Nginx容器化部署与集群管理详细指南

一、Nginx容器化部署

1. 基础容器部署

使用官方Nginx镜像

docker run --name my-nginx -d -p 80:80 nginx

自定义Dockerfile

FROM nginx:latest

# 复制自定义配置文件
COPY nginx.conf /etc/nginx/nginx.conf
COPY conf.d/ /etc/nginx/conf.d/

# 复制静态文件
COPY static/ /usr/share/nginx/html/

# 暴露端口
EXPOSE 80 443

CMD ["nginx", "-g", "daemon off;"]

2. 配置管理

使用ConfigMap (Kubernetes)

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
data:
  nginx.conf: |
    user  nginx;
    worker_processes  auto;
    events {
      worker_connections  1024;
    }
    http {
      include       /etc/nginx/mime.types;
      default_type  application/octet-stream;
      sendfile        on;
      keepalive_timeout  65;
      include /etc/nginx/conf.d/*.conf;
    }

3. 持久化存储

挂载配置和日志

docker run --name my-nginx \
  -v /path/to/nginx.conf:/etc/nginx/nginx.conf \
  -v /path/to/logs:/var/log/nginx \
  -d nginx

Kubernetes持久化卷

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  template:
    spec:
      volumes:
      - name: nginx-config
        configMap:
          name: nginx-config
      - name: nginx-logs
        emptyDir: {}

二、Nginx集群管理

1. Docker Swarm集群

初始化Swarm

docker swarm init

部署Nginx服务

docker service create --name nginx --replicas 3 -p 80:80 nginx

扩展服务

docker service scale nginx=5

2. Kubernetes集群部署

基本Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

Service配置

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: LoadBalancer

3. 高级集群功能

自动扩缩容(HPA)

kubectl autoscale deployment nginx-deployment --cpu-percent=50 --min=3 --max=10

金丝雀发布

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-canary
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: nginx-new
        image: nginx:new-version

蓝绿部署

# 部署新版本
kubectl apply -f nginx-blue.yaml

# 切换流量
kubectl patch svc nginx-service -p '{"spec":{"selector":{"version":"blue"}}}'

三、性能优化与监控

1. 性能调优参数

Nginx配置优化

worker_processes auto;
worker_rlimit_nofile 100000;
events {
  worker_connections 4000;
  use epoll;
  multi_accept on;
}

容器资源限制

resources:
  limits:
    cpu: "2"
    memory: "1Gi"
  requests:
    cpu: "500m"
    memory: "512Mi"

2. 监控方案

Prometheus监控配置

scrape_configs:
  - job_name: 'nginx'
    static_configs:
      - targets: ['nginx-service:9113']

使用Nginx Exporter

FROM nginx/nginx-prometheus-exporter:latest
CMD ["-nginx.scrape-uri", "http://nginx/status"]

四、安全加固

1. 容器安全

非root用户运行

FROM nginx:latest
USER nginx

只读文件系统

securityContext:
  readOnlyRootFilesystem: true

2. Nginx安全配置

SSL配置

server {
  listen 443 ssl http2;
  ssl_certificate /etc/nginx/ssl/cert.pem;
  ssl_certificate_key /etc/nginx/ssl/key.pem;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers HIGH:!aNULL:!MD5;
}

安全头设置

add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";

五、常见问题排查

1. 日志查看

# Docker容器日志
docker logs my-nginx

# Kubernetes Pod日志
kubectl logs nginx-pod-1234

2. 性能问题排查

# 查看容器资源使用
docker stats my-nginx

# Kubernetes资源监控
kubectl top pod nginx-pod-1234

3. 网络问题排查

# 测试服务可达性
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
wget -O- nginx-service:80

# 检查DNS解析
nslookup nginx-service

通过以上指南，您可以实现Nginx的高效容器化部署和集群管理，确保服务的高可用性、可扩展性和安全性。根据实际业务需求，可以进一步调整配置参数和部署策略。