容器部署nginx为网站配置https
1.安装nginx
podman run -d --privileged --name nginx nginx
2.创建目录并进入该目录
mkdir -p /podman/nginx && cd /podman/nginx
3.从容器内部复制文件到本地
podman cp nginx:/etc/nginx/nginx.conf /podman/nginx
podman cp nginx:/etc/nginx/conf.d /podman/nginx
podman cp nginx:/usr/share/nginx/html /podman/nginx
4.停止nginx
podman stop nginx
5.删除nginx
podman rm nginx
6.编写podman-compose.yml
vi /podman/nginx/podman-compose.yml
version: '3'
services:
nginx:
restart: always
container_name: nginx
image: nginx
privileged: true
ports:
- 80:80
- 443:443
volumes:
- /podman/nginx/html:/usr/share/nginx/html
- /podman/nginx/www:/var/www
- /podman/nginx/logs:/var/log/nginx
- /podman/nginx/nginx.conf/:/etc/nginx/nginx.conf
- /podman/nginx/etc/cert:/etc/nginx/cert
- /podman/nginx/conf.d:/etc/nginx/conf.d
environment:
- NGINX_PORT=80
7.启动容器
podman-compose up –d
8.上传证书到/podman/nginx/etc/cert/
9.修改配置文件
vi /podman/nginx/conf.d/default.conf
server {
listen 80;
server_name aaa.com; #配置域名
return 301 https://$host$request_uri; #配置重定向,强制http跳转https
}
server {
listen 443 ssl; #监听443端口
server_name aaa.com;
#配置ssl
ssl_certificate /etc/nginx/cert/aaa.com.pem;
ssl_certificate_key /etc/nginx/cert/aaa.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
proxy_pass http://172.28.11.106:8088; #配置反向代理
}
10.重启nginx:podman-compose restart
License:
CC BY 4.0