nginx容器化部署
# 1.创建挂载目录
mkdir -p /data/nginx/log
1
# 2.准备配置文件
# 2.1 准备证书
内置一份主机IP的证书,如果使用域名方式,使用客户提供的证书文件替换。
ls /data/nginx/*.pem
cert.pem key.pem
1
2
2
# 2.2 准备nginx.conf
如需增减服务,修改server段
cat /data/nginx/nginx.conf
user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2000;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 81 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
server_name _;
access_log /var/log/nginx/test1.access.log;
error_log /var/log/nginx/test1.error.log;
location /healthz {
access_log off;
return 200;
}
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:30005;
}
}
server {
listen 82 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
server_name _;
access_log /var/log/nginx/test2.access.log;
error_log /var/log/nginx/test2.error.log;
location /healthz {
access_log off;
return 200;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:30006;
}
}
# include /etc/nginx/*.conf;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# 3.通过yaml创建
# 3.1 准备yaml文件
cat nginx.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.18.0
ports:
- containerPort: 80
name: nginx
- containerPort: 81
name: test1
- containerPort: 82
name: test2
volumeMounts:
- name: conf
mountPath: /etc/nginx/nginx.conf
- name: cert
mountPath: /etc/nginx/cert.pem
- name: key
mountPath: /etc/nginx/key.pem
- name: log
mountPath: /var/log/nginx
volumes:
- name: conf
hostPath:
path: /data/nginx/nginx.conf
- name: cert
hostPath:
path: /data/nginx/cert.pem
- name: key
hostPath:
path: /data/nginx/key.pem
- name: log
hostPath:
path: /data/nginx/log
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 81
targetPort: 81
name: test1
nodePort: 32081
- port: 82
targetPort: 82
name: test2
nodePort: 32082
type: NodePort
selector:
app: nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# 3.2 执行命令创建
kubectl apply -f nginx.yaml
1
上次更新: 2022/10/08, 16:35:41