Docker 啟動 Nignx + SSL
https://github.com/JonasAlfredsson/docker-nginx-certbot
準備 docker 和 letsencrypt 相關資料
- 連線進入 VPS
- cd /opt
- 創建資料夾 docker-nginx
- cd /opt/docker-nginx
- 分別建立 docker-compose.yml,nginx-certbot.env,letsencrypt 資料夾,user_conf.d 資料夾,public_html 資料夾
- 編輯 docker-compose.yml
- 編輯 nginx-certbot.env
- cd public_html 建立 index.html
- 編輯 index.html
- cd /opt/docker-nginx/user_conf.d 建立 default.conf
- 編輯 default.conf
- 啟動服務 docker compose up
- 瀏覽器輸入 {{domain_name}},檢查是否啟用 https
docker-compose.yml
version: '3'
services:
nginx:
image: jonasal/nginx-certbot:latest
restart: unless-stopped
environment:
- CERTBOT_EMAIL={{youremail}}
env_file:
- ./nginx-certbot.env
ports:
- 80:80
- 443:443
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./user_conf.d:/etc/nginx/user_conf.d
- ./public_html:/usr/share/nginx/html
default.conf
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
# Domain names this server should respond to.
server_name {{domain_name}} www.{{domain_nam}};
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;
# 配置加密套件,寫法遵循 openssl 標準
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# SSL會話cache
ssl_session_cache shared:SSL:1m;
# SSL會話超時時間
ssl_session_timeout 5m;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
# 圖片類的請求
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 10d;
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
nginx-certbot.env
# Required
CERTBOT_EMAIL=your@email.org
# Optional (Defaults)
DHPARAM_SIZE=2048
ELLIPTIC_CURVE=secp256r1
RENEWAL_INTERVAL=8d
RSA_KEY_SIZE=2048
STAGING=0
USE_ECDSA=1
# Advanced (Defaults)
CERTBOT_AUTHENTICATOR=webroot
CERTBOT_DNS_PROPAGATION_SECONDS=""
DEBUG=0
USE_LOCAL_CA=0
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Nginx</title>
</head>
<body>
<h1>This is demo to setup nginx + ssl with docker</h1>
</body>
</html>
docker exec -it {{containerID}} /bin/bash
http
client_header_buffer_size 1k;
large_client_header_buffers 21k;
client_body_buffer_size 16k;
client_max_body_size 8m;
keepalive_requests 100000; # 同一個連接接受最大請求數
keepalive_timeout 120; # 兩分鐘內可以使用同一個連接
sendfile on;
tcp_nopush on;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;