開發環境:netcore3.1
部署環境:centos8、docker20+、phpstudy小皮面板、nginx
1.申請一個免費的ssl證書
2.用小皮面板創建一個站點,並編輯ssl信息
3.發佈netcore項目->創建docker鏡像->運行容器,並記錄下容器的運行端口,設置nginx業務地址用
4.小皮面板打開站點設置,設置nginx反向代理啓動反向代理並設置配置文件
upstream websocket{
server 127.0.0.1:49162; #websocket實際業務員處理地址/容器:端口
}
upstream web{
server 127.0.0.1:49152; #網站請求實際業務處理地址/容器:端口
}
server{
listen 80 ;
server_name push.test.com; #域名
#代理配置(默認的)
location /{
proxy_set_header X-Original-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host push.test.com:$server_port;
proxy_pass http://web/;
}
access_log /www/admin/push.test.com_80/log/nginx_access_$logdate.log main;
rewrite ^(.*)$ https://$host$1 permanent;
}
server{
listen 443 ssl;
server_name push.test.com; #域名
#開啓SSL
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
underscores_in_headers on;
#證書文件(自己域名的ssl文件)
ssl_certificate /usr/local/phpstudy/certs/push.test.com/push.test.com_nginx_public.crt;
ssl_certificate_key /usr/local/phpstudy/certs/push.test.com/push.test.com_nginx.key;
#代理配置
location /{
proxy_pass http://websocket/; #websocket對應上邊的upstream
proxy_http_version 1.1;
proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade;
}
access_log /www/admin/push.test.com_80/log/nginx_access_$logdate.log main;
}