step 1. 將httpd容器中/usr/local/apache2/conf/httpd.conf和/usr/local/apache2/conf/extra/httpd-ssl.conf 拷貝出來用於修改
docker cp命令:
step 2. 將/usr/local/apache2/conf/httpd.conf中下面的三行取消注釋根據 https://hub.docker.com/_/httpd httpd鏡像對 SSL/HTTPS 的描述:
removing the comment symbol from the following lines:
... #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ... #LoadModule ssl_module modules/mod_ssl.so ... #Include conf/extra/httpd-ssl.conf ...
step 3. 配置/usr/local/apache2/conf/extra/httpd-ssl.conf
# 添加 SSL 協議支持協議,去掉不安全的協議
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 證書公鑰配置
SSLCertificateFile conf/server.crt
# 證書私鑰配置
SSLCertificateKeyFile conf/server.key
# 證書鏈配置,如果該屬性開頭有 '#'字符,請刪除掉
SSLCertificateChainFile conf/server-ca.crt
step 4. 在網站根目錄創建Dockefile並運行From httpd:latest COPY . /usr/local/apache2/htdocs/ COPY ./cert/server.crt /usr/local/apache2/conf/server.crt COPY ./cert/server.key /usr/local/apache2/conf/server.key COPY ./cert/server-ca.crt /usr/local/apache2/server-ca.crt COPY ./conf/httpd.conf /usr/local/apache2/conf/httpd.conf COPY ./conf/httpd-ssl.conf /usr/local/apache2/extra/httpd-ssl.conf CMD ["httpd-foreground"]
將證書拷貝到項目目錄./cert/server.crt ./cert/server.key ./cert/server-ca.crt
docker build -t mydockerimage .
docker run -it -d -p 80:80 -p 443:443 mydockerimage