简介
给gitlab 和 nextcloud 添加ssl证书,方便从外网访问时的安全性,但是也同时保证内网的便捷可用,尽量做到不改动
gitlab
修改gitlab.rb
修改external_url
external_url 'https://$host:$port'
添加
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = $port
nginx['listen_port'] = $ssl_port
letsencrypt['enable'] = false
letsencrypt['auto_renew'] = false
将证书挂载到/etc/gitlab/ssl/下面重启gitlab就行
nextcloud
修改config.php
添加 'overwriteprotocol' => 'https',
然后修改docker-compose.yaml
nginx:
image: nginx
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./cert:/usr/local/nginx/cert
- ./default.conf:/etc/nginx/conf.d/default.conf
links:
- app
cert下面是证书
server {
listen 80;
listen [::]:80;
server_name domain;
# redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain;
ssl on;
ssl_certificate /usr/local/nginx/cert/domain.pem;
ssl_certificate_key /usr/local/nginx/cert/domain.key;
client_max_body_size 10G;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location / {
proxy_redirect off;
proxy_pass http://app;
proxy_set_header Host $http_host;
}
location = /.htaccess {
return 404;
}
}
等待dns刷新,网页访问即可
