docker安装nginx
配置反向代理
配置跨域
http升级https
docker安装nginx
- 拉取nginx镜像
docker pull nginx
查看镜像docker images,看是否存在nginx镜像
- 创建nginx外部挂载文件, 映射nginx容器内部文件
mkdir -p /mnt/nginx/{conf,html,logs};
docker cp ef:/etc/nginx/nginx.conf /mnt/nginx/;
- 创建nginx容器, 80是http默认端口,443是https默认端口,如果不需要用https, 443可以不加
docker run -p 80:80 --name nginx -p 443:443 -v /mnt/nginx:/etc/nginx/cert -v /mnt/nginx/nginx.conf:/etc/nginx/nginx.conf -v /mnt/nginx/html:/usr/share/nginx/html -v /mnt/nginx/logs:/var/log/nginx -d nginx
- 启动nginx容器
docker start nginx
docker ps查看nginx容器状态,若未成功,查看nginx启动日志
docker logs nginx
在/mnt/nginx/html文件下创建index.html,随便写点东西,访问服务器ip即可看到写的东西
配置反向代理
更新nginx配置,在/mnt/nginx/nginx.conf文件中http内添加server
server {
listen 80;
server_name 地址;
location / {
proxy_pass 地址:端口;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Via "nginx";
}
}
配置跨域
在server location下添加add_header
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
http升级https
- 首先要有一个已备案的域名
- 购买ssl证书,也可以用免费的
- 下载nginx类型的证书,解压并上传到/mnt/nginx目录下
- 修改nginx.conf文件,重启容器,https默认443端口
server {
listen 443 ssl;
server_name 域名;
ssl_certificate /etc/nginx/cert/证书名.pem;
ssl_certificate_key /etc/nginx/cert/证书名.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-
SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass 地址:端口;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Via "nginx";
root /mnt/nginx/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name 域名;
return 301 https://域名$request_uri;
}