docker nginx 配置https服務,負載均衡,反向代理項目(隱藏項目名) 並 解決容器時間與主機不一致問題

下載配置nginx docker 容器請參考: docker 安裝 nginx 並配置反向代理

在nginx docker 容器映射的 /root/nginx目錄下創建 cert 目錄

mkdir -p /root/nginx/cert

將https證書上傳到 /root/nginx/cert 目錄下

編輯進入 /root/nginx/conf 目錄 編輯 nginx.conf 配置文件

代碼裏已經寫了註釋,請仔細觀看,根據實際情況修改

關於 nginx 更多負載均衡配置 請看: Nginx服務器之負載均衡策略（6種）  

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    
    include /etc/nginx/conf.d/*.conf;
    client_max_body_size 100m;
	
	upstream tomcat {
        # 可以在此處添加多個 server 達到負載均衡配置 weight爲權重
        # max_fails=2 fail_timeout=30s 表明後端節點30秒內出現2次不可用情況，判定節點不可用
        # 判定不可用後10秒內請求不會轉發到此節點，直到30秒後重新檢測節點健康情況
        server  XX.XX.XXX.XXX:8080 weight=10 max_fails=2 fail_timeout=30s; # 服務器1 ip地址
        server  XX.XX.XXX.XXX:8080 weight=10 max_fails=2 fail_timeout=30s; # 服務器2 ip地址
	}
	
    server{
        listen 80;
        charset utf-8;
        server_name www.XXXX.cn; # 需要代理的ip或域名

        # 配置代理路徑
        location /projectName { # 項目名稱
	        proxy_pass https://www.XXXX.cn;
        }
	    # 對 / 路徑轉發
	    location = / {
            return 301 https://www.XXXX.cn;
        }
    }
	
	server{
        listen 443 ssl;
        charset utf-8;
        server_name www.XXXX.cn;
	   
	    ssl on;
        ssl_certificate   /etc/nginx/cert/2646121_www.XXXX.cn.pem; # https 證書
        ssl_certificate_key  /etc/nginx/cert/2646121_www.XXXX.cn.key; # https 證書
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location /projectName { # 項目名稱
	        proxy_pass http://tomcat;
        }
	   
	    location = / {
            return 302 /projectName; # 項目名稱
        }
    }
  
}

構建docker nginx 容器命令

docker run -p 80:80 --name nginx-web -p 443:443 -v /root/nginx/cert:/etc/nginx/cert -v /root/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /root/nginx/html:/usr/share/nginx/html -v /root/nginx/log:/var/log/nginx -v /etc/localtime:/etc/localtime:ro -d nginx

增加了證書路徑 -v /root/nginx/cert:/etc/nginx/cert 目錄映射

增加主機本機時間文件映射 -v /etc/localtime:/etc/localtime:ro 

增加了 443 端口配置