From 39d791e15659223c336d6687894986e7c4d34bf6 Mon Sep 17 00:00:00 2001 From: 1708-huayu <57060237+1708-huayu@users.noreply.github.com> Date: Mon, 3 Mar 2025 19:13:16 +0800 Subject: [PATCH] feat:https --- docker/Dockerfile | 9 ++++----- docker/deploy.md | 10 ++++++++-- docker/nginx.conf | 27 +++++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 9 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 73f2133..5dd7be5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,7 @@ # nginx配置 FROM nginx COPY nginx.conf /etc/nginx/nginx.conf -COPY out /usr/share/nginx/html -EXPOSE 3001 -CMD ["nginx", "-g", "daemon off;"] -# docker build -t task-manager-nginx . -# docker run -d -p 3001:3001 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx +COPY cert /etc/nginx/cert +COPY out /html +EXPOSE 3001 3002 +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/docker/deploy.md b/docker/deploy.md index 47b5c1a..4a9804b 100644 --- a/docker/deploy.md +++ b/docker/deploy.md @@ -1,5 +1,9 @@ ```shell scp -r out/ shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web +scp -r cert/ shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web +scp nginx.conf shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web +scp Dockerfile shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web +ssh shixiaohua@10.104.11.99 ``` @@ -8,8 +12,10 @@ docker操作 docker stop task-manager-nginx docker rm task-manager-nginx docker rmi task-manager-nginx +cd /home/shixiaohua/docker/todo-web/ docker build -t task-manager-nginx . -# docker run -d -p 3001:3001 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx -docker run -d -p 3001:80 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx +docker run -d -p 3001:80 -p 3002:443 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx +# 进入容器 +docker exec -it a3ca9658cc6ce331cc0e4f84996088940a386b39b3e2edd56549d335a52ab581 /bin/sh ``` \ No newline at end of file diff --git a/docker/nginx.conf b/docker/nginx.conf index b21cd63..c3f750c 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -13,9 +13,34 @@ events { http { include /etc/nginx/mime.types; default_type application/octet-stream; + # HTTPS 服务器监听端口 + # 443 # HTTP 服务器监听端口 server { listen 80; + # start 启用https + listen 443 ssl; + # 服务器名称 + server_name www.huaruyu.com; + # 将所有HTTP请求通过rewrite指令重定向到HTTPS。 + # rewrite ^(.*)$ https://$host$1; + # 填写证书文件绝对路径 + ssl_certificate /etc/nginx/cert/www.huaruyu.com.pem; + # 填写证书私钥文件绝对路径 + ssl_certificate_key /etc/nginx/cert/www.huaruyu.com.key; + + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; + + # 自定义设置使用的TLS协议的类型以及加密套件(以下为配置示例,请您自行评估是否需要配置) + # TLS协议版本越高,HTTPS通信的安全性越高,但是相较于低版本TLS协议,高版本TLS协议对浏览器的兼容性较差。 + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + + # 表示优先使用服务端加密套件。默认开启 + ssl_prefer_server_ciphers on; + # end 启用https + # 启用 ETag 头,Nginx 会为每个资源生成一个唯一的 ETag 值,当资源更新时,ETag 值会改变。 etag on; @@ -31,8 +56,6 @@ http { if ($request_method = 'OPTIONS') { return 204; } - # 服务器名称 - server_name localhost; # 访问日志路径 access_log /var/log/nginx/access.log; # 站点根目录