CF+Nginx+docker组合拳:反向代理容器

由于最近觉得到处下载epub很烦,就找到了个reading server的开源项目,遂搭建。

为了白嫖赛博菩萨Cloudflare的https,以及隐藏真实服务器ip,使用了nginx反向代理本机docker的方案(kavita可以用docker部署)。

第一部分:docker安装

环境是ubuntu,自动脚本安装。(运行用户我用的root)

1
2
curl -fsSL https://test.docker.com -o test-docker.sh
sudo sh test-docker.sh

第二部分:编写docker-compose.yml

接下来先给两个容器创建目录,然后在里面编写docker-compose.yml。

第一个是kavita:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
services:
    kavita:
        image: lscr.io/linuxserver/kavita:latest    # Using the stable branch from the official dockerhub repo.
        container_name: kavita
        volumes:
            - ./manga:/manga            # Manga is just an example you can have the name you want. See the following
            - ./comics:/comics          # Use as many as you want
            - ./books:/books            #
            - ./data:/kavita/config     # Change './data if you want to have the config files in a different place.
                                        # /kavita/config must not be changed
        environment:
            - TZ=Your/Timezone
        ports:
            - "5000:5000" # Change the public port (the first 5000) if you have conflicts with other services
        restart: unless-stopped

再写一个nginx的:

1
2
3
4
5
6
7
8
9
10
services:
  nginx:   
    image: nginx                #nginx's image
    container_name: nginx       #container's name
    volumes:
      - ./nginx/logs:/var/log/nginx                  # log file
      - ./nginx/conf.d:/etc/nginx/conf.d             # config file  
    ports:
      - 80:80
    restart: unless-stopped

两个容器来起来之后就可以配置nginx了。

1
2
3
4
5
6
7
8
9
10
11
12
server {
  listen 80;
  server_name  read.steammilk.fun;

  location / {
      proxy_pass http://127.0.0.1:5000/;        #此处还可以使用另一个容器的ip
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

到此你就应该发现其实是不能运行的,因为容器之间的network不互通,所以我把nginx的网络改成了主机模式。

修改docker-compose.yml

1
2
3
4
5
6
7
8
9
services:
  nginx:   
    image: nginx                #nginx's image
    container_name: nginx       #container's name
    volumes:
      - ./nginx/logs:/var/log/nginx                  # log file
      - ./nginx/conf.d:/etc/nginx/conf.d             # config file  
    network_mode: "host"                             # use network host mode to share host's network namespace     
    restart: unless-stopped

更新完nginx之后就成功访问了,接着就是套上CF。

将CF的ip在安全组里放行80,完美大功告成。

金刚不坏,域名解析到CF,只有CF能够访问VM,组合拳拜见赛博佛祖。

贴一下CF的IP段。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
173.245.48.0/20,
103.21.244.0/22,
103.22.200.0/22,
103.31.4.0/22,
141.101.64.0/18,
108.162.192.0/18,
190.93.240.0/20,
188.114.96.0/20,
197.234.240.0/22,
198.41.128.0/17,
162.158.0.0/15,
104.16.0.0/13,
104.24.0.0/14,
172.64.0.0/13,
131.0.72.0/22

新部分:结合成一个yml

#docker #nginx #kavita
CF+Nginx+docker组合拳:反向代理容器
https://steammilk.com/2024/07/03/2024-all/doserver/
作者
蒸奶泡
发布于
2024年7月3日
更新于
2025年1月8日
许可协议