[Nginx]转发docker中的网站

发布于 2018-08-09  59 次阅读


使用docker搭建的网站监听3000端口,如果需要让用户通过80/443端口访问就需要NGINX做转发,配置文件可以这样写

server {
  listen              443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate     /root/.acme.sh/404space.net/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/404space.net/*.404space.net.key;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  server_name 404space.net;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  location / {
    proxy_pass http://localhost:3000;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Host            $http_x_forwarded_host;
    proxy_set_header        X-Forwarded-Host $http_x_forwarded_host;
    proxy_set_header        X-Forwarded-Server $http_x_forwarded_host;
    proxy_set_header        X-Forwarded-Proto $scheme;
  }
}

server {
  listen 80;
  listen [::]:80;
  server_name 404space.net www.404space.net;

  location / {
    return 301 https://$host$request_uri;
  }
} 

其中80部分设置了301转发。这样可以强制用户访问安全的https