Docker 构建 Nginx

1、准备好所需的挂载文件夹#

mkdir -p /usr/local/nginx/{conf,html,logs,ssl}

将自己的ssl证书上传到ssl文件夹下。一共两个文件,分别是pemkey

2、拉取Nginx镜像#

docker pull nginx

3、创建临时容器,用于复制配置文件#

docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/conf.d /usr/local/nginx/conf
docker cp nginx:/etc/nginx/nginx.conf /usr/local/nginx/nginx.conf
docker stop nginx
docker rm nginx

 4、创建一个自己的配置文件,并编写配置(里面用到的都是容器目录)#

touch /usr/local/nginx/conf/example.conf
server {
    listen       80;
    server_name  example.com;
   
    # 重定向到https
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;
    server_name  example.com;

    # ssl 配置
    ssl_certificate      /etc/nginx/ssl/5441374__example.com.pem;
    ssl_certificate_key  /etc/nginx/ssl/5441374__example.com.key;

    # 反向代理到后端接口,[tduck-api]是后端在网络中的别名
    location /tduck-api/ {
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header REMOTE-HOST $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_pass http://tduck-api:8999;
    }

    # 默认映射到静态文件夹
    location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
    }
}

 5、创建Nginx容器#

docker run \
  --name nginx \
  -p 443:443 -p 80:80 \
  -v /usr/local/nginx/logs:/var/log/nginx \
  -v /usr/local/nginx/html:/usr/share/nginx/html \
  -v /usr/local/nginx/nginx.conf:/etc/nginx/nginx.conf \
  -v /usr/local/nginx/conf:/etc/nginx/conf.d \
  -v /usr/local/nginx/ssl:/etc/nginx/ssl \
  --network=my-network \
  --network-alias=nginx-alias \
  -e TZ=Asia/Shanghai \
  --privileged=true -d --restart=always nginx
  • logs:日志挂载目录
  • html:静态文件挂载目录
  • conf:配置挂载目录
  • ssl:证书挂载目录
  • network:非必须,要加入的网络
  • network-alias:被必须,在网络中的别名
  • TZ:时区
  • privileged:让容器对挂载目录拥有读写等特权

到这里就完成了!

6、参考配置#

1)负载均衡

upstream tduck-api-upstream {
    # weight 是权重
    server tduck-api:8999 weight=2;
    server tduck-api2:9000 weight=8;
}
server {
    listen       80;
    server_name  example.com;

    # 重定向到https
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;
    server_name  example.com;

    # ssl 配置
    ssl_certificate      /etc/nginx/ssl/5441374__example.com.pem;
    ssl_certificate_key  /etc/nginx/ssl/5441374__example.com.key;

    # 反向代理到后端接口,[tduck-api-upstream]是前面配置的 upstream 名
    location /tduck-api/ {
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header REMOTE-HOST $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_pass http://tduck-api-upstream:8999;
    }

    # 默认映射到静态文件夹
    location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
    }
}

 2)Nginx 504 Gateway time-out

# 配置请求体缓存区大小
client_max_body_size 500M;
client_body_buffer_size 128k;
client_header_buffer_size 16k;
fastcgi_intercept_errors on;

## 504报错解决,超时时间调整为30分钟
proxy_connect_timeout  1800s;
proxy_send_timeout  1800s;
proxy_read_timeout  1800s;
fastcgi_connect_timeout 1800s;
fastcgi_send_timeout 1800s;
fastcgi_read_timeout 1800s;

3)通过给URI带上/apis/统一转发到后端

location /apis/ {
    rewrite /apis/(.*) /$1 break;# 移除了'/apis',$1表示正则中括号匹配到的第一串
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://tomcat:8080;
}

4)禁止爬虫访问。创建agent_deny存储配置,在server中使用include引用

#禁止Scrapy等工具的抓取
if ($http_user_agent ~* (Scrapy|Curl|HttpClient|Python)) {
   return 403;
}

#禁止指定UA及UA为空的访问
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|python|^$" ) {
  return 403;
}
 
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
  return 403;
}

# 只允许此ip访问
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
if ($proxy_add_x_forwarded_for !~ "127.0.0.1") {
    return 403;
}

 5)转发端口

安装转发功能模块

?
1
yum install nginx-mod-stream -y

在nginx.conf最外层添加转发配置

?
1
2
3
4
5
6
7
8
9
10
11
12
stream {
    upstream mysql {
       hash $remote_addr consistent;<br>    # 转发的地址和端口
       server 192.168.1.2:3306 weight=5 max_fails=3 fail_timeout=30s;
    }
    server {
       listen 3306; # 监听的端口
       proxy_connect_timeout 10s;
       proxy_timeout 300s;
       proxy_pass mysql;
    }
}

  

作者:revil

出处:https://www.cnblogs.com/revil/p/16295844.html

版权:本作品采用「署名-非商业性使用-相同方式共享 4.0 国际」许可协议进行许可。

posted @   多久会在  阅读(249)  评论(0编辑  收藏  举报
相关博文:
·  Docker 构建 Springboot 应用
·  Docker 构建 Mysql
·  Docker部署Nginx
·  Docker中Nginx搭建以及配置
·  在docker容器中使用nginx,相关配置
阅读排行:
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 周边上新:园子的第一款马克杯温暖上架
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
more_horiz
keyboard_arrow_up light_mode palette
选择主题
menu
点击右上角即可分享
微信分享提示
AI IDE Trae