上一节配置了nginx代理二级域名;这里我们讲讲深层次运用
如下场景:
注册好的域名:kaixin.com
现在有 1.http://130.111.122.12:8081
2.https://130.111.122.12:8443
需要在小程序中使用,这里就用到了nginx的反向代理了
目标: 1. http://130.111.122.12:8081绑定到 hh.kaixin.com
2. https://130.111.122.12:8443绑定到 kk.kaixin.com
步骤:
0.下载Let’s Encrypt docker
docker pull quay.io/letsencrypt/letsencrypt:latest
1.领取CA证书
执行前请停掉nginx
docker run --rm -p 80:80 -p 443:443 \
-v /app/nginx_latest/letsencrypt:/etc/letsencrypt \
quay.io/letsencrypt/letsencrypt auth \
--standalone -m [email protected] --agree-tos \
-d hh.kaixin.com
docker run --rm -p 80:80 -p 443:443 \
-v /app/nginx_latest/letsencrypt:/etc/letsencrypt \
quay.io/letsencrypt/letsencrypt auth \
--standalone -m [email protected] --agree-tos \
-d kk.kaixin.com
这里的
/app/nginx_latest/letsencrypt/
是指定在本地存放证书的地方
2.配置nginx
server {
listen 443 ssl;
server_name kk.kaixin.com;
ssl_certificate /etc/letsencrypt/live/kk.kaixin.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kk.kaixin.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
underscores_in_headers on;
location / {
proxy_pass https://130.111.122.12:8443;
}
}
server {
listen 443 ssl;
server_name hh.kaixin.com;
ssl_certificate /etc/letsencrypt/live/hh.kaixin.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hh.kaixin.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
underscores_in_headers on;
location / {
proxy_pass https://130.111.122.12:8081;
}
}
运行nginx:
docker run -p 80:80 -p 443:443 --restart always --name nginx_run -v /app/nginx_justrun/:/etc/nginx/ -v /app/nginx_latest/letsencrypt/:/etc/letsencrypt/ -d nginx
参考 link