镜像用法
自备证书用法 docker run -d --name=google \ -p 80:80 -p 443:443 \ -v 系统上存放ssl证书的目录:/usr/local/nginx/conf/ssl \ -e PROXY_GOOGLE=On \ -e PROXY_SSL_CRT_KEY=On \ -e PROXY_CRT=你的crt名称 \ -e PROXY_KEY=你的key名称 \ -e PROXY_DOMAIN=你的域名 \ benyoo/nginx_build:proxy_google 系统自签证书用法 docker run -d --name=google \ -p 80:80 -p 443:443 \ -e PROXY_GOOGLE=On \ -e PROXY_DOMAIN=你的域名 \ benyoo/nginx_build:proxy_google
FROM centos:6.7 MAINTAINER from www.dwhd.org by lookback ([email protected]) RUN yum clean all && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-* && \ yum install -y epel-release && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 && \ yum makecache && \ yum install -y pcre-devel openssl-devel zlib-devel gd-devel tar gcc wget git RUN groupadd --system www && \ useradd --system --gid www www && \ mkdir -p {/var/log/wwwlogs,/var/run/nginx,/var/lock} RUN wget -c http://nginx.org/download/nginx-1.9.5.tar.gz && \ git clone https://github.com/cuber/ngx_http_google_filter_module.git && \ git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git && \ git clone https://github.com/aperezdc/ngx-fancyindex.git RUN tar xf nginx-1.9.5.tar.gz && \ cd nginx-1.9.5 && \ ./configure --prefix=/usr/local/nginx \ --user=www --group=www \ --error-log-path=/var/log/wwwlogs/error.log \ --http-log-path=/var/log/wwwlogs/access.log \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --with-pcre \ --with-ipv6 \ --with-http_ssl_module \ --with-http_flv_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-http_mp4_module \ --with-http_image_filter_module \ --with-http_addition_module \ --http-client-body-temp-path=/usr/local/nginx/client/ \ --http-proxy-temp-path=/usr/local/nginx/proxy/ \ --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ \ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi \ --http-scgi-temp-path=/usr/local/nginx/scgi \ --add-module=../ngx_http_google_filter_module \ --add-module=../ngx_http_substitutions_filter_module \ --add-module=../ngx-fancyindex && \ make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && \ rm -rf ../{ngx_http*,ngx-fancyindex,nginx-1.9.5*} ADD nginx.conf /usr/local/nginx/conf/nginx.conf ADD run.sh /run.sh RUN chmod +x /run.sh VOLUME ["/home/wwwroot", "/usr/local/nginx/conf/ssl", "/usr/local/nginx/conf/vhost"] EXPOSE 80 443 ENTRYPOINT ["/run.sh"] CMD ["nginx"]
#!/bin/sh
#########################################################################
# File Name: run.sh
# Author: LookBack
# Email: admin#dwhd.org
# Version:
# Created Time: 2015年11月17日 星期二 10时29分55秒
#########################################################################
PATH=/bin:/usr/local/nginx/sbin:$PATH
Nginx_Install_Dir=/usr/local/nginx
set -e
if [ -n "$TIMEZONE" ]; then
rm -rf /etc/localtime && \
ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
fi
if [ "${1:0:1}" = '-' ]; then
set -- nginx "$@"
fi
if [ -z "$DATA_DIR" ]; then
DATA_DIR=/home/wwwroot
fi
sed -i "s@/home/wwwroot@$DATA_DIR@" $Nginx_Install_Dir/conf/nginx.conf
mkdir -p ${DATA_DIR}
[ ! -f "$DATA_DIR/index.html" ] && echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<h1 style="text-align:center;">
<span style="line-height:1.5;"><span style="color:#337FE5;">Hello world! This Nginx!</span>
</span><span style="line-height:1.5;color:#E53333;">Welcome to use Docker!</span>
</h1>
<h1 style="text-align:center;">
<span style="line-height:1.5;color:#E53333;">^_^┢┦aΡpy </span>
</h1>
' > $DATA_DIR/index.html
chown -R www.www $DATA_DIR
CPU_num=$(awk '/processor/{i++}END{print i}' /proc/cpuinfo)
if [ "$CPU_num" == '2' ];then
sed -i 's@^worker_processes.*@worker_processes 2;\nworker_cpu_affinity 10 01;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '3' ];then
sed -i 's@^worker_processes.*@worker_processes 3;\nworker_cpu_affinity 100 010 001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '4' ];then
sed -i 's@^worker_processes.*@worker_processes 4;\nworker_cpu_affinity 1000 0100 0010 0001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '6' ];then
sed -i 's@^worker_processes.*@worker_processes 6;\nworker_cpu_affinity 100000 010000 001000 000100 000010 000001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '8' ];then
sed -i 's@^worker_processes.*@worker_processes 8;\nworker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;@' $Nginx_Install_Dir/conf/nginx.conf
else
echo Google worker_cpu_affinity
fi
if [[ -n "$PROXY_GOOGLE" ]]; then
[ -f "${Nginx_Install_Dir}/conf/ssl" ] || mkdir -p $Nginx_Install_Dir/conf/ssl
[ -f "${Nginx_Install_Dir}/conf/vhost" ] || mkdir -p $Nginx_Install_Dir/conf/vhost
if [ -z "$PROXY_DOMAIN" ]; then
echo >&2 'error: missing PROXY_DOMAIN'
echo >&2 ' Did you forget to add -e PROXY_DOMAIN=... ?'
exit 1
fi
if [ -n "$PROXY_SSL_CRT_KEY" ]; then
if [ -z "$PROXY_CRT" ]; then
echo >&2 'error: missing PROXY_CRT'
echo >&2 ' Did you forget to add -e PROXY_CRT=... ?'
exit 1
fi
if [ -z "$PROXY_KEY" ]; then
echo >&2 'error: missing PROXY_KEY'
echo >&2 ' Did you forget to add -e PROXY_KEY=... ?'
exit 1
fi
if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_CRT}" ]; then
echo >&2 'error: missing PROXY_CRT'
echo >&2 " You need to put ${PROXY_CRT} in ssl directory"
exit 1
fi
if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_KEY}" ]; then
echo >&2 'error: missing PROXY_CSR'
echo >&2 " You need to put ${PROXY_KEY} in ssl directory"
exit 1
fi
else
openssl req -new -newkey rsa:2048 -nodes \
-out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
-keyout $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
-subj "/C=CN/ST=Shanghai/L=Pudong/O=Legion/OU=DevOps/CN=$PROXY_DOMAIN/[email protected]"
openssl x509 -req -days 365 -in $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
-signkey $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
-out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.crt
rm -rf $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr
PROXY_KEY=${PROXY_DOMAIN}.key
PROXY_CRT=${PROXY_DOMAIN}.crt
fi
#sed -i '57,87d' $Nginx_Install_Dir/conf/nginx.conf
cat > ${Nginx_Install_Dir}/conf/vhost/google.conf << EOF
server {
listen 80;
server_name $PROXY_DOMAIN;
return 301 https://$PROXY_DOMAIN\$request_uri;
}
server {
listen 443 ssl;
server_name $PROXY_DOMAIN;
ssl on;
ssl_certificate ssl/${PROXY_CRT};
ssl_certificate_key ssl/${PROXY_KEY};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
resolver 8.8.8.8;
location / {
google on;
google_scholar on;
google_language zh-CN;
google_robots_allow on;
}
}
EOF
#mv ${Nginx_Install_Dir}/vhost/{google.conf.stop,google.conf}
fi
exec "$@" -g "daemon off;"
user www www;
worker_processes auto;
error_log /var/log/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "msie6";
#If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
server {
listen 80;
server_name -;
root /home/wwwroot;
index index.html index.php index.jsp;
access_log /var/log/wwwlogs/access_nginx.log combined;
location /status {
stub_status on;
auth_basic "WebServer Status";
}
# location ~ .*\.(php|php5)?$ {
# #fastcgi_pass remote_php_ip:9000;
# fastcgi_pass unix:/dev/shm/php-cgi.sock;
# fastcgi_index index.php;
# include fastcgi.conf;
# }
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 7d;
}
}
##########################vhost#####################################
include vhost/*.conf;
}
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏