linux使用docker部署nginx

安装nginx

docker pull nginx

绑定端口和映射路径

docker run -d -p 80:80 -p 81:81 -p 82:82 --name nginx\
  -v /root/nginx/nginx.conf:/etc/nginx/nginx.conf \
  -v /root/nginx/conf.d:/etc/nginx/conf.d \
  -v /root/nginx/logs:/var/log/nginx \
  -v /root/nginx/html:/usr/share/nginx/html \
  -v /root/nginx/ssl:/etc/nginx/ssl \
  nginx

nginx配置模板

nginx.conf配置选项

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
        include /etc/nginx/conf.d/**/*.conf;

        #test_3d
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

conf.d下的文件配置模板

• 反向代理其他端口的服务

  server {
          listen 80;
          server_name zfxt.top;
          add_header Strict-Transport-Security max-age=15768000;
          return 301 https://$server_name$request_uri;
          location / {
              # 单个服务
              proxy_pass http://127.0.0.1:5244/;
              # 负载均衡
              # proxy_pass http://yourServers/;
              proxy_redirect off;
              proxy_set_header        X-Real-IP           $remote_addr;
              proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
              proxy_set_header        Host                $http_host;
              proxy_set_header        X-NginX-Proxy       true;
          }
      }
  server {
          listen 443 ssl;
          server_name zfxt.top;
          # 下面ssl开头的是HTTPS相关的设置
          ssl on;
          ssl_certificate          /root/.acme.sh/*.zfxt.top_ecc/fullchain.cer;
          ssl_certificate_key     /root/.acme.sh/*.zfxt.top_ecc/*.zfxt.top.key;
          ssl_session_timeout     3600m;#session有效期，根据需要适当延长
          ssl_session_cache       shared:SSL:10m;
          # 使用的加解密方式
          ssl_ciphers             ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
          # 支持的协议类型
          ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
          # 优先使用服务端的加解密方式
          ssl_prefer_server_ciphers on;     
          location / {
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Range $http_range;
          proxy_set_header If-Range $http_if_range;
          proxy_redirect off;
          proxy_pass http://127.0.0.1:5244;
          # the max size of file to upload
          client_max_body_size 20000m;
          }
  
      }

• 或者直接启动前端服务

  server {
          listen       80;
          server_name  zfxt.top;
          rewrite ^(.*)$ https://$host$1 permanent;
          #charset koi8-r;
  
          #access_log  logs/host.access.log  main;
  
          location   / {
              root html;
                  index index.html;
          }
  }
  server {
          listen       443 ssl;
          server_name  zfxt.top;
  
          ssl on;
          ssl_certificate         /root/.acme.sh/zfxt.top_ecc/fullchain.cer;
          ssl_certificate_key     /root/.acme.sh/zfxt.top_ecc/zfxt.top.key;
          ssl_session_timeout     3600m;#session有效期，根据需要适当延长
          ssl_session_cache       shared:SSL:10m;
  
          root /etc/nginx/conf.d/typecho;
          index index.php;
  
          ssl_ciphers             ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
          ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
          ssl_prefer_server_ciphers  on;
  
          #typecho
          location ~ .*\.php(\/.*)*$ {
                  root           /etc/nginx/conf.d/typecho/;
          fastcgi_split_path_info ^(.+?.php)(/.*)$;
                  fastcgi_pass  127.0.0.1:9000;
                  fastcgi_index  index.php;
                  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                  include        fastcgi_params;
          }
  
          #location / {
          #root /etc/nginx/conf.d/typecho;
          #index  index.html index.php;
          #}
          location /sentence {
                  proxy_pass http://localhost:8080/api/sentence;
          }
  
  
      }