Docker搭建nginx
- 拉取镜像
docker pull nginx
-
文件目录
- 启动基础容器用于资源拷贝
docker run -d --name=nginx01 nginx- 创建本地目录,用于存放Nginx的相关文件信息.
# mkdir -p ~/nginx/logs ~/nginx/conf ~/nginx/conf/conf.d ~/nginx/www- www: 目录将映射为 nginx 容器配置的虚拟目录。
- logs: 目录将映射为 nginx 容器的日志目录。
- conf: 目录里的配置文件将映射为 nginx 容器的配置文件。
日志文件位置:/var/log/nginx 配置文件位置: /etc/nginx 资源存放的位置: /usr/share/nginx/html- 拷贝配置文件
docker cp [容器id]:/etc/nginx ./conf?``` cd ~/nginx/conf #nginx.conf文件复制到conf目录下 docker cp nginx01:/etc/nginx/nginx.conf nginx.conf #把容器中的default.conf文件复制到conf目录下 docker cp nginx01:/etc/nginx/conf.d/default.conf ~/nginx/conf/conf.d #删除镜像 docker rm -f nginx01 ?``` -
部署命令
docker run --rm -d -p 80:80 --name proxy_nginx \ -v ~/nginx/www:/usr/share/nginx/html \ -v ~/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \ -v ~/nginx/logs:/var/log/nginx \ nginx -
修改default.conf文件
server { listen 80; #监听的端口 server_name www.一级域名.com; #监听的URL location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:6666;#这里写需要转发的地址 } } server { listen 80; #监听的端口 server_name web.一级域名.com; #监听的URL location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8082;#这里写需要转发的地址 } } server { listen 80; #监听的端口 server_name api.一级域名.com; #监听的URL location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:9999;#这里写需要转发的地址 } }
https
运行nginx代理
docker run --detach \
--restart always \
--name proxy_nginx \
-p 443:443\
-p 80:80 \
-v /root/nginx/data:/usr/share/nginx/html:rw\
-v /root/nginx/conf/nginx.conf:/etc/nginx/nginx.conf/:rw\
-v /root/nginx/conf/conf.d/default.conf:/etc/nginx/conf.d/default.conf:rw\
-v /root/nginx/logs:/var/log/nginx/:rw\
-v /root/nginx/ssl:/ssl/:rw\
-d nginx
修改default.conf文件
server {
listen 80; #监听的端口
listen 443 ssl;
server_name www.defult.com; #监听的URL
# 增加ssl
#ssl on; #如果强制HTTPs访问,这行要打开
ssl_certificate /ssl/www.defult.com.pem;
ssl_certificate_key /ssl/www.defult.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# 指定密码为openssl支持的格式
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式
ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090;#这里写需要转发的地址
}
}
强制https
server {
listen 80;
server_name www.defult.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name www.defult.com; #监听的URL
# 增加ssl
#ssl on; #如果强制HTTPs访问,这行要打开
ssl_certificate /ssl/www.defult.com.pem;
ssl_certificate_key /ssl/www.defult.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# 指定密码为openssl支持的格式
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式
ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090;#这里写需要转发的地址
}
}