热门标签
热门文章
- 1知识库指南4.0|AIGC & Web3 & 元宇宙发展趋势的学习与实践指引
- 2TextIn文档解析方案:使用大模型文档问答,我们可以不再长时间等待吗?_textin方案
- 3【最优控制笔记】——4自适应动态规划3_自适应动态规划中值迭代和策略迭代的区别
- 4《数据库系统概论》笔记_数据库系统概论笔记
- 5Git分支篇git branch和git checkout
- 62021-06-22
- 7ollama 部署自己微调过的模型_ollama导入safetensors
- 8浅谈数据仓库,数据中台,数据湖三者之间的区别,_数据湖数据仓库数据中台之间的关系
- 9Spark调优 | 不可避免的 Join 优化
- 10浏览器安装GTP插件
当前位置: article > 正文
【docker启动nginx】_docker 启动nginx
作者:菜鸟追梦旅行 | 2024-06-18 06:25:38
赞
踩
docker 启动nginx
docker启动nginx
docker启动nginx
nginx一般用做web服务器,一般为了公网访问需要申请https证书,并进行配置,本次自己制作证书。
使用容器后,需要考虑网络以及配置和日志的持久化,本次复用宿主机网络,生产环境一般来说做端口映射。
集群一般在前置添加负载均衡即可。
1. 抓取镜像并生成目录
docker pull nginx:1.21.6 &&
mkdir -p /home/nginx/conf &&
mkdir -p /home/nginx/logs &&
mkdir -p /home/nginx/ssl &&
mkdir -p /home/nginx/conf/conf.d
- 1
- 2
- 3
- 4
- 5
2. 生成自签名证书(生产环境需要到CA申请)
2.1 首先将openssl拷贝到nginx/ssl目录
cp /etc/pki/tls/openssl.cnf /home/nginx/ssl
- 1
2.2 编辑 openssl.cnf
vi /home/nginx/ssl/openssl.cnf
- 1
[ req ] req_extensions = v3_req //取消对应的注释
- 1
2.3 生成证书
cd /home/nginx/ssl &&
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -config openssl.cnf -extensions v3_req -keyout /home/nginx/ssl/nginx.key -out /home/nginx/ssl/nginx.crt
- 1
- 2
上面的证书生成命令请依次输入口令:XX XX XX XX XX (回车) (回车)
cp /home/nginx/ssl/nginx.crt /home/nginx/ssl/space.crt &&
cp /home/nginx/ssl/nginx.key /home/nginx/ssl/space.key
- 1
- 2
3. 生成Nginx basic认证密码
3.1 安装httpd工具
yum install httpd-tools -y
- 1
3.2 生成密码文件
htpasswd -c -d /home/nginx/conf/conf.d/admin_pwd admin
- 1
然后输入16位随机密码
注意:如果要删除密码文件:htpasswd -D -d /home/nginx/conf/conf.d/admin_pwd admin
3.3 配置密码文件
tee /home/nginx/conf/conf.d/admin_pwd.config <<-'EOF'
auth_basic "login";
auth_basic_user_file /etc/nginx/conf.d/admin_pwd;
EOF
- 1
- 2
- 3
- 4
4. 配置Nginx
4.1 生成nginx.conf文件
tee /home/nginx/conf/nginx.conf <<-'EOF' user nginx; worker_processes auto; worker_cpu_affinity auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; client_max_body_size 200m; sendfile on; #tcp_nopush on; keepalive_timeout 65; proxy_connect_timeout 1s; #gzip on; root /usr/share/nginx/html; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $remote_addr; #如果不是第一层Nginx代理(例如学校防火墙就是Nginx代理),则要配置为$proxy_add_x_forwarded_for; include /etc/nginx/conf.d/*.conf; server_tokens off; } EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
4.2 生成default.conf(包含各个server块,每个server块监听指定的server_name和port)
tee /home/nginx/conf/conf.d/default.conf <<-'EOF'
include /etc/nginx/conf.d/*_server;
EOF
- 1
- 2
- 3
- 4
4.3 生成80_server(将HTTP请求转发为对应的HTTPS请求)
tee /home/nginx/conf/conf.d/80_server <<-'EOF'
server {
listen 80;
server_name 0.0.0.0;
#return 301 https://$host$request_uri;
rewrite ^(.*)$ https://$host$1 permanent;
}
EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
4.4 生成admin_9443_server文件(用于管理员访问etcd, es, kibana, grafana等)
tee /home/nginx/conf/conf.d/admin_9443_server <<-'EOF' server { listen 9443 ssl http2; server_name 192.168.100.149; ssl_certificate /etc/nginx/ssl/nginx.crt; #使用自签名证书 ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; server_tokens off; #charset koi8-r; access_log /var/log/nginx/access-admin.log; error_log /var/log/nginx/error-admin.log; #添加basic认证 include /etc/nginx/conf.d/admin_pwd.config; location /es { rewrite /es(.*) $1 break; proxy_pass http://libsys-cluster-3:9200; } location /es_log { rewrite /es_log(.*) $1 break; proxy_pass http://libsys-prom:9201; } location /kibana { proxy_pass http://libsys-cluster-3:5601; } location /kibana_log { proxy_pass http://libsys-prom:5602; } location /rc { proxy_pass http://libsys-cluster-3:9877; } location /prom { proxy_pass http://libsys-prom:9090; } location /grafana/ { proxy_pass http://libsys-prom:3000/; proxy_set_header X-WEBAUTH-USER admin; proxy_set_header Authorization ""; } location /tools-etcd { proxy_pass http://127.0.0.1:8089; } location /nc { proxy_pass http://127.0.0.1:8150; } location /bigdata-local { proxy_pass http://libsys-mongo:8889; } location /libsys-ldbs { proxy_pass http://127.0.0.1:8052; } location ~ ^/tools-etcd/.*\.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css|json|woff|ttf|eof|woff2)$ { gzip on; gzip_min_length 100k; gzip_types text/plain application/javascript application/x-javascript text/css application/xml application/json text/javascript; } } EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
4.5 生成meta_locations(一般无需改变)
tee /home/nginx/conf/conf.d/meta_locations <<-'EOF' location /meta-local/devops { proxy_pass http://meta-devops; } location /meta-local/common { proxy_pass http://meta-admin; } location /meta-local/sys { proxy_pass http://meta-admin; } location /meta-local/user { proxy_pass http://meta-admin; } location /meta-local/job { proxy_pass http://meta-admin; } location /meta-local/admin { proxy_pass http://meta-admin; } location /meta-local/pdf { proxy_pass http://meta-admin; } location /meta-local/acq { proxy_pass http://meta-acq; } location /meta-local/serial { proxy_pass http://meta-acq; } location /meta-local/ckb { proxy_pass http://meta-acq; } location /meta-local/file { proxy_pass http://meta-acq; } location /meta-local/res { proxy_pass http://meta-res; } location /meta-local/dc { proxy_pass http://meta-dc; } location /meta-local/cs { proxy_pass http://meta-cs; } location /meta-local/erm { proxy_pass http://meta-erm; } location /meta-local/social { proxy_pass http://meta-social; } location = /meta-local/stat { proxy_pass http://meta-stat; } location /meta-local/stat/ { proxy_pass http://meta-stat; } location /meta-local/indexer { proxy_pass http://meta-indexer; } location /meta-local/sync { proxy_pass http://meta-sync; } location /meta-local/opac { proxy_read_timeout 60; proxy_pass http://meta-opac; } location /meta-local/wechat { proxy_read_timeout 60; proxy_pass http://meta-wechat; } location /meta-local/api { proxy_pass http://meta-api; } location /meta-local/gateway { proxy_pass http://gateway; } location /meta-local/app/server { proxy_pass http://meta-appserver; } location /meta/ { proxy_pass http://meta-web/; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; } location ~ ^/meta/assets/(.*) { proxy_pass http://meta-web; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; rewrite ^/meta(.*) /$1 break; } location ~ ^/meta/(.*)\.(js|css|woff|woff2|ttf|svg|eot|otf)$ { proxy_pass http://meta-web; include /etc/nginx/conf.d/include.d/proxy; #add_header x_debug $upstream_addr; #add_header x_debug $request; access_log off; expires 1y; add_header Cache-Control 'max-age=31536000'; # one year rewrite ^/meta(.*) /$1 break; } location /space/ { proxy_pass http://meta-space/; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; } location ~ ^/space/(css|fonts|img|js) { proxy_pass http://meta-space; include /etc/nginx/conf.d/include.d/proxy; #add_header x_debug $upstream_addr; #add_header x_debug $request; access_log off; expires 1y; add_header Cache-Control 'max-age=31536000'; # one year rewrite ^/space(.*) /$1 break; } location /mspace/ { proxy_pass http://meta-mspace/; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; } location ~ ^/mspace/(css|fonts|img|js) { proxy_pass http://meta-mspace; include /etc/nginx/conf.d/include.d/proxy; #add_header x_debug $upstream_addr; #add_header x_debug $request; access_log off; expires 1y; add_header Cache-Control 'max-age=31536000'; # one year rewrite ^/mspace(.*) /$1 break; } #----- redirect to mobile check (starts) -----# set $mobile_rewrite do_not_perform; # this regex string is actually much longer to match more mobile devices if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle") { set $mobile_rewrite perform; } if ($mobile_rewrite = perform) { rewrite ^/space/(.*) /mspace/$1 redirect; break; } if ($mobile_rewrite = do_not_perform) { rewrite ^/mspace/(.*) /space/$1 redirect; break; } #----- redirect to mobile check (ends) -----# EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
4.6 生成extra_locations(一般无需改变)
tee /home/nginx/conf/conf.d/extra_locations <<-'EOF'
location /oss {
rewrite /oss(.*) $1 break;
proxy_set_header Host libsys-mongo:9000;
proxy_pass http://oss;
}
EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
4.7 生成meta_server
tee /home/nginx/conf/conf.d/meta_server <<-'EOF' upstream oss { server libsys-mongo:9000; } upstream meta-acq { server 127.0.0.1:8021; } upstream meta-admin { server 127.0.0.1:8020; } upstream meta-cs { server 127.0.0.1:8024; } upstream meta-dc { server 127.0.0.1:8023; } upstream meta-devops { server 127.0.0.1:8028; } upstream meta-erm { server 127.0.0.1:8025; } upstream gateway { server 127.0.0.1:20000; } upstream meta-indexer { server 127.0.0.1:8019; } upstream meta-opac { server 127.0.0.1:8030; } upstream meta-res { server 127.0.0.1:8022; } upstream meta-social { server 127.0.0.1:8027; } upstream meta-stat { server 127.0.0.1:8029; } upstream meta-sync { server 127.0.0.1:8013; } upstream meta-web { server 127.0.0.1:10010; } upstream meta-space { server 127.0.0.1:10011; } upstream meta-mspace { server 127.0.0.1:10012; } upstream meta-wechat { server 127.0.0.1:8013; } upstream meta-api { server 127.0.0.1:8012; } upstream meta-appserver { server 127.0.0.1:8011; } server { listen 443 ssl http2 default_server; server_name 0.0.0.0; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; server_tokens off; #charset koi8-r; access_log /var/log/nginx/access-meta.log; error_log /var/log/nginx/error-meta.log; proxy_read_timeout 1800; #确定使用这么大的超时?对读者服务的可以使用较小的超时,例如opac,wechat gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml; include /etc/nginx/conf.d/extra_locations; location ~ /(status|metrics|extra_metrics)(/?)$ { return 404; } include /etc/nginx/conf.d/meta_locations; #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /usr/share/nginx/html; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } server { listen 8079; server_name 127.0.0.1; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; server_tokens off; #charset koi8-r; access_log /var/log/nginx/access-meta.log; error_log /var/log/nginx/error-meta.log; proxy_read_timeout 1800; #确定使用这么大的超时?对读者服务的可以使用较小的超时,例如opac,wechat gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml; location ~ /(status|metrics|extra_metrics)(/?)$ { return 404; } include /etc/nginx/conf.d/meta_locations; #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /usr/share/nginx/html; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } server { listen 443 ssl http2; server_name _; ssl_certificate /etc/nginx/ssl/space.crt; ssl_certificate_key /etc/nginx/ssl/space.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; server_tokens off; #charset koi8-r; access_log /var/log/nginx/access-space.log; error_log /var/log/nginx/error-space.log; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml; include /etc/nginx/conf.d/extra_locations; location ~ /(status|metrics|extra_metrics)(/?)$ { return 404; } location /meta-local/wechat { proxy_pass http://meta-wechat; } location /meta-local/opac { proxy_pass http://meta-opac; } location /space/ { proxy_pass http://meta-space/; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; } location ~ ^/space/(css|fonts|img|js) { proxy_pass http://meta-space; include /etc/nginx/conf.d/include.d/proxy; #add_header x_debug $upstream_addr; #add_header x_debug $request; access_log off; expires 1y; add_header Cache-Control 'max-age=31536000'; # one year rewrite ^/space(.*) /$1 break; } location /mspace/ { proxy_pass http://meta-mspace/; include /etc/nginx/conf.d/include.d/proxy; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"; expires 0; } location ~ ^/mspace/(css|fonts|img|js) { proxy_pass http://meta-mspace; include /etc/nginx/conf.d/include.d/proxy; #add_header x_debug $upstream_addr; #add_header x_debug $request; access_log off; expires 1y; add_header Cache-Control 'max-age=31536000'; # one year rewrite ^/mspace(.*) /$1 break; } #----- redirect to mobile check (starts) -----# set $mobile_rewrite do_not_perform; # this regex string is actually much longer to match more mobile devices if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle") { set $mobile_rewrite perform; } if ($mobile_rewrite = perform) { rewrite ^/space/(.*) /mspace/$1 redirect; break; } if ($mobile_rewrite = do_not_perform) { rewrite ^/mspace/(.*) /space/$1 redirect; break; } #----- redirect to mobile check (ends) -----# } EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
4.8 生成proxy选项
mkdir -p /home/nginx/conf/conf.d/include.d &&
tee /home/nginx/conf/conf.d/include.d/proxy <<-'EOF'
proxy_cache off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
EOF
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
5. 启动Docker
docker run -d --net=host --name nginx --restart=always \
-v /etc/localtime:/etc/localtime:ro \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/conf/conf.d/:/etc/nginx/conf.d:ro \
-v /home/nginx/logs:/var/log/nginx \
-v /home/nginx/ssl:/etc/nginx/ssl:ro \
-v /home/nginx/html:/usr/share/nginx/html \
nginx:1.21.6
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
6. 打通防火墙
firewall-cmd --permanen --add-port 80/tcp &&
firewall-cmd --permanen --add-port 443/tcp &&
firewall-cmd --permanen --add-port 9443/tcp &&
firewall-cmd --reload
- 1
- 2
- 3
- 4
7. 外部访问验证
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/734020
推荐阅读
相关标签
