前言:
我们知道,为了安全考虑,我们一般会设置反向代理,用来屏蔽应用程序真实的IP和端口号。在Linux系统上最常用的反向代理就是Nginx。本篇文章中,我们会通过Docker容器分别运行一个Nginx-proxy容器和一个Nginx-web应用程序的容器,然后设置反向代理
1、获取Nginx镜像
要运行容器,首先需要有相应的镜像,使用下面的命令拉取NGINX镜像:
docker pull nginx:1.18
2、运行Nginx容器-web
2.1 创建conf目录
[root@k8s-m01 web]# pwd
/nginx/web
[root@k8s-m01 web]# cat web.conf
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm index.php;
}
}
2.2 创建html目录
[root@k8s-m01 html]# pwd
/nginx/web/html
[root@k8s-m01 html]# cat index.html
.....
<h1>ok<h1>
#为了体现gzip的阀值是1K开启压缩 复制一百行
.....
2.3 创建主配置目录文件
[root@k8s-m01 proxy]# pwd
/nginx/conf.d/web
[root@k8s-m01 web]# cat nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
gzip on;
gzip_min_length 1k;
gzip_disable "MSIE [1-6]\.";
gzip_comp_level 2;
gzip_http_version 1.0;
gzip_types text/plain application/javascript application/css text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
include /etc/nginx/conf.d/*.conf;
}
2.3 运行容器
docker run --name nginx-web-gzip -v /nginx/web/:/etc/nginx/conf.d/ -v /nginx/web/html/:/usr/share/nginx/html/ -v /nginx/conf.d/web/nginx.conf:/etc/nginx/nginx.conf -p 80:80 -itd nginx:1.18
2.4 查看效果
[root@k8s-m01 ~]# curl -I -H "Accept-Encoding: gzip, deflate" "http://127.0.0.1:8001"
HTTP/1.1 200 OK
Server: nginx/1.19.6
Date: Thu, 21 Jan 2021 11:06:41 GMT
Content-Type: text/html
Last-Modified: Thu, 21 Jan 2021 10:15:59 GMT
Connection: keep-alive
ETag: W/"6009545f-2f4f"
Content-Encoding: gzip #已经开启了gzip
[root@k8s-m01 ~]# curl http://127.0.0.1:8001 | head -3
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12111 100 12111 0 0 6115k 0 --:--:-- --:--:-- --:--:-- 5913k
<h1>ok<h1>
<h1>ok<h1>
<h1>ok<h1>
[root@k8s-m01 ~]# curl -I http://127.0.0.1:8001
HTTP/1.1 200 OK
Server: nginx/1.19.6
Date: Thu, 21 Jan 2021 11:14:08 GMT
Content-Type: text/html
Content-Length: 12111
Last-Modified: Thu, 21 Jan 2021 10:15:59 GMT
Connection: keep-alive
ETag: "6009545f-2f4f"
Accept-Ranges: bytes
设置反向代理
在上面的步骤中,我们分别运行了nginx-web容器并且都可以在浏览器里面访问,下面我们来设置反向代理。
反向代理实现如下的效果:在浏览器里面访问81端口的时候跳转到8001端口,浏览器显示ngin x-web应用程序。
配置反向代理,我们需要修改Nginx的配置文件。在Nginx的配置文件里面设置反向代理的HTTP地址。
要修改Nginx的配置文件,首先需要进入Nginx容器里面,使用下面的命令进入容器里面
3. 运行Nginx容器-proxy
参考:https://blog.csdn.net/think_a_lot/article/details/106692916 直接了当方式
2.1 创建conf目录
参考:https://www.cnblogs.com/bneglect/p/11528499.html
未加配置:https://www.cnblogs.com/zhanglw456/p/13267456.html
配置域名代理:https://www.cnblogs.com/darendu/p/10832738.html
不删除容器的情况下修改端口映射:https://www.cnblogs.com/qianxunman/archive/2004/01/13/12104725.html
[root@k8s-m01 proxy]# pwd
/nginx/proxy
[root@k8s-m01 proxy]# cat proxy.conf
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://172.17.0.4:80; #docker inspect 容器名称
}
}
2.2 创建主配置目录文件
官方:http://nginx.org/en/docs/http/ngx_http_gzip_module.html
[root@k8s-m01 proxy]# pwd
/nginx/conf.d/proxy
[root@k8s-m01 proxy]# cat nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/css text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
#gzip_disable "MSIE [1-6]\.";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
参数参考:https://www.cnblogs.com/architectforest/p/12794332.html
第1行:开启Gzip
第2行:
第3行:nginx 做前端代理时启用该选项,如果值是 any, 表示无论后端服务器的headers头返回什么信息,都无条件启用压缩,如果用了nginx作反向代理,设置此值为any
第4行:不压缩临界值,大于1K的才压缩,一般不用改
第5行:buffer,就是,嗯,算了不解释了,不用改
第6行:用了反向代理的话,末端通信是HTTP/1.0,有需求的应该也不用看我这科普文了;有这句的话注释了就行了,默认是HTTP/1.1
第7行:压缩级别,1-10,数字越大压缩的越好,时间也越长,看心情随便改吧
第8行:进行压缩的文件类型,缺啥补啥就行了,JavaScript有两种写法,最好都写上吧,总有人抱怨js文件没有压缩,其实多写一种格式就行了
第9行:跟Squid等缓存服务有关,on的话会在Header里增加"Vary: Accept-Encoding",我不需要这玩意,自己对照情况看着办吧
第10行:IE6对Gzip不怎么友好,不给它Gzip了
nginx 做前端代理时启用该选项,如果值是 any, 表示无论后端服务器的headers头返回什么信息,都无条件启用压缩,如果用了nginx作反向代理,设置此值为any
2.3 运行容器
docker run --name nginx-proxy-gzip -v /nginx/proxy/:/etc/nginx/conf.d/ -v /nginx/conf.d/proxy/nginx.conf:/etc/nginx/nginx.conf -p 81:80 -itd nginx:1.18
2.4 查看效果
[root@k8s-m01 ~]# curl http://127.0.0.1:81 | head -1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12111 100 12111 0 0 5516k 0 --:--:-- --:--:-- --:--:-- 11.5M
<h1>ok<h1>
[root@k8s-m01 ~]# curl -I http://127.0.0.1:81
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jan 2021 11:16:16 GMT
Content-Type: text/html
Content-Length: 12111
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 21 Jan 2021 10:15:59 GMT
ETag: "6009545f-2f4f"
Accept-Ranges: bytes
[root@k8s-m01 ~]# curl -I -H "Accept-Encoding: gzip, deflate" "http://127.0.0.1:81"
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jan 2021 11:16:21 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Thu, 21 Jan 2021 10:15:59 GMT
ETag: W/"6009545f-2f4f"
Content-Encoding: gzip
968
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
