├── Dockerfile ├── LICENSE ├── README.md └── config ├── nginx-start.sh └── nginx.conf /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7 2 | 3 | MAINTAINER "Dylan Lindgren" 4 | 5 | WORKDIR /tmp 6 | 7 | # Install prerequisites for Nginx compile 8 | RUN yum install -y \ 9 | wget \ 10 | tar \ 11 | openssl-devel \ 12 | gcc \ 13 | gcc-c++ \ 14 | make \ 15 | zlib-devel \ 16 | pcre-devel \ 17 | gd-devel \ 18 | krb5-devel \ 19 | git 20 | 21 | # Download Nginx and Nginx modules source 22 | RUN wget http://nginx.org/download/nginx-1.6.1.tar.gz -O nginx.tar.gz && \ 23 | mkdir /tmp/nginx && \ 24 | tar -xzvf nginx.tar.gz -C /tmp/nginx --strip-components=1 &&\ 25 | git clone https://github.com/stnoonan/spnego-http-auth-nginx-module.git nginx/spnego-http-auth-nginx-module 26 | 27 | # Build Nginx 28 | WORKDIR /tmp/nginx 29 | RUN ./configure \ 30 | --user=nginx \ 31 | --with-debug \ 32 | --group=nginx \ 33 | --prefix=/usr/share/nginx \ 34 | --sbin-path=/usr/sbin/nginx \ 35 | --conf-path=/etc/nginx/nginx.conf \ 36 | --pid-path=/run/nginx.pid \ 37 | --lock-path=/run/lock/subsys/nginx \ 38 | --error-log-path=/var/log/nginx/error.log \ 39 | --http-log-path=/var/log/nginx/access.log \ 40 | --with-http_gzip_static_module \ 41 | --with-http_stub_status_module \ 42 | --with-http_ssl_module \ 43 | --with-http_spdy_module \ 44 | --with-pcre \ 45 | --with-http_image_filter_module \ 46 | --with-file-aio \ 47 | --with-ipv6 \ 48 | --with-http_dav_module \ 49 | --with-http_flv_module \ 50 | --with-http_mp4_module \ 51 | --with-http_gunzip_module \ 52 | --add-module=spnego-http-auth-nginx-module && \ 53 | make && \ 54 | make install 55 | 56 | 57 | # Cleanup after Nginx build 58 | RUN yum remove -y \ 59 | wget \ 60 | tar \ 61 | gcc \ 62 | gcc-c++ \ 63 | make \ 64 | git && \ 65 | yum autoremove -y && \ 66 | rm -rf /tmp/* 67 | 68 | # Configure filesystem to support running Nginx 69 | RUN adduser -c "Nginx user" nginx && \ 70 | setcap cap_net_bind_service=ep /usr/sbin/nginx 71 | 72 | # Apply Nginx configuration 73 | ADD config/nginx.conf /etc/nginx/nginx.conf 74 | 75 | # This script gets the linked PHP-FPM container's IP and puts it into 76 | # the upstream definition in the /etc/nginx/nginx.conf file, after which 77 | # it launches Nginx. 78 | ADD config/nginx-start.sh /opt/bin/nginx-start.sh 79 | RUN chmod u=rwx /opt/bin/nginx-start.sh && \ 80 | chown nginx:nginx /opt/bin/nginx-start.sh /etc/nginx /etc/nginx/nginx.conf /var/log/nginx /usr/share/nginx 81 | 82 | # DATA VOLUMES 83 | RUN mkdir -p /data/nginx/www/ 84 | RUN mkdir -p /data/nginx/config/ 85 | VOLUME ["/data/nginx/www"] 86 | VOLUME ["/data/nginx/config"] 87 | 88 | # PORTS 89 | EXPOSE 80 90 | EXPOSE 443 91 | 92 | USER nginx 93 | ENTRYPOINT ["/opt/bin/nginx-start.sh"] 94 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Dylan Lindgren 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Docker & Nginx](https://cloud.githubusercontent.com/assets/6241518/4104908/424e46f8-319b-11e4-9a2e-49a8cc49951c.jpg) 2 | 3 | **docker-nginx** is a CentOS-based docker container for [Nginx](http://nginx.org). It is intended for use with [dylanlindgren/docker-phpfpm](https://github.com/dylanlindgren/docker-phpfpm). 4 | 5 | Nginx 1.6.1 is compiled from source with the below modules enabled: 6 | - http_gzip_static_module 7 | - http_stub_status_module 8 | - http_ssl_module - for HTTPS support 9 | - http_spdy_module 10 | - pcre 11 | - http_image_filter_module 12 | - file-aio 13 | - ipv6 14 | - http_dav_module 15 | - http_flv_module 16 | - http_mp4_module 17 | - http_gunzip_module 18 | - [spnego-http-auth-nginx-module](https://github.com/stnoonan/spnego-http-auth-nginx-module) - for Kerberos authentication 19 | 20 | ## Getting the image 21 | This image is published in the [Docker Hub](https://registry.hub.docker.com/u/dylanlindgren/docker-nginx/). Simply run the below command to get it on your machine: 22 | 23 | ```bash 24 | docker pull dylanlindgren/docker-nginx 25 | ``` 26 | Alternatively you can clone this repository and build the image using the `docker build` command. 27 | ## Nginx site config and www data 28 | All site and log data is configured to be located in a Docker volume so that it is persistent and can be shared by other containers (such as [PHP-FPM](https://github.com/dylanlindgren/docker-phpfpm), or a backup container). 29 | 30 | There are two volumes defined in this image: 31 | 32 | - `/data/nginx/www` 33 | - `/data/nginx/config` 34 | 35 | Within these folders this image expects the below directory structure: 36 | ``` 37 | /data 38 | └────nginx 39 | ├─── www 40 | | ├─── website1_files 41 | | | └ ... 42 | | └─── website2_files 43 | | └ ... 44 | └─── config 45 | ├─── logs 46 | | └ ... 47 | └─── sites 48 | ├─── available 49 | | | website1 50 | | | website2 51 | | └ ... 52 | └─── enabled 53 | | website1_symlink 54 | └ ... 55 | ``` 56 | [PHP-FPM](https://github.com/dylanlindgren/docker-phpfpm) requires access to the `www` directory in the same location as Nginx has it, so instead of mounting `/data/nginx/www` in this container, we will mount it in the PHP-FPM container and use the `--volumes-from` switch (as due to the `--link` command the PHP-FPM container needs to be run first anyway). 57 | 58 | The `available` and `enabled` directories under `/data/nginx/config/sites` both operate in the same fashion as the regular `sites-available` and `sites-enabled` directories in Nginx - that is, put your website config files all in the `available` directory and create symlinks to these files in the `enabled` directory with the below command (after `cd`ing into the `enabled` directory). 59 | ```bash 60 | ln -s ../available/website1 website1 61 | ``` 62 | 63 | Each of the files under the `/data/nginx/config/sites/available` directory should contain a definition for a Nginx server. For example: 64 | ``` 65 | server { 66 | listen 80; 67 | server_name www.website1.com; 68 | root /data/www/website1_files/public; 69 | 70 | location ~* \.(html|jpg|jpeg|gif|png|css|js|ico|xml)$ { 71 | access_log off; 72 | log_not_found off; 73 | expires 360d; 74 | } 75 | 76 | location ~* \.php$ { 77 | include fastcgi.conf; 78 | fastcgi_pass phpfpm_backend; 79 | } 80 | } 81 | ``` 82 | 83 | ## Creating and running the container 84 | **NOTE:** a container based on [dylanlindgren/docker-phpfpm](https://github.com/dylanlindgren/docker-phpfpm) must be created before running the below steps. In the below commands, this container is referred to as `phpfpm`. 85 | 86 | To create and run the container: 87 | ```bash 88 | docker run --privileged=true -p 80:80 -p 443:443 --name nginx -v /data/nginx/config:/data/nginx/config:rw --volumes-from phpfpm --link phpfpm:fpm -d dylanlindgren/docker-nginx 89 | ``` 90 | - the first `-p` maps the container's port 80 to port 80 on the host, the second maps the container's 443 to the hosts 443. 91 | - `--name` sets the name of the container (useful when starting/stopping). 92 | - `-v` maps the `/data/nginx/config` folder as read/write (rw). 93 | - `--volumes-from` gets volumes from the `phpfpm` container (it should have `/data/nginx/www` mapped) 94 | - `--link` allows this container and the `phpfpm` container to talk to each other over IP. 95 | - `-d` runs the container as a daemon 96 | 97 | To stop the container: 98 | ```bash 99 | docker stop nginx 100 | ``` 101 | 102 | To start the container again: 103 | ```bash 104 | docker start nginx 105 | ``` 106 | ### Running as a Systemd service 107 | To run this container as a service on a [Systemd](http://www.freedesktop.org/wiki/Software/systemd/) based distro (e.g. CentOS 7), create a unit file under `/etc/systemd/system` called `nginx.service` with the below contents 108 | ```bash 109 | [Unit] 110 | Description=Nginx Docker container (dylanlindgren/docker-nginx) 111 | After=docker.service 112 | After=phpfpm.service 113 | Requires=docker.service 114 | Requires=phpfpm.service 115 | 116 | [Service] 117 | TimeoutStartSec=0 118 | ExecStartPre=-/usr/bin/docker stop nginx 119 | ExecStartPre=-/usr/bin/docker rm nginx 120 | ExecStartPre=-/usr/bin/docker pull dylanlindgren/docker-nginx 121 | ExecStart=/usr/bin/docker run --privileged=true -p 80:80 -p 443:443 --name nginx -v /data/nginx/config:/data/nginx/config:rw --volumes-from phpfpm --link phpfpm:fpm dylanlindgren/docker-nginx 122 | ExecStop=/usr/bin/docker stop nginx 123 | 124 | [Install] 125 | WantedBy=multi-user.target 126 | ``` 127 | Then you can start/stop/restart the container with the regular Systemd commands e.g. `systemctl start nginx.service`. 128 | 129 | To automatically start the container when you restart enable the unit file with the command `systemctl enable nginx.service`. 130 | 131 | Something to note is that this service is set to require `phpfpm.service` which is a service which runs the php-fpm container made with [dylanlindgren/docker-phpfpm](https://github.com/dylanlindgren/docker-phpfpm). 132 | 133 | ## Acknowledgements 134 | The below pages were very useful in the creation of both of these projects. 135 | 136 | - [enalean.com](http://www.enalean.com/en/Deploy-%20PHP-app-Docker-Nginx-FPM-CentOSSCL) 137 | - [stage1.io](http://stage1.io/blog/making-docker-containers-communicate/) 138 | - [coreos.com](https://coreos.com/docs/launching-containers/launching/getting-started-with-systemd/) 139 | - [spnego-http-auth-nginx-module](https://github.com/stnoonan/spnego-http-auth-nginx-module) 140 | - [Pitfalls - Nginx Community](http://wiki.nginx.org/Pitfalls) 141 | -------------------------------------------------------------------------------- /config/nginx-start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sed -i "s/%fpm-ip%/$FPM_PORT_9000_TCP_ADDR/" /etc/nginx/nginx.conf 4 | 5 | exec /usr/sbin/nginx 6 | -------------------------------------------------------------------------------- /config/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes 4; 2 | daemon off; 3 | 4 | error_log /data/nginx/config/logs/error.log warn; 5 | pid /tmp/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include mime.types; 13 | default_type application/octet-stream; 14 | 15 | upstream phpfpm_backend { 16 | server %fpm-ip%:9000; 17 | } 18 | 19 | keepalive_timeout 65; 20 | tcp_nodelay on; 21 | 22 | gzip_comp_level 2; 23 | gzip_proxied any; 24 | 25 | include /data/nginx/config/sites/enabled/*; 26 | } 27 | --------------------------------------------------------------------------------