共计 4010 个字符,预计需要花费 11 分钟才能阅读完成。
1.Dockerfile-nginx 文件内容:
FROM CentOS:latest
MAINTAINER nan
RUN yum -y install gcc gcc-c++ make \
openssl-devel pcre-devel gd-devel \
libxml2-devel libxslt-devel zlib-devel \
gd-devel perl-ExtUtils-Embed \
iproute net-tools telnet wget curl && \
yum clean all && \
useradd -s /sbin/nologin -M nginx && \
mkdir -p /var/tmp/nginx && \
rm -rf /var/cache/yum/
RUN wget http://nginx.org/download/nginx-1.15.9.tar.gz &&\
tar -zxvf nginx-1.15.9.tar.gz && \
cd nginx-1.15.9 && \
./configure –prefix=/usr/local/nginx –sbin-path=/usr/local/nginx/sbin/nginx \
–conf-path=/usr/local/nginx/conf/nginx.conf –error-log-path=/var/log/nginx/error.log \
–http-log-path=/var/log/nginx/access.log –pid-path=/var/run/nginx/nginx.pid \
–user=nginx –group=nginx –with-http_ssl_module –with-http_stub_status_module \
–with-threads –with-file-aio –with-http_v2_module \
–with-http_realip_module –with-http_addition_module \
–with-http_xslt_module –with-http_image_filter_module \
–with-http_sub_module –with-http_flv_module \
–with-http_mp4_module –with-http_gunzip_module \
–with-http_gzip_static_module –with-http_auth_request_module \
–with-http_secure_link_module –with-http_slice_module \
–with-http_perl_module –with-compat \
–with-stream –with-stream_ssl_module –with-stream_realip_module \
–with-http_gzip_static_module –http-client-body-temp-path=/var/tmp/nginx/client \
–http-proxy-temp-path=/var/tmp/nginx/proxy –http-fastcgi-temp-path=/var/tmp/nginx/fcgi \
–http-uwsgi-temp-path=/var/tmp/nginx/uwsgi –http-scgi-temp-path=/var/tmp/nginx/scgi –with-pcre && \
make -j 4 && make install && \
cd / && rm -rf nginx-1.15.9 && \
ls -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/nginx/sbin
WORKDIR /usr/local/nginx
EXPOSE 80
CMD [“nginx”, “-g”,”daemon off;”]
2. 构建镜像命令:
docker build -t nginx:v2 -f Dockerfile-nginx .
-t: 代表 tag -f: 指定 dockerfile 文件 . 用当前目录的环境变量
3. 从本地镜像仓库下载 nginx 镜像
docker pull xx.xx.xx.xx/library/nginx:v2
4, 在要安装 nginx 的服务器创建目录
4.1 配置文件目录:mkdir -p /opt/nginx/conf/vhost
/opt/nginx/conf 下有两个: 一个为 nginx.conf, 设置 nginx 标准配置 (随着业务可能需优化); 标准配置文件详见 nginx.conf
参考:
server_tokens off;
user nginx;
worker_processes 4;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log;
events
{
use epoll;
worker_connections 10240;
}
http{
log_format main ‘$remote_addr $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘$http_user_agent $http_x_forwarded_for $request_time $upstream_response_time $upstream_addr $upstream_status’;
access_log /var/log/nginx/access.log main;
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
send_timeout 15;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-Javascript text/css application/xml;
gzip_vary on;
include /usr/local/nginx/conf/vhost/*.conf;
}
> 另一个为 vhost,vhost 配置不同的域名解析文件 (就是真正的业务配置)
> vhost 下的文件统一命名格式: 域名.conf
参考:
upstream gw_ma {
server xx.xx.xx.xx:5601;
}
server {
listen 80;
server_name www.nan.com;
access_log /usr/local/nginx/logs/www.nan.com.log;
error_log /usr/local/nginx/logs/www.nan.com.err;
listen 443 ssl;
ssl_buffer_size 4k;
ssl_certificate /usr/local/nginx/cert/1_gw.nan_bundle.crt; #在 docker 启动镜像的时候挂载证书目录; /opt/nginx/vert
ssl_certificate_key /usr/local/nginx/cert/2_gw.nan.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gw_ma;
}
}
4.2 日志文件目录:mdkir -p /opt/nginx/logs
5. 启动容器
参考:docker run -d –name=nginx02 -p 9999:80 -v /opt/nginx/conf/nginx.conf:/usr/local/nginx/conf/nginx.conf -v /opt/nginx/conf/vhost/:/usr/local/nginx/conf/vhost/ -v /opt/nginx/logs/:/usr/local/nginx/logs/ xx.xx.xx.xx/library/nginx:v2
:
