Recently, I want to install a docker on the server that has been eating the putty for more than a year. The result is always unable to find the appropriate yum source. Later, after some Baidu, I know that the original CentOS 8 is going to cool, so many mirror stations have removed the source of CentOS 8.
After some thought, I decided to reinstall the operating system to Centos7.9. Fortunately, there is nothing important on the server, just move the blog home.
After reinstalling the system, the docker installation process went smoothly.
Start installing nginx.
1. Pull the latest Nginx image directly
docker pull nginx
2, create some new directories, nginx container related folder mount to the host, mainly convenient to rewrite the configuration, second is to delete the container, these files will not be lost
mkdir -p /usr/local/nginx/{conf,html,logs,ssl}
3. Start an nginx container to cp some files to the folder created in Step 2
docker run --name nginx -p 80:80 -d nginx
4. Copy the configuration file in the container to the host
Can simply look at the container folder details, by the way, a digression, direct use yum to install nginx – 1.20 x version, nginx directory are in/usr/local/nginx below, but the docker installation directory is the same as the old version nginx.
docker cp a25b9f301349:/etc/nginx/nginx.conf /usr/local/nginx/conf/
docker cp a25b9f301349:/etc/nginx/conf.d /usr/local/nginx/
Copy the code5. Stop the current nginx container and delete it
docker stop a25b9f301349
docker rm a25b9f301349
Copy the code6. Generate a certificate and place it in the SSL directory of the host computer
For details on how to generate a certificate, see acmesh-official/acme.sh.
7. Modify the configuration file
As you can see there are two configuration files, now you just need to modify the default.conf file. The reason can be seen below:
vim conf/nginx.conf
Conf will be loaded whenever it is in the conf.d directory, regardless of whether it is called default.conf
vim conf.d/default.conf
server { listen 80; listen [::]:80; server_name www.telami.cn; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name www.telami.cn; ssl_certificate /etc/nginx/ssl/telami.cn.pem; ssl_certificate_key /etc/nginx/ssl/telami.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }}Copy the code8. Start a new nginx container
docker run \
--name nginx \
-p 443:443 -p 80:80 \
-v /usr/local/nginx/logs:/var/log/nginx \
-v /usr/local/nginx/html:/usr/share/nginx/html \
-v /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/nginx/conf.d:/etc/nginx/conf.d \
-v /usr/local/nginx/ssl:/etc/nginx/ssl/ \
--privileged=true -d --restart=always nginx
Copy the codeA quick explanation:
- -v: indicates the directory to which the host is mounted. The preceding directory is the directory on the host and the following directory is the directory in the container.
- -d: background running.
- –restart=always: When docker is restarted, the container is automatically restarted.
The absolute paths in aul. Conf are all container paths, not host paths. For example, when configuring SSL:
ssl_certificate /etc/nginx/ssl/telami.cn.pem;
ssl_certificate_key /etc/nginx/ssl/telami.cn.key;
Copy the codeOnly when the run – v/usr/local/nginx/SSL: / etc/nginx/SSL /, the directory mount up, let the container can read certificate, if change to this configuration:
ssl_certificate /usr/local/nginx/ssl/telami.cn.pem;
Nginx will not start, it will report an error file cannot be found.
Ok, that’s all for today. See you next time