DjangoBlog icon indicating copy to clipboard operation
DjangoBlog copied to clipboard

[ 功能] 补充一个https的配置

Open lijiachang opened this issue 1 year ago • 0 comments

docker-compose.yml 增加证书文件映射

  nginx:
    restart: always
    image: nginx:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./bin/nginx.conf:/etc/nginx/nginx.conf
      - ./collectedstatic:/code/djangoblog/collectedstatic
      - /opt/fullchain.pem:/etc/nginx/ssl/fullchain.pem
      - /opt/privkey.pem:/etc/nginx/ssl/privkey.pem
    links:
      - djangoblog:djangoblog
    container_name: nginx

修改NGINX配置

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    server {
        listen 80;
        server_name xxx.com;  # 替换为您的域名
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl;
        server_name xxx.com;  # 替换为您的域名

        ssl_certificate /etc/nginx/ssl/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/privkey.pem;

        # SSL 参数(可选,但推荐)
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

        root /code/djangoblog/collectedstatic/;
        keepalive_timeout 70;

        location /static/ {
            expires max;
            alias /code/djangoblog/collectedstatic/;
        }

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_redirect off;
            if (!-f $request_filename) {
                proxy_pass http://djangoblog:8000;
                break;
            }
        }
    }
}

lijiachang avatar Jul 04 '24 16:07 lijiachang