docker证书自动续期
简介
我们以 nginx官方镜像 为基础,制作了集成httpsok的 nginx自动续签镜像。
快速开始
设置环境变量:HTTPSOK_TOKEN
,从 httpsok.com 控制台获取(点击【复制脚本】按钮)
yaml
services:
httpsok-nginx:
container_name: httpsok-nginx
image: httpsok/nginx:1.28.0-alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./html:/var/html/
- ./certs:/etc/nginx/certs
environment:
- TZ=Asia/Shanghai
# 设置TOKEN,从httpsok.com 控制台获取
- HTTPSOK_TOKEN=
bash
httpsok/nginx:1.28.0-alpine
httpsok/nginx:1.28.0
httpsok/nginx:1.27.5-alpine
httpsok/nginx:1.27.5
httpsok/nginx:1.26.2-alpine
httpsok/nginx:1.26.2
httpsok/nginx:1.25.5-alpine
httpsok/nginx:1.25.5
httpsok/nginx:1.24.0-alpine
httpsok/nginx:1.24.0
完整示例
如果您是技术老手,此部分可以忽略。
1.下载示例
示例说明
bash
├── compose.yml
├── conf.d
│ └── local.httpsok.com.conf `推荐一个站点一个配置文件`
└── html
└── local.httpsok.com
└── index.html
yaml
services:
httpsok-nginx:
container_name: httpsok-nginx
image: httpsok/nginx:1.28.0-alpine
# image: httpsok/nginx:1.28.0
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./html:/var/html/
- ./certs:/etc/nginx/certs
environment:
- TZ=Asia/Shanghai
# 设置TOKEN,从httpsok.com 控制台获取
- HTTPSOK_TOKEN=
bash
server {
listen 80;
listen 443 ssl;
# 这里的 local.httpsok.com 请替换成你的域名
server_name local.httpsok.com;
# 80跳转到443
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
# 设置ssl证书文件路径
ssl_certificate certs/local.httpsok.com.pem;
ssl_certificate_key certs/local.httpsok.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";
# 访问日志
access_log /var/log/nginx/local.httpsok.com.https.log;
location / {
root /var/html/local.httpsok.com/;
index index.html;
}
}
2.启动容器
bash
docker-compose up
看到这个说明启动成功了
3.浏览器访问
此时可以看到浏览器地址栏的小锁图标正常显示
4.更换自己的Token和域名
- 登录 https://httpsok.com 获取token,并替换掉 compose.yml 文件中的
HTTPSOK_TOKEN
- 参考示例模板,修改自己的nginx站点配置即可,相信这个已经难不倒你了。