为什么要在"daemon off"关闭时使用nginx?在与Docker的背景中? [英] Why use nginx with "daemon off" in background with docker?

问题描述

这一切都始于文章有关在docker中设置nginx和certbot的信息.在本手册的最后，作者使用以下命令对nginx进行了自动证书续订:

It all started from this article about setting up nginx and certbot in docker. In the end of the manual the author made the automatic certificate renewal for nginx with this command:

command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

我不是唯一不了解此部分的人，因此有一个问题:

I'm not the only one who didn't understand this part, so there was a question on SO: Why do sleep & wait in bash?

给出的答案是原始命令并不完美，这是更正后的版本:

The answer was given that the original command was not perfect and here is the corrected version:

/bin/sh -c 'nginx -g \"daemon off;\" & trap exit TERM; while :; do sleep 6h  & wait $${!}; nginx -s reload; done'

但是在此命令中，我看到了nginx -g \"daemon off;\" & 为什么我们首先将nginx放在前景上，然后将其塞进背景?含义是什么?为什么不首先在后台启动Nginx?

But in this command I see nginx -g \"daemon off;\" & Why do we first put nginx on foreground and then stuff it in background? What are implications and why not just launch nginx in background at first?

另一个问题:据我了解，与原始命令不同，while周期对于docker仍然处于前台.但是如果nginx是背景，是否意味着它死了，docker不在乎?在前台while仍在工作，没问题.

Another question: as I understand, the while cycle stays in foreground for docker, unlike the original command. But if nginx if background, does it mean that if it dies, docker does not care? In foreground while is still working, no problem.

最后一个问题:为什么在此命令中有时会看到$${!}，有时会看到${!}.相同的SO问题中的${!}示例:

And the last question: why in this commands sometimes we see $${!} and sometimes ${!}. Example of ${!} from the same SO question:

docker run --name test --rm --entrypoint="/bin/sh" nginx  -c 'nginx -g "daemon off;" & trap exit TERM; while :; do sleep 20 & wait ${!}; echo running; done'

我知道这是字符转义，但是我不知道这种情况的规则.

I know it's a character escaping, but I don't figure out the rules for this case.

推荐答案

但是在此命令中，我看到了nginx -g \"daemon off; \"&为什么我们首先将nginx放在前景上，然后将其塞进背景?含义是什么?为什么不首先在后台启动Nginx?

But in this command I see nginx -g \"daemon off;\" & Why do we first put nginx on foreground and then stuff it in background? What are implications and why not just launch nginx in background at first?

原因主要是为了突出差异，没有任何含义.该命令等效于:

The reason was mainly to highlight the differences and there are no implications. The command is equivalent to:

"/bin/sh -c 'nginx; trap exit TERM; while :; do sleep 6h  & wait $${!}; nginx -s reload; done'

另一个问题:据我了解，与原始命令不同，while周期对于docker来说仍然处于前台.但是如果nginx是背景，是否意味着它死了，docker不在乎?在前台仍在工作时，没问题.

Another question: as I understand, the while cycle stays in foreground for docker, unlike the original command. But if nginx if background, does it mean that if it dies, docker does not care? In foreground while is still working, no problem.

该命令基本上创建三个进程:Shell进程(/bin/sh)，sleep 6H和nginx服务器.每6小时进行一次第四次处理(nginx -s reload). Docker始终使用PID 1监视该进程，在本例中为/bin/sh.如果壳死了，则容器退出.如果nginx服务器是shell进程的子级服务器，但死于docker，则实际上并不在乎.

The command basically creates three processes: the shell process (/bin/sh), sleep 6H and the nginx server. A fourth process (nginx -s reload) is forked every 6 hours. Docker always monitors the process with PID 1 which in this case is the shell (/bin/sh). If the shell dies the container exits. If the nginx server, which is a child of the shell process, dies docker, indeed doesn't care.

更正"的版本不能解决这些问题.它具有与原始问题相同的问题. SO问题的答案仅突出表明，除非您想及时处理信号，否则不需要sleep和wait.这意味着:

The "corrected" version doesn't address these issues. It has the same problems as the original one. The answer to the SO question only highlights that the sleep and wait is not needed unless you want to handle signals in a timely manner. It means that:

"/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx ..."

与以下内容完全相同:

"/bin/sh -c 'while :; do sleep 6h; nginx ..."

最后，一个适当的实现将以nginx作为主要进程(PID 1)，并且另一个在后台运行的进程每隔6h醒来一次，以信号通知服务器重新加载配置.原始命令或更正的命令都不能正确实现所有这些功能.

In conclusion, a proper implementation would have nginx as the main process (PID 1) and another process running in background waking up every 6h to signal the server to reload the configuration. Neither the original, nor the corrected command implement all this properly.

要解决上述问题，该命令应如下所示:

To fix the before mentioned problems the command should be like this:

'while :; do sleep 6h; nginx -s reload; done & exec nginx -g "daemon off;"'

exec系统调用用nginx服务器替换shell进程的内容，使nginx成为前台的主进程. 现在，所有信号均已正确传播到服务器(另请参见控制nginx ).

The exec system call replaces the content of the shell process with the nginx server making nginx the main process in foreground. All the signals are now propagated correctly to the server (see also Controlling nginx).

注意:此解决方案仍然存在缺陷.不监视外壳进程(while循环).如果出于某种原因该进程退出了docker做的唯一事情 是要发送警报.

Note: This solution still has a flaw. The shell process (the while loop) is not monitored. If for any reason this process exits the only thing docker does is to send an alert.

希望这会有所启发.

这篇关于为什么要在"daemon off"关闭时使用nginx?在与Docker的背景中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！