获取 Nginx 配置文件

docker run -d -p 80:80 --name nginx nginx
NGINX=$HOME/docker/nginx
mkdir -p $NGINX
mkdir $NGINX/cert
docker cp nginx:/etc/nginx/nginx.conf $NGINX
docker cp nginx:/etc/nginx/conf.d $NGINX
docker rm -f nginx

获取 Nginx SSL 证书

从阿里云或者腾讯云下载 Nginx 服务器对应的证书，拿到两个关键文件放到如下位置：

• $NGINX/cert/xxxx_bundle.crt
• $NGINX/cert/xxxx.key

配置 Nginx SSL

新建 ssl.conf 配置文件：

server {
    listen 443 ssl http2;
    server_name xxxx;

    ssl_certificate /etc/nginx/cert/xxxx_bundle.crt;
    ssl_certificate_key /etc/nginx/cert/xxxx.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024m;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://xxx.xxx.xxx.xxx:xxxx;
    }
}

proxy_pass 字段表示反向代理的地址，我填的是应用的实际公网地址和端口。

修改 default.conf 文件，修改或者加上这两行：

server {
    server_name  xxxx;
    return 301 https://$host$request_uri;
}

return 字段表示访问 http 时自动重定向到 https。

启动 Nginx

NGINX=$HOME/docker/nginx
docker run -d \
-p 80:80 -p 443:443 \
--name nginx \
-v ${NGINX}/nginx.conf:/etc/nginx/nginx.conf \
-v ${NGINX}/conf.d:/etc/nginx/conf.d \
-v ${NGINX}/logs:/var/log/nginx \
-v ${NGINX}/cert:/etc/nginx/cert \
nginx

sh start.sh
docker ps

Reference

https://www.exception.site/docker/how-to-config-ssl-with-docker-nginx