使用 Nginx 为 MaxKB 配置 HTTPS(SSL) 安全访问


飞致云 发布于 2025-07-03 / 22 阅读 / 0 评论 /
一、概述 配置域名证书可以确保 MaxKB 服务的安全性和可访问性,本文将详细介绍如何为 MaxKB 配置域名证书。 二、配置步骤 1. 部署 MaxKB 创建基础目录 mkdir -p /fit2cloud/{apps,packages,scripts}

一、概述

配置域名证书可以确保 MaxKB 服务的安全性和可访问性,本文将详细介绍如何为 MaxKB 配置域名证书。

二、配置步骤

1. 部署 MaxKB

  • 创建基础目录

 mkdir -p /fit2cloud/{apps,packages,scripts}
  • 上传软件包


 ls /fit2cloud/packages/maxkb-pro-v1.10.7-lts-offline.tar.gz
  • 解压软件包

tar -xzvf /fit2cloud/packages/maxkb-pro-v1.10.7-lts-offline.tar.gz -C /fit2cloud/apps/
  • 执行 MaxKB 安装脚本

root@maxkb:~# cd /fit2cloud/apps/maxkb-pro-v1.10.7-lts-offline/
root@maxkb:/fit2cloud/apps/maxkb-pro-v1.10.7-lts-offline# bash install.sh
======================= 开始安装 =======================
-f docker-compose.yml -f docker-compose-pgsql.yml
[MaxKB Log]: 拷贝配置文件模板文件  -> /opt/maxkb/conf
[MaxKB Log]: 根据安装配置参数调整配置文件
time: Fri May 23 02:04:44 AM UTC 2025
[MaxKB Log]: ... 离线安装 docker
[MaxKB Log]: ... 启动 docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /etc/systemd/system/docker.service.
[MaxKB Log]: docker 安装成功
[MaxKB Log]: 检测到 Docker Compose 已安装,跳过安装步骤
[MaxKB Log]: 加载镜像
Loaded image: 1panel/maxkb-pro:v1.10.7-lts
[MaxKB Log]: 启动服务
 
WARN[0000] /opt/maxkb/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
WARN[0000] /opt/maxkb/docker-compose-pgsql.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 3/3
 ✔ Network maxkb_maxkb-network  Created0.3s
 ✔ Container pgsql              Healthy16.3s
 ✔ Container maxkb              Started12.0s
 
MaxKB 服务状态 : 正在启动
MaxKB 服务状态 : 正在启动
 
 
MaxKB 容器运行状态
time="2025-05-23T02:12:19Z" level=warning msg="/opt/maxkb/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion"
time="2025-05-23T02:12:19Z" level=warning msg="/opt/maxkb/docker-compose-pgsql.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion"
NAME      IMAGE                          COMMAND                  SERVICE   CREATED              STATUS                                 PORTS
maxkb     1panel/maxkb-pro:v1.10.7-lts   "bash -c 'rm -f /opt…"   maxkb     About a minute ago   Up About a minute (healthy)   5432/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
pgsql     1panel/maxkb-pro:v1.10.7-lts   "docker-entrypoint.s…"   pgsql     2 minutes ago        Up About a minute (healthy)            0.0.0.0:5432->5432/tcp, :::5432->5432/tcp, 8080/tcp
 
Docker 目录及文件大小 :
12G  /var/lib/docker
 
Docker 目录所在磁盘使用情况 :
Filesystem                         Size  Used Avail Use% Mounted on
/dev/mapper/ubuntu--vg-ubuntu--lv   52G   17G   33G  34% /
 
日志文件大小 :
80K  /opt/maxkb/logs/
 
MaxKB 运行目录及文件大小 :
72M  /opt
 
MaxKB 运行目录使用情况 :
Filesystem                         Size  Used Avail Use% Mounted on
/dev/mapper/ubuntu--vg-ubuntu--lv   52G   17G   33G  34% /
[MaxKB Log]: 服务启动成功!
======================= 安装完成 =======================
 
请通过以下方式访问:
 URL: http://$LOCAL_IP:8080

2.Nginx 部署测试

  • 创建目录

mkdir -p /fit2cloud/scripts/nginx/{cert,logs,conf}

  • 上传证书

root@maxkb:~# ll /fit2cloud/scripts/nginx/cert/
total 20
drwxr-xr-x 2 root root 4096 May 23 02:18 ./
drwxr-xr-x 5 root root 4096 May 23 02:17 ../
-rw-r--r-- 1 root root 4128 May 23 02:18 server.crt   # 证书文件
-rw-r--r-- 1 root root  227 May 23 02:18 server.key   # 私钥文件
  • 配置文件

sudo cat > /fit2cloud/scripts/nginx/conf/lb_http_server.conf <<'EOF'
server {
  listen 80;
  server_name maxkb.fit2cloud.com;
   
  location / {
    return 307 https://$server_name$request_uri;
  }
}
 
server {
  listen 443 ssl;
  http2 on;
  server_name maxkb.fit2cloud.com; 
   
  access_log  /var/log/nginx/maxkb_access.log  main;
       
  server_tokens off;
  ssl_certificate cert/server.crt;       
  ssl_certificate_key cert/server.key;   
   
  client_max_body_size 5000m;
   
  # 流式输出
  proxy_cache off;
  proxy_buffering off;
  chunked_transfer_encoding on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 600;
 
  location / {
        proxy_pass http://192.168.15.207:8080;  
        proxy_set_header Host $host;    
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header X-Forwarded-Proto $scheme; 
  
  }
}
EOF
  • 准备启动文件


cat > /fit2cloud/scripts/nginx/docker-compose.yml <<'EOF'
services:
  web:
    image: nginx:1.27.5
    container_name: nginx
    hostname: nginx
    ulimits:
      core: 0
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./logs:/var/log/nginx
      - ./cert:/etc/nginx/cert
      - ./conf:/etc/nginx/conf.d
EOF
  • 启动 Nginx 容器

docker-compose -f /fit2cloud/scripts/nginx/docker-compose.yml up -d
[+] Running 2/2
 ✔ Network nginx_default  Created                                                                                     0.1s
 ✔ Container nginx        Started

3. 测试访问

配置完成后,通过浏览器访问 ,如果页面正常显示且地址栏显示安全锁标志,说明域名证书配置成功。

三、注意事项

防火墙设置:确保服务器的防火墙允许 80 和 443 端口的流量。

MaxKB 配置文件:检查 MaxKB 的配置文件,确保服务监听在正确的主机地址,以便外部访问。



是否对你有帮助?