Docker搭建Nginx

前提环境

需要以下目录和文件

/data/nginx/conf
/data/nginx/html
/data/nginx/logs
/data/nginx/nginx.conf

mkdir -p /data/nginx/{conf,html,logs}

将以下配置内容拷贝到/data/nginx/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

将以下内容拷贝到 /data/nginx/conf.d/default.conf

server {
    listen         443 ssl;
    server_name    kortin.cn www.kortin.cn;

    # 注意文件位置是从 /etc/nginx 开始的
    ssl_certificate      kortin.cn_bundle.crt; # https的证书文件路径
    ssl_certificate_key  kortin.cn.key; # https的证书文件路径
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    # 这里是腾讯云的配置，阿里云的ssl_ciphers请上阿里云查看
    ssl_prefer_server_ciphers on;

    location /api {
        # 接口前缀为/api开头的，全部转发至java后端服务，可以配置多个location
        proxy_pass <http://1.117.110.60:20080>;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

# 将http重定向到https
server {
    listen      80;
    server_name kortin.cn www.kortin.cn;
    return 301  https://$host$request_uri;
}

将下载的ssl证书拷贝到/data/nginx/conf/certs

scp -i ~/.ssh/id_rsa -r ./kortin.cn_bundle.crt [email protected]:/data/nginx/conf/certs
scp -i ~/.ssh/id_rsa -r ./kortin.cn.key [email protected]:/data/nginx/conf/certs

一、使用命令

命令片段

docker run -d --restart=always -v /data/nginx/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/logs:/var/log/nginx -v /data/nginx/conf/certs:/etc/nginx/certs -v /data/nginx/conf.d:/etc/nginx/conf.d -v /data/nginx/conf/certs/kortin.cn_bundle.crt:/etc/nginx/conf/certs/kortin.cn_bundle.crt -v /data/nginx/conf/certs/kortin.cn.key:/etc/nginx/conf/certs/kortin.cn.key -p 80:80 -p 443:443 --name nginx nginx

格式化

docker run -d --restart=always \\
-v /data/nginx/nginx.conf:/etc/nginx/nginx.conf \\
-v /data/nginx/html:/usr/share/nginx/html \\
-v /data/nginx/logs:/var/log/nginx \\
-v /data/nginx/conf/certs:/etc/nginx/certs \\
-v /data/nginx/conf.d:/etc/nginx/conf.d \\
-v /data/nginx/conf/certs/kortin.cn_bundle.crt:/etc/nginx/conf/certs/kortin.cn_bundle.crt \\
-v /data/nginx/conf/certs/kortin.cn.key:/etc/nginx/conf/certs/kortin.cn.key \\
-p 80:80 -p 443:443 --name nginx \\
nginx

前提环境

一、使用命令

二、使用compose编排