原文链接:wmwm.me/article/472…
nginx.conf
user nginx;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log notice;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server {
listen 80;
listen 443 ssl http2;
server_name [域名或IP];
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
location / {
# nginx的network设置成host模式
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
......其他域名的代理配置
###################其他没匹配到域名 启用如下规则###################
server {
listen 80 default_server;
listen 443 ssl http2 default_server;
server_name _; # 下划线表示没有匹配到规则的主机名
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
return 404;
}
}
nginx_logrotate.conf
/var/log/nginx/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
}
容器启动脚本start.sh
docker run -d \
--name nginx \
--restart=always \
--network host \
-e TZ=Asia/Shanghai \
-v ${PWD}/ssl/fullchain.pem:/etc/nginx/ssl/fullchain.pem \
-v ${PWD}/ssl/privatekey.pem:/etc/nginx/ssl/privatekey.pem \
-v ${PWD}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ${PWD}/nginx_logrotate.conf:/etc/logrotate.d/nginx:ro \
-v ${PWD}/nginx_logs:/var/log/nginx \
nginx:alpine
--name容器名字--restart总是重启--network设置为host模式,方便nginx进行端口转发,如果不用host模式,在nginx容器内部做端口转发,就比较麻烦,需要知道每个容器的IP地址才行-e设置环境变量,将时区设置成Asia/Shanghaifullchain.pem和privatekey.pem是ssl证书,从注册域名的网站可以获取nginx.confnginx的端口转发配置文件nginx_logrotate.conf日志轮转,达到定期清理日志的作用nginx_logs日志文件夹,方便查看日志
将以上所有文件准备好,目录结构如下
--nginx.conf
--nginx_logrotate.conf
--nginx_logs
--ssl
----fullchain.pem
----privatekey.pem
--start.sh
最后执行start.sh脚本
