yeasy
/
docker-compose-files
mirror of https://github.com/yeasy/docker-compose-files.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add nginx https 2 sample

pull/142/head
Baohua Yang 2022-02-02 17:46:41 -08:00
parent 39c5787773
commit bc6e104434
9 changed files with 257 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nginx/nginx_https_2/README.md 100644
View File

@ -0,0 +1,5 @@
# Nginx with App
Nginx serves as a proxy, and terminates the ssl from client.
Nginx1 (mutual tls) --> Nginx2 (ssl terminate) --> app

27
nginx/nginx_https_2/docker-compose.yml 100644
View File

@ -0,0 +1,27 @@
version: '3'
services:
nginx1:
image: nginx:1.20
container_name: nginx1
volumes:
- ./nginx1.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
ports:
- 80:80
- 443:443
nginx2:
image: nginx:1.20
container_name: nginx2
volumes:
- ./nginx2.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
ports:
- 8080:80
- 8443:443
app:
image: python:3.7
container_name: app
expose:
- "80"
command: python3 -m http.server 80

60
nginx/nginx_https_2/nginx1.conf 100644
View File

@ -0,0 +1,60 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
upstream nginx2 {
server nginx2:443;
}
upstream app {
server app:80;
}
server {
listen 80;
location / {
proxy_pass http://app;
}
}
server {
listen 443 ssl;
ssl_trusted_certificate /etc/nginx/ssl/server1.crt;
ssl_certificate /etc/nginx/ssl/server1.crt;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_pass https://nginx2;
proxy_ssl_certificate /etc/nginx/ssl/server1.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/server1.key;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
}
}
}

58
nginx/nginx_https_2/nginx2.conf 100644
View File

@ -0,0 +1,58 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
upstream backend {
server app:80;
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
}
server {
listen 443 ssl;
ssl_client_certificate /etc/nginx/ssl/server1.crt;
ssl_verify_client on;
ssl_trusted_certificate /etc/nginx/ssl/server2.crt;
ssl_certificate /etc/nginx/ssl/server2.crt;
ssl_certificate_key /etc/nginx/ssl/server2.key;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}

9
nginx/nginx_https_2/ssl/gen_certs.sh 100644
View File

@ -0,0 +1,9 @@
openssl req \
-x509 \
-nodes \
-days 3650 \
-newkey rsa:2048 \
-keyout /root/server2.key \
-out /root/server2.crt
# Enter "*.net" (without quotes) as "Common Name"

21
nginx/nginx_https_2/ssl/server1.crt 100644
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIURFu7iX8+iLUXefTUMhV5HkviJJ8wDQYJKoZIhvcNAQEL
BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLmNvbTAeFw0yMjAyMDIyMzU0
MjFaFw0zMjAxMzEyMzU0MjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRVhWlCMpKJAaWVI+U
aOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUdqt1E
gGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubqnqSX
DC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5ndg5+L
OnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe89vN
Cm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+Ojuh
3n2NAgMBAAGjUzBRMB0GA1UdDgQWBBQkfe744BxH3XaZlWvXq54YFmp9MDAfBgNV
HSMEGDAWgBQkfe744BxH3XaZlWvXq54YFmp9MDAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCuH6jvESJQAzBGnKTHNlLmaX5OWJ2tFx78mRkLgbPC
kL1uTwH7aQfga+TjnEPT5rSftnATaR0k8vxLSIT3KEpHrFZ4hHr1UwqikJGkmAYa
TlFXLvX8eX8bo6NxECHz7OBOGzvUxBY9tm7NdojHk7XfOY5gJSbnpFQxNcdpk7jd
y56nqAI/zhaDoCcrdxpvEBT657+NAaBfCJeH8ivudAQffaAJ9/c68HWHCr+tyQQw
Vr6s6QMMKAZWJhUNKFVhNZczT+WcpqbQEuab1LJsut4pm72CUayq92vm7+jwiyCP
TaKrNkcWug74xzzxvZtvtAO8rKRjyI/VZRB8sT6W2ey6
-----END CERTIFICATE-----

28
nginx/nginx_https_2/ssl/server1.key 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRVhWlCMpKJAaW
VI+UaOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUd
qt1EgGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubq
nqSXDC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5nd
g5+LOnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe
89vNCm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+
Ojuh3n2NAgMBAAECggEBAKXxh9b70OBVDqO9BNSxD47aSNXR81UBE2ErCa2MwARn
6ANLF19ZV+vd+dXSgrq/ToyJPIn7saAncEbEXAMhgVZ42MChqB9QX/Alh3UpvLr4
fdm4xcIDmhE2UwgrO+Qh9mrOaIr+8qJDdOooOHFExxzOhWrzPVoQ8oPTpb3kXHbz
nB9OiTertbw4YHABx9+7Xg+L3d/4+69khYaG369HonnJMc/4YIsgHhomv7x1fWzg
LSSIiUyHMnhPss8hWAL0YBIkfB+XwwEJ1tt45QZCr2GVICZ+AzU1j6DnxM4/V8lF
QWZq2FiwbWvXLo89m4ZrqfhgzxoTK9cuULw37fPv2gECgYEA6aLidpJ6UwvNZRkL
soOV0UfWKAJoAt5L6Uz6J32rg1jIKSKg5qzk7dp2u24iVriCA8chOnVia90bpbQ5
gTX3zNlpBedly7rZvZQJnbr82xFBkJfRU5AZ90W+RLWPijAZjp5MYKBEuVbs84Q9
eFpZT/nz563isJo6In5vSay8KHkCgYEA5V++PWbawXQ4x2+PyglQunFTZy6M/Fha
QtdGqL87bK6Xo9my/As2NhvH/2HLGgXcXGxq2ppE2E59NOZIsUpcEj9Hvhyb5e5E
0Rn0kX1Rq417xIVn8zBqgjd8DKQc07ih6JqANNtste0ZIGHQ2xC7xTKNBYTxCXTh
EVc0n0XM4LUCgYBssu7AEdg9qQEPpz5s+JGMg+qcRLpVk00oJzs/glV4z6aYlNbd
W9VK4FhbTZtGU6OR1GSeSRzYaE/DoX0bo5s9wGz/ZTBUQAOsEyMCMowP9BBYEHpA
cYvTIqyqVPqKZWSOmRGZ5xbyUAIALidXRlnFPtp+kMUmOysO/1oRof8MqQKBgQCe
miltQ6WXhsmL/bQrO226vYmyGxoZku42sayGGlT4vXDVNz7v0MDXgTY1fGV3xP2u
Wrk4FtvrxboFzgYNsSEg7OiqqBWUU8D55TybLVA/k0E1jhlmqt+60qrQAtp7+3rY
35wu8FqnIR7yqTBFibiMjnu8iUQyCcNmvioAx7720QKBgQC9pafeUYCRYlz0mYFN
p4S4GPKO7E2s/UVt/c9PLWMFoSqc07VosuY4JgmYLFsB1lnOL3WvxP3A+8If1NEz
xJ7bpLcTIxwvabJBDgkcCVHJo3J46ze/gIMppu7J9SuGYc0Yr4gcZcF9jiPxdFxE
3WTHcQzWfnv1cSEfzWLHk2zAbg==
-----END PRIVATE KEY-----

21
nginx/nginx_https_2/ssl/server2.crt 100644
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIUB8iDeBEFCI5nB+ZcptyBiK8CSugwDQYJKoZIhvcNAQEL
BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD
VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLm5ldDAeFw0yMjAyMDMwMDI4
MzhaFw0zMjAyMDEwMDI4MzhaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK
MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5u
ZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZfsjmr38jGNBlwXcU
tLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dnalHU+
5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9ViigLi2
GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c0gzo
hlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOjvaJo
5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mNc/f6
KiNDAgMBAAGjUzBRMB0GA1UdDgQWBBQO64TaLjr1mC9yuIQVnIp3+xvPHTAfBgNV
HSMEGDAWgBQO64TaLjr1mC9yuIQVnIp3+xvPHTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQB6ybZzfFMWG2CNZBvvlSi2RoIOoQ7Ra9QD8aC6py5j
zJi3RVV/NxJz7ODdE3Y8uOo8Gi7owQCFBrKXESKTsoT+uoD1mV7sWqXTkjgVNbMJ
lbOpTdZisWG4/6BLVKIYf1TnEv5uWzr9k/2VP86LLZra/T0fntE6qFfBISXBicTt
uePPO3v2EW4u19hqdXgZz5UxpCJoAGV2H+HGknvhqzoiEy6IWGfda7QU0vyvrjiU
SPlz9mlSbWIBlP34aay37OET9yD0jqakg7r7Uvc2daBa4vkaZyNn4IIuw13rr2fV
6oUX5Y2bioaF+2BwVzz5A0O9qShuzTbFiqgRLcQyPadr
-----END CERTIFICATE-----

28
nginx/nginx_https_2/ssl/server2.key 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZfsjmr38jGNBl
wXcUtLKN3JgK8O8kMO7izg8tnFCag9RdDMmm+Xq+ntpCzzNHVzK+K9m60AML4dna
lHU+5FJqe++iR3092JxOOlh7D2QYsq59mttlXLPxvwB+Hn7/Bp7l4Y4WlSuQ9Vii
gLi2GwFmu/4rQuHEpm3PeaLRrZObnmDmwWdYE4Y1XMwWy7PfQp+6Hl/Eq9ZuhU+c
0gzohlenmBSAfZK0ctYbAP/zGUqbBup+wuhZOyx2gEGnCDgKg9POjSqXIb+dqcOj
vaJo5CWjuSodiX1bjeUYR4uC+wxY/k38EzcVlbGB8f/UFNwmYg2tY/bB54toj5mN
c/f6KiNDAgMBAAECggEAEq1sm0Le7CipXNOsYj7SRpR3Chl+r+Dz4s5HR2dxFJPV
nNgISSqLe+swWyRoBuxaEzK40+4hFNgkWTz+hJQe774M6iaxfqonYiBokMjVk7lk
eqzdwmqfmVcJt8rupP/wjVU9Wnsc7qnjHrFnK1xOVoA2Z4iq0rRoIbUUYmVBk89x
cFH2bFQWLghry8pOa4lzwLPnD8BFduTNKk8GZWlQIIh+Pbtp24KhM6pau0qHZnyT
qPb8ZNzt71hWKYHIsqqB6BQm0EizhKg8Aax21cdUP61YAq15IxcaXppmVaNrpCJK
yDxLLsRY1JygTCZ8jiaA2KDs31k0hAbYNDi3x3q3AQKBgQD65MAcexwfsSQ5RrIK
8HKFAhmc2qPiXWTyLlDzXrVlaHEv8adVuuq/0mYlRl6EONyUw8Wxk6BtQw4NoCp8
FWpFE1b5ORqE9uKxNNWXoKPvyg8g4ALvdgqDvxHBT69XE3c43aTiz+snUhgog1MM
7PNuqiI5ix0DGIZS1rG9ZYSl4wKBgQDd7ARCwNUUizLZlLCTYRTprUykLkqsPFOr
5Dcycf6Li1wTw1gq1DXQfkywke0NS/gFDr8bqylyxUO88wlNIYf5PB5oekCNMZ1g
OEz/8gASmQAchpnZYQtpGDhLYZzMZjC074fUCrySJiQ3WS6U+OI0ES+odaaDWBIu
YBwcXlALIQKBgQD0TxXHZhYPwkX8xBuRTWymmlHojHszbTBkJ7fKFLpcoiQ9xHnm
oFoBKlcvCuP0qw4Yir6SWafJXZdsqz9TjuLpmpiBnRp2yZYbatBmkxWv5TlwENKq
7W31tnQKopaiGyFoLWRnPIHGy0kdAiw4FPBDHcav9AfvQM1kEw4G2LkfcwKBgQCK
12CLCu3E3pm/uuEGM9TLpdqvVS7utwd6IVvPObaRQ20mCC8fDIlmmb4NMh7nFMJl
F6bE/r79ySDqE/ubwAC8E7rKjsHYFFRroI28C4G0IPkK38NdVvO2mqqNrtJUpxKO
ANYv+U+k+CvsXOVh2pxbCu2QLZsxzWYCkarErNTTQQKBgFbdLb1GRQvZRblxAUuv
p75DiebRyCBsY6yXYc03VmsKw7N0+gehqh8pYPeN736GIkQH/4Ufbf8Fswe1Cnms
fpZfKm/3DovMrMMiA+BWInA+Yhra6c186k/wq0wmhRtUkvbZN70n2FJ3vQ9kbphn
+G/n6zv32ON3qsiZHVqTdvyl
-----END PRIVATE KEY-----