技术架构笔记

docker-compose nginx安装

2021/3/2 nginxhttpsdocker-compose

构建环境:docker、docker-compose、centos7.9

# 配置文件

vim /docker/docker-compose.yml

version: "3.9"
services:
  nginx:
    image: nginx:1.21.0
    container_name: nginx
    restart: always
    privileged: true
    environment:
      - TZ=Asia/Shanghai
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime
      - /docker/nginx/conf.d:/etc/nginx/conf.d
      - /docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
      - /docker/nginx/log:/var/log/nginx
      - /docker/nginx/web:/web
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

mkdir -p /docker/nginx/conf.d mkdir -p /docker/nginx/conf mkdir -p /docker/nginx/web/www/dist echo "xfdmao" > /docker/nginx/web/www/dist/index.html

# nginx.conf

vim /docker/nginx/conf/nginx.conf

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 2;
    gzip_types text/plain application/javascript application/css  text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary off;
    gzip_disable "MSIE [1-6]\.";



    include /etc/nginx/conf.d/*.conf;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# conf.d

vim /docker/nginx/conf.d/project.conf

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location / {
        root   /web/www/dist/;
        add_header Cache-Control 'no-cache, no-store, must-revalidate,proxy-revalidate, max-age=0';
        index index.html index.htm;
        try_files $uri $uri/ /index.htm
    }
    location /files {
        alias   /root/govnetimg/files/;
        index  index.html index.htm;
    }
    location /apis {
        rewrite    ^.+apis/?(.*)$ /$1 break;
        proxy_pass   http://localhost:8965;
    }
    location /publiccms/ {
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_connect_timeout 3600;
        proxy_send_timeout 3600;
        proxy_read_timeout 3600;
        proxy_pass http://localhost:8080/publiccms/;
    }
    location /logs/ {
        alias /logs/boli/netty/;
        autoindex on;   #开启nginx目录浏览功能
        autoindex_exact_size off;   #文件大小从KB开始显示
        autoindex_localtime on;   #显示文件修改时间为服务器本地时间
    }
        
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# 运行

运行:docker-compose up -d
1

# 配置https

HTTPS (全称:Hyper Text Transfer Protocol over SecureSocket Layer),是以安全为目标的 HTTP 通道, 在HTTP的基础上通过传输加密和身份认证保证了传输过程的安全性 。 HTTPS 在HTTP 的基础下加入SSL,HTTPS 的安全基础是 SSL,因此加密的详细内容就需要 SSL。 HTTPS 存在不同于 HTTP 的默认端口及一个加密/身份验证层(在 HTTP与 TCP 之间)。 这个系统提供了身份验证与加密通讯方法。它被广泛用于万维网上安全敏感的通讯,例如交易支付、小程序等方面 。

# 证书申领

https://freessl.cn/ 根据自己需求选择品牌,不推荐亚洲诚信不支持小程序!只支持电脑 填写域名:fcat.top,*.fcat.top

创建免费的SSL证书

主机记录值:***
记录类型:CNAME
记录值:***

在购买域名处,配置域名认证信息。

认证后会弹出certbot部署命令,先安装certbot,再执行命令

yum -y install epel-release
yum -y install certbot
certbot部署命令
1
2
3

会生成两个关键文件:fullchain.pem、privkey.pem

# nginx配置https访问

vim /docker/nginx/conf.d/project.conf

server {
    listen       80;
    listen  [::]:80;
    charset utf-8,gbk;
    server_name            www.fcat.top;
    # 将请求转成https
    rewrite ^(.*)$ https://$host$1 permanent;
}

server {
    listen 443 ssl;
    server_name             www.fcat.top;
    ssl_certificate         /etc/nginx/fullchain.pem;
    ssl_certificate_key     /etc/nginx/privkey.pem;

    location / {
        root   /web/www/dist/;
        add_header Cache-Control 'no-cache, no-store, must-revalidate,proxy-revalidate, max-age=0';
        index index.html index.htm;
        try_files $uri $uri/ /index.html;
     }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

vim /docker/docker-compose.yml 增加https证书

      - /etc/letsencrypt/live/fcat.top/fullchain.pem:/etc/nginx/fullchain.pem
      - /etc/letsencrypt/live/fcat.top/privkey.pem:/etc/nginx/privkey.pem
1
2
3

访问:https://fcat.top/

Last Updated: 2023/12/14 12:30:56

shadowsocks安装