下载Nginx镜像

docker pull nginx   下载最新版Nginx镜像 (其实此命令就等同于 : docker pull nginx:latest )
docker pull nginx:xxx   下载指定版本的Nginx镜像 (xxx指具体版本号)

创建Nginx配置文件

启动前需要先创建Nginx外部挂载的配置文件（ /home/nginx/conf/nginx.conf）
之所以要先创建 , 是因为Nginx本身容器只存在/etc/nginx 目录 , 本身就不创建 nginx.conf 文件
当服务器和容器都不存在 nginx.conf 文件时, 执行启动命令的时候 docker会将nginx.conf 作为目录创建 , 这并不是我们想要的结果 。

# 创建挂载目录
mkdir -p /home/nginx/conf
mkdir -p /home/nginx/log
mkdir -p /home/nginx/html

容器中的nginx.conf文件和conf.d文件夹复制到宿主机

# 生成容器
docker run --name nginx -p 9001:80 -d nginx
# 将容器nginx.conf文件复制到宿主机
docker cp nginx:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf
# 将容器conf.d文件夹下内容复制到宿主机
docker cp nginx:/etc/nginx/conf.d /home/nginx/conf/conf.d
# 将容器中的html文件夹复制到宿主机
docker cp nginx:/usr/share/nginx/html /home/nginx/

创建Nginx容器并运行

# 直接执行docker rm nginx或者以容器id方式关闭容器
# 找到nginx对应的容器id
docker ps -a
# 关闭该容器
docker stop nginx
# 删除该容器
docker rm nginx

# 删除正在运行的nginx容器
docker rm -f nginx

docker run \
-p 80:80 \
-p 443:443 \
--name nginx \
--restart always \
-e TZ="Asia/Shanghai" \
-v /mnt/disk0/appdata/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /mnt/disk0/appdata/nginx/conf/conf.d:/etc/nginx/conf.d \
-v /mnt/disk0/appdata/nginx/log:/var/log/nginx \
-v /mnt/disk0/appdata/nginx/html:/usr/share/nginx/html \
-d nginx:latest

nginx.conf

user  nginx;
worker_processes  auto;
pid   /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections  1024;
    # multi_accept on;
}

http {
    ##
    # Basic Settings
    ##
    default_type  application/octet-stream;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffers 4 256k;
        fastcgi_buffer_size 128k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors on;
        send_timeout 60;    


    ##
    # Logging Settings
    ##
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    error_log  /var/log/nginx/error.log notice;

    ##
    #防DDOS攻击
    ##
    ##触发条件，所有访问ip 限制每秒10个请求
    limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
    ##限制IP连接数
    limit_conn_zone $binary_remote_addr zone=addr:10m;


    ##
    # SSL Settings
    ##
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Gzip Settings
    ##
    gzip on;
    #gzip_disable "msie6";
    gzip_min_length  1k;
    gzip_buffers     4 32k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types   text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary on;
    gzip_disable "MSIE [1-6].";

    server_names_hash_bucket_size 128;
    # server_name_in_redirect off;
    client_max_body_size     2000m; 
    client_header_buffer_size 256k;
    large_client_header_buffers 4 256k;

    ##
    # Virtual Host Configs
    ##
    #CloudFlare 节点 for IPv4
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    #CloudFlare 节点 for IPv6
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;
    #上海云盾国内节点
    set_real_ip_from 27.221.64.0/24;
    set_real_ip_from 27.221.68.0/24;
    set_real_ip_from 42.49.13.0/24;
    set_real_ip_from 42.236.6.128/27;
    set_real_ip_from 49.232.85.76/32;
    set_real_ip_from 58.222.57.0/24;
    set_real_ip_from 59.56.19.0/24;
    set_real_ip_from 59.56.78.0/24;
    set_real_ip_from 59.56.79.0/24;
    set_real_ip_from 60.163.162.32/27;
    set_real_ip_from 101.69.181.0/24;
    set_real_ip_from 103.95.220.0/25;
    set_real_ip_from 103.95.221.0/24;
    set_real_ip_from 103.136.251.0/24;
    set_real_ip_from 103.219.29.64/26;
    set_real_ip_from 111.2.127.0/24;
    set_real_ip_from 111.61.59.0/24;
    set_real_ip_from 115.231.230.0/24;
    set_real_ip_from 116.136.249.0/24;
    set_real_ip_from 116.177.238.0/24;
    set_real_ip_from 117.34.43.0/24;
    set_real_ip_from 118.121.192.0/24;
    set_real_ip_from 120.53.244.232/32;
    set_real_ip_from 120.220.20.0/24;
    set_real_ip_from 122.9.54.0/24;
    set_real_ip_from 122.226.191.192/26;
    set_real_ip_from 125.44.163.0/24;
    set_real_ip_from 129.28.193.74/32;
    set_real_ip_from 153.35.236.0/24;
    set_real_ip_from 171.111.155.0/24;
    set_real_ip_from 175.6.227.128/26;
    set_real_ip_from 183.47.233.64/26;
    set_real_ip_from 183.131.145.0/24;
    set_real_ip_from 183.131.200.0/24;
    set_real_ip_from 183.134.17.0/27;
    set_real_ip_from 183.221.215.0/24;
    set_real_ip_from 183.232.187.0/24;
    set_real_ip_from 183.249.20.0/24;
    set_real_ip_from 223.111.172.0/24;
    set_real_ip_from 223.68.10.0/24;
    #上海云盾海外节点
    set_real_ip_from 45.159.59.0/24;
    set_real_ip_from 85.237.218.0/24;
    set_real_ip_from 103.100.71.0/24;
    set_real_ip_from 103.112.3.0/24;
    set_real_ip_from 117.18.111.128/25;
    set_real_ip_from 128.1.170.0/24;
    set_real_ip_from 129.227.63.0/24;
    set_real_ip_from 156.241.6.0/24;
    set_real_ip_from 161.117.85.73/32;
    set_real_ip_from 164.88.96.0/24;
    set_real_ip_from 164.88.98.0/24;
    set_real_ip_from 202.181.144.128/25;
    set_real_ip_from 206.119.114.192/26;
    set_real_ip_from 206.119.110.192/26;
    set_real_ip_from 206.119.109.192/26;
    set_real_ip_from 206.119.108.192/26;
    set_real_ip_from 216.177.129.0/24;

    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

    include /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

vhost.conf

upstream webman {
    server 172.17.1.11:8787;
    keepalive 10240;
}

server {
  server_name 站点域名;
  listen 80;
  access_log off;

  location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      if (!-f $request_filename){
          proxy_pass http://webman;
      }
  }
}