1目录
docker 安装 nginx 配置阿里免费证书实现 https 网上搜集 301 + 我自己遇到的 301 问题及解决办法
2继续
前提条件需要防火墙打开 80、443 端口和阿里云的入、出,也都要打开
1. 查看防火墙状态:
systemctl status firewalld
2. 开启防火墙
systemctl start firewalld.service
3. 开放端口放行:
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --add-port=9200/tcp --permanent
4. 查询指定端口是否已开
firewall-cmd --query-port=80/tcp
5,关闭防火墙
systemctl stop firewalld.service
安装 nginx
docker pull nginx
先启动 nginx
docker run --name nginx -p 80:80 -d nginx
创建宿主机对应文件夹后面进行挂载
docker cp nginx:/usr/local/docker/nginx/nginx.conf /home/nginx/config/
docker cp nginx:/usr/local/docker/nginx/conf.d /home/nginx
docker cp nginx:/usr/local/docker/nginx/html /home/nginx
现在停止并删除nginx容器
[root@iZuf6dkga3et5azs7s6kexZ sbin]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cc5a0855743e nginx "/docker-entrypoint.…" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx
[root@iZuf6dkga3et5azs7s6kexZ sbin]#
docker stop cc5a0855743e(容器 id)
docker rm cc5a0855743e(容器 id)
去阿里申请免费证书
阿里官方申请流程 https://help.aliyun.com/document_detail/221365.html
宿主机建个目录存放申请的证书(key、pem)
drwxr-xr-x 2 root root 4096 Nov 18 11:00 conf.d
drwxr-xr-x 2 root root 4096 Nov 17 22:28 html
drwxr-xr-x 2 root root 4096 Nov 15 11:49 logs
-rw-r--r-- 1 root root 1653 Nov 18 17:09 nginx.conf
drwxr-xr-x 2 root root 4096 Nov 17 12:17 ssl
[root@iZuf6dkga3et5azs7s6kexZ nginx]# pwd
/usr/local/docker/nginx
[root@iZuf6dkga3et5azs7s6kexZ nginx]# cd ssl/
[root@iZuf6dkga3et5azs7s6kexZ ssl]# ll
total 12
-rw-r--r-- 1 root root 1675 Nov 17 12:17 8802646_aaaqi.cn.key
-rw-r--r-- 1 root root 2122 Nov 17 12:16 8802646_aaaqi.cn.pem
-rw-r--r-- 1 root root 2122 Nov 17 12:16 8802646_aaaqi.cn.pem.bak
[root@iZuf6dkga3et5azs7s6kexZ ssl]#
配置 nginx.conf
[root@iZuf6dkga3et5azs7s6kexZ nginx]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 100m;
include mime.types;
server {
listen 80;
charset utf-8;
server_name aaaqi.cn www.aaaqi.cn;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl; # 1.1版本后这样写
server_name aaaqi.cn www.aaaqi.cn; #填写绑定证书的域名
ssl_certificate /etc/nginx/ssl/8802646_aaaqi.cn.pem; # 指定证书的位置,绝对路径
ssl_certificate_key /etc/nginx/ssl/8802646_aaaqi.cn.key; # 绝对路径,同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
# 引入扩展配置(可以细分服务nginx)
include /etc/nginx/conf.d/*.conf;
}
启动容器
docker run --name nginx -p 443:443 -p 80:80 -v
/usr/local/docker/nginx/html:/usr/share/nginx/html -v
/usr/local/docker/nginx/nginx.conf:/etc/nginx/nginx.conf/ -v
/usr/local/docker/nginx/logs:/var/log/nginx/ -v
/usr/local/docker/nginx/ssl:/etc/nginx/ssl/ --privileged=true -d --restart=always nginx
成功 
3301 问题
重定向路径问题
安全组入方向一定记得加
