How to manage nginx based on docker,part II

  Nginx以它的高性能而著称，通常是也是互联网项目开发过程中必不可少的一部分，今天我们来着重介绍一下如何基于docker部署Nginx服务。

  下面是一个Nginx的Docker启动脚本。

docker run --detach \
--restart always \
--name nginx \
--publish 80:80 \
--publish 443:443 \
--volume /data/docker/nginx/etc:/etc/nginx \
--volume /data/docker/nginx/data:/usr/share/nginx \
nginx:1.17.9

  阅读上述脚本，我们不难看出，这里将Nginx服务配置文件目录映射到了宿主机目录/data/docker/nginx/etc中，静态资源在目录映射到了宿主机目录/data/docker/nginx/data中。

  接下来，我们详细介绍一下，如何完成上述的实际操作过程。

• 准备工作

  这里，我们先启动一个nginx容器实例

[root@xtwj90 ~]# docker run -d --name nginx -p 80:80 nginx:1.17.9
Unable to find image 'nginx:1.17.9' locally
1.17.9: Pulling from library/nginx
68ced04f60ab: Pull complete 
28252775b295: Pull complete 
a616aa3b0bf2: Pull complete 
Digest: sha256:2539d4344dd18e1df02be842ffc435f8e1f699cfc55516e2cf2cb16b7a9aea0b
Status: Downloaded newer image for nginx:1.17.9
c8f56aa38a5f9fe10973ee34daa05f49b02628372ac8396fd14e7bffeb818bbd
[root@xtwj90 ~]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
c8f56aa38a5f        nginx:1.17.9        "nginx -g 'daemon of…"   8 seconds ago       Up 6 seconds        0.0.0.0:80->80/tcp   nginx

  进入名称为nginx的容器实例中查看一番。

[root@xtwj90 ~]# docker exec -it nginx /bin/sh
# 
# pwd    
/
# ls -la
total 8
drwxr-xr-x.   1 root root   28 Mar 20 07:25 .
drwxr-xr-x.   1 root root   28 Mar 20 07:25 ..
-rwxr-xr-x.   1 root root    0 Mar 20 07:25 .dockerenv
drwxr-xr-x.   2 root root 4096 Feb 24 00:00 bin
drwxr-xr-x.   2 root root    6 Feb  1 17:09 boot
drwxr-xr-x.   5 root root  340 Mar 20 07:25 dev
drwxr-xr-x.   1 root root   66 Mar 20 07:25 etc
drwxr-xr-x.   2 root root    6 Feb  1 17:09 home
drwxr-xr-x.   1 root root   56 Mar  4 17:31 lib
drwxr-xr-x.   2 root root   34 Feb 24 00:00 lib64
drwxr-xr-x.   2 root root    6 Feb 24 00:00 media
drwxr-xr-x.   2 root root    6 Feb 24 00:00 mnt
drwxr-xr-x.   2 root root    6 Feb 24 00:00 opt
dr-xr-xr-x. 114 root root    0 Mar 20 07:25 proc
drwx------.   2 root root   37 Feb 24 00:00 root
drwxr-xr-x.   1 root root   23 Mar 20 07:25 run
drwxr-xr-x.   2 root root 4096 Feb 24 00:00 sbin
drwxr-xr-x.   2 root root    6 Feb 24 00:00 srv
dr-xr-xr-x.  13 root root    0 Mar  2 02:05 sys
drwxrwxrwt.   1 root root    6 Mar  4 17:31 tmp
drwxr-xr-x.   1 root root   66 Feb 24 00:00 usr
drwxr-xr-x.   1 root root   19 Feb 24 00:00 var
# ls -la /etc 	
total 172
drwxr-xr-x. 1 root root      66 Mar 20 07:25 .
drwxr-xr-x. 1 root root      28 Mar 20 07:25 ..
-rw-------. 1 root root       0 Feb 24 00:00 .pwd.lock
-rw-r--r--. 1 root root    2981 Feb 24 00:00 adduser.conf
drwxr-xr-x. 2 root root     155 Feb 24 00:00 alternatives
drwxr-xr-x. 1 root root      47 Mar  4 17:31 apt
-rw-r--r--. 1 root root    1994 Apr 18  2019 bash.bashrc
-rw-r--r--. 1 root root     367 Mar  2  2018 bindresvport.blacklist
drwxr-xr-x. 2 root root      50 Feb 24 00:00 cron.daily
-rw-r--r--. 1 root root    2969 Feb 26  2019 debconf.conf
-rw-r--r--. 1 root root       5 Feb  1 17:07 debian_version
drwxr-xr-x. 1 root root      38 Mar  4 17:31 default
-rw-r--r--. 1 root root     604 Jun 26  2016 deluser.conf
drwxr-xr-x. 4 root root      55 Feb 24 00:00 dpkg
-rw-r--r--. 1 root root       0 Feb 24 00:00 environment
drwxr-xr-x. 4 root root      56 Mar  4 17:31 fonts
-rw-r--r--. 1 root root      37 Feb 24 00:00 fstab
-rw-r--r--. 1 root root    2584 Aug  1  2018 gai.conf
-rw-r--r--. 1 root root     459 Mar  4 17:31 group
-rw-r--r--. 1 root root     446 Feb 24 00:00 group-
-rw-r-----. 1 root shadow   384 Mar  4 17:31 gshadow
-rw-r-----. 1 root shadow   374 Feb 24 00:00 gshadow-
-rw-r--r--. 1 root root       9 Aug  7  2006 host.conf
-rw-r--r--. 1 root root      13 Mar 20 07:25 hostname
-rw-r--r--. 1 root root     174 Mar 20 07:25 hosts
drwxr-xr-x. 1 root root      38 Mar  4 17:31 init.d
-rw-r--r--. 1 root root    1748 May  5  2018 inputrc
-rw-r--r--. 1 root root      27 Feb  1 17:09 issue
-rw-r--r--. 1 root root      20 Feb  1 17:09 issue.net
drwxr-xr-x. 3 root root      24 May 28  2019 kernel
-rw-r--r--. 1 root root    9470 Mar  4 17:31 ld.so.cache
-rw-r--r--. 1 root root      34 Mar  2  2018 ld.so.conf
drwxr-xr-x. 2 root root      52 Feb 24 00:00 ld.so.conf.d
-rw-r--r--. 1 root root     191 Apr 25  2019 libaudit.conf
lrwxrwxrwx. 1 root root      27 Feb 24 00:00 localtime -> /usr/share/zoneinfo/Etc/UTC
-rw-r--r--. 1 root root   10477 Jul 27  2018 login.defs
drwxr-xr-x. 1 root root      19 Mar  4 17:31 logrotate.d
-rw-r--r--. 1 root root      33 Feb 24 00:00 machine-id
-rw-r--r--. 1 root root     812 Jan 10 01:19 mke2fs.conf
-rw-r--r--. 1 root root     286 Feb  1 17:09 motd
lrwxrwxrwx. 1 root root      12 Mar 20 07:25 mtab -> /proc/mounts
drwxr-xr-x. 3 root root     177 Mar  4 17:31 nginx
-rw-r--r--. 1 root root     494 Feb 10  2019 nsswitch.conf
drwxr-xr-x. 2 root root       6 Feb 24 00:00 opt
lrwxrwxrwx. 1 root root      21 Feb  1 17:09 os-release -> ../usr/lib/os-release
-rw-r--r--. 1 root root     552 Feb 14  2019 pam.conf
drwxr-xr-x. 2 root root     279 Feb 24 00:00 pam.d
-rw-r--r--. 1 root root     980 Mar  4 17:31 passwd
-rw-r--r--. 1 root root     967 Mar  4 17:31 passwd-
-rw-r--r--. 1 root root     767 Mar  4  2016 profile
drwxr-xr-x. 2 root root       6 Feb  1 17:09 profile.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc0.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc1.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc2.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc3.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc4.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc5.d
drwxr-xr-x. 1 root root      22 Mar  4 17:31 rc6.d
drwxr-xr-x. 2 root root      27 Feb 24 00:00 rcS.d
-rw-r--r--. 1 root root      53 Mar 20 07:25 resolv.conf
lrwxrwxrwx. 1 root root      13 Apr 23  2019 rmt -> /usr/sbin/rmt
-rw-r--r--. 1 root root    4141 Jul 27  2018 securetty
drwxr-xr-x. 4 root root     214 Feb 24 00:00 security
drwxr-xr-x. 2 root root      27 Feb 24 00:00 selinux
-rw-r-----. 1 root shadow   528 Mar  4 17:31 shadow
-rw-r-----. 1 root shadow   528 Mar  4 17:31 shadow-
-rw-r--r--. 1 root root      73 Feb 24 00:00 shells
drwxr-xr-x. 2 root root      57 Feb 24 00:00 skel
-rw-r--r--. 1 root root       0 Feb 24 00:00 subgid
-rw-r--r--. 1 root root       0 Feb 24 00:00 subuid
drwxr-xr-x. 1 root root      20 Dec  3  2018 systemd
drwxr-xr-x. 2 root root      20 Feb 24 00:00 terminfo
-rw-r--r--. 1 root root       8 Feb 24 00:00 timezone
-rw-r--r--. 1 root root    1260 Dec 14  2018 ucf.conf
drwxr-xr-x. 2 root root      22 Feb 24 00:00 update-motd.d
-rw-r--r--. 1 root root     642 Mar  1  2019 xattr.conf
# ls -la /etc/nginx
total 36
drwxr-xr-x. 3 root root  177 Mar  4 17:31 .
drwxr-xr-x. 1 root root   66 Mar 20 07:25 ..
drwxr-xr-x. 2 root root   26 Mar  4 17:31 conf.d
-rw-r--r--. 1 root root 1007 Mar  3 14:32 fastcgi_params
-rw-r--r--. 1 root root 2837 Mar  3 14:32 koi-utf
-rw-r--r--. 1 root root 2223 Mar  3 14:32 koi-win
-rw-r--r--. 1 root root 5231 Mar  3 14:32 mime.types
lrwxrwxrwx. 1 root root   22 Mar  3 14:32 modules -> /usr/lib/nginx/modules
-rw-r--r--. 1 root root  643 Mar  3 14:32 nginx.conf
-rw-r--r--. 1 root root  636 Mar  3 14:32 scgi_params
-rw-r--r--. 1 root root  664 Mar  3 14:32 uwsgi_params
-rw-r--r--. 1 root root 3610 Mar  3 14:32 win-utf
# cat /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
# ls -la /etc/nginx/conf.d
total 4
drwxr-xr-x. 2 root root   26 Mar  4 17:31 .
drwxr-xr-x. 3 root root  177 Mar  4 17:31 ..
-rw-r--r--. 1 root root 1093 Mar  3 14:32 default.conf
# cat /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

# 

  我们发现容器nginx中配置文件目录中的文件/etc/nginx/modules被软链接到了目录/usr/lib/nginx/modules。为了方便迁移，我们需要对此做番处理。接下来，我们进行一些具体的准备工作。

  这里，我们需要将容器中的配置文件目录从容器中复制出来。并对软链接文件/etc/nginx/modules做一些处理。

# exit
[root@xtwj90 ~]# mkdir -p /data/docker/nginx
[root@xtwj90 ~]# cd /data/docker/nginx/
[root@xtwj90 nginx]# docker cp nginx:/etc/nginx etc
[root@xtwj90 nginx]# docker cp nginx:/usr/share/nginx data
[root@xtwj90 nginx]# ll
total 0
drwxr-xr-x. 4 root root  29 Mar 20 16:42 .
drwxr-xr-x. 3 root root  19 Mar 20 15:23 ..
drwxr-xr-x. 3 root root  18 Mar  5 01:31 data
drwxr-xr-x. 6 root root 221 Mar 20 16:02 etc
[root@xtwj90 nginx]# ll etc/
total 36
drwxr-xr-x. 3 root root  177 Mar  5 01:31 .
drwxr-xr-x. 3 root root   17 Mar 20 15:45 ..
drwxr-xr-x. 2 root root   26 Mar  5 01:31 conf.d
-rw-r--r--. 1 root root 1007 Mar  3 22:32 fastcgi_params
-rw-r--r--. 1 root root 2837 Mar  3 22:32 koi-utf
-rw-r--r--. 1 root root 2223 Mar  3 22:32 koi-win
-rw-r--r--. 1 root root 5231 Mar  3 22:32 mime.types
lrwxrwxrwx. 1 root root   22 Mar  3 22:32 modules -> /usr/lib/nginx/modules
-rw-r--r--. 1 root root  643 Mar  3 22:32 nginx.conf
-rw-r--r--. 1 root root  636 Mar  3 22:32 scgi_params
-rw-r--r--. 1 root root  664 Mar  3 22:32 uwsgi_params
-rw-r--r--. 1 root root 3610 Mar  3 22:32 win-utf
[root@xtwj90 nginx]# rm -rf etc/modules
[root@xtwj90 nginx]# docker cp nginx:/usr/lib/nginx/modules etc/
[root@xtwj90 nginx]# ll etc/
total 40
drwxr-xr-x. 4 root root  177 Mar 20 15:49 .
drwxr-xr-x. 3 root root   17 Mar 20 15:45 ..
drwxr-xr-x. 2 root root   26 Mar  5 01:31 conf.d
-rw-r--r--. 1 root root 1007 Mar  3 22:32 fastcgi_params
-rw-r--r--. 1 root root 2837 Mar  3 22:32 koi-utf
-rw-r--r--. 1 root root 2223 Mar  3 22:32 koi-win
-rw-r--r--. 1 root root 5231 Mar  3 22:32 mime.types
drwxr-xr-x. 2 root root 4096 Mar  5 01:31 modules
-rw-r--r--. 1 root root  643 Mar  3 22:32 nginx.conf
-rw-r--r--. 1 root root  636 Mar  3 22:32 scgi_params
-rw-r--r--. 1 root root  664 Mar  3 22:32 uwsgi_params
-rw-r--r--. 1 root root 3610 Mar  3 22:32 win-utf
[root@xtwj90 nginx]# cd etc/ 

  为了实现模块化管理，我们这里创建sites-available与sites-enabled两个目录。其中，sites-enabled目录中的文件能被nginx重新启动时自动加载，这里我们需要将它添加到nginx的配置文件nginx.conf中去。sites-available目录中的文件可以是一些随时希望调整又不想删除的文件。

  我们将如下内容添加到nginx.conf中去：

include /etc/nginx/sites-enabled/*.conf;

修改后的nginx.conf文件如下：

[root@xtwj90 etc]# cat nginx.conf 

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;

}
[root@xtwj90 etc]# mkdir -p sites-available sites-enabled
[root@xtwj90 etc]# ll
total 40
drwxr-xr-x. 6 root root  221 Mar 20 16:02 .
drwxr-xr-x. 3 root root   17 Mar 20 15:45 ..
drwxr-xr-x. 2 root root   26 Mar  5 01:31 conf.d
-rw-r--r--. 1 root root 1007 Mar  3 22:32 fastcgi_params
-rw-r--r--. 1 root root 2837 Mar  3 22:32 koi-utf
-rw-r--r--. 1 root root 2223 Mar  3 22:32 koi-win
-rw-r--r--. 1 root root 5231 Mar  3 22:32 mime.types
drwxr-xr-x. 2 root root 4096 Mar  5 01:31 modules
-rw-r--r--. 1 root root  690 Mar 20 16:00 nginx.conf
-rw-r--r--. 1 root root  636 Mar  3 22:32 scgi_params
drwxr-xr-x. 2 root root    6 Mar 20 16:02 sites-available
drwxr-xr-x. 2 root root    6 Mar 20 16:02 sites-enabled
-rw-r--r--. 1 root root  664 Mar  3 22:32 uwsgi_params
-rw-r--r--. 1 root root 3610 Mar  3 22:32 win-utf

[root@xtwj90 etc]# mv conf.d/default.conf sites-available/
[root@xtwj90 etc]# cd sites-enabled/
[root@xtwj90 sites-enabled]# ln -s ../sites-available/default.conf default.conf
[root@xtwj90 sites-enabled]# ll
total 0
drwxr-xr-x. 2 root root  26 Mar 20 16:03 .
drwxr-xr-x. 6 root root 221 Mar 20 16:02 ..
lrwxrwxrwx. 1 root root  31 Mar 20 16:03 default.conf -> ../sites-available/default.conf

  至此，我们的准备工作已经基本完成。

• 使用

  上面的准备工作做完以后，就可以在依托目录/data/docker/nginx下的两个子目录data与etc对nginx进行维护了。

[root@xtwj90 ~]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
c8f56aa38a5f        nginx:1.17.9        "nginx -g 'daemon of…"   About an hour ago   Up About an hour    0.0.0.0:80->80/tcp   nginx
[root@xtwj90 ~]# docker stop nginx 
nginx
[root@xtwj90 ~]# docker rm nginx 
nginx
[root@xtwj90 ~]# docker run --detach \
> --restart always \
> --name nginx \
> --publish 80:80 \
> --publish 443:443 \
> --volume /data/docker/nginx/etc:/etc/nginx \
> --volume /data/docker/nginx/data:/usr/share/nginx \
> nginx:1.17.9
2f6c6ca9fec9bcd82b769358956d254ba54fd0be3087f8fce13d6c2c3149214f
[root@xtwj90 ~]#

参考文献

• Docker Official Images of Nginx