docker安装nignx
1.拉取镜像
docker pull nginx
docker images -- 查看2.创建容器启动
docker run -d -p 80:80 --name nginx nginx
-d 以守护模式运行镜像,也就是后台运行
-p 宿主机端口映射的镜像端口,左边是宿主机端口,右边是镜像端口,80是Nginx访问端口
--name给容器起一个唯一的别名3.访问nginx ,浏览器访问http://ip即可
4.配置nginx
配置的目的:我们首先需要在宿主机创建用于存放nginx日志、配置文件和相关静态资源的目录,并将其挂载到容器内对应路径。
后续更新我们只需要更改宿主机目录下的配置文件或者静态文件就可以更新容器内资源,这样可以确保容器挂掉只需要重新启动一个容器挂载上数据去就完美无缺的还原,这也是容器轻量快速方便的原因。不只是nginx容器,其余的像mysql容器也一定要记得挂载/data数据文件,防止容器宕掉丢失数据。mkdir -p /server/nginx/log
mkdir -p /server/nginx/conf
mkdir -p /server/nginx/conf.d
mkdir -p /server/nginx/static
mkdir -p /server/nginx/ssl然后从Nginx容器中复制一份配置文件到宿主机刚刚创建的conf目录
docker cp nginx:/etc/nginx/nginx.conf /server/nginx/conf/nginx.conf打开nginx.conf文件发现这个配置文件还引入了其他的配置文件,所以我们需要把include引入的文件也复制一份到宿主机,但是我们不知道那些文件叫什么,所以我们需要进入容器内查看
docker exec -it nginx /bin/bash
cd /etc/nginx/conf.d
ls可以看到里面有个default.conf文件,所以我们需要把这个文件复制到宿主机
exit --退出刚刚那个容器
docker cp nginx:/etc/nginx/conf.d/default.conf /home/service/nginx/conf.d/default.conf还记得我们前面访问nginx的时候那个页面吗?是的,那个页面也要复制到宿主机
docker cp nginx:/usr/share/nginx/html/index.html /server/nginx/static/index.html
5.修改配置文件
开始修改宿主机上复制出来的conf文件,首先修改nginx.conf,修改配置文件修改后的结果:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
keepalive_timeout 60;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
include /etc/nginx/conf.d/*.conf;
}查看default.conf
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
停止上次的nginx容器并删除容器
docker stop nginx
docker rm nginx重新启动一个nginx容器
docker run -p 443:443 -p 80:80 --name nginx \
-v /server/nginx/static:/usr/share/nginx/html \
-v /server/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /server/nginx/log:/var/log/nginx \
-v /server/nginx/conf.d:/etc/nginx/conf.d \
-v /server/nginx/ssl:/ssl \
-d nginx-v的意思就是把宿主机目录挂载到冒号后面的容器目录此处多监听了一个443端口,用于以后配置https
6.配置Https访问,我是在阿里云申请了免费的一年ssl证书,大家可以百度一下,下载的是nginx的,并且在其中加入了许多优化的配置,nginx.conf :
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 2k;
large_client_header_buffers 4 4k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name www.example.com ;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
#监听的端口号
listen 443 ssl;
server_name www.example.com ;
ssl_certificate /ssl/1492507_www.example.com.pem;
ssl_certificate_key /ssl/1492507_www.example.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
include /etc/nginx/conf.d/*.conf;
}注意:这里更新的是宿主机上的nginx.conf
然后进入容器重启nginx即可
也可以不用进入容器重启,直接重启容器也可以
docker restart nginx
配置完成
配置域名反代
server {
listen 443;
server_name www.moerats.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.moerats.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.moerats.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
charset utf-8;
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1024m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass http://127.0.0.1:600/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server
{
listen 80;
server_name www.moerats.com;
rewrite ^(.*) https://www.moerats.com$1 permanent;
}本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。