下载地址

openresty

nginx-module-vts

nginx-module-stream-sts

nginx-module-sts

模块下载zip格式的, tar包有一个无法解压

目录结构

1
2
3
4
5
6
7
8
9
10
tree
.
├── Dockerfile
├── nginx.conf
├── nginx-module-stream-sts-0.1.1.zip
├── nginx-module-sts-0.1.1.zip
├── nginx-module-vts-0.1.18.zip
├── openresty-1.21.4.2.tar.gz
├── upstream-default.conf
└── vhost-default.conf

Dockerfile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
FROM alpine:latest AS openresty-vts-build

ADD openresty-*.tar.gz /usr/local/src/
COPY nginx-module-vts-*.zip /usr/local/src/
COPY nginx-module-sts-*.zip /usr/local/src/
COPY nginx-module-stream-sts-*.zip /usr/local/src/

RUN cd /usr/local/src && \
    unzip nginx-module-vts-*.zip && \
    unzip nginx-module-sts-*.zip && \
    unzip nginx-module-stream-sts-*.zip

RUN set -eux && sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

RUN apk add perl build-base make pcre-dev zlib-dev openssl-dev && \
    cd /usr/local/src/openresty-* && \
    /usr/local/src/openresty-*/configure \
    --with-http_stub_status_module --with-http_ssl_module \
    --with-http_gzip_static_module --add-module=/usr/local/src/nginx-module-vts-0.1.18 \
    --add-module=/usr/local/src/nginx-module-sts-0.1.1 --add-module=/usr/local/src/nginx-module-stream-sts-0.1.1 && \
    make && make install

FROM alpine:latest
RUN set -eux && sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

RUN apk add perl pcre-dev zlib-dev openssl-dev

COPY --from=openresty-vts-build /usr/local/openresty /usr/local/openresty
RUN chmod +x /usr/local/openresty/nginx/sbin/nginx && \
    mkdir /usr/local/openresty/nginx/conf/{vhosts,upstream} && \
    ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log && \
    ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
COPY vhost-default.conf /usr/local/openresty/nginx/conf/vhosts/default.conf
COPY upstream-default.conf /usr/local/openresty/nginx/conf/upstream/upstream-default.conf

USER root

ENV LUA_PATH="/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua"
ENV LUA_CPATH="/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so"


WORKDIR /usr/local/openresty/nginx

EXPOSE 80
EXPOSE 8000

ENTRYPOINT ["/usr/local/openresty/nginx/sbin/nginx"]
CMD ["-g","daemon off;"]
# CMD ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
user  nobody;
worker_processes  auto;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

error_log  logs/error.log warn;
pid        logs/nginx.pid;

events {
    worker_connections  65535;
}
http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    log_format json
      '{"@timestamp":"$time_iso8601",'
      '"host":"$hostname",'
      '"server_ip":"$server_addr",'
      '"client_ip":"$remote_addr",'
      '"xff":"$http_x_forwarded_for",'
      '"domain":"$host",'
      '"url":"$uri",'
      '"referer":"$http_referer",'
      '"args":"$args",'
      '"upstreamtime":"$upstream_response_time",'
      '"responsetime":"$request_time",'
      '"request_method":"$request_method",'
      '"status":"$status",'
      '"size":"$body_bytes_sent",'
      '"request_body":"$request_body",'
      '"request_length":"$request_length",'
      '"protocol":"$server_protocol",'
      '"upstreamhost":"$upstream_addr",'
      '"file_dir":"$request_filename",'
      '"http_user_agent":"$http_user_agent"'
    '}';


    access_log  logs/access.log  json;
    sendfile        on;

    #tcp_nopush     on;
    keepalive_timeout  65;

    #gzip  on;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 8 128k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    client_header_buffer_size 128k;
    client_body_buffer_size 1m;
    underscores_in_headers on;

    # prometheus metircs: /status/format/prometheus
    vhost_traffic_status_zone;
    vhost_traffic_status_filter_by_host on;
    stream_server_traffic_status_zone;

    server {
        listen       8000;
        server_name localhost;
        location /vts_status {
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;
        }
        location /sts_status {
            stream_server_traffic_status_display;
            stream_server_traffic_status_display_format html;
        }
    }

    include vhosts/*.conf;
}
stream {
    server_traffic_status_zone;
    log_format proxy '$remote_addr - [$time_local] $status "$upstream_bytes_sent" "$upstream_bytes_received" - "$upstream_addr" "$upstream_connect_time"';

    access_log  logs/upstream-access.log  proxy;
    open_log_file_cache off;

    include upstream/*.conf;
}

upstream-default.conf

1
2
3
4
5
6
7
8
9
10
11
12
upstream example-server {
   hash $remote_addr consistent;
   server 172.16.20.11:8880;
   server 172.16.20.12:8880;
   server 172.16.20.13:8880;
}

server {
   listen 8880;
   proxy_pass example-server;
   access_log  logs/example-upstream.log  proxy;
}

vhost-default.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
server {
    listen       80;
    server_name  172.16.20.61;
    
    location / {
        root   html;
        index  index.html index.htm;
    }
    
    error_page  404              /404.html;
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

制作镜像

1
docker build ./ -t openresty-vts:1.21.4.2-alpine

启动镜像

docker-compose编排文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
mkdir -pv /data/docker-compose/openresty-vts
cat > /data/docker-compose/openresty-vts/docker-compose.yml << 'EOF'
version: "3"
services:
  openresty-vts:
    container_name: openresty-vts
    hostname: openresty-vts
    image: openresty-vts:1.21.4.2-alpine
    network_mode: host
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime
      - /data/openresty-vts/nginx/logs:/usr/local/openresty/nginx/logs
    deploy:
      resources:
        limits:
           memory: 4G
EOF

这里仅为了测试, 生产使用可以要把nginx.conf, vhosts, upstream通过volume挂载进去

启动

1
cd /data/docker-compose/openresty-vts/; docker-compose up -d

grafana 监控模板: 9785