日常测试环境https突然挂了,排查了发现部分docker镜像没有带测试的https证书且nginx没有开启https支持。所以在应用中统一配置。
基础镜像各种版本,日常机器各类镜像配置都不一样,太难了。
nginx-proxy.conf 配置中原本只支持http
1
2
3
4
5
6
7
8
| server {
listen 80 default_server;
server_name www.xxx.com;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:7001;
}
}
|
在此配置上面增加
nginx的配置目录conf中新增ssl目录,把证书daily.crt 与 daily.key 文件放进去,同时建立ssl.conf配置文件,内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| server {
listen 443;
server_name _;
client_max_body_size 100M;
ssl on;
ssl_certificate /home/admin/cai/conf/ssl/daily.crt;
ssl_certificate_key /home/admin/cai/conf/ssl/daily.key;
ssl_session_timeout 5m;
ssl_session_cache shared:NXSSL:256M;
ssl_ciphers RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Web-Server-Type nginx;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header EagleEye-TraceId $eagleeye_traceid;
add_header EagleEye-TraceId-daily $eagleeye_traceid;
proxy_set_header X-Client-Scheme $scheme;
trans off;
location / {
proxy_pass http://127.0.0.1:80;
}
}
|
因为证书已经无效了,需要手动先允许一下才能使用。