Skip to content

docker证书自动续期

简介

我们以 nginx官方镜像 为基础,制作了集成httpsok的 nginx自动续签镜像

快速开始

设置环境变量:HTTPSOK_TOKEN,从 httpsok.com 控制台获取(点击【复制脚本】按钮)

yaml
services:

  httpsok-nginx:
    container_name: httpsok-nginx
    image: httpsok/nginx:1.28.0-alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./html:/var/html/
      - ./certs:/etc/nginx/certs
    environment:
      - TZ=Asia/Shanghai
      # 设置TOKEN,从httpsok.com 控制台获取
      - HTTPSOK_TOKEN=
bash
httpsok/nginx:1.28.0-alpine
httpsok/nginx:1.28.0
httpsok/nginx:1.27.5-alpine
httpsok/nginx:1.27.5
httpsok/nginx:1.26.2-alpine
httpsok/nginx:1.26.2
httpsok/nginx:1.25.5-alpine
httpsok/nginx:1.25.5
httpsok/nginx:1.24.0-alpine
httpsok/nginx:1.24.0

完整示例

如果您是技术老手,此部分可以忽略。

1.下载示例

demo.tar.gz

示例说明
bash
├── compose.yml
├── conf.d
│   └── local.httpsok.com.conf  `推荐一个站点一个配置文件`
└── html
    └── local.httpsok.com
        └── index.html
yaml
services:

  httpsok-nginx:
    container_name: httpsok-nginx
    image: httpsok/nginx:1.28.0-alpine
#    image: httpsok/nginx:1.28.0
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./html:/var/html/
      - ./certs:/etc/nginx/certs
    environment:
      - TZ=Asia/Shanghai
      # 设置TOKEN,从httpsok.com 控制台获取
      - HTTPSOK_TOKEN=
bash
server {
    listen  80;
    listen  443 ssl;

    # 这里的 local.httpsok.com 请替换成你的域名
    server_name local.httpsok.com;

    # 80跳转到443
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }

    # 设置ssl证书文件路径
    ssl_certificate certs/local.httpsok.com.pem;
    ssl_certificate_key certs/local.httpsok.com.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";

    # 访问日志
    access_log /var/log/nginx/local.httpsok.com.https.log;

    location / {
        root /var/html/local.httpsok.com/;
        index index.html;
    }
}

2.启动容器

bash
docker-compose up

看到这个说明启动成功了

image-20250917021227665

3.浏览器访问

https://local.httpsok.com

此时可以看到浏览器地址栏的小锁图标正常显示

image-20250917021634188

4.更换自己的Token和域名

  • 登录 https://httpsok.com 获取token,并替换掉 compose.yml 文件中的 HTTPSOK_TOKEN
  • 参考示例模板,修改自己的nginx站点配置即可,相信这个已经难不倒你了。