docker_nginx反向代理多个容器实例

docker_nginx反向代理多个容器实例, 这里使用的是 qnap 中的 Container Station 跑的docker.
目的: 在使用同一个外网端口(443)的情况下, 通过反向代理 二级域名 到 多个容器的不同端口上. 同时使用 https 加持
例如: a.xx.com -> 实例a:3000, b.xx.com -> 实例a:4000

前置物料

* 阿里云注册的域名, 及其免费证书.
* 公网ip
* docker 实例 , 这里是 gogs, 容器 web 端口是 3000
docker nginx 启动

*
拉个官网镜像. docker pull nginx

*
https 正式丢到 DockerData/nginx/certs 下.

* get到阿里云的免费证书，有效期是一年：参考这里：https://segmentfault.com/a/1190000009220479
<https://segmentfault.com/a/1190000009220479> , 下载 nginx 的证书
*
跑起来, 这里用的是 qnap

*
链接了两个 docker 实例

:gogs:3000
:hexo:4000



*
端口映射, 主要是 443 https端口

443:443
32770:80



*
挂载文件

DockerData/nginx/certs:/certs # 挂载 阿里云 下载的 nginx证书
DockerData/nginx/conf:/etc/nginx/conf.d # 配置文件. 详细配置看这里 反向代理配置
<https://blog.csdn.net/yangxuan0261/article/details/80903878#反向代理配置>

添加配置文件
server { listen 443 ssl; server_name gogs.abc.com; # 阿里云域名 ssl_certificate
/certs/cert_gogs/214816825520979.pem; # 两个证书路径 ssl_certificate_key
/certs/cert_gogs/214816825520979.key; ssl_session_timeout 5m; ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP
$remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gogs:3000; # 代理链接的gogs web端口 } client_max_body_size512M;
access_log /var/log/nginx/gogs.abc.com.log; }


*
run 起来后访问


多域名绑定同一个ip

同一台机子绑定了多个二级域名, 将二级域名的记录值CNAME到主域名即可
参考: https://github.com/chenhw2/aliyun-ddns-cli/issues/10
<https://github.com/chenhw2/aliyun-ddns-cli/issues/10>

hexo docker: https://hub.docker.com/r/ipple1986/hexo/
<https://hub.docker.com/r/ipple1986/hexo/>

gogos 使用 https 及 二级域名 加持

需要修改gogs中修改两个参数, 才能https中显示正确, 并 clone
[server] DOMAIN = gogs.abc.com ROOT_URL = https://gogs.abc.com/
https://gogs.abc.com/yangxuan/ArtRes_ItsCharOld.git
<https://gogs.abc.com/yangxuan/ArtRes_ItsCharOld.git>



开启 gzip

*
nginx代理所有都开启gzip, 修改配置文件 /etc/nginx/nginx.conf
# vi /etc/nginx/nginx.conf # 加入以下配置 ... #gzip on; #启用gzip gzip on;
#需要压缩文件的最小尺寸，单位是B gzip_min_length 1000; #gzip文件缓存大小 gzip_buffers 4 8k; #
4和8之间有个空格的啊 #gzip压缩文件格式，以下涵盖了一般所需的类型 gzip_types text/plain
application/x-javascript text/css application/xml application/javascript
application/json;#gzip压缩等级，数值越高压缩得越狠，也越占资源 gzip_comp_level 3; ...
*
重启nginx

*
打开Chrome查看是否开启成功



相关详细配置

反向代理配置

自定义文件 /etc/nginx/conf.d/my_nginx.conf
# http conf # server { # listen 80; # server_name gogs.abc.com; # access_log
/var/log/nginx/www.abc.access.log main; # error_log
/var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host
$http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header
X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:3000; # }
# } # http redirect to https server { listen 80; server_name abc.com
www.abc.com; rewrite ^(.*) https://$host$1 permanent; } # https conf server {
listen 443 ssl; server_name www.abc.com; ssl_certificate
/certs/cert_www/214597807690979.pem; ssl_certificate_key
/certs/cert_www/214597807690979.key; ssl_session_timeout 5m; ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
root /usr/share/nginx/html; index index.html index.htm; } # location / { #
proxy_redirect off; # proxy_set_header Host $host; # proxy_set_header X-Real-IP
$remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #
proxy_pass http://127.0.0.1; # } client_max_body_size512M; access_log
/var/log/nginx/www.abc.com.log; } server { listen 443 ssl; server_name
gogs.abc.com; ssl_certificate /certs/cert_gogs/214816825520979.pem;
ssl_certificate_key /certs/cert_gogs/214816825520979.key; ssl_session_timeout
5m; ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP
$remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gogs:3000; } client_max_body_size512M; access_log
/var/log/nginx/gogs.abc.com.log; } server { listen 443 ssl; server_name
blog.abc.com; ssl_certificate /certs/cert_blog/214816925260979.pem;
ssl_certificate_key /certs/cert_blog/214816925260979.key; ssl_session_timeout
5m; ssl_ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP
$remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://hexo:4000; } client_max_body_size512M; access_log
/var/log/nginx/blog.abc.com.log; } # server { # listen 80; # server_name
gossh.abc.com; # access_log /var/log/nginx/www.abc.access.log main; # error_log
/var/log/nginx/www.abc.error.log error; # location / { # proxy_set_header Host
$http_host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header
X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://gogs:23522; # }
# }

• « 上一篇：区块链如何解决数据安全问题？
• » 下一篇：云计算是什么意思？云计算管理平台有哪些？