Skip to content

Docker 安装 Nginx

一体化负载均衡器、反向代理、Web 服务器、内容缓存和 API 网关。

Nginx 镜像库

拉取镜像

sh
docker pull nginx:latest

创建 Nginx 挂载文件

sh
mkdir -p /wwwroot/nginx/conf
mkdir -p /wwwroot/nginx/conf.d
mkdir -p /wwwroot/nginx/log
mkdir -p /wwwroot/nginx/html

运行容器

sh
docker run \
--restart=always \
--name nginx \
--net xunet --ip 172.18.0.5 \
-p 80:80 -p 443:443 \
-v /wwwroot/nginx/html:/usr/share/nginx/html \
-v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /wwwroot/nginx/conf.d:/etc/nginx/conf.d \
-v /wwwroot/nginx/logs:/var/log/nginx \
-v /etc/ssl/certs:/etc/ssl/certs \
-d nginx

参数说明:

  • --net xunet --ip 172.18.0.5:将容器连接到网络 xunet,并指定 IP 地址

  • -v /wwwroot/nginx/html:/usr/share/nginx/html:挂载 nginx 内容

  • -v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:挂载 nginx.conf 配置文件

  • -v /wwwroot/nginx/conf.d:/etc/nginx/conf.d:挂载 nginx 配置文件

  • -v /wwwroot/nginx/logs:/var/log/nginx:挂载 nginx 日志文件

  • -v /etc/ssl/certs:/etc/ssl/certs:挂载 nginx ssl 证书文件

单行模式

sh
docker run --restart=always --name nginx --net xunet --ip 172.18.0.5 -p 80:80 -p 443:443 -v /wwwroot/nginx/html:/usr/share/nginx/html -v /wwwroot/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /wwwroot/nginx/conf.d:/etc/nginx/conf.d -v /wwwroot/nginx/logs:/var/log/nginx -v /etc/ssl/certs:/etc/ssl/certs -d nginx

配置文件

  • 配置 /wwwroot/nginx/conf/nginx.conf
nginx
#nginx.conf

#运行nginx的用户
#user  nginx;
user root;

#启动进程设置成和CPU数量相等
worker_processes  1;

#全局错误日志及PID文件的位置
error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

#工作模式及连接数上限

events {
    #单个后台work进程最大并发数设置为1024
    worker_connections  1024;
}

http {
    #当上游服务器响应头回来后,可以根据响应状态码的值进行拦截错误处理,与error_page 指令相互结合
    proxy_intercept_errors on;
    #这个指令指定是否传递4xx和5xx错误信息到客户端,或者允许nginx使用error_page处理错误信息。
    fastcgi_intercept_errors on;

    #设定mime类型
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    #设定日志格式
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #设置连接超时的事件
    keepalive_timeout  65;
    #开启GZIP压缩
    #gzip  on;

    upstream webapi.gateway.net6 {
        server 172.18.0.1:8000 weight=3;
    }

    include /etc/nginx/conf.d/*.conf;
}
  • 配置 /wwwroot/nginx/conf.d/default.conf
nginx
# default.conf

server {
    listen 80;
    #填写绑定证书的域名
    server_name www.xxxxxx.com;
    #把http的域名请求转成https,相当于用户访问http也可以自动跳转到https,避免出现网页提示不安全
    return 301 https://$host$request_uri;
}
server {
    listen 80;
    #填写绑定证书的域名
    server_name api.xxxxxx.com;
    #把http的域名请求转成https,相当于用户访问http也可以自动跳转到https,避免出现网页提示不安全
    return 301 https://$host$request_uri;
}
server {
    listen  443 ssl;
    server_name  www.xxxxxx.com;
    ssl_certificate /etc/ssl/certs/www.xxxxxx.com.pem;
    ssl_certificate_key /etc/ssl/certs/www.xxxxxx.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
        root   /usr/share/nginx/html/www;
        index index.html index.htm;
        try_files $uri $uri/ $uri.html /404.html;
        client_max_body_size  100m;
    }
}
server {
    listen  443 ssl;
    server_name  api.xxxxxx.com;
    ssl_certificate /etc/ssl/certs/api.xxxxxx.com.pem;
    ssl_certificate_key /etc/ssl/certs/api.xxxxxx.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://webapi.gateway.net6/;
        client_max_body_size  100m;
    }
}
你觉得这篇文章怎么样?
  • 0
  • 0
  • 0
  • 0
  • 0
  • 0
评论
  • 按正序
  • 按倒序
  • 按热度