【www.bbyears.com--Google】

镜像用法
自备证书用法
docker run -d --name=google \
-p 80:80 -p 443:443 \
-v 系统上存放ssl证书的目录:/usr/local/nginx/conf/ssl \
-e PROXY_GOOGLE=On \
-e PROXY_SSL_CRT_KEY=On \
-e PROXY_CRT=你的crt名称 \
-e PROXY_KEY=你的key名称 \
-e PROXY_DOMAIN=你的域名 \
benyoo/nginx_build:proxy_google

系统自签证书用法
docker run -d --name=google \
-p 80:80 -p 443:443 \
-e PROXY_GOOGLE=On \
-e PROXY_DOMAIN=你的域名 \
benyoo/nginx_build:proxy_google
Docker之构建Nginx镜像实现迅速搭建Google反代站点

FROM centos:6.7

MAINTAINER from www.111cn.net by lookback (mondeolove@gmail.com)

RUN yum clean all && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-* && \
yum install -y epel-release && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 && \
yum makecache && \
yum install -y pcre-devel openssl-devel zlib-devel gd-devel tar gcc wget git

RUN groupadd --system www && \
useradd --system --gid www www && \
mkdir -p {/var/log/wwwlogs,/var/run/nginx,/var/lock}

RUN wget -c http://nginx.org/download/nginx-1.9.5.tar.gz && \
git clone https://github.com/cuber/ngx_http_google_filter_module.git && \
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git && \
git clone https://github.com/aperezdc/ngx-fancyindex.git

RUN tar xf nginx-1.9.5.tar.gz && \
cd nginx-1.9.5 && \
./configure --prefix=/usr/local/nginx \
--user=www --group=www \
--error-log-path=/var/log/wwwlogs/error.log \
--http-log-path=/var/log/wwwlogs/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--with-pcre \
--with-ipv6 \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-http_image_filter_module \
--with-http_addition_module \
--http-client-body-temp-path=/usr/local/nginx/client/ \
--http-proxy-temp-path=/usr/local/nginx/proxy/ \
--http-fastcgi-temp-path=/usr/local/nginx/fcgi/ \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \
--http-scgi-temp-path=/usr/local/nginx/scgi \
--add-module=../ngx_http_google_filter_module \
--add-module=../ngx_http_substitutions_filter_module \
--add-module=../ngx-fancyindex && \
make -j $(awk "/processor/{i++}END{print i}" /proc/cpuinfo) && make install && \
rm -rf ../{ngx_http*,ngx-fancyindex,nginx-1.9.5*}

ADD nginx.conf /usr/local/nginx/conf/nginx.conf

ADD run.sh /run.sh
RUN chmod +x /run.sh

VOLUME ["/home/wwwroot", "/usr/local/nginx/conf/ssl", "/usr/local/nginx/conf/vhost"]

EXPOSE 80 443

ENTRYPOINT ["/run.sh"]

CMD ["nginx"]
#!/bin/sh
#########################################################################
# File Name: run.sh
# Author: LookBack
# Email: admin#111cn.net
# Version:
# Created Time: 2015年11月17日 星期二 10时29分55秒
#########################################################################
PATH=/bin:/usr/local/nginx/sbin:$PATH
Nginx_Install_Dir=/usr/local/nginx

set -e

if [ -n "$TIMEZONE" ]; then
        rm -rf /etc/localtime && \
        ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
fi

if [ "${1:0:1}" = "-" ]; then
        set -- nginx "$@"
fi

if [ -z "$DATA_DIR" ]; then
        DATA_DIR=/home/wwwroot
fi

sed -i "s@/home/wwwroot@$DATA_DIR@" $Nginx_Install_Dir/conf/nginx.conf
mkdir -p ${DATA_DIR}
[ ! -f "$DATA_DIR/index.html" ] && echo "

                Hello world! This Nginx!
Welcome to use Docker!
       

                ^_^┢┦aΡｐy 
       

" > $DATA_DIR/index.html
chown -R www.www $DATA_DIR

CPU_num=$(awk "/processor/{i++}END{print i}" /proc/cpuinfo)
if [ "$CPU_num" == "2" ];then
    sed -i "s@^worker_processes.*@worker_processes 2;\nworker_cpu_affinity 10 01;@" $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == "3" ];then
    sed -i "s@^worker_processes.*@worker_processes 3;\nworker_cpu_affinity 100 010 001;@" $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == "4" ];then
    sed -i "s@^worker_processes.*@worker_processes 4;\nworker_cpu_affinity 1000 0100 0010 0001;@" $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == "6" ];then
    sed -i "s@^worker_processes.*@worker_processes 6;\nworker_cpu_affinity 100000 010000 001000 000100 000010 000001;@" $Nginx_Install_Dir/conf/nginx.conf
elif [ "$CPU_num" == "8" ];then
    sed -i "s@^worker_processes.*@worker_processes 8;\nworker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;@" $Nginx_Install_Dir/conf/nginx.conf
else
    echo Google worker_cpu_affinity
fi

if [[ -n "$PROXY_GOOGLE" ]]; then
        [ -f "${Nginx_Install_Dir}/conf/ssl" ] || mkdir -p $Nginx_Install_Dir/conf/ssl
        [ -f "${Nginx_Install_Dir}/conf/vhost" ] || mkdir -p $Nginx_Install_Dir/conf/vhost

        if [ -z "$PROXY_DOMAIN" ]; then
                echo >&2 "error:  missing PROXY_DOMAIN"
                echo >&2 "  Did you forget to add -e PROXY_DOMAIN=... ?"
                exit 1
        fi

        if [ -n "$PROXY_SSL_CRT_KEY" ]; then
                if [ -z "$PROXY_CRT" ]; then
                        echo >&2 "error:  missing PROXY_CRT"
                        echo >&2 "  Did you forget to add -e PROXY_CRT=... ?"
                        exit 1
                fi

                if [ -z "$PROXY_KEY" ]; then
                        echo >&2 "error:  missing PROXY_KEY"
                        echo >&2 "  Did you forget to add -e PROXY_KEY=... ?"
                        exit 1
                fi

                if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_CRT}" ]; then
                        echo >&2 "error:  missing PROXY_CRT"
                        echo >&2 "  You need to put ${PROXY_CRT} in ssl directory"
                        exit 1
                fi

                if [ -f "${Nginx_Install_Dir}/conf/ssl/${PROXY_KEY}" ]; then
                        echo >&2 "error:  missing PROXY_CSR"
                        echo >&2 "  You need to put ${PROXY_KEY} in ssl directory"
                        exit 1
                fi
        else
                openssl req -new -newkey rsa:2048 -nodes \
                        -out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
                        -keyout $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
                        -subj "/C=CN/ST=Shanghai/L=Pudong/O=Legion/OU=DevOps/CN=$PROXY_DOMAIN/emailAddress=admin@111cn.net"
                openssl x509 -req -days 365 -in $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr \
                        -signkey $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.key \
                        -out $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.crt

                rm -rf $Nginx_Install_Dir/conf/ssl/$PROXY_DOMAIN.csr

                PROXY_KEY=${PROXY_DOMAIN}.key
                PROXY_CRT=${PROXY_DOMAIN}.crt
        fi

        #sed -i "57,87d" $Nginx_Install_Dir/conf/nginx.conf
        cat > ${Nginx_Install_Dir}/conf/vhost/google.conf << EOF
server {
        listen 80;
        server_name $PROXY_DOMAIN;
        return 301 https://$PROXY_DOMAIN\$request_uri;
}

server {
        listen 443 ssl;
        server_name $PROXY_DOMAIN;

        ssl on;
        ssl_certificate ssl/${PROXY_CRT};
        ssl_certificate_key ssl/${PROXY_KEY};
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
        keepalive_timeout 70;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        resolver 8.8.8.8;
        location / {
                google on;
                google_scholar on;
                google_language zh-CN;
                google_robots_allow on;
        }
}
EOF
        #mv ${Nginx_Install_Dir}/vhost/{google.conf.stop,google.conf}
fi

exec "$@" -g "daemon off;"
user www www;
worker_processes auto;

error_log /var/log/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections 51200;
}

http {
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 120;
    server_tokens off;
    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    #Gzip Compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
    text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
    text/javascript application/javascript application/x-javascript
    text/x-json application/json application/x-web-app-manifest+json
    text/css text/plain text/x-component
    font/opentype application/x-font-ttf application/vnd.ms-fontobject
    image/x-icon;
    gzip_disable  "msie6";

    #If you have a lot of static files to serve through Nginx then caching of the files" metadata (not the actual files" contents) can save some latency.
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    server {
        listen 80;
        server_name -;
        root /home/wwwroot;
        index index.html index.php index.jsp;
        access_log /var/log/wwwlogs/access_nginx.log combined;

        location /status {
            stub_status on;
            auth_basic "WebServer Status";
        }

#        location ~ .*\.(php|php5)?$ {
#            #fastcgi_pass remote_php_ip:9000;
#            fastcgi_pass unix:/dev/shm/php-cgi.sock;
#            fastcgi_index index.php;
#            include fastcgi.conf;
#        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
            expires 30d;
        }

        location ~ .*\.(js|css)?$ {
            expires 7d;
        }
    }

##########################vhost#####################################
    include vhost/*.conf;
}

本文来源：http://www.bbyears.com/seo/91712.html