HTTPS認證三：用docker搭建nginx https服務器

1、生成證書

https://blog.csdn.net/egbert123/article/details/103831808

根證書	ca.crt	cacrt.pem
根證書籤發的服務端證書	server.crt
服務端私鑰	server.key
根證書籤發的客戶端證書	client.crt	clientcrt.pem
客戶端私鑰	client.key	clientkey.pem

2、準備文件

創建一個nginx目錄，將server.crt, server.key, ca.crt文件放入該目錄中

default.conf：

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
# Change the default configuration to enable ssl
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/server.crt;      //服務器證書
    ssl_certificate_key /etc/ssl/server.key;  //服務器key
    ssl_client_certificate /etc/ssl/ca.crt;  //驗證客戶端證書的CA證書
    ssl_verify_client on;        //雙向認證on，單向認證off
    server_name 192.168.31.14;   //這裏要server證書生成時一致，確保可以訪問你的服務器
    server_tokens off;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

 

 

Dockerfile

FROM nginx:latest
COPY default.conf /etc/nginx/conf.d/
COPY server.crt /etc/ssl/
COPY server.key /etc/ssl
COPY ca.crt   /etc/ssl/

 

3、創建鏡像

docker build -t nginx-ssl:latest .

4、運行容器

docker run -p 8123:80 -p 8124:443 --name nginx-ssl -tid nginx-ssl

此刻已經完成nginx https的搭建

5、驗證

在瀏覽器輸入https://192.168.31.14:8124 (我host的ip地址，根據自己環境)

 

提示沒有證書，我們將p12證書導入到瀏覽器後，重啓瀏覽器即可