Shulou(Shulou.com)06/02 Report--

1. Download the latest nginx docker image

$docker pull nginx:latest

two。 Start the nginx container

Run the following command to start nginx container

Docker run-- detach\-- name wx-nginx\-- p 443pur.443\-p 80:80\-v / home/evan/workspace/wxserver/nginx/data:/usr/share/nginx/html:rw\-v / home/evan/workspace/wxserver/nginx/config/nginx.conf:/etc/nginx/nginx.conf/:rw\-v / home/evan/workspace/wxserver/nginx/config/conf.d/default.conf:/etc/ Nginx/conf.d/default.conf:rw\-v / home/evan/workspace/wxserver/nginx/logs:/var/log/nginx/:rw\-v / home/evan/workspace/wxserver/nginx/ssl:/ssl/:rw\-d nginx mapping port 443 For https request mapping port 80, for http requests The default home page of nginx, the storage directory of html is mapped to the directory of host disk, and the configuration file of / home/evan/workspace/wxserver/nginx/datanginx is mapped to the file of host disk, / home/evan/workspace/wxserver/nginx/config/nginx.conf

The following files need to be prepared here

1. Configuration file of nginx

The first is the nginx.conf file. The default configuration file is as follows

# user nginx;# startup process for users running nginx is set to equal the number of CPU. # location of global error log and PID file error_log / var/log/nginx/error.log warn;pid / var/run/nginx.pid;# working mode and upper limit of connections events {# maximum concurrency of a single background work process is set to 1024 worker_connections 1024;} http {# sets mime type include / etc/nginx/mime.types Default_type application/octet-stream; # set log format log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"'"$http_user_agent"$http_x_forwarded_for"; access_log / var/log/nginx/access.log main; sendfile on; # tcp_nopush on # set the event keepalive_timeout 65 for connection timeout; # enable GZIP compression # gzip on; include / etc/nginx/conf.d/*.conf;}

You can see that the last line also contains another configuration file, conf.d/default.conf, to configure the server field

Server {listen 80; # listening port 80, if all access is forced to be HTTPs, this line needs to cancel the server_name www.buagengen.com; # domain name # charset koi8-r; # access_log / var/log/nginx/host.access.log main; # define the home index directory and name location / {root / usr/share/nginx/html; index index.html index.htm } # define error prompt page # error_page 404 / 404.html; # redirect error page to / 50x.html error_page 500502 503504 / 50x.html; location = / 50x.html {root / usr/share/nginx/html;}}

2. The default html file of the home page of nginx

This html can be defined by itself, any one is fine.

At this point, the html file defined by nginx can be accessed directly through the IP address. However, at this time, the access is only http, and the access to https is not allowed. You need to add a certificate to the nginx server.

3. Generate certificates through openssl

To set server.key, you need to set the password twice:

Openssl genrsa-des3-out server.key 1024

Parameter setting, first of all, you need to enter the password you set earlier:

Openssl req-new-key server.key-out server.csr

Then you need to enter the following information, probably fill it in, anyway, it is for testing.

Country Name (2 letter code) [AU]: country name State or Province Name (full name) [Some-State]: provincial Locality Name (eg, city) []: city Organization Name (eg, company) [Internet Widgits Pty Ltd]: company name Organizational Unit Name (eg) Section) []: Common Name (e.g. Server FQDN or YOUR name) []: website domain name Email Address []: email Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: password An optional company name [] is required here:

Write the RSA key (the previously set password is also required here):

Openssl rsa-in server.key-out server_nopwd.key

Get the private key:

Openssl x509-req-days 365-in server.csr-signkey server_nopwd.key-out server.crt

After completing this step, we have the certificate file and private key we need.

Server.crtserver.key

4. Configure nginx server to support https access

Copy the files generated in the previous step to the ssl directory on host, / home/evan/workspace/wxserver/nginx/ssl.

Then modify the configuration file default.conf to add ssl support

Server {listen 80; # listening port 80, if all access is forced to be HTTPs, this line needs to cancel listen 443 ssl; server_name www.buagengen.com; # domain name # add ssl # ssl on; # if HTTPs access is enforced, this line needs to open ssl_certificate / ssl/server.crt; ssl_certificate_key / ssl/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m # specify the password as the format supported by openssl, ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGHpuraNULLssl_prefer_server_ciphers on;; # password encryption method ssl_prefer_server_ciphers on; # Server passwords that rely on SSLv3 and TLSv1 protocols will take precedence over client passwords # define home index directory and name location / {root / usr/share/nginx/html; index index.html index.htm } # redirect error page to / 50x.html error_page 502 503 504 / 50x.htl; location = / 50x.html {root / usr/share/nginx/html;}}

Restart the nginx container, and you can now access nginx's server through https

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.