之前的《docker nginx实现一个主机部署多个站点》实现了多站点的部署,现在希望其中的一部分站点可以通过https访问。
1. 之前在做nginx容器的时候,只映射了80端口,这次把之前的nginx容器直接停掉了,(当然也可以对运行中的Docker容器添加端口映射)我直接重新做了个容器。
docker run -d --name myNginxhttps -p 80:80 -p 443:443 -v /var/www/html:/usr/share/nginx/html -v /home/ubuntu/share/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/ubuntu/share/nginx/nginx/conf.d:/etc/nginx/conf.d nginx:alpine
2. 从腾讯云下载域名下的ssl证书,选择nginx用的ssl证书。(以下是摘于腾讯云的内容)
Nginx 证书部署:
获取证书
Nginx 文件夹内获得 SSL 证书文件 1_www.domain.com_bundle.crt 和私钥文件 2_www.domain.com.key。
1_www.domain.com_bundle.crt 文件包括两段证书代码 “-----BEGIN CERTIFICATE-----” 和 “-----END CERTIFICATE-----”,
2_www.domain.com.key 文件包括一段私钥代码 “-----BEGIN RSA PRIVATE KEY-----” 和 “-----END RSA PRIVATE KEY-----”。
证书安装
将域名 www.domain.com 的证书文件 1_www.domain.com_bundle.crt 、私钥文件 2_www.domain.com.key 保存到同一个目录,例如 /usr/local/nginx/conf 目录下。
修改 Nginx 根目录下 conf/nginx.conf 文件,内容如下:
server {
listen 443;
server_name www.domain.com; #填写绑定证书的域名
ssl on;
ssl_certificate 1_www.domain.com_bundle.crt;
ssl_certificate_key 2_www.domain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录
index index.html index.htm;
}
}
下面是我自己的配置,我是分了两个配置文件一个是listen 80 ,另一个是 443:
server {
listen 80;
server_name www.xxxxxx.com;
return 301 https://$server_name$request_uri;
location / {
root /usr/share/nginx/html/xxxxxx.com;
index index.html index.php;
}
location ~ \.php$ {
fastcgi_pass 172.17.0.2:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/xxxxxx.com$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
listen 443;
server_name www.xxxxxx.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/cert/Nginx/1_xxxxxx.com_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/Nginx/2_xxxxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
access_log /etc/nginx/conf.d/cert/xxxxxx_ssl.log main;
error_log /etc/nginx/conf.d/cert/xxxxxx_error_ssl.log;
location / {
root /usr/share/nginx/html/xxxxxx.com;
index index.html index.php;
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
fastcgi_pass 172.17.0.2:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/xxxxxx.com$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
}
后来我在访问Wordpress的后台的时候,发现首页可以访问,但是后台访问不了,后来查阅了是“Nginx 设置wordpress 伪静态”的问题,所以加入了以下代码:
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
最后记得重启nginx