Docker 搭建 Nginx 并启用 HTTPS 具体部署流程

東雪蓮☆2025-10-06 21:42

前言

一、目录结构设计

[二、构建 Nginx 镜像](#二、构建 Nginx 镜像)

[三、Docker Compose 配置](#三、Docker Compose 配置)

四、生成自签证书

[五、nginx.conf 配置](#五、nginx.conf 配置)

六、启动与验证

七、总结

八、附录

docker安装步骤

[docker compose安装步骤](#docker compose安装步骤)

前言

在现代微服务和容器化环境中,通过 Docker 部署 Nginx 并启用 HTTPS 已成为常见需求。本文将详细介绍从零搭建、配置自签证书到访问的完整流程,并提供可执行的命令示例。

一、目录结构设计

项目目录为 /opt/compose_nginx/,建议结构如下:

复制代码 
/opt/compose_nginx/
├─ docker-compose.yml      # Docker Compose 配置
├─ nginx/                  # Dockerfile 或 Nginx 源码
├─ nginx.conf              # 自定义 Nginx 配置文件
├─ ssl/                    # 存放证书
│  ├─ private/
│  └─ certs/
└─ wwwroot/                # 网站根目录

这种结构清晰区分了配置、证书和网页内容,并方便通过挂载保持数据持久化。

二、构建 Nginx 镜像

如果希望自定义编译 Nginx 并启用 SSL 模块,可以使用 Dockerfile:

复制代码 
#创建必要的文件夹以及配置文件
mkdir -p /opt/compose_nginx/nginx
mkdir -p /opt/compose_nginx/ssl/private
mkdir -p /opt/compose_nginx/ssl/certs
mkdir -p /opt/compose_nginx/wwwroot
cd /opt/compose_nginx/nginx
cp /etc/yum.repo.d/C* ./
cp /opt/nginx-1.20.2.tar.gz ./
touch /opt/compose_nginx/nginx.conf
echo "<h1>this is test web</h1>" > /opt/compose_nginx/wwwroot/index.html
-----------------------------------------------------------------------------
vim Dockerfile
​
FROM centos:7
MAINTAINER this is nginx image
RUN rm -rf /etc/yum.repos.d/*
ADD CentOS-Base.repo /etc/yum.repos.d/
RUN yum clean all && yum makecache && \
    yum install -y  pcre-devel zlib-devel gcc gcc-c++ make openssl-devel && \
    useradd -M -s /sbin/nologin nginx
ADD nginx-1.20.2.tar.gz /opt
WORKDIR /opt/nginx-1.20.2
RUN ./configure \
    --prefix=/usr/local/nginx \
    --user=nginx \
    --group=nginx \
    --with-http_stub_status_module \
    --with-http_ssl_module && \
    make && make install
ENV PATH /usr/local/nginx/sbin:$PATH
EXPOSE 80
EXPOSE 443
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
ADD run.sh /run.sh
RUN chmod 755 /run.sh
CMD ["/run.sh"]
------------------------------------------------------------------
vim run.sh
​
#!/bin/bash
/usr/local/nginx/sbin/nginx

如果使用官方 nginx:latest 镜像,可以省略编译步骤,直接挂载配置即可。

三、Docker Compose 配置

复制代码 
cd /opt/compose_nginx
​
vim docker-compose.yml
​
version: '3'
services:
  nginx:
    container_name: web1
    hostname: nginx
    build:
      context: ./nginx
      dockerfile: Dockerfile
    ports:
      - 1216:80
      - 1217:443
    networks:
      lnmp:
        ipv4_address: 172.18.0.10
    volumes:
      - ./wwwroot:/usr/local/nginx/html
      - ./nginx.conf:/usr/local/nginx/conf/nginx.conf
      - ./ssl/private:/usr/local/nginx/ssl/private
      - ./ssl/certs:/usr/local/nginx/ssl/certs
networks:
  lnmp:
    driver: bridge
    ipam:
      config:
        - subnet: 172.18.0.0/24
-------------------------------------------------------------------------------- 
#这里写点东西以防启动报错,后面会改       
vim nginx.conf
​
#user  nobody;
worker_processes  1;
​
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
​
#pid        logs/nginx.pid;
​
​
events {
    worker_connections  1024;
}
​
​
http {
    include       mime.types;
    default_type  application/octet-stream;
​
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
​
    #access_log  logs/access.log  main;
​
    sendfile        on;
    #tcp_nopush     on;
​
    #keepalive_timeout  0;
    keepalive_timeout  65;
​
    #gzip  on;
​
    server {
        listen       80;
        server_name  localhost;
​
        #charset koi8-r;
​
        #access_log  logs/host.access.log  main;
​
        location / {
            root   html;
            index  index.html index.htm;
        }
​
        #error_page  404              /404.html;
​
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
​
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
​
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
​
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
​
​
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
​
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
​
​
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
​
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
​
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
​
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
​
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
​
}
daemon off;
--------------------------------------------------------------------
#执行命令,生成容器,注意先用docker pull centos:7,不然Dockerfile会报错
docker-compose -f docker-compose.yml up -d

说明:

  • volumes 保证网页目录、配置文件、证书挂载到容器,实现持久化

四、生成自签证书

复制代码 
#先进入容器
docker exec -it web1 /bin/bash
​
#安装依赖包
yum install epel-release -y
yum install certbot python2-certbot-nginx -y
​
#生成密钥文件和证书签名请求
openssl genpkey -algorithm RSA -out /usr/local/nginx/ssl/private/nginx-selfsigned.key -pkeyopt rsa_keygen_bits:2048
​
openssl req -new -key /usr/local/nginx/ssl/private/nginx-selfsigned.key -out /usr/local/nginx/ssl/certs/nginx-selfsigned.csr
​
#生成自签名证书
openssl x509 -req -days 365 -in /usr/local/nginx/ssl/certs/nginx-selfsigned.csr -signkey /usr/local/nginx/ssl/private/nginx-selfsigned.key -out /usr/local/nginx/ssl/certs/nginx-selfsigned.crt

五、nginx.conf 配置

注:该配置在宿主机上操作

复制代码 
​
#user  nobody;
worker_processes  1;
​
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
​
#pid        logs/nginx.pid;
​
​
events {
    worker_connections  1024;
}
​
​
http {
    include       mime.types;
    default_type  application/octet-stream;
​
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
​
    #access_log  logs/access.log  main;
​
    sendfile        on;
    #tcp_nopush     on;
​
    #keepalive_timeout  0;
    keepalive_timeout  65;
​
    #gzip  on;
​
    server {
        listen       443 ssl;
        server_name  localhost;
        ssl_certificate /usr/local/nginx/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /usr/local/nginx/ssl/private/nginx-selfsigned.key;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers on;
​
​
        #access_log  logs/host.access.log  main;
​
        location / {
            root   html;
            index  index.html index.htm;
        }
​
        #error_page  404              /404.html;
​
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
​
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
​
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
​
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
​
​
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
​
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
​
​
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
​
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
​
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
​
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
​
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
​
}
daemon off;

注意事项:

  • 使用挂载的证书路径,保证容器重启不会丢失

六、启动与验证

检查挂载是否生效

复制代码 
docker inspect web1 | grep -A 10 Mounts

重载 Nginx 配置

复制代码 
docker-compose down
docker-compose up -d

访问网站

复制代码 
https://宿主机IP:1217
  • HTTPS → 自签证书会提示浏览器安全警告,可忽略

七、总结

  1. 挂载配置、证书和网站目录,容器重启不丢失数据

  2. 宿主机修改配置或证书,只需 Nginx reload

  3. 生成自签证书可以在宿主机或容器内完成,但挂载到宿主机更安全

  4. Docker Compose volume 修改后,必须重建容器才能生效

八、附录

docker安装步骤

复制代码 
#安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
#设置阿里云镜像源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#安装Docker-CE
yum install -y docker-ce docker-ce-cli containerd.io
注意:如果是指定版本docker-ce-20.10.3
如:yum install -y docker-ce-20.10.3 docker-ce-cli-20.10.3 containerd.io
​
systemctl start docker.service

docker compose安装步骤

复制代码 
#下载
curl -L https://github.com/docker/compose/releases/download/1.21.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#安装
chmod +x /usr/local/bin/docker-compose
#查看版本
docker-compose --version
相关推荐
XIAOHEZIcode11 小时前
Linux系统鼠标偏移常见原因以及修复方案
linux·运维·游戏
用户0328472220701 天前
如何搭建本地yum源(上)
运维
武子康1 天前
调查研究-183 Apple container:Mac 上用轻量 VM 跑 Linux 容器,Swift 会改写本地容器体验吗?
docker·容器·apple
ping某2 天前
为什么 Nginx 明明监听了 80,转发后端时却用了 4xxxx 端口?
后端·nginx
大树884 天前
金刚石散热越强,管路越先见顶
大数据·运维·服务器·人工智能·ai
摇滚侠4 天前
Linux CentOS7 rpm 安装 MySQL 5.7
linux·运维·mysql
霸道流氓气质4 天前
领域驱动设计(DDD)在 Spring Boot 微服务中的实践指南
运维·spring boot·微服务
Inhand陈工4 天前
基于台达PLC与映翰通IG502的智慧水产养殖精准投喂与远程运维解决方案
运维·人工智能·物联网·阿里云·信息与通信
Alsn864 天前
等待学习-学习目录:Docker 容器安全攻防
学习·安全·docker
酣大智4 天前
ARP代理--工作原理
运维·网络·arp·arp代理
热门推荐
012026年6月AI行业全景:从百模大战到Agent元年,这30天发生了什么?022026年6月AI大模型全景报告:GPT-5.6、Claude Opus 4.8、Gemini 3.5,中美AI三足鼎立谁主沉浮?032026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf04【AI】2026 年具身智能模型和世界模型总结05GitHub 镜像站点06AI科技热点日报 | 2026年6月1日07AI一周事件 · 2026-06-03 至 2026-06-0908Claude Code、Codex、Cursor三分天下:2026年AI编程Agent生态全景剖析09上线仅72小时被强制下架:Claude Fable 5 的短命10Codex 下载安装指南:Windows 和 macOS 官方版下载