Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

时间:2020-9-6 作者:admin


下载证书(这里以阿里云为例)

Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

Nginx配置证书

配置前准备

docker安装nginx

docker pull nginx

创建目录/home/nginx/cert
用于存放证书的文件夹,挂载在docker容器内

Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

创建目录/home/nginx/conf
用于存放nginx配置文件的文件夹,挂载在docker容器内

创建目录/home/nginx/html
用于存放项目的文件夹,挂载在docker容器内

编辑配置文件

conf文件夹中创建nginx.conf文件

nginx.conf


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        # 这里换成自己的域名
        server_name  www.ddandang.top;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    server {
        listen       443 ssl;
        # 这里换成自己的域名
        server_name  www.ddandang.top;

		# 这里换成自己放在cert文件夹中的文件名
        ssl_certificate      cert/www.ddandang.top.pem;
        # 这里换成自己放在cert文件夹中的文件名
        ssl_certificate_key  cert/www.ddandang.top.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers  on;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }
    }

}

运行docker

自己的vue项目将dist中的全部文件放到html目录就可以。
Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

docker run -p 80:80  -p 443:443 --name nginx -v /home/nginx/cert:/etc/nginx/cert -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/html:/usr/share/nginx/html -v /home/nginx/log:/var/log/nginx -d nginx

运行之后可以使用docker logs 容器ID查看运行日志

SpringBoot配置证书(内嵌tomcat)

下载tomcat证书

Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

将证书pfx后缀的文件放到springboot项目的resources文件夹中

编写application.yaml文件

server:
  ssl:
  	# 换成自己的文件夹名
    key-store: classpath:www.ddandang.top.pfx
    key-store-type: JKS
    # 换成自己password中的密码
    key-store-password: E3KqBa12

编写启动类

public class BlogBackApplication {

    public static void main(String[] args) {
        SpringApplication.run(BlogBackApplication.class, args);
    }

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                super.postProcessContext(context);
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
        return tomcat;
    }


    private Connector initiateHttpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        // http端口
        connector.setPort(7000);
        connector.setSecure(false);
        // https端口
        connector.setRedirectPort(9000);
        return connector;
    }
}

打jar包配置环境

这里使用Dockerfile运行

Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书
编辑文件Dockerfile

FROM java:8
MAINTAINER D
# 打包的jar包名
ADD blog-0.0.1-SNAPSHOT.jar blog.jar
# 暴露的端口 https端口就好了
EXPOSE 9000
ENTRYPOINT ["java","-jar","blog.jar"]

构建镜像

# 使用默认方式构建时需要进入到Dockerfile目录中
# 别忘记了后面的点
# blog 为容器名 9000为TAG
docker build -t blog:9000 .

启动容器

# blog 为容器名 9000为TAG
docker run -d -p 9000:9000 --name blog blog:9000

Docker 内 Nginx,SpringBoot(内置tomcat)配置HTTPS证书

声明:本文内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎进行举报,并提供相关证据,工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。