docker上通过Nginx创建多个子域名访问同一个服务器

# 同一个域名不同的子域名.解析到同一个ip服务器,服务器为centos.安装了docker服务,其中有一个青龙服务,另外有一个gotify服务,现在需要创建一个docker的Nginx服务.实现的效果为青龙的域名不加任何端口号,直接访问到青龙服务.gotify的域名不加任何端口直接访问到gotify的服务.具体实现步骤如下

# 1. 拉取 Nginx 镜像

docker pull nginx:latest

# 2. 创建 Nginx 配置文件目录

mkdir -p /root/nginx/conf.d

# 3. 创建两个域名的配置文件

为青龙项目创建配置文件：

cat > /root/nginx/conf.d/qinglong.conf << 'EOF'
server {
    listen 80;
    server_name qinglong.cqzhz.com;

    location / {
        proxy_pass http://1.94.235.68:5885;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 添加子目录配置
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        
        # WebSocket 支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 专门处理静态资源
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        proxy_pass http://1.94.235.68:5885;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        expires 7d;
        proxy_cache_valid 200 7d;
        proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
    }
}
EOF

为 Gotify 项目创建配置文件：

cat > /root/nginx/conf.d/gotify.conf << 'EOF'
server {
    listen 80;
    server_name gotify.cqzhz.com;

    location / {
        proxy_pass http://1.94.235.68:8358;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # WebSocket 支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
EOF

# 4. 启动 Nginx 容器

docker run -d \ --name nginx-proxy \ --restart always \ -p 80:80 \ -v /root/nginx/conf.d:/etc/nginx/conf.d \ nginx:latest

# 替我的每个域名都申请ssl证书并添加自动续签

# 1. 安装 certbot

# 安装 EPEL 源

yum install epel-release -y

# 安装 certbot

yum install certbot python3-certbot-nginx -y

# 2. 停止 Nginx 容器（申请证书时需要使用 80 端口）

docker stop nginx-proxy

# 3. 申请 SSL 证书

`certbot certonly --standalone \

-d qinglong.cqzhz.com \

-d gotify.cqzhz.com \

--agree-tos \

--email your-email@example.com # 请替换为你的邮箱`

# 4. 修改 Nginx 配置

青龙项目配置：

server {
    listen 80;
    server_name qinglong.cqzhz.com;
    # 将 HTTP 重定向到 HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name qinglong.cqzhz.com;

    # SSL 证书配置
    ssl_certificate /etc/letsencrypt/live/qinglong.cqzhz.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/qinglong.cqzhz.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    location / {
        proxy_pass http://1.94.235.68:5885;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Gotify 项目配置：

server {
    listen 80;
    server_name gotify.cqzhz.com;
    # 将 HTTP 重定向到 HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name gotify.cqzhz.com;

    # SSL 证书配置
    ssl_certificate /etc/letsencrypt/live/gotify.cqzhz.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gotify.cqzhz.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    location / {
        proxy_pass http://1.94.235.68:8358;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

# 5.重新启动项目

# 停止旧容器

docker stop nginx-proxy

# 删除旧容器

docker rm nginx-proxy

# 现在重新运行新容器

`docker run -d \

--name nginx-proxy \

--restart always \

-p 80:80 \

-p 443:443 \

-v /root/nginx/conf.d:/etc/nginx/conf.d \

-v /etc/letsencrypt:/etc/letsencrypt:ro \

nginx:latest`

现在就能正常使用https访问两个项目了

# 为我的项目添加自动续签功能

# 创建续期脚本

`cat > /root/renew-cert.sh << 'EOF'

#!/bin/bash

docker stop nginx-proxy

certbot renew

docker start nginx-proxy

EOF`

# 添加执行权限

chmod +x /root/renew-cert.sh

# 添加定时任务，每月 1 日凌晨 2 点续期

(crontab -l 2>/dev/null; echo "0 2 1 * * /root/renew-cert.sh") | crontab -

编辑

上次更新: 2024/12/18, 17:45:13

← docker拉取Nginx创建网站 docker青龙面板安装阿里云自动签到→