线上Nginx镜像构建及容器使用

1.Dockerfile-nginx文件内容:

FROM CentOS:latest

MAINTAINER nan RUN yum -y install gcc gcc-c++ make \ openssl-devel pcre-devel gd-devel \ libxml2-devel libxslt-devel zlib-devel \ gd-devel perl-ExtUtils-Embed \ iproute net-tools telnet wget curl && \ yum clean all && \ useradd -s /sbin/nologin -M nginx && \ mkdir -p /var/tmp/nginx && \ rm -rf /var/cache/yum/ RUN wget http://nginx.org/download/nginx-1.15.9.tar.gz &&\ tar -zxvf nginx-1.15.9.tar.gz && \ cd nginx-1.15.9 && \ ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid \ --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module \ --with-threads --with-file-aio --with-http_v2_module \ --with-http_realip_module --with-http_addition_module \ --with-http_xslt_module --with-http_image_filter_module \ --with-http_sub_module --with-http_flv_module \ --with-http_mp4_module --with-http_gunzip_module \ --with-http_gzip_static_module --with-http_auth_request_module \ --with-http_secure_link_module --with-http_slice_module \ --with-http_perl_module --with-compat \ --with-stream --with-stream_ssl_module --with-stream_realip_module \ --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client \ --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi \ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre && \ make -j 4 && make install && \ cd / && rm -rf nginx-1.15.9 && \ ls -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ENV PATH $PATH:/usr/local/nginx/sbin WORKDIR /usr/local/nginx EXPOSE 80 CMD ["nginx", "-g","daemon off;"]

2.构建镜像命令:

docker build -t nginx:v2 -f Dockerfile-nginx .

-t:代表 tag -f:指定dockerfile文件 .用当前目录的环境变量

3.从本地镜像仓库下载nginx镜像

docker pull xx.xx.xx.xx/library/nginx:v2

4,在要安装nginx的服务器创建目录

4.1 配置文件目录:mkdir -p /opt/nginx/conf/vhost

/opt/nginx/conf下有两个:一个为nginx.conf,设置nginx标准配置(随着业务可能需优化);标准配置文件详见nginx.conf 参考:

server_tokens off; user nginx; worker_processes 4; worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log; events { use epoll; worker_connections 10240;

} http{ log_format  main  '$remote_addr $remote_user [$time_local] "$request" '               '$status $body_bytes_sent "$http_referer" '               '$http_user_agent $http_x_forwarded_for $request_time $upstream_response_time $upstream_addr $upstream_status'; access_log  /var/log/nginx/access.log  main;                include      mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m;        sendfile on; tcp_nopush    on;      keepalive_timeout 60; send_timeout 15; tcp_nodelay on;

fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k;

gzip on; gzip_min_length 1k; gzip_buffers    4 32k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types      text/plain application/x-Javascript text/css application/xml; gzip_vary on; include /usr/local/nginx/conf/vhost/*.conf;

}

> 另一个为vhost,vhost配置不同的域名解析文件(就是真正的业务配置) >  vhost下的文件统一命名格式:域名.conf 参考:

upstream gw_ma { server xx.xx.xx.xx:5601;

}

server {

listen 80;

server_name www.nan.com; access_log /usr/local/nginx/logs/www.nan.com.log; error_log /usr/local/nginx/logs/www.nan.com.err;

listen  443 ssl;

ssl_buffer_size 4k; ssl_certificate  /usr/local/nginx/cert/1_gw.nan_bundle.crt;  #在docker启动镜像的时候挂载证书目录; /opt/nginx/vert ssl_certificate_key /usr/local/nginx/cert/2_gw.nan.com.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on;

location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gw_ma; }

}

4.2 日志文件目录:mdkir -p /opt/nginx/logs

5.启动容器

参考:docker run -d --name=nginx02 -p 9999:80 -v /opt/nginx/conf/nginx.conf:/usr/local/nginx/conf/nginx.conf -v /opt/nginx/conf/vhost/:/usr/local/nginx/conf/vhost/ -v /opt/nginx/logs/:/usr/local/nginx/logs/ xx.xx.xx.xx/library/nginx:v2