這裏寫下基於docker的構建,但配置文件還是和你單獨裝nginx區別不大的(我只是將不同項目的server提出來而已)
下面是我構建nginx容器的目錄安排
cert是放ssl證書的地方,證書是基於你在阿里後臺已經給域名配置(購買)好才生效的哈
我這裏將這個目錄掛載到了nginx容器中的/etc/nginx/cert(如果你是直接安裝的nginx就新建一個文件放進去,在server中配置就好)
conf裏面是nginx中對應不同項目的server配置,我是在nginx.conf進行including包含進去
web是放html/css的地方,不同的項目都是不同的文件夾(我是把web掛載到nginx容器中的var/www中)
docker-compose.yml 是nginx的創建文件,master是docker的網絡需要自己創建(創建方法我之前的文章中有),image是指定構建容器的鏡像,會默認下載nginx:laster版本,80和443是http和https要反問的端口,volumes是文件掛載就是把冒號左邊的文件和右邊容器中的文件連接起來,這樣就不用每次都去容器裏面進行改寫操作
version: '2'
networks:
default:
external:
name: master
services:
nginx:
image: nginx
container_name: nginx
restart: always
build: .
ports:
- "80:80"
- "443:443"
volumes:
- ./conf:/etc/nginx/conf.d
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./web:/var/www
- ./cert:/etc/nginx/cert
environment:
TZ: Asia/Shanghai
Dockerfile也是nginx的創建文件,from也指定哪個鏡像最好和上面那個文件中指定鏡像一致,run是構建是新增改目錄用戶上面提即的掛載需要,copy 將左邊中證書複製到容器裏面
FROM nginx
RUN mkdir -p /var/www
COPY ./cert/ /etc/nginx/cert/
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]
nginx.conf,nginx的全局配置文件,如果你直接將conf目錄中的server配置複製到這個裏面也是可以的,只是以後會很亂。
這個裏面的參數配置可以參考https://blog.csdn.net/tjcyjd/article/details/50695922
user nginx;
#工作進程:數目。根據硬件調整,通常等於CPU數量或者2倍於CPU。
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
#進程的最大連接數。
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
keepalive_timeout 400;
client_header_timeout 10m;
client_body_timeout 10m;
client_max_body_size 512m;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
sendfile on;
#tcp_nopush on;
#gzip on;
#將截圖中的conf目錄裏的不同項目的server配置包含進來
include /etc/nginx/conf.d/*.conf;
}
conf目錄中某一項目的server配置(一個項目有兩個server)
server {#這個是https的訪問配置
listen 443 ssl;
server_name ****-training.cert-***.com;#對應項目的域名,子域名是可以使用主域名的ssl證書的
#ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/2817251__cert-map.com.pem; #證書的路徑
ssl_certificate_key cert/2817251__cert-map.com.key; #證書的路徑
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / { #這些是前端的反問路徑
root /var/www/;
index index.html index.htm;
}
location /admin {
root /var/www/enterprise_***/;
}
location /mini {
root /var/www/enterprise_**/;
}
location /company {
root /var/www/enterprise_****/;
}
location /training-*** { #下面這些是訪問服務端的配置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_training_**:8081; #內部反問路徑,項目容器名稱+容器暴露端口
}
location /training-*** { 這個是外部訪問連接,nginx接受之後會轉發給內部反問路徑
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_training:8080;
}
location /training-enterprise-*** {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_training_***:8082;
}
}
server{ #這個是http訪問的路徑
listen 80;
server_name enterprise-training.cert-***;
location /page {
root /var/www/;
}
location /admin {
root /var/www/enterprise_***/;
}
location /mini {
root /var/www/enterprise_***/;
}
location /company {
root /var/www/enterprise_***/;
}
location /training-** {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_***:8081;
}
location /training-admin {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_**:8080;
}
location /training-enterprise-admin {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_pass http://enterprise_training_:8082;
}
# 跳轉到HTTPS
#return 301 https://$server_name$request_uri;
}
最後就是去到nginx目錄下運行docker-compose build和docker-compose up -d
就可以構建好nginx了(前提是你安裝後docker和docker-compose了,安裝的文章我前面都有寫的)