Start nginxssl configuration based on docker

Prerequisites

• A cloud server (centOS of Alibaba Cloud, Tencent Cloud, etc.)
• The server must have Docker (the installation method is not introduced here)
• A domain name
• ssl certificate (two files: one with key suffix and one with pem suffix; there are many ways to generate them and I will not introduce them here)
  

Download the latest nginx docker image

docker pull nginx:latest

Create a directory nginx to store the following related things

mkdir -p /home/nginx/www /home/nginx/logs /home/nginx/conf

Put our static HTML page in the /home/nginx/www folder;

Create a file called nginx.conf under the created /home/nginx/conf folder as follows:

user nginx;
worker_processes 1;
 
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
 
 
events {
  worker_connections 1024;
}
 
 
http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
 
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';
 
  access_log /var/log/nginx/access.log main;
 
  sendfile on;
  #tcp_nopush on;
 
  keepalive_timeout 65;
 
  #gzip on;
 
  include /etc/nginx/conf.d/*.conf;

Deploy nginx

docker run -d -p 80:80 -p 443:443 --name nginx-server -v /home/nginx/www:/usr/share/nginx/html -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/logs:/var/log/nginx nginx

Command Explanation:

-p 80:80: Map the container's port 80 to the host's port 80.

-p 443:443: Map the container's port 80 to the host's port 443.
--name nginx-server: Name the container nginx-server.

-v /home/nginx/www:/usr/share/nginx/html: mount the www directory we created to the container’s /usr/share/nginx/html.

-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf: mount the nginx.conf we created ourselves to the container's /etc/nginx/nginx.conf.

-v /home/nginx/logs:/var/log/nginx: mount the logs we created ourselves to the container's /var/log/nginx.

After starting, you can access our HTML page through the domain name, but it’s not over yet.

Modify nginx.conf

Insert the following content into the nginx.conf file we just created: (Note: do not restart first)

server {
  listen 443 ssl;
  server_name fightingtop.cn www.fightingtop.cn;
  root /usr/share/nginx/html;
  ssl_certificate /ssl/certificate.pem;
  ssl_certificate_key /ssl/2832429_fightingtop.cn.key;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:1m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
 
  location / {
    root /usr/share/nginx/html;
    index index.html index.htm;
  }
}
 
server {
  listen 80;
  server_name fightingtop.cn www.fightingtop.cn;
  rewrite ^ https://$host$1 permanent;
}

Copy the two certificate files to the nginx container

First enter the nginx container and create an ssl folder in the root directory to store the certificate

docker exec -it aa5badebd38a /bin/bash cd / mkdir ssl

Start copying certificates

docker cp /home/ssl/certificate.key aa5badebd38a:/ssl/
docker cp /home/ssl/certificate.pem aa5badebd38a:/ssl/

You're done, reboot and you're done!

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.