Docker 运行 Tengine 服务

Tengine 是淘宝开源的, 它是 nginx 的一个分支;

Tengine是由淘宝网发起的Web服务器项目。它在Nginx的基础上,针对大访问量网站的需求,添加了很多高级功能和特性。它的目的是打造一个高效、安全的Web平台。

由于淘宝没有做docker 的Tengine 镜像,所以我可以搜索下

https://hub.docker.com/search?q=tengine&type=image

我们选择下载人多的镜像

https://hub.docker.com/r/axizdkr/tengine

注意:

latest 表示最新版本

docker 拉取 Nginx 版本

  • 拉取最新版本

    • docker pull axizdkr/tengine:latest
  • 其它版本

    • docker pull axizdkr/tengine:alpine
    • docker pull axizdkr/tengine:2.3.2
    • docker pull axizdkr/tengine:2.3.0

docker 查看本地镜像

docker images|grep tengine

docker 运行 tengine 服务

运行指令:

docker run -it -d --name test_tengine \
      -v /you_path/nginx.conf:/etc/nginx/conf.d/example.com.conf \
      -p "80:80" -p 443:443 axizdkr/tengine

参数说明:

  • -p 表示端口映射

  • -v 表示宿主机和容器之间文件映射,

    • /you_path/nginx.conf 表示宿主机文件路径
    • /etc/nginx/conf.d/example.com.conf 表示容器内文件路径

配置文件

upstream back.example.com  {

    # list of backend servers
    server backend1.local;
    server backend2.local;
    server backend3.local;

    # sticky session on
    session_sticky;

    #chek interval in ms
    check interval=3000 rise=1 fall=3 timeout=3000 type=http default_down=true;
    check_keepalive_requests 1;
    check_http_send "HEAD / HTTP/1.1\r\nhost: example.com\r\nConnection: close\r\n\r\n";
    check_http_expect_alive http_2xx;

}


server {
    listen 80;
    server_name     pangugle.com www.pangugle.com;
    location / {
	# redirect to https
	return 301 https://$host$request_uri;
    }
    location ~ ^/(.well-known/acme-challenge/.*)$ {
	# redirect to acme storage
	proxy_pass		http://acme.local/$1;
	proxy_set_header	X-Real-IP $remote_addr;
	proxy_set_header	Host $http_host;
	proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
	#ssl settings
	### server port and name ###
	listen			443 ssl;
	server_name		example.com www.example.com;

	access_log		off;
	error_log		/var/log/nginx/example.com-error.log;

	### SSL cert files ###
	ssl_certificate		/cert/example.cer;
	ssl_certificate_key	/cert/example.key;

	#ssl proto only
	ssl_protocols		TLSv1.1 TLSv1.2 TLSv1.3;
	# stapling on
	ssl_stapling		on;
	ssl_stapling_verify	on;
	# cipher methods restrict
	ssl_ciphers		HIGH:!aNULL:!MD5:!CAMELLIA;
	ssl_prefer_server_ciphers on;
	keepalive_timeout       60;
	ssl_session_cache       shared:SSL:10m;
	ssl_session_timeout     10m;
	ssl_dhparam             /cert/dhparam.pem;
	# HSTS
	add_header Strict-Transport-Security "max-age=31536000; preload" always;


	location / {
		proxy_pass  http://back.example.com/;

		proxy_next_upstream	error timeout invalid_header http_500 http_502 http_503 http_504;
		proxy_set_header        Accept-Encoding   "";
		proxy_set_header        Host            $host;
		proxy_set_header        X-Real-IP       $remote_addr;
		proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header        X-Forwarded-Proto $scheme;
		add_header              Front-End-Https   on;
		proxy_redirect		off;
	}

}

端口可以任意指定,主要保证不冲突就行了

查看容器:

docker ps -a|grep test_tengine

访问 tengine

假如安装 tengine 宿主机的ip为 192.168.1.10,

则访问地址:

http://192.168.1.10

如果有配置ssl

https://192.168.1.10

如何配置是域名

https://you_domain.com

停止容器并移除

docker kill test_tengine
docker rm test_tengine

再次查看

docker ps -a|grep test_tengine

你会发现了没有了