nginx 官方 docker 镜像使用记录
发表更新linux / docker5 分钟读完 (大约708个字)0次访问

nginx 官方 docker 镜像使用记录

拉取镜像

1
docker pull nginx

建立映射文件夹

1
2
3
4
mkdir -p /data/nginx
mkdir -p /data/nginx/conf.d
mkdir -p /data/nginx/html
mkdir -p /data/nginx/logs
  • 映射关系
1
2
3
4
/data/nginx/nginx.conf:/etc/nginx/nginx.conf
/data/nginx/conf.d:/etc/nginx/conf.d
/data/nginx/html:/usr/share/nginx/html
/data/nginx/logs:/var/log/nginx
  • 复制默认配置文件
1
2
3
4
# 复制 nginx.conf 文件
docker cp mynginx:/etc/nginx/nginx.conf /data/nginx/nginx.conf
# 复制 default.conf 文件
docker cp mynginx:/etc/nginx/conf.d/default.conf /data/nginx/conf.d
  • 打开容器查看信息
1
2
docker run -i -t nginx /bin/bash
docker exec -it nginx bash

默认配置

1
cat /etc/nginx/nginx.conf
  • nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

1
cat /etc/nginx/conf.d/default.conf
  • default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

运行镜像

1
2
3
4
5
6
7
docker run --name mynginx -d \
-v /data/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /data/nginx/html:/usr/share/nginx/html \
-v /data/nginx/conf.d:/etc/nginx/conf.d \
-v /data/nginx/logs:/var/log/nginx \
-p 80:80 \
nginx

nginx 配置参考

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
http {

  server {
      listen 80;
      server_name xxx.com;
      return  301 https://$host$request_uri;
  }

  server {
      listen       443 ssl;
      server_name  xxx.com;
      
      ssl_protocols TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers TLS13+AESGCM+AES128:TLS13+AESGCM+AES256:TLS13+CHACHA20:EECDH+ECDSA+AESGCM+AES128:EECDH+ECDSA+CHACHA20:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:EECDH+aRSA+AESGCM+AES128:EECDH+aRSA+CHACHA20:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES;
      ssl_session_timeout 10m;
      ssl_session_cache shared:le_nginx_SSL:10m;
      ssl_buffer_size 1400;

      ssl_certificate /usr/local/nginx/ssl/xxx.com.cer;
      ssl_certificate_key /usr/local/nginx/ssl/xxx.com.key;

     

    location /aria2/ {
        proxy_redirect off;
        proxy_set_header Host $host;  
        proxy_set_header X-Real-IP $remote_addr;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:6080;
    }
     
    location / {
        proxy_set_header Host $host;  
        proxy_set_header X-Real-IP $remote_addr;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:6081/;
    } 
     
  }

}

反向代理

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen  80;
    server_name  xxx.abc.com;    //二级域名
    access_log /var/log/nginx/xxx.access.log main;
    error_log /var/log/nginx/xxx.error.log error;
    location / {
        proxy_set_header  Host  $http_host;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass  http://ip:端口;
    }
}

备注

防火墙把对应的端口开启,否则悲剧了,代理 80 端口,套 cf,开启页面规则,强制 https,可用半程 ssl 。

1
2
3
4
5
https://*abc.com/*
Always Online: On

http://*abc.com/*
Always Use HTTPS
#
忙忙忙

目录

链接

分类

最新文章

归档

标签

MTProxy1
N11
Navigation1
adguardhome2
bash1
bbr2
bench2
ccaa1
cf1
chocolatey1
chrome1
cmder1
command1
dns1
docker2
domains1
esxi2
filebrowser1
firewalld1
gwd1
hexo3
iptables1
keyboard1
lede1
linshi1
mtu1
music1
nginx2
nodejs1
package1
port1
redmi1
rss1
rssbot1
scoop1
script1
servercat1
shadowsocks-libev1
software2
ssh1
ssl1
time1
ufw1
vnstat1
vp91
vps3
wordpress1
youtube-dl1
编码1
×