current position:Home>Create Nginx docker container reverse proxy https

Create Nginx docker container reverse proxy https

2022-08-06 18:32:11why why

Nginx A reverse proxy makes it easy to implement server network configuration,本文记录使用 Nginx The container does a reverse proxy https 服务的方法.



Let me introduce my current experimental environment,Comrades with similar needs and environments can refer to my operating procedures

  • The machine has been deployed in IP:Port of a web server
  • 服务器没有配置 https,仅提供 http 协议服务
  • 安装好了docker
  • 准备安装 nginx docker
  • 目的:以 https Protocol external reverse proxy local http 服务


创建 Nginx 容器

  • Create a shared folder locally first /share/ssl
docker run --name=nginx -p 9443:443 -d --restart=always -v /share/ssl:/ssl nginx


我是直接在 nginx The certificate created in the container,It is also possible to generate imports into the container on the server

A self-signed certificate will prompt you that the certificate is not approved when you log in to the websiteCA信任,It needs to be manually added to the list of locally trusted certificates It needs to be generated for easier accessCA证书 In fact I didn't manage to generate it myself,最终使用的SSL证书是在Baidu Smart Cloud Application

  • 获取 server_private.key, server.crt 文件
  • 将证书放在 /ssl 文件夹中
:/ssl# ls
ca.csr  ca.key  ca_public.crt  server.crt  server.csr  server_private.key  server_public.pem

Nginx 配置

  • /etc/nginx/conf.d 文件夹中创建配置文件 test.conf
server {
    listen       443 ssl;
    listen  [::]:443 ssl;
    # server_name localhost;

    ssl_certificate     /ssl/key1/server.crt; 
    ssl_certificate_key /ssl/key1/server.key;

    location / {
                    proxy_set_header    X-FORWARDED-FOR $remote_addr;
                    proxy_set_header    X-FORWARDED-PROTO $scheme;
                    proxy_set_header    Host   $http_host;

  • 配置完成后重启 nginx 服务
service nginx reload
  • After the configuration is complete, you can check whether the configuration is successful

If there is an error, it will prompt after the command is entered

  • newer kernel Linux 发行版要求密钥长度最少2048位,1024位的可能报错
SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small


  • 访问 本机 IP:9443 端口
  • The address can only start with https 协议访问
  • https After that, you can see the content of the proxied web page:
  • And if the domain name is not used when registering the certificate Common Name An unsafe prompt will be given
  • After the certificate is configured correctly, it can be accessed normally:


copyright notice
author[why why],Please bring the original link to reprint, thank you.

Random recommended