1.查看镜像
docker search nginx
2.拉取镜像
docker pull nginx
3.查看拉取的镜像
docker images nginx
4.创建映射文件夹
mkdir conf logs www cert
5.把容器中的nginx.conf文件复制到conf目录下
docker cp test:/etc/nginx/nginx.conf /opt/docker/nginx/conf/nginx.conf
docker cp test:/etc/nginx/conf.d/default.conf /opt/docker/nginx/conf/default.conf
docker cp nginx:/etc/nginx/nginx.conf /opt/docker/nginx/conf
docker cp nginx:/etc/nginx/conf.d/default.conf /opt/docker/nginx/conf
6.创建容器
docker run -d -p 8001:80 --name nginx1 \
-v /opt/docker/nginx1/www:/usr/share/nginx/html \
-v /opt/docker/nginx1/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/docker/nginx1/conf/default.conf:/etc/nginx/conf.d/default.conf \
-v /opt/docker/nginx1/logs:/var/log/nginx \
-v /opt/docker/nginx1/cert:/etc/nginx/cert \
-e TZ=Asia/Shanghai \
nginx
docker run -d -p 443:443 --name nginx \
-v /opt/docker/nginx/www:/usr/share/nginx/html \
-v /opt/docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/docker/nginx/conf/default.conf:/etc/nginx/conf.d/default.conf \
-v /opt/docker/nginx/logs:/var/log/nginx \
-v /opt/docker/nginx/cert:/etc/nginx/cert \
-e TZ=Asia/Shanghai \
nginx
7.开启服务器安全组的端口 80,443
8.nginx配置文件内容
80端口的配置
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile off;
#tcp_nopush on;
keepalive_timeout 65;
#gzip off;
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types application/javascript text/css text/xml;
gzip_disable "MSIE [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持)
gzip_vary on;
server {
listen 80; # 监听本机所有 ip 上的 80 端口
server_name _; # 域名:www.example.com 这里 "_" 代表获取匹配所有
location /kapi/{
rewrite ^/kapi/(.*)$ /$1 break;
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Methods' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $host:8080;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass_header Set-Cookie;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Mod-Pagespeed;
proxy_cache_valid any 10m;
client_max_body_size 50m; #缓冲区代理缓冲用户端请求的最大字节数,可以理解为保存到本地再传给用户
client_body_buffer_size 256k;
#client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout 300s; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_send_timeout 300s;
proxy_buffer_size 64k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传递请求,而不缓冲到磁盘
#proxy_ignore_client_abort on; #不允许代理端主动关闭连接
proxy_ignore_client_abort off;
proxy_max_temp_file_size 2048m;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_pass http://192.168.0.2:8080;
}
location /screen2/{
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;
add_header 'Access-Control-Expose-Headers' *;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
alias /usr/share/nginx/html/screen2/;
}
location / {
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;
add_header 'Access-Control-Expose-Headers' *;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
alias /usr/share/nginx/html/psychometrisystem/;
index index.html index.htm;
}
}
include /etc/nginx/conf.d/*.conf;
}
443端口配置
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 50M;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile off;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types application/javascript text/css text/xml;
gzip_disable "MSIE [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持)
gzip_vary on;
#设置浏览器缓存
add_header Cache-Control no-cache;
add_header Cache-Control private;
server {
listen 443 ssl http2;
server_name www.afterclass.net.cn; # 域名:www.example.com 这里 "_" 代表获取匹配所有
ssl_certificate /etc/nginx/cert/7239011_www.afterclass.net.cn.pem;
ssl_certificate_key /etc/nginx/cert/7239011_www.afterclass.net.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
listen 80;
if ($scheme = http) {
return 301 https://$host:443$request_uri;
}
location /robots.txt {
default_type text/html;
add_header Content-Type "text/plain; charset=UTF-8";
return 200 "User-Agent: *\nDisallow: /";
}
location /kapi{
rewrite ^/kapi/(.*)$ /$1 break;
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Methods' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $host:8080;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass_header Set-Cookie;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Mod-Pagespeed;
proxy_cache_valid any 10m;
client_max_body_size 50m; #缓冲区代理缓冲用户端请求的最大字节数,可以理解为保存到本地再传给用户
client_body_buffer_size 256k;
#client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout 300s; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_send_timeout 300s;
proxy_buffer_size 64k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传递请求,而不缓冲到磁盘
#proxy_ignore_client_abort on; #不允许代理端主动关闭连接
proxy_ignore_client_abort off;
proxy_max_temp_file_size 2048m;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_pass http://123.56.85.192:8099;
}
#官网
location /{
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;
add_header 'Access-Control-Expose-Headers' *;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
autoindex off;
autoindex_localtime on;
alias /usr/share/nginx/html/websiteWebApp/;
index index.html index.htm;
}
#后管
location /manager {
add_header 'Access-Control-Allow-Origin' *;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' *;
add_header 'Access-Control-Allow-Headers' *;
add_header 'Access-Control-Expose-Headers' *;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
autoindex off;
autoindex_localtime on;
alias /usr/share/nginx/html/websiteManager/;
index index.html index.htm;
}
}
include /etc/nginx/conf.d/*.conf;
}