• 拉取镜像

    docker pull nginx:1.21.6

  • 宿主机创建配置目录

    mkdir -p /opt/nginx/{conf,log,html,ssl}

  • 启动临时容器,取出配置文件

    docker run --name nginx -p 9001:80 -d nginx:1.21.6
​
docker cp nginx:/etc/nginx/nginx.conf /opt/nginx/conf/nginx.conf
docker cp nginx:/etc/nginx/conf.d /opt/nginx/conf/conf.d
docker cp nginx:/usr/share/nginx/html /opt/nginx/

  • 删除临时容器

    docker stop nginx
docker rm nginx

  • 拷贝证书到目录

    cp /data/ssl.crt /opt/nginx/ssl/
cp /data/ssl.key /opt/nginx/ssl/

  • 修改配置文件

    vim /opt/nginx/conf/conf.d/default.conf
​
server {
    listen          80;
    server_name     domain.xxx.com;
    return 301 https://$server_name$request_uri;
}


server {
    listen         443 ssl;
    server_name    domain.xxx.com;
​
    ssl_certificate         /etc/nginx/ssl/gitlab.crt;
    ssl_certificate_key     /etc/nginx/ssl/gitlab.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
​
    location / {
        proxy_pass  http://172.16.1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

  • 启动容器

    docker run -p 443:443 --name nginx \
-v /opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/nginx/conf/conf.d:/etc/nginx/conf.d \
-v /opt/nginx/log:/var/log/nginx \
-v /opt/nginx/html:/usr/share/nginx/html \
-v /opt/nginx/ssl:/etc/nginx/ssl/ \
-d --restart=always \
--privileged=true \
nginx:1.21.6

  • 刷新配置

    docker exec nginx nginx -s reload