使用Docker安装Nginx
启动命令
docker run -d -p 80:80 --name nginx -v $PWD/nginx.conf:/etc/nginx/nginx.conf -v $PWD/conf.d/:/etc/nginx/conf.d/ -v $PWD/ssl/:/etc/nginx/ssl/ --restart unless-stopped nginx:1.14.2
ssl:目录下放置ssl证书
nginx.conf:全局配置文件
conf.d/www.demo.com.conf:对应域名配置
参考配置:
nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
client_max_body_size 4096m;
open_file_cache max=65535 inactive=60s;
open_file_cache_min_uses 3;
open_file_cache_valid 60s;
gzip on;
gzip_min_length 256;
gzip_types *;
include /etc/nginx/conf.d/*.conf;
}
conf.d/www.demo.com.conf
server {
listen 80;
server_name www.demo.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen 443 quic reuseport;
http2 on;
quic_retry on;
ssl_early_data on;
quic_gso on;
server_name www.demo.com;
ssl_certificate /etc/nginx/ssl/www.demo.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.demo.com.key;
ssl_session_cache shared:SSL:100m;
ssl_session_timeout 1h;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8060;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Alt-Svc 'h3=":443"; ma=86400';
}
}