脚本所在服务器地址
121.196.47.141 路径:/usr/local/nginx/conf/vhost/module/auto_cert.sh
脚本内容
- 通过脚本生成代理docker部署的api、staffapi、m、wm等项目nginx配置
hostprefix=$2
mhost=$2.m.dajxyl.com
apihost=$2.api.dajxyl.com
staffhost=$2.staffapi.dajxyl.com
adminhost=$2.admin.dajxyl.com
wwwhost=$2.www.dajxyl.com
shophost=$2.s.dajxyl.com
workermanhost=$2.wm.dajxyl.com
loghost=$2.log.dajxyl.com
dockername=$1
mirrorhost=$2.mirror.dajxyl.com
shophost=$2.s.dajxyl.com
docker inspect $1 > /dev/null 2>&1
[ $? -ne 0 ] && echo "container $1 is not exist" && exit 1
uaddress=`docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $dockername`
[ ! -d /home/wwwlogs/$dockername ] && mkdir /home/wwwlogs/$dockername -p
cp ./module.conf ../$hostprefix.conf
for i in wwwhost adminhost staffhost apihost mhost uaddress dockername shophost mirrorhost workermanhost loghost
do
sed -i "s#$i#${!i}#g" ../$hostprefix.conf
done
$nginxsbin -t && $nginxsbin -s reload
- 脚本依赖文件(文件内容如下,文件名必须为module.conf)
#access_log /home/wwwlogs/dockername/all-access.log;
#error_log /home/wwwlogs/dockername/all-error.log;
# log
server {
charset utf-8;
client_max_body_size 128M;
listen 80;
server_name loghost;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:106;
}
}
#log_format main 'IP:$remote_addr || time:$time_local || request_time:$request_time || ur_time:$upstream_response_time || request:"$request" || status:$status || bytes_sent:$body_bytes_sent || UA:"$http_user_agent" || forward: "$http_x_forwarded_for"';
# api
server{
listen 80;
if ($scheme = http){
return 301 https://$host$request_uri;
}
listen 443 ssl;
server_name apihost;
ssl_trusted_certificate /etc/letsencrypt/live/apihost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/apihost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/apihost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:100;
}
}
# cms
server {
listen 443 ssl;
server_name adminhost;
listen 80;
if ($scheme = http){
rewrite 301 https://$host$request_uri;
}
ssl_trusted_certificate /etc/letsencrypt/live/adminhost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/adminhost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adminhost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:102;
}
}
# staffapi
server {
listen 443 ssl;
server_name staffhost;
listen 80;
if ($scheme = http){
return 301 https://$host$request_uri;
}
ssl_trusted_certificate /etc/letsencrypt/live/staffhost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/staffhost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staffhost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:101;
}
}
# www
server {
listen 443 ssl;
server_name wwwhost;
listen 80;
if ($scheme = http){
return 301 https://$host$request_uri;
}
ssl_trusted_certificate /etc/letsencrypt/live/wwwhost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/wwwhost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wwwhost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:103;
}
}
# m
server {
listen 443 ssl;
listen 80;
if ($scheme = http){
return 301 https://$host$request_uri;
}
server_name mhost;
ssl_trusted_certificate /etc/letsencrypt/live/mhost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/mhost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mhost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:104;
}
}
# mirror
server {
#listen 443 ssl;
listen 80;
#if ($scheme = http){
# return 301 https://$host$request_uri;
#}
server_name mirrorhost;
#ssl_trusted_certificate /etc/letsencrypt/live/mirrorhost/fullchain.pem;
#ssl_certificate /etc/letsencrypt/live/mirrorhost/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/mirrorhost/privkey.pem;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.8.8 8.8.4.4 valid=600s;
#resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:105;
}
}
# shop
server {
listen 443 ssl;
listen 80;
if ($scheme = http){
return 301 https://$host$request_uri;
}
server_name shophost;
ssl_trusted_certificate /etc/letsencrypt/live/shophost/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/shophost/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shophost/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 6s;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:106;
}
}
# workerman
server {
listen 80;
server_name workermanhost;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://uaddress:8282;
}
}
脚本使用范例
bash auto_nginxconf.sh t1 t1
# 第一个t1是要代理的docker名称
# 第二个t1是域名的前缀