启动docker
service start docker
创建Nginx映射的目录
mkdir -p /root/nginx/www /root/nginx/logs /root/nginx/conf
创建一个nginx.conf文件
touch /root/nginx/conf/nginx.conf
拉取nginx镜像
docker pull nginx
创建镜像实例
docker run --restart=always -d -p 80:80 -p 443:443 --name nginx -v /root/nginx/www:/usr/share/nginx/html -v /root/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /root/nginx/cert:/etc/nginx/cert -v /etc/localtime:/etc/localtime -v /root/nginx/logs:/var/log/nginx nginx
注意:这里要把80,和443端口映射出来,方便访问和加载ssl
这个时候一个nginx的镜像就启动成功了,但是nginx.conf为空,所以我们需要给nginx.conf写入一些内容
#设置低权限用户,为了安全而设置的
user nginx;
#工作衍生进程数
worker_processes auto;
# 全局错误日志路径
error_log /var/log/nginx/error.log;
# 进程pid路径
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
# 负载动态模块
include /usr/share/nginx/modules/*.conf;
# 工作模式与连接数上限
# 单个进程的最大连接数
events {
worker_connections 1024;
}
http {
#用来设置日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#用来指定日志文件的存放路径
#access_log /logs/access_nginx.log main;
#开启高效文件传输模式
sendfile on;
#防止网络阻塞
tcp_nopush on;
#防止网络阻塞
tcp_nodelay on;
#长连接超时时间,单位是秒
keepalive_timeout 65;
#散列表的冲突率,默认1024,越大则内存消耗更多,但散列key的冲突率会降低,检索速度就更快
types_hash_max_size 1024;
#文件扩展名与文件类型映射表
#include /usr/local/nginx/conf/mime.types;
#默认文件类型
default_type application/octet-stream;
#include /etc/nginx/conf.d/*.conf;
#主要是用于设置一组可以在proxy_pass和fastcgi_pass指令中使用额代理服务器,默认负载均衡方式为轮询
upstream blog_client {
server 172.19.0.14:8090;
}
#指定服务器的名称和参数
server {
listen 80;
server_name www.xxx.top;
rewrite ^(.*)$ https://$host$1 permanent;
}
#指定服务器的名称和参数
server {
listen 80;
server_name blog.xxx.top;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name www.xxx.top;
large_client_header_buffers 4 16k;
client_max_body_size 300m;
client_body_buffer_size 128k;
fastcgi_intercept_errors on;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#加载ssl
ssl_certificate cert/1_www.xxx.crt;
ssl_certificate_key cert/2_www.xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
error_page 404 /error/404.html;
location / {
proxy_pass http://blog_client;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
proxy_redirect default;
#设置代理
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .* {
proxy_pass http://blog_client;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ss {
proxy_pass http://localhost:8909;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
#设置代理
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
if ($request_method = 'OPTIONS') {
return 204;
}
}
}
server {
listen 443 ssl;
server_name blog.xxx.top;
large_client_header_buffers 4 16k;
client_max_body_size 300m;
client_body_buffer_size 128k;
fastcgi_intercept_errors on;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#加载ssl
ssl_certificate cert/1_blog.xxx.crt;
ssl_certificate_key cert/2_blog.xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
error_page 404 /error/404.html;
location / {
proxy_pass http://blog_client;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
proxy_redirect default;
#设置代理
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
if ($request_method = 'OPTIONS') {
return 204;
}
}
location ~ .* {
proxy_pass http://blog_client;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
这样一个带着ssl的Nginx 就配置好了!