一、证书相关命令
1.key转换成.pem
openssl rsa -in example.key -out example.pem
2.crt转换成.pem
openssl x509 -in example.crt -out example.pem
二、配置流程
1.在nginx目录下创建cert文件夹,导入证书文件及对应的key文件
2.修改application.yml配置文件
server:
port: 9100
ssl:
key-store: classpath:123_www.example.pfx #证书的路径
key-store-password: 666666 #密码
3.挂载nginx及端口映射
docker run --name nginx01 -d -p 9101:80 -p 9103:443 --restart=always -v /home/nginx/log:/var/log/nginx -v /home/nginx/cert:/etc/nginx/cert -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/conf.d:/etc/nginx/conf.d -v /home/nginx/html:/usr/share/nginx/html nginx
4.default.conf文件
upstream myapp{
server ip:9100; #此处的ip写服务器的真实ip,因为是docker构建的,不然可能访问不到
server ip:9101 backup; #备机
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate certs/1_www.example.com.pem;
ssl_certificate_key certs/1_www.example.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_cache shared:SSL:1m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_ignore_client_abort on;
proxy_pass https://myapp/; #此处与上面的upstream处对应
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}