使用Docker安装Nginx

启动命令

docker run -d -p 80:80 --name nginx -v $PWD/nginx.conf:/etc/nginx/nginx.conf -v $PWD/conf.d/:/etc/nginx/conf.d/ -v $PWD/ssl/:/etc/nginx/ssl/ --restart unless-stopped nginx:1.14.2

ssl：目录下放置ssl证书

nginx.conf：全局配置文件

conf.d/www.demo.com.conf：对应域名配置

参考配置：

nginx.conf

user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections 65535;
    multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    charset utf-8;
    server_tokens off;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    reset_timedout_connection on;
    client_max_body_size 4096m;
    open_file_cache max=65535 inactive=60s;
    open_file_cache_min_uses 3;
    open_file_cache_valid 60s;
    gzip on;
    gzip_min_length 256;
    gzip_types *;

    include /etc/nginx/conf.d/*.conf;

}

conf.d/www.demo.com.conf

server {
    listen 80;
    server_name www.demo.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen 443 quic reuseport;
    http2 on;
    quic_retry on;
    ssl_early_data on;
    quic_gso on;
    server_name www.demo.com;
    ssl_certificate /etc/nginx/ssl/www.demo.com.pem;
    ssl_certificate_key /etc/nginx/ssl/www.demo.com.key;
    ssl_session_cache shared:SSL:100m;
    ssl_session_timeout 1h;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:8060;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Alt-Svc 'h3=":443"; ma=86400';
    }

}