【docker-compose】【nginx】内网环境https配置
目录
- 1、openssl生成自签名证书和私钥
- 2、nginx.conf配置ssl
- 3、docker-compose挂载
1、openssl生成自签名证书和私钥
在部署服务器上,新建cert目录,执行以下指令,然后生成.crt和.key文件
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 3650 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=10.1.58.5/emailAddress=123@qq.com"
- -days 3650:设置为10年
- 10.1.58.5:修改为服务器ip
2、nginx.conf配置ssl
在原来的配置上新增ssl配置,可使用任意端口,
listen后注意增加ssl
server {listen 80 ssl;server_name localhost; ssl_certificate "/etc/nginx/cert/cert.crt";ssl_certificate_key "/etc/nginx/cert/rsa_private.key";ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on; location / {if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {return 403;}root /usr/share/nginx/html;try_files $uri /index.html;}location /prism/ {proxy_pass http://prism-server:18892; }
}3、docker-compose挂载
为了便于前端vue项目容器化部署,将服务器
cert目录与容器内/etc/nginx/cert关联
prism-front:image: 10.1.58.6:5000/prism-frontcontainer_name: prism-frontrestart: alwayslinks:- prism-serverports:- "8098:80"volumes:- ./cert:/etc/nginx/cert