启动命令

docker run -d -p 80:80 --name nginx -v $PWD/nginx.conf:/etc/nginx/nginx.conf -v $PWD/conf.d/:/etc/nginx/conf.d/ -v $PWD/ssl/:/etc/nginx/ssl/ --restart unless-stopped nginx:1.14.2

ssl:目录下放置ssl证书

nginx.conf:全局配置文件

conf.d/www.demo.com.conf:对应域名配置

参考配置:

nginx.conf

user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections 65535;
    multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    charset utf-8;
    server_tokens off;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    reset_timedout_connection on;
    keepalive_timeout 65;
    client_max_body_size 2048m;
    open_file_cache max=65535 inactive=30s;
    open_file_cache_min_uses 3;
    open_file_cache_valid 60s;
    gzip on;
    gzip_min_length 256;
    gzip_types *;

    include /etc/nginx/conf.d/*.conf;

}

conf.d/www.demo.com.conf

server {
    listen 80;
    server_name www.demo.com demo.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.demo.com demo.com;
    ssl_certificate /etc/nginx/ssl/www.demo.com.pem;
    ssl_certificate_key /etc/nginx/ssl/www.demo.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:8060;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

 

分类:

技术点:

相关文章: