Nginx 反向代理docker
参考以下示例修改域名,端口号及证书路径.
配置1
nginx
upstream dockername {
server 127.0.0.1:8080; # 端口改为docker容器提供的端口
}
server {
listen 80;
server_name www.yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name www.yourdomain.com;
gzip on;
ssl_certificate /usr/local/nginx/conf/ssl/www.yourdomain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.yourdomain.com.key;
# access_log /var/log/nginx/dockername_access.log combined;
# error_log /var/log/nginx/dockername_error.log;
location / {
proxy_redirect off;
proxy_pass http://dockername;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}配置2
nginx
server
{
listen 80;
#listen [::]:80;
server_name www.yourdomain.com ;
index index.html index.htm index.php default.html default.htm default.php;
#root /home/wwwroot/www.yourdomain.com;
return 301 https://www.yourdomain.com$request_uri;
include enable-php-pathinfo.conf;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:1234;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
#location ~ .*\.(js|css)?$
#{
# expires 12h;
#}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.yourdomain.com ;
index index.html index.htm index.php default.html default.htm default.php;
#root /home/wwwroot/www.yourdomain.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/www.yourdomain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.yourdomain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include enable-php-pathinfo.conf;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:5678;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
#location ~ .*\.(js|css)?$
#{
# expires 12h;
#}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log off;
}