docker Nginx 配置 Https 服务 负载均衡 反向代理项目(隐藏项目名) 并 解决容器时间与主机不一致问题

下载配置nginx docker 容器请参考: docker 安装 nginx 并配置反向代理

在nginx docker 容器映射的 /root/nginx目录下创建 cert 目录

mkdir -p /root/nginx/cert

将https证书上传到 /root/nginx/cert 目录下

编辑进入 /root/nginx/conf 目录 编辑 nginx.conf 配置文件

代码里已经写了注释,请仔细观看,根据实际情况修改

关于 nginx 更多负载均衡配置 请看: Nginx服务器之负载均衡策略（6种）

user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; client_max_body_size 100m; upstream tomcat { # 可以在此处添加多个 server 达到负载均衡配置 weight为权重 # max_fails=2 fail_timeout=30s 表明后端节点30秒内出现2次不可用情况，判定节点不可用 # 判定不可用后10秒内请求不会转发到此节点，直到30秒后重新检测节点健康情况 server XX.XX.XXX.XXX:8080 weight=10 max_fails=2 fail_timeout=30s; # 服务器1 ip地址 server XX.XX.XXX.XXX:8080 weight=10 max_fails=2 fail_timeout=30s; # 服务器2 ip地址 } server{ listen 80; charset utf-8; server_name www.XXXX.cn; # 需要代理的ip或域名 # 配置代理路径 location /projectName { # 项目名称 proxy_pass https://www.XXXX.cn; } # 对 / 路径转发 location = / { return 301 https://www.XXXX.cn; } } server{ listen 443 ssl; charset utf-8; server_name www.XXXX.cn; ssl on; ssl_certificate /etc/nginx/cert/2646121_www.XXXX.cn.pem; # https 证书 ssl_certificate_key /etc/nginx/cert/2646121_www.XXXX.cn.key; # https 证书 ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /projectName { # 项目名称 proxy_pass http://tomcat; } location = / { return 302 /projectName; # 项目名称 } } }

构建docker nginx 容器命令

docker run -p 80:80 --name nginx-web -p 443:443 -v /root/nginx/cert:/etc/nginx/cert -v /root/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /root/nginx/html:/usr/share/nginx/html -v /root/nginx/log:/var/log/nginx -v /etc/localtime:/etc/localtime:ro -d nginx

增加了证书路径 -v /root/nginx/cert:/etc/nginx/cert 目录映射

增加主机本机时间文件映射 -v /etc/localtime:/etc/localtime:ro

增加了 443 端口配置

原文链接：https://blog.csdn.net/weixin_40461281/article/details/99549383