Let’s Encrypt 通配符证书自动续期
**注意:**本Dockerfile只适合阿里云的域名,其他域名需要自行修改变量名。见参考资料!
虽然官方提供了Docker镜像,但是每次只能手动运行,整个步骤都跑一便太繁琐了,于是有了这个镜像。依赖crontab自动执行任务,定时续期。
# Dockerfile
FROM ubuntu:19.04
MAINTAINER leolan <842632422@qq.com>
ARG AK
ARG SK
ENV ALY_KEY $AK
ENV ALY_TOKEN $SK
RUN export DEBIAN_FRONTEND=noninteractive && \
apt update && apt install git vim wget cron locales tzdata -y &&\
apt clean && rm -rf /var/lib/apt &&\
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
# 时区问题:https://blog.csdn.net/taiyangdao/article/details/80512997
RUN git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au.git /root/certbot-letencrypt &&\
cd /root/certbot-letencrypt && wget https://dl.eff.org/certbot-auto && chmod +x certbot-auto && chmod +x au.sh &&\
sed -i "s/ALY_KEY=\"\"/ALY_KEY=\"$ALY_KEY\"/g" au.sh &&\
sed -i "s/ALY_TOKEN=\"\"/ALY_TOKEN=\"$ALY_TOKEN\"/g" au.sh &&\
sed -i 's/apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \\/apt-get install -y $QUIET_FLAG $YES_FLAG --no-install-recommends \\/g' certbot-auto &&\
sed -i 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/cron &&\
echo '0 1 */5 * * /root/certbot-letencrypt/certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" \
--manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean" >> /root/certbot-letencrypt/crontab_log.log' >> /var/spool/cron/crontabs/root
CMD env >> /etc/default/locale && /etc/init.d/cron start && /bin/bash
# 构建镜像
# 构建镜像时填写你的阿里云AK和SK(注意构建后的镜像不要上传到公共仓库)
docker build -t certbot-auto --build-arg AK="xxxxxx" --build-arg SK="xxxxxx" -f ./Dockerfile .
# 启动(注意容器目录不是在live下,live下的是软链接,在宿主机是找不到实体文件的)
docker run -idt -v /etc/letsencrypt/live:/etc/letsencrypt/archive \
--name my_certbot --restart=always [镜像ID]
# --------------------------------------------------------------------
# 下面开始申请证书,第一次运行会安装环境,比较久
# 进入容器
docker exec -it [容器ID] /bin/bash
# 测试(当出现输入框提示时一般就是正常的,也可以一直走到底)
./certbot-auto certonly -d *.leolan.top -d leolan.top --manual --preferred-challenges dns --dry-run --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean"
# 正式生成证书(去除了--dry-run参数)
./certbot-auto certonly -d *.leolan.top -d leolan.top --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean"
# --------------------------------------------------------------------
到这里步骤已经完成,可以使用了,在宿主机/etc/letsencrypt/live目录下即是证书。
# 通过crontab每5天凌晨1点自动执行续期脚本。
# 如果你有多个域名!!!
可以配置cpoy多个au.sh,并以域名作为文件名,修改里面的密钥
并逐一按上面步骤申请证书
完成后修改crontab,并添加到crontab
0 1 */5 * * /root/certbot-letencrypt/certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/[域名、文件名].sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/[域名、文件名].sh python aly clean" >> /root/certbot-letencrypt/crontab_log.log
完成后拷贝证书退出容器,自动每5天的晚上1点续期
手动续期可以crontab -l查看命令
参考资料:
https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
https://jingsam.github.io/2018/10/12/lets-encrypt.html
Mindoc
使用原作者的Dockerfile直接构建镜像。
要求docker 1.17.05 或docker-ce 17.05以上版本
构建过程需要访问golang,需要全局爬梯子。
项目地址:https://github.com/lifei6671/mindoc
镜像:docker pull leolan/mindoc
使用:
1、使用sqlite3:docker run -d -p 8181:8181 leolan/mindoc
2、使用MySQL:创建一个配置app.conf
# 例
DB_ADAPTER mysql
MYSQL_PORT_3306_TCP_ADDR 192.168.2.250
MYSQL_PORT_3306_TCP_PORT 3306
MYSQL_INSTANCE_NAME mindoc
MYSQL_USERNAME mindoc
MYSQL_PASSWORD 123456
HTTP_PORT 8181
docker run -d -p 8181:8181 -v /my/app.conf:/mindoc/conf/app.conf leolan/mindoc
# 无配置文件可以使用参数形式
docker run -p 8181:8181 --name mindoc -e DB_ADAPTER=mysql -e MYSQL_PORT_3306_TCP_ADDR=192.168.2.250 -e MYSQL_PORT_3306_TCP_PORT=3306 -e MYSQL_INSTANCE_NAME=mindoc -e MYSQL_USERNAME=mindoc -e MYSQL_PASSWORD=123456 -e httpport=8181 -d leolan/mindoc
缺省登录用户:admin 密码:123456
leanote
docker pull leolan/leanote:v2.6.1
docker run -dit --name leanote \
-v `pwd`/db:/data/db \
-v `pwd`/conf/:/data/leanote/conf \
-v `pwd`/files:/data/leanote/files \
-p 9000:9000 \
-p 27017:27017 \
[镜像ID]
# 初始用户
user1 username: admin, password: abc123 (管理员, 只有该用户才有权管理后台, 请及时修改密码)
user2 username: demo@leanote.com, password: demo@leanote.com (仅供体验使用)
参考:https://hub.docker.com/r/axboy/leanote
Gitlab持续构建
配置步骤
以下步骤比较繁琐,如果为了便捷可以把密钥等写在脚本中去执行,但安全性能就稍微降低一点。
1、这里使用宝塔面板去运行Docker镜像,运行后exec到容器内部
2、执行以下命令修改配置,使用sudo不需要密码;不需要用到root权限的可以跳过此步骤
chmod u+w /etc/sudoers
echo "gitlab-runner ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
chmod u-w /etc/sudoers
3、注册gitlab-runner,在gitlab中获取地址和token
gitlab-runner register
1.输入 CI URL
2.输入 Token(低版本的有下划线,下划线后面的也要输)
3.输入 Runner 的名字(可以按环境划分)
4.输入 gitlab-ci 的标签(标签可以匹配git提交的tag来执行,做到测试、线上代码隔离并持续构建,见.gitlab-ci.yml文件配置)
5.是否允许于未标记的版本?(指没有打标签的版本,不选true的话要触发构建必须要打标签)
输入:false (建议false,docker-gitlab-runner是该项目专用的,不会构建其他项目,如果是通用的可以选true)
7.选择 Runner 的类型(执行程序),简单起见还是选 Shell 吧,可以方便的执行脚本;如果要构建docker镜像适当选择。
完成
4、切换到gitlab-runner,配置项目
su gitlab-runner && cd
ssh-keygen -q -t rsa -P "" -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub #添加到Gitlab中
git clone xxxxxxx #克隆项目
安装依赖等等!
5、编写.gitlab-ci.yml文件
# 参考
# 提前配置sshkey并在/home/gitlab-runner下克隆项目,预执行一下下面步骤。
stages:
- test
- live
job_01:
stage: test
script:
- cd ~/worm && git fetch --all && git reset --hard origin/master
- sudo pip3 install -r ImageOCR/requirements.txt
- /bin/bash build.sh test
- echo "start test..."
tags:
- test
only:
- dev
job_02:
stage: live
script:
- cd worm && git fetch --all && git reset --hard origin/master
- sudo pip3 install -r ImageOCR/requirements.txt
- /bin/bash build.sh live
- echo "start live..."
tags:
- live
only:
- master
############# build.sh #####################
#!/bin/bash
sudo pkill -9 python3
cd ~
if [ "$1" = 'test' ]
then
python3 ~/worm-live/ImageOCR/run_test.py
echo 'start test'
elif [ "$1" = 'live' ]
then
nohup python3 ~/worm-live/ImageOCR/run.py &
echo 'start live'
else
echo 'file'
fi
exit
6、提交代码
对项目打标签并提交,检测执行结果。
两种版本的区别在于安装的Gitlab-Runner版本的区别。其他基本是一样的。
Gitlab-Runner 最新(适用于Gitlab 9.0以上版本)
官方最新版
############# Dockerfile #############
FROM ubuntu:14.04
ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init
RUN apt-get update -y && \
apt-get upgrade -y && \
apt-get install -y ca-certificates wget apt-transport-https vim nano && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN echo "deb https://packages.gitlab.com/runner/gitlab-ci-multi-runner/ubuntu/ `lsb_release -cs` main" > /etc/apt/sources.list.d/runner_gitlab-ci-multi-runner.list && \
wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
apt-get update -y && \
apt-get install -y gitlab-ci-multi-runner && \
wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
chmod +x /usr/bin/docker-machine && \
apt-get clean && \
mkdir -p /etc/gitlab-runner/certs && \
chmod -R 700 /etc/gitlab-runner && \
rm -rf /var/lib/apt/lists/*
ADD entrypoint /
RUN chmod +x /entrypoint
VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]
############# entrypoint #############
#!/bin/bash
# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"
update_ca() {
echo "Updating CA certificates..."
cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
update-ca-certificates --fresh >/dev/null
}
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
# update the ca if the custom ca is different than the current
cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi
# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"
Gitlab-Runner 1.10.7(适用于Gitlab 9.0以下版本)
nginx+python3.6环境
############# Dockerfile #############
FROM ubuntu:14.04
MAINTAINER leolan 842632422@qq.com
# Py3+Nginx+gitlab-runner
ENV TZ "Asia/Shanghai"
ENV DEBIAN_FRONTEND noninteractive
ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init
# Install Nginx Python3.6
RUN apt-get update -y && \
apt-get install -y ca-certificates wget apt-transport-https vim nginx git curl
RUN apt-get install -y software-properties-common && \
add-apt-repository -y ppa:fkrull/deadsnakes && \
apt-get clean && \
apt-get -y update && \
apt-get install -y python3.6 python3.6-dev && \
rm -rf /usr/bin/python && rm -rf /usr/bin/python3 && \
ln -s /usr/bin/python3.6 /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python && \
curl -fsSl https://bootstrap.pypa.io/get-pip.py | python3 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -f /usr/share/nginx/html/*
# Install gitlab-runner
RUN wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
wget --content-disposition https://packages.gitlab.com/runner/gitlab-ci-multi-runner/packages/ubuntu/precise/gitlab-ci-multi-runner_1.10.7_amd64.deb/download.deb && \
dpkg -i gitlab-ci-multi-runner_1.10.7_amd64.deb && \
wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
chmod +x /usr/bin/docker-machine && \
mkdir -p /etc/gitlab-runner/certs && chmod -R 700 /etc/gitlab-runner && \
rm -rf /var/lib/apt/lists/* && \
rm -rf gitlab-ci-multi-runner_1.10.7_amd64.deb
ADD entrypoint /
RUN chmod +x /entrypoint
VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
CMD /usr/bin/dumb-init /entrypoint run --user=gitlab-runner --working-directory=/home/gitlab-runner
############# entrypoint #############
#!/bin/bash
# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"
update_ca() {
echo "Updating CA certificates..."
cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
update-ca-certificates --fresh >/dev/null
}
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
# update the ca if the custom ca is different than the current
cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi
# start nginx
/usr/sbin/nginx
# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"
构建:docker build -t docker.io/leolan/gitlab-ci-py3env -f Dockerfile .
镜像下载:docker pull leolan/gitlab-ci-py3env
Nginx
通过gitlab-runner + Nginx达到静态网页持续构建的目的,这里使用官方的Dockerfile进行修改。两个文件放在同一目录下。
CMD部分在宝塔中无法使用exec方式执行,修改为shell模式。
############# Dockerfile #############
FROM ubuntu:14.04
ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init
RUN apt-get update -y && \
apt-get upgrade -y && \
apt-get install -y ca-certificates wget apt-transport-https vim nginx git curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -f /usr/share/nginx/html/*
RUN wget --content-disposition https://packages.gitlab.com/runner/gitlab-ci-multi-runner/packages/ubuntu/precise/gitlab-ci-multi-runner_1.10.7_amd64.deb/download.deb && \
wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
dpkg -i gitlab-ci-multi-runner_1.10.7_amd64.deb && \
wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
chmod +x /usr/bin/docker-machine && \
mkdir -p /etc/gitlab-runner/certs && \
chmod -R 700 /etc/gitlab-runner && \
rm -rf /var/lib/apt/lists/* && \
rm -rf gitlab-ci-multi-runner_1.10.7_amd64.deb
ADD entrypoint /
RUN chmod +x /entrypoint
VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
CMD /usr/bin/dumb-init /entrypoint run --user=gitlab-runner --working-directory=/home/gitlab-runner
############# entrypoint #############
#!/bin/bash
# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"
update_ca() {
echo "Updating CA certificates..."
cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
update-ca-certificates --fresh >/dev/null
}
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
# update the ca if the custom ca is different than the current
cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi
# start nginx
/usr/sbin/nginx
# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"
构建:docker build -t docker.io/leolan/gitlab-ci-nginx -f Dockerfile .
镜像下载:docker pull leolan/gitlab-ci-nginx
ngrok内网穿透
**原理:启动客户端时连接ngrok.leolan.top:4443;并把需要转发的本地端口和三级域名转发过去,同时根据参数使用HTTP还是HTTPS,自动使用8001还是8002;通过指定三级域名来建立多个链接。
**参考:https://leolan.top/index.php/posts/221.html
镜像下载:docker pull leolan/ngrok_v1.7
Dockerfile:
构建镜像可能需要访问外网!
FROM docker.io/golang:1.10
MAINTAINER leolan 842632422@qq.com
LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "ngrok1.7"
LABEL maintainer = "842632422@qq.com"
ENV TZ "Asia/Shanghai"
# 设置域名变量,不要使用“=”赋值,坑!!!这里使用ARG可传递变量,但不能持续到下一层镜像,结合ENV可使每层镜像都有效。
ARG DOMAIN
ENV NGROK_DOMAIN $DOMAIN
ENV GOPATH /root/ngrok/
# 克隆代码
RUN cd /root/ && git clone https://github.com/inconshreveable/ngrok.git && \
rm -rf /go/*
# 生成证书
RUN cd /root/ && openssl genrsa -out rootCA.key 2048 && \
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem && \
openssl genrsa -out server.key 2048 && \
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr && \
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000 && \
mv rootCA.pem /root/ngrok/assets/client/tls/ngrokroot.crt && \
mv server.crt /root/ngrok/assets/server/tls/snakeoil.crt && \
mv server.key /root/ngrok/assets/server/tls/snakeoil.key
# 生成服务端、客户端
RUN cd /root/ngrok/ && \
GOOS="linux" GOARCH="amd64" make release-server release-client && \
GOOS="windows" GOARCH="amd64" make release-client && \
GOOS="darwin" GOARCH="amd64" make release-client
# start;;;8001为HTTP;;;8002为HTTPS;;;4443为tunnel
CMD /root/ngrok/bin/ngrokd -domain=$NGROK_DOMAIN -httpAddr=":8001" -httpsAddr=":8002" -tunnelAddr=":4443"
EXPOSE 8001 8002 4443
# 注意!!!关于80、443端口!!!
# 如果80端口已被占用没办法使用:https://www.leolan.top/index.php/posts/221.html
# 的方式使用80端口,但如:微信开发必须要80或443端口的,可按如下方法解决
上面的Dockerfile中把8001改为80;8002改为443
启动容器时把其他端口映射到ngrok的容器中,特别注意4443(通信端口一定要和客户端的配置一样),
启动命令:docker run -idt -p 6080:80 -p 60443:443 -p 4443:4443 9b2cf0730a44
# 443端口可以不开放出来,自签证书没用
客户端的域名和本地端口传输到服务端的4443端口;按照配置把80、443端口返回给客户端。
客户端建立映射,类似:http://test.ngrok.leolan.top -> 127.0.0.1:8989
这时是无法访问的!实际上http://test.ngrok.leolan.top:6080才对应的容器里面的80;但这个地址是80的,是根据ngrok的服务器配置分配的。所以要建立反向代理才能访问!
在Nginx中绑定域名:ngrok.leolan.top和*.ngrok.leolan.top 两个域名
反向代理到本地的6080端口。
# 原理:分配的网址点开后,会被nginx匹配并接管,把请求反代到ngrok容器端口上,完事!
现在可以使用http了,但https无法使用(即使是反代到80端口,证书是nginx管理的,但我们使用的是Let's Encrypt的通配符证书,不支持三级域名的!)
# 以下提供思路,本人测试不成功。
如果必须使用https可以再建一个二级域名,并绑定证书,反代到ngrok的三级域名上,这样在开发过程中最好就只使用一个域名,不要变来变去。
构建镜像:
# 指定域名:--build-arg DOMAIN="ngrok.leolan.top"
docker build -t docker.io/leolan/ngrok_v1.7 --build-arg DOMAIN="ngrok.leolan.top" -f ./Dockerfile .
**重要:**启动容器后,执行以下命令把客户端从容器中拷贝出来
docker cp `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/ngrok ./ngrok_linux
docker cp `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/windows_amd64/ngrok.exe ./
docker cp `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/darwin_amd64/ngrok ./ngrok_mac
使用:
新建ngrok.cfg文件,内容如下
server_addr: "ngrok.leolan.top:4443"
trust_host_root_certs: false #服务端启动时配置了证书这里要为true
命令行启动或写成sh;这里subdomain就是三级域名;80是把本地80映射到外网。
./ngrok -subdomain dev_test -config=ngrok.cfg -proto http 3000
# 这里使用-proto参数指定协议(不指定两者都开,端口随机,某一个链接会无法打开,协议或端口对不上),三级域名时test。
最终外网访问地址是:http://dev_test.ngrok.leolan.top:8001 #HTTP
# 如果使用的是./ngrok -subdomain dev_test -config=ngrok.cfg -proto https 3000
则最终外网访问地址是:https://dev_test.ngrok.leolan.top:8002 #HTTPS
宝塔面板
# 官方镜像,需要进入容器执行:/etc/init.d/bt start启动,也可二次打包镜像。
# 宝塔5.6,可升级到5.9;;;需要升级打6以上需要进入容器执行脚本跨版本升级。
docker pull registry.cn-hangzhou.aliyuncs.com/bt-panel/panel:5.6.0
# 加--privileged=true可使容器获得真正的root权限(非宿主机的一个用户)也可使宝塔自启动(官方镜像自启失败)
docker run -idt -p 8888:8888 --name baota --privileged=true --restart always -v /Users/mac/baota:/www/wwwroot [容器ID]
可以进入容器执行升级脚本
curl http://download.bt.cn/install/update_to_6.sh|bash
直接使用镜像:
docker run -idt \
-p 8888:8888 \
-p 3306:3306 \
-p 6379:6379 \
-p 27017:27017 \
-p 5432:5432 \
-p 6000-6100:6000-6100 \
--privileged=true \
--restart always \
-v ./bt-wwwroot:/www/wwwroot \
leolan/bt-panel6
# 宝塔账户密码:btadmin lanlan
MongoDB
docker pull leolan/mongo3.6
Dockerfile:
官方:https://github.com/docker-library/mongo/blob/e3d632f0b8c5b979f06ec933eca2a08293161530/3.6/Dockerfile
FROM debian:stretch-slim
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mongodb && useradd -r -g mongodb mongodb
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
ca-certificates \
jq \
numactl \
; \
if ! command -v ps > /dev/null; then \
apt-get install -y --no-install-recommends procps; \
fi; \
rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases)
ENV GOSU_VERSION 1.10
# grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases)
ENV JSYAML_VERSION 3.10.0
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
wget \
; \
if ! command -v gpg > /dev/null; then \
apt-get install -y --no-install-recommends gnupg dirmngr; \
fi; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf && gpgconf --kill all || :; \
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu nobody true; \
\
wget -O /js-yaml.js "https://github.com/nodeca/js-yaml/raw/${JSYAML_VERSION}/dist/js-yaml.js"; \
# TODO some sort of download verification here
\
apt-get purge -y --auto-remove wget
RUN mkdir /docker-entrypoint-initdb.d
ENV GPG_KEYS 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
RUN set -ex; \
export GNUPGHOME="$(mktemp -d)"; \
for key in $GPG_KEYS; do \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done; \
gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mongodb.gpg; \
command -v gpgconf && gpgconf --kill all || :; \
rm -r "$GNUPGHOME"; \
apt-key list
# Allow build-time overrides (eg. to build image with MongoDB Enterprise version)
# Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise
# Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com
# Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com .
ARG MONGO_PACKAGE=mongodb-org
ARG MONGO_REPO=repo.mongodb.org
ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO}
ENV MONGO_MAJOR 3.6
ENV MONGO_VERSION 3.6.10
RUN echo "deb http://$MONGO_REPO/apt/debian stretch/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR main" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list"
RUN set -x \
&& apt-get update \
&& apt-get install -y \
${MONGO_PACKAGE}=$MONGO_VERSION \
${MONGO_PACKAGE}-server=$MONGO_VERSION \
${MONGO_PACKAGE}-shell=$MONGO_VERSION \
${MONGO_PACKAGE}-mongos=$MONGO_VERSION \
${MONGO_PACKAGE}-tools=$MONGO_VERSION \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /var/lib/mongodb \
&& mv /etc/mongod.conf /etc/mongod.conf.orig
RUN mkdir -p /data/db /data/configdb \
&& chown -R mongodb:mongodb /data/db /data/configdb
VOLUME /data/db /data/configdb
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 27017
CMD ["mongod"]
Python3开发测试环境
一个基于Debian9的py3开发环境,预装Linux常用命令。
Dockerfile:
FROM docker.io/python:3.6.8
# 基于Debian 9
ENV TZ "Asia/Shanghai"
WORKDIR /root
RUN apt update && apt install -y apt-utils
RUN apt install -y wget git net-tools cron vim && apt clean all && \
ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
echo "alias ll='ls -alh'" >> /root/.bashrc
# clean cache
RUN apt clean && apt autoclean && apt autoremove && \
deborphan | xargs apt purge -y
CMD /bin/bash
构建镜像:
docker build -t docker.io/leolan/debian-py3-base -f Dockerfile .
MariaDB
# 默认密码:123456
docker pull docker.io/leolan/mariadb:v10.4.1
Dockerfile:
FROM docker.io/leolan/centos7_base:latest
MAINTAINER leolan 842632422@qq.com
LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "MariaDB 10.4.1"
LABEL maintainer = "842632422@qq.com"
ENV TZ "Asia/Shanghai"
WORKDIR /root
# 安装
RUN echo '[mariadb]' >> /etc/yum.repos.d/MariaDB.repo && \
echo 'name = MariaDB' >> /etc/yum.repos.d/MariaDB.repo && \
echo 'baseurl = http://yum.mariadb.org/10.4/centos7-amd64' >> /etc/yum.repos.d/MariaDB.repo && \
echo 'gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB' >> /etc/yum.repos.d/MariaDB.repo && \
echo 'gpgcheck=1' >> /etc/yum.repos.d/MariaDB.repo && \
yum install -y MariaDB-server MariaDB-client && \
yum clean all
# 修改密码
RUN echo '#!/bin/bash' >> mysql.sh && echo 'nohup /usr/sbin/mysqld --user=root &' >> mysql.sh && \
echo 'sleep 2' >> mysql.sh && \
echo 'mysqladmin -u root password 123456' >> mysql.sh && \
chmod +x mysql.sh && bash mysql.sh && \
mysql -uroot -p123456 -e "use mysql;Grant all privileges on *.* to 'root'@'%' identified by '123456' with grant option;flush privileges;"
# 暴露端口
EXPOSE 3306
CMD /usr/sbin/mysqld --user=root >> /dev/null
ElasticSearch
Centos可用镜像(经测试再Debian系的系统中无法启动):
docker pull leolan/elasticsearch:v6.2.4
docker pull leolan/elasticsearch:v6.5.4
Dockerfile:
FROM docker.io/centos:7
MAINTAINER leolan 842632422@qq.com
LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "ElasticSearch 6.2.4"
LABEL maintainer = "842632422@qq.com"
ENV TZ "Asia/Shanghai"
WORKDIR /root
# RUN要分多步执行,否则会因yum cache不足终止构建。
RUN yum -y install epel* && \
yum install -y wget git net-tools crontabs vim curl-devel
# 安装并修改内存限制
RUN yum -y install openssl-devel gcc gcc-c++ java && \
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.rpm && \
yum localinstall -y elasticsearch-6.2.4.rpm && \
rm -rf elasticsearch-6.2.4.rpm && \
yum clean all && \
sed -i 's/-Xms1g/-Xms512m/g' /etc/elasticsearch/jvm.options && \
sed -i 's/-Xmx1g/-Xmx512m/g' /etc/elasticsearch/jvm.options && \
mkdir /home/elasticsearch && chown -R elasticsearch:elasticsearch /home/elasticsearch
# 安装IK插件
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.2.4/elasticsearch-analysis-ik-6.2.4.zip
# 解除系统限制
RUN sed -i 's/#network.host: 192.168.0.1/network.host: 0.0.0.0/g' /etc/elasticsearch/elasticsearch.yml && \
sed -i 's/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65536/g' /etc/systemd/system.conf && \
sed -i 's/#DefaultLimitNPROC=/DefaultLimitNPROC=32000/g' /etc/systemd/system.conf && \
sed -i 's/#DefaultLimitMEMLOCK=/DefaultLimitMEMLOCK=infinity/g' /etc/systemd/system.conf && \
echo '* soft nofile 65536' >> /etc/security/limits.conf && \
echo '* hard nofile 65536' >> /etc/security/limits.conf && \
echo '* soft nproc 32000' >> /etc/security/limits.conf && \
echo '* hard nproc 32000' >> /etc/security/limits.conf && \
echo '* hard memlock unlimited' >> /etc/security/limits.conf && \
echo '* soft memlock unlimited' >> /etc/security/limits.conf
# 开启内存锁,关闭交换分区(慎用,开启容易导致无法启动)
#RUN sed -i 's/#bootstrap.memory_lock: true/bootstrap.memory_lock: true/g' /etc/elasticsearch/elasticsearch.yml && \
# echo 'vm.swappiness=0' >> /etc/sysctl.conf && sysctl -p
# 暴露端口
EXPOSE 9200 9300
# es需要以普通用户运行
USER elasticsearch
CMD /usr/share/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet >> /dev/null
pyspider
python3版本
#https://hub.docker.com/r/saibaster/pyspider
docker pull saibaster/pyspider
启动容器后面追加命令:pyspider才能启动(宝塔中也一样)
如:docker run -idt -p 5000:8888 pyspider
Dockerfile
FROM python:3.6
MAINTAINER binux <roy@binux.me>
# install phantomjs
RUN mkdir -p /opt/phantomjs \
&& cd /opt/phantomjs \
&& wget -O phantomjs.tar.bz2 https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 \
&& tar xavf phantomjs.tar.bz2 --strip-components 1 \
&& ln -s /opt/phantomjs/bin/phantomjs /usr/local/bin/phantomjs \
&& rm phantomjs.tar.bz2
# install requirements
#RUN pip install --egg 'https://dev.mysql.com/get/Downloads/Connector-Python/mysql-connector-python-2.1.5.zip#md5=ce4a24cb1746c1c8f6189a97087f21c1'
COPY requirements.txt /opt/pyspider/requirements.txt
RUN pip install -r /opt/pyspider/requirements.txt
# add all repo
ADD ./ /opt/pyspider
# run test
WORKDIR /opt/pyspider
RUN pip install -e .[all]
VOLUME ["/opt/pyspider"]
ENTRYPOINT ["pyspider"]
EXPOSE 5000 23333 24444 25555
微镜像
http://csphere.cn/hub
各种生产环境镜像,支持希云管理。
Python+Jupyter环境
centos+py2+py3+Jupyter+Nginx
一个基于centos7的提供py3、py3环境,预装Linux基本命令git、Jupyter、Nginx等,Nginx是用来方便下载文件的。Jupyter默认密码为:123456,如需修改按以下方法执行。
默认密码:123456
docker pull leolan/py2-py3-jupyter-scrapy-nginx
或:
docker pull leolan/py2-py3-jupyter-nginx
建立好镜像,启动镜像后使用:jupyter notebook password 修改密码。
或者:
# python3
#>>> from IPython.lib import passwd 或者 from notebook.auth import passwd
#>>> passwd()
#Enter password:
#Verify password:
#'sha1:175e8efe8974:eacef02a2e3f959d6efdf6c93d142c7f4712f5cc'
替换Dockerfile中的值
Dockerfile:
FROM docker.io/centos:7
MAINTAINER leolan 842632422@qq.com
LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "py3+py3+Jupyter+Scrapy+Nginx"
LABEL maintainer = "842632422@qq.com"
ENV TZ "Asia/Shanghai"
WORKDIR /root
# RUN要分多步执行,否则会因yum cache不足终止构建。
RUN yum -y install epel* && \
yum install -y wget git net-tools crontabs vim curl-devel
RUN yum -y install nginx nginx-all-modules nginx-filesystem openssl-devel gcc gcc-c++
RUN yum install -y python2-pip python34 python34-devel python34-pip && \
yum clean all
# 需要Scrapy取消注释以下内容
#RUN pip3 install scrapy && pip3 install pymysql && pip3 install pymongo && pip3 install redis
# IPython对python2和python3的支持版本不同,需要指定版本
RUN pip3 install jupyter && pip install IPython==5.8.0 && pip3 install IPython==6.5.0 && \
mkdir /root/.jupyter
# Jupyter Password: 123456
RUN ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
mkdir /root/wwwroot && ln -s /usr/share/nginx/html /root/wwwroot && \
echo '{"NotebookApp": {"password": "sha1:c8001e7b95e8:ec78d072dcba4ef97cd1da860bd183a9a3ac80c4"}}' >> .jupyter/jupyter_notebook_config.json
RUN pip3 install jupyter_contrib_nbextensions && jupyter contrib nbextension install && pip3 install ipyparallel && ipcluster nbextension enable
# start
CMD /usr/sbin/nginx && jupyter notebook --ip=0.0.0.0 --port=6688 --allow-root >> /dev/null
EXPOSE 6688 80
构建容器
docker build -t python3-jupyter-nginx -f ./Dockerfile .
Debian+py3+Jupyter+Nginx
一个基于Debian9的py3环境,预装Linux基本命令git、Jupyter、Nginx等,Nginx是用来方便下载文件的。Jupyter默认密码为:123456,如需修改按以下方法执行。
Jupyter默认密码:123456
docker pull leolan/debian_py3
建立好镜像,启动镜像后使用:jupyter notebook password 修改密码。
或者:
# python3
#>>> from IPython.lib import passwd 或者 from notebook.auth import passwd
#>>> passwd()
#Enter password:
#Verify password:
#'sha1:175e8efe8974:eacef02a2e3f959d6efdf6c93d142c7f4712f5cc'
替换Dockerfile中的值
Dockerfile:
FROM docker.io/python:3.6.8
# 基于Debian 9
MAINTAINER leolan 842632422@qq.com
LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "Py3+Jupyter+Scrapy+Nginx"
LABEL maintainer = "842632422@qq.com"
ENV TZ "Asia/Shanghai"
WORKDIR /root
RUN apt update && apt install -y apt-utils
RUN apt install -y wget git net-tools cron vim && \
ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
echo "alias ll='ls -alh'" >> /root/.bashrc
# 不需要Nginx注释以下内容
RUN apt install -y nginx && \
mkdir /root/wwwroot && ln -s /var/www/html /root/wwwroot
# 不需要Scrapy注释以下内容
RUN pip3 install scrapy && pip3 install pymysql && pip3 install pymongo && pip3 install redis
# 不需要Jupyter注释以下内容
# Set Jupyter Password: 123456;;;Install Jupyter Plugin
RUN pip3 install jupyter && pip3 install IPython==7.2.0 && \
mkdir /root/.jupyter && \
echo '{"NotebookApp": {"password": "sha1:c8001e7b95e8:ec78d072dcba4ef97cd1da860bd183a9a3ac80c4"}}' >> .jupyter/jupyter_notebook_config.json && \
pip3 install jupyter_contrib_nbextensions && jupyter contrib nbextension install && pip3 install ipyparallel && ipcluster nbextension enable
# clean cache
RUN apt clean && apt autoclean && apt autoremove && \
deborphan | xargs apt purge -y
# start
CMD /usr/sbin/nginx && jupyter notebook --ip=0.0.0.0 --port=6688 --allow-root >> /dev/null
EXPOSE 6688 80
构建容器
docker build -t docker.io/leolan/debian_py3 -f Dockerfile .
LAMP镜像
该镜像很精简,一般测试用,缺少常用的组件。
apache2+php5+mysql5.6;mysql密码为空,web路径/var/www/
docker pull hub.c.163.com/public/lamp:latest
LNMP镜像
该镜像使用的是https://lnmp.org/的一键安装脚本
把80端口映射出来就行了,运行容器后进入容器,执行lnmp start启动服务。
nginx+php7+mysql5.6;mysql账户密码都是root,web路径/home/wwwroot/
docker pull hub.c.163.com/cookienull/centos7_pure_lnmp:latest
独立容器
搭建这种多应用的环境有两种情况。
**第一种:**全部应用都集中在一个镜像里面,这样好处是方便管理,一个镜像里有所有环境,但是一旦出问题就很麻烦了。
**第二种:**每个应用都分开一个容易,然后链接起来,这个各个容器是独立的,可以很方便的修改单个容器。缺点是启动和停止都要按依赖顺序进行。
这里记录一下应用分开的情况;应用集中在一起的情况其实就是合并Dockerfile文件,以其中一个应用为基础,然后配置其他应用。
# 创建应用目录
cd ~
mkdir ./{nginx,mysql,php7} -p
############### 编写Dockerfile文件 #######################
# mysql部分
cat > ./mysql/Dockerfile <<EOF
FROM mysql:5.7
MAINTAINER leolan 842632422@qq.com
ENV TZ "Asia/Shanghai"
EOF
#########################################################
# PHP部分(修改端口为9000,应用分离,PHP容器对于Nginx容器不是localhost)
cat > ./php7/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com
ENV TZ "Asia/Shanghai"
# Web Dir
RUN mkdir -p /usr/local/nginx/html
# Yum
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
yum -y install epel-release && \
yum install -y wget && \
cd /etc/yum.repos.d && \
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
yum -y update && \
yum install -y gcc automake autoconf libtool make gcc-c++ vixie-cron zlib file bash vim && \
yum install -y sharutils zip libmemcached libmemcached-devel libyaml libyaml-devel && \
yum install -y unzip ibvpxl-devel openssl-devel tar libtool-ltdl-devel net-tools && \
yum install -y libmcrypt libmcrypt-devel libxml2 libxml2-devel bzip2 bzip2-devel curl && \
yum install -y curl-devel libjpeg libjpeg-devel libpng libpng-devel freetype-devel && \
yum install -y gd-devel bison mhash ImageMagick-devel cyrus-sasl-devel mcrypt && \
yum clean all
RUN yum install -y libmcrypt-devel && cd /tmp && \
wget http://cn2.php.net/distributions/php-7.0.12.tar.gz && \
tar xzf php-7.0.12.tar.gz && \
cd /tmp/php-7.0.12 && \
./configure \
--prefix=/usr/local/php \
--with-mysqli \
--with-pdo-mysql \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir --with-png-dir \
--with-zlib \
--with-libxml-dir \
--enable-simplexml \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-soap \
--enable-zip \
--with-curl \
--enable-fpm \
--with-fpm-user=nobody \
--with-fpm-group=nobody \
--enable-mbstring \
--enable-sockets \
--with-mcrypt \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-opcache && \
make && \
make install
# Copy file
RUN cp /tmp/php-7.0.12/php.ini-production /usr/local/php/lib/php.ini && \
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
EXPOSE 9000
# 配置php
RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/php/etc/php-fpm.d/www.conf
RUN rm -rf /tmp/php*
# 启动php
ENTRYPOINT ["/usr/local/php/sbin/php-fpm", "-F", "-c", "/usr/local/php/lib/php.ini"]
EOF
###################################################################
# Nginx部分
cat > ./nginx/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com
ENV TZ "Asia/Shanghai"
# Yum
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
yum -y install epel-release && \
yum install -y wget && \
cd /etc/yum.repos.d && \
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
yum -y update && \
yum install -y gcc automake libtool make gcc-c++ vixie-cron patch bzip2-devel curl && \
yum install -y zlib file zip bash vim cyrus-sasl-devel curl-devel libjpeg libjpeg-devel && \
yum install -y libmemcached libmemcached-devel libyaml libyaml-devel unzip libvpx-devel && \
yum install -y openssl-devel ImageMagick-devel autoconf tar gcc libxml2-devel gd-devel && \
yum install -y mcrypt mhash libmcrypt libmcrypt-devel libxml2 bzip2 sharutils && \
yum install -y libpng libpng-devel freetype-devel bison libtool-ltdl-devel net-tools && \
yum clean all
# 安装Nginx,同时加上nginx_upstream_check_module负载均衡健康度检查模块,不做负载均衡的可以不用此模块。
RUN cd /tmp && \
wget http://nginx.org/download/nginx-1.12.1.tar.gz && \
wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master && \
tar xzf nginx-1.12.1.tar.gz && \
unzip master && \
cd /tmp/nginx-1.12.1 && \
patch -p1 < ../nginx_upstream_check_module-master/check_1.12.1+.patch && \
./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
--with-http_gzip_static_module --with-http_stub_status_module --with-http_stub_status_module --with-debug && \
make && \
make install
# 配置nginx
ENV HTTP_PHP_CONFIG \\\n\\\t#php\\\n\\\tlocation ~ \\\\.php$ {\\\n\\\t\\\troot html;\\\n\\\t\\\tfastcgi_pass php7:9000;\\\n\\\t\\\tfastcgi_index index.php;\\\n\\\t\\\tfastcgi_param SCRIPT_FILENAME /usr/local/nginx/html\$fastcgi_script_name;\\\n\\\t\\\tinclude fastcgi_params;\\\n\\\t}\\\n\\\n\\\t
RUN sed -i -e "s@# deny access to .htaccess files, if Apache@${HTTP_PHP_CONFIG}# deny access to .htaccess files, if Apache@" /usr/local/nginx/conf/nginx.conf
EXPOSE 80 443
RUN rm -rf /tmp/nginx*
# 启动nginx
ENTRYPOINT ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF
################ Dockerfile文件完成 #####################
# 构建镜像
docker build -t ubuntu-mysql5.7 -f ./mysql/Dockerfile .
docker build -t centos7-php7 -f ./php7/Dockerfile .
docker build -t centos7-nginx -f ./nginx/Dockerfile .
# 启动容器,因为访问nginx是,会连接php,再连接mysql,所以这里把镜像链接起来,按顺序启动。
docker run --name mysql -p 3306:3306 -v /root/webdata/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -it ubuntu-mysql5.7 &
sleep 5 #容器完全启动了才能启动下一个,不然会报错。
docker run --name php7 -p 9000:9000 -v /root/webdata/wwwroot:/usr/local/nginx/html --link mysql:mysql -it centos7-php7 &
sleep 8
docker run --name nginx -p 8888:80 -v /root/webdata/wwwroot:/usr/local/nginx/html --link php7:php7 -it centos7-nginx &
sleep 8
请自行修改端口,不要和系统已有的冲突,有任何冲突都会启动失败,修改后启动失败的那个就行了,启动成功后3个容器就是链接在一起的。重启数据和配置都不会丢失,mysql默认已授权了root的%访问。
按顺序先启动mysql,再启动php,最后启动nginx(启动时会检查所链接的那个容器是否启动,没有启动则自身也不启动)。
容器多应用整合
# mysql(用官方的镜像是基于ubuntu的,要集成需要自己使用centos镜像重新编译安装mysql)
cat > ./mysql/Dockerfile <<EOF
FROM mysql:5.7
MAINTAINER leolan 842632422@qq.com
ENV TZ "Asia/Shanghai"
EOF
# nginx+php7
cat > ./nginx_php7/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com
ENV TZ "Asia/Shanghai"
# Web Dir
RUN mkdir -p /usr/local/nginx/html
# Yum
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
yum -y install epel-release && \
yum install -y wget && \
cd /etc/yum.repos.d && \
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
yum -y update && \
yum install -y gcc automake libtool make gcc-c++ vixie-cron curl curl-devel patch && \
yum install -y zlib file openssl-devel sharutils zip bash vim cyrus-sasl-devel libpng && \
yum install -y libmemcached libmemcached-devel libyaml libyaml-devel unzip libvpx-devel && \
yum install -y openssl-devel ImageMagick-devel autoconf tar gcc gd-devel libmcrypt-devel && \
yum install -y mcrypt mhash libmcrypt libxml2 libxml2-devel bzip2 libjpeg libjpeg-devel && \
yum install -y bzip2-devel libpng-devel freetype-devel bison libtool-ltdl-devel net-tools && \
# 安装Nginx,同时加上nginx_upstream_check_module负载均衡健康度检查模块,不做负载均衡的可以不用此模块。
RUN cd /tmp && \
wget http://nginx.org/download/nginx-1.12.1.tar.gz && \
wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master && \
tar xzf nginx-1.12.1.tar.gz && \
unzip master && \
cd /tmp/nginx-1.12.1 && \
patch -p1 < ../nginx_upstream_check_module-master/check_1.12.1+.patch && \
./configure \
--prefix=/usr/local/nginx \
--with-http_ssl_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
--with-http_gzip_static_module --with-http_stub_status_module --with-http_stub_status_module --with-debug && \
make && \
make install
RUN yum install -y libmcrypt-devel && cd /tmp && \
wget http://cn2.php.net/distributions/php-7.0.12.tar.gz && \
tar xzf php-7.0.12.tar.gz && \
cd /tmp/php-7.0.12 && \
./configure \
--prefix=/usr/local/php \
--with-mysqli \
--with-pdo-mysql \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir --with-png-dir \
--with-zlib \
--with-libxml-dir \
--enable-simplexml \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-soap \
--enable-zip \
--with-curl \
--enable-fpm \
--with-fpm-user=nobody \
--with-fpm-group=nobody \
--enable-mbstring \
--enable-sockets \
--with-mcrypt \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-opcache && \
make && \
make install
# 配置nginx
ENV HTTP_PHP_CONFIG \\\n\\\t#php\\\n\\\tlocation ~ \\\\.php$ {\\\n\\\t\\\troot html;\\\n\\\t\\\tfastcgi_pass php7:9000;\\\n\\\t\\\tfastcgi_index index.php;\\\n\\\t\\\tfastcgi_param SCRIPT_FILENAME /usr/local/nginx/html\$fastcgi_script_name;\\\n\\\t\\\tinclude fastcgi_params;\\\n\\\t}\\\n\\\n\\\t
RUN cp /tmp/php-7.0.12/php.ini-production /usr/local/php/lib/php.ini && \
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
RUN sed -i -e "s@# deny access to .htaccess files, if Apache@${HTTP_PHP_CONFIG}# deny access to .htaccess files, if Apache@" /usr/local/nginx/conf/nginx.conf
#RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/php/etc/php-fpm.d/www.conf
EXPOSE 80 443 9000
RUN rm -rf /tmp/php*
rm -rf /tmp/nginx*
# 启动php nginx
ENTRYPOINT ["/usr/local/php/sbin/php-fpm", "-F", "-c", "/usr/local/php/lib/php.ini"]
ENTRYPOINT ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF
################################################
# 构建镜像
docker build -t ubuntu-mysql5.7 -f ./mysql/Dockerfile .
docker build -t centos7-nginx_php7 -f ./nginx_php7/Dockerfile .
# 启动容器,因为访问nginx调用php,再连接mysql,所以这里把镜像链接起来,按顺序启动。
docker run -n mysql -p 3306:3306 -v /root/webdata/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -it ubuntu-mysql5.7 &
sleep 5 #容器完全启动了才能启动下一个,不然会报错。
docker run -n nginx_php7 -p 9000:9000 -p 80:80 -v /root/webdata/wwwroot:/usr/local/nginx/html --link mysql:mysql -it centos7-nginx_php7 &
sleep 8
测试lnmp环境
############## 测试lnmp是否工作 ##########################
# 测试php
cat > /root/webdata/wwwroot/phpinfo.php <<EOF
<?php
phpinfo();
?>
EOF
# 测试mysql
cat > /root/webdata/wwwroot/mysql.php <<EOF
<?php
$link_id=new PDO('mysql:host=root;port=3306;dbname=mysql;charset=utf8', 'root', '123456');
if($link_id){
echo "mysql connect successful !";
}else{
echo mysql_error();
}
?>
EOF
参考:https://www.zhsir.org/article/154
Redis
docker pull docker.io/leolan/redis:v5.0.3
SS镜像
SS1
https://hub.docker.com/r/imhang/kcp-shadowsocks-docker/
docker pull imhang/kcp-shadowsocks-docker
SS_PORT 443
SS_PASSWORD 123456
SS_METHOD chacha20
KCP_PORT 9443
KCP_KEY 123456
SS2
1984:1984是docker和容器内部的端口映射;
--restart=always是指开机自动运行镜像;
0.0.0.0指本机,这个不用改;
1984是SS服务对应的端口地址;
842632422是SS密码。
docker pull oddrationale/docker-shadowsocks
docker run -d -p 1984:1984 --restart=always oddrationale/docker-shadowsocks -s 0.0.0.0 -p 1984 -k 842632422 -m aes-256-cfb
SSR镜像
https://hub.docker.com/r/jimlee1996/ssr/ (这个镜像的加密方式稍强一点,效果更好,但是有些客户端不支持)
https://hub.docker.com/r/arctg70/ssr-kcp-server-docker/ (这个镜像的加密方式稍弱一点,老客户端也支持)
docker pull jimlee1996/ssr
可以把8388(tcp)和18388(udp)映射到同一个外网端口上;密码进容器修改。
docker pull arctg70/ssr-kcp-server-docker
可以把8999映射到外网端口就行了,另外8989(tcp)和29900(udp)两个端口可以不管;密码进容器修改。
常用Dockerfile
https://github.com/tfssweb/Dockerfile
参考资料:
Dockerfile文件详解:https://www.cnblogs.com/panwenbin-logs/p/8007348.html
评论区