Docker 安装 Nginx
一体化负载均衡器、反向代理、Web 服务器、内容缓存和 API 网关。
拉取镜像
sh
docker pull nginx:latest创建 Nginx 挂载文件
sh
mkdir -p /wwwroot/nginx/conf
mkdir -p /wwwroot/nginx/conf.d
mkdir -p /wwwroot/nginx/log
mkdir -p /wwwroot/nginx/html运行容器
sh
docker run \
--restart=always \
--name nginx \
--net xunet --ip 172.18.0.5 \
-p 80:80 -p 443:443 \
-v /wwwroot/nginx/html:/usr/share/nginx/html \
-v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /wwwroot/nginx/conf.d:/etc/nginx/conf.d \
-v /wwwroot/nginx/logs:/var/log/nginx \
-v /etc/ssl/certs:/etc/ssl/certs \
-d nginx参数说明:
--net xunet --ip 172.18.0.5:将容器连接到网络 xunet,并指定 IP 地址
-v /wwwroot/nginx/html:/usr/share/nginx/html:挂载 nginx 内容
-v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:挂载 nginx.conf 配置文件
-v /wwwroot/nginx/conf.d:/etc/nginx/conf.d:挂载 nginx 配置文件
-v /wwwroot/nginx/logs:/var/log/nginx:挂载 nginx 日志文件
-v /etc/ssl/certs:/etc/ssl/certs:挂载 nginx ssl 证书文件
单行模式
sh
docker run --restart=always --name nginx --net xunet --ip 172.18.0.5 -p 80:80 -p 443:443 -v /wwwroot/nginx/html:/usr/share/nginx/html -v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /wwwroot/nginx/conf.d:/etc/nginx/conf.d -v /wwwroot/nginx/logs:/var/log/nginx -v /etc/ssl/certs:/etc/ssl/certs -d nginx配置文件
- 配置 /wwwroot/nginx/conf/nginx.conf
nginx
#nginx.conf
#运行nginx的用户
#user nginx;
user root;
#启动进程设置成和CPU数量相等
worker_processes 1;
#全局错误日志及PID文件的位置
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
#工作模式及连接数上限
events {
#单个后台work进程最大并发数设置为1024
worker_connections 1024;
}
http {
#当上游服务器响应头回来后,可以根据响应状态码的值进行拦截错误处理,与error_page 指令相互结合
proxy_intercept_errors on;
#这个指令指定是否传递4xx和5xx错误信息到客户端,或者允许nginx使用error_page处理错误信息。
fastcgi_intercept_errors on;
#设定mime类型
include /etc/nginx/mime.types;
default_type application/octet-stream;
#设定日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#设置连接超时的事件
keepalive_timeout 65;
#开启GZIP压缩
#gzip on;
upstream webapi.gateway.net6 {
server 172.18.0.1:8000 weight=3;
}
include /etc/nginx/conf.d/*.conf;
}- 配置 /wwwroot/nginx/conf.d/default.conf
nginx
# default.conf
server {
listen 80;
#填写绑定证书的域名
server_name www.xxxxxx.com;
#把http的域名请求转成https,相当于用户访问http也可以自动跳转到https,避免出现网页提示不安全
return 301 https://$host$request_uri;
}
server {
listen 80;
#填写绑定证书的域名
server_name api.xxxxxx.com;
#把http的域名请求转成https,相当于用户访问http也可以自动跳转到https,避免出现网页提示不安全
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name www.xxxxxx.com;
ssl_certificate /etc/ssl/certs/www.xxxxxx.com.pem;
ssl_certificate_key /etc/ssl/certs/www.xxxxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html/www;
index index.html index.htm;
try_files $uri $uri/ $uri.html /404.html;
client_max_body_size 100m;
}
}
server {
listen 443 ssl;
server_name api.xxxxxx.com;
ssl_certificate /etc/ssl/certs/api.xxxxxx.com.pem;
ssl_certificate_key /etc/ssl/certs/api.xxxxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://webapi.gateway.net6/;
client_max_body_size 100m;
}
}
