1、
mkdir -p /www/log
mkdir -p /www/html
curl http://mirrors.aliyun.com/repo/Centos-7.repo>repo
http://mirrors.163.com/.help/CentOS7-Base-163.repo
2、vi Dockerfile
FROM centos:7
MAINTAINER huangat
USER root
RUN rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
RUN mv /etc/localtime /etc/localtime.bak&&cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN yum -y update&&yum -y install nginx passwd openssl openssh-server openssh-clients cronie crontabs
RUN sed -i '/session required pam_loginuid.so/c#session required pam_loginuid.so' /etc/pam.d/crond
RUN mkdir -p /var/run/sshd/
RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_ed25519_key
RUN echo "123456" | passwd --stdin root
ADD run.sh /run.sh
ADD nginx_log_cut.sh /nginx_log_cut.sh
ADD nginx.conf /etc/nginx/nginx.conf
RUN chmod 755 /run.sh && chmod 755 /nginx_log_cut.sh
RUN echo "55 23 * * * /bin/sh /nginx_log_cut.sh">>/var/spool/cron/root
EXPOSE 22
EXPOSE 80
EXPOSE 443
CMD ["/run.sh"]
3、vi run.sh
!/bin/bash
/usr/sbin/nginx -c /etc/nginx/nginx.conf
/usr/sbin/crond
/usr/sbin/sshd -D
4、vi nginx.conf
user www www;
worker_processes 4;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000;
error_log /www/log/nginx_error.log crit;
pid /www/nginx.pid;
worker_rlimit_nofile 204800;
events
{
use epoll;
worker_connections 204800;
}
http
{
include mime.types;
default_type application/octet-stream;
charset utf-8;
keepalive_timeout 60;
sendfile on;
log_format main '[remote_user] [request" '
'body_bytes_sent "http_user_agent" "$http_x_forwarded_for"';
access_log /www/log/access.log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 2k;
large_client_header_buffers 4 4k;
client_max_body_size 8m;
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
upstream backend {
ip_hash;
server backend1.example.com weight=5 max_fails=3 fail_timeout=30 max_conns=800;
server backend2.example.com:8080;
server backup1.example.com:8080 backup;
}
server
{
listen 80;
server_name 127.0.0.1;
index index.php index.htm;
root /www/html/;
location / {
proxy_pass http://backend;
proxy_redirect off;
后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数
proxy_connect_timeout 300; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 300; #后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 300; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
location /status
{
stub_status on;
}
location ~ .*/.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
expires 30d;
}
}
}
5、vi nginx_log_cut.sh
!/bin/bash
year=date +%Y
month=date +%m
day=date +%d
logs_backup_path="/www/log/month" #日志存储路径
logs_path="/www/log/" #要切割的日志路径
logs_access="access" #要切割的日志
logs_error="nginx_error"
pid_path="/www/nginx.pid" #nginx的pid
[ -d logs_backup_path
rq=date +%Y%m%d
mv {logs_access}.log {logs_access}_${rq}.log
mv {logs_error}.log {logs_error}_${rq}.log
kill -USR1 $(cat /www/nginx.pid)
5、
docker build -t nginxsshdcron .
6、
docker run -p 8801:80 -p 8843:443 --name nginx01
-v /www:/www
-v /www/log:/www/log
-v /www/html:/www/html
-itd nginxsshdcron