# Nginx 环境配置
作者:小傅哥
博客:https://bugstack.cn (opens new window)
沉淀、分享、成长,让自己和他人都能有所收获!😄
- 停止:
docker stop Nginx
- 重启:
docker restart Nginx
- 删除服务:
docker rm Nginx
- 删除镜像:
docker rmi Nginx
- 进入服务:
docker exec -it Nginx /bin/bash
- 配置文件:nginx - conf/html/logs/ssl (opens new window)
# 一、基础安装
docker run \
--restart always \
--name Nginx \
-d \
-p 80:80 \
nginx
2
3
4
5
6
- restart 重启策略,always 是一直保持重启。如果不设置,可以把这条删掉。
never\always
8090
- 容器端口、80
- 服务器端口,这样外部通过80端口即可访问。
# 二、管理配置
首次部署 nginx 后,其实我们还不好操作配置文件。也就是 Nginx 的配置文件是在 Docker 容器的程序下,只有把它拷贝到服务器上才好操作。
# 1. 进入 Nginx
进入程序:docker exec -it Nginx /bin/bash - 退出程序:exit
[root@vultr ~]# docker exec -it Nginx /bin/bash
root@ed8dc07f2ae6:/# ls
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@ed8dc07f2ae6:/# cd etc/nginx/
root@ed8dc07f2ae6:/etc/nginx# ls
conf.d fastcgi_params mime.types modules nginx.conf scgi_params uwsgi_params
root@ed8dc07f2ae6:/etc/nginx# pwd
/etc/nginx
root@ed8dc07f2ae6:/# cd /usr/share/nginx/html
root@ed8dc07f2ae6:/usr/share/nginx/html# ls
50x.html index.html
root@ed8dc07f2ae6:/usr/share/nginx/html# cat index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@ed8dc07f2ae6:/usr/share/nginx/html#
root@ed8dc07f2ae6:/usr/share/nginx/html# exit
exit
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
- 配置:
/etc/nginx
- 网页:
/usr/share/nginx/html
# 2. 拷贝 Nginx
创建目录
[root@vultr ~]# mkdir -p /data/nginx/conf
[root@vultr ~]# mkdir -p /data/nginx/html
2
拷贝文件
[root@vultr ~]# docker container cp Nginx:/etc/nginx/nginx.conf /data/nginx/conf
[root@vultr ~]# docker container cp Nginx:/usr/share/nginx/html/index.html /data/nginx/html
2
查看信息
[root@vultr ~]# ls /data/nginx/conf/
nginx.conf
[root@vultr ~]# ls /data/nginx/html/
index.html
2
3
4
# 3. 部署 Nginx
docker run \
--restart always \
--name Nginx \
-d \
-v /data/nginx/html:/usr/share/nginx/html \
-v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-p 80:80 \
nginx
2
3
4
5
6
7
8
- 重启:
sudo service nginx restart
# 三、证书安装
# 4.1 创建证书
SSL 免费的证书,一种是 ssl - 支持自动续期 (opens new window) 另外各个云服务厂商都有提供,可以自己申请。这里以阿里云/京东云举例;
- 阿里云免费域名证书:https://yundun.console.aliyun.com/?p=cas#/certExtend/free/cn-hangzhou (opens new window)
- 京东云免费域名证书:https://certificate-console.jdcloud.com/jsecssl/create?fastConfig=false&certBrand=TrustAsia&certType=domainType&protectionType=DV-1&gDomainCount=0 (opens new window) - 选择 TrustAsia 单域名 3个月 0元
- 步骤1;通过免费的方式创建 SSL,之后通过引导的 DNS 方式进行验证。其实就是在你的域名里配置下验证信息。
- 步骤2;申请后,3-5分钟左右 DNS 会验证通过,这个时候你直接下载 Nginx 的 SSL 包即可。里面有2个文件【x.key、x.pem】
# 4.2 准备内容
# 4.2.1 单个证书
- 把下载好的 SSL 文件解压到桌面,你会得到一个文件夹,里面含有 x.key、x.pem 两个文件。
- 创建一个 default.conf 这个文件配置的 SSL 信息
server {
listen 80;
listen [::]:80;
server_name openai.xfg.im;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name openai.xfg.im;
ssl_certificate /etc/nginx/ssl/9740289_openai.xfg.im.pem;
ssl_certificate_key /etc/nginx/ssl/9740289_openai.xfg.im.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
- 你可以复制这份文件,在自己本地创建。注意修改域名和SSL文件路径。
# 4.2.2 多个证书
如果你需要给1个以上的域名配置SSL,那么可以配置多组 server 如下;
server {
listen 80;
listen [::]:80;
server_name itedus.cn;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name itedus.cn;
ssl_certificate /etc/nginx/ssl/9750021_itedus.cn.pem;
ssl_certificate_key /etc/nginx/ssl/9750021_itedus.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
listen [::]:80;
server_name chatgpt.itedus.cn;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name chatgpt.itedus.cn;
ssl_certificate /etc/nginx/ssl/9749920_chatgpt.itedus.cn.pem;
ssl_certificate_key /etc/nginx/ssl/9749920_chatgpt.itedus.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://180.76.119.100:3002;
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# 4.3 上传文件
你可以通过 SFTP
工具或者 mkdir -p
、touch
命令创建一些服务器本地用于映射的文件夹和文件,这里小傅哥使用了 Termius (opens new window) 工具进行创建操作。
- 文件1;html
- 文件2;ssl - 把本地的 ssh 文件上传进来
- 文件3;conf - 在 conf 下有个
conf.d
的文件夹,把default.conf
上传进去。而 nginx.conf 传到 conf 中。 - 文件4;logs - 创建日志
# 4.4 启动服务
在 nginx.conf 的配置文件有这么一句;include /etc/nginx/conf.d/*.conf;
那么只要是 conf.d 文件夹下的文件都会被加载。所以直接在 conf.d/default.conf 配置 SSL 就会被加载。接下来重新安装 Nginx 即可。安装前记得删除 Nginx 你可以用命令【docker stop Nginx、docker rm Nginx】或者在 Portainer 中操作即可
docker run \
--name Nginx \
-p 443:443 -p 80:80 \
-v /data/nginx/logs:/var/log/nginx \
-v /data/nginx/html:/usr/share/nginx/html \
-v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /data/nginx/conf/conf.d:/etc/nginx/conf.d \
-v /data/nginx/ssl:/etc/nginx/ssl/ \
--privileged=true -d --restart=always nginx
2
3
4
5
6
7
8
9
# 五、重定向
# 1. default.conf
在 default.conf 中添加如下配置后重启 Nginx 即可;
location /d5fe/ {
rewrite ^/d5fe/(.*)$ /$1 break;
proxy_pass https://api.x.com;
proxy_ssl_server_name on;
proxy_set_header Host api.x.com;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
2
3
4
5
6
7
8
9
10
11
12
13
# 2. auth_request
server {
listen 80;
listen [::]:80;
server_name api.xfg.im;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name api.xfg.im;
ssl_certificate /etc/nginx/ssl/9877497_api.xfg.im.pem;
ssl_certificate_key /etc/nginx/ssl/9877497_api.xfg.im.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /usr/share/nginx/html;
index index.html index.htm;
}
location /abc/ {
auth_request /auth;
rewrite ^/abc/(.*)$ /$1 break;
proxy_pass https://api.x.com;
proxy_ssl_server_name on;
proxy_set_header Host api.x.com;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /auth {
# 发送子请求到HTTP服务,验证客户端的凭据,返回响应码
internal;
# 设置参数
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
# 验证成功,返回200 OK
proxy_pass http://207.246.123.*:8090/auth/token?$query;
# 发送原始请求
proxy_pass_request_body off;
# 清空 Content-Type
proxy_set_header Content-Type "";
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
其他资料:Nginx 简明教程 @dunwu (opens new window) - 非常适合学习Nginx配置。