Miscellaneous | Using Docker and Nginx to add HTTPS access to your website

Enterprise 2023-10-02 22:16:00 views: null

Article directory

01 Preface

1.1 Introduction to HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is a protocol that protects website data transmission through encrypted communication. It is a secure version of the HTTP protocol that encrypts and authenticates data by using the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocol. Under HTTPS, transmitted data is encrypted between the client and server, ensuring that information cannot be eavesdropped, tampered with, or disguised.

1.2 Preparation

You need a Linux server, a domain name, and docker installation.
And obtained SSL certificates from service providers such as Alibaba Cloud.
On the Alibaba Cloud domain name management interface, click "Enable SSL Certificate".
Insert image description here
Just select "Free Certificate".
Insert image description here
Then click "Create Certificate" -> "Certificate Application"
to fill in the corresponding information and submit it for review.
After passing, click "Download" and select Nginx.
Insert image description here
After downloading, unzip it and contain a .keyfile and a .pemfile. Upload them to the server.

02 Write nginx.conf

...
http {
    
    
	...
    server {
    
    
    	# http2可以提升响应速度 是可选的
        listen 443 ssl http2;				# 这里要加上ssl 443是https的默认端口 80是http的默认端口
        server_name www.xxx.top;			# 证书对应的域名
        location / {
    
    
            ...
        }
        ssl_certificate /etc/ssl/certificates/www/www.xxx.top.pem;		# 证书存放路径(docker容器内的路径)
        ssl_certificate_key /etc/ssl/certificates/www/www.xxx.top.key;	# 私钥存放路径(docker容器内的路径)
        # 以下配置可以提升响应速度 是可选的
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/ssl/certificates/www/www.xxx.top.pem;
        ssl_buffer_size 4k;
    }
}

In summary, ssl is added during monitoring, and ssl_certificate and ssl_certificate_key configurations are added to enable HTTPS.

03 Use docker to start nginx

/rootCreate a new directory under the server directory ssl, and then place the certificate and private key files in this directory.
Write docker-compose.yml file (docker-compose needs to be installed)

version: '3.3'
services:
    nginx:
        volumes:
            - '/root/nginx.conf:/etc/nginx/nginx.conf'	# 配置文件映射
            - '/root/ssl:/etc/ssl/certificates'			# 证书目录映射
            - '/root/html:/usr/share/nginx/html'		# 页面目录映射(可选)
        network_mode: host								# 使用宿主机的网络
        image: 'nginx:stable-alpine-slim'

Start docker container

# 需要先cd到docker-compose.yml所在的目录 再执行命令
docker-compose up -d

Then you can enter httpsthe domain name to access.

Guess you like

Origin blog.csdn.net/xuzhongyi103/article/details/131298345
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com