Nginx 配置+SSL(docker)（Nginx 配置域名访问）

1，nginx介绍：

优先参照官网文档：https://hub.docker.com/_/nginx/

https://github.com/hnakamur/docker-nginx-lua

https://hub.docker.com/_/nginx/

2，以 docker 模式安装 nginx：

docker run -d --name nginx --restart=always -p 80:80 -p 443:443 -p 8888:8888 -v /disk02/tomcat/api/webapps:/usr/share/nginx/html -v /disk02/nginx/log:/var/log/nginx -e TZ="Asia/Shanghai" nginx:latest

3，更改 nginx 的配置：

从 docker 中复制出来原始的配置文件default.conf：

docker cp nginx:/etc/nginx/conf.d/default.conf default.conf

更改 default.conf，再覆盖 docker 中的配置：

docker cp default.conf nginx:/etc/nginx/conf.d/default.conf

重启 docker nginx：

docker restart nginx

4，从阿里云或腾讯云中获取免费的 ssl 证书，把相关证书复制到 nginx docker中的 /usr/local/目录，其中 saharadata.com是我们示例的域名：

命令一：

docker cp saharadata.com/Nginx/1_saharadata.com_bundle.crt nginx: /usr/local/saharadata.com/Nginx/1_saharadata.com_bundle.crt

命令二：

docker cp saharadata.com/Nginx/2_saharadata.com.key nginx:/usr/local/saharadata.com/Nginx/2_saharadata.com.key

5，SSL配置示例（更改 default.conf 文件，再重复上面第3条的操作）：

server {
listen 443 ssl;
server_name saharadata.com;
ssl on;
ssl_certificate /usr/local/saharadata.com/Nginx/1_saharadata.com_bundle.crt;
ssl_certificate_key /usr/local/saharadata.com/Nginx/2_saharadata.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
# api ssl
location ^~/api/ {
proxy_pass http://api.saharadata.com:18181;
break;
}
}
server {
listen 80;
server_name saharadata.com;
client_max_body_size 20m;
location / {
rewrite ^ https://$server_name:443$request_uri? permanent;
}
}

6，Nginx反向代理到Tomcat服务器

在server {}块最后，补充下面的内容：

location ^~ /tomcat/
{
proxy_pass http:
//saharadata.com:8181/;
proxy_redirect off;
proxy_set_header X
-Real-
IP $remote_addr;
proxy_set_header X
-Forwarded-
For $proxy_add_x_forwarded_for;
}
location ^~ /static_js/
{
proxy_cache js_cache;
proxy_set_header Host js.test.com;
proxy_pass http://js.test.com;
}

则会被代理到http://js.test.com/static_js/test.htm

location ^~/wiki/
{
proxy_set_header Host yonsz.com:8000;
proxy_pass http://yonsz.com:8000;
}
location ^~/pm/
{
proxy_set_header Host yonsz.com:8000;
proxy_pass http://yonsz.com:8000;
}