Nginx ACME 网站搭建

构建带有ACME的NGINX镜像

使用Docker Nginx进行域名证书的自动签发

使用此方法构建的Docker镜像 Docker Hub

1.创建Dockerfile 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

FROM nginx
USER root
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    echo "deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list && \
    echo "deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list && \
    apt update && apt install -y vim cron socat logrotate && apt-get clean && \
    curl https://get.acme.sh | sh -s email="my@example.com" && \
    echo "export PATH="$HOME/.acme.sh:$PATH"" >> ~/.bashrc && \
    /root/.acme.sh/acme.sh --upgrade --auto-upgrade && \
    /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt && \
    echo '#!/bin/bash' > /entry.sh && \
    echo 'echo "export Ali_Key="$Ali_Key"" >> ~/.bashrc' >> /entry.sh && \
    echo 'echo "export Ali_Secret="$Ali_Secret"" >> ~/.bashrc' >> /entry.sh && \
    echo 'if grep -q "CERT_HOME='\''/etc/nginx/ssl'\''" /root/.acme.sh/account.conf; then' >> /entry.sh && \
    echo '    echo "CERT_HOME 已经正确设置为 '\''/etc/nginx/ssl'\'',忽略操作。"' >> /entry.sh && \
    echo 'elif grep -q "CERT_HOME=" /root/.acme.sh/account.conf; then' >> /entry.sh && \
    echo '    sed -i "s|CERT_HOME=.*|CERT_HOME='\''/etc/nginx/ssl'\''|" /root/.acme.sh/account.conf' >> /entry.sh && \
    echo '    echo "CERT_HOME 已修改为 '\''/etc/nginx/ssl'\''。"' >> /entry.sh && \
    echo 'else' >> /entry.sh && \
    echo '    echo "CERT_HOME='\''/etc/nginx/ssl'\''" >> /root/.acme.sh/account.conf' >> /entry.sh && \
    echo '    echo "CERT_HOME 已添加为 '\''/etc/nginx/ssl'\''。"' >> /entry.sh && \
    echo 'fi' >> /entry.sh && \
    echo 'sed -i "s/ACCOUNT_EMAIL='\''my@example.com'\''/ACCOUNT_EMAIL='\''$Email'\''/" /root/.acme.sh/account.conf' >> /entry.sh && \
    echo 'service nginx start' >> /entry.sh && \
    echo 'service cron start' >> /entry.sh && \
    echo 'tail -f /dev/null' >> /entry.sh && \
    chmod +x /entry.sh
ENTRYPOINT ["/entry.sh"]

2.构建镜像并推送 

1
2
3
4

docker build -t nginx_acme .
docker tag nginx_acme ningjx/nginx_acme
docker login
docker push ningjx/nginx_acme:latest

3.签发证书 

1

docker exec [container-name] /root/.acme.sh/acme.sh --issue --dns dns_ali -d xxxx.com -d www.xxxx.com  --reloadcmd 'service nginx force-reload'

4.管理已生成的证书 

1
2

docker exec [container-name] /root/.acme.sh/acme.sh --info -d xxxx.com #查看证书信息
docker exec [container-name] /root/.acme.sh/acme.sh --list #列出所有管理的证书

5.其他命令 

1
2
3

acme.sh --renew -d example.com
acme.sh --renew-all
acme.sh --revoke -d example.com