【Docker】快速部署 Certbot 并为 Nginx 服务器配置 SSL/TLS 证书
引言
Certbot 是一个免费的开源工具,用于自动化管理和获取 SSL/TLS 证书,主要用于与 Let’s Encrypt 证书颁发机构交互。
步骤
- Nginx 挂载 certbot 文件夹。
docker run -d \
--name nginx \
-p 80:80 \
-p 443:443 \
-v "$(pwd)/nginx/nginx.conf:/etc/nginx/nginx.conf" \
-v "$(pwd)/nginx/conf.d:/etc/nginx/conf.d" \
-v "$(pwd)/nginx/log:/var/log/nginx" \
-v "$(pwd)/nginx/html:/usr/share/nginx/html" \
-v "$(pwd)/certbot/www:/usr/share/certbot/www:ro" \
-v "$(pwd)/certbot/ssl:/usr/share/certbot/ssl:ro" \
--restart always \
nginx:latest
- 修改 Nginx 配置文件 default.conf。
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location /.well-known/acme-challenge/ {
root /usr/share/certbot/www;
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html last;
index index.html index.htm;
}
}
- 创建证书(仅需运行一次)
docker run --rm \
-v "$(pwd)/www:/usr/share/certbot/www:rw" \
-v "$(pwd)/ssl:/etc/letsencrypt:rw" \
certbot/certbot certonly \
--webroot -w /usr/share/certbot/www \
-d example.com \
-d www.example.com \
--non-interactive \
--agree-tos \
--expand \
-m example@example.com
- 修改 Nginx 配置文件 default.conf,启用 SSL 证书。
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location /.well-known/acme-challenge/ {
root /usr/share/certbot/www;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com;
ssl_certificate /usr/share/certbot/ssl/live/example.com/fullchain.pem;
ssl_certificate_key /usr/share/certbot/ssl/live/example.com/privkey.pem;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html last;
index index.html index.htm;
}
}
- https 启用成功
