Alpine-Nginx-定制nginx
nginx-Dockerfile
(base) root@ubuntu:~/test-nginx# cat nginx-Dockerfile
# 第一阶段: 构建阶段
FROM alpine:latest AS build
# 安装构建工具和依赖库
RUN apk update && apk add --no-cache \
build-base \
pcre-dev \
zlib-dev \
gd-dev \
geoip-dev \
openssl-dev \
curl \
git
# 下载并解压 Nginx 源码
RUN curl -LO http://nginx.org/download/nginx-1.27.1.tar.gz \
&& tar -zxvf nginx-1.27.1.tar.gz \
&& rm nginx-1.27.1.tar.gz
# BR算法
RUN git clone https://github.com/google/ngx_brotli.git \
&& cd ngx_brotli \
&& git submodule update --init \
&& cd ..
# 编译 Nginx
RUN cd nginx-1.27.1 && ./configure --prefix=/usr/local/nginx \
--with-http_dav_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_sub_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gunzip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_secure_link_module \
--with-http_image_filter_module \
--with-http_random_index_module \
--with-http_auth_request_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_geoip_module=dynamic \
--with-threads \
--with-pcre \
--with-pcre-jit \
--with-compat \
--with-select_module \
--with-poll_module \
--add-module=../ngx_brotli \
&& make \
&& make install \
&& apk del build-base
# 第二阶段: 生产阶段
FROM alpine:latest
# 安装必要的运行时依赖
RUN apk add --no-cache \
pcre \
zlib \
gd \
geoip \
openssl \
bash \
iproute2 \
procps \
curl
# 复制编译后的 Nginx 和配置
COPY --from=build /usr/local/nginx /usr/local/nginx
COPY nginx.conf /usr/local/nginx/conf/nginx.conf
RUN ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx && mkdir /var/log/nginx -p
# 设置工作目录
WORKDIR /usr/local/nginx
# 暴露端口 80 和 443
EXPOSE 80 443
# 启动 Nginx
CMD ["nginx", "-g", "daemon off;"]nginx.conf
(base) root@ubuntu:~/test-nginx# cat nginx.conf
user nobody;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 65535;
use epoll;
multi_accept on;
}
http {
# 设置CDN服务器的IP地址范围
set_real_ip_from 0.0.0.0/0;
# 使用CDN传递的第一个IP作为真实IP
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include mime.types;
log_format main '{ "@timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"request_method": "$request_method", '
'"uri": "$uri", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"upstream_response_time": "$upstream_response_time", '
'"status": "$status", '
'"upstream_status": "$upstream_status", '
'"request": "$request", '
'"http_referrer": "$http_referer", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"http_user_agent": "$http_user_agent", '
'"host": "$host", '
'"server_port": "$server_port", '
'"upstream_addr": "$upstream_addr", '
'"scheme": "$scheme" }';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 300;
client_header_buffer_size 32k;
open_file_cache max=102400 inactive=60s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
client_header_timeout 60;
client_body_timeout 60;
reset_timedout_connection on;
server_tokens off;
client_max_body_size 1024m;
types_hash_max_size 4096;
gzip on;
gzip_vary on;
gzip_min_length 1k;
gzip_buffers 16 16k;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_temp_path nginx_tmp;
fastcgi_intercept_errors on;
fastcgi_cache_path fastcgi_cache levels=1:2 keys_zone=cache_fastcgi:128m inactive=1d max_size=10g;
#proxy_buffering on;
#proxy_buffers 16 2048k;
#proxy_buffer_size 2048k;
proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off;
brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
include vhosts/*.conf;
server {
listen 80;
return 200;
}
}示例
Last updated