一、项目介绍
1.项目简述
Nginx Proxy Manager是一款基于web页面管理nginx的工具,可以便于对nginx的反向代理、ssl证书进行快捷操作,对服务的代理、重定向、访问限制等功能有一个清晰简单的页面。
2.项目功能
基于Tabler的美观安全的管理界面;轻松创建转发域、重定向、流和404主机;自定义管理SSL证书;主机的访问列表和基本HTTP身份验证;高级Nginx配置可供超级用户使用;用户管理、权限和审核日志。
3.项目开源地址
https://nginxproxymanager.com/guide/#quick-setup二、项目搭建环境
1. 项目测试环境
A.项目搭建在腾讯云centos7.6,外网地址为43.138.153.157
Linux VM-8-12-centos 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
B.docker版本为26.01,docker-compose版本为v2.26.1
注意:本次实践部署环境为个人腾讯云的测试环境,若是生产环境请谨慎部署;对应开启了容器的端口,在linux下和防火墙下需开放对应端口。
2. 本次项目实施过程
使用docker下载镜像,创建好项目需要挂载的路径,通过docker-cli或者docker compose启动容器,启动容器后查看容器启动状态,查看容器的运行日志是否正常,以上全部正常执行后体验项目功能。
3.注意:docker下载镜像有可能遇到比较慢的情况,参考以下解决措施:
A.docker配置换源,进入/etc/docker的路径,如果没有就创建这个目录
cd /etc/docker/
mkdir -p /etc/docker
B.编辑配置文件
vim daemon.json ##可以清空里面的内容:%d 然后复制下面的源进去wq保存
{
"registry-mirrors":[
"https://286u3d9d.mirror.aliyuncs.com"
]
}
C.registry-mirrors:指定了一个镜像仓库的 URL https://286u3d9d.mirror.aliyuncs.com。 这个配置项用于设置 Docker镜像的镜像仓库地址,使得在拉取和推送 Docker 镜像时能够通过该镜像仓库进行加速。这边提供的是广东广州服务器的镜源,建议个人自己去阿里云建一个个人账号,根据实际所在区获取镜源。
D.重新加载源,重启docker服务
sudo systemctl daemon-reload
sudo systemctl restart docker三、项目搭建前巡检
1. 检查docker是否正常运行
systemctl status docker
or
service docker status
注:我个人测试环境是使用systemctl进行管理,若有使用service管理请使用第二条的命令进行查看。
[root@VM-8-12-centos ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-04-22 23:13:57 CST; 4 days ago
Docs: https://docs.docker.com
Main PID: 17092 (dockerd)
Tasks: 158
Memory: 142.3M
CGroup: /system.slice/docker.service
若显示docker的Active是active (running),即表明docker是正常运行的。
2.一般我会使用docker-compose去管理,所以预先需要创建好yaml文件,vim docker-compose.yml,格式如下例子:
version: '3.9'
services:
nginx:
image: nginx
logging:
options:
max-size: 1g
restart: always
volumes:
- '/var/run/docker.sock:/tmp/docker.sock:ro'
ports:
- '80:80'四、项目实施过程
1.根据开源项目,找到对应的镜像进行pull,若遇到很慢的情况,先检查是否网络问题以及是否已经换源。
docker pull jc21/nginx-proxy-manager:latest
[root@VM-8-12-centos ~]# docker pull jc21/nginx-proxy-manager:latest
latest: Pulling from jc21/nginx-proxy-manager
72a69066d2fe: Already exists
825188956e90: Pull complete
6916d26329a2: Pull complete
c38d769b409b: Pull complete
1f80df406181: Pull complete
0f08d5fe2388: Pull complete
8c6f29f06fbf: Pull complete
842e56434587: Pull complete
59b65e9e8c19: Pull complete
2fa90c56d9cd: Pull complete
c34ae494dda2: Pull complete
596a4287c95c: Pull complete
93fed03147ec: Pull complete
06e5cea7a2e8: Pull complete
ed7b32089832: Pull complete
3645a0fd7712: Pull complete
3fc06797edcf: Pull complete
21b8ccd554d9: Pull complete
f1e42dc354f3: Pull complete
d2d267cd8da3: Pull complete
cdb75b136b21: Pull complete
9274cd10b66f: Pull complete
ea2bd62b2698: Pull complete
b205e981c16a: Pull complete
0dafef540f92: Pull complete
8cc9fc813fd3: Pull complete
Digest: sha256:e6d13908c87d150efc1566a9ed1570661f1c3e09362b26bfe7d7608a831e4591
Status: Downloaded newer image for jc21/nginx-proxy-manager:latest
docker.io/jc21/nginx-proxy-manager:latest
2.若已经下载完成显示新的一行,可以输入命令查看是否上一条命令执行成功
echo$?
若返回0,则成功;返回其他则根据实际情况重新下载或者查找原因。
3.docker下载完后,可以查看对应的镜像是否下载成功
docker images |grep jc21/nginx-proxy-manager
[root@VM-8-12-centos nginx-manager]# docker images |grep jc21/nginx-proxy-manager
jc21/nginx-proxy-manager latest 1d0ce4696d69 2 years ago 868MB
4.下载成功后,先创建文件夹存放data以及yml文件,然后编辑docker-compose.yml文件
mkdir -p /opt/nginx-manager
cd /opt/nginx-manager
vim docker-compose.yml
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
编辑后输入wq进行保存
5.为了便捷启动,也可以使用docker-cli启动
mkdir -p /opt/nginx-manager
cd /opt/nginx-manager
docker run --name app -d -p 80:80 -p 81:81 -p 443:443 -v ./data:/data -v ./letsencrypt:/etc/letsencrypt jc21/nginx-proxy-manager:latest
6.启动docker-compose
docker compose up -d
7.启动容器后,查看容器的状态是否正常
docker compose ps
[root@VM-8-12-centos nginx-manager]# docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
nginx-manager-app-1 jc21/nginx-proxy-manager:latest "/init" app 19 minutes ago Up 19 minutes 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
8.启动容器后,查看容器的日志是否正常
docker logs -f nginx-manager-app-1
[root@VM-8-12-centos nginx-manager]# docker logs -f nginx-manager-app-1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01_perms.sh: executing...
Changing ownership of /data/logs to 0:0
[cont-init.d] 01_perms.sh: exited 0.
[cont-init.d] 01_s6-secret-init.sh: executing...
[cont-init.d] 01_s6-secret-init.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Generating dummy SSL certificate...
Generating a RSA private key
..................+++++
......+++++
writing new private key to '/data/nginx/dummykey.pem'
-----
Complete
❯ Enabling IPV6 in hosts: /etc/nginx/conf.d
❯ /etc/nginx/conf.d/production.conf
❯ /etc/nginx/conf.d/default.conf
❯ /etc/nginx/conf.d/include/ip_ranges.conf
❯ /etc/nginx/conf.d/include/force-ssl.conf
❯ /etc/nginx/conf.d/include/proxy.conf
❯ /etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
❯ /etc/nginx/conf.d/include/assets.conf
❯ /etc/nginx/conf.d/include/block-exploits.conf
❯ /etc/nginx/conf.d/include/ssl-ciphers.conf
❯ /etc/nginx/conf.d/include/resolvers.conf
❯ Enabling IPV6 in hosts: /data/nginx
[5/21/2024] [8:28:02 AM] [Global ] › ℹ info No valid environment variables for database provided, using default SQLite file '/data/database.sqlite'
[5/21/2024] [8:28:02 AM] [Global ] › ℹ info Generating SQLite knex configuration
[5/21/2024] [8:28:02 AM] [Global ] › ⬤ debug Wrote db configuration to config file: ./config/production.json
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info Current database version: none
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] Migrating Up...
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] auth Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] user Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] user_permission Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] proxy_host Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] redirection_host Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] dead_host Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] stream Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] access_list Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] certificate Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] access_list_auth Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [initial-schema] audit_log Table created
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [websockets] Migrating Up...
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [websockets] proxy_host Table altered
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [forward_host] Migrating Up...
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [forward_host] proxy_host Table altered
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [http2_support] Migrating Up...
[5/21/2024] [8:28:02 AM] [Migrate ] › ℹ info [http2_support] proxy_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [http2_support] redirection_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [http2_support] dead_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [forward_scheme] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [forward_scheme] proxy_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [disabled] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [disabled] proxy_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [disabled] redirection_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [disabled] dead_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [disabled] stream Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [custom_locations] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [custom_locations] proxy_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [hsts] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [hsts] proxy_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [hsts] redirection_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [hsts] dead_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [settings] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [settings] setting Table created
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [access_list_client] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [access_list_client] access_list_client Table created
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [access_list_client] access_list Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [access_list_client_fix] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [access_list_client_fix] access_list Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [pass_auth] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [pass_auth] access_list Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [redirection_scheme] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [redirection_scheme] redirection_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [redirection_status_code] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [redirection_status_code] redirection_host Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [stream_domain] Migrating Up...
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [stream_domain] stream Table altered
[5/21/2024] [8:28:03 AM] [Migrate ] › ℹ info [stream_domain] Migrating Up...
[5/21/2024] [8:28:03 AM] [Setup ] › ℹ info Creating a new JWT key pair...
[5/21/2024] [8:28:05 AM] [Setup ] › ℹ info Wrote JWT key pair to config file: /app/config/production.json
[5/21/2024] [8:28:05 AM] [Setup ] › ℹ info Creating a new user: admin@example.com with password: changeme
[5/21/2024] [8:28:06 AM] [Setup ] › ℹ info Initial admin setup completed
[5/21/2024] [8:28:06 AM] [Setup ] › ℹ info Default settings added
[5/21/2024] [8:28:06 AM] [Setup ] › ℹ info Logrotate Timer initialized
[5/21/2024] [8:28:06 AM] [Setup ] › ℹ info Logrotate completed.
[5/21/2024] [8:28:06 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[5/21/2024] [8:28:06 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[5/21/2024] [8:28:08 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[5/21/2024] [8:28:08 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[5/21/2024] [8:28:09 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[5/21/2024] [8:28:09 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[5/21/2024] [8:28:09 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[5/21/2024] [8:28:09 AM] [Global ] › ℹ info Backend PID 242 listening on port 3000 ...
[5/21/2024] [8:28:09 AM] [Nginx ] › ℹ info Reloading Nginx
[5/21/2024] [8:28:09 AM] [SSL ] › ℹ info Renew Complete
`QueryBuilder#allowEager` method is deprecated. You should use `allowGraph` instead. `allowEager` method will be removed in 3.0
`QueryBuilder#eager` method is deprecated. You should use the `withGraphFetched` method instead. `eager` method will be removed in 3.0
QueryBuilder#omit is deprecated. This method will be removed in version 3.0
Model#$omit is deprected and will be removed in 3.0.五、项目体验
注:云服务器记得放开防火墙!
访问地址https://43.138.153.157:81/,欢迎点击玩一下!账号test@example.com,密码111111111
ps:内网穿透搭建好了,minipc可以撑一段时间,这些测试的服务应该会保留一段时间...如果有需要体验的但是服务已经被我down了的,可以在微信公众号《零氪的云原生》私我开启!
