1、
mkdir -p /www/log
mkdir -p /www/html

curl http://mirrors.aliyun.com/repo/Centos-7.repo>repo

http://mirrors.163.com/.help/CentOS7-Base-163.repo

2、vi Dockerfile
FROM centos:7
MAINTAINER huangat
USER root
RUN rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
RUN mv /etc/localtime /etc/localtime.bak&&cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN yum -y update&&yum -y install nginx passwd openssl openssh-server openssh-clients cronie crontabs
RUN sed -i '/session required pam_loginuid.so/c#session required pam_loginuid.so' /etc/pam.d/crond
RUN mkdir -p /var/run/sshd/

RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_ed25519_key
RUN echo "123456" | passwd --stdin root
ADD run.sh /run.sh
ADD nginx_log_cut.sh /nginx_log_cut.sh
ADD nginx.conf /etc/nginx/nginx.conf
RUN chmod 755 /run.sh && chmod 755 /nginx_log_cut.sh
RUN echo "55 23 * * * /bin/sh /nginx_log_cut.sh">>/var/spool/cron/root
EXPOSE 22
EXPOSE 80
EXPOSE 443
CMD ["/run.sh"]

3、vi run.sh

!/bin/bash

/usr/sbin/nginx -c /etc/nginx/nginx.conf
/usr/sbin/crond
/usr/sbin/sshd -D

4、vi nginx.conf

user www www;

worker_processes 4;

worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000;

error_log /www/log/nginx_error.log crit;
pid /www/nginx.pid;
worker_rlimit_nofile 204800;
events
{
use epoll;
worker_connections 204800;
}
http
{
include mime.types;
default_type application/octet-stream;
charset utf-8;
keepalive_timeout 60;
sendfile on;

log_format main '[remote_user] [request" '
'body_bytes_sent "http_user_agent" "$http_x_forwarded_for"';
access_log /www/log/access.log main;

server_names_hash_bucket_size 128;
client_header_buffer_size 2k;
large_client_header_buffers 4 4k;
client_max_body_size 8m;

open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;

tcp_nopush on;
tcp_nodelay on;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;

upstream backend {

ip_hash;

server backend1.example.com weight=5 max_fails=3 fail_timeout=30 max_conns=800;

server backend2.example.com:8080;

server backup1.example.com:8080 backup;

}

server
{
listen 80;
server_name 127.0.0.1;
index index.php index.htm;
root /www/html/;
location / {

proxy_pass http://backend;

proxy_redirect off;

后端的Web服務(wù)器可以通過X-Forwarded-For獲取用戶真實(shí)IP

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

client_max_body_size 10m; #允許客戶端請(qǐng)求的最大單文件字節(jié)數(shù)

client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請(qǐng)求的最大字節(jié)數(shù)

proxy_connect_timeout 300; #nginx跟后端服務(wù)器連接超時(shí)時(shí)間(代理連接超時(shí))

proxy_send_timeout 300; #后端服務(wù)器數(shù)據(jù)回傳時(shí)間(代理發(fā)送超時(shí))

proxy_read_timeout 300; #連接成功后，后端服務(wù)器響應(yīng)時(shí)間(代理接收超時(shí))

proxy_buffer_size 4k; #設(shè)置代理服務(wù)器（nginx）保存用戶頭信息的緩沖區(qū)大小

proxy_buffers 4 32k; #proxy_buffers緩沖區(qū)，網(wǎng)頁(yè)平均在32k以下的話，這樣設(shè)置

proxy_busy_buffers_size 64k; #高負(fù)荷下緩沖大小（proxy_buffers*2）

proxy_temp_file_write_size 64k; #設(shè)定緩存文件夾大小，大于這個(gè)值，將從upstream服務(wù)器傳

}
location /status
{
stub_status on;
}
location ~ .*/.(gif|jpg|jpeg|png|bmp|swf|js|css)$
{
expires 30d;
}
}
}

5、vi nginx_log_cut.sh

!/bin/bash

year=date +%Y
month=date +%m
day=date +%d
logs_backup_path="/www/log/month" #日志存儲(chǔ)路徑

logs_path="/www/log/" #要切割的日志路徑
logs_access="access" #要切割的日志
logs_error="nginx_error"
pid_path="/www/nginx.pid" #nginx的pid

[ -d logs_backup_path
rq=date +%Y%m%d
mv {logs_access}.log {logs_access}_${rq}.log

mv {logs_error}.log {logs_error}_${rq}.log

kill -USR1 $(cat /www/nginx.pid)

5、
docker build -t nginxsshdcron .

6、
docker run -p 8801:80 -p 8843:443 --name nginx01
-v /www:/www
-v /www/log:/www/log
-v /www/html:/www/html
-itd nginxsshdcron

firewall-cmd --add-port=8801/tcp --permanent

firewall-cmd --reload