我们的应用场景比较简单,没有用到反向代理,负载均衡。只用到了搭建一个web服务器。 准备,下载安装完成docker
- 1、配置docker加速(为了下载镜像更快,因为镜像大部分在国外。你懂的) 访问http://www.daocloud.io/mirror,注册一个用户
-
2、下载nginx镜像 在docker下点kitematic,搜索nginx,点create,完成后会自动下载并创建一个nginx容器
-
3、创建一个目录docker 你自己随便决定一个目录下创建一个docker目录,并在docker下创建nginx目录。
在nginx下创建两个目录。conf.d和www
conf.d目录下主要放配置文件
default.conf:负责网站的配置
gzip.config:负责gzip压缩功能的配置
ssl.config:负责ssl连接配置
default.conf文件的代码如下
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /var/lib/nginx/www/;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
gzip.config代码如下
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml application/javascript image/jpeg image/png image/gif image/bmp;
ssl.config代码如下
#ssl_certificate conf.d/h5.parsec.com.cn.pem;
#ssl_certificate_key conf.d/h5.parsec.com.cn.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
#以下配置HSTS http header可以告诉浏览器重定向到https,可选添加'includeSubDomains; preload',
#但是不建议使用HSTS预加载列表(如果要使用需要去相关浏览器网站注册申请)
#如果要同时支持http/https,不应添加此设置
#如果浏览器访问过https的域名,那么在max-age失效前,此浏览器将不能访问对应的http域名(自动修改为https)
#除非清空浏览器的全部缓存或者删除缓存的HSTS,或者重新配置指定max-age=0,然后让浏览器再次访问
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security 'max-age=15768000' ;
我们的网站静态文件就放在www目录下
在run-nginx.sh脚本目录下运行这个脚本 ./run-nginx.sh run-nginx.sh脚本如下
#!/bin/bash
mkdir -p ~/docker/nginx/www
mkdir -p ~/docker/nginx/conf.d
echo "server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /var/lib/nginx/www/;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php\$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php\$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts\$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
" > ~/docker/nginx/conf.d/default.conf
echo "gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain text/css text/xml application/javascript image/jpeg image/png image/gif image/bmp;" > ~/docker/nginx/conf.d/gzip.config
echo "#ssl_certificate conf.d/h5.parsec.com.cn.pem;
#ssl_certificate_key conf.d/h5.parsec.com.cn.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
#以下配置HSTS http header可以告诉浏览器重定向到https,可选添加'includeSubDomains; preload',
#但是不建议使用HSTS预加载列表(如果要使用需要去相关浏览器网站注册申请)
#如果要同时支持http/https,不应添加此设置
#如果浏览器访问过https的域名,那么在max-age失效前,此浏览器将不能访问对应的http域名(自动修改为https)
#除非清空浏览器的全部缓存或者删除缓存的HSTS,或者重新配置指定max-age=0,然后让浏览器再次访问
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security 'max-age=15768000' ;" > ~/docker/nginx/conf.d/ssl.config
docker run \
--name nginx \
-d \
-p 80:80 \
-v ~/docker/nginx/www:/var/lib/nginx/www:ro \
-v ~/docker/nginx/conf.d:/etc/nginx/conf.d \
--restart=always \
nginx
注意/var/lib/nginx/www 这个路径实际是映射了我们的网站目录/docker/nginx/www
然后用脚本run-nginx.sh启动nginx就可以访问我们的站点了。 运行localhost
