服务器配置要求:
最低配置:8核16GB,带宽建议动态带宽按量收费。峰值设置50M。
OSS:阿里云,腾讯云 二选一
商城后端服务启动顺序:
mall-gateway.jar
mall-auth.jar
mall-account.jar
mall-admin.jar
mall-shop.jar
mall-sns.jar
mall-pay.jar
mall-im.jar
mall-cms.jar
mall-search.jar端口开放:
| 服务名称 | 版本 | 开放端口 |
|---|---|---|
| mall-gateway.jar | 服务端口:8201 对内网开放即可 | |
| mall-auth.jar | 服务端口:8401 对内网开放即可 | |
| mall-account.jar | 服务端口:8088 对内网开放即可 | |
| mall-admin.jar | 服务端口:8080 对内网开放即可 | |
| mall-shop.jar | 服务端口:8089 对内网开放即可 | |
| mall-sns.jar | 服务端口:8085 对内网开放即可 | |
| mall-pay.jar | 服务端口:8086 对内网开放即可 | |
| mall-edu.jar | 服务端口:8082 对内网开放即可 | |
| mall-im.jar | 服务端口:8099 对内网开放即可 | |
| mall-cms.jar | 服务端口:8087 对内网开放即可 | |
| mall-search.jar | 服务端口:8081 对内网开放即可 | |
| nacos | 3.1.0 | 服务端口:8848 对内网开放即可 |
| Seata | 2.5.0 | 服务端口:8091 对内网开放即可 |
| Nginx | 最新 | 服务端口:80,443 对内网及公网开放 |
| MySQL | 5.6.51 或者8.0 | 服务端口:3306 对内网开放即可 解决问题时需临时对外开放 |
| Redis | 最新 | 服务端口:6379 对内网开放即可 |
| elasticsearch | 8.11.3 | 服务端口:9200, 9300 对内网开放即可 |
| Kibana | 8.11.3 | 服务端口:5601 对内网开放即可 |
| Logstash | 8.11.3 | 服务端口:5044,9600 对内网开放即可 |
| RabbitMQ | 3.7.4 | 服务端口:5672 15672 对内网开放即可 |
| Sentinel | 最新 | 服务端口:8858 对内网开放即可 |
| Portainer | 服务端口:9000 对内网及公网开放 |
可视化管理工具
Portainer 是一款轻量级的应用,它提供了图形化界面,用于方便的管理Docker环境,包括单机环境和集群环境,下面我们将用Portainer来管理Docker容器中的应用。
获取Docker镜像文件:
docker pull portainer/portainer使用docker容器运行Portainer:
docker run -p 9000:9000 -p 8000:8000 --name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/localtime:/etc/localtime \
-v /data/portainer/data:/data \
-d portainer/portainer查看Portainer的DashBoard信息,访问地址:http://192.168.3.101:9000
MySQL安装
建议使用MySQL 8.0
不建议Docker方式部署,请使用云数据库(阿里云RDS MySQL、腾讯云TencentDB for MySQL、华为云RDS for MySQL)
Redis 安装
1.拉取镜像:
docker pull docker.1ms.run/bitnami/redis:latest2.创建 Redis 相关目录:
mkdir -p /data/redis
mkdir -p /data/redis/conf
mkdir -p /data/redis/data3.临时启动 Redis 容器:
docker run -d \
--name redis \
-p 6379:6379 \
-e REDIS_PASSWORD=11111111 \
docker.1ms.run/bitnami/redis:latest4.拷贝文件:
docker cp redis:/opt/bitnami/redis/etc/redis.conf /data/redis/conf/5.授权文件夹:
chmod -R 777 /data/redis/conf/redis.conf /data/redis/data6.删除临时容器:
docker stop redis
docker rm redis7.创建容器:
docker run --name redis \
-p 6379:6379 --restart=always \
--network host \
-v /etc/localtime:/etc/localtime \
-v /etc/timezone:/etc/timezone \
-v /data/redis/log/redis.log:/etc/redis.log \
-v /data/redis/conf/redis.conf:/opt/bitnami/redis/etc/redis.conf \
-v /data/redis/data:/opt/bitnami/redis/data \
-e REDIS_PASSWORD=YourStrongPassword123 \
-d docker.1ms.run/bitnami/redis:latestNacos 安装
安装nacos指定版本:nacos-server-3.1.0
1.拉取镜像:
docker pull docker.1ms.run/nacos/nacos-server:v3.1.02.临时启动拷贝配置文件使用自定义配置文件:
docker run -p 8848:8848 --name nacos3 -e NACOS_AUTH_ENABLE=true -e NACOS_AUTH_TOKEN=$(openssl rand -base64 32) -e NACOS_AUTH_IDENTITY_KEY="MyServerIdentity" -e NACOS_AUTH_IDENTITY_VALUE="MySecurityValue" -e JAVA_OPTS="-Xms512m -Xmx1024m -Xmn256m" -d docker.1ms.run/nacos/nacos-server:v3.1.0
3.拷贝配置文件:
docker cp nacos3:/home/nacos /data/nacosv3.1.04.启动镜像:
MyServerIdentity和MySecurityValue换成你自己想设置的参数值。
docker run --name nacos3 \
-e MODE=standalone \
-p 8848:8848 \
-p 8850:8080 \
-v /etc/localtime:/etc/localtime \
-v /etc/timezone:/etc/timezone \
-e NACOS_AUTH_ENABLE=true \
-e NACOS_AUTH_TOKEN=$(openssl rand -base64 32) \
-e NACOS_AUTH_IDENTITY_KEY="MyServerIdentity" \
-e NACOS_AUTH_IDENTITY_VALUE="MySecurityValue" \
-e JAVA_OPTS="-Xms512m -Xmx1024m -Xmn256m" \
-v /data/nacosv3.1.0/logs:/home/nacos/logs \
-v /data/nacosv3.1.0/conf:/home/nacos/conf \
-v /data/nacosv3.1.0/data:/home/nacos/data \
--restart always \
-d docker.1ms.run/nacos/nacos-server:v3.1.05.设置密码:
启动之后浏览器访问:访问ip:8850 默认账号:nacos 密码:nacos
登录之后修改密码。重启nacos
docker restart nacos3
6.创建项目用Data Id
登录nacos管理后台手动创建dataId 为Data Id:seataServer.properties Group: SEATA_GROUP 配置格式:Properties 内容如下:
注意替换你自己的数据库地址,数据库名,数据库账号,数据库密码。
#事务会话信息存储方式
store.mode=db
#事务锁信息存储方式
store.lock.mode=db
#事务回话信息存储方式
store.session.mode=db
#存储方式为db
store.db.dbType=mysql
store.db.datasource=druid
store.db.driverClassName=com.mysql.cj.jdbc.Driver
# 下方你的数据库信息记得修正
store.db.url=jdbc:mysql://127.0.0.1:3306/dbname?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai&&zeroDateTimeBehavior=convertToNull
store.db.user=dbuser
store.db.password=dbpassword
store.db.minConn=5
store.db.maxConn=30
store.db.queryLimit=100
store.db.maxWait=5000
# 下面 4 项对应的数据库中几张数据表
store.db.globalTable=global_table
store.db.branchTable=branch_table
store.db.lockTable=lock_table
store.db.distributedLockTable=distributed_lock
# 事务服务配置
service.vgroupMapping.seata-server-group=default
service.default.grouplist=127.0.0.1:8091
service.enableDegrade=false
service.disableGlobalTransaction=false
Seata 安装
安装seata指定版本:seata-server-2.5.0
1.拉取镜像:
docker pull docker.1ms.run/apache/seata-server:2.5.02.临时启动拷贝配置文件使用自定义配置文件:
docker run -d -p 8091:8091 -p 7091:7091 --name seata-server250 -e JVM_XMX=1024m -e JVM_XMS=512m docker.1ms.run/apache/seata-server:2.5.03.拷贝配置:
docker cp seata-server250:/seata-server/resources /data/seata2.5.0/config
docker cp seata-server250:/seata-server/libs /data/seata2.5.0/libs4.修改配置文件
修改/data/seata2.5.0/config/application.yml,内容如下:
注意替换你自己的 nacos的地址,nacos账号,nacos密码,数据库地址,数据库名,数据库账号,数据库密码。
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
server:
port: 8091
spring:
application:
name: seata-server
main:
web-application-type: none
logging:
config: classpath:logback-spring.xml
file:
path: ${log.home:${user.home}/logs/seata}
seata:
config:
# support: nacos, consul, apollo, zk, etcd3
type: nacos
nacos:
server-addr: 127.0.0.1:8848
namespace:
group: SEATA_GROUP
context-path:
username: nacos
password: nacos
data-id: seataServer.properties
registry:
# support: nacos, eureka, redis, zk, consul, etcd3, sofa
type: nacos
nacos:
application: seata-server
server-addr: 127.0.0.1:8848
group: SEATA_GROUP
namespace:
cluster: default
context-path:
##1.The following configuration is for the open source version of Nacos
username: nacos
password: nacos
store:
# support: file 、 db 、 redis 、 raft
mode: db
session:
mode: db
lock:
mode: db
db:
datasource: druid
db-type: mysql
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/dbname?rewriteBatchedStatements=true?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&&zeroDateTimeBehavior=convertToNull
user: dbuser
password: dbpassword
min-conn: 10
max-conn: 100
global-table: global_table
branch-table: branch_table
lock-table: lock_table
distributed-lock-table: distributed_lock
query-limit: 1000
max-wait: 5000
druid:
time-between-eviction-runs-millis: 120000
min-evictable-idle-time-millis: 300000
test-while-idle: true
test-on-borrow: false
keep-alive: false
hikari:
idle-timeout: 600000
keepalive-time: 120000
max-lifetime: 1800000
validation-timeout: 5000
dbcp:
time-between-eviction-runs-millis: 120000
min-evictable-idle-time-millis: 300000
test-while-idle: true
test-on-borrow: false
# server:
# service-port: 8091 #If not configured, the default is '${server.port} + 1000'
5.下载数据库驱动
下载mysql-connector-j-8.0.33.jar驱动上传到/data/seata2.5.0/libs 否则seata无法注册成功。
下载地址:https://cdn.mysql.com/archives/mysql-connector-java-8.0/mysql-connector-j-8.0.33.tar.gz
6.停止旧容器并删除
#停止旧容器
docker stop seata-servev250
#删除旧容器
docker rm seata-servev2507.启动镜像:
docker run --name seata-servevr250 \
-p 8091:8091 \
-p 7091:7091 \
-e JVM_XMX=1024m \
-e JVM_XMS=512m \
-v /etc/localtime:/etc/localtime \
-v /etc/timezone:/etc/timezone \
-v /data/seata2.5.0/config:/seata-server/resources \
-v /data/seata2.5.0/libs:/seata-server/libs \
--restart always \
-d docker.1ms.run/apache/seata-server:2.5.0ELK8.11.3(http模式)
Elasticsearch安装
安装elasticsearch指定版本:elasticsearch:8.11.3
1.拉取镜像:
docker pull docker.1ms.run/library/elasticsearch:8.11.32.临时启动copy配置文件
docker run -d --name elasticsearch8 -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e "ES_JAVA_OPTS=-Xms512m -Xmx1024m" docker.1ms.run/library/elasticsearch:8.11.33.创建挂载目录:
mkdir -p /data/elasticsearch8.11.3/config
mkdir -p /data/elasticsearch8.11.3/plugins
mkdir -p /data/elasticsearch8.11.3/data
mkdir -p /data/elasticsearch8.11.3/logs4.拷贝配置文件:
docker cp elasticsearch8:/usr/share/elasticsearch/config /data/elasticsearch8.11.3/config
docker cp elasticsearch8:/usr/share/elasticsearch/data /data/elasticsearch8.11.3/data
docker cp elasticsearch8:/usr/share/elasticsearch/logs /data/elasticsearch8.11.3/logs
docker cp elasticsearch8:/usr/share/elasticsearch/plugins /data/elasticsearch8.11.3/plugins5.设置目录权限:设置用户755权限
chmod -R 755 /data/elasticsearch/6.修改配置文件
修改/data/elasticsearch8.11.3/config/elasticsearch.yml
关闭https:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 03-12-2025 05:36:37
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: false
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
7.停止旧容器并删除
#停止旧容器
docker stop elasticsearch8
#删除旧容器
docker rm elasticsearch88.启动elasticsearch8镜像:
ELASTIC_PASSWORD=Yourpassword 换成你的密码
docker run -d --name elasticsearch8 \
-h 127.0.0.1 \
-p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
-e "ES_JAVA_OPTS=-Xms512m -Xmx2048m" \
-e ELASTIC_PASSWORD=Yourpassword \
-v /etc/localtime:/etc/localtime \
-v /etc/timezone:/etc/timezone \
-v /data/elasticsearch8.11.3/config:/usr/share/elasticsearch/config \
-v /data/elasticsearch8.11.3/plugins:/usr/share/elasticsearch/plugins \
-v /data/elasticsearch8.11.3/data:/usr/share/elasticsearch/data \
-v /data/elasticsearch8.11.3/logs:/data/elasticsearch8.11.3/logs \
--restart always \
docker.1ms.run/library/elasticsearch:8.11.39.设置密码
进入运行elasticsearch的docker容器设置各用户的密码:
设置密码的账号:elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_use
docker exec -it elasticsearch8 /bin/bash
./bin/elasticsearch-setup-passwords interactiveKibana安装
安装kibana指定版本:kibana:8.11.3
1.拉取制定版本镜像:
docker pull docker.1ms.run/library/kibana:8.11.32.创建kibana挂载的相关目录:
mkdir -p /data/kibana8.11.3/config3.创建kibana的配置文件kibana.yml:
cd /data/kibana8.11.3/config
touch kibana.ymlkibana.yml内容如下:
注意替换kibana_system的密码。
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: ["http://elasticsearch:9200"]
monitoring.ui.container.elasticsearch.enabled: true
# elasticsearch.ssl.certificateAuthorities: ["/certs/http_ca.crt"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "******"
i18n.locale: "zh-CN"4.启动镜像:
docker run --name kibana8 -p 5601:5601 \
--link elasticsearch8:elasticsearch \
-e "elasticsearch.hosts=https://elasticsearch:9200" \
-v /etc/localtime:/etc/localtime \
-v /data/kibana8.11.3/config:/usr/share/kibana/config \
--restart=always \
-d docker.1ms.run/library/kibana:8.11.3启动成功浏览器可以访问:http://ip:5601/
Logstash安装
安装Logstash指定版本:logstash:8.11.3
1.拉取制定版本镜像:
docker pull docker.1ms.run/library/logstash:8.11.32.创建Logstash 相关挂载目录:
mkdir -p /data/logstash8.11.33.创建配置文件
创建:logstash.conf
cd /data/logstash8.11.3
touch logstash.conflogstash.conf内容如下:
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} $$%{DATA:thread}$$ %{LOGLEVEL:level} %{JAVACLASS:logger} - %{GREEDYDATA:message}" }
}
date {
match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "app-logs-%{+YYYY.MM.dd}"
user => "logstash_system"
password => "******"
}
}创建:logstash.yml
cd /data/logstash8.11.3
touch logstash.ymllogstash.yml内容如下:
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: *******
4.启动镜像:
docker run --name logstash8 -p 5044:5044 -p 9600:9600 \
--link elasticsearch8:elasticsearch \
-v /etc/localtime:/etc/localtime \
-v /etc/timezone:/etc/timezone \
-v /data/logstash8.11.3/logstash.yml:/usr/share/logstash/config/logstash.yml \
-v /data/logstash8.11.3/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
--restart=always \
-d docker.1ms.run/library/logstash:8.11.3RabbitMQ
- 拉取 RabbitMQ 镜像
docker pull rabbitmq:latest - 创建 RabbitMQ 容器
docker run --name rabbitmq -v /etc/localtime:/etc/localtime -p 5672:5672 -p 15672:15672 --restart=always -d rabbitmq:latest - 访问 RabbitMQ 管理界面
在浏览器中访问 http://localhost:15672,你将看到 RabbitMQ 的管理界面。
使用默认的用户名和密码 guest/guest 登录。
Sentinel
- 拉取 Sentinel 镜像
docker pull bladex/sentinel-dashboard - 创建 Sentinel 容器
docker run -d -p 8858:8858 --name sentinel --restart=always bladex/sentinel-dashboard
如果启动报错:library initialization failed - unable to allocate file descriptor table - out of memory
使用以下命令启动:docker run -d -p 8858:8858 --name sentinel \ -e "JAVA_OPTS=-Xms256m -Xmx512m" \ -m 1g \ --ulimit nofile=65536:65536 \ --restart=always bladex/sentinel-dashboard
商城服务端
(这种方式非必须,最终会使用docker部署,详看《搭建docker私有化镜像仓库》和《使用jenkins实现自动化部署》)
商城后端服务启动顺序:
mall-gateway.jar
mall-auth.jar
mall-account.jar
mall-admin.jar
mall-shop.jar
mall-sns.jar
mall-pay.jar
mall-im.jar
mall-cms.jar
mall-search.jar- 上传服务包jra包。
#创建目录 mkdir -p /data/wwwnohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-account.jar >/data/logs/mall-account.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-admin.jar >/data/logs/mall-admin.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-auth.jar >/data/logs/mall-auth.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-cms.jar >/data/logs/mall-cms.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-gateway.jar >/data/logs/mall-gateway.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-im.jar >/data/logs/mall-im.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-pay.jar >/data/logs/mall-pay.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-shop.jar >/data/logs/mall-shop.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-sns.jar >/data/logs/mall-sns.log 2>&1 & nohup java -jar -Xms128m -Xmx512m -XX:PermSize=64M -XX:MaxPermSize=256M mall-search.jar >/data/logs/mall-sns.log 2>&1 &
Nginx安装
- 下载Nginx的docker镜像:
docker pull nginx - 先运行一次容器(为了拷贝配置文件):
docker run -p 80:80 --name nginx \ -v /data/nginx/html:/usr/share/nginx/html \ -v /data/nginx/logs:/var/log/nginx \ -v /etc/localtime:/etc/localtime \ -d nginx:latest - 将容器内的配置文件拷贝到指定目录:
docker container cp nginx:/etc/nginx /data/nginx/ - 修改文件名称:
# 进入/data/nginx/ cd /data/nginx/ # 修改文件名 mv nginx conf - 终止并删除容器:
docker stop nginx docker rm nginx - 修改nginx配置,设置最大上传文件:client_max_body_size,这里不修改移动端装修会保存失败。
vim /data/nginx/conf/nginx.conf client_max_body_size 50m;
上传ssl证书:
#进入/data/nginx cd /data/nginx #创建ssl文件存放证书 mkdir ssl上传代码包:
#创建目录 mkdir -p /data/nginx/www/mallsuite cd /data/nginx/www/mallsuite
配置站点域名:
#进入存放配置文件目录 cd /data/nginx/conf/conf.d #创建文件 touch mallsuite.conf #编辑文件 vim mallsuite.conf放入以下内容:注意修改接口请求地址,这里127.0.0.1为示例。
upstream nacos { server 127.0.0.1:8848 weight=1; } upstream backend { server 127.0.0.1:8099; } server { listen 80; server_name yourdomain; #需要将yourdomain替换成证书绑定的域名。 rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。 location / { index index.html index.htm; } } server { #listen 80; listen 443 ssl ; server_name yourdomain; index index.php index.html index.htm default.php default.htm default.html; #root /www/mallsuite/; #启动nginx镜像挂载目录 location ^~ /api/ { # 将所有 /api/ 开头的请求代理到后端 proxy_pass http://localhost:8201/; # 重要的请求头设置 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持(Knife4j 需要) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # 禁用缓存 proxy_buffering off; proxy_cache off; } ##pc location ^~ / { root /www/mallsuite/pc; try_files $uri $uri/ /index.html; } #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则 #error_page 404/404.html; ssl_certificate /etc/nginx/ssl/7959472.com.pem;#修改为自己ssl证书 ssl_certificate_key /etc/nginx/ssl/7959472.com.key;#修改为自己ssl证书 ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri; #SSL-END #ERROR-PAGE-START 错误页配置,可以注释、删除或修改 #error_page 404 /404.html; #error_page 502 /502.html; #ERROR-PAGE-END #PHP-INFO-START PHP引用配置,可以注释或修改 #include enable-php-00.conf; #PHP-INFO-END #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效 #include /www/server/panel/vhost/rewrite/101.133.142.46.conf; #REWRITE-END # 禁止访问的敏感文件 location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$ { return 404; } # 禁止访问的敏感目录 location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ { return 404; } #一键申请SSL证书验证目录相关设置 location ~ \.well-known{ allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log /dev/null; } location ~ .*\.(js|css)?$ { expires 12h; error_log /dev/null; access_log /dev/null; } location ~* \.(eot|ttf|woff|woff2|svg)$ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; } #pc im聊天记录页面 location ^~ /im/ { root /www/mallsuite/admin/; } location ^~ /h5 { alias /www/mallsuite/h5; try_files $uri $uri/ @routerh5; index index.html index.htm; } location @routerh5 { rewrite ^.*$ /h5/index.html last; } location ^~ /admin { alias /www/mallsuite/admin; try_files $uri $uri/ @routeradmin; index index.html index.htm; } location @routeradmin { rewrite ^.*$ /admin/index.html last; } location /mobile/ { proxy_pass http://127.0.0.1:8201/mobile/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } location /api/ { proxy_pass http://127.0.0.1:8201/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } location /mallsuiteImSocketServer { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } #图片本地存储上传的静态文件访问路径 location ^~ /admin/oss/upload/ { proxy_pass http://localhost:8201/admin/oss/upload/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } #上传的静态文件访问路径 location ^~ /static/ { root /opt/apps/mall/public/; } access_log /wwwlogs/access.log; error_log /wwwlogs/error.log; }使用如下命令启动Nginx服务:
docker run -p 80:80 -p 443:443 --name nginx \ -v /etc/localtime:/etc/localtime \ -v /data/nginx/html:/usr/share/nginx/html \ -v /data/nginx/www:/www \ -v /data/nginx/wwwlogs:/wwwlogs \ -v /data/nginx/logs:/var/log/nginx \ -v /data/nginx/conf:/etc/nginx \ -v /data/nginx/ssl:/etc/nginx/ssl/ \ -v /data/nginx/www:/opt/apps/mall/public/static \ --restart=always \ -d nginx:latest
文档更新时间: 2026-03-11 14:59 作者:随商信息技术(上海)有限公司
