Nginx on Docker with TLS 1.3 / FGHRSH Service Node Infrastructure
Clone or download
Pull request Compare This branch is 69 commits ahead, 5 commits behind lwl12:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf
verynginx
Dockerfile
README.md

README.md

FSN VeryNginx Docker

VeryNginx on Docker with TLS 1.3 / FGHRSH Service Node Infrastructure

特性

  • 启用 Strict-SNI1,保护源站 IP 不被 SSL 暴露
  • 基于新版 Nginx 1.15 编译,集成 VeryNginx 脚本
  • 支持 HTTPS 2 / TLS 1.3 / Brotli / Headers More 等

#1 如遇 CDN 回源 503 错误,请修改 nginx.conf: strict_sni off;  

使用

举个栗子

  • Hello World
    • /data/wwwroot/example.com - 网站根目录
    • /data/wwwlogs/example.com-xxx.log - 网站日志记录
    • /root/docker_data/nginx/ssl/example.com.crt(key) - 存放证书
    • /root/docker_data/nginx/vhosts/example.com.conf - 网站配置文件
docker run -d --restart always \
 -p 80:80 -p 443:443 --name nginx \
 -v /data/wwwroot:/data/wwwroot \
 -v /data/wwwlogs:/data/wwwlogs \
 -v /root/docker_data/nginx/ssl:/etc/nginx/ssl:ro \
 -v /root/docker_data/nginx/vhosts:/etc/nginx/vhosts:ro \
 fghrsh/fsn_nginx:verynginx_strict-sni
  • Advanced Setting
    • mkdir -p /root/docker_data/nginx/ - 创建存放配置的目录,可自行修改
    • curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_VeryNginx_Docker/verynginx/conf/nginx.conf > /root/docker_data/nginx/nginx.conf
    • curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_VeryNginx_Docker/verynginx/verynginx/configs/config.json > /root/docker_data/nginx/verynginx.json
    • setfacl -m u:82:rw /root/docker_data/nginx/verynginx.json
    • vim /root/docker_data/nginx/nginx.conf - 编辑 nginx.conf
docker run -d --restart always \
 -p 80:80 -p 443:443 --name nginx \
 -v /data/wwwroot:/data/wwwroot \
 -v /data/wwwlogs:/data/wwwlogs \
 -v /etc/localtime:/etc/localtime:ro \
 -v /root/docker_data/nginx/ssl:/etc/nginx/ssl:ro \
 -v /root/docker_data/nginx/vhosts:/etc/nginx/vhosts:ro \
 -v /root/docker_data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
 -v /root/docker_data/nginx/verynginx.json:/opt/verynginx/configs/config.json \
 --network fsn fghrsh/fsn_nginx:verynginx_strict-sni
  • 参数说明
    • /etc/localtime - 用于同步 宿主机 时区设置
    • docker network create fsn - 创建 fsn 网络,用于容器间连接
    • docker run --network fsn - 接入 fsn 网络(视情况修改,不需要请去除

nginx.vhost.default.conf

server {
    listen 80;
    listen 443 ssl http2;
    
    # this line shoud be include in every server block
    include /opt/verynginx/nginx_conf/in_server_block.conf;
    
    server_name example.com;
    root /data/wwwroot/example.com;
    index index.html index.htm index.php;
    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    
    location ~ \.php$ {
        fastcgi_pass   php-example:9000;
        fastcgi_index  index.php;
        fastcgi_param  DOCUMENT_ROOT   /data/wwwroot/example.com;
        fastcgi_param  SCRIPT_FILENAME /data/wwwroot/example.com$fastcgi_script_name;
        include fastcgi.conf;
    }
    
    access_log /data/wwwlogs/example.com-access.log main;
    error_log /data/wwwlogs/example.com-error.log crit;
}

 

Thanks

(๑´ㅁ`) 都看到这了,点个 Star 吧 ~