current position:Home>Docker compose deploy nginx configure SSL

Docker compose deploy nginx configure SSL

2022-04-29 18:58:41Shuibutian

1 background

With the public cloud 、 The popularity of private and hybrid clouds , Containerization technology is increasingly used by the public ,docker Related applications and deployments are increasingly used in work , This article takes nginx Take the deployment of as an example , If it's just a simple installation nginx, You can refer to 《linux Four under the system nginx Installation method 》, This article is the continuation and expansion of the previous article .

2 Environmental statement

name edition
operating system CentOS Linux release 7.9.2009 (Core)
dockerDocker version 20.10.14
docker-composedocker-compose version 1.25.1
nginx1.21.6

3 Deploy nginx

3.1 preparation

Create folder

mkdir -p /data/nginx/conf.d /data/nginx/logs /data/nginx/letsencrypt /data/site

Create a deployment file

vi /data/nginx/docker-compose.yml

Enter the following information

version: "3"
services:
  nginx:
    image: nginx:1.21.6
    restart: always
    container_name: nginx
    environment:
      - TZ=Asia/Shanghai
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /data/nginx/conf.d:/etc/nginx/conf.d
      - /data/nginx/logs:/var/log/nginx
      - /data/site:/usr/share/nginx/html
      - /data/nginx/letsencrypt:/etc/letsencrypt
      - /data/nginx/nginx.conf:/etc/nginx/nginx.conf
project Catalog explain
Configure folders /data/nginx/conf.d Store in the directory default.conf
The configuration file /data/nginx/nginx.conf Master profile
Log folder /data/nginx/logserrors.log and acess.log
Certificate folder /data/nginx/letscrypt Deposit nginx Of https certificate
Site /data/site Site folder
Deployment file /data/nginx/docker-compose.yml Deployment file

** Be careful :** The certificate needs to be applied for at the domain name purchase website in advance .
After the directory is created , Place the file in the corresponding directory
nginx.conf and default.conf The configuration file 、 Certificate file 、 Deployment file docker-compose.yml、 Site files
nginx Configuration file acquisition method :
nginx.conf and default.conf The file can be used
1、 Pull the mirror image

docker pull nginx:1.21.6 

2、 Running the mirror

docker run -d -p 8080:80 nginx:1.21.6

3、 Look at the container id

docker ps

4、 Into the container

docker exec -it f424fd6f2315 /bin/bash

Be careful : If you are using alpine Version of nginx The command to enter the container is :docker exec -it 33e8474cdd09 /bin/sh

Find in container default.conf and nginx.conf The location of the file

  • /etc/nginx/conf.d/default.conf
  • /etc/nginx/nginx.conf

5、 Exit the container

exit

6、 Copy

docker cp f424fd6f2315:/etc/nginx/conf.d/defaut.conf /data/nginx/donf.d
docker cp f424fd6f2315:/etc/nginx/nginx.conf /data/nginx

Copy complete
7、 Delete container

docker stop f424fd6f2315
docker rm f424fd6f2315

Directory structure
 Insert picture description here
Issue port or service
centos7.9 The server is issued by default ssh service ,nginx External access is required htttp and https Or its corresponding port 80 and 443 port

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

3.2 Start deployment

Launch deployment

docker-compose up -d

 Insert picture description here

test
The input terminal curl IP Insert picture description here

Open the browser and type IP Address check
 Insert picture description here
Careful readers may have noticed the left side of the browser's address bar “ unsafe ” Words and icons , Next configure SSL Certificate to make the website relatively safer .

4 To configure SSL certificate

To configure Nginx in “/data/nginx/conf.d/” In the catalog “default.conf” file .
Add the following

vi /data/nginx/conf.d/default.conf
server {
    
    # SSL  Access port 
    listen      443 ssl;
    #  Bind certificate domain name 
    server_name jjyard.xyz;
    #  Certificate file 
    ssl_certificate     /etc/letsencrypt/jjyard.xyz_bundle.crt;
    #  Private key file 
    ssl_certificate_key /etc/letsencrypt/jjyard.xyz.key;
    ssl_session_timeout 5m;
    #  Configuration protocol 
    ssl_protocols       TLSv1.2 TLSv1.3;
    # Please configure according to the following package , Configure encryption suite , The writing follows  openssl  standard .
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
    ssl_prefer_server_ciphers on;
    location / {
    
        root    /usr/share/nginx/html;
        index   index.html index.htm;
    }
}

 Insert picture description here
Look at the run container id

docker ps 

Use the container you see id Into the container
Into the container

docker exec -it 33e8474cdd09 /bin/bash

Be careful : If you are using alpine Version of nginx The order is :docker exec -it 33e8474cdd09 /bin/sh
verification nginx The configuration file
nginx -t
 Insert picture description here
Restart container

docker restart 33e8474cdd09

browser
Input :https://jjyard.xyz
 Insert picture description here

Enter the original... In the browser
http://jjyard.xyz
 Insert picture description here

At present, it is in support of 80 and 443 Port of , Can be 80 The port is forced to jump to 443 Port usage https Agreement to access
modify /data/nginx/conf.d/default.conf
Add the following information

# Fill in the domain name of the binding certificate 
server_name server_name.xyz; 
# hold http Domain name request to be converted to https
return 301 https://$host$request_uri; 

Restart container

docker restart 33e8474cdd09

Browser input http://jjyard.xyz
The browser automatically jumps https://jjyard.xyz
 Insert picture description here

5 Reference resources

Nginx The server SSL Certificate installation and deployment

copyright notice
author[Shuibutian],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/119/202204291644427267.html

Random recommended