docker_nginx反向代理多个容器实例, 这里使用的是 qnap 中的 Container Station 跑的docker.
目的: 在使用同一个外网端口(443)的情况下, 通过反向代理 二级域名 到 多个容器的不同端口上. 同时使用 https 加持
例如: a.xx.com -> 实例a:3000, b.xx.com -> 实例a:4000
前置物料
- 阿里云注册的域名, 及其免费证书.
- 公网ip
- docker 实例 , 这里是 gogs, 容器 web 端口是 3000
docker nginx 启动
拉个官网镜像.
docker pull nginxhttps 正式丢到 DockerData/nginx/certs 下.
- get到阿里云的免费证书,有效期是一年:参考这里:https://segmentfault.com/a/1190000009220479 , 下载 nginx 的证书
跑起来, 这里用的是 qnap
链接了两个 docker 实例
:gogs:3000
:hexo:4000
端口映射, 主要是 443 https端口
443:443
32770:80
挂载文件
DockerData/nginx/certs:/certs # 挂载 阿里云 下载的 nginx证书
DockerData/nginx/conf:/etc/nginx/conf.d # 配置文件. 详细配置看这里 反向代理配置添加配置文件
server { listen 443 ssl; server_name gogs.abc.com; # 阿里云域名 ssl_certificate /certs/cert_gogs/214816825520979.pem; # 两个证书路径 ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gogs:3000; # 代理链接的gogs web端口 } client_max_body_size 512M; access_log /var/log/nginx/gogs.abc.com.log; }
run 起来后访问
多域名绑定同一个ip
同一台机子绑定了多个二级域名, 将二级域名的记录值CNAME到主域名即可
参考: https://github.com/chenhw2/aliyun-ddns-cli/issues/10
hexo docker: https://hub.docker.com/r/ipple1986/hexo/
gogos 使用 https 及 二级域名 加持
需要修改gogs中修改两个参数, 才能https中显示正确, 并 clone
[server]
DOMAIN = gogs.abc.com
ROOT_URL = https://gogs.abc.com/https://gogs.abc.com/yangxuan/ArtRes_ItsCharOld.git
开启 gzip
nginx代理所有都开启gzip, 修改配置文件 /etc/nginx/nginx.conf
# vi /etc/nginx/nginx.conf # 加入以下配置 ... #gzip on; #启用gzip gzip on; #需要压缩文件的最小尺寸,单位是B gzip_min_length 1000; #gzip文件缓存大小 gzip_buffers 4 8k; # 4和8之间有个空格的啊 #gzip压缩文件格式,以下涵盖了一般所需的类型 gzip_types text/plain application/x-javascript text/css application/xml application/javascript application/json; #gzip压缩等级,数值越高压缩得越狠,也越占资源 gzip_comp_level 3; ...重启nginx
打开Chrome查看是否开启成功
相关详细配置
反向代理配置
自定义文件 /etc/nginx/conf.d/my_nginx.conf
# http conf
# server {
# listen 80;
# server_name gogs.abc.com;
# access_log /var/log/nginx/www.abc.access.log main;
# error_log /var/log/nginx/www.abc.error.log error;
# location / {
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://gogs:3000;
# }
# }
# http redirect to https
server {
listen 80;
server_name abc.com www.abc.com;
rewrite ^(.*) https://$host$1 permanent;
}
# https conf
server
{
listen 443 ssl;
server_name www.abc.com;
ssl_certificate /certs/cert_www/214597807690979.pem;
ssl_certificate_key /certs/cert_www/214597807690979.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# location / {
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://127.0.0.1;
# }
client_max_body_size 512M;
access_log /var/log/nginx/www.abc.com.log;
}
server
{
listen 443 ssl;
server_name gogs.abc.com;
ssl_certificate /certs/cert_gogs/214816825520979.pem;
ssl_certificate_key /certs/cert_gogs/214816825520979.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gogs:3000;
}
client_max_body_size 512M;
access_log /var/log/nginx/gogs.abc.com.log;
}
server
{
listen 443 ssl;
server_name blog.abc.com;
ssl_certificate /certs/cert_blog/214816925260979.pem;
ssl_certificate_key /certs/cert_blog/214816925260979.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://hexo:4000;
}
client_max_body_size 512M;
access_log /var/log/nginx/blog.abc.com.log;
}
# server {
# listen 80;
# server_name gossh.abc.com;
# access_log /var/log/nginx/www.abc.access.log main;
# error_log /var/log/nginx/www.abc.error.log error;
# location / {
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://gogs:23522;
# }
# }