nginx 镜像制作

Dockerfile 文件内容

FROM centos

COPY nginx.repo /etc/yum.repos.d

RUN yum install -y nginx \
    && yum clean all

CMD ["/usr/sbin/init"]

nginx.repo 文件内容

# nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

由 Dockerfile 文件构建镜像

docker build -t centos76-nginx:latest .

保存镜像到文件

docker save > centos76-nginx.tar centos76-nginx:latest

启动容器 添加端口映射

docker run --privileged=true --name "centos76-nginx" -d -i -t -p 9980:80 centos76-nginx /usr/sbin/init

进入容器

docker exec -i -t centos76-nginx /bin/bash

nginx 配置 https

操作参考

https://help.aliyun.com/document_detail/98728.html?spm=5176.2020520163.cas.18.6ccb56a7XWOYyO

新建目录 cert 放入 https 证书

mkdir /usr/share/nginx/cert

上传 https 证书文件到服务器

scp -P 22 /Users/moonnow/Downloads/1965793_www.moonnow.cn.pem [email protected]:/usr/share/nginx/cert

scp -P 22 /Users/moonnow/Downloads/1965793_www.moonnow.cn.key [email protected]:/usr/share/nginx/cert

配置文件内容

server {
    listen       9420;
    server_name  localhost;

    ssl on;

    ssl_certificate   /usr/share/nginx/cert/1965793_www.moonnow.cn.pem;

    ssl_certificate_key  /usr/share/nginx/cert/1965793_www.moonnow.cn.key;

    ssl_session_timeout 10m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    location / {
        root   /usr/share/nginx/img;
    }
}