nginx部署以及反向代理多域名实现
1.nginx部署
1.1 编写nginx部署文件 docker-compose.yml
version: '3'
services:
nginx:
restart: always
image: nginx:1.20
container_name: nginx-main
ports:
- 80:80
- 443:443
volumes:
# 基础配置
- /opt/nginx_main/nginx-info/nginx.conf:/etc/nginx/nginx.conf
# 日志文件
- /opt/nginx_main/nginx-info/log:/var/log/nginx
# 配置文件
- /opt/nginx_main/nginx-info/conf.d/default.conf:/etc/nginx/conf.d/default.conf
# 前端网页访问
- /opt/nginx_main/nginx-info/html:/usr/share/nginx/html
# 后期用来创建ssl证书会需要用到
- /opt/nginx_main/nginx-info/ssl:/etc/nginx/ssl
2.2 创建所需文件 根据上面的路径进行创建
直接进入/opt/nginx_main/nginx-info里面创建了
cd /opt/nginx_main/nginx-info
touch nginx.conf
mkdir log
mkdir conf.d
# 进入创建的这个目录
cd conf.d
touch default.conf
cd ..
mkdir html
mkdir ssl
2.3 获取ssl证书
选择域名 然后配置免费ssl证书 证书设置我们需要的域名
然后申请之后稍等一段时间
之后点击下载,下载nginx的证书文件 一个pem,一个key
然后把下载的证书放到上面的 ssl路径 记录好位置即可,步骤 2.5会用到
1.先进入阿里云的数字证书管理服务页面 选择免费证书
2.点击创建证书
之后会出现一条记录 显示待申请
3.配置证书
输入要使用的域名
4.确认完成之后返回,看到有记录了,就点击下载
因为我们用的是nginx代理,所以选择nginx下载
下载解压之后就是我们需要的文件了,一个pem,一个key
2.4 编辑nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# types {
# application/javascript js;
# }
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
2.5 编辑default.conf
# 前端服务代理
server {
listen 80;
listen [::]:80;
# 设置域名
server_name aa.bb.baiding.com;
# 代理域名
return 301 https://aa.bb.baiding.com;
}
server {
listen 443 ssl;
server_name aa.bb.baiding.com;
# 配置ssl证书 2.3 步骤说的证书的位置 详细到指定的文件名
ssl_certificate /etc/nginx/ssl/aa.bb.baiding.com.pem;
ssl_certificate_key /etc/nginx/ssl/aa.bb.baiding.com.key;
# 其他配置
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_cache shared:SSL:1m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
# 代理配置
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 访问路径
root /usr/share/nginx/html/dev;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Access-Control-Allow-Origin * always;
}
}
# 后端服务代理
server {
listen 80;
listen [::]:80;
# 设置域名
server_name api.bb.baiding.com;
# 代理https域名
return 301 https://api.bb.baiding.com;
}
server {
listen 443 ssl;
server_name api.bb.baiding.com;
# 配置ssl证书
ssl_certificate /etc/nginx/ssl/api.bb.baiding.com.pem;
ssl_certificate_key /etc/nginx/ssl/api.bb.baiding.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_cache shared:SSL:1m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
# 路径代理配置
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
# 反向代理的路径
proxy_pass http://111.11.111.123:8081;
}
}
2.6 启动nginx
docker-compose -f docker-compose.yml up -d