nginx添加ssl證書

ssl的證書是經過docker nginx letsencrypt 這篇隨筆生成的，下面介紹如何在nginx中添加ssl

這個爲所有配置， 須要替換你本身的域名，配置中強制https了

server {
    listen          80;
    server_name  xxx.cn www.xxx.cn;
    return    301   https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name xxx.cn www.xxx.cn; #填寫綁定證書的域名

 ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照這個協議配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照這個套件配置
    ssl_prefer_server_ciphers on;

    charset utf-8;
    access_log  /var/log/nginx/xxx.access.log  main;
    error_log /var/log/nginx/xxx.error.log warn;

    #對 / 全部作負載均衡+反向代理
    location / {
        proxy_pass http://127.0.0.1:83;
    }

    #靜態文件，nginx本身處理，不去backend請求
    location /media  {
       alias /data/xxx/media;
    }
    location /static {
        alias /data/xxx/static;
    }

    location ~ /.well-known{       # https證書自動更新
        proxy_pass http://127.0.0.1:88;         # certon自動更新接口
    }
}

 ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem;
是證書的絕對路徑。


另外附上nginx的docker-compose配置

version: '3'

services:
  web:
    image: nginx
    container_name: nginx.web
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./log/nginx:/var/log/nginx
      - ./conf.d:/etc/nginx/conf.d
      - ./ssl:/etc/letsencrypt:ro
    ports:
      - "80:80"
      - "443:443"
    network_mode: "host"