第11周

1、使用docker-compose制作nginx+php-fpm，mysql，wordpress镜像，并管理启动，实现wordpress的访问

#环境：
 宿主机：10.0.0.27 centos7.9.2009
 harbor：10.0.0.27
 docker：18.09.9
 docker-compose：1.18.0

1.1 nginx-1.22.1 业务镜像

#创建制作镜像目录
# mkdir -p /opt/docker/nginx-1.22.1-alpine-3.13.0
# cd /opt/docker/nginx-1.22.1-alpine-3.13.0

#创建dockerfile
# vi Dockerfile
FROM alpine:3.13.0
LABEL maintainer "Marko.Ou <oxz@qq.com>"
RUN sed -ri 's#dl-cdn.alpinelinux.org#mirrors.aliyun.com#g' /etc/apk/repositories; \
    sed -ri 's#dl-cdn.alpinelinux.org#mirrors.aliyun.com#g' /etc/apk/repositories; \
    apk update; \
    apk add iotop gcc libgcc libc-dev libcurl libc-utils pcre-dev openssl-dev zlib-dev libnfs make pcre pcre2 zip unzip net-tools pstree libevent libevent-dev
ADD nginx-1.22.1.tar.gz /usr/local
RUN sed -ri '/^static.*ngx_http_server_string/s#nginx"#KNM/1.1"#' /usr/local/nginx-1.22.1/src/http/ngx_http_header_filter_module.c; \
    cd /usr/local/nginx-1.22.1; \
    ./configure \
    --prefix=/usr/local/nginx_1.22.1 \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_realip_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --with-pcre \
    --with-stream \
    --with-stream_ssl_module \
    --with-stream_realip_module && make -j 4 && make install; \
    addgroup -S nginx ;\
    adduser -G nginx -h /data/www/wordpress -s /bin/false -H -S nginx; \
    ln -s /usr/local/nginx_1.22.1/ /usr/local/nginx; \
    mkdir /usr/local/nginx/conf.d; \
    chown -R nginx.nginx /usr/local/nginx/
ADD nginx.conf /usr/local/nginx/conf
ADD www.testou.com.conf /usr/local/nginx/conf.d
ADD latest-zh_CN.zip /data/www/
RUN cd /data/www; \
    unzip latest-zh_CN.zip; \
    rm -rf /data/www/latest-zh_CN.zip /usr/local/nginx-1.22.1.tar.gz /usr/local/nginx-1.22.1; \
    chown -R nginx.nginx /data/www/wordpress
ENV PATH $PATH:/usr/local/nginx/sbin
CMD ["nginx", "-g", "daemon off;"]

#目录结构
# tree /opt/docker/nginx-1.22.1-alpine-3.13.0
/opt/docker/nginx-1.22.1-alpine-3.13.0
├── build-command.sh
├── Dockerfile
├── latest-zh_CN.zip
├── nginx-1.22.1.tar.gz
├── nginx.conf
└── www.testou.com.conf

0 directories, 6 files

#构建镜像脚本
# cat /opt/docker/nginx-1.22.1-alpine-3.13.0/build-command.sh 
#!/bin/bash
docker login --username=admin --password=123456 10.0.0.27
docker build -t 10.0.0.27/oxz/nginx:1.22.1-alpine-3.13.0 .
docker push 10.0.0.27/oxz/nginx:1.22.1-alpine-3.13.0

#nginx配置文件
# cat /opt/docker/nginx-1.22.1-alpine-3.13.0/www.testou.com.conf
server {
  server_name www.testou.com;
  location / {
    root /data/www/wordpress;
    index index.php;
    access_log /data/www/wordpress/www.testou.access.log main;
  }
  location ~ \.php$ {
    root /data/www/wordpress;
    fastcgi_pass service-php:9000;
    #fastcgi_pass php-server:9000;
    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

#构建镜像
# bash build-command.sh

1.2 php_fpm 8.2.1 业务镜像

#创建制作镜像目录
# mkdir -p /opt/docker/php-fpm-8.2.1-centos-7.9.2009
# cd /opt/docker/php-fpm-8.2.1-centos-7.9.2009

#创建dockerfile
# vi Dockerfile
FROM centos:7.9.2009
LABEL maintainer "Marko.Ou <oxz@qq.com>"
RUN cd /etc/yum.repos.d; \
    mkdir bakdir; \
    mv *.repo bakdir
ADD CentOS7.repo /etc/yum.repos.d
ADD php-8.2.1.tar.gz /usr/local
ADD latest-zh_CN.zip /data/www/
RUN yum -y install gcc make libxml2-devel sqlite-devel openssl-devel oniguruma-devel unzip; \
    cd /usr/local/php-8.2.1/; \
    ./configure \
        --prefix=/usr/local/php_8.2.1 \
        --enable-mysqlnd \
        --with-mysqli=mysqlnd \
        --with-pdo-mysql=mysqlnd \
        --with-openssl \
        --with-zlib \
        --with-config-file-path=/usr/local/php_8.2.1/etc \
        --with-config-file-scan-dir=/usr/local/php_8.2.1/etc/php.d \
        --enable-mbstring \
        --enable-xml \
        --enable-sockets \
        --disable-fileinfo \
        --enable-fpm; \
    make -j 4; \
    make install; \
    ln -s /usr/local/php_8.2.1/ /usr/local/php; \
    cp /usr/local/php-8.2.1/php.ini-production /etc/php.ini; \
    cp /usr/local/php/etc/php-fpm.conf{.default,}; \
    cp /usr/local/php/etc/php-fpm.d/www.conf{.default,}; \
    sed -ri '/^user/s#(.*= ).*#\1nginx#' /usr/local/php/etc/php-fpm.d/www.conf; \
    sed -ri '/^group/s#(.*= ).*#\1nginx#' /usr/local/php/etc/php-fpm.d/www.conf; \
    sed -ri '/^listen =/s#(listen =).*(:9000)#\1 0.0.0.0\2#' /usr/local/php/etc/php-fpm.d/www.conf; \
    groupadd -r nginx; \
    useradd -g nginx -r -s /bin/false nginx; \
    cd /data/www; \
    unzip latest-zh_CN.zip; \
    rm -rf latest-zh_CN.zip /usr/local/php-8.2.1 /usr/local/php-8.2.1.tar.gz; \
    chown -R nginx.nginx /data/www/wordpress
ADD run_php-fpm.sh /usr/local/bin
CMD ["/usr/local/bin/run_php-fpm.sh"]

#目录结构
# tree /opt/docker/php-fpm-8.2.1-centos-7.9.2009
/opt/docker/php-fpm-8.2.1-centos-7.9.2009
├── build-command.sh
├── CentOS7.repo
├── Dockerfile
├── latest-zh_CN.zip
├── php-8.2.1.tar.gz
└── run_php-fpm.sh

0 directories, 6 files

#构建镜像脚本
# cat /opt/docker/php-fpm-8.2.1-centos-7.9.2009/build-command.sh 
#!/bin/bash
docker login --username=admin --password=123456 10.0.0.27
docker build -t 10.0.0.27/oxz/php-fpm:8.2.1-centos-7.9.2009 .
docker push 10.0.0.27/oxz/php-fpm:8.2.1-centos-7.9.2009

#启动php-fpm脚本
# cat /opt/docker/php-fpm-8.2.1-centos-7.9.2009/run_php-fpm.sh 
#!/bin/bash
/usr/local/php/sbin/php-fpm &
tail -f /etc/hosts

#构建镜像
# bash build-command.sh

1.3 mysql-5.7.35 业务镜像

#创建制作镜像目录
# mkdir -p /opt/docker/mysql-5.7.35-centos-7.9.2009
# cd /opt/docker/mysql-5.7.35-centos-7.9.2009

#创建dockerfile
# vi Dockerfile
FROM centos:7.9.2009
LABEL maintainer "Marko.Ou <oxz@qq.com>"
RUN cd /etc/yum.repos.d; \
    mkdir bakdir; \
    mv *.repo bakdir; \
    groupadd -r mysql; \
    useradd -g mysql -r -s /bin/false mysql; \
    mkdir -p /data/mysql; \
    chown mysql.mysql /data/mysql
ADD CentOS7.repo /etc/yum.repos.d
COPY mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz /usr/local
RUN tar xf /usr/local/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local; \
    ln -s /usr/local/mysql-5.7.35-linux-glibc2.12-x86_64 /usr/local/mysql; \
    chown -R root.root /usr/local/mysql/; \
    rm -rf /usr/local/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
ADD my.cnf /etc
ADD mysql_secure_install.sh run_mysql.sh /usr/local/bin/
RUN yum -y install libaio ncurses-compat-libs numactl expect sysvinit-tools; \
    /usr/local/mysql/bin/mysqld --initialize --datadir=/data/mysql --user=mysql; \
    cp -a /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mysqld; \
    /etc/rc.d/init.d/mysqld start; \
    MYSQL_OLD_PW="`awk '/temporary password/{print $NF}' /data/mysql/mysql.log`"; \
    /usr/local/mysql/bin/mysqladmin -uroot -p${MYSQL_OLD_PW} password root; \
    /usr/local/bin/mysql_secure_install.sh; \
    /usr/local/mysql/bin/mysql -uroot -proot -e 'create database wordpress'; \
    /usr/local/mysql/bin/mysql -uroot -proot -e "grant all on wordpress.* to wordpress@'172.17.%.%' identified by 'root'"; \
    /usr/local/mysql/bin/mysqladmin -uroot -proot shutdown
CMD ["/usr/local/bin/run_mysql.sh"]

#目录结构
# tree /opt/docker/mysql-5.7.35-centos-7.9.2009
/opt/docker/mysql-5.7.35-centos-7.9.2009
├── build-command.sh
├── CentOS7.repo
├── Dockerfile
├── my.cnf
├── mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
├── mysql_secure_install.sh
└── run_mysql.sh

0 directories, 7 files

#构建镜像脚本
# cat /opt/docker/mysql-5.7.35-centos-7.9.2009/build-command.sh 
#!/bin/bash
docker login --username=admin --password=123456 10.0.0.27
docker build -t 10.0.0.27/oxz/mysql:5.7.35-centos-7.9.2009 .
docker push 10.0.0.27/oxz/mysql:5.7.35-centos-7.9.2009

#mysql加固脚本
# cat /opt/docker/mysql-5.7.35-centos-7.9.2009/mysql_secure_install.sh 
#!/bin/bash
expect <<-EOF
spawn /usr/local/mysql/bin/mysql_secure_installation
expect "Enter password for user root" { send "root\n" }
expect "setup VALIDATE PASSWORD" { send "n\n" }
expect "Change the password for root" { send "n\n" }
expect "Remove anonymous users" { send "y\n" }
expect "Disallow root login remotely" { send "y\n" }
expect "Remove test database and access to it" { send "y\n" }
expect "Reload privilege tables now" { send "y\n" }
expect eof
EOF

#启动mysql脚本
# cat /opt/docker/mysql-5.7.35-centos-7.9.2009/run_mysql.sh 
#!/bin/bash
/etc/rc.d/init.d/mysqld start
tail -f /etc/hosts

#构建镜像
# bash build-command.sh

1.4 docker-compose.yml

# mkdir -p /opt/docker-compose/nginx-php_fpm-mysql
# cd /opt/docker-compose/nginx-php_fpm-mysql

# vi docker-compose.yml 
service-nginx:
  image: 10.0.0.27/oxz/nginx:1.22.1-alpine-3.13.0
  container_name: nginx1
  restart: always
  ports:
  - "81:80"
  links:
  - service-php

service-php:
  image: 10.0.0.27/oxz/php-fpm:8.2.1-centos-7.9.2009
  container_name: php1
  restart: always
  #ports:
  #- "9000:9000"
  links:
  - service-mysql

service-mysql:
  image: 10.0.0.27/oxz/mysql:5.7.35-centos-7.9.2009
  container_name: mysql1
  restart: always
  #ports:
  #- "3306:3306"
  
#运行
# docker-compose pull
# docker-compose up -d

#浏览器访问：http://10.0.0.27:81/进行安装