Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to use Docker to build a nginx proxy service that supports https". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use Docker to build a nginx proxy service that supports https.

GitHub address: https://github.com/wll-zhou/nginx_proxy_docker

Nginx is not only a high-performance web server software, but also can be used as forward proxy and reverse proxy, but nginx does not support forward proxy of https. The author searches for existing solutions and integrates the final service into Docker, which can be used directly through docker run.

First of all, let's talk about the implementation of https forward proxy by nginx, which uses the ngx_http_proxy_connect_module module developed by others. For more information, please refer to this article. The focus of this article is to record how to integrate into Docker.

First of all, prepare the working directory.

Mkdir-p nginx/workdir & & cd nginx/workdir

Download the specified nginx version and the corresponding ngx_http_proxy_connect_module module

Wget http://nginx.org/download/nginx-1.17.4.tar.gzgit clone https://github.com/chobits/ngx_http_proxy_connect_module.git nginx_proxy

Return to the nginx directory above and start writing Dockerfile

# basic image, which uses a relatively large centos7. Generally, you use the alpineFROM centos:7# installation base tool RUN yum install-y patch gcc glibc-devel make openssl-devel pcre-devel zlib-devel gd-devel geoip-devel perl-devel# to add nginx user groups and users, which are used to start nginx users, depending on their own situation. There are also RUN groupadd-g 101nginx launched with www\ & & adduser-u 101-d / var/cache/nginx-s / sbin/nologin-g nginx nginx # copy the current workdir directory to / workdirCOPY in the image. / workdir / workdir# change the current directory to / workdirWORKDIR / workdir# install nginx service (add the corresponding ngx_http_proxy_connect_module) # delete the corresponding directory package RUN tar- Zxvf nginx-1.17.4.tar.gz & & cd nginx-1.17.4\ & & patch-p1 < / workdir/nginx_proxy/patch/proxy_connect_rewrite_101504.patch\ &. / configure-- prefix=/etc/nginx-- sbin-path=/usr/sbin/nginx-- modules-path=/usr/lib/nginx/modules-- conf-path=/etc/nginx/nginx.conf-- error-log-path=/var/log/nginx/error Log-- http-log-path=/var/log/nginx/access.log-- pid-path=/var/run/nginx.pid-- lock-path=/var/run/nginx.lock-- http-client-body-temp-path=/var/cache/nginx/client_temp-- http-proxy-temp-path=/var/cache/nginx/proxy_temp-- http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp-- http-uwsgi-temp-path=/var/cache/nginx/ Uwsgi_temp-http-scgi-temp-path=/var/cache/nginx/scgi_temp-user=nginx-group=nginx-with-compat-with-file-aio-with-threads-with-http_addition_module-with-http_auth_request_module-with-http_dav_module-with-http_flv_module-with-http_gunzip_module with-http_gzip_static_module with-http_mp4_module with-http_random_ Index_module-with-http_realip_module-with-http_secure_link_module-with-http_slice_module-with-http_ssl_module-with-http_stub_status_module-with-http_sub_module-with-http_v2_module-with-mail-with-mail_ssl_module-with-stream-with-stream_realip_module-with-stream_ssl_module-with-stream_ssl_preread_module With-cc-opt='-g-O2-fdebug-prefix-map=/data/builder/debuild/nginx-1.17.1/debian/debuild-base/nginx-1.17.1=. -fstack-protector-strong-Wformat-Werror=format-security-Wp,-D_FORTIFY_SOURCE=2-fPIC'-- with-ld-opt='-Wl,-z,relro-Wl,-z,now-Wl,--as-needed-pie'-- add-module=/workdir/nginx_proxy\ & & make & & make install\ & & cd / workdir & & rm-rf / workdir/*# to start the nginx service, please add the following-g daemon off Means to turn off the daemon mode CMD ["nginx", "- g", "daemon off" "]

This is the whole content of Dockerfile, the current working directory structure

.

├── Dockerfile

└── workdir

├── nginx-1.17.4.tar.gz

└── nginx_proxy

The following starts the build image, where-t represents the name of the image, followed by the one. Cannot be left out, indicating the current directory. The whole process will take a certain amount of time, depending on the network condition of the machine.

Docker build-t nginx:proxy_1.17.4.

Build success logo:

Successfully built 5e54788aa240

Successfully tagged nginx:proxy_1.17.4

If you fail, there will be a corresponding prompt, just follow the prompt to solve the problem.

Now that image is generated, docker image ls to see if there is already a nginx:proxy_1.17.4.

Next, you can run it. Of course, you should be ready to correspond to the nginx configuration document. Add the agent configuration to it.

Server {listen 8888; access_log / var/log/nginx/proxy.log; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s Proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / {proxy_pass http://$host; proxy_set_header Host $host;}}

Run the image (the corresponding path and port can be set by yourself)

Docker run-d-p 8888 purl 8888-v / home/www/image/nginx/nginx.conf:/etc/nginx/nginx.conf nginx:proxy_1.17.4

Test whether the agent is available after startup

Curl https://www.geek-share.com-v-x 127.0.0.1 purl 8888

At this point, the integration into docker is complete, then change to another machine, copy the image directly, and then docker run will be fine, which is much more convenient.

The above services can be run directly after they have been released to GitHub,clone. Of course, your own machine must already have docker installed.

Https://github.com/wll-zhou/nginx_proxy_docker

At this point, I believe you have a deeper understanding of "how to use Docker to build a nginx proxy service that supports https". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.