最近在研究docker,博客也写了几篇关于docker的文章,用了docker,感觉只有一个:卧槽,真香,废话不多说开干。
坑一:docker目前还没有支持centos8,我用centos8死活运行不了wordpress
坑二:注意https证书的问题
坑三:注意nginx配置文件内的路径问题
坑四:目录结构
[root@uscdn1 kaifashuo]# pwd
/home/kaifashuo
[root@uscdn1 kaifashuo]# ll
total 16
-rw-r--r-- 1 root root 1792 Jun 26 12:32 docker-compose.yml
drwxr-xr-x 7 polkitd root 4096 Jun 26 12:33 mysql
drwxr-xr-x 4 root root 4096 Jun 26 16:53 nginx
drwxr-xr-x 9 33 tape 4096 Jun 26 12:33 web
[root@uscdn1 kaifashuo]# ll nginx/
total 12
-rw-r--r-- 1 root root 2569 Jun 26 16:53 default.conf
drwxr-xr-x 2 root root 4096 Jun 26 12:02 logs
drwxr-xr-x 2 root root 4096 Jun 26 10:48 ssl
1、安装docker软件依赖软件
yum install -y yum-utils device-mapper-persistent-data lvm2
2、安装docker,并设置开启自启动
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce
systemctl enable docker
systemctl start docker
3、编排思路
按照docker的设计思路,应尽量将每个服务放至独立的docker容器中,相互之间会有依赖关系,但运行时绝不会相互影响。Wordpress是使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设属于自己的网站。基于WordPress搭建博客平台,依赖于有HTTP服务、数据库服务和PHP环境,最理想的编排方案应该分别将这些服务部署在独立的容器中。
HTTP服务
SQL服务
PHP环境
Wordpress环境
此处为避免重新编译docker镜像,决定采取直接从docker hub上拉取官方认证的镜像,官方提供的Wordpress镜像中已经集成了PHP环境,因此不需要单独部署一个PHP docker;HTTP服务可以选择Apache或者Nginx,此处选择Nginx;SQL可以选择MySql或者MariaDB,此处选择了MariaDB。总共需要三个docker镜像。
4、编辑docker-compose.yml脚本
version: '3'
services:
mariadb:
image: mariadb:10.5.4
container_name: mariadb
ports:
- '3306:3306'
volumes:
- /home/kaifashuo/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=你的数据库密码
- MYSQL_DATABASE=wordpress
- MYSQL_USER=root
- MYSQL_PASSWORD=你的数据库密码
networks:
- backend
restart: always
wordpress:
depends_on:
- mariadb
image: wordpress:5.4.2-php7.4-fpm
container_name: wordpress
ports:
- '9000:9000'
volumes:
#- ./php-fpm:/usr/local/etc/php-fpm.d
- /home/kaifashuo/web:/var/www/html
environment:
- WORDPRESS_DB_NAME=wordpress
- WORDPRESS_TABLE_PREFIX=wp_
- WORDPRESS_DB_HOST=mariadb:3306
- WORDPRESS_DB_USER=root
- WORDPRESS_DB_PASSWORD=你的数据库密码
links:
- mariadb
networks:
- frontend
- backend
restart: always
nginx:
image: nginx:1.18.0
container_name: nginx
ports:
- '80:80'
- '8081:8081'
- "443:443"
volumes:
- /home/kaifashuo/nginx:/etc/nginx/conf.d
- /home/kaifashuo/nginx/ssl:/etc/nginx/cert
- /home/kaifashuo/nginx/logs:/var/log/nginx
- /home/kaifashuo/web:/var/www/html
- /var/run/docker.sock:/tmp/docker.sock:ro
links:
- wordpress
networks:
- frontend
restart: always
networks:
frontend:
#name: frontend
driver: bridge
backend:
#name: backend
driver: bridge
5、直接执行docker-compose命令,启动服务
docker-compose up -d
6、修改nginx配置文件
server {
listen 80;
server_name www.kaifashuo.com kaifashuo.com;
rewrite ^/(.*) https://www.kaifashuo.com/$1 permanent;
}
server {
listen 443 ssl http2;
server_name www.kaifashuo.com img.kaifashuo.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log crit;
ssl_certificate cert/fullchain.pem;
ssl_certificate_key cert/privkey.pem;
ssl_trusted_certificate cert/chain.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=63072000" always;
location /status {
stub_status on;
access_log off;
}
location / {
proxy_pass http://外网IP:外网端口/;
#注意一定是宿主机外网IP + 端口的形式。
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
server {
listen 8081;
#注意防火墙一定不要开启此端口8081,防火墙对外开启80 443和需要的端口即可。
server_name www.kaifashuo.com;
port_in_redirect off;
# set_real_ip_from 10.0.0.0/8; #your ip
real_ip_header X-Forwarded-For;
real_ip_recursive on;
root /var/www/html;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ^~ /xmlrpc.php { return 403; }
location ^~ /wp-config.php { return 403; }
location ~ .*\.php(\/.*)*$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_pass wordpress:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
7、查看 docker-compose 日志及相关命令
docker-compose logs nginx
docker-compose logs wordpress
docker-compose logs mariadb
docker-compose restart nginx
docker-compose stop wordpress
8、docker扩展,如果不能正常运行怎么办?可以尝试重建
查看docker容器运行状态(仅列出运行中的容器):docker ps
查看所有docker容器(包括运行中和没有运行的):docker ps -a
删除所有容器:docker rm -f $(docker ps -qa)
删除所有镜像:docker rmi -f $(docker images -qa)
删除所有docker网络配置:docker network rm $(docker network ls)
然后在执行命令即可:docker-compose up -d
还没有任何评论,你来说两句吧