--- title: docker nginx ssl 設置 --- ###### tags: `docker`, `ssl`, `nginx` ## 設置前準備 * 項目: [jorani](https://github.com/bbalet/jorani) * 環境: Virtualbox Ubuntu 20.04 * Ubuntu 預先安裝`mkcert` * 定義服務 domain 為 docker103.test.com ## 設置步驟 1. 下載代碼到 : /home/test/docker_workspace/jorani 2. mkdir -p proxy/cert proxy/conf 3. 於 proxy/conf 新增文件 `nginx.conf` ``` events { worker_connections 1024; } http { server { listen 80; server_name docker103.test.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name docker103.test.com; ssl_certificate /etc/nginx/certs/docker103.test.com.crt; ssl_certificate_key /etc/nginx/certs/docker103.test.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *"; proxy_pass http://jorani; } } } ``` 4. proxy/cert 執行 以下 ``` mkcert \ -cert-file docker103.test.com.crt -key-file docker103.test.com.key docker103.test.com ``` 5. 修改 jorani/docker-compose.yml, 增加 proxy ``` proxy: image: nginx:1.19.10-alpine ports: - 80:80 - 443:443 volumes: - ./proxy/conf/nginx.conf:/etc/nginx/nginx.conf - ./proxy/certs:/etc/nginx/certs depends_on: - jorani ``` 6. virtualbox /etc/hosts 增加 domain ``` 127.0.0.1 docker103.test.com ``` 6. window 主機 hosts 增加 domain ``` your-virtualbox-ip docker103.test.com ``` 8. root 啟動 ``` docker-compose -f docker-compose.yml up --build ``` ## 其他注意事項 1. 確保 ubuntu nginx 為 inactive `sudo service nginx status`