add cert

docker-compose.yml

@@ -19,6 +19,9 @@ services:
     image: nginx:latest
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./nginx/cert/trane.trane-optimizer.com.cn.key:/etc/nginx/cert/trane.trane-optimizer.com.cn.key
+      - ./nginx/cert/trane.trane-optimizer.com.cn.pem:/etc/nginx/cert/trane.trane-optimizer.com.cn.pem
+
     ports:
       - 80:80
       - 443:443

nginx/cert/trane.trane-optimizer.com.cn.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAxa7lim3OIp4ZOz4WWtLjhe8DMGivbao40WMAg+Sj/I5QrwMV
+4OVgps2hSxvW3NOvZOvGUyxRNTBY5nHyCuxvPCdIxvbNgxAcFwOJzRiJqTPB6oCt
+m3nM2B8jM3kHdbbHNRE62J6wr00aIRxVIZHZkKbsqAH8FzlvFZzmveuV+ZNhdKbP
+MZbod3jjtvnE2hM1ueitxej44XVShc4YfWv6eSFqt6v9TCLO76WjKeePBlrOuhJ4
+sRCLmBupezVeK2/Ku+gkiLeuDdIHf0oLH5XLEeSjkBnP/8/ludGPEBShhiahgwah
+ywYtYr8FQsP5Yrg9SpmbDaD4+9tYZndK91zWMwIDAQABAoIBAErxA+oXuJbdErmn
+zve9jS3AL5hRh3fumT2f55kYu6ZKGYJPjCLHMn3p5KTBuBHdWlfLHlN3sI2Wd41d
+UyIbAgxu5CMxezWdjNiYqcwL6lwv1+rbv3T6ltKz8zdXQaG5mgmfL4zhlB/Q/f/h
+atCgJze0YHFM11HCnz81TTBguGl1b+CW864syREwMXsQEr/AOd1ZS8d0fosVzQqw
++tyH8oMlDfCJWFH8hn6QqGDhyF6Qp2kCSofB/WLA2ou7VrdzPKzTUnU/UnXb56au
+H8oTd0FiP/0AY5JkKZA4yM8wJUn3gpexik4jQqwzoApYg1MPPnsZK2YapJ9JfqBX
+obeNBGECgYEA8wHXtFrT+r/I3kJ418SMpvODUNRGGYnWaha5dGbDPZWHO+aUjp0U
+4SmgiRhC/fuIYEN6WkALyhaKqD5ZX0EEX+U+hEnO/g+IOVHV7jeZYzpI8xgmwXNy
+NrRP0oWuinurqZ9IFS33I1F6nTveTF3RQDZewcVKpSCuU33JuCPjJmMCgYEA0ECu
+r6AtTarl1OPnTBEteWteqgpFHg5YpPrHzJkeWzJuc8uQ0uqks1l80BzE9ZrG/pOs
+wyirbhapQdECgc7gtyij7Mw3+pdxBEb34mtWVaMFsR13lvv6+RJSPDoExnP+gyJc
+EzdqWBAmvS20yY4VFSU22yUOaMYVJV4pBhVccfECgYA59XOMKamrgbiYAkSuOcvO
+OgBU8/wwNSb1sKvU7nmco6BYkhtWlHKZbYNDj4zS5P5W72EsS2BEd/HkRNKuHGS9
+toCdrrj28Z9tBG7A3XPxLcKecGE1/KH+GC19qbLChtKfp0TbAFaUjuduvwu7LRku
+dolNMBAoqE3LzhGhoLWZvwKBgBlm6mftx9jjcaloKzxyE/Ptjtx66DdkVJe7J0fj
+nXpOSn7BY+b2TCS8U6cm+zdiK8e9x6L+gPqqtPacQgwHag2tXWFy/5kHg/ebmHz7
+zsofWoBiMcYu8kwTWgiSoyZ525+vPz/w0H3xamhE/Ppg5F1x7qEIghtxnf6y35oo
+XOBhAoGACfZrU90OpMBrKW2AgdlgZxMHv2w4fyn2lpkOEm8dLcQo58HW9T6TUhYh
+C8jdmG2klX5QTIUfo430GtfgYSN5VENTlQaawZSwM1VLQN4DW1cD0qrzNiow8nY2
+RVh1Q1W9vQvzuvTHcKXpvILAz85Hy/gWLTkMdcl7KC2o+Gpm+TA=
+-----END RSA PRIVATE KEY-----

nginx/cert/trane.trane-optimizer.com.cn.pem

@@ -0,0 +1,76 @@
+-----BEGIN CERTIFICATE-----
+MIIHpjCCBY6gAwIBAgIQBLwP9I/dPvsDGsv6Cwx2DDANBgkqhkiG9w0BAQsFADBc
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
+K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
+MjQwODE2MDAwMDAwWhcNMjUwODE1MjM1OTU5WjAnMSUwIwYDVQQDExx0cmFuZS50
+cmFuZS1vcHRpbWl6ZXIuY29tLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAxa7lim3OIp4ZOz4WWtLjhe8DMGivbao40WMAg+Sj/I5QrwMV4OVgps2h
+SxvW3NOvZOvGUyxRNTBY5nHyCuxvPCdIxvbNgxAcFwOJzRiJqTPB6oCtm3nM2B8j
+M3kHdbbHNRE62J6wr00aIRxVIZHZkKbsqAH8FzlvFZzmveuV+ZNhdKbPMZbod3jj
+tvnE2hM1ueitxej44XVShc4YfWv6eSFqt6v9TCLO76WjKeePBlrOuhJ4sRCLmBup
+ezVeK2/Ku+gkiLeuDdIHf0oLH5XLEeSjkBnP/8/ludGPEBShhiahgwahywYtYr8F
+QsP5Yrg9SpmbDaD4+9tYZndK91zWMwIDAQABo4IDlzCCA5MwHwYDVR0jBBgwFoAU
+8JyF/aKffY/JaLvV1IlNHb7TkP8wHQYDVR0OBBYEFEWjL3FJdUfK0rdEdDDtQU/E
+Ks70MCcGA1UdEQQgMB6CHHRyYW5lLnRyYW5lLW9wdGltaXplci5jb20uY24wPgYD
+VR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdp
+Y2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGln
+aWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJDQTEu
+Y3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vUmFwaWRTU0xHbG9i
+YWxUTFNSU0E0MDk2U0hBMjU2MjAyMkNBMS5jcmwwgYcGCCsGAQUFBwEBBHsweTAk
+BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFEGCCsGAQUFBzAC
+hkVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vUmFwaWRTU0xHbG9iYWxUTFNS
+U0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQwDAYDVR0TAQH/BAIwADCCAX0GCisGAQQB
+1nkCBAIEggFtBIIBaQFnAHYA3dzKNJXX4RYF55Uy+sef+D0cUN/bADoUEnYKLKy7
+yCoAAAGRWfRMMgAABAMARzBFAiB88QEs9CmvqW9bz1KN8/+7Pt54PbUAJYIfUvot
+WEKWVAIhAPlg9cGVmOYj5BVZh8VnARY+z93FcwTID/wFHBT63TJMAHYAfVkeEuF4
+KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGRWfRMMgAABAMARzBFAiEAgIHJ
+qoRUyoDuqJpg501LN339usAvD+BVslD9/nwFiUYCID0FBXxiTemSr3Hj5cimfFwK
+LzvpIIGUPLECbfHcUKOIAHUA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43
+jlAAAAGRWfRMPQAABAMARjBEAiAg0XyxM3oQDVqY4xhEE1fZ3CE0fwSUj1qxHRC5
+2mzLogIgTzLRM3YSkBIUVn9ZwT6j2iYPIf4Z+IlAKkCBPc8NDnwwDQYJKoZIhvcN
+AQELBQADggIBAB38oNdtrxdO5V1toWV6VUQohjgzvcAQX8Xqg54igpHK1u8S8YsD
+ikXc4dt6lHFEk4YAPxXnHTU+TkZpeYqC6O+8NhbD2c+4o+35x/+74yS8pXCDkZYt
+0H4p3usXumyE0OgDJgFDBSGkmUrwbcUT8FdTLieU0eLw53+ol6ceJPEl1FdaKo0O
+tb1r9VcspfLzdmQ+bJ+GkIw8Heab17S3CB7Fb87pqpfg6RAxdLpledeTE5OAcB28
+uOXKW2XEIY9sqq/5AqeAPGhGO3Ag7F523PGHeTWsHbH8ECpcT7ORscbyNGfsJKff
+ZJojo0CPdWw9F4y/2iMHFJm/xJb19noLuO+4I6ZGe8m3GpJSQI/kmY753EHFAWxu
+H4nebqGCIWXYm5L8XLCoG7AFum4yDH9czEcrB/CtX8lLJKkMsYh9BG6/Sv3mHl9u
+6ddMkhI+V1MEEfi1SdWt7P+68m8rhQrKNuV6STMfjYCea5bCkeGbisafWGtHEbf1
+f5sPAKqtsVsMwnGtea/VaI59Mfld3De0Z1wcWQpw1gPIdwfrj/h0noMle8aNqQAo
+2MEICt2Ok5Z/ZUfKsXJ9dEYrK9r36IPOr4O+NxbjwY1DlDHqgVKxZLaZ+mnUwpIm
+HGYAUA2+UQpd8CfNXlF5D8QeA2wds0+sw6zQjkwfN236aq58bnjy7vJM
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFyzCCBLOgAwIBAgIQCgWbJfVLPYeUzGYxR3U4ozANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrUmFwaWRTU0wgR2xv
+YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAKY5PJhwCX2UyBb1nelu9APen53D5+C40T+BOZfSFaB0
+v0WJM3BGMsuiHZX2IHtwnjUhLL25d8tgLASaUNHCBNKKUlUGRXGztuDIeXb48d64
+k7Gk7u7mMRSrj+yuLSWOKnK6OGKe9+s6oaVIjHXY+QX8p2I2S3uew0bW3BFpkeAr
+LBCU25iqeaoLEOGIa09DVojd3qc/RKqr4P11173R+7Ub05YYhuIcSv8e0d7qN1sO
+1+lfoNMVfV9WcqPABmOasNJ+ol0hAC2PTgRLy/VZo1L0HRMr6j8cbR7q0nKwdbn4
+Ar+ZMgCgCcG9zCMFsuXYl/rqobiyV+8U37dDScAebZTIF/xPEvHcmGi3xxH6g+dT
+CjetOjJx8sdXUHKXGXC9ka33q7EzQIYlZISF7EkbT5dZHsO2DOMVLBdP1N1oUp0/
+1f6fc8uTDduELoKBRzTTZ6OOBVHeZyFZMMdi6tA5s/jxmb74lqH1+jQ6nTU2/Mma
+hGNxUuJpyhUHezgBA6sto5lNeyqc+3Cr5ehFQzUuwNsJaWbDdQk1v7lqRaqOlYjn
+iomOl36J5txTs0wL7etCeMRfyPsmc+8HmH77IYVMUOcPJb+0gNuSmAkvf5QXbgPI
+Zursn/UYnP9obhNbHc/9LYdQkB7CXyX9mPexnDNO7pggNA2jpbEarLmZGi4grMmf
+AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTwnIX9
+op99j8lou9XUiU0dvtOQ/zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3R
+VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
+cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
+RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD
+VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC
+AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAfjh/s1f5dDdfm0sNm74/dW
+MbbsxfYV1LoTpFt+3MSUWvSbiPQfUkoV57b5rutRJvnPP9mSlpFwcZ3e1nSUbi2o
+ITGA7RCOj23I1F4zk0YJm42qAwJIqOVenR3XtyQ2VR82qhC6xslxtNf7f2Ndx2G7
+Mem4wpFhyPDT2P6UJ2MnrD+FC//ZKH5/ERo96ghz8VqNlmL5RXo8Ks9rMr/Ad9xw
+Y4hyRvAz5920myUffwdUqc0SvPlFnahsZg15uT5HkK48tHR0TLuLH8aRpzh4KJ/Y
+p0sARNb+9i1R4Fg5zPNvHs2BbIve0vkwxAy+R4727qYzl3027w9jEFC6HMXRaDc=
+-----END CERTIFICATE-----

nginx/nginx.conf

@@ -1,6 +1,22 @@
 server {
     listen 80;
-    
+
+    server_name trane.trane-optimizer.com.cn;
+    return 301 https://trane.trane-optimizer.com.cn$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name trane.trane-optimizer.com.cn;
+
+    ssl_certificate /etc/nginx/cert/trane.trane-optimizer.com.cn.pem;
+    ssl_certificate_key /etc/nginx/cert/trane.trane-optimizer.com.cn.key;
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
     location / {
         proxy_pass http://frontend:80;  
         proxy_set_header Host $host;
@@ -16,4 +32,4 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
-}
+}