我在一台服务器上有一个nginx和一个docker nginx。
我已经在一个nginx成功地设置了一个Https服务器(端口是80(,
我打开https://subdomain1.domain
,它将显示网页的成功。
但是我设置docker nginx-https(端口为8080(失败。
我打开https://subdomain2.domain:8080
,它会在下面显示错误。
This site can’t provide a secure connection
subdomain2.domain sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
这是我的docker流程信息。
root@server:~/# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c798c72861fa 13b3 "/bin/bash /app/dock…" 13 days ago Up 16 minutes 443/tcp, 8000/tcp, 0.0.0.0:8080->8080/tcp nginx
我有4个nginx conf,我不知道如何调整nginx onf以使docker-https工作。
在下面的主机
/usr/local/nginx/conf/nginx.conf
中。user www www; worker_processes auto; worker_cpu_affinity auto; error_log /home/wwwlogs/nginx_error.log crit; pid /usr/local/nginx/logs/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept off; accept_mutex off; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; sendfile on; sendfile_max_chunk 512k; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]."; #limit_conn_zone $binary_remote_addr zone=perip:10m; ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section. server_tokens off; access_log off; include vhost/*.conf; }
在主机
/usr/local/nginx/conf/vhost/subdomain1.domain.conf
中server { listen 80 default; server_name _; index index.php index.html index.htm; return 301; } server { listen 443 default ssl http2; server_name _; index index.php index.html index.htm; ssl_certificate /usr/local/nginx/conf/vhost/server.crt; ssl_certificate_key /usr/local/nginx/conf/vhost/server.key; return 302; } server { listen 443 ssl http2; server_name subdomain1.domain; ssl_certificate /usr/local/nginx/conf/vhost/server.crt; ssl_certificate_key /usr/local/nginx/conf/vhost/server.key; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/default/[project name]/backstage; include rewrite/other.conf; include enable-php-pathinfo.conf; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /. { deny all; } access_log /home/wwwlogs/www.xxxx.com.log; error_log /home/wwwlogs/www.xxxx.error.log; }
在码头
/etc/nginx/conf.d/[appName].conf
server { gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary off; gzip_disable "MSIE [1-6]."; client_max_body_size 200m; root /app/dist; index index.html; location /api/ { rewrite /api/(.*) /$1 break; proxy_pass https://localhost:8000/; } listen 443 ssl http2; server_name subdomain2.domain; ssl_certificate /app/nginx/server.crt; ssl_certificate_key /app/nginx/server.key; #enable ssl ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; }
在码头
/app/nginx/[appName].conf
server { gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary off; gzip_disable "MSIE [1-6]."; client_max_body_size 200m; root /app/dist; index index.html; location /api/ { rewrite /api/(.*) /$1 break; proxy_pass https://localhost:8000/; } listen 443 ssl http2; server_name subdomain2.domain; ssl_certificate /app/nginx/server.crt; ssl_certificate_key /app/nginx/server.key; #enable ssl ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; ; } server { listen 8080 ; server_name subdomain2.domain; return 308 https://$server_name$request_uri; }
如何修复子域2.domain https设置?
您应该:
- 停止主机中的nginx服务
- 再次构建新的容器nginx,并向主机公开端口443
docker run -d --name containter_name -p 8080:443 image
则访问:https://subdomain2.domain:8080
您应该将ssl_certificate和密钥复制到容器