Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to configure https for nginx in docker

2025-01-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to configure https for nginx in docker". The explanation in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian and go deep into it together to study and learn "how to configure https for nginx in docker"!

Websites without https are gradually marked as insecure by browsers, so adding https to websites has become urgent. Paying for ssl/tls certificates is not a problem for commercial websites. But for individual users, it would be nice to have free ssl/tls certificates available! Let's encrypt is a website that provides free ssl/tls certificates. Since the certificate is only valid for three months, we need to update the certificate automatically. This article explains how to add https support for sites in nginx running through docker and automatically update certificates. The demo environment for this article is: ubuntu 16.04 host running on azure:

prepare the environment

Creating ubuntu-type virtual events on azure is easy, and installing docker doesn't require much effort. It is easy to ignore configuring appropriate network security group rules, such as opening ports 80 and 443:

There is also the configuration DNS:

创建一个普通的 http 站点

简单起见,直接使用一个镜像中的 nodejs 应用作为 web 站点:

$ docker pull ljfpower/nodedemo$ docker network create -d bridge webnet$ docker run -d --restart=always --expose=3000 \ --network=webnet --name=myweb \ ljfpower/nodedemo

在用户的家目录下创建 nginx 目录及其子目录 conf.d、conf.crt 和 html,创建 logs 目录及其子目录 nginx 和 letsencrypt:

$ mkdir -p nginx/{conf.d,conf.crt,html}$ mkdir -p logs/{nginx,letsencrypt}

说明,本文演示的示例中需要我们手动创建的文件和目录结构如下:

创建 nginx/nginx.conf 文件,内容如下:

user nginx;worker_processes auto;error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;events { worker_connections 2048;}http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; client_max_body_size 10m; include /etc/nginx/conf.d/*.conf;}

然后创建 nginx/conf.d/default.conf 文件,内容如下:

upstream web{ server myweb:3000;}server { listen 80; listen [::]:80; server_name filterinto.com www.filterinto.com; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /usr/share/nginx/html; } location = /.well-known/acme-challenge/ { return 404; } location / { proxy_pass http://web; }}

其中 /.well-known/acme-challenge/ 目录是 certbot 工具在生成证书时创建的。接下来创建文件 nginx/html/index.html 文件,内容如下:

let's encrypt first time cert issue site hello https!

just used for the very first time ssl certificates are issued by let's encrypt's certbot.

这个页面也是 certbot 在生成证书时需要用到的。最后让我们启动容器(在用户的家目录下执行下面的命令):

$ docker run -d \ -p 80:80 \ -v $(pwd)/nginx/conf.d:/etc/nginx/conf.d:ro \ -v $(pwd)/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ -v $(pwd)/logs/nginx:/var/log/nginx \ -v $(pwd)/nginx/html:/usr/share/nginx/html \ --restart=always \ --name=gateway \ --network=webnet \ nginx:1.14

注意:这时没有映射 443 端口,也没有挂载存放证书的目录。只能以 http 协议访问访问我们的站点:

为站点生成 ssl/tls 证书

let's encrypt 是一个提供免费 ssl/tls 证书的网站,它为用户提供了 certbot 工具用来生成 ssl/tls 证书。方便起见,我们把 certbot 简单的封装到容器中。在用户的家目录下创建 certbot 目录,进入 certbot 目录并把下面的内容保存到 dockerfile 文件中:

from alpine:3.4run apk add --update bash certbotvolume ["/etc/letsencrypt"]

然后执行下面的命令创建 certbot 镜像:

$ docker build -t certbot:1.0 .

然后在 certbot 目录下创建自动更新证书的脚本 renew_cert.sh,内容如下:

#!/bin/bashwebdir="$1"list=('filterinto.com' 'www.filterinto.com')led_list=()www_root=/usr/share/nginx/htmlfor domain in ${list[@]};do docker run \ --rm \ -v ${webdir}/nginx/conf.crt:/etc/letsencrypt \ -v ${webdir}/logs/letsencrypt:/var/log/letsencrypt \ -v ${webdir}/nginx/html:${www_root} \ certbot:1.0 \ certbot certonly --verbose --noninteractive --quiet --agree-tos \ --webroot -w ${www_root} \ --email="nick.li@grapecity.com" \ -d "$domain" code=$? if [ $code -ne 0 ]; then failed_list+=($domain) fidone# output failed domainsif [ ${#failed_list[@]} -ne 0 ];then echo 'failed domain:' for (( i=0; i

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Certificate directory configuration update content site file user build website face-to-face next three commands containers learning security things only vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Docker vpn OPPO Reno Shulou Tech Info Redmi Huawei NVidia Shulou Information Apple MySQL Microsoft Linux macOS Xiaomi Shulou Technology MariaDB Docker vpn OPPO Reno Shulou Tech Info Redmi Huawei NVidia Shulou Information Apple MySQL Microsoft Linux macOS Xiaomi Shulou Technology

Share To

Related

Development

More Development >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report