0.在omv7 开启全站https,在线创建一个ssl
查看ssl 安装位置:
cat /etc/nginx/sites-enabled/openmediavault-webgui
ssl_certificate /etc/ssl/certs/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.key;
1. 安装 acme.sh命令:
curl https://get.acme.sh | sh -s email=my@example.com
2.生成ssl
登录 Cloudflare → 用户头像 → My Profile → API Tokens
创建一个 Token,权限如下:
export CF_Token="sasasasa-GbET5CD"
acme.sh --issue -d www.gjllq.com --dns dns_cf
3.复制sll覆盖
cp www.mydomain.com.cer /etc/ssl/certs/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.crt;
cp www.mydomain.com.key /etc/ssl/certs/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.key;
4.配置docker里面的端口实现https
vi /etc/nginx/sites-enabled/my
根据情况修改以下内容
server {
listen 8004 ssl;#对外端口
listen 8005 ssl;
listen 8006 ssl;
listen 8007 ssl;
listen 8008 ssl;
server_name nas.gjjpx.com;
ssl_certificate /etc/ssl/certs/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.crt;
ssl_certificate_key /etc/ssl/private/openmediavault-19aa84a3-b245-439b-8cdc-48a503d730b8.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
if ($server_port = 8004) {
proxy_pass http://127.0.0.1:804;#DOCKER端口
}
if ($server_port = 8005) {
proxy_pass http://127.0.0.1:805;
}
if ($server_port = 8006) {
proxy_pass http://127.0.0.1:806;
}
if ($server_port = 8007) {
proxy_pass http://127.0.0.1:807;
}
if ($server_port = 8008) {
proxy_pass http://127.0.0.1:808;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
5.链接检查nginx 配置 重启nginx
ln -s /etc/nginx/sites-available/my /etc/nginx/sites-enabled/my
sudo nginx -t
sudo systemctl reload nginx
6.打开访问docker端口项目:
https://www.mydomain.com:8004