Skip to main content
Version: v24.07

配置域名与 HTTPS 证书

配置 HTTPS 证书#

  1. 将 HTTPS 证书放置 etc/nginx/servers 目录
  2. 生成 dhparam openssl dhparam -out dhparam.pem 2048
  3. 将 dhparam.pem, ssl.crt, ssl.key 上传至 /etc/nginx/servers/
  4. 修改 etc/nginx/servers/gateway.conf 中增加 443 相关配置,可参考:
server {    listen 443 ssl;    server_name example.com;
    ssl_dhparam /etc/nginx/servers/dhparam.pem;    ssl_certificate /etc/nginx/servers/ssl.crt;    ssl_certificate_key /etc/nginx/servers/ssl.key;    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;    ssl_prefer_server_ciphers on;
    ...}
server {    listen 80;    server_name example.com;
    location / {        rewrite ^/(.*)$ https://example.com/$1 permanent;    }}

配置 HTTP 访问 / 自定义端口访问#

修改 etc/nginx/servers/gateway.conf 监听端口(替换想要监听的端口),修改代码如下:

listen 80; => listen 8080;

限制IP访问#

修改 etc/nginx/servers/gateway.conf ,新增以下配置

server {    server_name _;    listen 80 default_server;    return 403;}

执行以下命令重启

docker restart tgw