- 准备https证书(略)
- 准备kubesphere环境并配置成https域名方式访问(略)
- 准备nginx镜像(docker-compose版本)
#docker-compose.yml
version: "3.1"
services:
nginx:
restart: always
image: nginx:1.19.7
ports:
- 80:80
- 443:443
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./nginx.conf:/etc/nginx/nginx.conf
- ./hosts:/etc/hosts
- ./log:/var/log/nginx
- ./ssl:/ssl
- ./data:/data
- 配置default.conf
server {
listen 80;
#=====需要修改=========替换成自己的域名
server_name test.local.yjzhixue.com
#服务器自动把 HTTP 的请求重定向到 HTTPS
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 443 ssl;
#=====需要修改=========替换成自己的域名
server_name test.local.yjzhixue.com;
#=====需要修改=========下面两行替换成自己SSL文件的路径
ssl_certificate /ssl/5885793_test.local.yjzhixue.com.pem;
ssl_certificate_key /ssl/5885793_test.local.yjzhixue.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://test.local.yjzhixue.com:30217;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
注意事项
- 检查443端口是否开启(需要在docker-compose.yml中暴露443端口)
- 检查nginx的配置(https转发到https)
注意:本文归作者所有,未经作者允许,不得转载
