Dockerfile的多级构建Vue+Nginx(openresty)

在Docker 17.05多阶段构建推出之后，我们只需要维护一个Dockerfile文件即可：

在项目的根目录下，创建如下的Dockerfile文件:

# First stage: complete build environment
FROM node:alpine as builder
WORKDIR /root
COPY . /root
# RUN npm
#RUN npm install --registry=https://registry.npm.taobao.org --verbose
RUN npm install --verbose
RUN npm run build

# Second stage: minimal runtime environment
FROM openresty/openresty:alpine
# health check, 每 15秒检查一次，健康检查命令超过 3 秒没响应，并且重试 3 次都没响应就视为失败
HEALTHCHECK --interval=15s --timeout=3s  --retries=3 \
    CMD curl -fs http://localhost/ || exit 1
MAINTAINER Dong Xing <bydongxing@gmail.com>
ENV GATEWAY_URL http://127.0.0.1:8080
# copy dist from the first stage
COPY --from=builder /root/dist /usr/share/nginx/html
# copy nginx.conf
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
# expose port
EXPOSE 80

备注：
1、nginx.conf配置文件：

#user  nobody;
user root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}

env GATEWAY_URL;

http {
  # dns解析器的地址
  # docker 的地址为 127.0.0.11
  # k8s 的地址为  kubectl get svc -A |grep kube-dns 出来的IP地址，例如：10.96.0.10
    resolver 127.0.0.11 ipv6=off;

    include       mime.types;
    default_type  application/octet-stream;

    # 自定义日志格式，打印出 请求和 响应的时间，单位：秒。 
    # upstream_response_time - request_time = nginx自身消耗的时间
    # log_format 和 access_log 必须全部开启，不然 不生效
    # 日志路径：/usr/local/openresty/nginx/logs
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $request_time $upstream_response_time';
    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    # 开启Gzip
    gzip on;
    # 如果用了nginx作反向代理，如果值是 any, 表示无论后端服务器的headers头返回什么信息，都无条件启用压缩
    #gzip_proxied any;
    #gzip_proxied expired no-cache no-store private auth;
	#expired - 启用压缩，如果header头中包含 "Expires" 头信息
	#no-cache - 启用压缩，如果header头中包含 "Cache-Control:no-cache" 头信息
	#no-store - 启用压缩，如果header头中包含 "Cache-Control:no-store" 头信息
	#private - 启用压缩，如果header头中包含 "Cache-Control:private" 头信息
	#no_last_modified - 启用压缩,如果header头中不包含 "Last-Modified" 头信息
	#no_etag - 启用压缩 ,如果header头中不包含 "ETag" 头信息
	#auth - 启用压缩 , 如果header头中包含 "Authorization" 头信息
	#any - 无条件启用压缩
    # 是否在http header中添加"Vary: Accept-Encoding"，跟Squid等缓存服务有关,建议开启
	gzip_vary on;
    # 不压缩临界值，大于1K的才压缩，一般不用改
    gzip_min_length 1024;
    # 设置压缩所需要的缓冲区大小 buffer，一般不用改
    gzip_buffers 4 16k;
    # 设置gzip压缩针对的HTTP协议版本, 用了反向代理的话，末端通信是HTTP/1.0，默认是HTTP/1.1
    gzip_http_version 1.1;
    # gzip 压缩级别，1-9，数字越大压缩的越好，也越占用CPU时间，推荐6
	gzip_comp_level 6;
    # 进行压缩的文件类型，缺啥补啥就行了，JavaScript有两种写法，最好都写上吧，总有人抱怨js文件没有压缩，其实多写一种格式就行了
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/atom+xml  application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml font/opentype image/svg+xml image/x-icon text/x-component;
    # 根据客户端的浏览器标志(user-agent)来设置，支持使用正则表达式。指定的浏览器标志不使用Gzip.该指令一般是用来排除一些明显不支持Gzip的浏览器。
    gzip_disable "MSIE [1-6]\.";
        
    #upstream uis {
    #     ip_hash;
    #     server 10.10.221.155:80;
    #     server 10.10.221.155:80;
    #  }
  
    #用于tomcat反向代理,解决nginx 504错误（全局配置） 
    #单位秒
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    proxy_read_timeout 300;

    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    server {
        listen 80;
        listen [::]:80;
        # 更换为 域名
        # server_name  localhost;
        # server_name  10.11.121.132;
        server_name www.xxxx.com;
        # rewrite ^(.*) https://$server_name$1 permanent;
        return 301 https://$server_name:443$request_uri;
    }

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        # 更换为 域名
        # server_name  localhost;
        # server_name  10.11.121.132;
        server_name www.xxxx.com;
        charset utf-8;
        client_max_body_size 100M;
        set_by_lua $gateway_url 'return os.getenv("GATEWAY_URL")';

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        # ssl配置
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_session_tickets off;
        ssl_certificate /opt/ssl/www.xxxxx.com.pem;
        ssl_certificate_key /opt/ssl/www.xxxxx.com.key;

        # index  index.html index.htm;
        # root /usr/share/nginx/html;        

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        # resolver 10.96.0.10;
        location /api {
        	proxy_redirect off;
            proxy_http_version 1.1;
            rewrite ^/api/(.*) /api/$1 break;
            proxy_pass $gateway_url;
            # proxy_pass http://gateway-service-headless:8080/;

        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

    #HTTPS server
}

2、启动命令
docker run -p 80:80 -e GATEWAY_URL=http://host.docker.internal:8099 + 镜像名称
其中host.docker.internal是容器访问宿主机的地址，也可以通过docker0的ip地址访问

docker run -d --name=myweb --health-cmd="curl -fs http://localhost/ || exit 1" --health-interval=5s --health-retries=12 --health-timeout=2s nginx:1.23

• --health-cmd string：运行检查健康状况的命令
• --health-interval duration：运行间隔时间(ms|s|m|h)(缺省为 0s)
• --health-retries int：需要报告不健康的连续失败次数
• --health-start-period duration ：容器在开始健康重试倒计时之前初始化的起始周期(ms|s|m|h)(默认 0)
• --health-timeout duration：允许一次检查运行的最大时间(ms|s|m|h)(默认为 0s)
• --no-healthcheck：禁用任何容器指定的HEALTHCHECK，会使得 Dockerfile 构建出来的HEALTHCHECK功能失效