配置域名与 HTTPS 证书
配置 HTTPS 证书
- 将 HTTPS 证书放置 etc/nginx/servers 目录
- 修改 etc/nginx/servers/gateway.conf 中增加证书相关配置
server {
listen 443 ssl http2 spdy;
server_name local.1700.cn;
ssl_dhparam /etc/nginx/servers/public_dhparam.pem;
ssl_certificate /etc/nginx/servers/ssl.crt;
ssl_certificate_key /etc/nginx/servers/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
location / {
rewrite ^/(.*)$ http://local.1700.cn/$1 permanent;
}
}
配置 HTTP 访问 / 自定义端口访问
修改 etc/nginx/servers/gateway.conf 监听端口(替换想要监听的端口),修改代码如下:
listen 80; => listen 8080;
限制IP访问
修改 etc/nginx/servers/gateway.conf ,新增以下配置
server {
server_name _;
listen 80 default_server;
return 403;
}
执行以下命令重启
docker restart tgw