Alpine-Nginx-定制nginx

nginx-Dockerfile

(base) root@ubuntu:~/test-nginx# cat nginx-Dockerfile 
# 第一阶段: 构建阶段
FROM alpine:latest AS build

# 安装构建工具和依赖库
RUN apk update && apk add --no-cache \
    build-base \
    pcre-dev \
    zlib-dev \
    gd-dev \
    geoip-dev \
    openssl-dev \
    curl \
    git

# 下载并解压 Nginx 源码
RUN curl -LO http://nginx.org/download/nginx-1.27.1.tar.gz \
    && tar -zxvf nginx-1.27.1.tar.gz \
    && rm nginx-1.27.1.tar.gz

# BR算法
RUN git clone https://github.com/google/ngx_brotli.git \
    && cd ngx_brotli \
    && git submodule update --init \
    && cd ..

# 编译 Nginx
RUN cd nginx-1.27.1 && ./configure --prefix=/usr/local/nginx \
    --with-http_dav_module \
    --with-http_addition_module \
    --with-http_realip_module \
    --with-http_sub_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_gunzip_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --with-http_secure_link_module \
    --with-http_image_filter_module \
    --with-http_random_index_module \
    --with-http_auth_request_module \
    --with-stream \
    --with-stream_realip_module \
    --with-stream_ssl_module \
    --with-stream_ssl_preread_module \
    --with-stream_geoip_module=dynamic \
    --with-threads \
    --with-pcre \
    --with-pcre-jit \
    --with-compat \
    --with-select_module \
    --with-poll_module \
    --add-module=../ngx_brotli \
    && make \
    && make install \
    && apk del build-base

# 第二阶段: 生产阶段
FROM alpine:latest

# 安装必要的运行时依赖
RUN apk add --no-cache \
    pcre \
    zlib \
    gd \
    geoip \
    openssl \
    bash \
    iproute2 \
    procps \
    curl

# 复制编译后的 Nginx 和配置
COPY --from=build /usr/local/nginx /usr/local/nginx
COPY nginx.conf /usr/local/nginx/conf/nginx.conf

RUN ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx && mkdir /var/log/nginx -p

# 设置工作目录
WORKDIR /usr/local/nginx

# 暴露端口 80 和 443
EXPOSE 80 443

# 启动 Nginx
CMD ["nginx", "-g", "daemon off;"]

nginx.conf

(base) root@ubuntu:~/test-nginx# cat nginx.conf 
user  nobody;
worker_processes auto;
pid /run/nginx.pid;


events {
    worker_connections 65535;
    use epoll;
    multi_accept on;
}



http {
    # 设置CDN服务器的IP地址范围
    set_real_ip_from 0.0.0.0/0;
    # 使用CDN传递的第一个IP作为真实IP
    real_ip_header   X-Forwarded-For;
    real_ip_recursive on;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


    include   mime.types;
    log_format main '{ "@timestamp": "$time_iso8601", '
                                 '"remote_addr": "$remote_addr", '
                                 '"request_method": "$request_method", '
                                 '"uri": "$uri", '
                                 '"body_bytes_sent": $body_bytes_sent, '
                                 '"request_time": $request_time, '
                                 '"upstream_response_time": "$upstream_response_time", '
                                 '"status": "$status", '
                                 '"upstream_status": "$upstream_status", '
                                 '"request": "$request", '
                                 '"http_referrer": "$http_referer", '
                                 '"http_x_forwarded_for": "$http_x_forwarded_for", '
                                 '"http_user_agent": "$http_user_agent", '
                                 '"host": "$host", '
                                 '"server_port": "$server_port", '
                                 '"upstream_addr": "$upstream_addr", '
                                 '"scheme": "$scheme" }';


    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   300;
    client_header_buffer_size 32k;
    open_file_cache max=102400 inactive=60s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    client_header_timeout 60;
    client_body_timeout 60;
    reset_timedout_connection on;
    server_tokens off;
    client_max_body_size 1024m;
    types_hash_max_size 4096;
    gzip on;
    gzip_vary  on;
    gzip_min_length  1k;
    gzip_buffers     16 16k;
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
    fastcgi_connect_timeout     600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 64k;
    fastcgi_buffers  4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_temp_path nginx_tmp;
    fastcgi_intercept_errors on;
    fastcgi_cache_path fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g;

    #proxy_buffering on;
    #proxy_buffers 16 2048k;
    #proxy_buffer_size 2048k;


    proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off;


    brotli on;
    brotli_comp_level 6;
    brotli_static on;
    brotli_types application/atom+xml application/javascript application/json application/rss+xml
             application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
             application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
             font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
             image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

    include vhosts/*.conf;
    server {
       listen 80;
       return 200;
    }
}

示例

PreviousAlpine-Nginx NextAlpine-Mysql

Last updated 8 months ago

(base) root@ubuntu:~/test-nginx# cat nginx-Dockerfile # 第一阶段: 构建阶段 FROM alpine:latest AS build # 安装构建工具和依赖库 RUN apk update && apk add --no-cache \ build-base \ pcre-dev \ zlib-dev \ gd-dev \ geoip-dev \ openssl-dev \ curl \ git # 下载并解压 Nginx 源码 RUN curl -LO http://nginx.org/download/nginx-1.27.1.tar.gz \ && tar -zxvf nginx-1.27.1.tar.gz \ && rm nginx-1.27.1.tar.gz # BR算法 RUN git clone https://github.com/google/ngx_brotli.git \ && cd ngx_brotli \ && git submodule update --init \ && cd .. # 编译 Nginx RUN cd nginx-1.27.1 && ./configure --prefix=/usr/local/nginx \ --with-http_dav_module \ --with-http_addition_module \ --with-http_realip_module \ --with-http_sub_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_gunzip_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-http_secure_link_module \ --with-http_image_filter_module \ --with-http_random_index_module \ --with-http_auth_request_module \ --with-stream \ --with-stream_realip_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-stream_geoip_module=dynamic \ --with-threads \ --with-pcre \ --with-pcre-jit \ --with-compat \ --with-select_module \ --with-poll_module \ --add-module=../ngx_brotli \ && make \ && make install \ && apk del build-base # 第二阶段: 生产阶段 FROM alpine:latest # 安装必要的运行时依赖 RUN apk add --no-cache \ pcre \ zlib \ gd \ geoip \ openssl \ bash \ iproute2 \ procps \ curl # 复制编译后的 Nginx 和配置 COPY --from=build /usr/local/nginx /usr/local/nginx COPY nginx.conf /usr/local/nginx/conf/nginx.conf RUN ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx && mkdir /var/log/nginx -p # 设置工作目录 WORKDIR /usr/local/nginx # 暴露端口 80 和 443 EXPOSE 80 443 # 启动 Nginx CMD ["nginx", "-g", "daemon off;"]

(base) root@ubuntu:~/test-nginx# cat nginx.conf user nobody; worker_processes auto; pid /run/nginx.pid; events { worker_connections 65535; use epoll; multi_accept on; } http { # 设置CDN服务器的IP地址范围 set_real_ip_from 0.0.0.0/0; # 使用CDN传递的第一个IP作为真实IP real_ip_header X-Forwarded-For; real_ip_recursive on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; include mime.types; log_format main '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "$remote_addr", ' '"request_method": "$request_method", ' '"uri": "$uri", ' '"body_bytes_sent": $body_bytes_sent, ' '"request_time": $request_time, ' '"upstream_response_time": "$upstream_response_time", ' '"status": "$status", ' '"upstream_status": "$upstream_status", ' '"request": "$request", ' '"http_referrer": "$http_referer", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"http_user_agent": "$http_user_agent", ' '"host": "$host", ' '"server_port": "$server_port", ' '"upstream_addr": "$upstream_addr", ' '"scheme": "$scheme" }'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 300; client_header_buffer_size 32k; open_file_cache max=102400 inactive=60s; open_file_cache_valid 30s; open_file_cache_min_uses 1; client_header_timeout 60; client_body_timeout 60; reset_timedout_connection on; server_tokens off; client_max_body_size 1024m; types_hash_max_size 4096; gzip on; gzip_vary on; gzip_min_length 1k; gzip_buffers 16 16k; gzip_http_version 1.1; gzip_comp_level 3; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; fastcgi_connect_timeout 600; fastcgi_send_timeout 600; fastcgi_read_timeout 600; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; fastcgi_temp_path nginx_tmp; fastcgi_intercept_errors on; fastcgi_cache_path fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g; #proxy_buffering on; #proxy_buffers 16 2048k; #proxy_buffer_size 2048k; proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off; brotli on; brotli_comp_level 6; brotli_static on; brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml; include vhosts/*.conf; server { listen 80; return 200; } }