zoukankan      html  css  js  c++  java
  • 使用Docker编译OpenResty支持国密ssl加密

    编译环境

    执行编译操作环境如下

    #操作系统
    CentOS Linux release 7.4.1708 (Core)
    #docker版本
     Version:           19.03.5
    

    编译过程

    Dockerfile

    FROM centos:7
    
    WORKDIR  /usr/local/gm-openresty
    # 安装所需依赖包
    RUN yum -y install perl make gcc gcc-c++ libstdc++-devel pcre-devel zlib-devel net-tools pcre wget && 
    yum clean all && 
    wget https://www.gmssl.cn/gmssl/Tool_Down?File=gmssl_openssl_1.1_b4.tar.gz && tar xzfm Tool_Down?File=gmssl_openssl_1.1_b4.tar.gz -C /usr/local && 
    wget https://openresty.org/download/openresty-1.19.3.1.tar.gz && tar xzfm openresty-1.19.3.1.tar.gz && 
    ln -s /usr/lib64/libpcre.so.1 /usr/lib64/libpcre.so.3
    
    RUN sed -i 's#$OPENSSL/.openssl/#$OPENSSL/#p' /usr/local/gm-openresty/openresty-1.19.3.1/bundle/nginx-1.19.3/auto/lib/openssl/conf && 
    cd openresty-1.19.3.1/ && 
    ./configure 
    --without-http_gzip_module 
    --with-http_ssl_module 
    --with-http_stub_status_module 
    --with-http_v2_module 
    --with-file-aio 
    --with-openssl="/usr/local/gmssl" 
    --with-cc-opt="-I/usr/local/gmssl/include" 
    --with-ld-opt="-lm" && 
    make install && 
    rm -rf /usr/local/gm-openresty/* && 
    ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log && 
    ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log
    
    # Add additional binaries into PATH for convenience
    ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
    
    EXPOSE 80 443
    CMD ["/usr/bin/openresty", "-g", "daemon off;"]
    
    # Use SIGQUIT instead of default SIGTERM to cleanly drain requests
    # See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls
    STOPSIGNAL SIGQUIT
    
    • 构建镜像
    docker build -t openresty-gm:v1 .
    
    • 启动
    docker run -it -p 80:80 -p 443:443  -v /root/openresty/cert:/usr/local/cert -v /root/openresty/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf  openresty-gm:v1 bash
    

    nginx.conf内容

    worker_processes  2;
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
    
        sendfile        on;
        keepalive_timeout  65;
    
       server
        {
          listen 0.0.0.0:80;
          listen 0.0.0.0:443 ssl;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECDHE-SM4-GCM-SM3;
          ssl_verify_client off;
    
          ssl_certificate /usr/local/cert/test.cn_RSA.crt;
          ssl_certificate_key /usr/local/cert/test.cn_RSA.key;
    
          ssl_certificate /usr/local/cert/test.cn_sm2_sign.crt;
          ssl_certificate_key /usr/local/cert/test.cn_SM2.key;
    
          ssl_certificate /usr/local/cert/test.cn_sm2_encrypt.crt;
          ssl_certificate_key /usr/local/cert/test.gov.cn_SM2.key;
    
          location /
          {
            root html;
            index index.html index.htm;
          }
       }
    }
    
    • 客户端使用360安全浏览器访问

    参考文章

  • 相关阅读:
    echarts onClick执行之前都要取消绑定一次
    echarts 打包完之后体积太大解决方案。
    saga处理多个loading最少0.5s
    SVN命令详解
    netfilter/iptables原理
    交换两个变量的值,不使用第三个变量的四种法方
    linux常用命令整理
    vi技巧
    linux进程管理的常用命令
    gcc常用命令
  • 原文地址:https://www.cnblogs.com/Aaron-23/p/14964183.html
Copyright © 2011-2022 走看看