[Nginx]转发docker中的网站

使用docker搭建的网站监听3000端口,如果需要让用户通过80/443端口访问就需要NGINX做转发,配置文件可以这样写

server {
  listen              443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate     /root/.acme.sh/404space.net/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/404space.net/*.404space.net.key;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  server_name 404space.net;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  # OCSP Stapling ---
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  location / {
    proxy_pass http://localhost:3000;
    proxy_set_header        X-Real-IP       remote_addr;
    proxy_set_header        X-Forwarded-Forproxy_add_x_forwarded_for;
    proxy_set_header        Host            http_x_forwarded_host;
    proxy_set_header        X-Forwarded-Hosthttp_x_forwarded_host;
    proxy_set_header        X-Forwarded-Server http_x_forwarded_host;
    proxy_set_header        X-Forwarded-Protoscheme;
  }
}

server {
  listen 80;
  listen [::]:80;
  server_name 404space.net www.404space.net;

  location / {
    return 301 https://hostrequest_uri;
  }
} 

其中80部分设置了301转发。这样可以强制用户访问安全的https

《[Nginx]转发docker中的网站》上有1条评论

发表评论

电子邮件地址不会被公开。 必填项已用*标注