docker pull nginx拷贝配置文件:
docker run -d -p 880:80 -p 4443:443 --name nginx \
-v /data/nginx/www:/usr/share/nginx/html \
-v /data/nginx/logs:/var/log/nginx \
nginxdocker container cp nginx:/etc/nginx /data/nginx/
cd /data/nginx/
mv nginx confdocker stop nginx
docker rm nginx创建欢迎页:
nano /data/nginx/www/index.htmldocker run -d -p 80:80 -p 443:443 --name nginx \
-v /data/nginx/www:/usr/share/nginx/html \
-v /data/nginx/logs:/var/log/nginx \
-v /data/nginx/conf:/etc/nginx \
nginx创建网站配置文件:
nano /data/nginx/conf/conf.d/【xxx.xxx.xxx.conf】server {
listen 80;
listen [::]:80;
server_name 【xxx.xxx xxx.xxx.xxx】;
access_log /var/log/nginx/【xxx.xxx.xxx】_nginx.log combined;
index index.html index.htm index.php;
root /usr/share/nginx/html;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked 【xxx.xxx xxx.xxx.xxx】;
if ($invalid_referer) {
return 403;
}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
deny all;
}
}docker stop nginx
docker run -d \
--cap-add=NET_ADMIN \
--name=letsencrypt \
-v /data/letsencrypt/【文件夹】:/config \
-e PGID=1002 -e PUID=1001 \
-e URL=【域名 or 根域名】 \
【-e SUBDOMAINS=www \】
-e VALIDATION=http \
-p 80:80 -p 443:443 \
-e TZ=Asia/Shanghai \
linuxserver/letsencrypt#查看日志输出(CTRL + z退出)
docker logs -f letsencrypt
#出现Server ready即成功mkdir /data/nginx/conf/ssl
cp -r /data/letsencrypt/【文件夹】 /data/nginx/conf/sslnano /data/nginx/conf/conf.d/【xxx.xxx.xxx.conf】server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/【文件夹】/keys/cert.crt;
ssl_certificate_key /etc/nginx/ssl/【文件夹】/keys/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 【xxx.xxx xxx.xxx.xxx】;
access_log /var/log/nginx/【xxx.xxx.xxx】_nginx.log combined;
index index.html index.htm index.php;
root /usr/share/nginx/html;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked 【xxx.xxx xxx.xxx.xxx】;
if ($invalid_referer) {
return 403;
}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
deny all;
}
}docker stop letsencrypt
docker start nginx安装PHP
docker run --name php-fpm -p 9000:9000 -v /data/nginx/www/:/usr/share/nginx/html -d php:fpmdocker stop nginxnano /data/nginx/conf/conf.d/【xxx.xxx.xxx.conf】server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/【文件夹】/keys/cert.crt;
ssl_certificate_key /etc/nginx/ssl/【文件夹】/keys/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 【xxx.xxx xxx.xxx.xxx】;
access_log /var/log/nginx/【xxx.xxx.xxx】_nginx.log combined;
index index.html index.htm index.php;
root /usr/share/nginx/html;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked 【xxx.xxx xxx.xxx.xxx】;
if ($invalid_referer) {
return 403;
}
}
location ~ \.php$ {
fastcgi_pass 【IP】:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
deny all;
}
}cd /data/nginx/www
echo "<?php echo phpinfo();" > info.phpdocker start nginx访问 【xxx.xxx.xxx】 /info.php出现配置信息及成功。
配置反向代理:
nano /data/nginx/conf/conf.d/【xxx.xxx.xxx.conf】server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/【文件夹】/keys/cert.crt;
ssl_certificate_key /etc/nginx/ssl/【文件夹】/keys/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 【xxx.xxx xxx.xxx.xxx】;
access_log /var/log/nginx/【xxx.xxx.xxx】_nginx.log combined;
index index.html index.htm index.php;
root /usr/share/nginx/html;
location ~ \.php$ {
fastcgi_pass 【IP】:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://【反代地址】/;
client_max_body_size 1000m;
}
}将域名转发到本地另一个端口上
server{
listen 80;
server_name good.uionm.com;
index index.php index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8080; # 转发规则
proxy_set_header Host $proxy_host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}这样访问 http://good.uionm.com 时就会转发到本地的 8080 端口
将域名转发到另一个域名
server{
listen 80;
server_name baidu.uionm.com;
index index.php index.html index.htm;
location / {
proxy_pass http://www.baidu.com;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}这样访问 http://baidu.uionm.com 时就会转发到 http://www.baidu.com
本地一个端口转发到另一个端口或另一个域名
server{
listen 80;
server_name 127.0.0.1; # 公网ip
index index.php index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8080; # 或 http://www.baidu.com
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}这样访问 http://127.0.0.1 时就会转发到本地的 8080 端口或 http://www.baidu.com
加 / 与不加 /
在配置proxy_pass代理转发时,如果后面的url加/,表示绝对根路径;如果没有/,表示相对路径
例如 加 /
server_name baidu.com
location /data/ {
proxy_pass http://127.0.0.1/;
}访问 http://uionm.com/data/index.html 会转发到 http://127.0.0.1/index.html
不加 /
server_name baidu.com
location /data/ {
proxy_pass http://127.0.0.1;
}访问 http://uionm.com/data/index.html 会转发到 http://127.0.0.1/data/index.html
https://www.maskviral.com/nginx-reverse-proxy.html
Nginx列表
location / {
root /usr/share/nginx/html;
index index.html index.htm;
# alias /var/log/nginx/;
#Nginx日志目录
autoindex on;
#打开目录浏览功能
autoindex_exact_size off;
#默认为on,显示出文件的确切大小,单位是bytes
#显示出文件的大概大小,单位是kB或者MB或者GB
autoindex_localtime on;
#默认为off,显示的文件时间为GMT时间。
#改为on后,显示的文件时间为文件的服务器时间
#add_header Cache-Control no-store;
#让浏览器不保存临时文件
}
Comments | NOTHING