docker_nginx反向代理多个容器实例, 这里使用的是 qnap 中的 Container Station 跑的docker.
目的: 在使用同一个外网端口(443)的情况下, 通过反向代理 二级域名 到 多个容器的不同端口上. 同时使用 https 加持
例如: a.xx.com -> 实例a:3000, b.xx.com -> 实例a:4000
前置物料
- 阿里云注册的域名, 及其免费证书.
- 公网ip
- docker 实例 , 这里是 gogs, 容器 web 端口是 3000
docker nginx 启动
-
拉个官网镜像.
docker pull nginx
-
https 正式丢到 DockerData/nginx/certs 下.
- get到阿里云的免费证书,有效期是一年:参考这里:https://segmentfault.com/a/1190000009220479 , 下载 nginx 的证书
-
跑起来, 这里用的是 qnap
-
链接了两个 docker 实例
:gogs:3000
:hexo:4000 -
端口映射, 主要是 443 https端口
443:443
32770:80 -
挂载文件
DockerData/nginx/certs:/certs # 挂载 阿里云 下载的 nginx证书
DockerData/nginx/conf:/etc/nginx/conf.d # 配置文件. 详细配置看这里 反向代理配置添加配置文件
server { listen 443 ssl; server_name gogs.abc.com; # 阿里云域名 ssl_certificate /certs/cert_gogs/214816825520979.pem; # 两个证书路径 ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gogs:3000; # 代理链接的gogs web端口 } client_max_body_size 512M; access_log /var/log/nginx/gogs.abc.com.log; }
-
-
run 起来后访问
多域名绑定同一个ip
同一台机子绑定了多个二级域名, 将二级域名的记录值CNAME到主域名即可
参考: https://github.com/chenhw2/aliyun-ddns-cli/issues/10
hexo docker: https://hub.docker.com/r/ipple1986/hexo/
gogos 使用 https 及 二级域名 加持
需要修改gogs中修改两个参数, 才能https中显示正确, 并 clone
[server] DOMAIN = gogs.abc.com ROOT_URL = https://gogs.abc.com/
https://gogs.abc.com/yangxuan/ArtRes_ItsCharOld.git
开启 gzip
-
nginx代理所有都开启gzip, 修改配置文件 /etc/nginx/nginx.conf
... gzip on; gzip_min_length 1000; gzip_buffers 4 8k; gzip_types text/plain application/x-javascript text/css application/xml application/javascript application/json; gzip_comp_level 3; ...
-
重启nginx
-
打开Chrome查看是否开启成功
相关详细配置
反向代理配置
自定义文件 /etc/nginx/conf.d/my_nginx.conf
# http conf # server { # listen 80; # server_name gogs.abc.com; # access_log /var/log/nginx/www.abc.access.log main; # error_log /var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:3000; # } # } # http redirect to https server { listen 80; server_name abc.com www.abc.com; rewrite ^(.*) https://$host$1 permanent; } # https conf server { listen 443 ssl; server_name www.abc.com; ssl_certificate /certs/cert_www/214597807690979.pem; ssl_certificate_key /certs/cert_www/214597807690979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; index index.html index.htm; } # location / { # proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://127.0.0.1; # } client_max_body_size 512M; access_log /var/log/nginx/www.abc.com.log; } server { listen 443 ssl; server_name gogs.abc.com; ssl_certificate /certs/cert_gogs/214816825520979.pem; ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gogs:3000; } client_max_body_size 512M; access_log /var/log/nginx/gogs.abc.com.log; } server { listen 443 ssl; server_name blog.abc.com; ssl_certificate /certs/cert_blog/214816925260979.pem; ssl_certificate_key /certs/cert_blog/214816925260979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://hexo:4000; } client_max_body_size 512M; access_log /var/log/nginx/blog.abc.com.log; } # server { # listen 80; # server_name gossh.abc.com; # access_log /var/log/nginx/www.abc.access.log main; # error_log /var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host $http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:23522; # } # }
原文链接:https://blog.csdn.net/yangxuan0261/article/details/80903878