docker-compose安装nginx

我来为您介绍如何使用 Docker Compose 安装和配置 Nginx，包括基础部署、常用配置和进阶场景。

一、基础配置

1. 最简单的 Nginx 部署

创建 `docker-compose.yml`：

```yaml
version: '3.8'

services:
nginx:
image: nginx:latest
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./html:/usr/share/nginx/html
- ./nginx.conf:/etc/nginx/nginx.conf:ro
restart: unless-stopped
```

目录结构：

```
project/
├── docker-compose.yml
├── nginx.conf
└── html/
└── index.html
```

2. 启动命令

```bash
# 启动
docker-compose up -d

# 查看状态
docker-compose ps

# 查看日志
docker-compose logs -f nginx

# 停止
docker-compose down

# 重启
docker-compose restart nginx
```

二、常用配置模板

2.1 反向代理配置

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./conf.d:/etc/nginx/conf.d:ro
- ./ssl:/etc/nginx/ssl:ro
- ./logs:/var/log/nginx
depends_on:
- app1
- app2
networks:
- frontend
- backend
restart: always

# 后端应用示例
app1:
image: httpd:alpine
container_name: web1
networks:
- backend

app2:
image: httpd:alpine
container_name: web2
networks:
- backend

networks:
frontend:
driver: bridge
backend:
driver: bridge
```

`nginx.conf` 配置：

```nginx
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 100M;

# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

# 包含其他配置
include /etc/nginx/conf.d/*.conf;
}
```

`conf.d/default.conf` 反向代理配置：

```nginx
server {
listen 80;
server_name localhost;

# 静态文件
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ =404;
}

# 反向代理到 app1
location /api1/ {
proxy_pass http://app1:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

# 反向代理到 app2
location /api2/ {
proxy_pass http://app2:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

# 负载均衡示例
location /load-balance/ {
proxy_pass http://backend_servers;
}
}

# 负载均衡 upstream
upstream backend_servers {
server app1:80 weight=5;
server app2:80 weight=5;
keepalive 32;
}
```

三、HTTPS/SSL 配置

3.1 使用自签名证书

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
- ./html:/usr/share/nginx/html
restart: always
```

生成自签名证书：

```bash
mkdir ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout ssl/nginx.key \
-out ssl/nginx.crt \
-subj "/C=CN/ST=State/L=City/O=Organization/CN=localhost"
```

SSL 配置文件 `conf.d/ssl.conf`：

```nginx
server {
listen 443 ssl http2;
server_name localhost;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

# SSL 安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
root /usr/share/nginx/html;
index index.html;
}
}

# HTTP 重定向到 HTTPS
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
```

3.2 使用 Let's Encrypt（自动续期）

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./conf.d:/etc/nginx/conf.d:ro
- ./certbot/conf:/etc/letsencrypt:ro
- ./certbot/www:/var/www/certbot
- ./html:/usr/share/nginx/html
restart: always

certbot:
image: certbot/certbot
container_name: certbot
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
```

初始化证书脚本 `init-letsencrypt.sh`：

```bash
#!/bin/bash

domains=(example.com www.example.com)
rsa_key_size=4096
data_path="./certbot"
email="your@email.com"

# 创建目录
mkdir -p $data_path/conf $data_path/www

# 获取证书
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
--register-unsafely-without-email \
--agree-tos \
--force-renewal \
-d ${domains[0]} -d ${domains[1]}" certbot
```

四、多站点配置

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./sites:/etc/nginx/sites:ro
- ./html/site1:/var/www/site1
- ./html/site2:/var/www/site2
- ./logs:/var/log/nginx
restart: always
```

`nginx.conf`：

```nginx
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
keepalive_timeout 65;

# 包含所有站点配置
include /etc/nginx/sites/*.conf;
}
```

`sites/site1.conf`：

```nginx
server {
listen 80;
server_name site1.com www.site1.com;
root /var/www/site1;
index index.html;

location / {
try_files $uri $uri/ =404;
}

location /api {
proxy_pass http://backend:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
```

`sites/site2.conf`：

```nginx
server {
listen 80;
server_name site2.com www.site2.com;
root /var/www/site2;
index index.html;

# 启用 Gzip
gzip on;
gzip_types text/css application/javascript;

# 缓存静态资源
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
}
```

五、与 PHP 集成（LNMP）

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
ports:
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./conf.d:/etc/nginx/conf.d:ro
- ./www:/var/www/html:ro
depends_on:
- php
networks:
- web

php:
image: php:8.1-fpm-alpine
volumes:
- ./www:/var/www/html
networks:
- web

mysql:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_DATABASE: mydb
MYSQL_USER: user
MYSQL_PASSWORD: userpass
volumes:
- mysql_data:/var/lib/mysql
networks:
- web

volumes:
mysql_data:

networks:
web:
driver: bridge
```

PHP-FPM 配置 `conf.d/php.conf`：

```nginx
server {
listen 80;
server_name localhost;
root /var/www/html;
index index.php index.html;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
```

六、生产环境优化配置

```yaml
version: '3.8'

services:
nginx:
image: nginx:alpine
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./conf.d:/etc/nginx/conf.d:ro
- ./ssl:/etc/nginx/ssl:ro
- ./html:/usr/share/nginx/html:ro
- nginx_cache:/var/cache/nginx
- ./logs:/var/log/nginx
environment:
- NGINX_HOST=example.com
- NGINX_PORT=80
restart: unless-stopped
deploy:
resources:
limits:
cpus: '1'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s

volumes:
nginx_cache:
```

生产级 `nginx.conf`：

```nginx
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 4096;
use epoll;
multi_accept on;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

# 日志
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';

access_log /var/log/nginx/access.log main buffer=32k flush=5s;

# 性能优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
keepalive_requests 1000;
reset_timedout_connection on;
client_body_timeout 10;
send_timeout 2;

# 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

# 限速和限流
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;

# 缓存配置
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;

include /etc/nginx/conf.d/*.conf;
}
```

七、常用命令速查

```bash
# 启动
docker-compose up -d

# 查看日志
docker-compose logs -f nginx

# 进入容器
docker-compose exec nginx sh

# 测试配置
docker-compose exec nginx nginx -t

# 重载配置（不重启）
docker-compose exec nginx nginx -s reload

# 查看状态
docker-compose ps

# 停止并删除
docker-compose down -v

# 更新镜像
docker-compose pull && docker-compose up -d
```

需要我针对特定场景（如负载均衡、WebSocket 代理、Kubernetes 部署）提供更详细的配置吗？