Docker 构建 Nginx
1、准备好所需的挂载文件夹
mkdir -p /usr/local/nginx/{conf,html,logs,ssl}将自己的ssl证书上传到ssl文件夹下。一共两个文件,分别是pem和key
2、拉取Nginx镜像
docker pull nginx3、创建临时容器,用于复制配置文件
docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/conf.d /usr/local/nginx/conf
docker cp nginx:/etc/nginx/nginx.conf /usr/local/nginx/nginx.conf
docker stop nginx
docker rm nginx4、创建一个自己的配置文件,并编写配置(里面用到的都是容器目录)
touch /usr/local/nginx/conf/example.confserver {
listen 80;
server_name example.com;
# 重定向到https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# ssl 配置
ssl_certificate /etc/nginx/ssl/5441374__example.com.pem;
ssl_certificate_key /etc/nginx/ssl/5441374__example.com.key;
# 反向代理到后端接口,[tduck-api]是后端在网络中的别名
location /tduck-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tduck-api:8999;
}
# 默认映射到静态文件夹
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
} 5、创建Nginx容器
docker run \
--name nginx \
-p 443:443 -p 80:80 \
-v /usr/local/nginx/logs:/var/log/nginx \
-v /usr/local/nginx/html:/usr/share/nginx/html \
-v /usr/local/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/nginx/conf:/etc/nginx/conf.d \
-v /usr/local/nginx/ssl:/etc/nginx/ssl \
--network=my-network \
--network-alias=nginx-alias \
-e TZ=Asia/Shanghai \
--privileged=true -d --restart=always nginx- logs:日志挂载目录
- html:静态文件挂载目录
- conf:配置挂载目录
- ssl:证书挂载目录
- network:非必须,要加入的网络
- network-alias:被必须,在网络中的别名
- TZ:时区
- privileged:让容器对挂载目录拥有读写等特权
到这里就完成了!
6、参考配置
1)负载均衡
upstream tduck-api-upstream {
# weight 是权重
server tduck-api:8999 weight=2;
server tduck-api2:9000 weight=8;
}
server {
listen 80;
server_name example.com;
# 重定向到https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# ssl 配置
ssl_certificate /etc/nginx/ssl/5441374__example.com.pem;
ssl_certificate_key /etc/nginx/ssl/5441374__example.com.key;
# 反向代理到后端接口,[tduck-api-upstream]是前面配置的 upstream 名
location /tduck-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tduck-api-upstream:8999;
}
# 默认映射到静态文件夹
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}2)Nginx 504 Gateway time-out
# 配置请求体缓存区大小
client_max_body_size 500M;
client_body_buffer_size 128k;
client_header_buffer_size 16k;
fastcgi_intercept_errors on;
## 504报错解决,超时时间调整为30分钟
proxy_connect_timeout 1800s;
proxy_send_timeout 1800s;
proxy_read_timeout 1800s;
fastcgi_connect_timeout 1800s;
fastcgi_send_timeout 1800s;
fastcgi_read_timeout 1800s;3)通过给URI带上/apis/统一转发到后端
location /apis/ {
rewrite /apis/(.*) /$1 break;# 移除了'/apis',$1表示正则中括号匹配到的第一串
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8080;
}4)禁止爬虫访问。创建agent_deny存储配置,在server中使用include引用
#禁止Scrapy等工具的抓取
if ($http_user_agent ~* (Scrapy|Curl|HttpClient|Python)) {
return 403;
}
#禁止指定UA及UA为空的访问
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|python|^$" ) {
return 403;
}
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 403;
}
# 只允许此ip访问
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($proxy_add_x_forwarded_for !~ "127.0.0.1") {
return 403;
}5)转发端口
安装转发功能模块
yum install nginx-mod-stream -y
在nginx.conf最外层添加转发配置
stream {
upstream mysql {
hash $remote_addr consistent;
# 转发的地址和端口
server 192.168.1.2:3306 weight=5 max_fails=3 fail_timeout=30s;
}
server {
listen 3306; # 监听的端口
proxy_connect_timeout 10s;
proxy_timeout 300s;
proxy_pass mysql;
}
}
浙公网安备 33010602011771号