Preface
😘 This article explains how to install the Docker container Nginx on a Linux system and use Nginx to proxy HTTPS encryption requests. If you don't want such a complex configuration, you can use it pagoda For one-click deployment, automatic acquisition of SSL certificates, etc., this article is purely manual configuration of SSL certificates.
remind
-
😊 Configuring HTTPS encrypted access requires a Web site SSL certificate to be obtained first. This tutorial will only be edible if an SSL certificate has been obtained--->.
-
But You don't have a certificate to apply for a free SSL certificate from your operator or go to the pagoda to apply for an SSL certificate.
💕 Today's Picture~
Demonstration environment
System: CentOS 7
Docker: Docker 20.10.10
Install Nginx container
👍 Docker Install and Configure Nginx Service
Installation Tutorial is here ☝ The article has been explained in detail~
👀 If you are Xiao Bai, please do the following after you have finished the above article. If you have installed and deployed the Nginx container, the container and the local mapping file directory may not be the same as mine, please change the configuration path in the command to your Nginx configuration directory
create profile
Configuration file name is arbitrary, take test for example
touch /mydata/nginx/conf/conf.d/test.conf
Edit Profile
vim /mydata/nginx/conf/conf.d/test.conf
Paste the following configuration information
✔ The configuration here is to test.com, for example, change the configuration information to your site information and copy and paste it
Note: Certificate files and private key files should be placed in the conf directory of Nginx, and the certificate name and secret key name in the configuration file should correspond to the file name one-to-one
# Listen on port 443
server {
#SSL access port number 443
listen 443 ssl;
#Fill in the domain name of the binding certificate
server_name test.com;
#Certificate file name
ssl_certificate test.crt;
#Private key file name
ssl_certificate_key test.key;
ssl_session_timeout 5m;
#Please configure according to the following protocols
ssl_protocols TLSv1.2 TLSv1.3;
#Please configure the encryption suite according to the following package configurations, written in accordance with the openssl standard.
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://test.com;
}
}
Test the configuration file for problems
Enter Nginx command interaction
docker exec -it nginx /bin/bash
Verify Profile Issue
cd /sbin & nginx -t
If there are no questions, the following prompts will be displayed
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
If so, reconfigure it or modify it as prompted.
Configured and verified to be OK Remember to restart the Nginx container for testing
docker restart nginx
HTTP Auto Jump HTTPS Security Configuration (optional, recommended)
If you need to automatically redirect HTTP requests to HTTPS. You can set it by doing the following:
- Add JS script to page
- Add redirection in backend program
- Jump through Web server
Nginx supports rewrite functionality. If you compiled without removing pcre, you can add return 301 https://$host$request_to the HTTP server Uri;, This redirects requests from the default port 80 to HTTPS. Modify the following:
Explain:
- Configuration statements without comments are configurable as described below.
- Configuration files may be written differently due to version issues. For example, if the Nginx version is nginx/1.15.0 or above, use listen 443 ssl instead of listen 443 and ssl on.
# Listen on port 443
server {
listen 443 ssl;
#Fill in the domain name of the binding certificate
server_name test.com;
#Certificate file name
ssl_certificate test.crt;
#Private key file name
ssl_certificate_key test.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://test.com;
}
}
# Listen on port 80----->Turn http requests into https requests
server {
listen 80;
#Fill in the domain name of the binding certificate
server_name test.com;
#Convert http domain name request to https
return 301 https://$host$request_uri;
}
To put it plainly, you're using it http://xx.xx.xx Access to the site is automatically changed to https://xx.xx.xx
Tip: Server listening on port 80 only needs to change server_name is fine.