Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ 功能] 补充一个https的配置 #728

Open
lijiachang opened this issue Jul 4, 2024 · 0 comments
Open

[ 功能] 补充一个https的配置 #728

lijiachang opened this issue Jul 4, 2024 · 0 comments

Comments

@lijiachang
Copy link

docker-compose.yml
增加证书文件映射

  nginx:
    restart: always
    image: nginx:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./bin/nginx.conf:/etc/nginx/nginx.conf
      - ./collectedstatic:/code/djangoblog/collectedstatic
      - /opt/fullchain.pem:/etc/nginx/ssl/fullchain.pem
      - /opt/privkey.pem:/etc/nginx/ssl/privkey.pem
    links:
      - djangoblog:djangoblog
    container_name: nginx

修改NGINX配置

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    server {
        listen 80;
        server_name xxx.com;  # 替换为您的域名
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl;
        server_name xxx.com;  # 替换为您的域名

        ssl_certificate /etc/nginx/ssl/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/privkey.pem;

        # SSL 参数(可选,但推荐)
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

        root /code/djangoblog/collectedstatic/;
        keepalive_timeout 70;

        location /static/ {
            expires max;
            alias /code/djangoblog/collectedstatic/;
        }

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_redirect off;
            if (!-f $request_filename) {
                proxy_pass http://djangoblog:8000;
                break;
            }
        }
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lijiachang