---

Nginx默认的监控指标有点少,基于nginx-vts-model模块的话需要自己编译nginx继而容器化,又要考虑到镜像的大小以及升级,我放弃了自己动手的想法,做伸手党,emm...为自己的无能和懒惰而咆哮,于是伸了半天手没有自己符合的还是自己动手吧.

---

1. 基于官网的Dockerfile改造添加模块.官网有模块添加的现成方案 (opens new window).为项目创建目录并自定义nginx 镜像的构建上下文

[root@iZj6cdb7oau6410sxbps25Z ～]# mkdir my-nginx

[root@iZj6cdb7oau6410sxbps25Z ～]# curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile

[root@iZj6cdb7oau6410sxbps25Z ～]# mkdir my-nginx/cachepurge

[root@iZj6cdb7oau6410sxbps25Z ～]# echo "https://github.com/vozlt/nginx-module-vts/archive/refs/tags/v0.2.2.tar.gz" > my-nginx/cachepurge/source

[root@iZj6cdb7oau6410sxbps25Z ～]# echo "build-deps" > my-nginx/cachepurge/build-deps

[root@iZj6cdb7oau6410sxbps25Z ~]# cat mynginx/cachepurge/prebuild
#!/bin/sh

# if a module has a build dependency that is not in debian/alpine
# use this script to fetch/build/install them
#
# note that shared libraries produced as a result of this script will
# not be copied from the builder image to the resulting one, so you need to
# build them statically

echo "No prebuild stage required - all dependencies are satisfied already!"

exit 0

2. 目录结构以及文件

[root@iZj6cdb7oau6410sxbps25Z ~]# tree mynginx/
mynginx/
├── cachepurge
│   ├── build-deps
│   ├── prebuild
│   └── source
└── Dockerfile

1 directory, 4 files

3. 交叉编译

[root@iZj6cdb7oau6410sxbps25Z ~]# docker login  registry.cn-hangzhou.aliyuncs.com、

[root@iZj6cdb7oau6410sxbps25Z mynginx]# docker buildx build --progress=plain --no-cache --build-arg ENABLED_MODULES="cachepurge"  --platform=linux/arm64,linux/amd64 -t registry.cn-hangzhou.aliyuncs.com/devops/nginx-vts:base . --push 

6. 漫长的等待,编译成功并推送到仓库.需要注意的事,我们需要在Nginx的主配置文件启用该模块,可以参考 (opens new window)

[root@iZj6cdb7oau6410sxbps25Z ~]# cat nginx.conf
user  nginx;
worker_processes  auto;
worker_cpu_affinity auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 102400;

load_module modules/ngx_http_vhost_traffic_status_module.so; # 启动模块

events {
    use epoll;
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    
    vhost_traffic_status_zone; # 开启
    
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    charset  utf-8;
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    send_timeout    60;
    keepalive_timeout  65;

    # client
    client_max_body_size 500M;
    client_body_timeout 60;
    client_header_timeout 60;
    client_body_buffer_size  512k;
    client_header_buffer_size 10m;

    #gzip
    gzip  on;
    gzip_disable "MSIE [1-6]\.";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 4;
    gzip_min_length 1k;
    gzip_buffers 16 64k;
    gzip_http_version 1.1;
    gzip_types  image/jpeg image/png image/x-ms-bmp image/gif text/plain text/css  application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;

    server_tokens off;

    # proxy
    proxy_ignore_client_abort on;
    proxy_connect_timeout    180;
    proxy_read_timeout       90;
    proxy_send_timeout       90;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;

    include /etc/nginx/conf.d/*.conf;
}

7. Nginx的子配置开启状态页监控

server {
    listen 80;
    server_name localhost;
    index index.html index.htm;
    root html;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location ~ .*\.git {
        deny all;
    }

    location /status {
       vhost_traffic_status_display;
       vhost_traffic_status_display_format html;
   }
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log notice;
}

8. 启动服务,基于nginx-vts:base修改了Nginx的主配置和子配置生成nginx-vts:lts镜像

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/path: "/status/format/prometheus"
        prometheus.io/port: "80"
    spec:
      containers:
        - name: nginx
          image: registry.cn-hangzhou.aliyuncs.com/devops/nginx-vts:lts
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 80

---

---

---

9. 基于官网Dockerfile,我们可以优化下时区以及apt源

[root@iZj6cdb7oau6410sxbps25Z mynginx]# cat Dockerfile
ARG NGINX_FROM_IMAGE=nginx:mainline
FROM ${NGINX_FROM_IMAGE} as builder

ARG ENABLED_MODULES

SHELL ["/bin/bash", "-exo", "pipefail", "-c"]

RUN if [ "$ENABLED_MODULES" = "" ]; then \
        echo "No additional modules enabled, exiting"; \
        exit 1; \
    fi

COPY ./ /modules/

RUN apt-get update \
    && apt-get install -y --no-install-suggests --no-install-recommends \
                patch make wget mercurial devscripts debhelper dpkg-dev \
                quilt lsb-release build-essential libxml2-utils xsltproc \
                equivs git g++ libparse-recdescent-perl \
    && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \
    && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \
    && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \
        echo "XSLScript checksum verification succeeded!"; \
        chmod +x /tmp/xslscript.pl; \
        mv /tmp/xslscript.pl /usr/local/bin/; \
    else \
        echo "XSLScript checksum verification failed!"; \
        exit 1; \
    fi \
    && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \
    && cd pkg-oss \
    && mkdir /tmp/packages \
    && for module in $ENABLED_MODULES; do \
        echo "Building $module for nginx-$NGINX_VERSION"; \
        if [ -d /modules/$module ]; then \
            echo "Building $module from user-supplied sources"; \
            # check if module sources file is there and not empty
            if [ ! -s /modules/$module/source ]; then \
                echo "No source file for $module in modules/$module/source, exiting"; \
                exit 1; \
            fi; \
            # some modules require build dependencies
            if [ -f /modules/$module/build-deps ]; then \
                echo "Installing $module build dependencies"; \
                apt-get update && apt-get install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \
            fi; \
            # if a module has a build dependency that is not in a distro, provide a
            # shell script to fetch/build/install those
            # note that shared libraries produced as a result of this script will
            # not be copied from the builder image to the main one so build static
            if [ -x /modules/$module/prebuild ]; then \
                echo "Running prebuild script for $module"; \
                /modules/$module/prebuild; \
            fi; \
            /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \
            BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \
        elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \
            echo "Building $module from pkg-oss sources"; \
            cd /pkg-oss/debian; \
            make rules-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \
            mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \
            make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \
            find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \
            BUILT_MODULES="$BUILT_MODULES $module"; \
        else \
            echo "Don't know how to build $module module, exiting"; \
            exit 1; \
        fi; \
    done \
    && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env
FROM ${NGINX_FROM_IMAGE}
RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \
    apt-get update \
    && . /tmp/packages/modules.env \
    && for module in $BUILT_MODULES; do \
           apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \
       done \
    && sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo Asia/Shanghai > /etc/timezone
    && rm -rf /var/lib/apt/lists/