上一節配置了nginx代理二級域名;這裏我們講講深層次運用
如下場景:
註冊好的域名:kaixin.com
現在有 1.http://130.111.122.12:8081
2.https://130.111.122.12:8443
需要在小程序中使用,這裏就用到了nginx的反向代理了
目標: 1. http://130.111.122.12:8081綁定到 hh.kaixin.com
2. https://130.111.122.12:8443綁定到 kk.kaixin.com
步驟:
0.下載Let’s Encrypt docker
docker pull quay.io/letsencrypt/letsencrypt:latest
1.領取CA證書
執行前請停掉nginx
docker run --rm -p 80:80 -p 443:443 \
-v /app/nginx_latest/letsencrypt:/etc/letsencrypt \
quay.io/letsencrypt/letsencrypt auth \
--standalone -m [email protected] --agree-tos \
-d hh.kaixin.com
docker run --rm -p 80:80 -p 443:443 \
-v /app/nginx_latest/letsencrypt:/etc/letsencrypt \
quay.io/letsencrypt/letsencrypt auth \
--standalone -m [email protected] --agree-tos \
-d kk.kaixin.com
這裏的
/app/nginx_latest/letsencrypt/
是指定在本地存放證書的地方
2.配置nginx
server {
listen 443 ssl;
server_name kk.kaixin.com;
ssl_certificate /etc/letsencrypt/live/kk.kaixin.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kk.kaixin.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
underscores_in_headers on;
location / {
proxy_pass https://130.111.122.12:8443;
}
}
server {
listen 443 ssl;
server_name hh.kaixin.com;
ssl_certificate /etc/letsencrypt/live/hh.kaixin.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hh.kaixin.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
underscores_in_headers on;
location / {
proxy_pass https://130.111.122.12:8081;
}
}
運行nginx:
docker run -p 80:80 -p 443:443 --restart always --name nginx_run -v /app/nginx_justrun/:/etc/nginx/ -v /app/nginx_latest/letsencrypt/:/etc/letsencrypt/ -d nginx
參考 link