nginx

  1. [运行镜像]
  3.     : docker pull registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:2
  5.     # mkdir /opt/data/nginx/:/usr/local/nginx/
  6.     : docker run \
  7.     --name nginx-blog \
  8.     -p 80:80 -p 443:443 \
  9.   -v /opt/data/nginx/:/usr/local/nginx/ \
  10.     -d -it registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:2 \
  11.   ./run.sh
  13. [配置静态网站]
  15.     : ./nginx -s reload # 重启 nginx
  17.     : cd /opt/data/nginx/ && blog/ # 符合博客目录文件
  19.   : /usr/local/nginx/conf/nginx.conf
  21. worker_processes  1;
  22. events {
  23.     worker_connections  1024;
  24. }
  25. http {
  26.     include       mime.types;
  27.     default_type  application/octet-stream;
  28.     sendfile        on;
  29.     keepalive_timeout  65;
  31.     server {
  32.         listen       80;
  33.         server_name  localhost;
  34.         location / {
  35.             root   html;
  36.             index  index.html index.htm;
  37.         }
  38.         error_page   500 502 503 504  /50x.html;
  39.         location = /50x.html {
  40.             root   html;
  41.         }
  42.     }
  43. }
  45. // 添加服务配置
  46.     server {
  47.         listen       80;
  48.         server_name  blog.thinxz.cn;
  49.         location / {
  50.             root   blog;
  51.             index  index.html index.htm;
  52.         }
  53.         error_page   500 502 503 504  /50x.html;
  54.         location = /50x.html {
  55.             root   html;
  56.         }
  57.     }

安装

  1. [1、安装 基本编译工具及库]
  3.     : yum install update
  5.     : yum install -y \
  6.     vim wget curl
  8.     : yum install -y \
  9.     zlib zlib-devel libtool \
  10.     openssl openssl-devel \
  11.     gcc-c++ make
  1. [2、安装 PCRE - 作用是让 Nginx 支持 Rewrite 功能]
  3.     : wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
  5.     : tar zxvf pcre-8.35.tar.gz && cd pcre-8.35
  7.     : ./configure  && make //: make install # 不执行安装
  9.     : pcre-config --version
  11.  [3、安装 Nginx]
  13.     : wget http://nginx.org/download/nginx-1.6.2.tar.gz
  14.     // wget http://nginx.org/download/nginx-1.9.0.tar.gz
  16.     : tar zxvf nginx-1.6.2.tar.gz && cd nginx-1.6.2
  18.     // 简单编译项目
  19.     ./configure --prefix=/opt/nginx/bin \
  20.     --with-pcre=/opt/nginx/pcre-8.35 \
  21.     --with-http_ssl_module \
  22.     --with-stream
  24.     # /opt/nginx/pcre-8.35 # 下载编译目录
  25.     # /usr/local/nginx # nginx 安装目录, 注意路径, 配置成安装路径
  26.     ./configure \
  27.     --prefix=/usr/local/nginx \
  28.     --with-http_stub_status_module \
  29.     --with-http_ssl_module \
  30.     --with-pcre=/opt/nginx/pcre-8.35
  32.         // --with-http_stub_status_module
  33.     --user=www --group=www \
  34.     --with-http_gzip_static_module \
  35.     --http-client-body-temp-path=/usr/local/nginx/tmp/client/ \
  36.     --http-proxy-temp-path=/usr/local/nginx/tmp/proxy/ \
  37.     --http-fastcgi-temp-path=/usr/local/nginx/tmp/fcgi/ \
  38.     --with-poll_module \
  39.     --with-file-aio \
  40.     --with-http_realip_module \
  41.     --with-http_addition_module \
  42.     --with-http_addition_module \
  43.     --with-http_random_index_module --with-http_stub_status_module
  44.     --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp
  45.     --http-scgi-temp-path=/usr/local/nginx/scgi_temp
  47.     : make // make install
  49.   : /usr/local/nginx/sbin/nginx -v
  1. [commit]
  3.     : docker login --username=thinxz registry.cn-hangzhou.aliyuncs.com
  4.   : docker commit -m="ngrok" -a="thinxz" cid registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:2
  5.   : docker push registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:2
  7. [run]
  9.     : docker run \
  10.     --name nginx09 \
  11.     -p 80:80 -p 443:443 \
  12.   -v /opt/data/nginx/:/usr/local/nginx/ \
  13.     -d -it registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:2 \
  14.   ./run.sh
  16. [run.sh]
  17. #!/bin/sh
  18. # run
  19. rm -rf /usr/local/nginx/nginx-run.log
  21. echo y | cp -rf /opt/nginx/ngconf/* /usr/local/nginx/
  23. ./opt/nginx/nginx-1.6.2/objs/nginx -c /usr/local/nginx/conf/nginx.conf 2>&1 | tee /usr/local/nginx/nginx-run.log
  25. # suspend main
  26. read -p "press any key to continue." var

配置

  1. [1、创建Nginx 运行使用的用户]
  3.     : /usr/sbin/groupadd thinxz
  4.     : /usr/sbin/useradd -g thinxz thinxzpassword
  5.     : passwd thinxzpassword
  7.  [2、配置nginx.conf ]
  9.     : 查看配置文件 cat /usr/local/nginx/conf/nginx.conf
  11.  [3、测试配置文件]
  13.     : /usr/local/nginx/sbin/nginx -t
  15.  [4、启动Nginx]
  17.     : /usr/local/nginx/sbin/nginx
  18.     : /usr/local/nginx/sbin/nginx -s reload            # 重新载入配置文件
  19.     : /usr/local/nginx/sbin/nginx -s reopen            # 重启 Nginx
  20.     : /usr/local/nginx/sbin/nginx -s stop              # 停止 Nginx
  1. [nginx docker run]
  3.   docker run \
  4.     --name nginx06 \
  5.   -p 80:80 -p 81:81 -p 443:443 -p 9876:9876 \
  6.   -v /opt/data/nginx/nginx.conf:/etc/nginx/nginx.conf \
  7.   -v /opt/data/nginx/logs:/data/logs \
  8.   -d -it registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:v2
  10.   // -e 环境变量, 配置数据库
  11.   : docker run \
  12.     --name nginx06 \
  13.   -p 80:80 -p 81:81 -p 443:443 -p 9876:9876 \
  14.   -v /opt/data/nginx/nginx.conf:/etc/nginx/nginx.conf \
  15.   -v /opt/data/nginx/logs:/data/logs \
  16.   -e DB_HOST=rm-bp10h4rjh8q877420lo.mysql.rds.aliyuncs.com \
  17.     -e DB_USER=nginx \
  18.     -e DB_PASS=nginx \
  19.     -e DB_PORT=3306 \
  20.   -d -it registry.cn-hangzhou.aliyuncs.com/thinxz/nginx:v2
  22.   // 
  23.   docker run \
  24.   --name nginx \
  25.   -p 80:80 -p 443:443 -p 81:81 \
  26.   -e DB_HOST=rm-bp10h4rjh8q877420lo.mysql.rds.aliyuncs.com \
  27.   -e DB_USER=nginx \
  28.   -e DB_PASS=nginx \
  29.   -e DB_PORT=3306 \
  30.   -e DB=nginx \
  31.   -d registry.cn-hangzhou.aliyuncs.com/youdt/nginx:v2
  33. // 宿主机端口只能映射一个容器端口, 一个容器端口可以被多个宿主机端口映射
  34. // host:80 -> container:80
  35. // host:80 -> container:80 && host:81 -> container:80
  37. // 需求, nginx 容器监听宿主机80端口, 根据域名不同将80端口数据, 转发给不同业务容器
  39. # 方案一
  40. // host:80 -> container-ngxin:80
  41. // nginx 映射配置 -> ngxin:80 -> (host:50001)
  42. // host:50001 -> container-git:80
  44. # 方案二
  45. // host:80 -> container-ngxin:80
  46. // nginx 映射配置 -> ngxin:80 -> container-git-ip:80
  48. # 删除容器
  49. // docker ps -a
  50. // docker container rm container-id
  52. # 删除镜像
  53. // docker images
  54. // docker image rm image-id

nginx-db.sql

nginx-s.sql

nginx.conf - 初始配置

  1. # run nginx in foreground
  2. daemon off;
  4. user root;
  6. # Set number of worker processes automatically based on number of CPU cores.
  7. worker_processes auto;
  9. # Enables the use of JIT for regular expressions to speed-up their processing.
  10. pcre_jit on;
  12. error_log /data/logs/error.log warn;
  14. # Includes files with directives to load dynamic modules.
  15. include /etc/nginx/modules/*.conf;
  17. events {
  18.     worker_connections  1024;
  19. }
  21. http {
  22.   include                       /etc/nginx/mime.types;
  23.   default_type                  application/octet-stream;
  24.   sendfile                      on;
  25.   server_tokens                 off;
  26.   tcp_nopush                    on;
  27.   tcp_nodelay                   on;
  28.   client_body_temp_path         /tmp/nginx/body 1 2;
  29.   keepalive_timeout             65;
  30.   ssl_prefer_server_ciphers     on;
  31.   gzip                          on;
  32.   proxy_ignore_client_abort     off;
  33.   client_max_body_size          2000m;
  34.   server_names_hash_bucket_size 64;
  35.   proxy_http_version            1.1;
  36.   proxy_set_header              X-Forwarded-Scheme $scheme;
  37.   proxy_set_header              X-Forwarded-For $proxy_add_x_forwarded_for;
  38.   proxy_set_header              Accept-Encoding "";
  39.   proxy_cache                   off;
  40.   proxy_cache_path              /var/lib/nginx/cache/public  levels=1:2 keys_zone=public-cache:30m max_size=192m;
  41.   proxy_cache_path              /var/lib/nginx/cache/private levels=1:2 keys_zone=private-cache:5m max_size=1024m;
  43.   # MISS
  44.   # BYPASS
  45.   # EXPIRED - expired, request was passed to backend
  46.   # UPDATING - expired, stale response was used due to proxy/fastcgi_cache_use_stale updating
  47.   # STALE - expired, stale response was used due to proxy/fastcgi_cache_use_stale
  48.   # HIT
  49.   # - (dash) - request never reached to upstream module. Most likely it was processed at Nginx-level only (e.g. forbidden, redirects, etc) (Ref: Mail Thread
  50.   log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
  51.   log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
  53.   access_log /data/logs/default.log proxy;
  55.   # Dynamically generated resolvers file
  56.   include /etc/nginx/conf.d/include/resolvers.conf;
  58.   # Default upstream scheme
  59.   map $host $forward_scheme {
  60.     default http;
  61.   }
  63.   # Real IP Determination
  64.   # Docker subnet:
  65.   set_real_ip_from 172.0.0.0/8;
  66.   # NPM generated CDN ip ranges:
  67.   include conf.d/include/ip_ranges.conf;
  68.   # always put the following 2 lines after ip subnets:
  69.   real_ip_header X-Forwarded-For;
  70.   real_ip_recursive on;
  72.   # Files generated by NPM
  73.   include /etc/nginx/conf.d/*.conf;
  74.   include /data/nginx/default_host/*.conf;
  75.   include /data/nginx/proxy_host/*.conf;
  76.   include /data/nginx/redirection_host/*.conf;
  77.   include /data/nginx/dead_host/*.conf;
  78.   include /data/nginx/temp/*.conf;
  81.     # config git.thinxz.cn:80 | host -> 172.17.0.1
  82.   server {
  83.       listen 443;
  84.       server_name git.thinxz.cn;
  85.       ssl on;
  86.       #ssl_certificate  cert/2193315__sinoxx.com.pem;
  87.       #ssl_certificate_key cert/2193315__sinoxx.com.key;
  88.       ssl_session_timeout 5m;
  89.       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  90.       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  91.       ssl_prefer_server_ciphers on;
  92.       location / {
  93.         proxy_http_version 1.1;
  94.         proxy_set_header Upgrade $http_upgrade;
  95.         proxy_set_header Connection upgrade;
  96.         proxy_pass http://172.17.0.1:50001/;
  97.       }
  98.   }
  100.   server {
  101.     listen 80;
  102.     server_name git.thinxz.cn;
  103.       location / {
  104.         proxy_pass http://127.0.0.1:50002/;
  105.         proxy_set_header REMOTE-HOST $remote_addr;
  106.         proxy_set_header Host $host;
  107.         proxy_set_header X-Real-IP  $remote_addr;
  108.     }
  109.   }
  111. }
  113. stream {
  114.     # 添加socket转发的代理
  115.     upstream socket_proxy {
  116.         hash $remote_addr consistent;
  117.         # 转发的目的地址和端口
  118.         server 192.168.1.100:9000 weight=5 max_fails=3 fail_timeout=30s;
  119.     }
  121.     # 提供转发的服务,即访问localhost:9001, 会跳转至代理socket_proxy指定的转发地址
  122.     server {
  123.        listen 443;
  124.        proxy_connect_timeout 1s;
  125.        proxy_timeout 3s;
  126.        proxy_pass socket_proxy;
  127.     }
  128. }
  130. stream {
  131.     # Files generated by NPM
  132.     include /data/nginx/stream/*.conf;
  133. }
  136. //
  138. upstream git_pool{
  139.     server 127.0.0.1:8081;
  140. }
  142. server {
  143.     listen 80; #拦截端口
  144.     server_name git.thinxz.cm; #域名配置
  145.     access_log logs/git.log;
  146.     error_log logs/git.error;
  147.     # 将所有请求转发给git_pool池的应用处理
  148.     location / {
  149.         proxy_set_header Host $host;
  150.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  151.         proxy_pass http://git_pool; #如果是ssl更改成https
  152.     }
  153. }
  155. upstream git_pool{
  156.     server 127.0.0.1:8081;
  157. }
  159. server {
  160.     listen 80; #拦截端口
  161.     server_name git.thinxz.cm; #域名配置
  162.     access_log logs/git.log;
  163.     error_log logs/git.error;
  164.     # 将所有请求转发给git_pool池的应用处理
  165.     location / {
  166.         proxy_set_header Host $host;
  167.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  168.         proxy_pass http://git_pool; #如果是ssl更改成https
  169.     }
  170. }

nginx.conf

  1. [nginx.conf]
  3. user thinxzNginx thinxz123456;
  4. worker_processes 2; #设置值和CPU核心数一致
  5. error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别
  6. pid /usr/local/webserver/nginx/nginx.pid;
  7. #Specifies the value for maximum file descriptors that can be opened by this process.
  8. worker_rlimit_nofile 65535;
  9. events
  10. {
  11.   use epoll;
  12.   worker_connections 65535;
  13. }
  14. http
  15. {
  16.   include mime.types;
  17.   default_type application/octet-stream;
  18.   log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
  19.                '$status $body_bytes_sent "$http_referer" '
  20.                '"$http_user_agent" $http_x_forwarded_for';
  22. #charset gb2312;
  24.   server_names_hash_bucket_size 128;
  25.   client_header_buffer_size 32k;
  26.   large_client_header_buffers 4 32k;
  27.   client_max_body_size 8m;
  29.   sendfile on;
  30.   tcp_nopush on;
  31.   keepalive_timeout 60;
  32.   tcp_nodelay on;
  33.   fastcgi_connect_timeout 300;
  34.   fastcgi_send_timeout 300;
  35.   fastcgi_read_timeout 300;
  36.   fastcgi_buffer_size 64k;
  37.   fastcgi_buffers 4 64k;
  38.   fastcgi_busy_buffers_size 128k;
  39.   fastcgi_temp_file_write_size 128k;
  40.   gzip on; 
  41.   gzip_min_length 1k;
  42.   gzip_buffers 4 16k;
  43.   gzip_http_version 1.0;
  44.   gzip_comp_level 2;
  45.   gzip_types text/plain application/x-javascript text/css application/xml;
  46.   gzip_vary on;
  48.   #limit_zone crawler $binary_remote_addr 10m;
  49.  #下面是server虚拟主机的配置
  50.  server
  51.   {
  52.     listen 80;#监听端口
  53.     server_name localhost;#域名
  54.     index index.html index.htm index.php;
  55.     root /usr/local/webserver/nginx/html;#站点目录
  56.       location ~ .*\.(php|php5)?$
  57.     {
  58.       #fastcgi_pass unix:/tmp/php-cgi.sock;
  59.       fastcgi_pass 127.0.0.1:9000;
  60.       fastcgi_index index.php;
  61.       include fastcgi.conf;
  62.     }
  63.     location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
  64.     {
  65.       expires 30d;
  66.   # access_log off;
  67.     }
  68.     location ~ .*\.(js|css)?$
  69.     {
  70.       expires 15d;
  71.    # access_log off;
  72.     }
  73.     access_log off;
  74.   }
  76. }