docker安装nginx

安装 Nginx

● 下载Nginx镜像

# 拉取镜像
docker pull nginx

# 查询镜像
docker images

● 创建配置文件

mkdir -p /home/nginx/conf.d
mkdir -p /home/nginx/config
mkdir -p /home/nginx/html
mkdir -p /home/nginx/logs
mkdir -p /home/nginx/ssl

● 启动容器将配置文件复制到宿主机目录中

# 启动容器
docker run --name nginx -p 80:80 -d nginx

# 复制容器中的配置文件到宿主机新建的目录下
docker cp nginx:/etc/nginx/nginx.conf /home/nginx/config/
docker cp nginx:/etc/nginx/conf.d /home/nginx
docker cp nginx:/usr/share/nginx/html /home/nginx

● 停止容器并删除

1 2	docker stop nginx docker rm nginx

● 默认配置文件

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

● 修改配置文件

前置条件：
● 域名DNS解析,
● SSL证书放置到/home/nginx/ssl目录下
● 服务器防火墙指定ip的443, 80 端口正常开启
因为/home/nginx/config/nginx.conf中：include引入了/etc/nginx/conf.d/*.conf，故直接对 /home/nginx/conf.d/default.conf 进行配置

server {
    # https 监听端口
    listen 443 ssl;
    # 监听域名
    server_name xxx.com;
    root /var/www/xxx.com;
    index index.html index.htm;
    # 引入证书
    ssl_certificate  /etc/nginx/ssl/xxx.com.pem;
    ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
    ssl_session_timeout 5m;
    ssl_prefer_server_ciphers on;

	# 默认80端口转发
    location / {
       proxy_pass   http://127.0.0.1:18080/;
    }
	
	# 域名后缀转发https:xxx.com/xxx
    location /xxx/ {
       proxy_pass   http://127.0.0.1:8801/;
       proxy_set_header X-Forwarded-Scheme  http;
       proxy_redirect off;
       proxy_set_header Host $host:$server_port;
       proxy_set_header X-Real_IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Host $server_name;
    }

}
server {
	# https 监听端口
    listen 80;
    # 监听域名
    server_name xxx.com;
    #rewrite ^(.*)$ https://$host$1 permanent;
    rewrite ^(.*) https://$server_name$1 permanent;
}

案例：

server {
    # https 监听端口
    listen 443 ssl;
    # 监听域名
    server_name apis.medianos.com;
    root /var/www/apis.medianos.com;
    index index.html index.htm;
    # 引入证书
    ssl_certificate  /etc/nginx/ssl/apis.medianos.com.pem;
    ssl_certificate_key /etc/nginx/ssl/apis.medianos.com.key;
    ssl_session_timeout 5m;
    ssl_prefer_server_ciphers on;

        # 默认80端口转发
    location / {
       proxy_pass   http://127.0.0.1:18080/;
    }

        # 域名后缀转发https:xxx.com/xxx
    location /ey240005/pro/ {
       proxy_pass   http://127.0.0.1:6001/;
       proxy_set_header X-Forwarded-Scheme  http;
       proxy_redirect off;
       proxy_set_header Host $host:$server_port;
       proxy_set_header X-Real_IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Host $server_name;
    }

}
server {
        # https 监听端口
    listen 80;
    # 监听域名
    server_name apis.medianos.com;
    #rewrite ^(.*)$ https://$host$1 permanent;
    rewrite ^(.*) https://$server_name$1 permanent;
}

● 启动Nginx 容器

1 2	这里的Nginx与转发目标在一个服务器上，故直接采用host模式如果不在一个服务器上，可自行将 --net=host 替换为http和https端口映射 -p 443:443 -p 80:80

docker run --name nginx --net=host \
 -v /home/nginx/html:/usr/share/nginx/html \
 -v /home/nginx/config/nginx.conf:/etc/nginx/nginx.conf/ \
 -v /home/nginx/conf.d:/etc/nginx/conf.d \
 -v /home/nginx/logs:/var/log/nginx/ \
 -v /home/nginx/ssl:/etc/nginx/ssl/ \
 --privileged=true \
 -d --restart=always nginx

1
2
3

# 需要注意：-v /home/nginx/ssl:/etc/nginx/ssl/ 
Docker 使用 -v 参数将宿主机的路径 /home/nginx/ssl 挂载到容器的 /etc/nginx/ssl，所以在容器内部，Nginx 只能访问到 /etc/nginx/ssl/...。换句话说，容器内的 Nginx 不能直接访问宿主机上的路径 /home/nginx/ssl/...
因此，容器中的 Nginx 配置文件应该使用 容器内的路径 /etc/nginx/ssl/... 来访问证书文件。