在docker上从源代码编译nginx naxsi并不会侦听任何端口

Question

我在使用naxsi插件模块编译nginx时出现问题，我使用基本的ubuntu 16.04 docker镜像和以下Dockerfile

RUN apt-get update && \
apt-get upgrade -y && \
apt-get install fail2ban supervisor libpcre3-dev libxslt1-dev libgd2-xpm-dev libgeoip-dev libssl-dev unzip wget make \
  libgoogle-perftools-dev google-perftools jq -y --fix-missing && \
apt-get remove --purge -y software-properties-common build-essential && \
apt-get autoremove -y && \
apt-get clean && \
apt-get autoclean && \
echo -n > /var/lib/apt/extended_states && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /usr/share/man/?? && \
rm -rf /usr/share/man/??_*

RUN mkdir /tmp/ngxbuild

RUN cd /tmp/ngxbuild

RUN wget -q http://nginx.org/download/nginx-1.11.9.tar.gz

RUN wget -q https://github.com/nbs-system/naxsi/archive/0.55.2.tar.gz

RUN tar xzf nginx-1.11.9.tar.gz

RUN tar xzf 0.55.2.tar.gz

WORKDIR  nginx-1.11.9

RUN groupadd -r nginx && useradd -r -g nginx nginx

RUN ./configure \
  --with-pcre \
  --with-ipv6 \
  --user=nginx \
  --group=nginx \
  --with-stream \
  --with-file-aio \
  --with-poll_module \
  --with-http_v2_module \
  --with-http_ssl_module \
  --with-stream_ssl_module \
  --with-http_realip_module \
  --pid-path=/run/nginx.pid \
  --prefix=/usr/local/nginx \
  --without-http_uwsgi_module \
  --with-stream_realip_module \
  --pid-path=/var/run/nginx.pid \
  --with-http_gzip_static_module \
  --with-google_perftools_module \
  --lock-path=/var/lock/nginx.lock \
  --conf-path=/etc/nginx/nginx.conf \
  --sbin-path=/usr/local/sbin/nginx \
  --lock-path=/run/lock/subsys/nginx \
  --add-module=../naxsi-0.55.2/naxsi_src/ \
  --error-log-path=/var/log/nginx/error.log \
  --http-log-path=/var/log/nginx/access.log \
  --http-proxy-temp-path=/var/lib/nginx/proxy \
  --http-client-body-temp-path=/var/lib/nginx/body \
  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
  --without-mail_pop3_module \
  --without-mail_smtp_module \
  --without-mail_imap_module \
  --without-http_scgi_module \
  --prefix=/usr && \
  make -j 4 && \
  make install && \
  mkdir -p /var/lib/nginx/{body,proxy,fastcgi}

nginx编译并且dockerfile构建没有错误但是当我启动容器时nginx启动但没有监听任何端口

我的网站配置如下所示

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    root /data/www/app/dist;

    # Add index.php to the list if you are using PHP
    index index.html;

    server_name url.co.uk;

    ssl_certificate /data/ssl/nginx-selfsigned.crt;
    ssl_certificate_key /data/ssl/nginx-selfsigned.key;
    ssl_dhparam /data/ssl/dhparam.pem;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
}

我的nginx.conf看起来像

user nginx;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    multi_accept on;
    use epoll;
}

http {

    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;
    client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;
    client_body_buffer_size      128k;
    client_max_body_size         10m;
    client_header_buffer_size    1k;
    large_client_header_buffers  4 4k;
    output_buffers               1 32k;
    postpone_output              1460;
    server_names_hash_bucket_size 64;
    server_name_in_redirect off;
    default_type application/octet-stream;
    include /etc/nginx/mime.types;

    ##
    # SSL Settings
    ##
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_session_cache shared:SSL:5m;
    ssl_session_timeout 1h;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    ssl_stapling off;
    ssl_stapling_verify off;
    add_header Strict-Transport-Security max-age=15768000;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ##
    # Resolver Settings
    ##
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    ##
    # Logging Settings
    ##
    access_log /data/log/nginx/qg-webapp.access.log;
    error_log /data/log/nginx/qg-webapp.error.log;

    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

当我运行lsof -i：443时，它显示没有正在侦听ssl端口。编译时我做错了吗？

Answer 1

您必须在您可以使用的dockerfile中映射您的端口

EXPOSE 443:443

或者在使用run命令时执行

docker run -its -p 443:443 --name nginx image_nginx

你可以将它放入你的Dockerfile

ENTRYPOINT sh -c 'while true; do sleep 3600; done;'