Docker部署Nginx HTTPS服务的实现步骤
<div id="navCategory"><h5 class="catalogue">目录</h5><ul class="first_class_ul"><li><a href="#_label0">一、文档说明</a></li><ul class="second_class_ul"><li><a href="#_lab2_0_0">1.1 适用环境</a></li><li><a href="#_lab2_0_1">1.2 最终效果</a></li></ul><li><a href="#_label1">二、详细部署步骤</a></li><ul class="second_class_ul"><li><a href="#_lab2_1_2">步骤1:环境检查与基础准备</a></li><ul class="third_class_ul"><li><a href="#_label3_1_2_0">1.1 检查用户权限(必须 root)</a></li><li><a href="#_label3_1_2_1">1.2 安装基础工具(解决依赖)</a></li><li><a href="#_label3_1_2_2">1.3 检查端口可用性(80/443 必须空闲)</a></li></ul><li><a href="#_lab2_1_3">步骤2:创建工作目录(统一管理资源)</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_1_4">步骤3:生成 SSL 自签名证书</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_1_5">步骤4:编写 Nginx HTTPS 配置文件</a></li><ul class="third_class_ul"><li><a href="#_label3_1_5_3">4.1 创建配置文件</a></li><li><a href="#_label3_1_5_4">4.2 粘贴完整配置(含 UTF-8 编码,解决中文乱码)</a></li><li><a href="#_label3_1_5_5">4.3 验证配置语法(关键:挂载证书目录验证)</a></li></ul><li><a href="#_lab2_1_6">步骤5:创建测试页面(解决中文乱码)</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_1_7">步骤6:启动 Nginx 容器</a></li><ul class="third_class_ul"><li><a href="#_label3_1_7_6">6.1 清理旧容器(避免冲突)</a></li><li><a href="#_label3_1_7_7">6.2 启动新容器(完整挂载所有目录)</a></li><li><a href="#_label3_1_7_8">6.3 验证容器启动状态</a></li></ul></ul><li><a href="#_label2">三、验证部署结果</a></li><ul class="second_class_ul"><li><a href="#_lab2_2_8">3.1 命令行验证</a></li><ul class="third_class_ul"><li><a href="#_label3_2_8_9">3.1.1 验证 HTTP 自动跳转</a></li><li><a href="#_label3_2_8_10">3.1.2 验证 HTTPS 访问(忽略自签名证书)</a></li></ul><li><a href="#_lab2_2_9">3.2 浏览器验证</a></li><ul class="third_class_ul"></ul></ul><li><a href="#_label3">四、常见问题排查</a></li><ul class="second_class_ul"><li><a href="#_lab2_3_10">4.1 镜像检测失败</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_3_11">4.2 证书文件不存在</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_3_12">4.3 中文乱码</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_3_13">4.4 端口占用</a></li><ul class="third_class_ul"></ul></ul><li><a href="#_label4">五、日常运维命令</a></li><ul class="second_class_ul"><li><a href="#_lab2_4_14">5.1 容器启停/重启</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_4_15">5.2 查看日志</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_4_16">5.3 修改配置后生效</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_4_17">5.4 删除容器(如需重装)</a></li><ul class="third_class_ul"></ul></ul></ul></div><p class="maodian"><a name="_label0"></a></p><h2>一、文档说明</h2><p class="maodian"><a name="_lab2_0_0"></a></p><h3>1.1 适用环境</h3>
<ul><li>操作系统:CentOS 7(64位)</li><li>核心目标:基于 Docker 部署 Nginx 服务,实现 HTTP 自动跳转 HTTPS,解决中文乱码、证书挂载、镜像检测等问题</li><li>前置条件:服务器以 root 用户登录,且能访问外网(已手动拉取 <code>nginx:1.21</code> 镜像)</li></ul>
<p class="maodian"><a name="_lab2_0_1"></a></p><h3>1.2 最终效果</h3>
<ul><li>访问 <code>http://192.168.10.110</code> 自动跳转至 <code>https://192.168.10.110</code></li><li>HTTPS 页面正常显示中文,无乱码</li><li>Nginx 容器开机自启,配置/证书/日志持久化存储</li></ul>
<p class="maodian"><a name="_label1"></a></p><h2>二、详细部署步骤</h2>
<p class="maodian"><a name="_lab2_1_2"></a></p><h3>步骤1:环境检查与基础准备</h3>
<p class="maodian"><a name="_label3_1_2_0"></a></p><h4>1.1 检查用户权限(必须 root)</h4>
<div class="jb51code"><pre class="brush:bash;"># 验证当前用户是否为 root
id -u
# 输出 0 表示为 root 用户,否则切换 root:su root
</pre></div>
<p class="maodian"><a name="_label3_1_2_1"></a></p><h4>1.2 安装基础工具(解决依赖)</h4>
<div class="jb51code"><pre class="brush:bash;"># 安装 lsof(端口检测)、openssl(证书生成)等工具
yum install -y lsof openssl net-tools wget curl &>/dev/null
</pre></div>
<p class="maodian"><a name="_label3_1_2_2"></a></p><h4>1.3 检查端口可用性(80/443 必须空闲)</h4>
<div class="jb51code"><pre class="brush:bash;"># 检查 80 端口
lsof -i:80
# 检查 443 端口
lsof -i:443
# 若端口被占用,关闭占用进程(示例:关闭 80 端口占用进程)
kill -9 $(lsof -t -i:80)
</pre></div>
<p class="maodian"><a name="_lab2_1_3"></a></p><h3>步骤2:创建工作目录(统一管理资源)</h3>
<div class="jb51code"><pre class="brush:bash;"># 创建核心目录(配置/证书/页面/日志)
mkdir -p /opt/nginx-https/{conf,cert,wwwroot,logs}
# 设置目录权限(避免容器挂载后权限不足)
chmod -R 755 /opt/nginx-https
</pre></div>
<p class="maodian"><a name="_lab2_1_4"></a></p><h3>步骤3:生成 SSL 自签名证书</h3>
<div class="jb51code"><pre class="brush:bash;"># 进入证书目录
cd /opt/nginx-https/cert
# 1. 生成 2048 位私钥(无密码)
openssl genrsa -out nginx.key 2048 &>/dev/null
# 2. 生成证书请求文件(无交互,适配主机 IP)
openssl req -new -key nginx.key -out nginx.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=Test/OU=IT/CN=192.168.10.110" &>/dev/null
# 3. 生成自签名证书(有效期 365 天)
openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt &>/dev/null
# 4. 验证证书文件(必须存在 nginx.key 和 nginx.crt)
ls -l /opt/nginx-https/cert/
# 输出如下则成功:
# -rw-r--r-- 1 root root 1027 12月 28 23:00 nginx.crt
# -rw-r--r-- 1 root root 1086 12月 28 23:00 nginx.csr
# -rw-r--r-- 1 root root 1675 12月 28 23:00 nginx.key
# 5. 设置证书权限(Nginx 需读取权限)
chmod 644 /opt/nginx-https/cert/nginx.key /opt/nginx-https/cert/nginx.crt
</pre></div>
<p class="maodian"><a name="_lab2_1_5"></a></p><h3>步骤4:编写 Nginx HTTPS 配置文件</h3>
<p class="maodian"><a name="_label3_1_5_3"></a></p><h4>4.1 创建配置文件</h4>
<div class="jb51code"><pre class="brush:bash;">vim /opt/nginx-https/conf/nginx.conf
</pre></div>
<p class="maodian"><a name="_label3_1_5_4"></a></p><h4>4.2 粘贴完整配置(含 UTF-8 编码,解决中文乱码)</h4>
<div class="jb51code"><pre class="brush:bash;">worker_processes1;
error_log/var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections1024;
}
http {
# 核心:解决中文乱码,全局指定 UTF-8 编码
charset utf-8;
include /etc/nginx/mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log/var/log/nginx/access.logmain;
sendfile on;
keepalive_timeout65;
# HTTP 服务:自动跳转 HTTPS
server {
listen 80;
server_name192.168.10.110;
return 301 https://$host$request_uri;
}
# HTTPS 核心配置
server {
listen 443 ssl;
server_name192.168.10.110;
# 证书挂载路径(容器内路径,对应宿主机 /opt/nginx-https/cert)
ssl_certificate /etc/nginx/cert/nginx.crt;
ssl_certificate_key/etc/nginx/cert/nginx.key;
# SSL 优化配置
ssl_session_cache shared:SSL:1m;
ssl_session_timeout5m;
ssl_ciphersHIGH:!aNULL:!MD5;
ssl_prefer_server_cipherson;
# 静态页面目录(挂载宿主机 /opt/nginx-https/wwwroot)
location / {
root /usr/share/nginx/html;
indexindex.html index.htm;
}
# 错误页面配置
error_page 500 502 503 504/50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
</pre></div>
<p class="maodian"><a name="_label3_1_5_5"></a></p><h4>4.3 验证配置语法(关键:挂载证书目录验证)</h4>
<div class="jb51code"><pre class="brush:bash;"># 用容器内 Nginx 验证配置(同时挂载配置和证书目录)
docker run --rm \
-v /opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/nginx-https/cert:/etc/nginx/cert \
nginx:1.21 nginx -t
# 输出如下则配置正确:
# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# nginx: configuration file /etc/nginx/nginx.conf test is successful
</pre></div>
<p class="maodian"><a name="_lab2_1_6"></a></p><h3>步骤5:创建测试页面(解决中文乱码)</h3>
<div class="jb51code"><pre class="brush:bash;"># 编辑测试页面,指定 UTF-8 编码
vim /opt/nginx-https/wwwroot/index.html
</pre></div>
<p>粘贴以下内容:</p>
<div class="jb51code"><pre class="brush:xhtml;"><!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<h1>Nginx HTTPS 部署成功!</h1>
<p>主机IP:192.168.10.110</p>
</body>
</html>
</pre></div>
<p>设置页面权限:</p>
<div class="jb51code"><pre class="brush:bash;">chmod 644 /opt/nginx-https/wwwroot/index.html
</pre></div>
<p class="maodian"><a name="_lab2_1_7"></a></p><h3>步骤6:启动 Nginx 容器</h3>
<p class="maodian"><a name="_label3_1_7_6"></a></p><h4>6.1 清理旧容器(避免冲突)</h4>
<div class="jb51code"><pre class="brush:bash;"># 停止并删除同名旧容器(若存在)
docker stop nginx-https &>/dev/null
docker rm nginx-https &>/dev/null
</pre></div>
<p class="maodian"><a name="_label3_1_7_7"></a></p><h4>6.2 启动新容器(完整挂载所有目录)</h4>
<div class="jb51code"><pre class="brush:bash;">docker run -d \
--name nginx-https \
--privileged=true \
-p 80:80 \
-p 443:443 \
-v /opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/nginx-https/cert:/etc/nginx/cert \
-v /opt/nginx-https/wwwroot:/usr/share/nginx/html \
-v /opt/nginx-https/logs:/var/log/nginx \
--restart=always \
nginx:1.21
</pre></div>
<p>参数说明:</p>
<table><thead><tr><th>参数</th><th>作用</th></tr></thead><tbody><tr><td>--name nginx-https</td><td>容器命名为 nginx-https</td></tr><tr><td>--privileged=true</td><td>提升容器权限,解决挂载目录权限不足问题</td></tr><tr><td>-p 80:80/-p 443:443</td><td>宿主机端口映射到容器端口</td></tr><tr><td>-v 宿主机路径:容器路径</td><td>目录挂载,实现配置/证书/页面/日志持久化(修改宿主机文件无需重建容器)</td></tr><tr><td>--restart=always</td><td>容器随 Docker 开机自启</td></tr></tbody></table>
<p class="maodian"><a name="_label3_1_7_8"></a></p><h4>6.3 验证容器启动状态</h4>
<div class="jb51code"><pre class="brush:bash;"># 查看容器是否运行(状态为 Up 则成功)
docker ps | grep nginx-https
# 输出示例:
# abc123456789 nginx:1.21 "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-https
</pre></div>
<p class="maodian"><a name="_label2"></a></p><h2>三、验证部署结果</h2>
<p class="maodian"><a name="_lab2_2_8"></a></p><h3>3.1 命令行验证</h3>
<p class="maodian"><a name="_label3_2_8_9"></a></p><h4>3.1.1 验证 HTTP 自动跳转</h4>
<div class="jb51code"><pre class="brush:bash;">curl -I http://192.168.10.110
# 输出 301 跳转则成功:
# HTTP/1.1 301 Moved Permanently
# Location: https://192.168.10.110/
</pre></div>
<p class="maodian"><a name="_label3_2_8_10"></a></p><h4>3.1.2 验证 HTTPS 访问(忽略自签名证书)</h4>
<div class="jb51code"><pre class="brush:bash;">curl -k https://192.168.10.110
# 输出测试页面 HTML 内容则成功(无乱码)
</pre></div>
<p class="maodian"><a name="_lab2_2_9"></a></p><h3>3.2 浏览器验证</h3>
<ol><li>打开浏览器,访问 <code>https://192.168.10.110</code>;</li><li>忽略“不安全连接”警告(自签名证书正常现象);</li><li>页面显示“Nginx HTTPS 部署成功!主机IP:192.168.10.110”,中文无乱码则完成。<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202601/2026010908552641.png" /></p></li></ol>
<p class="maodian"><a name="_label3"></a></p><h2>四、常见问题排查</h2>
<p class="maodian"><a name="_lab2_3_10"></a></p><h3>4.1 镜像检测失败</h3>
<p><strong>现象</strong>:提示“nginx:1.21 镜像不存在”,但已拉取;<br /><strong>解决</strong>:用格式化命令验证镜像:</p>
<div class="jb51code"><pre class="brush:bash;">docker images --format "{{.Repository}}:{{.Tag}}" | grep nginx:1.21
# 输出 nginx:1.21 则镜像存在,重新执行启动命令即可
</pre></div>
<p class="maodian"><a name="_lab2_3_11"></a></p><h3>4.2 证书文件不存在</h3>
<p><strong>现象</strong>:Nginx 配置测试提示“cannot load certificate”;<br /><strong>解决</strong>:</p>
<div class="jb51code"><pre class="brush:bash;"># 检查证书文件是否存在
ls -l /opt/nginx-https/cert/
# 重新生成证书(步骤3),确保 nginx.key 和 nginx.crt 存在
</pre></div>
<p class="maodian"><a name="_lab2_3_12"></a></p><h3>4.3 中文乱码</h3>
<p><strong>现象</strong>:页面中文显示为方框/乱码;<br /><strong>解决</strong>:</p>
<ol><li>确认测试页面添加 <code><meta charset="UTF-8"></code>;</li><li>确认 Nginx 配置 <code>http</code> 块内添加 <code>charset utf-8</code>;</li><li>重启容器:<code>docker restart nginx-https</code>。</li></ol>
<p class="maodian"><a name="_lab2_3_13"></a></p><h3>4.4 端口占用</h3>
<p><strong>现象</strong>:容器启动失败,提示端口被占用;<br /><strong>解决</strong>:</p>
<div class="jb51code"><pre class="brush:bash;"># 查找占用端口的进程
lsof -i:80
# 关闭进程(示例)
kill -9 $(lsof -t -i:80)
</pre></div>
<p class="maodian"><a name="_label4"></a></p><h2>五、日常运维命令</h2>
<p class="maodian"><a name="_lab2_4_14"></a></p><h3>5.1 容器启停/重启</h3>
<div class="jb51code"><pre class="brush:bash;"># 启动
docker start nginx-https
# 停止
docker stop nginx-https
# 重启(配置修改后生效)
docker restart nginx-https
</pre></div>
<p class="maodian"><a name="_lab2_4_15"></a></p><h3>5.2 查看日志</h3>
<div class="jb51code"><pre class="brush:bash;"># 查看容器启动日志
docker logs nginx-https
# 查看 Nginx 访问日志
cat /opt/nginx-https/logs/access.log
# 查看 Nginx 错误日志
cat /opt/nginx-https/logs/error.log
</pre></div>
<p class="maodian"><a name="_lab2_4_16"></a></p><h3>5.3 修改配置后生效</h3>
<div class="jb51code"><pre class="brush:bash;"># 1. 修改宿主机配置文件
vim /opt/nginx-https/conf/nginx.conf
# 2. 验证配置语法
docker run --rm -v /opt/nginx-https/conf/nginx.conf:/etc/nginx/nginx.conf -v /opt/nginx-https/cert:/etc/nginx/cert nginx:1.21 nginx -t
# 3. 重启容器
docker restart nginx-https
</pre></div>
<p class="maodian"><a name="_lab2_4_17"></a></p><h3>5.4 删除容器(如需重装)</h3>
<div class="jb51code"><pre class="brush:bash;">docker stop nginx-https && docker rm nginx-https
# 可选:删除工作目录(谨慎操作)
rm -rf /opt/nginx-https
</pre></div>
<p>到此这篇关于Docker部署Nginx HTTPS服务的实现步骤的文章就介绍到这了,更多相关Docker部署Nginx HTTPS服务内容请搜索琼殿技术社区以前的文章或继续浏览下面的相关文章希望大家以后多多支持琼殿技术社区!</p>
頁:
[1]