配置域名与 HTTPS 证书
#
配置 HTTPS 证书- 将 HTTPS 证书放置 etc/nginx/servers 目录
- 生成 dhparam
openssl dhparam -out dhparam.pem 2048
- 将 dhparam.pem, ssl.crt, ssl.key 上传至
/etc/nginx/servers/
- 修改 etc/nginx/servers/gateway.conf 中增加 443 相关配置,可参考:
server { listen 443 ssl; server_name example.com;
ssl_dhparam /etc/nginx/servers/dhparam.pem; ssl_certificate /etc/nginx/servers/ssl.crt; ssl_certificate_key /etc/nginx/servers/ssl.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on;
...}
server { listen 80; server_name example.com;
location / { rewrite ^/(.*)$ https://example.com/$1 permanent; }}
#
配置 HTTP 访问 / 自定义端口访问修改 etc/nginx/servers/gateway.conf 监听端口(替换想要监听的端口),修改代码如下:
listen 80; => listen 8080;
#
限制IP访问修改 etc/nginx/servers/gateway.conf ,新增以下配置
server { server_name _; listen 80 default_server; return 403;}
执行以下命令重启
docker restart tgw