Docker之构建Nginx镜像实现迅速搭建Google反代站点

  • A+
所属分类:Docker  虚拟化/私有云
摘要

在用Docker构建了一个Nginx镜像之后就想是不是干脆来个反代谷歌的镜像?于是就做了。还好这次是在之前Nginx镜像上丰富功能的,没什么坑,感谢CCAV感谢档

镜像用法

自备证书用法
docker run -d --name=google \
-p 80:80 -p 443:443 \
-v 系统上存放ssl证书的目录:/usr/local/nginx/conf/ssl \
-e PROXY_GOOGLE=On \
-e PROXY_SSL_CRT_KEY=On \
-e PROXY_CRT=你的crt名称 \
-e PROXY_KEY=你的key名称 \
-e PROXY_DOMAIN=你的域名 \
benyoo/nginx_build:proxy_google

系统自签证书用法
docker run -d --name=google \
-p 80:80 -p 443:443 \
-e PROXY_GOOGLE=On \
-e PROXY_DOMAIN=你的域名 \
benyoo/nginx_build:proxy_google

Docker之构建Nginx镜像实现迅速搭建Google反代站点

FROM centos:6.7

MAINTAINER from www.dwhd.org by lookback (mondeolove@gmail.com)

RUN yum clean all && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-* && \
yum install -y epel-release && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 && \
yum makecache && \
yum install -y pcre-devel openssl-devel zlib-devel gd-devel tar gcc wget git

RUN groupadd --system www && \
useradd --system --gid www www && \
mkdir -p {/var/log/wwwlogs,/var/run/nginx,/var/lock}

RUN wget -c http://nginx.org/download/nginx-1.9.5.tar.gz && \
git clone https://github.com/cuber/ngx_http_google_filter_module.git && \
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git && \
git clone https://github.com/aperezdc/ngx-fancyindex.git

RUN tar xf nginx-1.9.5.tar.gz && \
cd nginx-1.9.5 && \
./configure --prefix=/usr/local/nginx \
--user=www --group=www \
--error-log-path=/var/log/wwwlogs/error.log \
--http-log-path=/var/log/wwwlogs/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--with-pcre \
--with-ipv6 \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-http_image_filter_module \
--with-http_addition_module \
--http-client-body-temp-path=/usr/local/nginx/client/ \
--http-proxy-temp-path=/usr/local/nginx/proxy/ \
--http-fastcgi-temp-path=/usr/local/nginx/fcgi/ \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/scgi \
--add-module=../ngx_http_google_filter_module \
--add-module=../ngx_http_substitutions_filter_module \
--add-module=../ngx-fancyindex && \
make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && \
rm -rf ../{ngx_http*,ngx-fancyindex,nginx-1.9.5*}

ADD nginx.conf /usr/local/nginx/conf/nginx.conf

ADD run.sh /run.sh
RUN chmod +x /run.sh

VOLUME ["/home/wwwroot", "/usr/local/nginx/conf/ssl", "/usr/local/nginx/conf/vhost"]

EXPOSE 80 443

ENTRYPOINT ["/run.sh"]

CMD ["nginx"]
#!/bin/sh
#########################################################################
# File Name: run.sh
# Author: LookBack
# Email: admin#dwhd.org
# Version:
# Created Time: 2015年11月17日 星期二 10时29分55秒
#########################################################################
PATH=/bin:/usr/local/nginx/sbin:$PATH
Nginx_Install_Dir=/usr/local/nginx

set -e

if [ -n "$TIMEZONE" ]; then
        rm -rf /etc/localtime && \
        ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
fi

if [ "${1:0:1}" = '-' ]; then
        set -- nginx "$@"
fi

if [ -z "$DATA_DIR" ]; then
        DATA_DIR=/home/wwwroot
fi

sed -i "s@/home/wwwroot@$DATA_DIR@" $Nginx_Install_Dir/conf/nginx.conf
mkdir -p ${DATA_DIR}
[ ! -f "$DATA_DIR/index.html" ] && echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />



<h1 style="text-align:center;">
                <span style="line-height:1.5;"><span style="color:#337FE5;">Hello world! This Nginx!</span>
</span><span style="line-height:1.5;color:#E53333;">Welcome to use Docker!</span>
        </h1>


<h1 style="text-align:center;">
                <span style="line-height:1.5;color:#E53333;">^_^┢┦aΡpy&nbsp;</span>
        </h1>





        


' > $DATA_DIR/index.html
chown -R www.www $DATA_DIR

CPU_num=$(awk '/processor/{i++}END{print i}' /proc/cpuinfo)
if [ "$CPU_num" == '2' ];then
    sed -i 's@^worker_processes.*@worker_processes 2;\nworker_cpu_affinity 10 01;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '3' ];then
    sed -i 's@^worker_processes.*@worker_processes 3;\nworker_cpu_affinity 100 010 001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '4' ];then
    sed -i 's@^worker_processes.*@worker_processes 4;\nworker_cpu_affinity 1000 0100 0010 0001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '6' ];then
    sed -i 's@^worker_processes.*@worker_processes 6;\nworker_cpu_affinity 100000 010000 001000 000100 000010 000001;@' $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == '8' ];then
    sed -i 's@^worker_processes.*@worker_processes 8;\nworker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;@' $Nginx_Install_Dir/conf/nginx.conf
else
    echo Google worker_cpu_affinity
fi

if [[ -n "$PROXY_GOOGLE" ]]; then
        [ -f "${Nginx_Install_Dir}/conf/ssl" ] || mkdir -p $Nginx_Install_Dir/conf/ssl
        [ -f "${Nginx_Install_Dir}/conf/vhost" ] || mkdir -p $Nginx_Install_Dir/conf/vhost

        if [ -z "$PROXY_DOMAIN" ]; then
                echo >&2 'error:  missing PROXY_DOMAIN'
                echo >&2 '  Did you forget to add -e PROXY_DOMAIN=... ?'
                exit 1
        fi

        if [ -n "$PROXY_SSL_CRT_KEY" ]; then
                if [ -z "$PROXY_CRT" ]; then
                        echo >&2 'error:  missing PROXY_CRT'
                        echo >&2 '  Did you forget to add -e PROXY_CRT=... ?'
                        exit 1
                fi

                if [ -z "$PROXY_KEY" ]; then
                        echo >&2 'error:  missing PROXY_KEY'
                        echo >&2 '  Did you forget to add -e PROXY_KEY=... ?'
                        exit 1
                fi

                if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_CRT}" ]; then
                        echo >&2 'error:  missing PROXY_CRT'
                        echo >&2 "  You need to put ${PROXY_CRT} in ssl directory"
                        exit 1
                fi

                if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_KEY}" ]; then
                        echo >&2 'error:  missing PROXY_CSR'
                        echo >&2 "  You need to put ${PROXY_KEY} in ssl directory"
                        exit 1
                fi
        else
                openssl req -new -newkey rsa:2048 -nodes \
                        -out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
                        -keyout $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
                        -subj "/C=CN/ST=Shanghai/L=Pudong/O=Legion/OU=DevOps/CN=$PROXY_DOMAIN/emailAddress=admin@dwhd.org"
                openssl x509 -req -days 365 -in $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
                        -signkey $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
                        -out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.crt

                rm -rf $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr

                PROXY_KEY=${PROXY_DOMAIN}.key
                PROXY_CRT=${PROXY_DOMAIN}.crt
        fi

        #sed -i '57,87d' $Nginx_Install_Dir/conf/nginx.conf
        cat > ${Nginx_Install_Dir}/conf/vhost/google.conf << EOF
server {
        listen 80;
        server_name $PROXY_DOMAIN;
        return 301 https://$PROXY_DOMAIN\$request_uri;
}

server {
        listen 443 ssl;
        server_name $PROXY_DOMAIN;

        ssl on;
        ssl_certificate ssl/${PROXY_CRT};
        ssl_certificate_key ssl/${PROXY_KEY};
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
        keepalive_timeout 70;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        resolver 8.8.8.8;
        location / {
                google on;
                google_scholar on;
                google_language zh-CN;
                google_robots_allow on;
        }
}
EOF
        #mv ${Nginx_Install_Dir}/vhost/{google.conf.stop,google.conf}
fi

exec "$@" -g "daemon off;"
user www www;
worker_processes auto;

error_log /var/log/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections 51200;
}

http {
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 120;
    server_tokens off;
    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    #Gzip Compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
    text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
    text/javascript application/javascript application/x-javascript
    text/x-json application/json application/x-web-app-manifest+json
    text/css text/plain text/x-component
    font/opentype application/x-font-ttf application/vnd.ms-fontobject
    image/x-icon;
    gzip_disable  "msie6";

    #If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    server {
        listen 80;
        server_name -;
        root /home/wwwroot;
        index index.html index.php index.jsp;
        access_log /var/log/wwwlogs/access_nginx.log combined;

        location /status {
            stub_status on;
            auth_basic "WebServer Status";
        }

#        location ~ .*\.(php|php5)?$ {
#            #fastcgi_pass remote_php_ip:9000;
#            fastcgi_pass unix:/dev/shm/php-cgi.sock;
#            fastcgi_index index.php;
#            include fastcgi.conf;
#        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
            expires 30d;
        }

        location ~ .*\.(js|css)?$ {
            expires 7d;
        }
    }

##########################vhost#####################################
    include vhost/*.conf;
}
lookback

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: