Let’s Encrypt 通配符证书自动续期

**注意:**本Dockerfile只适合阿里云的域名,其他域名需要自行修改变量名。见参考资料!
虽然官方提供了Docker镜像,但是每次只能手动运行,整个步骤都跑一便太繁琐了,于是有了这个镜像。依赖crontab自动执行任务,定时续期。

# Dockerfile

FROM ubuntu:19.04

MAINTAINER leolan <842632422@qq.com>

ARG AK
ARG SK
ENV ALY_KEY $AK
ENV ALY_TOKEN $SK


RUN export DEBIAN_FRONTEND=noninteractive && \
	apt update && apt install git vim wget cron locales tzdata -y &&\
	apt clean && rm -rf /var/lib/apt &&\
	cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
	dpkg-reconfigure -f noninteractive tzdata
# 时区问题:https://blog.csdn.net/taiyangdao/article/details/80512997


RUN git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au.git /root/certbot-letencrypt &&\
	cd /root/certbot-letencrypt && wget https://dl.eff.org/certbot-auto && chmod +x certbot-auto && chmod +x au.sh &&\
	sed -i "s/ALY_KEY=\"\"/ALY_KEY=\"$ALY_KEY\"/g" au.sh &&\
	sed -i "s/ALY_TOKEN=\"\"/ALY_TOKEN=\"$ALY_TOKEN\"/g" au.sh &&\
	sed -i 's/apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \\/apt-get install -y $QUIET_FLAG $YES_FLAG --no-install-recommends \\/g' certbot-auto &&\
	sed -i 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/cron &&\
	echo '0 1 */5 * * /root/certbot-letencrypt/certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" \
    --manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean" >> /root/certbot-letencrypt/crontab_log.log' >> /var/spool/cron/crontabs/root


CMD env >> /etc/default/locale && /etc/init.d/cron start && /bin/bash


# 构建镜像
# 构建镜像时填写你的阿里云AK和SK(注意构建后的镜像不要上传到公共仓库)
docker build -t certbot-auto --build-arg AK="xxxxxx" --build-arg SK="xxxxxx" -f ./Dockerfile .

# 启动(注意容器目录不是在live下,live下的是软链接,在宿主机是找不到实体文件的)
docker run -idt -v /etc/letsencrypt/live:/etc/letsencrypt/archive \
       --name my_certbot --restart=always [镜像ID]


# --------------------------------------------------------------------
# 下面开始申请证书,第一次运行会安装环境,比较久
# 进入容器
docker exec -it [容器ID] /bin/bash

# 测试(当出现输入框提示时一般就是正常的,也可以一直走到底)
./certbot-auto certonly -d *.leolan.top -d leolan.top --manual --preferred-challenges dns --dry-run --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean"

# 正式生成证书(去除了--dry-run参数)
./certbot-auto certonly -d *.leolan.top -d leolan.top --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/au.sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/au.sh python aly clean"


# --------------------------------------------------------------------
到这里步骤已经完成,可以使用了,在宿主机/etc/letsencrypt/live目录下即是证书。
# 通过crontab每5天凌晨1点自动执行续期脚本。

# 如果你有多个域名!!!
可以配置cpoy多个au.sh,并以域名作为文件名,修改里面的密钥
并逐一按上面步骤申请证书
完成后修改crontab,并添加到crontab
0 1 */5 * * /root/certbot-letencrypt/certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook "/root/certbot-letencrypt/[域名、文件名].sh python aly add" --manual-cleanup-hook "/root/certbot-letencrypt/[域名、文件名].sh python aly clean" >> /root/certbot-letencrypt/crontab_log.log
 
完成后拷贝证书退出容器,自动每5天的晚上1点续期
手动续期可以crontab -l查看命令

参考资料:
https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
https://jingsam.github.io/2018/10/12/lets-encrypt.html


Mindoc

使用原作者的Dockerfile直接构建镜像。

要求docker 1.17.05docker-ce 17.05以上版本
构建过程需要访问golang,需要全局爬梯子。

项目地址:https://github.com/lifei6671/mindoc

镜像:docker pull leolan/mindoc

使用:
1、使用sqlite3:docker run -d -p 8181:8181 leolan/mindoc
2、使用MySQL:创建一个配置app.conf

# 例
DB_ADAPTER                  mysql
MYSQL_PORT_3306_TCP_ADDR    192.168.2.250
MYSQL_PORT_3306_TCP_PORT    3306
MYSQL_INSTANCE_NAME         mindoc
MYSQL_USERNAME              mindoc
MYSQL_PASSWORD              123456
HTTP_PORT                   8181

docker run -d -p 8181:8181 -v /my/app.conf:/mindoc/conf/app.conf leolan/mindoc

# 无配置文件可以使用参数形式
docker run -p 8181:8181 --name mindoc -e DB_ADAPTER=mysql -e MYSQL_PORT_3306_TCP_ADDR=192.168.2.250 -e MYSQL_PORT_3306_TCP_PORT=3306 -e MYSQL_INSTANCE_NAME=mindoc -e MYSQL_USERNAME=mindoc -e MYSQL_PASSWORD=123456 -e httpport=8181 -d leolan/mindoc

缺省登录用户:admin 密码:123456


leanote

docker pull leolan/leanote:v2.6.1

docker run -dit --name leanote \
    -v `pwd`/db:/data/db \
    -v `pwd`/conf/:/data/leanote/conf \
    -v `pwd`/files:/data/leanote/files \
    -p 9000:9000 \
    -p 27017:27017 \
    [镜像ID]

# 初始用户
user1 username: admin, password: abc123 (管理员, 只有该用户才有权管理后台, 请及时修改密码)
user2 username: demo@leanote.com, password: demo@leanote.com (仅供体验使用)

参考:https://hub.docker.com/r/axboy/leanote


Gitlab持续构建

配置步骤

以下步骤比较繁琐,如果为了便捷可以把密钥等写在脚本中去执行,但安全性能就稍微降低一点。
1、这里使用宝塔面板去运行Docker镜像,运行后exec到容器内部
2、执行以下命令修改配置,使用sudo不需要密码;不需要用到root权限的可以跳过此步骤

chmod u+w /etc/sudoers
echo "gitlab-runner        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
chmod u-w /etc/sudoers

3、注册gitlab-runner,在gitlab中获取地址和token

gitlab-runner register
1.输入 CI URL
2.输入 Token(低版本的有下划线,下划线后面的也要输)
3.输入 Runner 的名字(可以按环境划分)
4.输入 gitlab-ci 的标签(标签可以匹配git提交的tag来执行,做到测试、线上代码隔离并持续构建,见.gitlab-ci.yml文件配置)
5.是否允许于未标记的版本?(指没有打标签的版本,不选true的话要触发构建必须要打标签)
输入:false   (建议false,docker-gitlab-runner是该项目专用的,不会构建其他项目,如果是通用的可以选true)
7.选择 Runner 的类型(执行程序),简单起见还是选 Shell 吧,可以方便的执行脚本;如果要构建docker镜像适当选择。
完成

4、切换到gitlab-runner,配置项目

su gitlab-runner && cd
ssh-keygen -q -t rsa -P "" -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub  #添加到Gitlab中
git clone xxxxxxx       #克隆项目
安装依赖等等!

5、编写.gitlab-ci.yml文件

# 参考
# 提前配置sshkey并在/home/gitlab-runner下克隆项目,预执行一下下面步骤。

stages:
  - test
  - live

job_01:
  stage: test
  script:
    - cd ~/worm && git fetch --all && git reset --hard origin/master
    - sudo pip3 install -r ImageOCR/requirements.txt
    - /bin/bash build.sh test
    - echo "start test..."
  tags:
      - test
  only:
    - dev


job_02:
  stage: live
  script:
    - cd worm && git fetch --all && git reset --hard origin/master
    - sudo pip3 install -r ImageOCR/requirements.txt
    - /bin/bash build.sh live
    - echo "start live..."
  tags:
    - live
  only:
    - master

############# build.sh #####################
#!/bin/bash
sudo pkill -9 python3
cd ~
if [ "$1" = 'test' ]
	then
		python3 ~/worm-live/ImageOCR/run_test.py
		echo 'start test'
elif [ "$1" = 'live' ]
	then
		nohup python3 ~/worm-live/ImageOCR/run.py &
		echo 'start live'
	else
		echo 'file'
	fi
exit

6、提交代码
对项目打标签并提交,检测执行结果。


两种版本的区别在于安装的Gitlab-Runner版本的区别。其他基本是一样的。

Gitlab-Runner 最新(适用于Gitlab 9.0以上版本)

官方最新版

############# Dockerfile #############
FROM ubuntu:14.04

ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init

RUN apt-get update -y && \
    apt-get upgrade -y && \
    apt-get install -y ca-certificates wget apt-transport-https vim nano && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

RUN echo "deb https://packages.gitlab.com/runner/gitlab-ci-multi-runner/ubuntu/ `lsb_release -cs` main" > /etc/apt/sources.list.d/runner_gitlab-ci-multi-runner.list && \
    wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
    apt-get update -y && \
    apt-get install -y gitlab-ci-multi-runner && \
    wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
    chmod +x /usr/bin/docker-machine && \
    apt-get clean && \
    mkdir -p /etc/gitlab-runner/certs && \
    chmod -R 700 /etc/gitlab-runner && \
    rm -rf /var/lib/apt/lists/*

ADD entrypoint /
RUN chmod +x /entrypoint

VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]

############# entrypoint #############

#!/bin/bash

# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"

update_ca() {
  echo "Updating CA certificates..."
  cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
  update-ca-certificates --fresh >/dev/null
}

if [ -f "${CA_CERTIFICATES_PATH}" ]; then
  # update the ca if the custom ca is different than the current
  cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi

# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"


Gitlab-Runner 1.10.7(适用于Gitlab 9.0以下版本)

nginx+python3.6环境

############# Dockerfile #############
FROM ubuntu:14.04

MAINTAINER leolan 842632422@qq.com

# Py3+Nginx+gitlab-runner

ENV TZ "Asia/Shanghai"
ENV DEBIAN_FRONTEND noninteractive

ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init

# Install Nginx Python3.6
RUN apt-get update -y && \
    apt-get install -y ca-certificates wget apt-transport-https vim nginx git curl

RUN apt-get install -y software-properties-common && \
    add-apt-repository -y ppa:fkrull/deadsnakes && \
    apt-get clean && \
    apt-get -y update && \
    apt-get install -y python3.6 python3.6-dev && \
    rm -rf /usr/bin/python && rm -rf /usr/bin/python3 && \
    ln -s /usr/bin/python3.6 /usr/bin/python3 && ln -s /usr/bin/python3.6 /usr/bin/python && \
    curl -fsSl https://bootstrap.pypa.io/get-pip.py | python3 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    rm -f /usr/share/nginx/html/*

# Install gitlab-runner
RUN wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
    wget --content-disposition https://packages.gitlab.com/runner/gitlab-ci-multi-runner/packages/ubuntu/precise/gitlab-ci-multi-runner_1.10.7_amd64.deb/download.deb && \
    dpkg -i gitlab-ci-multi-runner_1.10.7_amd64.deb && \
    wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
    chmod +x /usr/bin/docker-machine && \
    mkdir -p /etc/gitlab-runner/certs && chmod -R 700 /etc/gitlab-runner && \
    rm -rf /var/lib/apt/lists/* && \
    rm -rf gitlab-ci-multi-runner_1.10.7_amd64.deb

ADD entrypoint /
RUN chmod +x /entrypoint

VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
CMD /usr/bin/dumb-init /entrypoint run --user=gitlab-runner --working-directory=/home/gitlab-runner

############# entrypoint #############

#!/bin/bash

# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"

update_ca() {
  echo "Updating CA certificates..."
  cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
  update-ca-certificates --fresh >/dev/null
}

if [ -f "${CA_CERTIFICATES_PATH}" ]; then
  # update the ca if the custom ca is different than the current
  cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi

# start nginx
/usr/sbin/nginx

# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"

构建:docker build -t docker.io/leolan/gitlab-ci-py3env -f Dockerfile .
镜像下载:docker pull leolan/gitlab-ci-py3env


Nginx

通过gitlab-runner + Nginx达到静态网页持续构建的目的,这里使用官方的Dockerfile进行修改。两个文件放在同一目录下。
CMD部分在宝塔中无法使用exec方式执行,修改为shell模式。

############# Dockerfile #############

FROM ubuntu:14.04

ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 /usr/bin/dumb-init
RUN chmod +x /usr/bin/dumb-init

RUN apt-get update -y && \
    apt-get upgrade -y && \
    apt-get install -y ca-certificates wget apt-transport-https vim nginx git curl && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    rm -f /usr/share/nginx/html/*

RUN wget --content-disposition https://packages.gitlab.com/runner/gitlab-ci-multi-runner/packages/ubuntu/precise/gitlab-ci-multi-runner_1.10.7_amd64.deb/download.deb && \
    wget -q -O - https://packages.gitlab.com/gpg.key | apt-key add - && \
    dpkg -i gitlab-ci-multi-runner_1.10.7_amd64.deb && \
    wget -q https://github.com/docker/machine/releases/download/v0.7.0/docker-machine-Linux-x86_64 -O /usr/bin/docker-machine && \
    chmod +x /usr/bin/docker-machine && \
    mkdir -p /etc/gitlab-runner/certs && \
    chmod -R 700 /etc/gitlab-runner && \
    rm -rf /var/lib/apt/lists/* && \
    rm -rf gitlab-ci-multi-runner_1.10.7_amd64.deb

ADD entrypoint /
RUN chmod +x /entrypoint

VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
CMD /usr/bin/dumb-init /entrypoint run --user=gitlab-runner --working-directory=/home/gitlab-runner


############# entrypoint #############

#!/bin/bash

# gitlab-ci-multi-runner data directory
DATA_DIR="/etc/gitlab-runner"
CONFIG_FILE=${CONFIG_FILE:-$DATA_DIR/config.toml}
# custom certificate authority path
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$DATA_DIR/certs/ca.crt}
LOCAL_CA_PATH="/usr/local/share/ca-certificates/ca.crt"

update_ca() {
  echo "Updating CA certificates..."
  cp "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}"
  update-ca-certificates --fresh >/dev/null
}

if [ -f "${CA_CERTIFICATES_PATH}" ]; then
  # update the ca if the custom ca is different than the current
  cmp --silent "${CA_CERTIFICATES_PATH}" "${LOCAL_CA_PATH}" || update_ca
fi

# start nginx
/usr/sbin/nginx

# launch gitlab-ci-multi-runner passing all arguments
exec gitlab-ci-multi-runner "$@"

构建:docker build -t docker.io/leolan/gitlab-ci-nginx -f Dockerfile .
镜像下载:docker pull leolan/gitlab-ci-nginx


ngrok内网穿透

**原理:启动客户端时连接ngrok.leolan.top:4443;并把需要转发的本地端口和三级域名转发过去,同时根据参数使用HTTP还是HTTPS,自动使用8001还是8002;通过指定三级域名来建立多个链接。
**参考:https://leolan.top/index.php/posts/221.html

镜像下载:docker pull leolan/ngrok_v1.7

Dockerfile:
构建镜像可能需要访问外网!

FROM docker.io/golang:1.10

MAINTAINER leolan 842632422@qq.com

LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "ngrok1.7"
LABEL maintainer = "842632422@qq.com"

ENV TZ "Asia/Shanghai"


# 设置域名变量,不要使用“=”赋值,坑!!!这里使用ARG可传递变量,但不能持续到下一层镜像,结合ENV可使每层镜像都有效。
ARG DOMAIN
ENV NGROK_DOMAIN $DOMAIN
ENV GOPATH /root/ngrok/

# 克隆代码
RUN cd /root/ && git clone https://github.com/inconshreveable/ngrok.git && \
    rm -rf /go/*

# 生成证书
RUN cd /root/ && openssl genrsa -out rootCA.key 2048 && \
    openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem && \
    openssl genrsa -out server.key 2048 && \
    openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr && \
    openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000 && \
    mv rootCA.pem /root/ngrok/assets/client/tls/ngrokroot.crt && \
    mv server.crt /root/ngrok/assets/server/tls/snakeoil.crt && \
    mv server.key /root/ngrok/assets/server/tls/snakeoil.key


# 生成服务端、客户端
RUN cd /root/ngrok/ && \
    GOOS="linux" GOARCH="amd64" make release-server release-client && \
    GOOS="windows" GOARCH="amd64" make release-client && \
    GOOS="darwin" GOARCH="amd64" make release-client

# start;;;8001为HTTP;;;8002为HTTPS;;;4443为tunnel
CMD /root/ngrok/bin/ngrokd -domain=$NGROK_DOMAIN -httpAddr=":8001" -httpsAddr=":8002" -tunnelAddr=":4443"

EXPOSE 8001 8002 4443

# 注意!!!关于80、443端口!!!
# 如果80端口已被占用没办法使用:https://www.leolan.top/index.php/posts/221.html
# 的方式使用80端口,但如:微信开发必须要80或443端口的,可按如下方法解决
上面的Dockerfile中把8001改为80;8002改为443

启动容器时把其他端口映射到ngrok的容器中,特别注意4443(通信端口一定要和客户端的配置一样),
启动命令:docker run -idt -p 6080:80 -p 60443:443 -p 4443:4443 9b2cf0730a44
# 443端口可以不开放出来,自签证书没用

客户端的域名和本地端口传输到服务端的4443端口;按照配置把80、443端口返回给客户端。
客户端建立映射,类似:http://test.ngrok.leolan.top -> 127.0.0.1:8989 
这时是无法访问的!实际上http://test.ngrok.leolan.top:6080才对应的容器里面的80;但这个地址是80的,是根据ngrok的服务器配置分配的。所以要建立反向代理才能访问!

在Nginx中绑定域名:ngrok.leolan.top和*.ngrok.leolan.top 两个域名
反向代理到本地的6080端口。
# 原理:分配的网址点开后,会被nginx匹配并接管,把请求反代到ngrok容器端口上,完事!
现在可以使用http了,但https无法使用(即使是反代到80端口,证书是nginx管理的,但我们使用的是Let's Encrypt的通配符证书,不支持三级域名的!)

# 以下提供思路,本人测试不成功。
如果必须使用https可以再建一个二级域名,并绑定证书,反代到ngrok的三级域名上,这样在开发过程中最好就只使用一个域名,不要变来变去。

构建镜像:

# 指定域名:--build-arg DOMAIN="ngrok.leolan.top"
docker build -t docker.io/leolan/ngrok_v1.7 --build-arg DOMAIN="ngrok.leolan.top" -f ./Dockerfile .

**重要:**启动容器后,执行以下命令把客户端从容器中拷贝出来

docker cp  `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/ngrok ./ngrok_linux
docker cp  `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/windows_amd64/ngrok.exe ./
docker cp  `docker ps|grep ngrok|awk {'print $1'}`:/root/ngrok/bin/darwin_amd64/ngrok ./ngrok_mac

使用:

新建ngrok.cfg文件,内容如下
server_addr: "ngrok.leolan.top:4443"
trust_host_root_certs: false  #服务端启动时配置了证书这里要为true

命令行启动或写成sh;这里subdomain就是三级域名;80是把本地80映射到外网。
./ngrok -subdomain dev_test -config=ngrok.cfg -proto http 3000
# 这里使用-proto参数指定协议(不指定两者都开,端口随机,某一个链接会无法打开,协议或端口对不上),三级域名时test。
最终外网访问地址是:http://dev_test.ngrok.leolan.top:8001   #HTTP

# 如果使用的是./ngrok -subdomain dev_test -config=ngrok.cfg -proto https 3000
则最终外网访问地址是:https://dev_test.ngrok.leolan.top:8002   #HTTPS

宝塔面板

# 官方镜像,需要进入容器执行:/etc/init.d/bt start启动,也可二次打包镜像。
# 宝塔5.6,可升级到5.9;;;需要升级打6以上需要进入容器执行脚本跨版本升级。
docker pull registry.cn-hangzhou.aliyuncs.com/bt-panel/panel:5.6.0

# 加--privileged=true可使容器获得真正的root权限(非宿主机的一个用户)也可使宝塔自启动(官方镜像自启失败)
docker run -idt -p 8888:8888 --name baota --privileged=true --restart always -v /Users/mac/baota:/www/wwwroot [容器ID]


可以进入容器执行升级脚本
curl http://download.bt.cn/install/update_to_6.sh|bash

直接使用镜像:

docker run -idt \
    -p 8888:8888 \
    -p 3306:3306 \
    -p 6379:6379 \
    -p 27017:27017 \
    -p 5432:5432 \
    -p 6000-6100:6000-6100 \
    --privileged=true \
    --restart always \
    -v ./bt-wwwroot:/www/wwwroot \
    leolan/bt-panel6

# 宝塔账户密码:btadmin lanlan

MongoDB

docker pull leolan/mongo3.6

Dockerfile:
官方:https://github.com/docker-library/mongo/blob/e3d632f0b8c5b979f06ec933eca2a08293161530/3.6/Dockerfile

FROM debian:stretch-slim

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mongodb && useradd -r -g mongodb mongodb

RUN set -eux; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
		ca-certificates \
		jq \
		numactl \
	; \
	if ! command -v ps > /dev/null; then \
		apt-get install -y --no-install-recommends procps; \
	fi; \
	rm -rf /var/lib/apt/lists/*

# grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases)
ENV GOSU_VERSION 1.10
# grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases)
ENV JSYAML_VERSION 3.10.0

RUN set -ex; \
	\
	apt-get update; \
	apt-get install -y --no-install-recommends \
		wget \
	; \
	if ! command -v gpg > /dev/null; then \
		apt-get install -y --no-install-recommends gnupg dirmngr; \
	fi; \
	rm -rf /var/lib/apt/lists/*; \
	\
	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
	export GNUPGHOME="$(mktemp -d)"; \
	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
	command -v gpgconf && gpgconf --kill all || :; \
	rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
	chmod +x /usr/local/bin/gosu; \
	gosu nobody true; \
	\
	wget -O /js-yaml.js "https://github.com/nodeca/js-yaml/raw/${JSYAML_VERSION}/dist/js-yaml.js"; \
# TODO some sort of download verification here
	\
	apt-get purge -y --auto-remove wget

RUN mkdir /docker-entrypoint-initdb.d

ENV GPG_KEYS 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
RUN set -ex; \
	export GNUPGHOME="$(mktemp -d)"; \
	for key in $GPG_KEYS; do \
		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
	done; \
	gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mongodb.gpg; \
	command -v gpgconf && gpgconf --kill all || :; \
	rm -r "$GNUPGHOME"; \
	apt-key list

# Allow build-time overrides (eg. to build image with MongoDB Enterprise version)
# Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise
# Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com
# Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com .
ARG MONGO_PACKAGE=mongodb-org
ARG MONGO_REPO=repo.mongodb.org
ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO}

ENV MONGO_MAJOR 3.6
ENV MONGO_VERSION 3.6.10

RUN echo "deb http://$MONGO_REPO/apt/debian stretch/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR main" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list"

RUN set -x \
	&& apt-get update \
	&& apt-get install -y \
		${MONGO_PACKAGE}=$MONGO_VERSION \
		${MONGO_PACKAGE}-server=$MONGO_VERSION \
		${MONGO_PACKAGE}-shell=$MONGO_VERSION \
		${MONGO_PACKAGE}-mongos=$MONGO_VERSION \
		${MONGO_PACKAGE}-tools=$MONGO_VERSION \
	&& rm -rf /var/lib/apt/lists/* \
	&& rm -rf /var/lib/mongodb \
	&& mv /etc/mongod.conf /etc/mongod.conf.orig

RUN mkdir -p /data/db /data/configdb \
	&& chown -R mongodb:mongodb /data/db /data/configdb
VOLUME /data/db /data/configdb

COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]

EXPOSE 27017
CMD ["mongod"]

Python3开发测试环境

一个基于Debian9的py3开发环境,预装Linux常用命令。

Dockerfile:

FROM docker.io/python:3.6.8
# 基于Debian 9

ENV TZ "Asia/Shanghai"

WORKDIR /root

RUN apt update && apt install -y apt-utils

RUN apt install -y wget git net-tools cron vim && apt clean all && \
    ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
    echo "alias ll='ls -alh'" >> /root/.bashrc

# clean cache
RUN apt clean && apt autoclean && apt autoremove && \
    deborphan | xargs apt purge -y

CMD /bin/bash

构建镜像:

docker build -t docker.io/leolan/debian-py3-base -f Dockerfile .

MariaDB

# 默认密码:123456
docker pull docker.io/leolan/mariadb:v10.4.1

Dockerfile:

FROM docker.io/leolan/centos7_base:latest

MAINTAINER leolan 842632422@qq.com

LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "MariaDB 10.4.1"
LABEL maintainer = "842632422@qq.com"


ENV TZ "Asia/Shanghai"

WORKDIR /root


# 安装
RUN echo '[mariadb]' >> /etc/yum.repos.d/MariaDB.repo && \
	echo 'name = MariaDB' >> /etc/yum.repos.d/MariaDB.repo && \
	echo 'baseurl = http://yum.mariadb.org/10.4/centos7-amd64' >> /etc/yum.repos.d/MariaDB.repo && \
	echo 'gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB' >> /etc/yum.repos.d/MariaDB.repo && \
	echo 'gpgcheck=1' >> /etc/yum.repos.d/MariaDB.repo && \
	yum install -y MariaDB-server MariaDB-client && \
	yum clean all

# 修改密码
RUN echo '#!/bin/bash' >> mysql.sh && echo 'nohup /usr/sbin/mysqld --user=root &' >> mysql.sh && \
	echo 'sleep 2' >> mysql.sh && \
	echo 'mysqladmin -u root password 123456' >> mysql.sh && \
        chmod +x mysql.sh && bash mysql.sh && \
	mysql -uroot -p123456 -e "use mysql;Grant all privileges on *.* to 'root'@'%' identified by '123456' with grant option;flush privileges;"


# 暴露端口
EXPOSE 3306

CMD /usr/sbin/mysqld --user=root >> /dev/null

ElasticSearch

Centos可用镜像(经测试再Debian系的系统中无法启动):

docker pull leolan/elasticsearch:v6.2.4
docker pull leolan/elasticsearch:v6.5.4

Dockerfile:

FROM docker.io/centos:7

MAINTAINER leolan 842632422@qq.com

LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "ElasticSearch 6.2.4"
LABEL maintainer = "842632422@qq.com"


ENV TZ "Asia/Shanghai"

WORKDIR /root

# RUN要分多步执行,否则会因yum cache不足终止构建。
RUN yum -y install epel* && \
    yum install -y wget git net-tools crontabs vim curl-devel


# 安装并修改内存限制
RUN yum -y install openssl-devel gcc gcc-c++ java && \
	wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.rpm && \
	yum localinstall -y elasticsearch-6.2.4.rpm && \
	rm -rf elasticsearch-6.2.4.rpm && \
    yum clean all && \
    sed -i 's/-Xms1g/-Xms512m/g' /etc/elasticsearch/jvm.options && \
    sed -i 's/-Xmx1g/-Xmx512m/g' /etc/elasticsearch/jvm.options && \
    mkdir /home/elasticsearch && chown -R elasticsearch:elasticsearch /home/elasticsearch


# 安装IK插件
RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.2.4/elasticsearch-analysis-ik-6.2.4.zip


# 解除系统限制
RUN sed -i 's/#network.host: 192.168.0.1/network.host: 0.0.0.0/g' /etc/elasticsearch/elasticsearch.yml && \
	sed -i 's/#DefaultLimitNOFILE=/DefaultLimitNOFILE=65536/g' /etc/systemd/system.conf && \
	sed -i 's/#DefaultLimitNPROC=/DefaultLimitNPROC=32000/g' /etc/systemd/system.conf && \
	sed -i 's/#DefaultLimitMEMLOCK=/DefaultLimitMEMLOCK=infinity/g' /etc/systemd/system.conf && \
	echo '* soft nofile 65536' >> /etc/security/limits.conf && \
	echo '* hard nofile 65536' >> /etc/security/limits.conf && \
	echo '* soft nproc 32000' >> /etc/security/limits.conf && \
	echo '* hard nproc 32000' >> /etc/security/limits.conf && \
	echo '* hard memlock unlimited' >> /etc/security/limits.conf && \
	echo '* soft memlock unlimited' >> /etc/security/limits.conf

# 开启内存锁,关闭交换分区(慎用,开启容易导致无法启动)
#RUN sed -i 's/#bootstrap.memory_lock: true/bootstrap.memory_lock: true/g' /etc/elasticsearch/elasticsearch.yml && \
#	echo 'vm.swappiness=0' >> /etc/sysctl.conf && sysctl -p


# 暴露端口
EXPOSE 9200 9300

# es需要以普通用户运行
USER elasticsearch
CMD /usr/share/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet >> /dev/null


pyspider

python3版本

#https://hub.docker.com/r/saibaster/pyspider
docker pull saibaster/pyspider

启动容器后面追加命令:pyspider才能启动(宝塔中也一样)
如:docker run -idt -p 5000:8888 pyspider

Dockerfile

FROM python:3.6
MAINTAINER binux <roy@binux.me>

# install phantomjs
RUN mkdir -p /opt/phantomjs \
        && cd /opt/phantomjs \
        && wget -O phantomjs.tar.bz2 https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 \
        && tar xavf phantomjs.tar.bz2 --strip-components 1 \
        && ln -s /opt/phantomjs/bin/phantomjs /usr/local/bin/phantomjs \
        && rm phantomjs.tar.bz2


# install requirements
#RUN pip install --egg 'https://dev.mysql.com/get/Downloads/Connector-Python/mysql-connector-python-2.1.5.zip#md5=ce4a24cb1746c1c8f6189a97087f21c1'
COPY requirements.txt /opt/pyspider/requirements.txt
RUN pip install -r /opt/pyspider/requirements.txt

# add all repo
ADD ./ /opt/pyspider

# run test
WORKDIR /opt/pyspider
RUN pip install -e .[all]

VOLUME ["/opt/pyspider"]
ENTRYPOINT ["pyspider"]

EXPOSE 5000 23333 24444 25555

微镜像

http://csphere.cn/hub
各种生产环境镜像,支持希云管理。


Python+Jupyter环境

centos+py2+py3+Jupyter+Nginx

一个基于centos7的提供py3、py3环境,预装Linux基本命令git、Jupyter、Nginx等,Nginx是用来方便下载文件的。Jupyter默认密码为:123456,如需修改按以下方法执行。

默认密码:123456
docker pull leolan/py2-py3-jupyter-scrapy-nginx
或:
docker pull leolan/py2-py3-jupyter-nginx


建立好镜像,启动镜像后使用:jupyter notebook password 修改密码。
或者:
# python3
#>>> from IPython.lib import passwd 或者 from notebook.auth import passwd
#>>> passwd()
#Enter password: 
#Verify password: 
#'sha1:175e8efe8974:eacef02a2e3f959d6efdf6c93d142c7f4712f5cc'
替换Dockerfile中的值

Dockerfile:

FROM docker.io/centos:7

MAINTAINER leolan 842632422@qq.com

LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "py3+py3+Jupyter+Scrapy+Nginx"
LABEL maintainer = "842632422@qq.com"


ENV TZ "Asia/Shanghai"

WORKDIR /root

# RUN要分多步执行,否则会因yum cache不足终止构建。
RUN yum -y install epel* && \
	yum install -y wget git net-tools crontabs vim curl-devel


RUN yum -y install nginx nginx-all-modules nginx-filesystem openssl-devel gcc gcc-c++


RUN yum install -y python2-pip python34 python34-devel python34-pip && \
	yum clean all

# 需要Scrapy取消注释以下内容
#RUN pip3 install scrapy && pip3 install pymysql && pip3 install pymongo && pip3 install redis


# IPython对python2和python3的支持版本不同,需要指定版本
RUN pip3 install jupyter && pip install IPython==5.8.0 && pip3 install IPython==6.5.0 && \
	mkdir /root/.jupyter


# Jupyter Password: 123456
RUN ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
	mkdir /root/wwwroot && ln -s /usr/share/nginx/html /root/wwwroot && \
    echo '{"NotebookApp": {"password": "sha1:c8001e7b95e8:ec78d072dcba4ef97cd1da860bd183a9a3ac80c4"}}' >> .jupyter/jupyter_notebook_config.json


RUN pip3 install jupyter_contrib_nbextensions && jupyter contrib nbextension install && pip3 install ipyparallel && ipcluster nbextension enable


# start
CMD /usr/sbin/nginx && jupyter notebook --ip=0.0.0.0 --port=6688 --allow-root >> /dev/null

EXPOSE 6688 80

构建容器

docker build -t python3-jupyter-nginx -f ./Dockerfile .

Debian+py3+Jupyter+Nginx

一个基于Debian9的py3环境,预装Linux基本命令git、Jupyter、Nginx等,Nginx是用来方便下载文件的。Jupyter默认密码为:123456,如需修改按以下方法执行。

Jupyter默认密码:123456
docker pull leolan/debian_py3

建立好镜像,启动镜像后使用:jupyter notebook password 修改密码。
或者:
# python3
#>>> from IPython.lib import passwd 或者 from notebook.auth import passwd
#>>> passwd()
#Enter password: 
#Verify password: 
#'sha1:175e8efe8974:eacef02a2e3f959d6efdf6c93d142c7f4712f5cc'
替换Dockerfile中的值

Dockerfile:

FROM docker.io/python:3.6.8
# 基于Debian 9

MAINTAINER leolan 842632422@qq.com

LABEL com.example.vendor = "www.leolan.top"
LABEL com.example.label-with-value = "foo"
LABEL version = "1.0"
LABEL description = "Py3+Jupyter+Scrapy+Nginx"
LABEL maintainer = "842632422@qq.com"


ENV TZ "Asia/Shanghai"

WORKDIR /root

RUN apt update && apt install -y apt-utils

RUN apt install -y wget git net-tools cron vim && \
    ssh-keygen -q -t rsa -P "" -f /root/.ssh/id_rsa && \
    echo "alias ll='ls -alh'" >> /root/.bashrc


# 不需要Nginx注释以下内容
RUN apt install -y nginx && \
    mkdir /root/wwwroot && ln -s /var/www/html /root/wwwroot


# 不需要Scrapy注释以下内容
RUN pip3 install scrapy && pip3 install pymysql && pip3 install pymongo && pip3 install redis


# 不需要Jupyter注释以下内容
# Set Jupyter Password: 123456;;;Install Jupyter Plugin
RUN pip3 install jupyter && pip3 install IPython==7.2.0 && \
    mkdir /root/.jupyter && \
    echo '{"NotebookApp": {"password": "sha1:c8001e7b95e8:ec78d072dcba4ef97cd1da860bd183a9a3ac80c4"}}' >> .jupyter/jupyter_notebook_config.json && \
    pip3 install jupyter_contrib_nbextensions && jupyter contrib nbextension install && pip3 install ipyparallel && ipcluster nbextension enable

# clean cache
RUN apt clean && apt autoclean && apt autoremove && \
    deborphan | xargs apt purge -y

# start
CMD /usr/sbin/nginx && jupyter notebook --ip=0.0.0.0 --port=6688 --allow-root >> /dev/null

EXPOSE 6688 80

构建容器

docker build -t docker.io/leolan/debian_py3 -f Dockerfile .

LAMP镜像

该镜像很精简,一般测试用,缺少常用的组件。
apache2+php5+mysql5.6;mysql密码为空,web路径/var/www/

docker pull hub.c.163.com/public/lamp:latest

LNMP镜像

该镜像使用的是https://lnmp.org/的一键安装脚本
把80端口映射出来就行了,运行容器后进入容器,执行lnmp start启动服务。
nginx+php7+mysql5.6;mysql账户密码都是root,web路径/home/wwwroot/

docker pull hub.c.163.com/cookienull/centos7_pure_lnmp:latest

独立容器

搭建这种多应用的环境有两种情况。
**第一种:**全部应用都集中在一个镜像里面,这样好处是方便管理,一个镜像里有所有环境,但是一旦出问题就很麻烦了。
**第二种:**每个应用都分开一个容易,然后链接起来,这个各个容器是独立的,可以很方便的修改单个容器。缺点是启动和停止都要按依赖顺序进行。

这里记录一下应用分开的情况;应用集中在一起的情况其实就是合并Dockerfile文件,以其中一个应用为基础,然后配置其他应用。

# 创建应用目录
cd ~
mkdir ./{nginx,mysql,php7} -p

############### 编写Dockerfile文件 #######################
# mysql部分
cat > ./mysql/Dockerfile <<EOF
FROM mysql:5.7
MAINTAINER leolan 842632422@qq.com

ENV TZ "Asia/Shanghai"
EOF


#########################################################
# PHP部分(修改端口为9000,应用分离,PHP容器对于Nginx容器不是localhost)

cat > ./php7/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com

ENV TZ "Asia/Shanghai"

# Web Dir
RUN mkdir -p /usr/local/nginx/html

# Yum
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
    yum -y install epel-release && \
    yum install -y wget && \
    cd /etc/yum.repos.d && \
    wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
    yum -y update && \
    yum install -y gcc automake autoconf libtool make gcc-c++ vixie-cron zlib file bash vim  && \
    yum install -y sharutils zip libmemcached libmemcached-devel libyaml libyaml-devel && \
    yum install -y unzip ibvpxl-devel openssl-devel tar libtool-ltdl-devel net-tools  && \
    yum install -y libmcrypt libmcrypt-devel libxml2 libxml2-devel bzip2 bzip2-devel curl && \
    yum install -y curl-devel libjpeg libjpeg-devel libpng libpng-devel freetype-devel  && \
    yum install -y gd-devel bison mhash ImageMagick-devel cyrus-sasl-devel mcrypt  && \
    yum clean all

RUN yum install -y libmcrypt-devel && cd /tmp && \
  wget http://cn2.php.net/distributions/php-7.0.12.tar.gz && \
  tar xzf php-7.0.12.tar.gz && \
  cd /tmp/php-7.0.12 && \
  ./configure \
    --prefix=/usr/local/php \
    --with-mysqli \
    --with-pdo-mysql \
    --with-iconv-dir \
    --with-freetype-dir \
    --with-jpeg-dir --with-png-dir \
    --with-zlib \
    --with-libxml-dir \
    --enable-simplexml \
    --enable-xml \
    --disable-rpath \
    --enable-bcmath \
    --enable-soap \
    --enable-zip \
    --with-curl \
    --enable-fpm \
    --with-fpm-user=nobody \
    --with-fpm-group=nobody \
    --enable-mbstring \
    --enable-sockets \
    --with-mcrypt \
    --with-gd \
    --enable-gd-native-ttf \
    --with-openssl \
    --with-mhash \
    --enable-opcache && \
    make && \
    make install

# Copy file
RUN cp /tmp/php-7.0.12/php.ini-production /usr/local/php/lib/php.ini && \
    cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
    cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf


EXPOSE 9000

# 配置php
RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/php/etc/php-fpm.d/www.conf

RUN rm -rf /tmp/php*

# 启动php
ENTRYPOINT ["/usr/local/php/sbin/php-fpm", "-F", "-c", "/usr/local/php/lib/php.ini"]
EOF

###################################################################
# Nginx部分
cat > ./nginx/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com

ENV TZ "Asia/Shanghai"

# Yum
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
    yum -y install epel-release && \
    yum install -y wget && \
    cd /etc/yum.repos.d && \
    wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
    yum -y update && \
    yum install -y gcc automake libtool make gcc-c++ vixie-cron patch bzip2-devel curl  && \
    yum install -y zlib file zip bash vim cyrus-sasl-devel curl-devel libjpeg libjpeg-devel  && \
    yum install -y libmemcached libmemcached-devel libyaml libyaml-devel unzip libvpx-devel  && \
    yum install -y openssl-devel ImageMagick-devel autoconf tar gcc libxml2-devel gd-devel && \
    yum install -y mcrypt mhash libmcrypt libmcrypt-devel libxml2 bzip2 sharutils  && \
    yum install -y libpng libpng-devel freetype-devel bison libtool-ltdl-devel net-tools && \
    yum clean all

# 安装Nginx,同时加上nginx_upstream_check_module负载均衡健康度检查模块,不做负载均衡的可以不用此模块。
RUN cd /tmp && \
  wget http://nginx.org/download/nginx-1.12.1.tar.gz && \
  wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master && \
  tar xzf nginx-1.12.1.tar.gz && \
  unzip master && \
  cd /tmp/nginx-1.12.1 && \
  patch -p1 < ../nginx_upstream_check_module-master/check_1.12.1+.patch && \
  ./configure \
    --prefix=/usr/local/nginx \
    --with-http_ssl_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
    --with-http_gzip_static_module --with-http_stub_status_module --with-http_stub_status_module --with-debug && \
    make && \
    make install

# 配置nginx
ENV HTTP_PHP_CONFIG \\\n\\\t#php\\\n\\\tlocation ~ \\\\.php$ {\\\n\\\t\\\troot    html;\\\n\\\t\\\tfastcgi_pass   php7:9000;\\\n\\\t\\\tfastcgi_index    index.php;\\\n\\\t\\\tfastcgi_param  SCRIPT_FILENAME    /usr/local/nginx/html\$fastcgi_script_name;\\\n\\\t\\\tinclude    fastcgi_params;\\\n\\\t}\\\n\\\n\\\t

RUN sed -i -e "s@# deny access to .htaccess files, if Apache@${HTTP_PHP_CONFIG}# deny access to .htaccess files, if Apache@" /usr/local/nginx/conf/nginx.conf

EXPOSE 80 443

RUN rm -rf /tmp/nginx*

# 启动nginx
ENTRYPOINT ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF


################ Dockerfile文件完成 #####################
# 构建镜像
docker build -t ubuntu-mysql5.7 -f ./mysql/Dockerfile .
docker build -t centos7-php7 -f ./php7/Dockerfile .
docker build -t centos7-nginx -f ./nginx/Dockerfile .

# 启动容器,因为访问nginx是,会连接php,再连接mysql,所以这里把镜像链接起来,按顺序启动。
docker run --name mysql -p 3306:3306 -v /root/webdata/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -it ubuntu-mysql5.7 &
sleep 5   #容器完全启动了才能启动下一个,不然会报错。
docker run --name php7 -p 9000:9000 -v /root/webdata/wwwroot:/usr/local/nginx/html --link mysql:mysql -it centos7-php7 &
sleep 8
docker run --name nginx -p 8888:80 -v /root/webdata/wwwroot:/usr/local/nginx/html --link php7:php7 -it centos7-nginx &
sleep 8

请自行修改端口,不要和系统已有的冲突,有任何冲突都会启动失败,修改后启动失败的那个就行了,启动成功后3个容器就是链接在一起的。重启数据和配置都不会丢失,mysql默认已授权了root的%访问。
按顺序先启动mysql,再启动php,最后启动nginx(启动时会检查所链接的那个容器是否启动,没有启动则自身也不启动)。


容器多应用整合

# mysql(用官方的镜像是基于ubuntu的,要集成需要自己使用centos镜像重新编译安装mysql)
cat > ./mysql/Dockerfile <<EOF
FROM mysql:5.7
MAINTAINER leolan 842632422@qq.com

ENV TZ "Asia/Shanghai"
EOF

# nginx+php7
cat > ./nginx_php7/Dockerfile <<EOF
FROM centos:centos7
MAINTAINER leolan 842632422@qq.com

ENV TZ "Asia/Shanghai"

# Web Dir
RUN mkdir -p /usr/local/nginx/html

# Yum

RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
    yum -y install epel-release && \
    yum install -y wget && \
    cd /etc/yum.repos.d && \
    wget http://mirrors.163.com/.help/CentOS7-Base-163.repo && \
    yum -y update && \
    yum install -y gcc automake libtool make gcc-c++ vixie-cron curl curl-devel patch  && \
    yum install -y zlib file openssl-devel sharutils zip bash vim cyrus-sasl-devel libpng  && \
    yum install -y libmemcached libmemcached-devel libyaml libyaml-devel unzip libvpx-devel  && \
    yum install -y openssl-devel ImageMagick-devel autoconf tar gcc gd-devel libmcrypt-devel  && \
    yum install -y mcrypt mhash libmcrypt libxml2 libxml2-devel bzip2 libjpeg libjpeg-devel  && \
    yum install -y bzip2-devel libpng-devel freetype-devel bison libtool-ltdl-devel net-tools && \

# 安装Nginx,同时加上nginx_upstream_check_module负载均衡健康度检查模块,不做负载均衡的可以不用此模块。
RUN cd /tmp && \
  wget http://nginx.org/download/nginx-1.12.1.tar.gz && \
  wget https://codeload.github.com/yaoweibin/nginx_upstream_check_module/zip/master && \
  tar xzf nginx-1.12.1.tar.gz && \
  unzip master && \
  cd /tmp/nginx-1.12.1 && \
  patch -p1 < ../nginx_upstream_check_module-master/check_1.12.1+.patch && \
  ./configure \
    --prefix=/usr/local/nginx \
    --with-http_ssl_module --with-http_sub_module --with-http_dav_module --with-http_flv_module \
    --with-http_gzip_static_module --with-http_stub_status_module --with-http_stub_status_module --with-debug && \
    make && \
    make install


RUN yum install -y libmcrypt-devel && cd /tmp && \
  wget http://cn2.php.net/distributions/php-7.0.12.tar.gz && \
  tar xzf php-7.0.12.tar.gz && \
  cd /tmp/php-7.0.12 && \
  ./configure \
    --prefix=/usr/local/php \
    --with-mysqli \
    --with-pdo-mysql \
    --with-iconv-dir \
    --with-freetype-dir \
    --with-jpeg-dir --with-png-dir \
    --with-zlib \
    --with-libxml-dir \
    --enable-simplexml \
    --enable-xml \
    --disable-rpath \
    --enable-bcmath \
    --enable-soap \
    --enable-zip \
    --with-curl \
    --enable-fpm \
    --with-fpm-user=nobody \
    --with-fpm-group=nobody \
    --enable-mbstring \
    --enable-sockets \
    --with-mcrypt \
    --with-gd \
    --enable-gd-native-ttf \
    --with-openssl \
    --with-mhash \
    --enable-opcache && \
    make && \
    make install


# 配置nginx
ENV HTTP_PHP_CONFIG \\\n\\\t#php\\\n\\\tlocation ~ \\\\.php$ {\\\n\\\t\\\troot    html;\\\n\\\t\\\tfastcgi_pass   php7:9000;\\\n\\\t\\\tfastcgi_index    index.php;\\\n\\\t\\\tfastcgi_param  SCRIPT_FILENAME    /usr/local/nginx/html\$fastcgi_script_name;\\\n\\\t\\\tinclude    fastcgi_params;\\\n\\\t}\\\n\\\n\\\t

RUN cp /tmp/php-7.0.12/php.ini-production /usr/local/php/lib/php.ini && \
    cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf && \
    cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf

RUN sed -i -e "s@# deny access to .htaccess files, if Apache@${HTTP_PHP_CONFIG}# deny access to .htaccess files, if Apache@" /usr/local/nginx/conf/nginx.conf
#RUN sed -i -e 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/php/etc/php-fpm.d/www.conf


EXPOSE 80 443 9000

RUN rm -rf /tmp/php*
    rm -rf /tmp/nginx*

# 启动php nginx
ENTRYPOINT ["/usr/local/php/sbin/php-fpm", "-F", "-c", "/usr/local/php/lib/php.ini"]
ENTRYPOINT ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF


################################################
# 构建镜像
docker build -t ubuntu-mysql5.7 -f ./mysql/Dockerfile .
docker build -t centos7-nginx_php7 -f ./nginx_php7/Dockerfile .

# 启动容器,因为访问nginx调用php,再连接mysql,所以这里把镜像链接起来,按顺序启动。
docker run -n mysql -p 3306:3306 -v /root/webdata/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -it ubuntu-mysql5.7 &
sleep 5   #容器完全启动了才能启动下一个,不然会报错。
docker run -n nginx_php7 -p 9000:9000 -p 80:80 -v /root/webdata/wwwroot:/usr/local/nginx/html --link mysql:mysql -it centos7-nginx_php7 &
sleep 8

测试lnmp环境

############## 测试lnmp是否工作 ##########################
# 测试php
cat > /root/webdata/wwwroot/phpinfo.php <<EOF
<?php
phpinfo();
?>
EOF


# 测试mysql
cat > /root/webdata/wwwroot/mysql.php <<EOF
<?php
        $link_id=new PDO('mysql:host=root;port=3306;dbname=mysql;charset=utf8', 'root', '123456');
        if($link_id){
                echo "mysql connect successful !";
        }else{
                echo mysql_error();
        }
?>
EOF

参考:https://www.zhsir.org/article/154


Redis

docker pull docker.io/leolan/redis:v5.0.3

SS镜像

SS1

https://hub.docker.com/r/imhang/kcp-shadowsocks-docker/

docker pull imhang/kcp-shadowsocks-docker

SS_PORT     443
SS_PASSWORD 123456
SS_METHOD   chacha20
KCP_PORT    9443
KCP_KEY     123456

SS2

1984:1984是docker和容器内部的端口映射;
--restart=always是指开机自动运行镜像;
0.0.0.0指本机,这个不用改;
1984是SS服务对应的端口地址;
842632422是SS密码。

docker pull oddrationale/docker-shadowsocks
docker run -d -p 1984:1984 --restart=always oddrationale/docker-shadowsocks -s 0.0.0.0 -p 1984 -k 842632422 -m aes-256-cfb

SSR镜像

https://hub.docker.com/r/jimlee1996/ssr/ (这个镜像的加密方式稍强一点,效果更好,但是有些客户端不支持)
https://hub.docker.com/r/arctg70/ssr-kcp-server-docker/ (这个镜像的加密方式稍弱一点,老客户端也支持)

docker pull jimlee1996/ssr
可以把8388(tcp)和18388(udp)映射到同一个外网端口上;密码进容器修改。

docker pull arctg70/ssr-kcp-server-docker
可以把8999映射到外网端口就行了,另外8989(tcp)和29900(udp)两个端口可以不管;密码进容器修改。

常用Dockerfile

https://github.com/tfssweb/Dockerfile


参考资料:
Dockerfile文件详解:https://www.cnblogs.com/panwenbin-logs/p/8007348.html

文章作者: Leo
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 LeoLan的小站
环境搭建 虚拟化 docker 常用Dockerfile Docker常用镜像
喜欢就支持一下吧