1、创建目录
  1. mkdir -p /usr/local/nginx/config/conf.d /usr/local/nginx/html /usr/local/nginx/logs /usr/local/nginx/ssl

2、编辑配置文件

进入配置文件目录

cd /usr/local/nginx/

配置 nginx.conf 文件

vi config/nginx.conf

配置内容:

#运行nginx的用户
user  nginx;
#启动进程设置成和CPU数量相等
worker_processes  1;

#全局错误日志及PID文件的位置
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

#工作模式及连接数上限
events {
        #单个后台work进程最大并发数设置为1024
    worker_connections  1024;
}


http {
        #设定mime类型
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

        #设定日志格式
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

        #设置连接超时的事件
    keepalive_timeout  65;

        #开启GZIP压缩
    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

配置 nginx.conf 文件

vi config/conf.d/default.conf

配置内容:

server {
    listen    80;       #侦听80端口,如果强制所有的访问都必须是HTTPs的,这行需要注销掉
    listen    443 ssl;
    server_name  ebc.benwunet.com;             #域名

    # 增加ssl
    #ssl on;        #如果强制HTTPs访问,这行要打开
    ssl_certificate /ssl/ebc.pem;
    ssl_certificate_key /ssl/ebc.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

     # 指定密码为openssl支持的格式
     ssl_protocols  SSLv2 SSLv3 TLSv1.2;

     ssl_ciphers  HIGH:!aNULL:!MD5;  # 密码加密方式
     ssl_prefer_server_ciphers  on;   # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码

     # 定义首页索引目录和名称
     location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
     }

    #重定向错误页面到 /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

配置域名证书

image.png

3、启动 nginx

docker 直接运行

docker run --detach \
        --name ebc-nginx \
        -p 443:443\
        -p 80:80 \
        -v /usr/local/nginx/html:/usr/share/nginx/html:rw\
        -v /usr/local/nginx/config/nginx.conf:/etc/nginx/nginx.conf/:rw\
        -v /usr/local/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf:rw\
        -v /usr/local/nginx/logs:/var/log/nginx/:rw\
        -v /usr/local/nginx/ssl:/ssl/:rw\
        -d nginx

docker-compose 编排

version: '3.7'
services:  
  ebc-nginx:  
    image: nginx
    container_name: nginx
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./html:/usr/share/nginx/html
      - ./config/nginx.conf:/etc/nginx/nginx.conf
      - ./config/conf.d/default.conf:/etc/nginx/conf.d/default.conf
      - ./logs:/var/log/nginx/
      - ./ssl:/ssl/