1.下载Nginx镜像
# 拉取镜像
docker pull nginx
# 查询镜像
docker images
2.创建配置文件
创建挂载目录
mkdir -p /home/nginx/conf.d
mkdir -p /home/nginx/config
mkdir -p /home/nginx/html
mkdir -p /home/nginx/logs
mkdir -p /home/nginx/ssl
启动容器将配置文件复制到宿主机目录中
# 启动容器
docker run --name nginx -p 80:80 -d nginx
# 复制容器配置文件
docker cp nginx:/etc/nginx/nginx.conf /home/nginx/config/
docker cp nginx:/etc/nginx/conf.d /home/nginx
docker cp nginx:/usr/share/nginx/html /home/nginx
停止容器并删除
docker stop nginx
docker rm nginx
3. 修改配置文件
前置条件:
1,域名DNS解析,
2,SSL证书放置到/home/nginx/ssl目录下
3,服务器防火墙指定ip的443, 80 端口正常开启
因为/home/nginx/config/nginx.conf中:include引入了/etc/nginx/conf.d/*.conf
故直接对 /home/nginx/conf.d/default.conf 进行配置
server {
# https 监听端口
listen 443 ssl;
# 监听域名
server_name xxx.com;
root /var/www/xxx.com;
index index.html index.htm;
# 引入证书
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 默认80端口转发
location / {
proxy_pass http://127.0.0.1:18080/;
}
# 域名后缀转发https:xxx.com/xxx
location /xxx/ {
proxy_pass http://127.0.0.1:8801/;
proxy_set_header X-Forwarded-Scheme http;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
# https 监听端口
listen 80;
# 监听域名
server_name xxx.com;
#rewrite ^(.*)$ https://$host$1 permanent;
rewrite ^(.*) https://$server_name$1 permanent;
}
4.启动Nginx 容器
这里的Nginx与转发目标在一个服务器上,故直接采用host模式
如果不在一个服务器上,可自行将
--net=host
替换为http和https端口映射-p 443:443 -p 80:80
docker run --name nginx --net=host \
-v /home/nginx/html:/usr/share/nginx/html \
-v /home/nginx/config/nginx.conf:/etc/nginx/nginx.conf/ \
-v /home/nginx/conf.d:/etc/nginx/conf.d \
-v /home/nginx/logs:/var/log/nginx/ \
-v /home/nginx/ssl:/etc/nginx/ssl/ \
--privileged=true \
-d --restart=always nginx