――I haven't touched nginx properly yet, so I learned --Configure with docker --Proxy to multiple application servers --https between nginx server and client with oleore certificate
├── app #Application servers
│ ├── main
│ │ └── index.html
│ └── sub
│ └── index.html
├── docker
│ └── docker-compose.yml
└── proxy # nginx + ssl
├── conf.d
│ ├── default.conf
│ └── main.conf
├── mime.types #
├── nginx.conf
└── ssl
├── server-private.pem
├── server-public.key
├── server.csr
├── server_self_signed.crt
└── subjectaltname.ext
docker-compose
docker-compose.yml
version: '3'
services:
main-server:
image: nginx
container_name: 'main-server'
volumes:
- ../app/main:/usr/share/nginx/html
ports:
- 7000:80
sub-server:
image: nginx
container_name: 'sub-server'
volumes:
- ../app/sub:/usr/share/nginx/html
ports:
- 7001:80
reverse-proxy:
image: nginx
volumes:
- ../proxy:/etc/nginx
ports:
- 80:80
- 443:443
proxy/nginx.conf
user nginx;
events {
worker_connections 16;
}
http {
charset UTF-8;
#log format setting
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /etc/nginx/access_log main;
#Virtual server configuration directory
include ./conf.d/*.conf;
}
conf:proxt/conf.d/main.conf
server {
listen 80;
return 301 https://$host$request_uri; # http to https
}
server {
listen 443 ssl;
server_name localhost; #domain
keepalive_timeout 70;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 16k;
ssl_certificate /etc/nginx/ssl/server_self_signed.crt;
ssl_certificate_key /etc/nginx/ssl/server-private.pem;
location /main {
proxy_pass http://host.docker.internal:7000/;
proxy_redirect off;
}
location /sub {
proxy_pass http://host.docker.internal:7001/;
proxy_redirect off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
app/main/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>main</title>
</head>
<body>
<h1>main</h1>
</body>
</html>
app/sub/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>sub</title>
</head>
<body>
<h1>sub</h1>
</body>
</html>
Certificate creation
openssl genrsa -out server-private.pem 2048 #Create a 1024-bit private key in RSA format
openssl rsa -in server-private.pem -pubout -out server-public.key #Generate public key
openssl req -new -key server-private.pem > server.csr #CSR creation
openssl x509 -req -in server.csr -signkey server-private.pem
-out server_self_signed.crt -days 825 -extfile subjectaltname.ext #Issuance of self-signed certificate
subjectaltname.ext
subjectAltName=DNS:localhost
Once this is done, register server_self_signed.crt with the host's certificate.
Don't forget to trust once you register.
https://qiita.com/colomney/items/887f9ea7b68a3b427060
I wrote only the implementation as a reminder, so please check each for details.
https://nginx.org/en/docs/beginners_guide.html https://qiita.com/zawawahoge/items/d58ab6b746625e8d4457 https://qiita.com/kunichiko/items/12cbccaadcbf41c72735 https://qiita.com/katsunory/items/97f5a4738863776fbaf4 https://kazuhira-r.hatenablog.com/entry/20180803/1533302929
Recommended Posts