Docker-compose 构建nginx 并开启TCP SSL

证书方面请参数：自制CA证书，自制客户端，服务端证书

我的证书目录为：/Users/dd/Desktop/docker/ca

NGINX相关：

创建nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    server{
      listen 443 ssl;
      server_name www.123.com;
      index index.html ;
      ssl_certificate /etc/nginx/ssl/server.crt;
      ssl_certificate_key /etc/nginx/ssl/server.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!eNULL;
      ssl_prefer_server_ciphers on;
      location / {
      }
    }
    
}
stream {
    # Example configuration for TCP load balancing

    upstream stream_backend {
        zone tcp_servers 64k;
        hash $remote_addr;
        server 10.99.44.123:1883 max_fails=2 fail_timeout=30s;
        #server 192.168.0.3:1883 max_fails=2 fail_timeout=30s;
    }

    server {
        listen 8883 ssl;
        #status_zone tcp_server;
        proxy_pass stream_backend;
        proxy_buffer_size 4k;
        ssl_handshake_timeout 15s;
        ssl_certificate     /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;
        ssl_client_certificate /etc/nginx/ssl/ca.crt;
    }
}

Docker相关：

创建docker-compose.yml文件

version: '3'

services:

  nginx:

    image: nginx

    container_name: mynginx

    ports:

      - "80:80"

      - "443:443"

      - "8884:8883"

    volumes:

      - /Users/dd/Desktop/docker/nginx/nginx.conf:/etc/nginx/nginx.conf

      - /Users/dd/Desktop/docker/ca:/etc/nginx/ssl

启动命令：docker-compose up -d

停止服务栈并删除相关资源：docker-compose down

重启服务栈：docker-compose restart