首先将证书放到下面的目录

/ocean/config/cert/

nginx的创建命令要开启443端口

docker run --name nginx -d -p 80:80 -p443:443 \
-v /ocean/config/nginx.conf:/etc/nginx/nginx.conf \
-v /ocean/config/conf.d/:/etc/nginx/conf.d/ \
-v /ocean/config/cert/:/cert/ \
nginx

 

conf.d下配置一个新的conf

server {
    listen       80;
    server_name  www.tp84.com tp84.com;	
	return 301 https://www.tp84.com$request_uri;	
}  

server {
    listen      443;
    server_name  www.tp84.com tp84.com;	
 
    # enable ssl
    ssl                       on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
 
    # config ssl certificate
    ssl_certificate           /cert/2703984_www.tp84.com.pem;
    ssl_certificate_key       /cert/2703984_www.tp84.com.key;
     
    location / { 
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass http://IP:8009;        
    }
}

最后最容易忘掉的一点,阿里云要开启安全组,需要开放443端口,因为这个原因我弄了好久。



Leave a Reply