此例反代 NextCloud,使用 Docker Link 功能以避免暴露容器端口。

docker run -d --name="nginx" \
    -p port:port \ #開放外部端口
    -v /var/nginx/conf.d:/etc/nginx/conf.d \ #配置分離
    -v /var/nginx/ssl-ca:/etc/ssl-ca \ #SSL 證書目錄
    --link nextcloud:80 \ #連接容器
    --restart=always nginx

Conf

!/var/nginx/conf.d/server.conf

# vhost of nextcloud with proxy

server {
        listen port;
        ssl on;
        ssl_certificate /etc/ssl-ca/ssl.pem;
        ssl_certificate_key /etc/ssl-ca/ssl.key;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
        server_name your.domain;
        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_pass_header Set-Cookie;
                proxy_pass_header X-CSRF-TOKEN;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://nextcloud:80;
        }
}