方案概述
- 安装最新的 Docker(环境)
- 启动
subconverter 容器(转换后端)
- 启动
sub-web 容器(Web 前端)
- Nginx 反代两个容器
操作步骤
一、安装最新的 Docker(环境)
参考:Ubuntu 20.04 从官方源安装最新的 Docker
二、启动 subconverter 容器
项目地址:tindy2013/subconverter
Docker 镜像:tindy2013/subconverter
1
2
3
4
5
| docker run -d \
--name subconverter \
--restart=unless-stopped \
-p 25500:25500 \
tindy2013/subconverter:latest
|
三、启动 sub-web 容器
项目地址:CareyWang/sub-web
Docker 镜像:careywong/subweb
1
2
3
4
5
| docker run -d \
--name subweb \
--restart=unless-stopped \
-p 10080:80 \
careywong/subweb:latest
|
四、Nginx 反代两个容器
申请和安装下证书:
1
2
3
4
5
6
7
8
9
|
acme.sh --issue -d subconverter.ceshiku.cn --webroot /var/acme/webroot/ -k ec-256
mkdir -vp /etc/nginx/ssl/subconverter.ceshiku.cn/
acme.sh --install-cert -d subconverter.ceshiku.cn --fullchain-file /etc/nginx/ssl/subconverter.ceshiku.cn/certificate.crt --key-file /etc/nginx/ssl/subconverter.ceshiku.cn/private.key --reloadcmd "service nginx force-reload"
acme.sh --issue -d subweb.ceshiku.cn --webroot /var/acme/webroot/ -k ec-256
mkdir -vp /etc/nginx/ssl/subweb.ceshiku.cn/
acme.sh --install-cert -d subweb.ceshiku.cn --fullchain-file /etc/nginx/ssl/subweb.ceshiku.cn/certificate.crt --key-file /etc/nginx/ssl/subweb.ceshiku.cn/private.key --reloadcmd "service nginx force-reload"
|
Nginx 配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
| # 后端
server {
listen 80;
server_name subconverter.ceshiku.cn;
# 强制跳转 HTTPS
location / {
return 301 https://$server_name$request_uri;
}
# 设置证书认证用的路径
location /.well-known/acme-challenge/ {
# acme.sh --webroot 模式,认证文件生成后放置的路径
root /var/acme/webroot/;
}
}
server {
listen 443 ssl;
server_name subconverter.ceshiku.cn;
# SSL 配置
ssl_certificate /etc/nginx/ssl/subconverter.ceshiku.cn/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/subconverter.ceshiku.cn/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
location / {
proxy_pass http://127.0.0.1:25500;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
# 前端
server {
listen 80;
server_name subweb.ceshiku.cn;
# 强制跳转 HTTPS
location / {
return 301 https://$server_name$request_uri;
}
# 设置证书认证用的路径
location /.well-known/acme-challenge/ {
# acme.sh --webroot 模式,认证文件生成后放置的路径
root /var/acme/webroot/;
}
}
server {
listen 443 ssl;
server_name subweb.ceshiku.cn;
# SSL 配置
ssl_certificate /etc/nginx/ssl/subweb.ceshiku.cn/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/subweb.ceshiku.cn/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
location / {
proxy_pass http://127.0.0.1:10080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
|
之后重启 Nginx:
1
2
| nginx -s reload
service nginx restart
|
前端界面