ssl_certificate /etc/nginx/ssl/jkw.life.pem;
ssl_certificate_key /etc/nginx/ssl/jkw.life.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
server {
listen 80;
server_name jkw.life;
rewrite ^/(.*) https://jkw.life/$1 permanent;
}
include /etc/nginx/conf.d/*.conf;
}
4.创建容器卷
docker volume create nginx8025
cd /var/lib/docker/volumes/nginx8025/_data
5.创建nginx容器
docker run --rm -d -p 8025:80 --name nginx8025 -v nginx8025:/usr/share/nginx/html -v /opt/nginx/conf/nginx.conf.ssl:/etc/nginx/nginx.conf nginx
6.把Linux中ssl文件放到docker的nginx中
docker cp /opt/nginx/ssl nginx8025:/etc/nginx/ssl
7.查看docker的nginx中ssl文件
docker exec -it nginx8025 /bin/bash
cd /etc/nginx/ss