1、openssl生成自签名证书和私钥

在部署服务器上，新建cert目录，执行以下指令，然后生成.crt和.key文件

openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 3650 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=10.1.58.5/emailAddress=123@qq.com"

• -days 3650：设置为10年
• 10.1.58.5：修改为服务器ip
  

2、nginx.conf配置ssl

在原来的配置上新增ssl配置，可使用任意端口，listen后注意增加ssl

server {listen       80 ssl;server_name  localhost; ssl_certificate "/etc/nginx/cert/cert.crt";ssl_certificate_key "/etc/nginx/cert/rsa_private.key";ssl_session_timeout  10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;  location / {if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {return 403;}root   /usr/share/nginx/html;try_files $uri /index.html;}location /prism/ {proxy_pass http://prism-server:18892; }
}

3、docker-compose挂载

为了便于前端vue项目容器化部署，将服务器cert目录与容器内/etc/nginx/cert关联

prism-front:image: 10.1.58.6:5000/prism-frontcontainer_name: prism-frontrestart: alwayslinks:- prism-serverports:- "8098:80"volumes:- ./cert:/etc/nginx/cert