此例中,Docker容器A安装apache2,使用容器80端口(未映射宿主机端口),IP为 172.17.0.3,现在通过宿主机安装Nginx,绑定域名 abcdef.com,并配置SSL,以https转发。以下直接给出Nginx的 default.conf 配置文件,upstream 以下内容为自定义内容,其中 abcdef.com 是绑定的域名,SITE_SSL_CRT.crt SITE_SSL_KEY.key 是SSL证书文件和私钥文件。需要补充说明的是,如果你使用的是wordpress,则需要配置 wp-config.php文件添加
$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);上述代码必须添加在 wp-config.php 文件的 if ( ! defined( ‘ABSPATH’ ) ) 前。
宿主机的nginx反代Docker http,并配置SSL(强烈建议不要在Docker容器的网络服务器上配置SSL),nginx配置文件主要内容如下:
upstream abcdef_stream{
server 172.17.0.3:80;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name abcdef.com;
add_header Access-Control-Allow-Origin https://abcdef.com;
add_header Access-Control-Allow-Credentials true;
ssl_certificate /data/ssl/SITE_SSL_CRT.crt;
ssl_certificate_key /data/ssl/SITE_SSL_KEY.key;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://abcdef_stream;
proxy_redirect default;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
listen [::]:80;
server_name _;
rewrite ^/(.*) https://$host/$1 permanent;
}
}