1、docker启动命令：将443端口映射出来，其中注意 /root/app/nginx/ai-ssl（证书存放路径）、/data/app/ai-nginx/nginx.conf(nginx的配置路径)
docker run -d --restart=always -p 12324:80 -p 8443:443 -v /root/app/nginx/ai-ssl:/etc/ssl/agent -v /data/app/ai-nginx/nginx.conf:/etc/nginx/nginx.conf registry.cn-hangzhou.aliyuncs.com/suqinghua/ai-web:0.0.1
2、配置 /data/app/ai-nginx/nginx.conf文件，暴露443端口：

server {listen       443 ssl;server_name  localhost;add_header X-Frame-Options DENY;  # 可以根据需求选择 DENY、SAMEORIGIN 或 ALLOW-FROMssl_certificate /etc/ssl/agent/ca.crt;  #证书路径及文件名ssl_certificate_key /etc/ssl/agent/ca.key; #证书路径及文件名ssl_session_timeout  5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;add_header Permissions-Policy "microphone=*" always;#add_header Feature-Policy "microphone *" always;location / {root   /home/nginx/www/dist/digital-web;try_files $uri $uri/ /index.html;index  index.html index.htm;}location /prod-api/{proxy_cache off; # 转发流式数据proxy_buffering off;chunked_transfer_encoding on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 300;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header REMOTE-HOST $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Scheme $scheme;  # 关键：透传HTTPS协议proxy_pass http://ip:38081/;}location /profile/{proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header REMOTE-HOST $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Scheme $scheme;  # 关键：透传HTTPS协议proxy_pass http://ip:38081/profile/;}error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}}

3、将证书放置 /root/app/nginx/ai-ssl路径下，如下：

root@ssdmx62:~/app/nginx/aihd-ssl# ls
ca.crt  ca.key

需要注意的是，文件名要与nginx中的文件名对应（下列代码出现在步骤二中的nginx.conf文件）：

    ssl_certificate /etc/ssl/agent/ca.crt;ssl_certificate_key /etc/ssl/agent/ca.key;

4、下面就可以通过域名:8443访问应用。