Docker安装Nginx实现Https

一：安装Nginx

1.查找Docker Hub上的nginx镜像

docker search nginx

root@root:docker search nginx
NAME                      DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
nginx                     Official build of Nginx.                        3260      [OK]       
jwilder/nginx-proxy       Automated Nginx reverse proxy for docker c...   674                  [OK]
richarvey/nginx-php-fpm   Container running Nginx + PHP-FPM capable ...   207                  [OK]
million12/nginx-php       Nginx + PHP-FPM 5.5, 5.6, 7.0 (NG), CentOS...   67                   [OK]
maxexcloo/nginx-php       Docker framework container with Nginx and ...   57                   [OK]
webdevops/php-nginx       Nginx with PHP-FPM                              39                   [OK]
h3nrik/nginx-ldap         NGINX web server with LDAP/AD, SSL and pro...   27                   [OK]
bitnami/nginx             Bitnami nginx Docker Image                      19                   [OK]
maxexcloo/nginx           Docker framework container with Nginx inst...   7                    [OK]
...

2.这里我们拉取官方的镜像

root@root: docker pull nginx

等待下载完成后，我们就可以在本地镜像列表里查到REPOSITORY为nginx的镜像。

[root@VM_0_14_centos ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/nginx     latest              73acd1f0cfad        2 days ago          108.6 MB

3.创建目录nginx,用于存放后面的相关东西

[root@VM_0_14_centos ~]#  mkdir -p /opt/nginx/www /opt/nginx/logs /opt/nginx/conf /opt/nginx/ssl

www目录将映射为nginx容器配置的虚拟目录

logs目录将映射为nginx容器的日志目录

conf目录里的配置文件将映射为nginx容器的配置文件

ssl目录里存放http证书

4.上传证书文件到 /opt/nginx/ssl/目录下

5.初始化nginx(本次初始化是为创建nginx.conf文件)

docker run -p 80:80 --name mynginx -d nginx

创建完成后拷贝nginx.conf配置文件到宿主机

docker cp  mynginx:/etc/nginx/nginx.conf /opt/nginx/conf/nginx.conf

6.停止nginx镜像并删除此实例

[root@VM_0_14_centos conf]# docker stop mynginx(停止)
[root@VM_0_14_centos conf]# docker rm mynginx（删除实例）

7.运行nginx容器

docker run -p 80:80  -p 443:443 --name mynginx -v /opt/nginx/www:/www -v /opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /opt/nginx/logs:/logs -v /opt/nginx/ssl/1_blog.zhengjl.com_bundle.crt:/etc/nginx/1_blog.zhengjl.com_bundle.crt  -v /opt/nginx/logs:/etc/nginx/2_blog.zhengjl.com.key  -d nginx

命令说明：

• -p 80:80：将容器的80端口映射到主机的80端口

• -p 443:443：将容器的443端口映射到主机的443端口(443端口为https端口)

• –name mynginx：将容器命名为mynginx

• -v /opt/nginx/www:/www：将主机中/opt/nginx/目录下的www挂载到容器的/www

• -v /opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conff：将主机中opt/nginx/目录下的nginx.conf挂载到容器的/etc/nginx/nginx.conf

• -v /opt/nginx/logs:/logs：将主机中opt/nginx/目录下的logs挂载到容器的/logs

• -v /opt/nginx/ssl/1_blog.zhengjl.com_bundle.crt:/etc/nginx/1_blog.zhengjl.com_bundle.crt ：将主机中opt/nginx/ssl目录下的证书文件挂载到容器的/etc/nginx/目录下

  1_blog.zhengjl.com_bundle.crt

  2_blog.zhengjl.com.key

  两个文件均为证书文件，使用时切记替换成自己的文件

查看容器启动情况

[root@VM_0_14_centos conf]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                      NAMES
a1bd23cfe58f        nginx               "nginx -g 'daemon off"   5 hours ago         Up 5 hours          0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   mynginx

通过浏览器访问

二：修改nginx.conf开启ssl

1.打开/opt/nginx/conf/nginx.conf文件

vim /opt/nginx/conf/nginx.conf

修改 error_log 为

​ error_log /logs/error.log warn;

修改 access_log

​ access_log /logs/access.log main;

在http中添加server

server {
        #侦听80端口
        listen    80;
        #定义使用 网站地址访问
        server_name  blog.zhengjl.com;
        #默认html目录
        root /www/;
        #所有的http请求通过rewrite重定向到https
        rewrite ^(.*) https://$host$1 permanent;	
 }
 server {
 		#侦听80端口
      listen 443;
      ##填写绑定证书的域名
      server_name blog.zhengjl.com; 
      #开启ssl  on开启  off关闭
      ssl on;
      #证书文件
      ssl_certificate 1_blog.zhengjl.com_bundle.crt;
      #私钥文件
      ssl_certificate_key 2_blog.zhengjl.com.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
      ssl_prefer_server_ciphers on;
      location / {
          root   /www/; #站点目录
          index  index.html index.htm;
      }
}

配置完成后nginx.conf文件

user  nginx;
worker_processes  1;

error_log  /wwwlogs/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /wwwlogs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    
    server {
          #侦听80端口
          listen    80;
          #定义使用 网站地址访问
          server_name  blog.zhengjl.com;
          #默认html目录
          root /www/;
          #所有的http请求通过rewrite重定向到https
          rewrite ^(.*) https://$host$1 permanent;	
   }
   server {
   		#侦听80端口
        listen 443;
        ##填写绑定证书的域名
        server_name blog.zhengjl.com; 
        #开启ssl  on开启  off关闭
        ssl on;
        #证书文件
        ssl_certificate 1_blog.zhengjl.com_bundle.crt;
        #私钥文件
        ssl_certificate_key 2_blog.zhengjl.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   /www/; #站点目录
            index  index.html index.htm;
        }
 	}

}

保存文件

2.重启nginx容器

[root@VM_0_14_centos conf]# docker restart mynginx

重启完成后访问即可全部跳转到https

参考资料：

https://cloud.tencent.com/document/product/400/4143#2.-nginx-.E8.AF.81.E4.B9.A6.E9.83.A8.E7.BD.B2