Docker build a nginx image to quickly build Google's anti-generation site

Source: Internet
Author: User
Tags gpg mkdir openssl openssl x509 centos git clone docker run

Mirror usage
Self-owned certificate usage
Docker run-d--name=google \
-P 80:80-p 443:443 \
Directory for SSL certificates on-V systems:/USR/LOCAL/NGINX/CONF/SSL \
-E proxy_google=on \
-E proxy_ssl_crt_key=on \
-e proxy_crt= your CRT name \
-e proxy_key= your KEY name \
-e proxy_domain= your domain name \
Benyoo/nginx_build:proxy_google

System from the Visa book usage
Docker run-d--name=google \
-P 80:80-p 443:443 \
-E proxy_google=on \
-e proxy_domain= your domain name \
Benyoo/nginx_build:proxy_google
Docker build a nginx image to quickly build Google's anti-generation site

From centos:6.7


Maintainer from Www.111cn.net by Lookback (mondeolove@gmail.com)

RUN Yum Clean all &&
RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-centos-* && \
Yum install-y epel-release &&
RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-epel-6 && \
Yum Makecache && \
Yum install-y pcre-devel openssl-devel zlib-devel gd-devel tar gcc wget git

RUN groupadd--system www && \
Useradd--system--gid www www && \
mkdir-p {/var/log/wwwlogs,/var/run/nginx,/var/lock}

RUN wget-c http://nginx.org/download/nginx-1.9.5.tar.gz && \
git clone https://github.com/cuber/ngx_http_google_filter_module.git && \
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git && \
git clone https://github.com/aperezdc/ngx-fancyindex.git

RUN tar xf nginx-1.9.5.tar.gz && \
CD nginx-1.9.5 && \
./configure--prefix=/usr/local/nginx \
--user=www--group=www \
--error-log-path=/var/log/wwwlogs/error.log \
--http-log-path=/var/log/wwwlogs/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--with-pcre \
--with-ipv6 \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-http_image_filter_module \
--with-http_addition_module \
--http-client-body-temp-path=/usr/local/nginx/client/\
--http-proxy-temp-path=/usr/local/nginx/proxy/\
--http-fastcgi-temp-path=/usr/local/nginx/fcgi/\
--HTTP-UWSGI-TEMP-PATH=/USR/LOCAL/NGINX/UWSGI \
--HTTP-SCGI-TEMP-PATH=/USR/LOCAL/NGINX/SCGI \
--add-module=.. /ngx_http_google_filter_module \
--add-module=.. /ngx_http_substitutions_filter_module \
--add-module=.. /ngx-fancyindex && \
Make-j $ (awk '/processor/{i++}end{print i} '/proc/cpuinfo) && make install && \
Rm-rf.. /{ngx_http*,ngx-fancyindex,nginx-1.9.5*}

ADD nginx.conf/usr/local/nginx/conf/nginx.conf

ADD run.sh/run.sh
RUN chmod +x/run.sh

VOLUME ["/home/wwwroot", "/usr/local/nginx/conf/ssl", "/usr/local/nginx/conf/vhost"]

Expose 80 443

entrypoint ["/run.sh"]

CMD ["Nginx"]
#!/bin/sh
#########################################################################
# File Name:run.sh
# Author:lookback
# email:admin#111cn.net
# Version:
# Created time:2015 Year November 17 Tuesday 10:29 55 seconds
#########################################################################
Path=/bin:/usr/local/nginx/sbin: $PATH
Nginx_install_dir=/usr/local/nginx

Set-e

If [-N "$TIMEZONE"]; Then
Rm-rf/etc/localtime && \
Ln-s/usr/share/zoneinfo/$TIMEZONE/etc/localtime
Fi

if ["${1:0:1}" = '-']; Then
Set--Nginx "$@"
Fi

If [-Z "$DATA _dir"]; Then
Data_dir=/home/wwwroot
Fi

Sed-i "s@/home/wwwroot@ $DATA _dir@" $Nginx _install_dir/conf/nginx.conf
Mkdir-p ${data_dir}
[!-F "$DATA _dir/index.html"] && Echo ' <meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>

<span style= "line-height:1.5;" ><span style= "color: #337FE5;" >hello world! This nginx!</span>
</span><span style= "Line-height:1.5;color: #E53333;" >welcome to use docker!</span>


<span style= "Line-height:1.5;color: #E53333;" > ^_^ ┢┦aρpy&nbsp;</span>


' > $DATA _dir/index.html
Chown-r www.www $DATA _dir

cpu_num=$ (awk '/processor/{i++}end{print i} '/proc/cpuinfo)
If ["$CPU _num" = ' 2 '];then
Sed-i ' s@^worker_processes.* @worker_processes 2;\nworker_cpu_affinity 01;@ ' $Nginx _install_dir/conf/nginx.conf
elif ["$CPU _num" = ' 3 '];then
Sed-i ' s@^worker_processes.* @worker_processes 3;\nworker_cpu_affinity 010 001;@ ' $Nginx _install_dir/conf/ Nginx.conf
elif ["$CPU _num" = ' 4 '];then
Sed-i ' s@^worker_processes.* @worker_processes 4;\nworker_cpu_affinity 1000 0100 0010 0001;@ ' $Nginx _install_dir/conf/ Nginx.conf
elif ["$CPU _num" = ' 6 '];then
Sed-i ' s@^worker_processes.* @worker_processes 6;\nworker_cpu_affinity 100000 010000 001000 000100 000010 000001;@ ' $ Nginx_install_dir/conf/nginx.conf
elif ["$CPU _num" = ' 8 '];then
Sed-i ' s@^worker_processes.* @worker_processes 8;\nworker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;@ ' $Nginx _install_dir/conf/nginx.conf
Else
Echo Google worker_cpu_affinity
Fi

if [[-N ' $PROXY _google]]]; Then
[f "${nginx_install_dir}/conf/ssl"] | | Mkdir-p $Nginx _install_dir/conf/ssl
[f "${nginx_install_dir}/conf/vhost"] | | Mkdir-p $Nginx _install_dir/conf/vhost

If [-Z "$PROXY _domain"]; Then
echo >&2 ' error:missing proxy_domain '
echo >&2 ' Did you forget to Add-e proxy_domain= ...? '
Exit 1
Fi

        If [-N "$PROXY _ssl_crt_key"]; then
                 if [-Z "$PROXY _crt"]; Then
                         echo >&2 ' error:  missing proxy_crt '
                          Echo >&2 '   Did you forget to Add-e proxy_crt= ...? '
                         Exit 1
                 fi

                If [-Z "$PROXY _key" ]; Then
                         echo >&2 ' error:  missing Proxy_key '
                          Echo >&2 '   Did you forget to Add-e proxy_key= ...? '
                         Exit 1
                 fi

If [f "${nginx_install_dir}/conf/ssl/${proxy_crt}"]; Then
echo >&2 ' error:missing proxy_crt '
echo >&2 "You need to put ${PROXY_CRT} in SSL directory"
Exit 1
Fi

If [f "${nginx_install_dir}/conf/ssl/${proxy_key}"]; Then
echo >&2 ' error:missing PROXY_CSR '
echo >&2 "You need to put ${proxy_key} in SSL directory"
Exit 1
Fi
Else
OpenSSL Req-new-newkey rsa:2048-nodes \
-out $Nginx _install_dir/conf/ssl/$PROXY _DOMAIN.CSR \
-keyout $Nginx _install_dir/conf/ssl/$PROXY _domain.key \
-SUBJ "/c=cn/st=shanghai/l=pudong/o=legion/ou=devops/cn= $PROXY _domain/emailaddress=admin@111cn.net"
OpenSSL x509-req-days 365-in $Nginx _install_dir/conf/ssl/$PROXY _DOMAIN.CSR \
-signkey $Nginx _install_dir/conf/ssl/$PROXY _domain.key \
-out $Nginx _install_dir/conf/ssl/$PROXY _domain.crt

RM-RF $Nginx _install_dir/conf/ssl/$PROXY _DOMAIN.CSR

Proxy_key=${proxy_domain}.key
Proxy_crt=${proxy_domain}.crt
Fi

#sed-i ' 57,87d ' $Nginx _install_dir/conf/nginx.conf
Cat > ${nginx_install_dir}/conf/vhost/google.conf << EOF
server {
Listen 80;
server_name $PROXY _domain;
Return https://$PROXY _domain\ $request _uri;
}

server {
Listen 443 SSL;
server_name $PROXY _domain;

        SSL on;
        ssl_certificate SSL/${PROXY_CRT};
        Ssl_certificate_key Ssl/${proxy_key};
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers all:!anull:! adh:!enull:! low:! Exp:rc4+rsa:+high:+medium;
        keepalive_timeout 70;
        Ssl_session_cache shared:ssl:10m;
        ssl_session_timeout 10m;

Resolver 8.8.8.8;
Location/{
Google on;
Google_scholar on;
Google_language ZH-CN;
Google_robots_allow on;
}
}
Eof
#mv ${nginx_install_dir}/vhost/{google.conf.stop,google.conf}
Fi

Exec "$@"-g "daemon off;"
User www www.
Worker_processes Auto;

Error_log/var/log/wwwlogs/error_nginx.log Crit;
Pid/var/run/nginx.pid;
Worker_rlimit_nofile 51200;

Events {
Use Epoll;
Worker_connections 51200;
}

HTTP {
Include Mime.types;
Default_type Application/octet-stream;
Server_names_hash_bucket_size 128;
Client_header_buffer_size 32k;
Large_client_header_buffers 4 32k;
Client_max_body_size 50m;
Sendfile on;
Tcp_nopush on;
Keepalive_timeout 120;
Server_tokens off;
Tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    #Gzip Compression
    Gzip on;
    gzip_buffers 8k;
& nbsp;   Gzip_comp_level 6;
    Gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
    text/xml application/xml application/atom+xml application/ Rss+xml application/xhtml+xml image/svg+xml
    text/javascript application/javascript Application/x-javascript
    Text/x-json Application/json Application/x-web-app-manifest+json
    text/css text/plain text/x-component
    font/opentype application/ X-font-ttf application/vnd.ms-fontobject
    image/x-icon;
    gzip_disable   "Msie6";

#If have a lot of static files to serve through Nginx then caching of the files ' metadata (not the actual files ' Conte NTS) can save some latency.
Open_file_cache max=1000 inactive=20s;
Open_file_cache_valid 30s;
Open_file_cache_min_uses 2;
Open_file_cache_errors on;

server {
Listen 80;
server_name-;
Root/home/wwwroot;
Index index.html index.php index.jsp;
Access_log/var/log/wwwlogs/access_nginx.log combined;

Location/status {
Stub_status on;
Auth_basic "WebServer Status";
}

# location ~ *\. (PHP|PHP5)? $ {
# #fastcgi_pass remote_php_ip:9000;
# Fastcgi_pass Unix:/dev/shm/php-cgi.sock;
# Fastcgi_index index.php;
# include fastcgi.conf;
#        }

Location ~. *\. (Gif|jpg|jpeg|png|bmp|swf|flv|ico) $ {
Expires 30d;
}

Location ~. *\. (JS|CSS)? $ {
Expires 7d;
}
}

######################### #vhost #####################################
Include vhost/*.conf;
}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.