docker compsoe的完整配置
docker-compose.yml
# 构建docker-compose项目
# docker compose --log-level INFO up -- build
# docker compose --log-level INFO up -d --build
version: '3'
services:
terwer-nginx:
image: terwer/nginx:1.15.9
container_name: terwer-nginx
build:
context: ./terwer-nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- ./terwer-nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./terwer-nginx/data/nginx/log:/var/log/nginx
- ./terwer-nginx/ssl/v4.pem:/etc/ssl/v4.pem
- ./terwer-nginx/ssl/v4.key:/etc/ssl/v4.key
restart: "no"
siyuan-nginx:
image: siyuan/nginx:1.15.9
container_name: siyuan-nginx
build:
context: ./siyuan-nginx
dockerfile: Dockerfile
ports:
- "9000:9000"
- "9001:9001"
volumes:
- ./siyuan-nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./siyuan-nginx/data/nginx/log:/var/log/nginx
- ./siyuan-nginx/ssl/siyuan.pem:/etc/ssl/siyuan.pem
- ./siyuan-nginx/ssl/siyuan.key:/etc/ssl/siyuan.key
restart: "no"
JVue支持配置支持https反向代理
terwer-nginx
server {
listen 80;
listen 443 ssl http2;
charset utf-8;
server_name siyuan.terwergreen.com;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# HTTP_TO_HTTPS_END
ssl_certificate /etc/ssl/v4.pem;
ssl_certificate_key /etc/ssl/v4.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
# SSL-END
# jvue-front 前台
location / {
proxy_pass http://120.25.179.230:3000;
index index.html index.htm;
}
# jvue-server 接口服务器
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://120.25.179.230:8002;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
思源笔记配置支持https反向代理
siyuan-nginx
server{
listen 9001;
listen 9000 ssl http2;
server_name siyuan.terwergreen.com;
index index.php index.html index.htm default.php default.htm default.html;
root /var/www/html;
if ($server_port !~ 9000){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# HTTP_TO_HTTPS_END
ssl_certificate /etc/ssl/siyuan.pem;
ssl_certificate_key /etc/ssl/siyuan.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
# SSL-END
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://120.25.179.230:6806;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
client_max_body_size 100m;
}
location /ws {
proxy_pass http://120.25.179.230:6806;
proxy_read_timeout 60s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
}
}
注意事项
1、注意证书的合适位置与docker目录映射;
2、证书域名与nginx的域名要保持一致;
3、注意暴露端口,内外网端口,还有云服务器的网络与安全组。
标签:ssl,siyuan,etc,nginx,proxy,https,terwer,docker From: https://www.cnblogs.com/tangyouwei/p/docker-configures-nginx-support-https-zyucsq.html