线上Nginx镜像构建及容器使用

1.Dockerfile-nginx文件内容:

FROM CentOS:latest

MAINTAINER nan
RUN yum -y install gcc gcc-c++ make \
openssl-devel pcre-devel gd-devel \
libxml2-devel libxslt-devel zlib-devel \
gd-devel perl-ExtUtils-Embed \
iproute net-tools telnet wget curl && \
yum clean all && \
useradd -s /sbin/nologin -M nginx && \
mkdir -p /var/tmp/nginx && \
rm -rf /var/cache/yum/
RUN wget &&\
tar -zxvf nginx-1.15.9.tar.gz && \
cd nginx-1.15.9 && \
./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/usr/local/nginx/conf/nginx.conf --error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid \
--user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module \
--with-threads --with-file-aio --with-http_v2_module \
--with-http_realip_module --with-http_addition_module \
--with-http_xslt_module --with-http_image_filter_module \
--with-http_sub_module --with-http_flv_module \
--with-http_mp4_module --with-http_gunzip_module \
--with-http_gzip_static_module --with-http_auth_request_module \
--with-http_secure_link_module --with-http_slice_module \
--with-http_perl_module --with-compat \
--with-stream --with-stream_ssl_module --with-stream_realip_module \
--with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client \
--http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre && \
make -j 4 && make install && \
cd / && rm -rf nginx-1.15.9 && \
ls -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ENV PATH $PATH:/usr/local/nginx/sbin
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["nginx", "-g","daemon off;"]

2.构建镜像命令:


docker build -t nginx:v2 -f Dockerfile-nginx .

-t:代表 tag -f:指定dockerfile文件 .用当前目录的环境变量

3.从本地镜像仓库下载nginx镜像


docker pull xx.xx.xx.xx/library/nginx:v2

4,在要安装nginx的服务器创建目录


4.1 配置文件目录:mkdir -p /opt/nginx/conf/vhost

/opt/nginx/conf下有两个:一个为nginx.conf,设置nginx标准配置(随着业务可能需优化);标准配置文件详见nginx.conf
参考:


server_tokens off;
user nginx;
worker_processes 4;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log;
events
{
use epoll;
worker_connections 10240;

}
http{
log_format  main  '$remote_addr $remote_user [$time_local] "$request" '
              '$status $body_bytes_sent "$http_referer" '
              '$http_user_agent $http_x_forwarded_for $request_time $upstream_response_time $upstream_addr $upstream_status';
access_log  /var/log/nginx/access.log  main;               
include      mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;       
sendfile on;
tcp_nopush    on;     
keepalive_timeout 60;
send_timeout 15;
tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

gzip on;
gzip_min_length 1k;
gzip_buffers    4 32k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types      text/plain application/x-Javascript text/css application/xml;
gzip_vary on;
include /usr/local/nginx/conf/vhost/*.conf;

}


> 另一个为vhost,vhost配置不同的域名解析文件(就是真正的业务配置)
>  vhost下的文件统一命名格式:域名.conf
参考:

upstream gw_ma {
server xx.xx.xx.xx:5601;

}

server {

listen 80;

server_name ;
access_log /usr/local/nginx/logs/www.nan.com.log;
error_log /usr/local/nginx/logs/www.nan.com.err;

listen  443 ssl;

ssl_buffer_size 4k;
ssl_certificate  /usr/local/nginx/cert/1_gw.nan_bundle.crt;  #在docker启动镜像的时候挂载证书目录; /opt/nginx/vert
ssl_certificate_key /usr/local/nginx/cert/2_gw.nan.com.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/a0e17ba3a9328d4e2e4b1f4eb3ebcdaf.html