auto_nginxconf

脚本所在服务器地址

121.196.47.141 路径：/usr/local/nginx/conf/vhost/module/auto_cert.sh

脚本内容

通过脚本生成代理docker部署的api、staffapi、m、wm等项目nginx配置

hostprefix=$2
mhost=$2.m.dajxyl.com
apihost=$2.api.dajxyl.com
staffhost=$2.staffapi.dajxyl.com
adminhost=$2.admin.dajxyl.com
wwwhost=$2.www.dajxyl.com
shophost=$2.s.dajxyl.com
workermanhost=$2.wm.dajxyl.com
loghost=$2.log.dajxyl.com
dockername=$1
mirrorhost=$2.mirror.dajxyl.com
shophost=$2.s.dajxyl.com
docker inspect $1 > /dev/null 2>&1
[ $? -ne 0 ] && echo "container $1 is not exist"  && exit 1
uaddress=`docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $dockername`
[ ! -d /home/wwwlogs/$dockername ] &&  mkdir /home/wwwlogs/$dockername -p
cp ./module.conf ../$hostprefix.conf
for i in wwwhost adminhost staffhost apihost mhost uaddress dockername shophost mirrorhost workermanhost loghost
do
sed -i "s#$i#${!i}#g" ../$hostprefix.conf
done
$nginxsbin -t && $nginxsbin -s reload

脚本依赖文件(文件内容如下，文件名必须为module.conf)

#access_log /home/wwwlogs/dockername/all-access.log;
#error_log /home/wwwlogs/dockername/all-error.log;
# log
server {
    charset utf-8;
    client_max_body_size 128M;
    listen 80;
    server_name loghost;
    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://uaddress:106;
    }
}
#log_format  main  'IP:$remote_addr || time:$time_local || request_time:$request_time || ur_time:$upstream_response_time || request:"$request" || status:$status || bytes_sent:$body_bytes_sent || UA:"$http_user_agent" || forward: "$http_x_forwarded_for"';
# api
server{
    listen 80;
    if ($scheme = http){
	return 301 https://$host$request_uri;
    }
    listen 443 ssl;
    server_name apihost;
    ssl_trusted_certificate     /etc/letsencrypt/live/apihost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/apihost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/apihost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;

    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://uaddress:100;
    }
}
# cms
server {
    listen 443 ssl;
    server_name adminhost;
    listen 80;
    if ($scheme = http){
        rewrite 301 https://$host$request_uri;
    }
    ssl_trusted_certificate     /etc/letsencrypt/live/adminhost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/adminhost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/adminhost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;

    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://uaddress:102;
    }
}
# staffapi
server {
    listen 443 ssl;
    server_name staffhost;

    listen 80;
    if ($scheme = http){
        return 301 https://$host$request_uri;
    }
    ssl_trusted_certificate     /etc/letsencrypt/live/staffhost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/staffhost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/staffhost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;

    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
         proxy_pass http://uaddress:101;
    }
}

# www
server {
    listen 443 ssl;
    server_name wwwhost;

    listen 80;
    if ($scheme = http){
        return 301 https://$host$request_uri;
    }
    ssl_trusted_certificate     /etc/letsencrypt/live/wwwhost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/wwwhost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/wwwhost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;

    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://uaddress:103;
    }
}
# m
server {
    listen 443 ssl;
    listen 80;
    if ($scheme = http){
        return 301 https://$host$request_uri;
    }
    server_name mhost;
    ssl_trusted_certificate     /etc/letsencrypt/live/mhost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/mhost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mhost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;
    location / {
	proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
	proxy_pass http://uaddress:104;
    }
}
# mirror
server {
    #listen 443 ssl;
    listen 80;
    #if ($scheme = http){
    #    return 301 https://$host$request_uri;
    #}
    server_name mirrorhost;
    #ssl_trusted_certificate     /etc/letsencrypt/live/mirrorhost/fullchain.pem;
    #ssl_certificate             /etc/letsencrypt/live/mirrorhost/fullchain.pem;
    #ssl_certificate_key         /etc/letsencrypt/live/mirrorhost/privkey.pem;
    #ssl_session_timeout 5m;
    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_prefer_server_ciphers on;

    #ssl_stapling on;
    #ssl_stapling_verify on;

    #resolver 8.8.8.8 8.8.4.4 valid=600s;
    #resolver_timeout 6s;
    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://uaddress:105;
    }
}
# shop
server {
    listen 443 ssl;
    listen 80;
    if ($scheme = http){
        return 301 https://$host$request_uri;
    }
    server_name shophost;
    ssl_trusted_certificate     /etc/letsencrypt/live/shophost/fullchain.pem;
    ssl_certificate             /etc/letsencrypt/live/shophost/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/shophost/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=600s;
    resolver_timeout 6s;
    location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://uaddress:106;
    }
}
# workerman
server {
    listen 80;
    server_name workermanhost;
        location / {
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://uaddress:8282;
    }
}

脚本使用范例

bash auto_nginxconf.sh t1 t1
# 第一个t1是要代理的docker名称
# 第二个t1是域名的前缀