From f33a13a7b8e591efd6234b3a9a61acf0606e2ab4 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 3 Jun 2024 15:18:03 +0000
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20=E6=89=8B=E5=8A=A8?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AEhttps=E7=9A=84=E6=96=B9=E6=A1=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-nginx-https配置.md | 54 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 docker-nginx-https配置.md

diff --git a/docker-nginx-https配置.md b/docker-nginx-https配置.md
new file mode 100644
index 0000000..87a1074
--- /dev/null
+++ b/docker-nginx-https配置.md
@@ -0,0 +1,54 @@
+# 手动配置https
+
+## let's encypt certbot 手动方案
+[官网](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal&tab=standard)
+
+前置条件:
+1. 已经部署好nginx网站
+2. 已经配置好dns
+
+```bash
+# 移除certbot
+sudo apt-get remove certbot 
+# 安装certbot
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+sudo certbot certonly --standalone
+# 手动填写信息, 等待注册完成
+# 此处会生成证书
+```
+
+### 如果是docker中, 则还需要将证书文件拷贝到容器中去
+
+```bash
+sudo cp -r /etc/letsencrypt/archive/*.huangguanpc.com Lotter/ssl
+```
+
+修改Dockerfile, 将证书拷贝进容器中
+```dockerfile
+COPY ssl /ssl
+```
+
+
+修改nginx.cnf
+```yml
+# 1. 原80需转发到443
+# 2. 增加证书信息
+
+      listen 80 ;
+      server_name *.huangguanpc.com;
+      rewrite ^(.*) https://$server_name$1 permanent;
+  }
+
+  server {
+      listen 443 ssl;
+      server_name *.huangguanpc.com;
+      ssl_certificate /ssl/fullchain1.pem;
+      ssl_certificate_key  /ssl/privkey1.pem;
+```
+
+修改dockercompose.yml的web, 增加443端口
+```yml
+    - '443:443'
+```
+