docker-library
/
docs
mirror of https://github.com/docker-library/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/nginx/content.md

189 lines
6.8 KiB
Markdown
Raw Blame History

# What is nginx?
Nginx (pronounced "engine-x") is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). The nginx project started with a strong focus on high concurrency, high performance and low memory usage. It is licensed under the 2-clause BSD-like license and it runs on Linux, BSD variants, Mac OS X, Solaris, AIX, HP-UX, as well as on other *nix flavors. It also has a proof of concept port for Microsoft Windows.
> [wikipedia.org/wiki/Nginx](https://en.wikipedia.org/wiki/Nginx)
%%LOGO%%
# How to use this image
## Hosting some simple static content
```console
$ docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d %%IMAGE%%
```
Alternatively, a simple `Dockerfile` can be used to generate a new image that includes the necessary content (which is a much cleaner solution than the bind mount above):
```dockerfile
FROM %%IMAGE%%
COPY static-html-directory /usr/share/nginx/html
```
Place this file in the same directory as your directory of content ("static-html-directory"), then run these commands to build and start your container:
```console
$ docker build -t some-content-nginx .
$ docker run --name some-nginx -d some-content-nginx
```
## Exposing external port
```console
$ docker run --name some-nginx -d -p 8080:80 some-content-nginx
```
Then you can hit `http://localhost:8080` or `http://host-ip:8080` in your browser.
## Customize configuration
You can mount your configuration file, or build a new image with it.
If you wish to adapt the default configuration, use something like the following to get it from a running nginx container:
```console
$ docker run --rm --entrypoint=cat %%IMAGE%% /etc/nginx/nginx.conf > /host/path/nginx.conf
```
And then edit `/host/path/nginx.conf` in your host file system.
For information on the syntax of the nginx configuration files, see [the official documentation](http://nginx.org/en/docs/) (specifically the [Beginner's Guide](http://nginx.org/en/docs/beginners_guide.html#conf_structure)).
### Mount your configuration file
```console
$ docker run --name my-custom-nginx-container -v /host/path/nginx.conf:/etc/nginx/nginx.conf:ro -d %%IMAGE%%
```
### Build a new image with your configuration file
```dockerfile
FROM %%IMAGE%%
COPY nginx.conf /etc/nginx/nginx.conf
```
If you add a custom `CMD` in the Dockerfile, be sure to include `-g daemon off;` in the `CMD` in order for nginx to stay in the foreground, so that Docker can track the process properly (otherwise your container will stop immediately after starting)!
Then build the image with `docker build -t custom-nginx .` and run it as follows:
```console
$ docker run --name my-custom-nginx-container -d custom-nginx
```
### Using environment variables in %%IMAGE%% configuration (new in 1.19)
Out-of-the-box, %%IMAGE%% doesn't support environment variables inside most configuration blocks. But this image has a function, which will extract environment variables before %%IMAGE%% starts.
Here is an example using `compose.yaml`:
```yaml
web:
image: %%IMAGE%%
volumes:
- ./templates:/etc/nginx/templates
ports:
- "8080:80"
environment:
- NGINX_HOST=foobar.com
- NGINX_PORT=80
```
By default, this function reads template files in `/etc/nginx/templates/*.template` and outputs the result of executing `envsubst` to `/etc/nginx/conf.d`.
So if you place `templates/default.conf.template` file, which contains variable references like this:
listen ${NGINX_PORT};
outputs to `/etc/nginx/conf.d/default.conf` like this:
listen 80;
This behavior can be changed via the following environment variables:
- `NGINX_ENVSUBST_TEMPLATE_DIR`
- A directory which contains template files (default: `/etc/nginx/templates`)
- When this directory doesn't exist, this function will do nothing about template processing.
- `NGINX_ENVSUBST_TEMPLATE_SUFFIX`
- A suffix of template files (default: `.template`)
- This function only processes the files whose name ends with this suffix.
- `NGINX_ENVSUBST_OUTPUT_DIR`
- A directory where the result of executing envsubst is output (default: `/etc/nginx/conf.d`)
- The output filename is the template filename with the suffix removed.
- ex.) `/etc/nginx/templates/default.conf.template` will be output with the filename `/etc/nginx/conf.d/default.conf`.
- This directory must be writable by the user running a container.
## Running %%IMAGE%% in read-only mode
To run %%IMAGE%% in read-only mode, you will need to mount a Docker volume to every location where %%IMAGE%% writes information. The default %%IMAGE%% configuration requires write access to `/var/cache/nginx` and `/var/run`. This can be easily accomplished by running %%IMAGE%% as follows:
```console
$ docker run -d -p 80:80 --read-only -v $(pwd)/nginx-cache:/var/cache/nginx -v $(pwd)/nginx-pid:/var/run nginx
```
If you have a more advanced configuration that requires %%IMAGE%% to write to other locations, simply add more volume mounts to those locations.
## Running nginx in debug mode
Images since version 1.9.8 come with `nginx-debug` binary that produces verbose output when using higher log levels. It can be used with simple CMD substitution:
```console
$ docker run --name my-nginx -v /host/path/nginx.conf:/etc/nginx/nginx.conf:ro -d %%IMAGE%% nginx-debug -g 'daemon off;'
```
Similar configuration in `compose.yaml` may look like this:
```yaml
web:
image: %%IMAGE%%
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
command: [nginx-debug, '-g', 'daemon off;']
```
## Entrypoint quiet logs
Since version 1.19.0, a verbose entrypoint was added. It provides information on what's happening during container startup. You can silence this output by setting environment variable `NGINX_ENTRYPOINT_QUIET_LOGS`:
```console
$ docker run -d -e NGINX_ENTRYPOINT_QUIET_LOGS=1 %%IMAGE%%
```
## User and group id
Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
```console
$ id
uid=101(nginx) gid=101(nginx) groups=101(nginx)
```
## Running %%IMAGE%% as a non-root user
It is possible to run the image as a less privileged arbitrary UID/GID. This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
```console
$ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
```
where nginx.conf in the current directory should have the following directives re-defined:
```nginx
pid /tmp/nginx.pid;
```
And in the http context:
```nginx
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
...
}
```
Alternatively, check out the official [Docker NGINX unprivileged image](https://hub.docker.com/r/nginxinc/nginx-unprivileged).
Reference in New Issue View Git Blame Copy Permalink