feat:https
This commit is contained in:
parent
f6e4b6400a
commit
39d791e156
|
@ -1,8 +1,7 @@
|
|||
# nginx配置
|
||||
FROM nginx
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
COPY out /usr/share/nginx/html
|
||||
EXPOSE 3001
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
# docker build -t task-manager-nginx .
|
||||
# docker run -d -p 3001:3001 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx
|
||||
COPY cert /etc/nginx/cert
|
||||
COPY out /html
|
||||
EXPOSE 3001 3002
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
|
@ -1,5 +1,9 @@
|
|||
```shell
|
||||
scp -r out/ shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web
|
||||
scp -r cert/ shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web
|
||||
scp nginx.conf shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web
|
||||
scp Dockerfile shixiaohua@10.104.11.99:/home/shixiaohua/docker/todo-web
|
||||
ssh shixiaohua@10.104.11.99
|
||||
```
|
||||
|
||||
|
||||
|
@ -8,8 +12,10 @@ docker操作
|
|||
docker stop task-manager-nginx
|
||||
docker rm task-manager-nginx
|
||||
docker rmi task-manager-nginx
|
||||
cd /home/shixiaohua/docker/todo-web/
|
||||
|
||||
docker build -t task-manager-nginx .
|
||||
# docker run -d -p 3001:3001 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx
|
||||
docker run -d -p 3001:80 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx
|
||||
docker run -d -p 3001:80 -p 3002:443 --network task-manager --restart unless-stopped -v ./out:/usr/share/nginx/html --name task-manager-nginx task-manager-nginx
|
||||
# 进入容器
|
||||
docker exec -it a3ca9658cc6ce331cc0e4f84996088940a386b39b3e2edd56549d335a52ab581 /bin/sh
|
||||
```
|
|
@ -13,9 +13,34 @@ events {
|
|||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
# HTTPS 服务器监听端口
|
||||
# 443
|
||||
# HTTP 服务器监听端口
|
||||
server {
|
||||
listen 80;
|
||||
# start 启用https
|
||||
listen 443 ssl;
|
||||
# 服务器名称
|
||||
server_name www.huaruyu.com;
|
||||
# 将所有HTTP请求通过rewrite指令重定向到HTTPS。
|
||||
# rewrite ^(.*)$ https://$host$1;
|
||||
# 填写证书文件绝对路径
|
||||
ssl_certificate /etc/nginx/cert/www.huaruyu.com.pem;
|
||||
# 填写证书私钥文件绝对路径
|
||||
ssl_certificate_key /etc/nginx/cert/www.huaruyu.com.key;
|
||||
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 5m;
|
||||
|
||||
# 自定义设置使用的TLS协议的类型以及加密套件(以下为配置示例,请您自行评估是否需要配置)
|
||||
# TLS协议版本越高,HTTPS通信的安全性越高,但是相较于低版本TLS协议,高版本TLS协议对浏览器的兼容性较差。
|
||||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
|
||||
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
|
||||
# 表示优先使用服务端加密套件。默认开启
|
||||
ssl_prefer_server_ciphers on;
|
||||
# end 启用https
|
||||
|
||||
# 启用 ETag 头,Nginx 会为每个资源生成一个唯一的 ETag 值,当资源更新时,ETag 值会改变。
|
||||
etag on;
|
||||
|
||||
|
@ -31,8 +56,6 @@ http {
|
|||
if ($request_method = 'OPTIONS') {
|
||||
return 204;
|
||||
}
|
||||
# 服务器名称
|
||||
server_name localhost;
|
||||
# 访问日志路径
|
||||
access_log /var/log/nginx/access.log;
|
||||
# 站点根目录
|
||||
|
|
Loading…
Reference in New Issue