跳转到主要内容

开启 HTTPS 服务

以下所指目录的相对目录为 docker
如果需要为本系统开启 HTTPS 服务,可以通过以下配置做到:
  • 获取证书文件,将证书文件放到 volumes/webapp/ssl 目录下,文件名分别为 server.crtserver.key
  • 将自定义 Nginx 配置文件放到 volumes/webapp/conf 目录下,文件名为 nginx.conf,配置如下 
    user  nginx;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections 1024;
}

http {
  include /etc/nginx/mime.types;
  
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  #gzip  on;

  upstream api {
    server api:3000;
  }

  server {
    listen              80;
    listen              443 ssl;
    ssl_certificate     /webapp/ssl/server.crt;
    ssl_certificate_key /webapp/ssl/server.key;

    location / {
      root /srv/pangolin;
      try_files $uri $uri/ /index.html;
    }

    location /socket.io/ {
      proxy_pass http://api;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
    location /api/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
      proxy_connect_timeout       5s;
      proxy_read_timeout          600s;
    }
    location /public/ {
      proxy_pass http://api;
      proxy_set_header Host $http_host;
      proxy_connect_timeout       5s;
      proxy_read_timeout          30s;
    }
  }
}
  • 指定 nginx 配置文件:修改 command: ['nginx', '-g', 'daemon off;'] 改为 command: ['nginx', '-g', 'daemon off;', '-c', '/webapp/conf/nginx.conf']
  • 修改 ports 配置开启 443 端口:- "443:443"
  • 修改 .env 文件中的 API_BASE_URL//your.domain
  • 修改 .env 文件中的 WEBAPP_PORT443,如果想要两个(80/443)都启用则去掉此变量即可。
重新启动服务即可。 更多技术详情请参考 Enable HTTPS - [Xpert wiki]