好物优选点击查看详情 京东购买

暂无内容

docker_nginx反向代理多个容器实例

docker_nginx反向代理多个容器实例, 这里使用的是 qnap 中的 Container Station 跑的docker.
目的: 在使用同一个外网端口(443)的情况下, 通过反向代理 二级域名 到 多个容器的不同端口上. 同时使用 https 加持
例如: a.xx.com -> 实例a:3000, b.xx.com -> 实例a:4000


前置物料

  1. 阿里云注册的域名, 及其免费证书.
  2. 公网ip
  3. docker 实例 , 这里是 gogs, 容器 web 端口是 3000

docker nginx 启动

  1. 拉个官网镜像. docker pull nginx

  2. https 正式丢到 DockerData/nginx/certs 下.

  3. 跑起来, 这里用的是 qnap

    1. 链接了两个 docker 实例

      :gogs:3000
      :hexo:4000

    2. 端口映射, 主要是 443 https端口

      443:443
      32770:80

    3. 挂载文件

      DockerData/nginx/certs:/certs # 挂载 阿里云 下载的 nginx证书
      DockerData/nginx/conf:/etc/nginx/conf.d # 配置文件. 详细配置看这里 反向代理配置

      添加配置文件

      server { listen 443 ssl; server_name gogs.abc.com; # 阿里云域名 ssl_certificate /certs/cert_gogs/214816825520979.pem; # 两个证书路径 ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gogs:3000; # 代理链接的gogs web端口 } client_max_body_size 512M; access_log /var/log/nginx/gogs.abc.com.log; }

  4. run 起来后访问


多域名绑定同一个ip

同一台机子绑定了多个二级域名, 将二级域名的记录值CNAME到主域名即可
参考: https://github.com/chenhw2/aliyun-ddns-cli/issues/10


hexo docker: https://hub.docker.com/r/ipple1986/hexo/


gogos 使用 https 及 二级域名 加持

需要修改gogs中修改两个参数, 才能https中显示正确, 并 clone

[server] DOMAIN = gogs.abc.com ROOT_URL = https://gogs.abc.com/

https://gogs.abc.com/yangxuan/ArtRes_ItsCharOld.git


开启 gzip

  1. nginx代理所有都开启gzip, 修改配置文件 /etc/nginx/nginx.conf

      ...   gzip on;  gzip_min_length 1000;  gzip_buffers 4 8k;   gzip_types text/plain application/x-javascript text/css application/xml application/javascript application/json;  gzip_comp_level 3; ...
  2. 重启nginx

  3. 打开Chrome查看是否开启成功


相关详细配置

反向代理配置

自定义文件 /etc/nginx/conf.d/my_nginx.conf

# http conf # server { # listen 80; # server_name gogs.abc.com; # access_log /var/log/nginx/www.abc.access.log main; # error_log /var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:3000; # } # } # http redirect to https server { listen 80; server_name abc.com www.abc.com; rewrite ^(.*) https://$host$1 permanent; } # https conf server { listen 443 ssl; server_name www.abc.com; ssl_certificate /certs/cert_www/214597807690979.pem; ssl_certificate_key /certs/cert_www/214597807690979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; index index.html index.htm; } # location / { # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://127.0.0.1; # } client_max_body_size 512M; access_log /var/log/nginx/www.abc.com.log; } server { listen 443 ssl; server_name gogs.abc.com; ssl_certificate /certs/cert_gogs/214816825520979.pem; ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gogs:3000; } client_max_body_size 512M; access_log /var/log/nginx/gogs.abc.com.log; } server { listen 443 ssl; server_name blog.abc.com; ssl_certificate /certs/cert_blog/214816925260979.pem; ssl_certificate_key /certs/cert_blog/214816925260979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://hexo:4000; } client_max_body_size 512M; access_log /var/log/nginx/blog.abc.com.log; } # server { # listen 80; # server_name gossh.abc.com; # access_log /var/log/nginx/www.abc.access.log main; # error_log /var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:23522; # } # }

原文链接:https://blog.csdn.net/yangxuan0261/article/details/80903878

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享