centos 7 Docker 部署Nginx

Scroll Down

启动docker

service start docker

创建Nginx映射的目录

mkdir -p /root/nginx/www /root/nginx/logs /root/nginx/conf

创建一个nginx.conf文件

touch /root/nginx/conf/nginx.conf

拉取nginx镜像

docker pull nginx

创建镜像实例

docker run --restart=always -d -p 80:80 -p 443:443 --name nginx -v /root/nginx/www:/usr/share/nginx/html -v /root/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /root/nginx/cert:/etc/nginx/cert -v /etc/localtime:/etc/localtime -v /root/nginx/logs:/var/log/nginx nginx

注意:这里要把80,和443端口映射出来,方便访问和加载ssl

这个时候一个nginx的镜像就启动成功了,但是nginx.conf为空,所以我们需要给nginx.conf写入一些内容

#设置低权限用户,为了安全而设置的
user nginx;

#工作衍生进程数
worker_processes auto;

# 全局错误日志路径
error_log /var/log/nginx/error.log;

# 进程pid路径
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
# 负载动态模块
include /usr/share/nginx/modules/*.conf;

# 工作模式与连接数上限
# 单个进程的最大连接数
events {
   worker_connections 1024;
}

http {
	#用来设置日志格式
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';
	#用来指定日志文件的存放路径
	#access_log /logs/access_nginx.log main;

	#开启高效文件传输模式
	sendfile      on;
	#防止网络阻塞
	tcp_nopush     on;
	#防止网络阻塞
	tcp_nodelay     on;
	#长连接超时时间,单位是秒
	keepalive_timeout  65;
	#散列表的冲突率,默认1024,越大则内存消耗更多,但散列key的冲突率会降低,检索速度就更快
	types_hash_max_size 1024;

	#文件扩展名与文件类型映射表
	#include       /usr/local/nginx/conf/mime.types;
	#默认文件类型
	default_type    application/octet-stream;

	#include /etc/nginx/conf.d/*.conf;

	#主要是用于设置一组可以在proxy_pass和fastcgi_pass指令中使用额代理服务器,默认负载均衡方式为轮询
	upstream blog_client {
		server 172.19.0.14:8090;
	}

	#指定服务器的名称和参数
	server {
		listen 80;
		server_name www.xxx.top;
		rewrite ^(.*)$ https://$host$1 permanent;
	}

	#指定服务器的名称和参数
	server {
		listen 80;
		server_name blog.xxx.top;
		rewrite ^(.*)$ https://$host$1 permanent;
	}

	server {
		listen 443 ssl;
		server_name www.xxx.top;
		large_client_header_buffers 4 16k;
		client_max_body_size 300m;
		client_body_buffer_size 128k;
		fastcgi_intercept_errors on;
		proxy_connect_timeout 600;
		proxy_read_timeout 600;
		proxy_send_timeout 600;
		proxy_buffer_size 64k;
		proxy_buffers   4 32k;
		proxy_busy_buffers_size 64k;
		proxy_temp_file_write_size 64k;
		#加载ssl
		ssl_certificate   cert/1_www.xxx.crt;
		ssl_certificate_key  cert/2_www.xxx.key;
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		ssl_session_cache builtin:1000 shared:SSL:10m;

		error_page  404   /error/404.html;
	  
		location / {
			proxy_pass http://blog_client;
			add_header Access-Control-Allow-Origin *;
			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
			add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			proxy_redirect default;
			#设置代理
			proxy_set_header HOST $host;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
		location ~ .* {
			proxy_pass http://blog_client;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
		
		location /ss {
			proxy_pass http://localhost:8909;
			add_header Access-Control-Allow-Origin *;
			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
			add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			#设置代理
			proxy_redirect default;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			if ($request_method = 'OPTIONS') {
			    return 204;
			}
		}
	}

	server {
		listen 443 ssl;
		server_name blog.xxx.top;
		large_client_header_buffers 4 16k;
		client_max_body_size 300m;
		client_body_buffer_size 128k;
		fastcgi_intercept_errors on;
		proxy_connect_timeout 600;
		proxy_read_timeout 600;
		proxy_send_timeout 600;
		proxy_buffer_size 64k;
		proxy_buffers   4 32k;
		proxy_busy_buffers_size 64k;
		proxy_temp_file_write_size 64k;
		#加载ssl
		ssl_certificate   cert/1_blog.xxx.crt;
		ssl_certificate_key  cert/2_blog.xxx.key;
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		ssl_session_cache builtin:1000 shared:SSL:10m;

		error_page  404   /error/404.html;

		location / {
			proxy_pass http://blog_client;
			add_header Access-Control-Allow-Origin *;
			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
			add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			proxy_redirect default;
			#设置代理
			proxy_set_header Host $host;
			proxy_set_header X-Forward-For $remote_addr;
			if ($request_method = 'OPTIONS') {
			    return 204;
			}
		}
		location ~ .* {
			proxy_pass http://blog_client;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
	}
}

这样一个带着ssl的Nginx 就配置好了!