Nginx container Tutorial
Tencent college classroom thanks NEXT sponsored site, Tencent official front-end learning courses free trial
Before the Spring Festival, I saw Nginx join the server push functionality HTTP / 2, you want to try.
Just these days, I am learning Docker , I thought I could use Nginx container . In case where change mess, direct delete, and then restart a container on it.
Here is the process I set up Nginx containers, as well as how to join SSL certificate. You will see new features Docker used to test the software, it is really easy, it is worth learning. If you do not Docker, you can look at the "Docker Guide" is very simple, within half an hour you can learn.
A, HTTP service
Nginx's biggest role is to build a Web Server. With container, as long as the line of command, the server set up well, no need to configure.
$ docker container run \ -d \ -p 127.0.0.2:8080:80 \ --rm \ --name mynginx \ nginx
Download and run the above command official Nginx Image , the default is the latest version (latest), is currently 1.13.9. If the unit is installed over the previous version, please reinstall deleted, because only 1.13.9 began to support server push.
The respective meanings given above parameters command is as follows.
-d: Running in the background-p: Container80port mapping to127.0.0.2:8080--rm: After the container is stopped automatically delete the container file--name: The name of the vesselmynginx
If there is no error, you can open a browser to access 127.0.0.2:8080. Under normal circumstances, the display Nginx welcome page.
Then, this vessel is terminated, due to the --rmeffect parameters, container files are automatically deleted.
$ docker container stop mynginx
Second, the mapping web directory
Web page files are in containers, can not be modified directly, obviously inconvenient. The next step is to make the web directory where the file /usr/share/nginx/htmlmapped to the local.
First, create a directory, and enter the directory.
$ mkdir nginx-docker-demo $ cd nginx-docker-demo
Then, create a new htmlsubdirectory.
$ mkdir html
In this subdirectory, place a index.htmlfile, as follows.
<h1>Hello World</h1>
Then, we can put this subdirectory htmlis mapped to the document root container /usr/share/nginx/html.
$ docker container run \ -d \ -p 127.0.0.2:8080:80 \ --rm \ --name mynginx \ --volume "$PWD/html":/usr/share/nginx/html \ nginx
Open your browser and visit 127.0.0.2:8080, should be able to see the Hello World.
Third, copy the configuration
Modify the page file, but had to modify Nginx configuration file, otherwise it can not later add SSL support.
First, the copy inside the container Nginx profile locally.
$ docker container cp mynginx:/etc/nginx .
The above command meaning that the mynginxcontainer is /etc/nginxcopied to the current directory. Do not miss that last point.
After execution, the current directory should be more than a nginxsubdirectory. Then, this subdirectory renamed conf.
$ mv nginx conf
The container can now be terminated.
$ docker container stop mynginx
Fourth, the mapping configuration directory
Restart a new container, this time not only mapping the page directory, but also mapping configuration directory.
$ docker container run \ --rm \ --name mynginx \ --volume "$PWD/html":/usr/share/nginx/html \ --volume "$PWD/conf":/etc/nginx \ -p 127.0.0.2:8080:80 \ -d \ nginx
In the above code, --volume "$PWD/conf":/etc/nginxit represents the configuration directory container /etc/nginx, is mapped to a local confsubdirectory.
Browser access 127.0.0.2:8080, if we can see the page, it means that the local configuration into effect. In this case, the termination of this vessel.
$ docker container stop mynginx
Fifth, self-signed certificate
HTTPS support is now added to the container, the first thing is to generate private key and certificate. Formal certificate requires signing certificate authorities (CA), here it is to test out a self-signed (self-signed) certificate on it.
下面,我参考的是 DigitalOcean 的教程。首先,确定你的机器安装了 OpenSSL,然后执行下面的命令。
$ sudo openssl req \ -x509 \ -nodes \ -days 365 \ -newkey rsa:2048 \ -keyout example.key \ -out example.crt
上面命令的各个参数含义如下。
req:处理证书签署请求。-x509:生成自签名证书。-nodes:跳过为证书设置密码的阶段,这样 Nginx 才可以直接打开证书。-days 365:证书有效期为一年。-newkey rsa:2048:生成一个新的私钥,采用的算法是2048位的 RSA。-keyout:新生成的私钥文件为当前目录下的example.key。-out:新生成的证书文件为当前目录下的example.crt。
执行后,命令行会跳出一堆问题要你回答,比如你在哪个国家、你的 Email 等等。
其中最重要的一个问题是 Common Name,正常情况下应该填入一个域名,这里可以填 127.0.0.2。
Common Name (e.g. server FQDN or YOUR name) []:127.0.0.2
回答完问题,当前目录应该会多出两个文件:example.key和example.crt。
conf目录下新建一个子目录certs,把这两个文件放入这个子目录。
$ mkdir conf/certs $ mv example.crt example.key conf/certs
六、HTTPS 配置
有了私钥和证书,就可以打开 Nginx 的 HTTPS 了。
首先,打开conf/conf.d/default.conf文件,在结尾添加下面的配置。
server { listen 443 ssl http2; server_name localhost; ssl on; ssl_certificate /etc/nginx/certs/example.crt; ssl_certificate_key /etc/nginx/certs/example.key; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; index index.html index.htm; } }
然后,启动一个新的 Nginx 容器。
$ docker container run \ --rm \ --name mynginx \ --volume "$PWD/html":/usr/share/nginx/html \ --volume "$PWD/conf":/etc/nginx \ -p 127.0.0.2:8080:80 \ -p 127.0.0.2:8081:443 \ -d \ nginx
上面命令中,不仅映射了容器的80端口,还映射了443端口,这是 HTTPS 的专用端口。
打开浏览器,访问 https://127.0.0.2:8081/ 。因为使用了自签名证书,浏览器会提示不安全。不要去管它,选择继续访问,应该就可以看到 Hello World 了。
至此,Nginx 容器的 HTTPS 支持就做好了。有了这个容器,下一篇文章,我就来试验 HTTP/2 的 server push 功能。
七、参考链接
- Tips for deploying nginx(official image) with docker, by Mario Ponticello
- How To Run Nginx in a Docker Container on Ubuntu 14.04, by Thomas Taege
- Official Docker Library docs, by Docker
- How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 16.04, by Justin Ellingwood
(完)