===============================================
2018/7/29_第1次修改 ccb_warlock
===============================================
nginx作为市场占有率较高的http和反向代理服务,各种需要用到http和网页服务的项目经常需要用nginx做反代,故通过docker部署nginx也是最近的工作之一,故整理完部署后进行记录。
一、前提条件
- 环境中已经部署了docker swarm(http://www.cnblogs.com/straycats/p/8978135.html)
- 最好也部署了portainer(http://www.cnblogs.com/straycats/p/8978201.html)
- 默认服务器为IP:192.168.12.1
- 默认swarm创建了network:my-net
二、部署nginx
2.1 创建映射的本地目录
mkdir -p /usr/docker-vol/nginx/conf/conf.d
mkdir -p /usr/docker-vol/nginx/logs
mkdir -p /usr/docker-vol/nginx/ssl
2.2 创建配置文件
# 创建nginx.conf
vi /usr/docker-vol/nginx/conf/nginx.conf
# 将nginx.cnf文件上传到/usr/docker-vol/nginx/conf目录下
user nginx;
worker_processes auto;
pid /run/nginx.pid; events {
worker_connections 1024;
} http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65; sendfile on;
tcp_nopush on;
gzip on;
# gzip_disable "msie6"; # 指定日志为json格式,键值对的格式
log_format access_log_json '{"user_ip":"$http_x_real_ip","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_req":"$request","http_code":"$status","body_bytes_sents":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}'; # 限制上传文件的大小(M)
# types_hash_max_size 2048; # include的内容放在log_format之后日志格式的定义才生效
include /etc/nginx/conf.d/*.conf;
2.3 配置反代
# 编辑反代配置文件
vi /usr/docker-vol/nginx/conf/conf.d/www.conf
# 将下面的内容添加到www.conf文件内,wq保存
server {
listen 80;
server_name mydomain.com www.mydomain.com;
autoindex on;
autoindex_localtime on;
access_log off;
error_log off;
location ^~ /image/ {
client_max_body_size 10m;
proxy_pass http://192.168.12.1:5000/image/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass https://192.168.12.1:5001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root html;
index index.html index.htm;
}
}
2.4 增加证书及密钥文件
将证书文件和密钥文件放到/usr/docker-vol/nginx/ssl目录下。
2.5 配置nginx-stack.yml
cd
vim nginx-stack.yml
# 编辑nginx-stack.yml,wq保存
version: '3.6'
services: nginx:
image: nginx:1.14.0-alpine
environment:
- TZ=Asia/Shanghai
volumes:
# nginx的配置文件
- /usr/docker-vol/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
- /usr/docker-vol/nginx/conf/conf.d/:/etc/nginx/conf.d/
- /usr/docker-vol/nginx/ssl/:/etc/nginx/ssl/
- /usr/docker-vol/nginx/logs/:/var/log/nginx/
deploy:
replicas: 1
restart_policy:
condition: on-failure
update_config:
parallelism: 1
delay: 10s
monitor: 30s
max_failure_ratio: 0.1
order: start-first
ports:
- 80:80
- 443:443
networks:
- my-net networks:
my-net:
external: true
PS.获取请求真实IP的配置方案
docker service create --name nginx \
--mount type=bind,source=/usr/docker-vol/nginx/conf/nginx.conf,target=/etc/nginx/nginx.conf,readonly=false \
--mount type=bind,source=/usr/docker-vol/nginx/conf/conf.d/,target=/etc/nginx/conf.d/,readonly=false \
--mount type=bind,source=/usr/docker-vol/nginx/ssl,target=/etc/nginx/ssl,readonly=false \
--mount type=bind,source=/usr/docker-vol/nginx/logs/,target=/var/log/nginx/,readonly=false \
-p "mode=host,target=80,published=80" \
-p "mode=host,target=443,published=443" \
--replicas 1 \
--restart-condition any \
--network gm-net \
--update-parallelism 1 \
--update-delay 3s \
--update-monitor 10s \
--update-max-failure-ratio 0.1 \
--update-order stop-first \
--limit-cpu 0.5 \
--limit-memory 300M \
nginx:1.14.0-alpine
参考资料:
1. https://www.cnblogs.com/wwzyy/p/8337965.html
2. http://www.runoob.com/docker/docker-install-nginx.html