Alpine-Nginx-定制nginx

nginx-Dockerfile

(base) root@ubuntu:~/test-nginx# cat nginx-Dockerfile 
# 第一阶段: 构建阶段
FROM alpine:latest AS build

# 安装构建工具和依赖库
RUN apk update && apk add --no-cache \
    build-base \
    pcre-dev \
    zlib-dev \
    gd-dev \
    geoip-dev \
    openssl-dev \
    curl \
    git

# 下载并解压 Nginx 源码
RUN curl -LO http://nginx.org/download/nginx-1.27.1.tar.gz \
    && tar -zxvf nginx-1.27.1.tar.gz \
    && rm nginx-1.27.1.tar.gz

# BR算法
RUN git clone https://github.com/google/ngx_brotli.git \
    && cd ngx_brotli \
    && git submodule update --init \
    && cd ..

# 编译 Nginx
RUN cd nginx-1.27.1 && ./configure --prefix=/usr/local/nginx \
    --with-http_dav_module \
    --with-http_addition_module \
    --with-http_realip_module \
    --with-http_sub_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_gunzip_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --with-http_secure_link_module \
    --with-http_image_filter_module \
    --with-http_random_index_module \
    --with-http_auth_request_module \
    --with-stream \
    --with-stream_realip_module \
    --with-stream_ssl_module \
    --with-stream_ssl_preread_module \
    --with-stream_geoip_module=dynamic \
    --with-threads \
    --with-pcre \
    --with-pcre-jit \
    --with-compat \
    --with-select_module \
    --with-poll_module \
    --add-module=../ngx_brotli \
    && make \
    && make install \
    && apk del build-base

# 第二阶段: 生产阶段
FROM alpine:latest

# 安装必要的运行时依赖
RUN apk add --no-cache \
    pcre \
    zlib \
    gd \
    geoip \
    openssl \
    bash \
    iproute2 \
    procps \
    curl

# 复制编译后的 Nginx 和配置
COPY --from=build /usr/local/nginx /usr/local/nginx
COPY nginx.conf /usr/local/nginx/conf/nginx.conf

RUN ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx && mkdir /var/log/nginx -p

# 设置工作目录
WORKDIR /usr/local/nginx

# 暴露端口 80 和 443
EXPOSE 80 443

# 启动 Nginx
CMD ["nginx", "-g", "daemon off;"]

nginx.conf

(base) root@ubuntu:~/test-nginx# cat nginx.conf 
user  nobody;
worker_processes auto;
pid /run/nginx.pid;


events {
    worker_connections 65535;
    use epoll;
    multi_accept on;
}



http {
    # 设置CDN服务器的IP地址范围
    set_real_ip_from 0.0.0.0/0;
    # 使用CDN传递的第一个IP作为真实IP
    real_ip_header   X-Forwarded-For;
    real_ip_recursive on;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


    include   mime.types;
    log_format main '{ "@timestamp": "$time_iso8601", '
                                 '"remote_addr": "$remote_addr", '
                                 '"request_method": "$request_method", '
                                 '"uri": "$uri", '
                                 '"body_bytes_sent": $body_bytes_sent, '
                                 '"request_time": $request_time, '
                                 '"upstream_response_time": "$upstream_response_time", '
                                 '"status": "$status", '
                                 '"upstream_status": "$upstream_status", '
                                 '"request": "$request", '
                                 '"http_referrer": "$http_referer", '
                                 '"http_x_forwarded_for": "$http_x_forwarded_for", '
                                 '"http_user_agent": "$http_user_agent", '
                                 '"host": "$host", '
                                 '"server_port": "$server_port", '
                                 '"upstream_addr": "$upstream_addr", '
                                 '"scheme": "$scheme" }';


    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   300;
    client_header_buffer_size 32k;
    open_file_cache max=102400 inactive=60s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    client_header_timeout 60;
    client_body_timeout 60;
    reset_timedout_connection on;
    server_tokens off;
    client_max_body_size 1024m;
    types_hash_max_size 4096;
    gzip on;
    gzip_vary  on;
    gzip_min_length  1k;
    gzip_buffers     16 16k;
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
    fastcgi_connect_timeout     600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 64k;
    fastcgi_buffers  4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_temp_path nginx_tmp;
    fastcgi_intercept_errors on;
    fastcgi_cache_path fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g;

    #proxy_buffering on;
    #proxy_buffers 16 2048k;
    #proxy_buffer_size 2048k;


    proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off;


    brotli on;
    brotli_comp_level 6;
    brotli_static on;
    brotli_types application/atom+xml application/javascript application/json application/rss+xml
             application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
             application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
             font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
             image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

    include vhosts/*.conf;
    server {
       listen 80;
       return 200;
    }
}

示例