1.nginx.conf配置文件
以下是Nginx的配置文件详情
user nobody;
worker_processes 4;
worker_rlimit_nofile 65535;
error_log logs/error.log notice;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
keepalive_timeout 65;
client_max_body_size 64m;
server {
listen 80;
server_name domain.name;
return 301 https://$server_name/$request_uri;
}
server {
listen 443 ssl;
server_name domain.name;
index index.php index.html;
access_log logs/www.ctnrs.com_access.log;
error_log logs/www.ctnrs.com_error.log;
# ssl证书地址
ssl_certificate /usr/local/nginx/cert/ssl.pem; # pem文件的路径
ssl_certificate_key /usr/local/nginx/cert/ssl.key; # key文件的路径
# ssl验证相关配置
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
# location ~ .*\.(js|css|html|png|gif|jpg|jpeg)$ {
location / {
root /wwwroot;
# 需要添加的代码
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~* \.php$ {
root /wwwroot;
fastcgi_pass lnmp_php:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
point:
1:证书的地址配置
2:80端口和443端口都需要被监听
3:端口监听转发,80端口转发到443端口
2.nginx的Dockerfile文件
FROM centos:7
MAINTAINER www.ctnrs.com
RUN yum install -y gcc gcc-c++ make \
openssl-devel pcre-devel gd-devel \
iproute net-tools telnet wget curl && \
yum clean all && \
rm -rf /var/cache/yum/*
RUN wget http://nginx.org/download/nginx-1.15.5.tar.gz && \
tar zxf nginx-1.15.5.tar.gz && \
cd nginx-1.15.5 && \
./configure --prefix=/usr/local/nginx \
--prefix=/usr/local/nginx --with-http_ssl_module \
--with-http_ssl_module \
--with-http_stub_status_module && \
make -j 4 && make install && \
rm -rf /usr/local/nginx/html/* && \
mkdir /usr/local/nginx/cert && \
echo "ok" >> /usr/local/nginx/html/status.html && \
cd / && rm -rf nginx-1.15.5* && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV PATH $PATH:/usr/local/nginx/sbin
COPY nginx.conf /usr/local/nginx/conf/nginx.conf
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
创建镜像 docker build -t nginx:v1 -f Dockerfile-nginx .
3.运行nginx镜像
docker run -d --name lnmp_nginx1 --net lnmp -p 80:80 \
--mount type=bind,src=/mnt/dockefile/nginx.conf,dst=/usr/local/nginx/conf/nginx.conf \
-v /mnt/dockefile/wangle12com:/usr/local/nginx/cert \
--mount src=wwwroot,dst=/wwwroot nginx:v3
这里用到了两个bind mount,将nginx配置文件和证书文件挂载到镜像上面,wnagle12com
里面是我的证书文件,将会挂载到/usr/local/nginx/cert
上,对应nginx.conf中的
# ssl证书地址
ssl_certificate /usr/local/nginx/cert/ssl.pem; # pem文件的路径
ssl_certificate_key /usr/local/nginx/cert/ssl.key; # key文件的路径
总结
需要资源的扫码关注公众号“程序港湾”