创建挂载目录
/soft/nginx/conf
/soft/nginx/conf/conf.d
/soft/nginx/html
/soft/nginx/log
/soft/nginx/ssl //证书先放到这里
创建配置文件
-
vim /soft/nginx/conf/conf.d/default.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ .php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
# deny all;
#}
}
-
vim /soft/nginx/conf/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>系统时间</title>
</head>
<body>
<div id="datetime">
<script>
setInterval("document.getElementById('datetime').innerHTML=new Date().toLocaleString();", 1000);
</script>
</div>
</body>
启动nginx并配置挂载的目录
docker run -d
-p 80:80
-p 443:443
-v /soft/nginx/html:/usr/share/nginx/html
-v /soft/nginx/log:/usr/share/nginx/log
-v /soft/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
-v /soft/nginx/conf/conf.d/default.conf:/etc/nginx/conf.d/default.conf
-v /etc/localtime:/etc/localtime:ro
--name nginx
nginx:1.10
-d: 后台运行容器,并返回容器ID;
-p: 指定端口映射,格式为:主机(宿主)端口:容器端口
-v: 挂载后的目录:原目录
--name: 为容器指定一个名称;
:换行
把下载的证书长传到nginx容器中
docker cp /soft/nginx/ssl/1_zhezhao.work_bundle.crt 2710fe57aa19:/etc/nginx/ssl
docker cp /soft/nginx/ssl/2_zhezhao.work.key 2710fe57aa19:/etc/nginx/ssl
修改default.conf配置文件
server {
listen 80;
server_name zhezhao.work;
#nginx容器内证书地址
ssl_certificate /etc/nginx/ssl/1_zhezhao.work_bundle.crt;
#nginx容器内证书地址
ssl_certificate_key /etc/nginx/ssl/2_zhezhao.work.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
server_name zhezhao.work;
ssl_certificate /etc/nginx/ssl/1_zhezhao.work_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/2_zhezhao.work.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/