https://md5.pw/index.php?action=history&feed=atom&title=%E9%83%A8%E7%BD%B2https%E4%B8%AD%E8%BD%AC%E6%9C%8D%E5%8A%A1%E6%95%99%E7%A8%8B
部署https中转服务教程 - 版本历史
2026-04-12T20:35:02Z
本wiki上该页面的版本历史
MediaWiki 1.43.5
https://md5.pw/index.php?title=%E9%83%A8%E7%BD%B2https%E4%B8%AD%E8%BD%AC%E6%9C%8D%E5%8A%A1%E6%95%99%E7%A8%8B&diff=791&oldid=prev
2025年12月23日 (二) 17:41 Liam
2025-12-23T17:41:45Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="zh">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">2025年12月23日 (二) 10:41的版本</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l248">第248行:</td>
<td colspan="2" class="diff-lineno">第248行:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>root@ubuntu:/home/docker/nginx# docker exec -it nginx nginx -s reload</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>root@ubuntu:/home/docker/nginx# docker exec -it nginx nginx -s reload</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:500 常见应用指南 — Application Guides]]</ins></div></td></tr>
<!-- diff cache key my_wiki:diff:1.41:old-790:rev-791:php=table -->
</table>
Liam
https://md5.pw/index.php?title=%E9%83%A8%E7%BD%B2https%E4%B8%AD%E8%BD%AC%E6%9C%8D%E5%8A%A1%E6%95%99%E7%A8%8B&diff=790&oldid=prev
Lusky0:创建页面,内容为“== 为什么要做https转发 == 因为公司业务在美国,服务器已经使用很久,迁移非常麻烦,现在正好有瓦工稳定机器故想到这个解决方案,可能不是最优,但是目前满足我的业务稳定分享给大家,如有不足欢迎大佬们指点。 == 部署Nginx == ==== 宿主机先创建这些文件 ==== <pre> /home/docker/nginx/nginx.conf /home/docker/nginx/conf.d /home/docker/nginx/log /home/docker/nginx/html /home/…”
2025-12-23T09:44:55Z
<p>创建页面,内容为“== 为什么要做https转发 == 因为公司业务在美国,服务器已经使用很久,迁移非常麻烦,现在正好有瓦工稳定机器故想到这个解决方案,可能不是最优,但是目前满足我的业务稳定分享给大家,如有不足欢迎大佬们指点。 == 部署Nginx == ==== 宿主机先创建这些文件 ==== <pre> /home/docker/nginx/nginx.conf /home/docker/nginx/conf.d /home/docker/nginx/log /home/docker/nginx/html /home/…”</p>
<p><b>新页面</b></p><div>== 为什么要做https转发 ==<br />
因为公司业务在美国,服务器已经使用很久,迁移非常麻烦,现在正好有瓦工稳定机器故想到这个解决方案,可能不是最优,但是目前满足我的业务稳定分享给大家,如有不足欢迎大佬们指点。<br />
<br />
<br />
== 部署Nginx ==<br />
==== 宿主机先创建这些文件 ====<br />
<pre><br />
/home/docker/nginx/nginx.conf<br />
/home/docker/nginx/conf.d<br />
/home/docker/nginx/log<br />
/home/docker/nginx/html<br />
/home/docker/nginx/ssl<br />
/home/docker/letsencrypt<br />
</pre><br />
<br />
==== 安装docker ====<br />
<pre><br />
curl -fsSL https://get.docker.com -o install-docker.sh<br />
sudo sh install-docker.sh<br />
</pre><br />
<br />
===== 启动脚本startNginx.sh =====<br />
<pre><br />
sudo docker run \<br />
-p 80:80 \<br />
-p 443:443 \<br />
-p 8081:8081 \<br />
--name nginx \<br />
-v /home/docker/nginx/nginx.conf:/etc/nginx/nginx.conf \<br />
-v /home/docker/nginx/conf.d:/etc/nginx/conf.d \<br />
-v /home/docker/nginx/log:/var/log/nginx \<br />
-v /home/docker/nginx/html:/usr/share/nginx/html \<br />
-v /home/docker/nginx/ssl:/etc/nginx/ssl \<br />
-v /home/docker/letsencrypt:/var/www/letsencrypt \<br />
-d nginx<br />
</pre><br />
<br />
==== 证书自动续期ssl_auto.sh ====<br />
<pre><br />
#!/bin/bash<br />
<br />
# ==============================<br />
# 智能 SSL 自动管理脚本<br />
# - 每日检查证书剩余天数<br />
# - ≤30 天自动续期<br />
# - webroot 模式(不中断服务)<br />
# ========== 运行模式 ==========<br />
DRY_RUN=false # true = 测试模式(不真正续期)<br />
# ==============================<br />
<br />
<br />
NGINX_CONTAINER="nginx"<br />
WEBROOT="/home/docker/letsencrypt"<br />
SSL_DIR="/home/docker/nginx/ssl"<br />
RENEW_BEFORE_DAYS=30<br />
<br />
DOMAINS=(<br />
"xxxxx"<br />
)<br />
<br />
echo "============================"<br />
echo " 🔐 SSL 自动检查启动 $(date)"<br />
echo "============================"<br />
<br />
mkdir -p "$WEBROOT/.well-known/acme-challenge/"<br />
<br />
need_restart_nginx=false<br />
<br />
for DOMAIN in "${DOMAINS[@]}"; do<br />
CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"<br />
<br />
echo ""<br />
echo "👉 检查域名:$DOMAIN"<br />
<br />
# 如果证书不存在,直接申请<br />
if [ ! -f "$CERT_PATH" ]; then<br />
echo "⚠ 未发现证书,立即申请"<br />
renew=true<br />
else<br />
# 获取过期时间<br />
expire_date=$(openssl x509 -enddate -noout -in "$CERT_PATH" | cut -d= -f2)<br />
expire_ts=$(date -d "$expire_date" +%s)<br />
now_ts=$(date +%s)<br />
<br />
days_left=$(( (expire_ts - now_ts) / 86400 ))<br />
<br />
echo "📅 剩余有效期:$days_left 天"<br />
<br />
if [ "$days_left" -le "$RENEW_BEFORE_DAYS" ]; then<br />
echo "⏰ 低于 $RENEW_BEFORE_DAYS 天,需要续期"<br />
renew=true<br />
else<br />
echo "✅ 证书仍然有效,跳过"<br />
renew=false<br />
fi<br />
fi<br />
<br />
# if [ "$renew" = true ]; then<br />
# echo "🔄 正在申请/续期:$DOMAIN"<br />
<br />
# certbot certonly \<br />
# --webroot -w "$WEBROOT" \<br />
# -d "$DOMAIN" \<br />
# --non-interactive \<br />
# --agree-tos \<br />
# -m admin@$DOMAIN<br />
<br />
# if [ $? -ne 0 ]; then<br />
# echo "❌ 续期失败:$DOMAIN"<br />
# continue<br />
# fi<br />
<br />
if [ "$renew" = true ]; then<br />
echo "🔄 正在申请/续期:$DOMAIN"<br />
<br />
CERTBOT_ARGS=(<br />
certonly<br />
--webroot -w "$WEBROOT"<br />
-d "$DOMAIN"<br />
--non-interactive<br />
--agree-tos<br />
-m admin@$DOMAIN<br />
)<br />
<br />
if [ "$DRY_RUN" = true ]; then<br />
CERTBOT_ARGS+=(--dry-run)<br />
echo "🧪 DRY-RUN 模式:仅测试,不会真正更新证书"<br />
fi<br />
<br />
certbot "${CERTBOT_ARGS[@]}"<br />
<br />
if [ $? -ne 0 ]; then<br />
echo "❌ 续期失败:$DOMAIN"<br />
# 这里之后你可以接邮件/钉钉告警<br />
continue<br />
fi<br />
<br />
echo "✅ certbot 执行成功:$DOMAIN"<br />
<br />
# dry-run 模式不做后续动作<br />
if [ "$DRY_RUN" = true ]; then<br />
echo "🧪 DRY-RUN 模式:跳过证书复制与 Nginx 重启"<br />
continue<br />
fi<br />
<br />
<br />
echo "✅ 续期成功:$DOMAIN"<br />
<br />
# 复制到 nginx ssl 目录<br />
cp -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem \<br />
$SSL_DIR/$DOMAIN.pem<br />
cp -f /etc/letsencrypt/live/$DOMAIN/privkey.pem \<br />
$SSL_DIR/$DOMAIN.key<br />
<br />
chmod 644 $SSL_DIR/$DOMAIN.pem<br />
chmod 600 $SSL_DIR/$DOMAIN.key<br />
<br />
need_restart_nginx=true<br />
echo "📦 证书已更新到 Nginx 目录"<br />
fi<br />
done<br />
<br />
# 如有证书更新才重启 nginx<br />
if [ "$need_restart_nginx" = true ]; then<br />
echo ""<br />
echo "🔄 重启 Nginx 容器"<br />
docker restart $NGINX_CONTAINER<br />
echo "✅ Nginx 重启完成"<br />
else<br />
echo ""<br />
echo "ℹ️ 无证书变更,无需重启 Nginx"<br />
fi<br />
<br />
echo ""<br />
echo "🎉 SSL 检查完成"<br />
</pre><br />
<br />
==== Nginx.conf配置文件 ====<br />
<pre><br />
server {<br />
listen 80;<br />
server_name xxx;<br />
<br />
location /.well-known/acme-challenge/ {<br />
alias /var/www/letsencrypt/.well-known/acme-challenge/;<br />
try_files $uri =404;<br />
}<br />
<br />
location / {<br />
return 301 https://$host$request_uri;<br />
}<br />
}<br />
<br />
upstream put_api_backend {<br />
server xxxxx:443;<br />
keepalive 100;<br />
}<br />
<br />
server {<br />
listen 443 ssl;<br />
server_name xxx;<br />
<br />
ssl_certificate /etc/nginx/ssl/xxx.pem;<br />
ssl_certificate_key /etc/nginx/ssl/xxx.key;<br />
<br />
ssl_protocols TLSv1.2 TLSv1.3;<br />
ssl_ciphers HIGH:!aNULL:!MD5;<br />
<br />
access_log /var/log/nginx/xxx.access.log;<br />
error_log /var/log/nginx/xxx.error.log warn;<br />
<br />
# ACME challenge(HTTPS 续期仍然需要)<br />
location /.well-known/acme-challenge/ {<br />
alias /var/www/letsencrypt/.well-known/acme-challenge/;<br />
try_files $uri =404;<br />
}<br />
<br />
# API 中转<br />
location /api {<br />
proxy_pass https://put_api_backend;<br />
proxy_ssl_server_name on;<br />
<br />
proxy_http_version 1.1;<br />
proxy_set_header Connection "";<br />
<br />
proxy_set_header Host xxx;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto https;<br />
<br />
proxy_connect_timeout 5s;<br />
proxy_read_timeout 30s;<br />
proxy_send_timeout 30s;<br />
}<br />
<br />
# 其他路径拒绝<br />
location / {<br />
return 404;<br />
}<br />
}<br />
</pre><br />
<br />
==== 重启Nginx ====<br />
<pre><br />
docker exec -it nginx nginx -t<br />
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok<br />
nginx: configuration file /etc/nginx/nginx.conf test is successful<br />
root@ubuntu:/home/docker/nginx# docker exec -it nginx nginx -s reload<br />
</pre></div>
Lusky0