关于本站

关于我

大家好,我叫阿文!真名叫方文俊,现就职于网易杭州研究院云计算技术部从事云计算技术工程师。目前负责网易云公有云和私有云以及内部考拉、游戏客户的相关支持工作。

曾在以下单位任职或兼职:

杭州又拍云科技有限公司

极客学院思科认证讲师。这里是我之前录制的思科 CCNA教程

CSDN — 专家作者

我的标签

  • 无神论者
  • 喜欢历史
  • 曾经ubuntu党,现在转投mac大法
  • 不信中医
  • 无党派人士
  • 无宗教信仰
  • 文科转行做IT
  • 网络工程师

我的座右铭

努力可能没有机会,但是不努力就一定没有机会!

关于本站

本站是运行在docker 容器中的。Dockerfile 配置如下,主要是通过 Dockerfile 去编译构建一个nginx容器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
FROM alpine:3.9

MAINTAINER NGINX Docker Maintainers "hi@awen.me"

WORKDIR /opt

ENV DIR="/opt/nginx/" \
ZLIB="zlib-1.2.11.tar.gz" \
ZLIB_DIR="zlib-1.2.11" \
PCRE="pcre-8.43.tar.gz" \
PCRE_DIR="pcre-8.43" \
OPENSSL="openssl-1.1.1b.tar.gz" \
OPENSSL_DIR="openssl-1.1.1b" \
NGINX="nginx-1.15.9.tar.gz" \
NGINX_DIR="nginx-1.15.9" \
NGX_BROTLI="ngx_brotli"


RUN apk update --no-cache \
&& apk add --no-cache --virtual .build-deps \
gcc \
libc-dev \
make \
openssl-dev \
pcre-dev \
zlib-dev \
perl \
tzdata \
wget \
g++ \
libffi-dev \
bash && \
addgroup -S www && \
adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G www www && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/timezone \
&& mkdir /opt/nginx && \
cd $DIR && \
wget -c -4 http://zlib.net/$ZLIB -O $DIR$ZLIB && \
tar zxvf $ZLIB && \
cd $ZLIB_DIR && \
./configure && \
make && \
make install && \
cd $DIR && \
wget -c -4 https://ftp.pcre.org/pub/pcre/$PCRE -O $DIR$PCRE && \
tar zxvf $PCRE && \
cd $PCRE_DIR && \
./configure && \
make && \
make install && \
cd $DIR && \
wget -c -4 https://www.openssl.org/source/$OPENSSL -O $DIR$OPENSSL && \
tar zxvf $OPENSSL && \
cd $DIR && \
wget -c http://file201503.oss-cn-shanghai.aliyuncs.com/awen/ngx_brotli.tar.gz && \
tar zxvf ngx_brotli.tar.gz && \
wget -c -4 https://nginx.org/download/$NGINX -O $DIR$NGINX && \
tar zxvf $NGINX && \
cd $NGINX_DIR && \
sed -i 's@1015009@10000@g' src/core/nginx.h && \
sed -i 's@"1.15.9"@"1.0"@g' src/core/nginx.h && \
sed -i 's@"nginx/" NGINX_VERSION@"awen/" NGINX_VERSION@g' src/core/nginx.h && \
sed -i 's@"Server: nginx"@"Server: awen"@g' src/http/ngx_http_header_filter_module.c && \
sed -i 's@"<hr><center>nginx</center>"@"<hr><center>awen</center>"@g' src/http/ngx_http_special_response.c && \
./configure --prefix=/usr/local/nginx --user=www --group=www --with-pcre=$DIR$PCRE_DIR --with-http_v2_module --with-http_ssl_module --with-zlib=$DIR$ZLIB_DIR --with-openssl=$DIR$OPENSSL_DIR --add-module=$DIR$NGX_BROTLI && \
make && \
make install && \
rm -rf /usr/local/nginx/conf/vhost && \
mkdir /usr/local/nginx/conf/vhost && \
rm -rf /usr/local/nginx/conf/nginx && \
mkdir /usr/local/nginx/ssl && \
cd $DIR && \
mkdir -p /var/run/sshd && \
mkdir -p /var/log/supervisor && \
mkdir -p /www/www && \
mkdir -p /www/wwwlogs && \
chown -R www:www /www/ && \
rm -rf /opt/

COPY awen.me.rsa.key /usr/local/nginx/ssl/awen.me.rsa.key
COPY awen.me.rsa.cer /usr/local/nginx/ssl/awen.me.rsa.cer
COPY awen.me.ecc.key /usr/local/nginx/ssl/awen.me.ecc.key
COPY awen.me.ecc.cer /usr/local/nginx/ssl/awen.me.ecc.cer
COPY awen.me.conf /usr/local/nginx/conf/vhost
COPY nginx.conf /usr/local/nginx/conf

EXPOSE 80 443
VOLUME ["/www/www","/www/wwwlogs"]

CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]

nginx 配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
user  www www;

worker_processes auto;

error_log /www/wwwlogs/nginx_error.log crit;

pid /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
multi_accept on;
}

http
{
include mime.types;
default_type application/octet-stream;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
#limit_conn_zone $binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens on;
access_log off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'"$status" $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for" "$http_x_real_ip" ';


server {
listen 80 default_server;
server_name _ awen.me *.awen.me ;
if ($request_method !~ ^(GET)$ ) {
return 444;
}
location / {

return 302 https://$host$request_uri;
}
}

include vhost/*.conf;
}

虚拟主机配置文件如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
server {

listen 443 http2 ssl;
server_name www.awen.me awen.me;
index index.html index.htm;
root /www/www;
ssl_certificate /usr/local/nginx/ssl/awen.me.ecc.cer;
ssl_certificate_key /usr/local/nginx/ssl/awen.me.ecc.key;
ssl_certificate /usr/local/nginx/ssl/awen.me.rsa.cer;
ssl_certificate_key /usr/local/nginx/ssl/awen.me.rsa.key;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
ssl_prefer_server_ciphers on;
ssl_early_data on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets on;
resolver 114.114.114.114 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options deny;
add_header X-Content-Type-Options nosniff;
add_header Accept-Ranges bytes;
error_page 404 /404.html;

if ($request_method !~ ^(GET)$ ) {
return 444;
}
location / {
add_header alt-svc 'quic=":443"; ma=2592000; v="44,43,39"';
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location ~ .*\.(js|css)?$
{
expires 30d;
}
location ~ /\.
{
deny all;
}
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
}
access_log /www/wwwlogs/awen.me-$year-$month-$day.log main;
}

证书通过 acme 签发 Let’s Encrypt。

构建完镜像后,执行

1
docker run --restart=always -d  -v /www/www/:/www/www/  -p 80:80 -p 443:443 --name="nginx-hexo-blog" 73

查看nginx 进程

1
2
3
root@aliyun fwj]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4fd2621c3748 8653d98e78bc "/usr/local/nginx/..." 2 days ago Up 2 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-hexo-blog