[转帖]Deploying NGINX and NGINX Plus with Docker

deploying,nginx,and,plus,with,docker · 浏览次数 : 0

小编点评

Sure. Here's a summary of the content: **NGINX Plus Dockerfile (Debian 11)** * The Dockerfile uses Docker BuildKit to build an image from scratch. * It specifies the certificate and key for the NGINX Plus license in the Docker build context. * It allows users to create a container named `mynginxplus` based on the image. * To run a container from the image, run `docker run` with the `--name` flag and specify the desired port. **NGINX Plus Dockerfile (Alpine Linux 3.17)** * Similar to the Debian 11 image, but uses Alpine Linux 3.17 as the base image. * It also uses Docker BuildKit and specifies the certificate and key for the NGINX Plus license. * It allows users to create a container named `mynginxplus` based on the image. **Key Points** * The Dockerfiles provide instructions for building NGINX Plus images for both Debian 11 and Alpine Linux 3.17. * They use Docker BuildKit to ensure the latest version of NGINX Plus is installed. * The certificate and key are specified in the Docker build context, eliminating the need to expose them in the Docker image. * The resulting images are designed to be easily deployed in a Kubernetes environment.

正文

Editor – The NGINX Plus Dockerfiles for Debian and Alpine Linux were updated in December 2022 to correspond to the latest NGINX Plus release and versions of those operating system distributions. The Dockerfiles and instructions use Docker secrets to pass license information when building an NGINX Plus image.

Docker is an open platform for building, shipping, and running distributed applications as containers (lightweight, standalone, executable packages of software that include everything needed to run an application). Containers can in turn be deployed and orchestrated by container orchestration platforms such as Kubernetes. (In addition to the Docker container technology discussed in this blog, NGINX provides F5 NGINX Ingress Controller in NGINX Open Source‑based and NGINX Plus-based versions; for NGINX Plus subscribers, support is included at no extra cost.)

As software applications, NGINX Open Source and F5 NGINX Plus are great use cases for Docker, and we publish an NGINX Open Source image on Docker Hub, the repository of Docker images. This post explains how to:

Introduction

The Docker open platform includes the Docker Engine – the open source runtime that builds, runs, and orchestrates containers – and Docker Hub, a hosted service where Dockerized applications are distributed, shared, and collaborated on by the entire development community or within the confines of a specific organization.

Docker containers enable developers to focus their efforts on application “content” by separating applications from the constraints of infrastructure. Dockerized applications are instantly portable to any infrastructure – laptop, bare‑metal server, VM, or cloud – making them modular components that can be readily assembled and reassembled into fully featured distributed applications and continuously innovated on in real time.

For more information about Docker, see Why Docker? or the full Docker documentation.

Using the NGINX Open Source Docker Image

You can create an NGINX instance in a Docker container using the NGINX Open Source image from Docker Hub.

Let’s start with a very simple example. To launch an instance of NGINX running in a container and using the default NGINX configuration, run this command:

# docker run --name mynginx1 -p 80:80 -d nginx
fcd1fb01b14557c7c9d991238f2558ae2704d129cf9fb97bb4fadf673a58580d

This command creates a container named mynginx1 based on the NGINX image. The command returns the long form of the container ID, which is used in the name of log files; see Managing Logging.

The -p option tells Docker to map the port exposed in the container by the NGINX image – port 80 – to the specified port on the Docker host. The first parameter specifies the port in the Docker host, while the second parameter is mapped to the port exposed in the container.

The -d option specifies that the container runs in detached mode, which means that it continues to run until stopped but does not respond to commands run on the command line. In the next section we explain how to interact with the container.

To verify that the container was created and is running, and to see the port mappings, we run docker ps. (We’ve split the output across multiple lines here to make it easier to read.)

# docker ps
CONTAINER ID IMAGE        COMMAND              CREATED        ...  
fcd1fb01b145 nginx:latest "nginx -g 'daemon of 16 seconds ago ... 

    ... STATUS          PORTS                NAMES
    ... Up 15 seconds   0.0.0.0:80->80/tcp   mynginx1

The PORTS field in the output reports that port 80 on the Docker host is mapped to port 80 in the container. Another way to verify that NGINX is running is to make an HTTP request to that port. The code for the default NGINX welcome page appears:

# curl http://localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
 body {
 width: 35em;
 margin: 0 auto;
 font-family: Tahoma, Verdana, Arial, sans-serif;
 }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully 
installed and working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="https://www.nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Working with the NGINX Docker Container

So now we have a working NGINX Docker container, but how do we manage the content and the NGINX configuration? And what about logging?

A Note About SSH

It is common to enable SSH access to NGINX instances, but the NGINX image does not have OpenSSH installed, because Docker containers are generally intended to be for a single purpose (in this case running NGINX). Instead we’ll use other methods supported by Docker.

As an alternative to the commands in Managing Content and Configuration Files below, you can run the following command to open an interactive shell to a running NGINX container (instead of starting an SSH session). However, we recommend this only for advanced users.

  • On Alpine Linux systems:

    # docker exec -it <NGINX_container_ID> sh
  • On Debian systems:

    # docker exec -it <NGINX_container_ID> bash

Managing Content and Configuration Files

There are several ways you can manage both the content served by NGINX and the NGINX configuration files. Here we cover a few of the options.

Option 1 – Maintain the Content and Configuration on the Docker Host

When the container is created we can tell Docker to mount a local directory on the Docker host to a directory in the container. The NGINX image uses the default NGINX configuration, which uses /usr/share/nginx/html as the container’s root directory and puts configuration files in /etc/nginx. For a Docker host with content in the local directory /var/www and configuration files in /var/nginx/conf, run this command (which appears on multiple lines here only for legibility):

# docker run --name mynginx2 --mount type=bind source=/var/www,target=/usr/share/nginx/html,readonly --mount type=bind,source=/var/nginx/conf,target=/etc/nginx/conf,readonly -p 80:80 -d nginx

Now any change made to the files in the local directories /var/www and /var/nginx/conf on the Docker host are reflected in the directories /usr/share/nginx/html and /etc/nginx in the container. The readonly option means these directories can be changed only on the Docker host, not from within the container.

Option 2 – Copy Files from the Docker Host

Another option is to have Docker copy the content and configuration files from a local directory on the Docker host during container creation. Once a container is created, the files are maintained by creating a new container when files change or by modifying the files in the container. A simple way to copy the files is to create a Dockerfile with commands that are run during generation of a new Docker image based on the NGINX image from Docker Hub. For the file‑copy (COPY) commands in the Dockerfile, the local directory path is relative to the build context where the Dockerfile is located.

In our example, the content is in the content directory and the configuration files are in the conf directory, both subdirectories of the directory where the Dockerfile is located. The NGINX image includes default NGINX configuration files named /etc/nginx/nginx.conf and /etc/nginx/conf.d/default.conf. Because we instead want to use the configuration files from the host, we include a RUN command that deletes the default files:

FROM nginx
RUN rm /etc/nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY content /usr/share/nginx/html
COPY conf /etc/nginx

We create our own NGINX image by running the following command from the directory where the Dockerfile is located. Note the period (“.”) at the end of the command. It defines the current directory as the build context, which contains the Dockerfile and the directories to be copied.

# docker build -t mynginx_image1 .

Now we run this command to create a container called mynginx3 based on the mynginx_image1 image:

# docker run --name mynginx3 -p 80:80 -d mynginx_image1

If we want to make changes to the files in the container, we use a helper container as described in Option 3.

Option 3 – Maintain Files in the Container

As mentioned in A Note About SSH, we can’t use SSH to access the NGINX container, so if we want to edit the content or configuration files directly we have to create a helper container that has shell access. For the helper container to have access to the files, we must create a new image that has the proper Docker data volumes defined for the image. Assuming we want to copy files as in Option 2 while also defining volumes, we use the following Dockerfile:

FROM nginx
RUN rm /etc/nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY content /usr/share/nginx/html
COPY conf /etc/nginx
VOLUME /usr/share/nginx/html
VOLUME /etc/nginx

We then create the new NGINX image by running the following command (again note the final period):

# docker build -t mynginx_image2 .

Now we run this command to create an NGINX container (mynginx4) based on the mynginx_image2 image:

# docker run --name mynginx4 -p 80:80 -d mynginx_image2

We then run the following command to start a helper container mynginx4_files that has a shell, enabling us to access the content and configuration directories of the mynginx4 container we just created:

# docker run -i -t --volumes-from mynginx4 --name mynginx4_files debian /bin/bash
root@b1cbbad63dd1:/#

The new mynginx4_files helper container runs in the foreground with a persistent standard input (the -i option) and a tty (the -t option). All volumes defined in mynginx4 are mounted as local directories in the helper container.

The debian argument means that the helper container uses the Debian image from Docker Hub. Because the NGINX image also uses Debian (and all of our examples so far use the NGINX image), it is most efficient to use Debian for the helper container, rather than having Docker load another operating system.

The /bin/bash argument means that the bash shell runs in the helper container, presenting a shell prompt that you can use to modify files as needed.

To start and stop the container, run the following commands:

# docker start mynginx4_files
# docker stop mynginx4_files

To exit the shell but leave the container running, press Ctrl+p followed by Ctrl+q. To regain shell access to a running container, run this command:

# docker attach mynginx4_files

To exit the shell and terminate the container, run the exit command.

Managing Logging

You can configure either default or customized logging.

Using Default Logging

The NGINX image is configured to send the main NGINX access and error logs to the Docker log collector by default. This is done by linking them to stdout and stderr respectively; all messages from both logs are then written to the file /var/lib/docker/containers/<container_ID>/<container_ID>-json.log on the Docker host, where <container_ID> is the long‑form ID returned when you create a container. For the initial container we created in Using the NGINX Open Source Docker Image, for example, it is fcd1fb01b14557c7c9d991238f2558ae2704d129cf9fb97bb4fadf673a58580d.

To retrieve the container ID for an existing container, run this command, where <container_name> is the value set by the --name parameter when the container is created (for the container ID above, for example, it is mynginx1):

# docker inspect --format '{{ .Id }}' <container_name>

Although you can view the logs by opening the <container_ID>-json.log file directly, it is usually easier to run this command:

# docker logs <container_name>

You can use also the Docker Engine API to extract the log messages, by issuing a GET request against the Docker Unix socket. This command returns both the access log (represented by stdout=1) and the error log (stderr=1), but you can request them singly as well:

# curl --unix-socket /var/run/docker-sock http://localhost/containers/<container_name>/logs?stdout=1&stderr=1

To learn about other query parameters, see the Docker Engine API documentation (search for “Get container logs” on that page).

Using Customized Logging

If you want to implement another method of log collection, or if you want to configure logging differently in certain configuration blocks (such as server{} and location{}), define a Docker volume for the directory or directories in which to store the log files in the container, create a helper container to access the log files, and use whatever logging tools you like. To implement this, create a new image that contains the volume or volumes for the logging files.

For example, to configure NGINX to store log files in /var/log/nginx/log, we can start with the Dockerfile from Option 3 and simply add a VOLUME definition for this directory:

FROM nginx
RUN rm /etc/nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY content /usr/share/nginx/html
COPY conf /etc/nginx
VOLUME /var/log/nginx/log

We can then create an image as described above and use it to create an NGINX container and a helper container that have access to the logging directory. The helper container can have any desired logging tools installed.

Controlling NGINX

Since we do not have direct access to the command line of the NGINX container, we cannot use the nginx command to control NGINX. Fortunately we can use signals to control NGINX, and Docker provides the kill command for sending signals to a container.

To reload the NGINX configuration, run this command:

# docker kill -s HUP <container_name>

To restart NGINX, run this command to restart the container:

# docker restart <container_name>

Deploying NGINX Plus with Docker

So far we have discussed Docker for NGINX Open Source, but you can also use it with the commercial product, NGINX Plus. The difference is you first need to create an NGINX Plus image, because as a commercial offering NGINX Plus is not available at Docker Hub. Fortunately, this is quite easy to do.

Note: Never upload your NGINX Plus images to a public repository such as Docker Hub. Doing so violates your license agreement.

Creating a Docker Image of NGINX Plus

To generate an NGINX Plus image, first create a Dockerfile. The examples we provide here use Debian 11 (Bullseye) and Alpine Linux 3.17 as the base Docker images. Before you can create the NGINX Plus Docker image, you have to download your version of the nginx-repo.crt and nginx-repo.key files. NGINX Plus customers can find them at the customer portal; if you are doing a free trial of NGINX Plus, they were provided with your trial package. Copy the files to the directory where the Dockerfile is located (the Docker build context).

As with NGINX Open Source, by default the NGINX Plus access and error logs are linked to the Docker log collector. No volumes are specified, but you can add them if desired, or each Dockerfile can be used to create base images from which you can create new images with volumes specified, as described previously.

We purposely do not specify an NGINX Plus version in the sample Dockerfiles, so that you don’t have to edit the file when you update to a new release of NGINX Plus. We have, however, included commented versions of the relevant instructions for you to uncomment if you want to make the file version‑specific.

Similarly, we’ve included instructions (commented out) that install official dynamic modules for NGINX Plus.

By default, no files are copied from the Docker host as a container is created. You can add COPY definitions to each Dockerfile, or the image you create can be used as the basis for another image as described above.

NGINX Plus Dockerfile (Debian 11)

 

Failed loading gist https://gist.github.com/36e97fc87efb5cf0039978c8e41a34b5.json: timeout

NGINX Plus Dockerfile (Alpine Linux 3.17)

 

Failed loading gist https://gist.github.com/36e97fc87efb5cf0039978c8e41a34b5.json: timeout

Creating the NGINX Plus Image

With the Dockerfile, nginx-repo.crt, and nginx-repo.key files in the same directory, run the following command there to create a Docker image called nginxplus (as before, note the final period):

# DOCKER_BUILDKIT=1 docker build --no-cache -t nginxplus --secret id=nginx-crt,src=</path/to/your/nginx-repo.crt> --secret id=nginx-key,src=</path/to/your/nginx-repo.key> .

The DOCKER_BUILDKIT=1 flag indicates that we are using Docker BuildKit to build the image, as required when including the --secret option which is discussed below.

The --no-cache option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus. If the Dockerfile was previously used to build an image and you omit the --no-cache option, the new image uses the version of NGINX Plus from the Docker cache. (As noted, we purposely do not specify an NGINX Plus version in the Dockerfile so that the file does not need to change at every new release of NGINX Plus.) Omit the --no-cache option if it’s acceptable to use the NGINX Plus version from the previously built image.

The --secret option passes the certificate and key for your NGINX Plus license to the Docker build context without risking exposure of the data or having the data persist between Docker build layers. The values of the id arguments cannot be changed without altering the base Dockerfile, but you need to set the src arguments to the path to your NGINX Plus certificate and key files (the same directory where you are building the Docker image if you followed the previous instructions).

Output like the following from the docker images nginxplus command indicates that the image was created successfully:

# docker images nginxplus
REPOSITORY  TAG     IMAGE ID      CREATED        VIRTUAL SIZE
nginxplus   latest  ef2bf65931cf  6 seconds ago  91.2 MB

To create a container named mynginxplus based on this image, run this command:

# docker run --name mynginxplus -p 80:80 -d nginxplus

You can control and manage NGINX Plus containers in the same way as NGINX Open Source containers.

Summary

NGINX, NGINX Plus, and Docker work extremely well together. Whether you use the NGINX Open Source image from Docker Hub or create your own NGINX Plus image, you can easily spin up new instances of NGINX and NGINX Plus in Docker containers and deploy them in your Kubernetes environment. You can also easily create new Docker images from the base images, making your containers even easier to control and manage. Make sure that all NGINX Plus instances running in your Docker containers are covered by your subscription. For details, please contact the NGINX sales team.

There is much more to Docker than we have been able to cover in this article. For more information, download our free O’Reilly eBook – Container Networking: From Docker to Kubernetes – or check out www.docker.com.

与[转帖]Deploying NGINX and NGINX Plus with Docker相似的内容:

[转帖]Deploying NGINX and NGINX Plus with Docker

https://www.nginx.com/blog/deploying-nginx-nginx-plus-docker-2/ Editor – The NGINX Plus Dockerfiles for Debian and Alpine Linux were updated in Decemb

[转帖]

Linux ubuntu20.04 网络配置(图文教程) 因为我是刚装好的最小系统,所以很多东西都没有,在开始配置之前需要做下准备 环境准备 系统:ubuntu20.04网卡:双网卡 网卡一:供连接互联网使用网卡二:供连接内网使用(看情况,如果一张网卡足够,没必要做第二张网卡) 工具: net-to

[转帖]

https://cloud.tencent.com/developer/article/2168105?areaSource=104001.13&traceId=zcVNsKTUApF9rNJSkcCbB 前言 Redis作为高性能的内存数据库,在大数据量的情况下也会遇到性能瓶颈,日常开发中只有时刻

[转帖]ISV 、OSV、 SIG 概念

ISV 、OSV、 SIG 概念 2022-10-14 12:29530原创大杂烩 本文链接:https://www.cndba.cn/dave/article/108699 1. ISV: Independent Software Vendors “独立软件开发商”,特指专门从事软件的开发、生产、

[转帖]Redis 7 参数 修改 说明

2022-06-16 14:491800原创Redis 本文链接:https://www.cndba.cn/dave/article/108066 在之前的博客我们介绍了Redis 7 的安装和配置,如下: Linux 7.8 平台 Redis 7 安装并配置开机自启动 操作手册https://ww

[转帖]HTTPS中间人攻击原理

https://www.zhihu.com/people/bei-ji-85/posts 背景 前一段时间,公司北京地区上线了一个HTTPS防火墙,用来监听HTTPS流量。防火墙上线之前,邮件通知给管理层,我从我老大那里听说这个事情的时候,说这个有风险,然后意外地发现,很多人原来都不知道HTTPS防

[转帖]关于字节序(大小端)的一点想法

https://www.zhihu.com/people/bei-ji-85/posts 今天在一个技术群里有人问起来了,当时有一些讨论(不完全都是我个人的观点),整理一下: 为什么网络字节序(多数情况下)是大端? 早年设备的缓存很小,先接收高字节能快速的判断报文信息:包长度(需要准备多大缓存)、地

[转帖]awk提取某一行某一列的数据

https://www.jianshu.com/p/dbcb7fe2da56 1、提取文件中第1列数据 awk '{print $1}' filename > out.txt 2、提取前2列的文件 awk `{print $1,$2}' filename > out.txt 3、打印完第一列,然后打

[转帖]awk 中 FS的用法

https://www.cnblogs.com/rohens-hbg/p/5510890.html 在openwrt文件 ar71xx.sh中 查询设备类型时,有这么一句, machine=$(awk 'BEGIN{FS="[ \t]+:[ \t]"} /machine/ {print $2}' /

[转帖]Windows Server 2022 简体中文版、英文版下载 (updated Oct 2022)

https://sysin.org/blog/windows-server-2022/ Windows Server 2022 正式版,2022 年 10 月更新,VLSC Posted by sysin on 2022-10-27 Estimated Reading Time 8 Minutes