环境准备
systemctl stop firewalld
setenforce 0安装docker
#安装依赖包
yum -y install yum-utils device-mapper-persistent-data lvm2
#设置阿里云镜像
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#安装最新版本的docker
yum -y install docker-ce docker-ce-cli containerd.io
#设置开机自启
systemctl enable docker.service
#镜像加速下载
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://fil0uwf5.mirror.aliyuncs.com"]
}
EOF
#重新加载配置,重启docker
systemctl daemon-reload
systemctl restart docker
#下载nginx镜像
docker pull nginx
docker images
准备证书
证书生成脚本
cd /opt
vim /opt/cert.sh
i# 该脚本,可以生成对应域名的所需的证书文件
CA_SUBJECT="/O=kgc/CN=ca.kgc.com"
SUBJECT="/C=CN/ST=js/L=nj/O=kgc/CN=www.kgc.com"
SERIAL=34
EXPIRE=365
FILE=kgc.com
#生成一个自签名的X.509证书
openssl req -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 365 -out ca.crt
#生成一个RSA密钥对和证书签名请求
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.csr
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
执行脚本
bash cert.sh
#执行该脚本后执行后会生成ca.crt ca.key certificate.sh kgc.com.crt kgc.com.csr kgc.com.key 这几个文件,需要对其进行处理
kgc.com.crt(购买者) ca.crt(b颁发者) www.kgc.com.key(验证钥匙
创建cert目录存放证书文件
cat kgc.com.crt ca.crt > www.kgc.com.crt
mv kgc.com.key www.kgc.com.key
ll /mnt/cert/
nginx.conf 文件
cd /mnt
vim /mnt/nginx.conf
iuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
listen 443 ssl;
ssl_certificate /mnt/www.kgc.com.crt;
ssl_certificate_key /mnt/www.kgc.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.kgc.com;
root /usr/share/nginx/html;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}index.html 文件
cd /mnt
echo "monor" > /mnt/index.html
生成nginx容器
docker run -itd -p 8080:80 -p 8090:443 -v /mnt/nginx.conf:/etc/nginx/nginx.conf -v /mnt/index.html:/usr/share/nginx/html/index.html -v /mnt/cert/:/mnt/ --name nginx nginx:latest#生成容器,指定容器内80端口映射到本机的8080端口,指定容器内443端口映射到本机的8090端口
#将/mnt/nginx.conf挂载到容器内/etc/nginx/nginx.conf下,
#将/mnt/index.html挂载到容器内的/usr/share/nginx/html/index.html,将容器内的index.html覆盖掉
#将/mnt/cert挂载到容器内的/mnt下,/mnt/cert下的所有文件都会出现在容器的/mnt下
#别名为 nginx 使用 nginx:latest 镜像生成并启动
docker ps -a
浏览器访问
https://192.168.67.30:8090/
点击【高级】
选择【继续访问 192.168.67.30 (不安全)
