ngxin目录在/usr/local/nginx,公开的volumes:
- /usr/local/nginx/html : nginx默认的html文件目录
- /usr/local/nginx/conf : nginx配置文件目录
- /certs : 存放证书的目录
docker-compose.yml
version: "3"
services:
nginx-gmssl:
container_name: nginx-gmssl
image: nginx-gmssl:1.18.0
build:
context: .
dockerfile: Dockerfile
restart: always
ports:
- 10001:80
- 10002:443
volumes:
# 证书目录
- ./certs:/certs
# nginx配置文件
- ./nginx.conf:/usr/local/nginx/conf/nginx.confnginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# HTTP
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS
server {
listen 443 ssl;
server_name localhost;
# 证书
ssl_certificate /certs/user.crt;
ssl_certificate_key /certs/user.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
}
生成SM2私钥及证书请求
gmssl ecparam -genkey -name sm2p256v1 -text -out user.key
gmssl req -new -key user.key -out user.req用私钥对csr进行自签名
gmssl x509 -req -days 36500 -sm3 -in user.req -signkey user.key -out user.crt生成的证书即可应用于上方.
- crt转cer
gmssl x509 -inform pem -in user.crt -outform der -out user.cer- PKCS 转成crt
openssl pkcs12 -in cacert.p12 -out mycerts.crt -nokeys -clcerts- PEM转成PKCS12
openssl pkcs12 -export -out cacert.p12 -in cacert.pem- 查看证书内容
pet\crt格式(begin..end格式base64):
gmssl x509 -in user.crt -text -nooutder\cer(hex)格式:
gmssl x509 -in user.cer -inform der -text -noout