2021-09-16 docker + nginx reverse proxy http and tcp

Keywords: Docker Nginx http

Note: considering the strong portability of docker, this running environment is based on docker. If your nginx is directly installed in the host, the path is different from that inside the container, and you can only refer to the content of the configuration file

  • Test environment:
    Operating system: centos 7.9 (GUI desktop version and minimal installation)
    docker version: 19.03.5
    nginx: 1.21.3
  • The following is an introduction to nginx. In the next steps, the following contents will be used as needed. Note that the name and location of the following directory can be modified according to your preferences, but ensure that it matches the configuration file and the path of container mounting
    -p indicates the mapping port (the host port is on the left side of the colon)
    -v indicates the mount directory (the host directory is on the left of the colon)
    -d indicates background operation
docker run --name nginx -p 16379:6379 -p 443:443 -p 80:80 \
 -v /data/nginx/data:/usr/share/nginx/html \
 -v /data/nginx/config/nginx.conf:/etc/nginx/nginx.conf\
 -v /data/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
 -v /data/nginx/logs:/var/log/nginx \
 -v /data/nginx/ssl:/ssl \
 -d nginx:1.21.3

1, Basic environmental preparation

1. Install docker

  • Check the kernel version. It needs to be higher than 3.10 and the system is 64 bit
[root@k8s-master ~]# uname -r
  • Directly use yum install docker to pull the earliest version of docker by default. I personally had problems in use and didn't do too much data search. I chose to install version 19
  • If you have previously installed an old version of docker, you need to uninstall it first
[root@k8s-master ~]# yum remove docker*

2. Download nginx image

  • Pull nginx image
[root@localhost ~]# docker pull nginx
  • View mirror version
[root@localhost ~]# docker image inspect nginx:latest | grep -i version
  • The image label can be replaced to save the image for later use
[root@localhost ~]# docker tag nginx:latest nginx:1.21.3
[root@localhost ~]# docker save -o nginx.tar nginx:1.21.3

2, Application of HTTP to https and https to http

1. nginx reverse proxy single web project

① Prepare profile

  • Create the file default.conf and write the following:
server {
    listen       80; #Indicates port 80 listening to the nginx container
    server_name  localhost; #Fill in the host name or domain name
    location / {
        proxy_pass http://192.168.1.1:8080; # The proxy intranet host IP and 8080 port number are required
    }
}

② Create container

  • Put default.conf into the host storage directory, Host Directory: / data/nginx/config/conf.d/
  • Corresponding container Directory: / etc/nginx/conf.d/
  • You must prepare the file before you create the container
[root@localhost ~]# docker run --name nginx -p 80:80 \
 -v /data/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
 -d nginx:1.21.3
  • After the container is started, enter the IP address of the host with nginx in the browser to jump to the proxy web project

2. nginx installs ssl Certificate (external https to internal http, http to https)

① Prepare profile

  • First, apply for a certificate in alicloud or other places. I won't repeat it here
  • Create the file default.conf and write the following:
server {
#    listen       80; #Only the certificate function is demonstrated here, and port 80 is not introduced
    listen       443 ssl;
    server_name  localhost; #You can also use your domain name here
#    rewrite ^(.*)$ https://$host$1; # If you need to redirect http to https, try the following
#    return 301 https://$host$request_uri; # If you need to redirect http to https, try the following
    ssl_certificate /ssl/xxx.com.pem; # xxx.com.pem is modified according to the actual situation
    ssl_certificate_key /ssl/xxx.com.key; # xxx.com.key is modified according to the actual situation
    ssl_session_timeout 5m;
    # Specifies that the password is in a format supported by openssl
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;  #Server passwords that rely on SSLv3 and TLSv1 protocols will take precedence over client passwords
    
    location / {
        proxy_pass http://192.168.1.1:8080; # The intranet host IP and 8080 port number that need to be proxy are adjusted according to actual needs
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

② Create container

  • Put default.conf into the host storage directory, Host Directory: / data/nginx/config/conf.d/
  • Put the certificate into the directory of host storage, Host Directory: / data/nginx/ssl/
docker run --name nginx -p 443:443 -p 80:80 \
 -v /data/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
 -v /data/nginx/ssl:/ssl \
 -d nginx:1.21.3

After the container is started, enter "https: / / domain name" in the browser to jump to the proxy web project

3. One nginx proxy for multiple web projects

① Prepare profile

  • First, apply for a certificate in alicloud or other places. I won't repeat it here
  • Create the file default.conf and write the following:
server {
#    listen       80; #Only the certificate function is demonstrated here, and port 80 is not introduced
    listen       443 ssl;
    server_name  1.xxx.com; #Use your first domain name here
#    rewrite ^(.*)$ https://$host$; # if you need to redirect http to https, try the following
#    return 301 https://$host$request_uri; # if you need to redirect http to https, try the following
    ssl_certificate /ssl/xxx.com.pem; # xxx.com.pem is modified according to the actual situation
    ssl_certificate_key /ssl/xxx.com.key; # xxx.com.key is modified according to the actual situation
    ssl_session_timeout 5m;
    # Specifies that the password is in a format supported by openssl
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;  #Server passwords that rely on SSLv3 and TLSv1 protocols will take precedence over client passwords
    
    location / {
        proxy_pass http://192.168.1.1:8080; # the IP address and 8080 port number of the intranet host to be proxy shall be adjusted according to the actual needs
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

# The following is to copy the above content, and then modify the domain name and the intranet host that needs to be represented
server {
    listen       443 ssl;
    server_name  2.xxx.com; #Use your second domain name here
    ssl_certificate /ssl/xxx.com.pem;
    ssl_certificate_key /ssl/xxx.com.key;
    ssl_session_timeout 5m;
    
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_pass http://192.168.1.2:8080;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

② Create container

  • Put default.conf into the host storage directory, Host Directory: / data/nginx/config/conf.d/
  • Put the certificate into the directory of host storage, Host Directory: / data/nginx/ssl/
docker run --name nginx -p 443:443 -p 80:80 \
 -v /data/nginx/config/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
 -v /data/nginx/ssl:/ssl \
 -d nginx:1.21.3

After the container is started, enter "https: / / domain name" in the browser to jump to the proxy web project

3, Use nginx to proxy tcp ports (take redis as an example)

1. Install redis

  • Pull nginx image
[root@localhost ~]# docker pull redis
  • Start redis (only test here, not too much operation. In the production environment, it is recommended to mount the database and configuration file)
[root@localhost ~]# docker run -p 6379:6379 -d redis

2. Modify nginx.conf configuration file

  • Modify nginx.conf and comment out the following line of code (the second part only demonstrates the forwarding function of tcp port, so the content in the configuration file default.conf is discarded. If you need http forwarding, adjust it according to the actual situation)
[root@localhost ~]# vi /data/nginx/config/nginx.conf
# include /etc/nginx/conf.d/*.conf;
  • Add a code snippet at the end of nginx.conf
stream {
    upstream redis {
        server *host IP Address or container address*:6379;
    }
    server {
    listen       6379;
    proxy_connect_timeout 1s;
    proxy_timeout 3s;
    proxy_pass redis;
    }
}

Or add in the following format

stream {
    server {
        listen       6379;
        # If you need to add a certificate, you can add it in this section. Refer to the ssl certificate section above to add it
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass *host IP Address or container address*:6379;
    }
}

3. Start nginx

  • Map the 6379 port of nginx to the 16379 port of the host, and redis through the secondary port later
[root@localhost ~]# docker run --name nginx -p 16379:6379 \
 -v /data/nginx/config/nginx.conf:/etc/nginx/nginx.conf \
 -d nginx:1.21.3

Now you can try to connect through redis's tool software

Posted by brockie99 on Sat, 25 Sep 2021 17:03:13 -0700