目录
- 前奏
- 问题描述
- 问题解决
- 第一步:设置构建环境
- 第二步:构建BoringSSL
- 第三步:下载并构建Nginx
- 第四步:创建最终镜像
- 整体的Dockerfile
前奏
你是否曾经想过,亲手打造一个属于自己的Nginx Docker镜像呢?
今天,让我们创建一个支持HTTP/3的Nginx Docker镜像吧!
请原谅我选择开启仅粉丝可见。
问题描述
在现代网络架构中,Nginx作为一个高性能的Web服务器和反向代理服务器,广受欢迎。然而,默认的Nginx镜像可能无法满足我们所有的需求,尤其是当我们需要支持一些高级特性比如HTTP/3时。因此,我们需要自行设计并构建一个自定义的Nginx镜像。
问题解决
第一步:设置构建环境
首先,我们需要一个基础镜像,这里我们选择Ubuntu 22.04作为起点。接着,我们设置非交互式安装环境,以确保安装过程不会因为用户交互而中断。以下是相关的Dockerfile配置:
FROM ubuntu:22.04 AS builder# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive# 安装构建依赖
RUN apt-get update && apt-get install -y \git wget build-essential libpcre3-dev zlib1g-dev \libssl-dev cmake ninja-build golang libunwind-dev \pkg-config curl gnupg2 ca-certificates
第二步:构建BoringSSL
为了支持HTTP/3,我们需要使用BoringSSL。我们将其源码克隆下来,并进行构建。以下是相关步骤:
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \cd boringssl && \mkdir build && \cd build && \cmake -GNinja .. && \ninja
第三步:下载并构建Nginx
接下来,我们需要下载Nginx的源码,并配置其构建参数,以便支持HTTP/3。具体步骤如下:
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \git clone --recursive https://github.com/cloudflare/quiche.git && \cd nginx-${NGINX_VERSION} && \./configure \--prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--http-log-path=/var/log/nginx/access.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-http_ssl_module \--with-http_v2_module \--with-http_v3_module \--with-cc-opt="-I../quiche/deps/boringssl/include" \--with-ld-opt="-L../quiche/deps/boringssl/lib" && \make -j$(nproc) && \make install
第四步:创建最终镜像
我们将构建好的Nginx及其依赖复制到最终镜像中,同时设置运行时的环境和参数。以下是相关配置:
FROM ubuntu:22.04# 安装运行时依赖
RUN apt-get update && apt-get install -y \ca-certificates libpcre3 openssl \&& rm -rf /var/lib/apt/lists/*# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \mkdir -p /etc/nginx/conf.d && \mkdir -p /usr/share/nginx/html# 创建默认配置,支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\worker_connections 1024;\n\
}\n\
\n\
http {\n\sendfile on;\n\tcp_nopush on;\n\tcp_nodelay on;\n\keepalive_timeout 65;\n\types_hash_max_size 2048;\n\include /etc/nginx/mime.types;\n\default_type application/octet-stream;\n\ssl_protocols TLSv1.3;\n\ssl_prefer_server_ciphers on;\n\access_log /var/log/nginx/access.log;\n\error_log /var/log/nginx/error.log;\n\include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf# 默认站点配置
RUN echo 'server {\listen 80;\listen 443 ssl http2;\listen 443 quic reuseport;\server_name localhost;\ssl_certificate /etc/nginx/ssl/nginx.crt;\ssl_certificate_key /etc/nginx/ssl/nginx.key;\ssl_protocols TLSv1.3;\add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\location / {\root /usr/share/nginx/html;\index index.html;\}\
}' > /etc/nginx/conf.d/default.conf# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ln -sf /dev/stderr /var/log/nginx/error.log# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl# 暴露端口
EXPOSE 80 443/tcp 443/udpSTOPSIGNAL SIGQUITCMD ["nginx", "-g", "daemon off;"]
整体的Dockerfile
哈~这就是我们完整的定制Nginx Dockerfile了!希望你能在这次旅程中找到乐趣,并成功创建出属于你自己的Nginx镜像。记住,真正的自由,是带着自己的创造力翱翔哦!
FROM ubuntu:22.04 AS builder# 设置非交互式安装
ENV DEBIAN_FRONTEND=noninteractive# 安装构建依赖
RUN apt-get update && apt-get install -y \git wget build-essential libpcre3-dev zlib1g-dev \libssl-dev cmake ninja-build golang libunwind-dev \pkg-config curl gnupg2 ca-certificates# 构建BoringSSL
WORKDIR /src
RUN git clone https://github.com/google/boringssl.git && \cd boringssl && \mkdir build && \cd build && \cmake -GNinja .. && \ninja# 下载并构建Nginx
ARG NGINX_VERSION=1.25.4
WORKDIR /src
RUN wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \tar -xzvf nginx-${NGINX_VERSION}.tar.gz && \git clone --recursive https://github.com/cloudflare/quiche.git && \cd nginx-${NGINX_VERSION} && \./configure \--prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--http-log-path=/var/log/nginx/access.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-http_ssl_module \--with-http_v2_module \--with-http_v3_module \--with-cc-opt="-I../quiche/deps/boringssl/include" \--with-ld-opt="-L../quiche/deps/boringssl/lib" && \make -j$(nproc) && \make install# 创建最终镜像
FROM ubuntu:22.04# 安装运行时依赖
RUN apt-get update && apt-get install -y \ca-certificates libpcre3 openssl \&& rm -rf /var/lib/apt/lists/*# 复制Nginx及其依赖
COPY --from=builder /etc/nginx /etc/nginx
COPY --from=builder /usr/sbin/nginx /usr/sbin/nginx
COPY --from=builder /var/log/nginx /var/log/nginx
COPY --from=builder /src/boringssl/build/ssl/libssl.a /usr/lib/
COPY --from=builder /src/boringssl/build/crypto/libcrypto.a /usr/lib/# 创建所需的目录
RUN mkdir -p /var/cache/nginx/client_temp && \mkdir -p /etc/nginx/conf.d && \mkdir -p /usr/share/nginx/html# 创建默认配置,支持HTTP/3
RUN echo 'worker_processes auto;\n\
events {\n\worker_connections 1024;\n\
}\n\
\n\
http {\n\sendfile on;\n\tcp_nopush on;\n\tcp_nodelay on;\n\keepalive_timeout 65;\n\types_hash_max_size 2048;\n\include /etc/nginx/mime.types;\n\default_type application/octet-stream;\n\ssl_protocols TLSv1.3;\n\ssl_prefer_server_ciphers on;\n\access_log /var/log/nginx/access.log;\n\error_log /var/log/nginx/error.log;\n\include /etc/nginx/conf.d/*.conf;\n\
}' > /etc/nginx/nginx.conf# 默认站点配置
RUN echo 'server {\listen 80;\listen 443 ssl http2;\listen 443 quic reuseport;\server_name localhost;\ssl_certificate /etc/nginx/ssl/nginx.crt;\ssl_certificate_key /etc/nginx/ssl/nginx.key;\ssl_protocols TLSv1.3;\add_header Alt-Svc '\''h3=":443"; ma=86400'\'';\location / {\root /usr/share/nginx/html;\index index.html;\}\
}' > /etc/nginx/conf.d/default.conf# 创建默认首页
RUN echo '<html><body><h1>HTTP/3 Enabled!</h1></body></html>' > /usr/share/nginx/html/index.html# 转发请求日志到Docker日志收集器
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ln -sf /dev/stderr /var/log/nginx/error.log# 创建非root用户
RUN adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx# 创建SSL证书目录
RUN mkdir -p /etc/nginx/ssl# 暴露端口
EXPOSE 80 443/tcp 443/udpSTOPSIGNAL SIGQUITCMD ["nginx", "-g", "daemon off;"]
?)
![[C#] Winform - 进程间通信(SendMessage篇)](http://pic.xiahunao.cn/nshx/[C#] Winform - 进程间通信(SendMessage篇))
