欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

HTTPS认证三:用docker搭建nginx https服务器

程序员文章站 2022-04-30 23:37:43
...

1、生成证书

https://blog.csdn.net/egbert123/article/details/103831808

根证书

ca.crt

cacrt.pem

根证书签发的服务端证书

server.crt

  

服务端私钥

server.key

  

根证书签发的客户端证书

client.crt

clientcrt.pem

客户端私钥

client.key

clientkey.pem

2、准备文件

创建一个nginx目录,将server.crt, server.key, ca.crt文件放入该目录中

default.conf:

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
# Change the default configuration to enable ssl
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/server.crt;      //服务器证书
    ssl_certificate_key /etc/ssl/server.key;  //服务器key
    ssl_client_certificate /etc/ssl/ca.crt;  //验证客户端证书的CA证书
    ssl_verify_client on;        //双向认证on,单向认证off
    server_name 192.168.31.14;   //这里要server证书生成时一致,确保可以访问你的服务器
    server_tokens off;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

 

 

Dockerfile

FROM nginx:latest
COPY default.conf /etc/nginx/conf.d/
COPY server.crt /etc/ssl/
COPY server.key /etc/ssl
COPY ca.crt   /etc/ssl/

 

3、创建镜像

docker build -t nginx-ssl:latest .

4、运行容器

docker run -p 8123:80 -p 8124:443 --name nginx-ssl -tid nginx-ssl

此刻已经完成nginx https的搭建

5、验证

在浏览器输入https://192.168.31.14:8124 (我host的ip地址,根据自己环境)

 

HTTPS认证三:用docker搭建nginx https服务器提示没有证书,我们将p12证书导入到浏览器后,重启浏览器即可HTTPS认证三:用docker搭建nginx https服务器

 

 

 

HTTPS认证三:用docker搭建nginx https服务器

相关标签: HTTPS OPENSSL 双向认证

上一篇: php中调用其他系统http接口的方法说明_PHP教程

下一篇: 显示youtube视频缩略图和Vimeo视频缩略图代码分享_PHP教程

推荐阅读