文章目錄
- 0. 老男孩思想-老男孩名言警句
- 1. Dockerfile指令:ENV與ARG的區別?
- 2. 創建WordPress鏡像
- 2.1 CA證書
- 2.1.1 客戶端訪問HTTPS站點(阿里云鏡像源)過程
- 2.1.2 查看Windows的CA證書
- 2.1.3 ubuntu查看CA證書是否安裝
- 2.2 準備apt下載源
- 2.3 編寫Dockerfile文件
- 2.4 nginx配置文件和容器啟動腳本
- 2.5 構建鏡像和啟動容器
- 3. 面試題:容器怎么暴露日志
- 4. Dockerfile多階段構建
- 4.1 未使用多階段構建的Dockerfile
- 4.2 使用多階段構建的Dockerfile
- 5. Docker Compose
- 5.1 安裝docker compose
- 5.2 編寫docker-compose測試文件
- 5.3 執行docker-compose文件,啟動容器
- 5.4 案例-小鳥飛飛
- 5.4.1 編寫docker-compose文件
- 5.4.2 運行docker-compose
- 6. 踩坑記錄
- 1. apt update時報錯
0. 老男孩思想-老男孩名言警句
- 成功絕非偶然,而是正確選擇和持續努力后的必然
- 成功最有效的途徑就是不斷的和有經驗的、成功的人學習
- 學習成功人士的思維和習慣,是成功的捷徑
- 要做別人不敢做、做不到的事,才能從競爭者勝出
- 自己最不想改變的,往往是自己最需要改變的;要多接收、多學習他人的思維或習慣
- 找一份能讓自己快速成長的企業,比多1-2千工資更重要
1. Dockerfile指令:ENV與ARG的區別?
- ENV:定義全局的環境變量,在腳本和容器中生效
- ARG:定義局部環境變量,僅在docker build時生效;使用–build-arg指定變量值
2. 創建WordPress鏡像
- 基礎鏡像:ubuntu,nginx+php+代碼
2.1 CA證書
CA(Certificate Authority,證書頒發機構)證書是數字證書體系的核心,用于驗證網站、服務器、軟件等的身份,并確保 HTTPS 加密通信的安全。
2.1.1 客戶端訪問HTTPS站點(阿里云鏡像源)過程
- 服務端發送證書:阿里云服務器將SSL證書(由CA機構簽發)發送給客戶端
- 客戶端那驗證證書有效性:客戶端使用本地預裝的CA證書包:
- 驗證簽名:確認服務端證書是由受信任的CA簽發
- 驗證有效性:檢查證書是否過期、域名是否匹配等
- 建立加密通道:驗證通過后才開始加密數據傳輸
2.1.2 查看Windows的CA證書
- 管理員打開PowerShell:
Get-ChildItem -Path Cert:\LocalMachine\Root | Format-List Subject, Thumbprint, NotAfter
2.1.3 ubuntu查看CA證書是否安裝
dpkg -s ca-certificates |grep Status- 如果已安裝,會顯示:
Status:install ok installed
2.2 準備apt下載源
-
ubuntu容器有可能是精簡版本,可能沒有安裝CA證書包;
- 這時apt下載源需要使用http地址
[root@docker01 /server/dockerfile/04-wordpress]# cat sources.list
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse# deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse2.3 編寫Dockerfile文件
[root@docker01 /server/dockerfile/04-wordpress]# cat Dockerfile
FROM ubuntu:22.04
LABEL author=skx desc="WordPress鏡像:nginx+php" # 變量
# 時區
ENV TZ=Asia/Shanghai
# 站點目錄
ENV CODE=/app/code/blog# 發送apt源文件和代碼
ADD sources.list /etc/apt
# 指定時區;若不提前指定,則在安裝php時會有交互式選項
# 安裝軟件
# 暴露日志
RUN apt update \&& DEBIAN_FRONTEND=noninteractive apt install -y tzdata \&& ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \&& echo $TZ > /etc/timezone \&& apt install -y nginx \&& apt install -y php8.1-common php8.1-bcmath php8.1-cli php8.1-curl php8.1-dev php8.1-fpm php8.1-gd php8.1-mysql php8.1-mbstring php8.1-redis \&& mkdir -p ${CODE} \&& ln -sf /var/log/nginx/access.log /dev/stdout \&& ln -sf /var/log/nginx/error.log /dev/stderr \&& sed -i 's#^listen =.*#listen = 127.0.0.1:9000#g' /etc/php/8.1/fpm/pool.d/www.conf # 上傳文件
ADD blog.oldboy.cn.conf /etc/nginx/conf.d
ADD entry.sh /
ADD wordpress.tar.gz ${CODE}# 修改權限
RUN chown -R www-data:www-data ${CODE}
# 暴露端口
EXPOSE 80 443# 容器啟動命令
CMD ["/entry.sh"]
2.4 nginx配置文件和容器啟動腳本
[root@docker01 /server/dockerfile/04-wordpress]# cat blog.oldboy.cn.conf
server {listen 80;server_name blog.oldboy.cn;root /app/code/blog/wordpress;location / {index index.php;}location ~ \.php$ {fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param HTTPS on;include fastcgi_params;}
}
#################################################################
[root@docker01 /server/dockerfile/04-wordpress]# cat entry.sh
#!/bin/bash
##############################################################
# File Name:entry.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:
##############################################################
php-fpm8.1
nginx -g 'daemon off;'
2.5 構建鏡像和啟動容器
docker build -t web:wp .
docker run -d --name wp -p 80:80 web:wp
- 添加hosts解析
- 瀏覽器訪問
3. 面試題:容器怎么暴露日志
- 將容器中服務的日志文件軟鏈接到/dev/stdout,或/dev/stderr,就是輸出到標準輸出和標準錯誤輸出
- docker就會收集到這些信息,并可以用docker logs查看
# 以nginx容器為例
ln -sf /var/log/nginx/access.log /dev/stdout
ln -sf /var/log/nginx/error.log /dev/stderr
- 或者,在Dockerfile中加上:
tail -F logs/*;- 表示一直輸出日志到屏幕,也會被docker捕獲
4. Dockerfile多階段構建
Docker 多階段構建(Multi-Stage Builds)是一種優化 Docker 鏡像大小的技術,允許在單個
Dockerfile中使用多個FROM指令,每個階段(Stage)可以獨立構建,并僅將必要的文件復制到最終鏡像中,丟棄中間階段的冗余內容。
- 以編譯tengine為例
4.1 未使用多階段構建的Dockerfile
[root@docker01 /server/dockerfile/05-tengine]# cat Dockerfile
#正常的一個tengine的鏡像(編譯安裝) 未使用多階段提交
#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine"
#######################
####ENV vars###########
#######################
#######################
#2. 編譯安裝 ######
#######################
#如果是阿里云服務器可以走內網 mirrors.cloud.aliyuncs.com
#sed命令修改為 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \&& apt-get update \&& apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev RUN wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \&& cd /tmp \&& tar xf ${Web_Server}-${Web_Version}.tar.gz \&& cd ${Web_Server}-${Web_Version} \&& ./configure --prefix=${Server_Dir} \--user=${Web_User} \--group=${Web_User} \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_stub_status_module \--with-http_mp4_module \--with-stream \--with-stream_ssl_module \--with-stream_realip_module \--add-module=modules/ngx_http_upstream_check_module/ \--add-module=modules/ngx_http_upstream_session_sticky_module
#編譯
RUN cd /tmp/ \&& cd ${Web_Server}-${Web_Version} \&& make -j `nproc` \&& make install
#后續操作
RUN groupadd ${Web_User} \&& useradd -g ${Web_User} ${Web_User} \&& ln -s ${Server_Dir} ${Server_Dir_Soft} \&& ln -s ${Server_Dir_Soft}/sbin/nginx /sbin/ \&& rm -fr /var/cache/* /var/lib/apt/* /tmp/* \&& ln -sf /dev/stdout /app/tools/tengine/logs/access.log \&& ln -sf /dev/stderr /app/tools/tengine/logs/error.logEXPOSE 80 443CMD ["nginx","-g","daemon off;"]
4.2 使用多階段構建的Dockerfile
- From 鏡像名稱 AS 別名
- 復制中間鏡像內容只能使用COPY --from,指定鏡像別名
- 環境變量不能跨鏡像使用
#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04 AS temp
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine"#######################
####ENV vars###########
#######################
#######################
#2. 編譯安裝 ######
#######################
#如果是阿里云服務器可以走內網 mirrors.cloud.aliyuncs.com
#sed命令修改為 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \&& apt-get update \&& apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev RUN wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \&& cd /tmp \&& tar xf ${Web_Server}-${Web_Version}.tar.gz \&& cd ${Web_Server}-${Web_Version} \&& ./configure --prefix=${Server_Dir} \--user=${Web_User} \--group=${Web_User} \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_stub_status_module \--with-http_mp4_module \--with-stream \--with-stream_ssl_module \--with-stream_realip_module \--add-module=modules/ngx_http_upstream_check_module/ \--add-module=modules/ngx_http_upstream_session_sticky_module
#編譯
RUN cd /tmp/ \&& cd ${Web_Server}-${Web_Version} \&& make -j `nproc` \&& make install FROM ubuntu:20.04
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine" #從中間鏡像復制內容到最終鏡像
COPY --from=temp /app/ /app/
#準備信息RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \&& apt-get update \&& apt install -y libssl-dev pcre2-utils libpcre3-dev zlib1g-dev \&& groupadd ${Web_User} \&& useradd -g ${Web_User} ${Web_User} \&& ln -s ${Server_Dir} ${Server_Dir_Soft} \&& ln -s ${Server_Dir_Soft}/sbin/nginx /sbin/ \&& rm -fr /var/cache/* /var/lib/apt/* /tmp/* \&& ln -sf /dev/stdout /app/tools/tengine/logs/access.log \&& ln -sf /dev/stderr /app/tools/tengine/logs/error.logEXPOSE 80 443CMD ["nginx","-g","daemon off;"]
5. Docker Compose
Docker Compose 是用于定義和運行多容器應用程序的工具。
- docker-compose相當于docker run命令,可以指定docker run的選項,如-p,-v,–restart等
5.1 安裝docker compose
- docker compose軟件:
docker-compose-linux-x86_64-2.30.3 鏈接: https://pan.baidu.com/s/1aWWsRTrBkpM9BjjFcj5FLw?pwd=f95j 提取碼: f95j
[root@docker01 ~]# chmod +x docker-compose-linux-x86_64-2.30.3
[root@docker01 ~]# mv docker-compose-linux-x86_64-2.30.3 /bin/docker-compose
[root@docker01 ~]# docker-compose -v
Docker Compose version v2.30.3
5.2 編寫docker-compose測試文件
[root@docker01 ~]# mkdir -p /server/docker-compose/01-test
[root@docker01 /server/docker-compose/01-test]# cat docker-compose.yml
#version: "3.3"
services:ngx:image: "nginx:1.24"container_name: ngx_testports:- 18888:80restart: alwaysvolumes:- "./index.html:/usr/share/nginx/html/index.html"
[root@docker01 /server/docker-compose/01-test]# echo 520SunKexu >index.html
5.3 執行docker-compose文件,啟動容器
[root@docker01 /server/docker-compose/01-test]# docker-compose up -d
[+] Running 2/2? Network 01-test_default Created 0.1s ? Container ngx_test Started 1.2s
[root@docker01 /server/docker-compose/01-test]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
ngx_test nginx:1.24 "/docker-entrypoint.…" ngx 5 minutes ago Up 4 minutes 0.0.0.0:18888->80/tcp, [::]:18888->80/tcp
- 瀏覽器訪問:
5.4 案例-小鳥飛飛
- 基礎鏡像:nginx,代碼
- 使用之前的Dockerfile文件,自定義構建鏡像
5.4.1 編寫docker-compose文件
[root@docker01 /server/docker-compose/02-bird]# cat docker-compose.yaml
services:bird:image: "web:bird_v2" # 指定鏡像名字;本地沒有該鏡像,需要使用Dockerfile構建build: # 構建鏡像context: . # 指定Dockerfile文件位置;就在本地dockerfile: Dockerfile # Dockerfile文件名稱container_name: bird_v2ports:- 80:80restart: always
5.4.2 運行docker-compose
# 先構建鏡像
[root@docker01 /server/docker-compose/02-bird]# docker-compose build
[+] Building 0.5s (10/10) FINISHED docker:default=> [bird internal] load build definition from Dockerfile 0.0s=> => transferring dockerfile: 489B 0.0s=> [bird internal] load metadata for docker.io/library/nginx:alpine 0.0s=> [bird internal] load .dockerignore 0.0s=> => transferring context: 2B 0.0s=> [bird 1/4] FROM docker.io/library/nginx:alpine 0.0s=> [bird internal] load build context 0.0s=> => transferring context: 91.96kB 0.0s=> [bird 2/4] RUN mkdir -p /app/code/bird 0.2s=> [bird 3/4] ADD bird.tar.gz /app/code/bird 0.1s=> [bird 4/4] ADD default.conf /etc/nginx/conf.d/ 0.0s=> [bird] exporting to image 0.0s=> => exporting layers 0.0s=> => writing image sha256:02c222e4257e82e73d6c2126eff63f534083205079c39c51fda1572251642820 0.0s=> => naming to docker.io/library/web:bird_v2 0.0s=> [bird] resolving provenance for metadata file 0.0s
# 再運行docker-compose
[root@docker01 /server/docker-compose/02-bird]# docker-compose up -d
[+] Running 2/2? Network 02-bird_default Created 0.1s ? Container bird_v2 Started 0.3s
- 瀏覽器訪問
- 刪除容器
- 不刪除鏡像
[root@docker01 /server/docker-compose/02-bird]# docker-compose down
[+] Running 2/1? Container bird_v2 Removed 0.2s ? Network 02-bird_default Removed 0.1s
6. 踩坑記錄
1. apt update時報錯
- 沒有CA證書
- apt下載源需要使用http地址
)
 視頻教程 - 主頁布局實現)
)
