step 1. 将httpd容器中/usr/local/apache2/conf/httpd.conf和/usr/local/apache2/conf/extra/httpd-ssl.conf 拷贝出来用于修改
docker cp命令:
step 2. 将/usr/local/apache2/conf/httpd.conf中下面的三行取消注释根据 https://hub.docker.com/_/httpd httpd镜像对 SSL/HTTPS 的描述:
removing the comment symbol from the following lines:
... #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ... #LoadModule ssl_module modules/mod_ssl.so ... #Include conf/extra/httpd-ssl.conf ...
step 3. 配置/usr/local/apache2/conf/extra/httpd-ssl.conf
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile conf/server.crt
# 证书私钥配置
SSLCertificateKeyFile conf/server.key
# 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile conf/server-ca.crt
step 4. 在网站根目录创建Dockefile并运行From httpd:latest COPY . /usr/local/apache2/htdocs/ COPY ./cert/server.crt /usr/local/apache2/conf/server.crt COPY ./cert/server.key /usr/local/apache2/conf/server.key COPY ./cert/server-ca.crt /usr/local/apache2/server-ca.crt COPY ./conf/httpd.conf /usr/local/apache2/conf/httpd.conf COPY ./conf/httpd-ssl.conf /usr/local/apache2/extra/httpd-ssl.conf CMD ["httpd-foreground"]
将证书拷贝到项目目录./cert/server.crt ./cert/server.key ./cert/server-ca.crt
docker build -t mydockerimage .
docker run -it -d -p 80:80 -p 443:443 mydockerimage