Docker nginx + https subdomain configuration detailed tutorial

Today I happened to be helping a friend move his server, so I configured the basic equipment of the server, but encountered some problems during the configuration. It turns out that the current Google Chrome / Safari will forcibly convert http to https.

At first, I didn’t know what was going on and reset the domain name records. Moreover, when pinging, the domain name can be successfully resolved to the server address. Therefore, I turned my attention to the process of http -> https. I used WeChat's built-in browser and found that it was possible to access the http domain name. So set up the certificate.

The certificate I use here is also free acme.sh, which can be found on github. Let’s download it first.

curl https://get.acme.sh | sh

Then reload bash

source ~/.bashrc

At this time, you can enter acme.sh --help to see the relevant output clearly.

Configure acme

After the installation is complete, we start to produce certificates. Here we directly use the DNS API to complete domain name verification and other operations.

For details, please see dnsapi

Suppose I take godady as an example

First set the key and secret in the terminal configuration file (obtained from the service provider)

export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export GD_Secret="asdfsdfsdfsdfdfsdf"

Next, we directly enter the command

acme.sh --issue --dns dns_gd -d demo.com -d *.demo.com

A certificate file will be generated here. Usually it is saved in /root/.acme.sh/xxx.com/xxx.com.cer.

In order to facilitate the maintenance of our docker volume, we recreate a folder to store these certificates

mkdir /opt/www/nginx/ssl

Enter the command again to put the certificate in the ssl directory

acme.sh --install-cert -d demo.com \
--key-file /opt/www/nginx/ssl/demo.com.key \
--fullchain-file /opt/www/nginx/ssl/demo.com.crt\

At this time you can see two files under /opt/www/nginx/ssl

At this point, the configuration of the domain name certificate is complete. Then we configure docker-compose.yml

Creating containers using docker-compose

version: '3.5'
services:
 app:
  image: nginx:1.19.8
  ports:
   - 80:80
   -443:443
  volumes:
   - ./conf/nginx.conf:/etc/nginx/nginx.conf # Configuration file - /opt/www:/opt/www # Project directory - /opt/www/nginx/ssl:/opt/www/ssl # Certificate file restart: always
networks:
 default:
  name: default-network

After writing the yml file, let's configure nginx. Before configuring nginx settings, we must first configure the key exchange file DHE parameter file

openssl dhparam -out /opt/www/nginx/ssl/dhparam.pem 2048

Then I configure /.well-known/acme-challenge . This directory must be accessed by let's encrypt so we must configure this directory first.

First create a directory mkdir /opt/www/letsencrypt and then configure the following server in the nginx configuration file

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    location /.well-known/acme-challenge {
        root /opt/www/letsencrypt;
    }

    location / {
        return 301 https://$host$request_uri;
    }
 }

The above configuration redirects all http requests to https.

Then we configure our own domain name,

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    server_name demo.com;

    root /opt/www/html;
    index index.html index.htm index.php;

   # Diffie-Hellman key exchange ssl_dhparam /opt/www/ssl/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;


    #Certificate file ssl_certificate /opt/www/ssl/demo.com.crt;
    ssl_certificate_key /opt/www/ssl/demo.com.key;

    # Enable HSTS Preload support add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    access_log /var/log/nginx/demo.com.access.log;
    error_log /var/log/nginx/demo.com.error.log;
 }

If there are subdomains that need to be configured, just copy the above configuration and modify these locations. Other configurations can remain unchanged. The domain name service provider also needs to add an A record

server {
    listen 443 ssl http2; #Note that there is no default server here 
    listen [::]:443 ssl http2; #Note that there is no default server here

    server_name example.demo.com; #Subdomain access_log /var/log/nginx/example.demo.com.access.log;
    error_log /var/log/nginx/example.demo.com.error.log;
 }

The final nginx conf is:

events {
worker_connections 1024;
}

http {
 include mime.types;
 default_type application/octet-stream;

 sendfile on;

 keepalive_timeout 300;
 
 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    location /.well-known/acme-challenge {
        root /opt/www/letsencrypt;
    }

    location / {
        return 301 https://$host$request_uri;
    }
 }
 
 server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    server_name demo.com;

    root /opt/www/html;
    index index.html index.htm index.php;

   # Diffie-Hellman key exchange ssl_dhparam /opt/www/ssl/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;


    #Certificate file ssl_certificate /opt/www/ssl/demo.com.crt;
    ssl_certificate_key /opt/www/ssl/demo.com.key;

    # Enable HSTS Preload support add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    access_log /var/log/nginx/demo.com.access.log;
    error_log /var/log/nginx/demo.com.error.log;
 }

}

At this point our configuration is basically complete.

Now just run the command

docker-compose -f docker-compose.yml up -d

You can complete the +https multi-domain name configuration of nginx in docker

This is the end of this article about the detailed tutorial on docker nginx + https subdomain configuration. For more relevant docker nginx https configuration content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Use Docker to install Nginx and configure port forwarding problems and solutions
Docker deploys Nginx and configures reverse proxy
Start nginxssl configuration based on docker
How to deploy nginx with Docker and modify the configuration file
nginx automatically generates configuration files in docker container
Detailed explanation of nginx plug-in configuration and files under Docker

<<: JavaScript implements div mouse drag effect

>>: Summarize some general principles of web design and production

Thoroughly understand JavaScript prototype and prototype chain

Docker nginx + https subdomain configuration detailed tutorial

Configure acme

Thoroughly understand JavaScript prototype and prototype chain

HTML iframe usage summary collection

Linux remote login implementation tutorial analysis

CSS solution for centering elements with variable width and height

Writing tab effects with JS

HTML realizes real-time monitoring function of Hikvision camera

8 powerful techniques for HTML web page creation

Two methods to implement MySQL group counting and range aggregation

Element with selection table to change the check box in the header into text implementation code

5 Commands to Use the Calculator in Linux Command Line

Recommend

Solution to secure-file-priv problem when exporting MySQL data

HTML tag overflow processing application

Summary of Ubuntu backup methods (four types)

Usage and description of HTML tag tbody

Detailed explanation of data transmission between React parent components and child components

Practice of realizing Echarts chart width and height adaptation in Vue

JS realizes the automatic playback effect of pictures

Two ways to clear float in HTML

Recommend 60 paging cases and good practices

Detailed configuration of Nginx supporting both Http and Https

Linux server SSH cracking prevention method (recommended)

Differences and usage examples of for, for...in, for...of and forEach in JS

JavaScript to achieve stair rolling special effects (jQuery implementation)

Detailed explanation of Web front-end performance optimization: resource merging and compression

Solve the problem of using less in Vue