docker run --name mynginx -d -p 82:80 nginx
docker run --name mynginx -d -p 82:80 -p 443:443 -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/ssl:/etc/nginx/cert -d nginx
docker run --name mynginx -d -p 443:443 -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/ssl:/etc/nginx/cert -d nginx
2.生成相关的key****生成服务端私钥****: openssl genrsa -out server.key 2048 ****生成服务端公钥****: openssl rsa -in server.key -pubout -out server.pem ****生成CA证书****: openssl genrsa -out ca.key 2048 openssl req -new -key ca.key -out ca.csr openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt3. https配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 443 ssl;
server_name localhost;
root /usr/share/nginx/html/dist;
ssl_certificate "/etc/nginx/cert/server.crt";
ssl_certificate_key "/etc/nginx/cert/server.key";
ssl_session_timeout 3m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ^~/rds_s3/ {
proxy_pass http://10.0.31.19:80/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-real-ip $remote_addr;
}
}
}
