resolve

# docker nexus

version: "2"
services:
  nexus3:
    image: nexus3:3.16.1
    container_name: nexus3
    ports:
      - "8081:8081"
    volumes:
      - ./data:/nexus-data
    logging:
      driver: "json-file"
      options:
        max-size: "10k"
        max-file: "10"

启动测试 http://10.0.1.1:8080/ (opens new window) 是否能正常访问

# 添加域名配置(http)

upstream nexus_web {
    server 10.0.1.1:8081;
}

server {
    listen 80;
    server_name nexus.sky.com;
    index index.html index.htm index.php;
    access_log /var/log/nginx/nexus.sky.com.log;
    location /download {
        root /opt/nexus3/data;
    }
    location / {
            proxy_pass http://nexus_web;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            client_max_body_size 512m;
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600;
            proxy_read_timeout 3600;
            proxy_buffering off;
            proxy_request_buffering off;
    }
}

proxy_set_header Host $host:$server_port;

注意端口配置

# ssl 加密(https)

# 生成 ssl 需要的文件

git clone https://github.com/Fishdrowned/ssl.git
cd ssl
./gen.cert.sh nexus.sky.com

# 配置 nginx

upstream nexus_web {
    server 10.0.1.1:8081;
}

server {
    listen 443;
    server_name nexus.sky.com;
    ssl on;
    ssl_certificate /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.bundle.crt;
    ssl_certificate_key /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.key.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    location ~ ^/(.*){
        proxy_pass http://nexus_web;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto https;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

此时可以用 https 连接,但是在 chrome 中会显示不安全,解决办法,是将生成的 root.crt 导入到 chrome 中

一定要选择受信任的颁发机构

此时就成功

# 配置 http 自动跳转至 https

upstream nexus_web {
    server 10.0.1.1:8081;
}

server {
    listen 443;
    server_name nexus.sky.com;
    ssl on;
    ssl_certificate /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.bundle.crt;
    ssl_certificate_key /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.key.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    location ~ ^/(.*){
        proxy_pass http://nexus_web;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto https;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

server {
    listen 80;
    server_name nexus.sky.com;


    location / {
        rewrite ^/(.*)$ https://$host/$1 permanent;
    }
}

或者将 443 和 80 端口合并

log_format log_json '{ "@timestamp": "$time_local", '
'"remote_addr": "$remote_addr", '
'"referer": "$http_referer", '
'"request": "$request", '
'"status": $status, '
'"bytes": $body_bytes_sent, '
'"agent": "$http_user_agent", '
'"x_forwarded": "$http_x_forwarded_for", '
'"up_addr": "$upstream_addr",'
'"up_host": "$upstream_http_host",'
'"up_resp_time": "$upstream_response_time",'
'"request_time": "$request_time"'
' }';



upstream nexus_web {
    server 10.0.1.1:8081;
}

server {
    listen 80;
    listen 443 ssl;
    server_name nexus.sky.com;
    index index.html index.htm index.php;
    ssl_certificate /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.bundle.crt;
    ssl_certificate_key /opt/ssl/ssl/out/nexus.sky.com/nexus.sky.com.key.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    access_log /var/log/nginx/nexus.sky.com.log log_json;
    location /download {
        root /opt/nexus3/data;
    }
    location / {
            proxy_pass http://nexus_web;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto "https";
            client_max_body_size 512m;
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600;
            proxy_read_timeout 3600;
            proxy_buffering off;
            proxy_request_buffering off;
    }
}

Nginx配置http跳转https访问

Copyright © 2020 fengye2020.xyz 版权所有 ICP证:陕ICP备20003689号