version: "3.8"
networks:
vRouter:
external: true
services:
web:
image: nginx:1.19.10
container_name: nginx
restart: always
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./conf.d:/etc/nginx/conf.d
- ./html/:/usr/share/nginx/html
- ./log:/var/log/nginx
- /opt/docker/acme.sh/out:/etc/nginx/conf.d/ssl
ports:
- 80:80
- 443:443
networks:
vRouter:
aliases:
- nginx.server
deploy:
resources:
limits:
memory: 256M
注意:
vRouter
/opt/docker/acme.sh/out:/etc/nginx/conf.d/ssl
tree -a ./
./
├── conf.d #nginx 自定义配置映射目录
│ ├── default.conf #存放一些通用配置
│ ├── ssl #存放ssl证书目录(可选)
│ └── xx.com.conf #自定义配置
├── docker-compose.yml #docker-compose配置文件
├── html #html部署目录(可选)
├── log #nginx日志映射出来的目录 (启动容器后自动创建)
│ ├── access.log #nginx 访问日志 (启动容器后自动创建)
│ └── error.log #nginx 错误日志 (启动容器后自动创建)
├── nginx.conf #nginx.conf配置,通过映射进去方便更改某些配置
└── nginx.conf.default #nginx.conf.default 配置模板默认
注意:nginx.conf 不允许放在conf.d目录,否则启动报错
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
client_max_body_size 50m; #文件大小限制,默认1m
server {
listen 80;
server_name localhost;
return 403;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate conf.d/ssl/*.xx.com_ecc/fullchain.cer;
ssl_certificate_key conf.d/ssl/*.xx.com_ecc/*.xx.com.key;
return 403;
}
说明:
参考代理后端项目配置
server {
listen 443 ssl;
server_name www.xx.com;
#ssl
ssl_certificate conf.d/ssl/*.xx.com_ecc/fullchain.cer;
ssl_certificate_key conf.d/ssl/*.xx.com_ecc/*.xx.com.key;
location / {
# 真实IP转发 (非默认端口需要添加$server_port)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://your-proxy-server:8080/;
}
}
同一个vRouter网络的容器,可以通过容器名或容器定义的网络名进行内部访问。
参考代理前端项目配置
server {
listen 443 ssl;
server_name vue-web.xx.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
ssl_certificate conf.d/ssl/xx.com_bundle.crt;
ssl_certificate_key conf.d/ssl/xx.com.key;
gzip on;
gzip_http_version 1.1;
gzip_static on;
gzip_min_length 1;
gzip_comp_level 4;
gzip_vary on;
gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
location / {
root /usr/share/nginx/html/vue-web;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
部署脚本参考deploy.sh
#!/bin/sh
work_path=$(dirname $0)
cd ${work_path}
work_path=$(pwd)
echo $work_path
docker-compose --compatibility build;docker-compose --compatibility down;docker-compose --compatibility up -d;docker image prune -f
https://www.leftso.com/article/2411211109465938.html