小贝子编程

nginx / docker / ssl for localhost



我想使用nginx和自签名证书为localhost启用ssl。我想这么做是因为我把nginx作为一个反向代理放在一个用https重定向的应用程序前面,我不想修改应用程序

我已经用以下命令生成了证书:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt

这是我的码头撰写

version: '2.1'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./data/nginx/certs:/etc/nginx/certs
- ./data/nginx/nginx.conf:/etc/nginx/nginx.conf
networks:
- no-internet
- internet
depends_on:
- ap-service

back-service:
...
networks:
- no-internet

db-service:
...
networks:
- no-internet
- internet
networks:
internet:
driver: bridge
no-internet:
internal: true
driver: bridge

这是我的nginx.conf

events {
worker_connections  1024;  ## Default: 1024
}
http{
server {
listen 80;
listen [::]:80;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}
server {
listen 443;
listen [::]:443;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}
server {
listen 8000;
listen [::]:8000;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8000/;
}
}
}

但是当重定向到https://localhost/谷歌chrome显示一个灰色页面,上面写着ERR_SSL_PROTOCOL_ERROR

nginx日志显示以下

nginx-proxy    | nginx.1    | 172.21.0.1 - - [02/Jun/2021:21:54:07 +0000] "x16x03x01x02x00x01x00x01xFCx03x03xA4xF3xD75xE13XqtLxBFxF5hx11x0Bx83xB55PxAFxD1Ux9FxD3x17x9AxB3x22}dZxE7 x92x89x805x14LxE8=xDALxF0xA0xBFxE1x9A xC1xAFxB4xC6xFAxC7nxA5.xBFxKxAAxFBx050x00x22ZZx13x01x13x02x13x03xC0+xC0/xC0,xC00xCCxA9xCCxA8xC0x13xC0x14x00x9Cx00x9Dx00/x005x00" 400 158 "-" "-"

您必须在nginx.conf:上的server块内添加证书

server {
listen 443 ssl;
server_name localhost;
ssl_certificate     /etc/nginx/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/certs/nginx-selfsigned.key;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium