docker-compose-nginx.yml

version: "3"
services:
  nginx:
     restart: always
     image: nginx:1.26.2
     container_name: my-nginx
     hostname: my-nginx
     network_mode: host
     privileged: true
     volumes:
       - "/config/nginx/nginx.conf:/etc/nginx/nginx.conf"
       - "/config/nginx/conf.d:/etc/nginx/conf.d"
       - "/logs/nginx:/var/log/nginx"
       - "/data/nginx:/data/nginx"

ssl证书及配置文件

• 自己生成ssl证书，放到指定目录

• 配置文件

  server {
          listen    18081 ssl;
          server_name  localhost;
          ssl_certificate      /etc/nginx/conf.d/certs/server.crt;
          ssl_certificate_key  /etc/nginx/conf.d/certs/server.key;
          ssl_session_cache    shared:SSL:1m;
          ssl_session_timeout  5m;
          ssl_protocols TLSv1.2 TLSv1.3;
          ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
          ssl_prefer_server_ciphers  on;
  		server_tokens off;
  		add_header Strict-Transport-Security "max-age=3600; includeSubDomains";
          client_max_body_size 2000m;
          root html;
   	      charset 'utf-8';
  		
  		location / {
  			proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  			proxy_set_header    Host $http_host;
  			proxy_set_header   X-Forwarded-Proto https;  # 转发时使用https协议
  			server_name_in_redirect on;
  			proxy_pass      http://my-nexus:8081;
          }
  	
  }
  

部署

docker-compose -f docker-compose-nginx.yml up -d

根据服务器IP，配置hosts

vim /etc/hosts

192.168.xxx.xxx my-nginx

防火墙开放18081端口

firewall-cmd --zone=public --add-port=18081/tcp --permanent
firewall-cmd --reload

web访问

https://192.168.xxx.xxx:18081