新建nginx文件夹
1
| mkdir /usr/local/docker/nginx
|
在nginx文件夹创建yml
1 2 3 4 5 6 7 8
| version: '3.1' services: nginx: restart: always image: daocloud.io/library/nginx:latest container_name: nginx ports: - 80:80
|
下面是nginx的配置
exec -it
进入容器
在/etc/nginx
里面有nginx.conf
,这就是nginx
配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
| worker_processes 1:
error_log 巴拉巴拉 pid 巴拉巴拉 # 以上统称为全局块 # worker_processes数值越大,Nginx的并发能力越强 # error_log 错误日志位置
events{ worker_connections 1024 }
# events块 # worker_connections数值越大,Nginx的并发能力越强
http { include /etc/nginx/mine.types;
server { listen 80; server_name localhost;
location / { root /usr/share/nginx/html; index index.html index.htm; } # location块 # root 将接收到的请求数据根据/usr/share/nginx/html去查找静态资源 # index 默认去上述的路径中找到index.html或index.htm } # server块,一般都是通过conf文件引入(最下面的include) # listen 代表Nginx监听的端口号 # localhost 代表Nginx接收请求的ip
include /etc/nginx/conf.d/*.conf }
# http块 # include代表引入了一个外部的文件 -> /mime.types中放着大量的媒体类型
# include /etc/nginx/conf.d/*.conf -> 引入了conf.d目录下以.conf结尾的配置文件
|
nginx目录下就有conf.d
文件
里面有default.conf
,这是nginx
给的示例
要修改nginx的docker-compose
文件,添加数据卷
1 2 3 4 5 6 7 8 9 10
| version: '3.1' services: nginx: restart: always image: daocloud.io/library/nginx:latest container_name: nginx ports: - 80:80 volumes: - ./conf.d:/etc/nginx/conf.d
|
修改完成后直接docker-compose build
重新构建
然后up
,当前目录就有conf.d
打开conf.d
,创建 default.conf
,编写server块
1 2 3 4 5 6 7 8 9
| server{ listen 80; server_name localhost;
location / { root /usr/share/nginx/html; index index.html index.htm; } }
|
然后restart
正向代理和反向代理
1、正向代理服务是由客户端设立的
2、客户端了解代理服务器和目标服务器都是谁
3、帮助我们突破访问权限,提高访问速度,对目标服务器隐藏客户端IP
1、反向代理服务器配置在服务端
2、客户端不知道访问的是哪台服务器
3、能负载均衡,并且可以隐藏服务器真实的IP
反向代理测试
把conf.d里面的default.conf中的location注释
1 2 3 4 5 6 7 8 9 10 11 12
| server{ listen 80; server_name localhost;
location / { proxy_pass http://xxx.xxx.xxx.xxx:8080/; #Tomcat } #location / { # root /usr/share/nginx/html; # index index.html index.htm; #} }
|
Nginx 的 location 路径映射
优先级:(location =) > (location /xxx/ttt/zzz) > (location ^~) > (location ~, ~*) > (location /起始路径) > (location /)
1 2 3 4
| # 1、= location = / { # 精准匹配,主机名后面不能带任何字符串 }
|
1 2 3 4
| # 2、通用匹配 location /xxx { # 匹配所有以/xxx开头的路径 }
|
1 2 3 4
| # 3、正则匹配 location ~ /xxx { # 匹配所有以/xxx开头的路径 }
|
1 2 3 4
| # 4、匹配开头路径 location ^~ /images/ { # 匹配所有以/images开头的路径,注意 / }
|
1 2 3 4
| # 5、匹配结尾路径 location ~* \.(gif|jpg|png)$ { # 匹配以gif或者jpg或者png结尾的路径 }
|
Nginx 负载均衡
1、轮询:轮流着来,平均分配
1 2 3 4 5 6 7 8 9 10 11 12 13
| # 自定义my-server,注意自定义的不要加下划线_ upstream my-server { server xxx.xxx.xxx.xxx:8080; server xxx.xxx.xxx.xxx:8081; } server{ listen 80; server_name localhost;
location / { proxy_pass http://my-server/; } }
|
2、权重:不同服务器可能性能不同,直接使用weight
1 2 3 4 5 6 7 8 9 10 11 12 13
| # 自定义my-server,注意自定义的不要加下划线_ upstream my-server { server xxx.xxx.xxx.xxx:8080 weight 10; server xxx.xxx.xxx.xxx:8081 weight 2; } server{ listen 80; server_name localhost;
location / { proxy_pass http://my-server/; } }
|
3、ip_hash:同一个ip就一直是那个服务器了
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| upstream my-server { # 只需要加上 ip_hash; ip_hash; # 下面有没有weight都没有关系 server xxx.xxx.xxx.xxx:8080; server xxx.xxx.xxx.xxx:8081; } server{ listen 80; server_name localhost;
location / { proxy_pass http://my-server/; } }
|
Nginx 动静分离
1 2 3
| Nginx的并发公式 worker_processes * worker_connections /4 | 2 = Nginx最终的并发能力 动态资源需要 /4,静态资源 /2
|
动态资源:
静态资源:
配置
动态资源:
1 2 3
| location / { proxy_pass 路径; }
|
静态资源:
1 2 3 4 5
| location / { root 静态资源路径; index 默认访问路径下的什么资源 autoindex on; # 代表展示静态资源全部内容,以列表形式 }
|
docker-compose
添加数据卷
1 2 3 4 5 6 7 8 9 10 11 12 13
| version: '3.1' services: nginx: restart: always image: daocloud.io/library/nginx:latest container_name: nginx ports: - 80:80 volumes: - ./conf.d:/etc/nginx/conf.d - ./img/:/data/img - ./html/:/data/html
|
启动。
网页和图片自行添加
修改 default.conf
1 2 3 4 5 6 7 8 9
| location /html { # 这里访问的就是/data/html/目录,html/会拼接到/data/后面 root /data; index index.html; } location /img { root /data; autoindex on; }
|
restart
Nginx集群
一台Nginx会出现单点故障
多台 Nginx:如果一台挂了,但是客户端不知道,还是发送请求到这台上,就会报错
- 解决方法:Nginx 安装 keepalived,keepalived 能监听当前的 Nginx 是否正常
如果 Nginx1 是 99:8080,Nginx2 是 98:8081,客户端要访问哪台呢
- 解决方法:使用 HAProxy,提供一个虚拟的路径,统一的去接收用户的请求
配置
新建 index-master.html
新建 index-slave.html
新建 Dockerfile
1 2 3 4 5 6
| FROM nginx:1.13.5-alpine RUN apk update && upgrade RUN apk add --no-cache bash curl ipvsadm iproute2 openrc keepalived COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh CMD ["/entrypoint.sh"]
|
新建 entrypoint.sh
1 2 3 4 5 6
| #!/bin/sh
/usr/sbin/keepalived -D -f /etc/keepalived/keepalived.conf
nginx -g "daemon off"
|
新建 keepalived-master.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
| vrrp_script chk_nginx { script "pidof nginx" interval 2 } # 上面表示keepalived多久检测一次 vrrp_instance VI_1 { state MASTER # 先接受请求的Nginx interface eth0 # 容器内部网卡名称 virtual_router_id 33 priority 200 # 优先级 advert_int 1 authentication { auth_type PASS auth_pass letmein } virtual_ipaddress { xxx.xxx.xxx.xxx # 虚拟路径 } track_script { chk_nginx } }
|
新建 keepalived-slave.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
| vrrp_script chk_nginx { script "pidof nginx" interval 2 } # 上面表示keepalived多久检测一次 vrrp_instance VI_1 { state BACKUP # 先接受请求的Nginx interface eth0 # 容器内部网卡名称 virtual_router_id 33 priority 100 # 优先级 advert_int 1 authentication { auth_type PASS auth_pass letmein } virtual_ipaddress { xxx.xxx.xxx.xxx # 虚拟路径 } track_script { chk_nginx } }
|
新建 haproxy.cfg
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
| global log 127.0.0.1 local0 maxconn 4096 daemon nbproc 4 defaults log 127.0.0.1 local3 mode http option dontlognull option redispatch retries 2 maxconn 2000 balance roudrobin timeout connect 5000ms timeout client 5000ms timeout server 5000ms frontend main bin *:6301 default_backend webserver backend webserver server nginx_master xxx.xxx.xxx.xxx check inter 2000 rise 2 fall 5
|
新建 docker-compose.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
| version: '3.1' services: nginx_master: build: context: ./ dockerfile: ./Dockerfile ports: - 8081:80 volumes: - ./index-master.html:/usr/share/nginx/html/index.html - ./favicon.ico:/usr/share/nginx/html/favicon.ico - ./keepalived-master.conf:/etc/keepalived/keepalived.conf networks: static-network: ipv4_adress: xxx.xxx.xxx.xxx cap_add: - NET_ADMIN nginx_slave: build: context: ./ dockerfile: ./Dockerfile ports: - 8082:80 volumes: - ./index-slave.html:/usr/share/nginx/html/index.html - ./favicon.ico:/usr/share/nginx/html/favicon.ico - ./keepalived-slave.conf:/etc/keepalived/keepalived.conf networks: static-network: ipv4_adress: xxx.xxx.xxx.xxx cap_add: - NET_ADMIN proxy: image: haproxy:1.7-alpine ports: - 80:6301 volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg networks: - static-network networks: static-network: ipam: config: - subnet: xxx.xxx.xxx.xxx/16
|
直接 up -d
启动。完成