nginx配置与说明备忘

拉取镜像
docker pull nginx
运行nginx镜像并进入容器
docker run -ti nginx /bin/bash

把文件挂载开放
docker run -p 80:80 -p 443:443 \
-v /kdatas/docker/nginx/conf:/etc/nginx/conf.d \
-v /kdatas/docker/nginx/cert:/etc/nginx/cert \
-v /kdatas/docker/nginx/www:/usr/share/nginx/html \
-v /kdatas/docker/nginx/logs:/var/log/nginx -d \
nginx:alpine

--name nginx \

docker run -d  \ 
-p 80:80 -p 443:443  \ 
-v /kdatas/docker/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /kdatas/docker/nginx/conf.d:/etc/nginx/conf.d \
-v /kdatas/docker/nginx/logs:/var/log/nginx \
-v /kdatas/docker/nginx/cert:/etc/nginx/cert \  nginx
nginx:alpine 



docker run -d -p 80:80 --name nginx 
-v ~/nginx/www:/usr/share/nginx/html 
-v ~/nginx/conf/nginx.conf:/etc/nginx/nginx.conf 
-v ~/nginx/logs:/var/log/nginx 
nginx

docker run -d --name nginx \
# 挂载配置文件
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \
# 挂载证书目录
-v /etc/nginx/cert:/etc/nginx/cert \
# 挂载日志目录
-v /var/log/nginx:/var/log/nginx \
-v /root/react-demo:/root/react-demo \
# 时间同步
-v /etc/localtime:/etc/localtime \
-p 80:80 \
-p 443:443 \
# 增加host映射
--add-host server01:172.26.245.47 \
--add-host server02:172.26.245.48 \
nginx:alpine


# 创建容器
docker run -it -d --name mynginx -p 9999:80 
-v /shw/nginx/html:/usr/share/nginx/html 
-v /shw/nginx/conf/nginx.conf:/etc/nginx/nginx.conf 
-v /shw/nginx/conf/default.conf:/etc/nginx/conf.d/default.conf  
-v /shw/nginx/logs:/var/log/nginx nginx
命令说明:
docker run -it -d --name mynginx  #名称
-p 9999:80  # 端口映射
-v /shw/nginx/html:/usr/share/nginx/html  # 挂载资源路径
-v /shw/nginx/conf/nginx.conf:/etc/nginx/nginx.conf  #挂载主配置文件
-v /shw/nginx/conf/default.conf:/etc/nginx/conf.d/default.conf   # 挂载默认配置文件,反向代理就是从这个配置文件中配置
-v /shw/nginx/logs:/var/log/nginx nginx # 挂载日志文件


docker run --name nginx-test -p 8001:80 
-v /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro 
-v/usr/local/nginx/conf.d:/etc/nginx/conf.d:ro 
-v /usr/local/nginx/html/:/usr/share/nginx/html:rw 
-d nginx
v:第一个是挂在nginx的配置文件
-v: 第三个是挂在nginx的默认文件
-v:第三个是挂在nginx的html页面/usr/local/nginx/conf/nginx.conf:
本地路径/etc/nginx/nginx.conf:容器的路径
ro :文件权限设置为只读
rw :文件权限可读可写

docker run -d \
-p 80:80 \
--name my-nginx \
--restart=always \
--net mynetwork --ip 172.18.0.2 --privileged=true  \
-v /opt/docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/docker/nginx/conf/conf.d:/etc/nginx/conf.d \
-v /opt/docker/nginx/html:/usr/share/nginx/html \
-v /opt/docker/nginx/logs:/var/log/nginx \
nginx


docker run -d --name nginx -p 80:80 \
-v /usr/local/work/docker/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/work/docker/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
-v /usr/local/work/docker/nginx/www:/usr/share/nginx/html \
-v /usr/local/work/docker/nginx/logs:/var/log/nginx \
nginx


ssl证书配置

listen 443 ssl;
#填写绑定证书的域名
server_name www.test.com;
ssl on;
ssl_certificate /路径/www.test.com.crt;
ssl_certificate_key /路径/www.test.com.key;
ssl_session_timeout 5m;
#按照这个协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#按照这个套件配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

// 运行容器
docker run -di --name mynginx \
        -p 443:443\
        -p 80:80 \
        --privileged=true \
        -v /opt/nginx/data:/usr/share/nginx/html:rw\
        -v /opt/nginx/config/nginx.conf:/etc/nginx/nginx.conf/:rw\
        -v /opt/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf:rw\
        -v /opt/nginx/logs:/var/log/nginx/:rw\
        -v /opt/nginx/ssl:/ssl \
        -d nginx


server {
        listen       80;
        server_name www.test.com;
        index  index.html index.php index.htm;
        error_page  400 /errpage/400.html;
        error_page  403 /errpage/403.html;
        error_page  404 /errpage/404.html;
        error_page  503 /errpage/503.html;
        location / {
                proxy_pass http://blog_real_servers;
                include naproxy.conf;
        }
}

原nginx配置ssl写法

server {

listen 443;

server_name localhost;

ssl on;

root html;

index index.html index.htm;

ssl_certificate cert/a.pem;

ssl_certificate_key cert/a.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

location / {

root html;

index index.html index.htm;

}

}

https和http共存nginx配置写法
server {

listen 80;

listen 443 ssl;

server_name localhost;

#ssl on;

root html;

index index.html index.htm;

ssl_certificate cert/a.pem;

ssl_certificate_key cert/a.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

location / {

root html;

index index.html index.htm;

}

}