docker builds the front and back end separation project to deploy https to the Internet server through Nginx

Keywords: Nginx Docker Database SSL

1: Project preparation:

1. Install docker and docker compose (the project is deployed through docker)

2. The project can be deployed successfully in the Intranet

3. Write docker compose file and log in docker

Two: Implementation

1. Docker compose create; docker compose start start project

2. Permission problem: after the deployment, the database cannot be connected because the port of the server is not open (the default port is 3306). You can open the required port at one time (how to open, baidu understands).

3. After the port is opened, you can use Navicat for mysql to connect to the database, copy the tables of the local database to the external database (you can also use other methods, such as copy database to the database directory, but not recommended); and view the permissions of the database account.

4. Create a network, docker network xxxxx; enter the docker container, docker exec -it container name bash; view the IP address of the container, docker inspect (container name).

5. To deploy to the Internet, you need a domain name, so,

The first step is to apply for a domain name, jump to Alibaba cloud server, find the domain name... And choose to resolve (these can go to Baidu, which are all available, not to elaborate)

How to bind the domain name server: https://blog.csdn.net/rentian1/article/details/95593787

How to add a prefix to a domain name: https://jingyan.baidu.com/article/f71d60373687ba5ab641d1fa.html

6. How to turn HTTP into https is easy to operate. It is to generate a certificate and add the certificate to the server. In fact, https=http+ssl; httpshui encrypts the message (after https interface test, you should know that your direct access is wrong and you need to upload a certificate); for details, you can learn https://segmentfault.com/a/1190000018992153

Certificate generation: https://freessl.cn/ (it seems that the free certificate can only last for 90 days)

7. Operate in the server console, and finally generate the certificate

 

8. Configure Nginx

Don't understand can leave a message to ask, suggest oneself try a few waves more, after all, have omnipotent Baidu

user  nginx;
worker_processes  1;

error_log  /data/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /data/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
	
	server {
	listen       80;
	server_name  Front-end domain name;
	location /{
		#The domain name configured here must be the same as the domain name of upstream before forwarding.
		proxy_pass http://Container name: 80;
		proxy_set_header Host $host:$server_port;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_connect_timeout       5;
		proxy_read_timeout          60;
		proxy_send_timeout          5;
		#auth_basic "Restricted"; 
		#auth_basic_user_file htpasswd; 			
	}
	
	#error_page  404              /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   html;
		}
	}
	server {
    	listen 443 ssl;
    	server_name Front-end domain name;
    	#ssl on;
    	root html;
    	index index.html index.htm;
		ssl_certificate	/etc/nginx/cert/yq_chain.crt;  certificate
		ssl_certificate_key	/etc/nginx/cert/yq_key.key; certificate
    	ssl_session_timeout 5m;
    	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    	ssl_prefer_server_ciphers on;
	    location / {
    		proxy_set_header  Host Front-end domain name;
    		proxy_pass http://Container name: 80;
    		#proxy_intercept_errors on;
    		#error_page 301 302 307 = @handle_redirect;
    	}
    }
	server {
	listen       80;
	server_name  Background domain name;
	location /{
		#The domain name configured here must be the same as the domain name of upstream before forwarding.
		proxy_pass http://Vessel name: 8080;
		proxy_set_header Host $host:$server_port;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_connect_timeout       5;
		proxy_read_timeout          60;
		proxy_send_timeout          5;
		#auth_basic "Restricted"; 
		#auth_basic_user_file htpasswd; 			
	}
	
	#error_page  404              /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   html;
		}
	}
	server {
    listen 		443 ssl;
    server_name Background domain name;
    #ssl on;
    root html;
    index index.html index.htm;
	ssl_certificate	/etc/nginx/cert/yqs_chain.crt;
	ssl_certificate_key	/etc/nginx/cert/yqs_key.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
		    location / {
    		proxy_set_header  Host Backend domain name;
    		proxy_pass http://Vessel name: 8080;
    		#proxy_intercept_errors on;
    		#error_page 301 302 307 = @handle_redirect;
    	}
	
    }
}

 

9. Enter the front-end domain name to access, indicating the successful construction.

Published 14 original articles, won praise 17, visited 20000+
Private letter follow

Posted by jdiver on Wed, 19 Feb 2020 00:07:55 -0800

Hot Keywords

©2024 Programmer Group