Create Nginx docker container reverse proxy https

why why 2022-08-06 18:32:11 阅读数:1,005

createnginxdockercontainerreverse

Nginx A reverse proxy makes it easy to implement server network configuration,本文记录使用 Nginx The container does a reverse proxy https 服务的方法.

预备知识

当前环境

Let me introduce my current experimental environment,Comrades with similar needs and environments can refer to my operating procedures

  • The machine has been deployed in IP:Port of a web server
  • 服务器没有配置 https,仅提供 http 协议服务
  • 安装好了docker
  • 准备安装 nginx docker
  • 目的:以 https Protocol external reverse proxy local http 服务

操作流程

创建 Nginx 容器

  • Create a shared folder locally first /share/ssl
docker run --name=nginx -p 9443:443 -d --restart=always -v /share/ssl:/ssl nginx

创建SSL证书

我是直接在 nginx The certificate created in the container,It is also possible to generate imports into the container on the server

A self-signed certificate will prompt you that the certificate is not approved when you log in to the websiteCA信任,It needs to be manually added to the list of locally trusted certificates It needs to be generated for easier accessCA证书 In fact I didn't manage to generate it myself,最终使用的SSL证书是在Baidu Smart Cloud Application

  • 获取 server_private.key, server.crt 文件
  • 将证书放在 /ssl 文件夹中
:/ssl# ls
ca.csr ca.key ca_public.crt ca_public.srl server.crt server.csr server_private.key server_public.pem

Nginx 配置

  • /etc/nginx/conf.d 文件夹中创建配置文件 test.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
# server_name localhost;
ssl_certificate /ssl/key1/server.crt;
ssl_certificate_key /ssl/key1/server.key;
location / {
proxy_set_header X-FORWARDED-FOR $remote_addr;
proxy_set_header X-FORWARDED-PROTO $scheme;
proxy_set_header Host $http_host;
proxy_pass http://192.168.xxx.xxx:xxxx;
}
}

  • 配置完成后重启 nginx 服务
service nginx reload
  • After the configuration is complete, you can check whether the configuration is successful
nginx

If there is an error, it will prompt after the command is entered

  • newer kernel Linux 发行版要求密钥长度最少2048位,1024位的可能报错
SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

测试

  • 访问 本机 IP:9443 端口
  • The address can only start with https 协议访问
  • https After that, you can see the content of the proxied web page:
  • And if the domain name is not used when registering the certificate Common Name An unsafe prompt will be given
  • After the certificate is configured correctly, it can be accessed normally:

参考资料

copyright:author[why why],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/218/202208061814417997.html