Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
D
docker-compose
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Leona
C
CI/CD
docker
docker-compose
Commits
3171b2a5
Commit
3171b2a5
authored
May 06, 2020
by
duanledexianxianxian
😁
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
sync
parent
301930bf
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
48 additions
and
0 deletions
+48
-0
nginx/docker-compose.yml
nginx/docker-compose.yml
+5
-0
tls.sh
tls.sh
+43
-0
No files found.
nginx/docker-compose.yml
0 → 100644
View file @
3171b2a5
version
:
3
services
:
nginx-test
:
# 容器名字
restart
:
always
# 如果容器内应用退出了,尝试重启
image
:
nginx
#表示使用 Ghost 镜像
tls.sh
0 → 100644
View file @
3171b2a5
#!/bin/bash
#创建 Docker TLS 证书
#相关配置信息
SERVER
=
"platform.kuopu.net/"
PASSWORD
=
"123456"
COUNTRY
=
"HN"
STATE
=
"湖南省"
CITY
=
"长沙市"
ORGANIZATION
=
"KIM"
ORGANIZATIONAL_UNIT
=
"KIM"
EMAIL
=
"fengyuchenglun@foxmail.com"
###开始生成文件###
echo
"开始生成文件"
#切换到生产密钥的目录
cd
/etc/docker
#生成ca私钥(使用aes256加密)
openssl genrsa
-aes256
-passout
pass:
$PASSWORD
-out
ca-key.pem 2048
#生成ca证书,填写配置信息
openssl req
-new
-x509
-passin
"pass:
$PASSWORD
"
-days
3650
-key
ca-key.pem
-sha256
-out
ca.pem
-subj
"/C=
$COUNTRY
/ST=
$STATE
/L=
$CITY
/O=
$ORGANIZATION
/OU=
$ORGANIZATIONAL_UNIT
/CN=
$SERVER
/emailAddress=
$EMAIL
"
#生成server证书私钥文件
openssl genrsa
-out
server-key.pem 2048
#生成server证书请求文件
openssl req
-subj
"/CN=
$SERVER
"
-new
-key
server-key.pem
-out
server.csr
#配置白名单 你使用的是服务器Ip的话,请将前面的DNS换成IP echo subjectAltName = IP:$SERVER,IP:0.0.0.0 >> extfile.cnf
sh
-c
'echo "subjectAltName = DNS:'
$SERVER
',IP:0.0.0.0" >> extfile.cnf'
sh
-c
'echo "extendedKeyUsage = serverAuth" >> extfile.cnf'
#使用CA证书及CA密钥以及上面的server证书请求文件进行签发,生成server自签证书
openssl x509
-req
-days
3650
-in
server.csr
-CA
ca.pem
-CAkey
ca-key.pem
-passin
"pass:
$PASSWORD
"
-CAcreateserial
-out
server-cert.pem
-extfile
extfile.cnf
#生成client证书RSA私钥文件
openssl genrsa
-out
key.pem 2048
#生成client证书请求文件
openssl req
-subj
'/CN=client'
-new
-key
key.pem
-out
client.csr
sh
-c
'echo extendedKeyUsage=clientAuth >> extfile.cnf'
#生成client自签证书(根据上面的client私钥文件、client证书请求文件生成)
openssl x509
-req
-days
3650
-in
client.csr
-CA
ca.pem
-CAkey
ca-key.pem
-passin
"pass:
$PASSWORD
"
-CAcreateserial
-out
cert.pem
-extfile
extfile.cnf
#更改密钥权限
chmod
0400 ca-key.pem key.pem server-key.pem
#更改密钥权限
chmod
0444 ca.pem server-cert.pem cert.pem
#删除无用文件
rm
client.csr server.csr
echo
"生成文件完成"
###生成结束###
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment