===============================================
2018/7/29_第1次修改 ccb_warlock
===============================================
nginx作为市场占有率较高的http和反向代理服务,各种需要用到http和网页服务的项目经常需要用nginx做反代,故通过docker部署nginx也是最近的工作之一,故整理完部署后进行记录。
一、前提条件
- 环境中已经部署了docker swarm(http://www.cnblogs.com/straycats/p/8978135.html)
- 最好也部署了portainer(http://www.cnblogs.com/straycats/p/8978201.html)
- 默认服务器为IP:192.168.12.1
- 默认swarm创建了network:my-net
二、部署nginx
2.1 创建映射的本地目录
mkdir -p /usr/docker-vol/nginx/conf/conf.d mkdir -p /usr/docker-vol/nginx/logs mkdir -p /usr/docker-vol/nginx/ssl
2.2 创建配置文件
# 创建nginx.conf
vi /usr/docker-vol/nginx/conf/nginx.conf
# 将nginx.cnf文件上传到/usr/docker-vol/nginx/conf目录下
user nginx; worker_processes auto; pid /run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; keepalive_timeout 65; sendfile on; tcp_nopush on; gzip on; # gzip_disable "msie6"; # 指定日志为json格式,键值对的格式 log_format access_log_json '{"user_ip":"$http_x_real_ip","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_req":"$request","http_code":"$status","body_bytes_sents":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}'; # 限制上传文件的大小(M) # types_hash_max_size 2048; # include的内容放在log_format之后日志格式的定义才生效 include /etc/nginx/conf.d/*.conf;
2.3 配置反代
# 编辑反代配置文件
vi /usr/docker-vol/nginx/conf/conf.d/www.conf
# 将下面的内容添加到www.conf文件内,wq保存
server { listen 80; server_name mydomain.com www.mydomain.com; autoindex on; autoindex_localtime on; access_log off; error_log off; location ^~ /image/ { client_max_body_size 10m; proxy_pass http://192.168.12.1:5000/image/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location / { proxy_pass https://192.168.12.1:5001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; root html; index index.html index.htm; } }
2.4 增加证书及密钥文件
将证书文件和密钥文件放到/usr/docker-vol/nginx/ssl目录下。
2.5 配置nginx-stack.yml
cd
vim nginx-stack.yml
# 编辑nginx-stack.yml,wq保存
version: '3.6' services: nginx: image: nginx:1.14.0-alpine environment: - TZ=Asia/Shanghai volumes: # nginx的配置文件 - /usr/docker-vol/nginx/conf/nginx.conf:/etc/nginx/nginx.conf - /usr/docker-vol/nginx/conf/conf.d/:/etc/nginx/conf.d/ - /usr/docker-vol/nginx/ssl/:/etc/nginx/ssl/ - /usr/docker-vol/nginx/logs/:/var/log/nginx/ deploy: replicas: 1 restart_policy: condition: on-failure update_config: parallelism: 1 delay: 10s monitor: 30s max_failure_ratio: 0.1 order: start-first ports: - 80:80 - 443:443 networks: - my-net networks: my-net: external: true
PS.获取请求真实IP的配置方案
docker service create --name nginx --mount type=bind,source=/usr/docker-vol/nginx/conf/nginx.conf,target=/etc/nginx/nginx.conf,readonly=false --mount type=bind,source=/usr/docker-vol/nginx/conf/conf.d/,target=/etc/nginx/conf.d/,readonly=false --mount type=bind,source=/usr/docker-vol/nginx/ssl,target=/etc/nginx/ssl,readonly=false --mount type=bind,source=/usr/docker-vol/nginx/logs/,target=/var/log/nginx/,readonly=false -p "mode=host,target=80,published=80" -p "mode=host,target=443,published=443" --replicas 1 --restart-condition any --network gm-net --update-parallelism 1 --update-delay 3s --update-monitor 10s --update-max-failure-ratio 0.1 --update-order stop-first --limit-cpu 0.5 --limit-memory 300M nginx:1.14.0-alpine
参考资料:
1. https://www.cnblogs.com/wwzyy/p/8337965.html
2. http://www.runoob.com/docker/docker-install-nginx.html
3. http://www.ttlsa.com/nginx/use-nginx-proxy/
4. https://blog.csdn.net/bolg_hero/article/details/42105987