构建java前后端应用程序的通用docker镜像
构建java前后端应用程序的通用docker镜像
后端
只需要将job映射到/app/app.jar目录就可以使用docker启动
Dockerfile
#FROM anapsix/alpine-java:8_server-jre_unlimited
FROM openjdk:8-jre-alpine
MAINTAINER www.muphy.me
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN mkdir -p /app /app/logs /app/data
WORKDIR /app
EXPOSE 8080
# 默认设置内存
ENV JAVA_OPTS="-Xms512m -Xmx512m"
# ADD ./xxl-job-admin.jar ./
# CMD sleep 10;java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar app.jar
CMD ["/bin/sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar app.jar"]
构建成镜像java_app
docker build -t java_app .
jdk17版本Dockerfile
# 使用OpenJDK 17作为基础镜像
FROM openjdk:17-jdk-alpine
MAINTAINER www.muphy.me
# 将时区设置为上海
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# 创建必要的目录
RUN mkdir -p /app /app/logs /app/data
# 设置工作目录
WORKDIR /app
# 暴露应用运行的端口
EXPOSE 8080
# 设置默认的Java内存选项
ENV JAVA_OPTS="-Xms1g -Xmx1g"
# 将你的应用JAR文件添加到镜像中
# 确保'app.jar'是你的实际JAR文件名
# ADD ./xxl-job-admin.jar ./
# 使用sh命令运行Java应用
CMD ["/bin/sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar app.jar"]
ARM架构
# 确保已拉取基础镜像
docker pull arm64v8/openjdk:17-jdk
# 使用普通 docker build
DOCKER_BUILDKIT=0 docker build -t java17_app_arm .
前端
直接使用ngnix镜像
运行npm run build编译前端项目到dist目录,并将目录中的内容映射到/usr/share/nginx/html目录即可使用docker启动
nginx.conf ngnix配置文件
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream azi {
server 127.0.0.1:8808 max_fails=30 fail_timeout=30s;
}
server {
listen 8809;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass azi;
}
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 限制body大小
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
upstream server {
ip_hash;
# gateway 地址
server 172.30.0.101:8080;
}
server {
listen 80;
server_name localhost;
# https配置参考 start
#listen 443 ssl;
# 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径
#ssl on;
#ssl_certificate /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_certificate_key /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
# https配置参考 end
# 演示环境配置 拦截除 GET POST 之外的所有请求
# if ($request_method !~* GET|POST) {
# rewrite ^/(.*)$ /403;
# }
# location = /403 {
# default_type application/json;
# return 200 '{"msg":"演示模式,不允许操作","code":500}';
# }
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
# 参考下面minio配置后端代理地址
location /minio/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://minio:9000/;
proxy_pass http://127.0.0.1:8809/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
使用docker-compose启动
docker-compose内容
点击查看代码
# 生产环境 172.30.5.**
# 中间件类 从2开始
# 管理类 从50开始
# 系统类 从100开始
services:
# 中间件类 从2开始
mysql:
image: mysql:8.0.40
container_name: mw-mysql
environment:
# 时区上海
TZ: Asia/Shanghai
# root 密码
MYSQL_ROOT_PASSWORD: xxx
# 初始化数据库
# 直接设置最大连接数(MySQL 8.0+)
MYSQL_MAX_CONNECTIONS: "500"
MYSQL_DEFAULT_AUTHENTICATION_PLUGIN: mysql_native_password
MYSQL_CHARACTER_SET_SERVER: utf8mb4
MYSQL_COLLATION_SERVER: utf8mb4_general_ci
ports:
- "13306:3306"
volumes:
# 数据挂载
- ./data/mysql/data/:/var/lib/mysql/
- ./data/mysql/logs/:/var/lib/logs/
# 配置挂载
- ./data/mysql/conf/:/etc/mysql/conf.d/
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --explicit_defaults_for_timestamp=true --lower_case_table_names=1 --max_connections=500 --innodb_buffer_pool_size=512M
privileged: true
# restart: always
networks:
mw_net:
ipv4_address: 172.30.5.2
deploy:
resources:
limits:
#cpus: 0.25
memory: 1536M
reservations:
# cpus: 0.2
memory: 768M
redis:
image: redis:6.2.6
container_name: mw-redis
ports:
- "16379:6379"
environment:
# 时区上海
TZ: Asia/Shanghai
volumes:
# 配置文件
- ./data/redis/conf:/redis/config
# 数据文件
- ./data/redis/data/:/redis/data/
command: "redis-server /redis/config/redis.conf"
privileged: true
# restart: always
networks:
mw_net:
ipv4_address: 172.30.5.4
deploy:
resources:
limits:
#cpus: 0.25
memory: 128M
reservations:
# cpus: 0.2
memory: 64M
minio:
image: minio/minio:RELEASE.2021-10-27T16-29-42Z
container_name: mw-minio
ports:
# api 端口
- "19000:9000"
# 控制台端口
- "19001:9001"
environment:
# 时区上海
TZ: Asia/Shanghai
# 管理后台用户名
MINIO_ACCESS_KEY: ruphy
# 管理后台密码,最小8个字符
MINIO_SECRET_KEY: azi123...
# https需要指定域名
MINIO_SERVER_URL: ""
# 开启压缩 on 开启 off 关闭
MINIO_COMPRESS: "off"
# 扩展名 .pdf,.doc 为空 所有类型均压缩
MINIO_COMPRESS_EXTENSIONS: ""
# mime 类型 application/pdf 为空 所有类型均压缩
MINIO_COMPRESS_MIME_TYPES: ""
volumes:
# 映射当前目录下的data目录至容器内/data目录
- ./data/minio/data:/data
# 映射配置目录
- ./data/minio/config:/root/.minio/
command: server --address ':9000' --console-address ':9001' /data # 指定容器中的目录 /data
privileged: true
# restart: always
networks:
mw_net:
ipv4_address: 172.30.5.6
deploy:
resources:
limits:
#cpus: 0.25
memory: 512M
reservations:
# cpus: 0.2
memory: 128M
nginx:
image: nginx:1.21.3
container_name: mw-nginx
environment:
# 时区上海
TZ: Asia/Shanghai
ports:
- "10088:88"
- "10090:90"
- "13001:90"
- "10443:18080"
volumes:
# 证书映射
- ./data/nginx/cert:/etc/nginx/cert
# 配置文件映射
- ./data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
# 页面目录
- ./data/nginx/html:/usr/share/nginx/html
# 日志目录
- ./data/nginx/log:/var/log/nginx
privileged: true
restart: always
networks:
mw_net:
ipv4_address: 172.30.5.8
deploy:
resources:
limits:
#cpus: 0.25
memory: 128M
reservations:
#cpus: 0.2
memory: 64M
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.6.1
# localhost: elasticsearch
container_name: mw-elasticsearch
privileged: true
# user: root
environment:
- cluster.name=elasticsearch
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
- discovery.type=single-node
#- xpack.security.enabled=false
volumes:
- ./data/es/data:/usr/share/elasticsearch/data
- ./data/es/logs:/usr/share/elasticsearch/logs
- ./data/es/plugins:/usr/share/elasticsearch/plugins
# - /docker/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- "19200:9200"
- "19300:9300"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9200"]
interval: 30s
timeout: 10s
retries: 3
networks:
mw_net:
ipv4_address: 172.30.5.10
deploy:
resources:
limits:
#cpus: 0.25
memory: 2g
reservations:
#cpus: 0.2
memory: 2g
kibana:
image: docker.elastic.co/kibana/kibana:8.6.1
container_name: mw-kibana
privileged: true
# hostname: kibana
# user: root
depends_on:
- elasticsearch
ports:
- "15601:5601"
environment:
# - "elasticsearch.hosts=http://elasticsearch:9200"
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
#- ELASTICSEARCH_USERNAME=elastic
#- ELASTICSEARCH_PASSWORD=密码 # 替换为你的密码
#- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=6fbda411e070f2e82d937ac5b92f31a3949fbaf4e6e641d700a2ec411246541b # 32位随机字符
#- XPACK_REPORTING_ENCRYPTIONKEY=6fbda411e070f2e82d937ac5b92f31a3949fbaf4e6e641d700a2ec411246541b
- ELASTICSEARCH_SERVICEACCOUNTTOKEN=AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS10b2tlbjpkUVU5cmxCbFNZT295SjR5WGU5MjJn #TOKEN
networks:
mw_net:
ipv4_address: 172.30.5.12
deploy:
resources:
limits:
#cpus: 0.25
memory: 1g
reservations:
#cpus: 0.2
memory: 1g
nacos:
#image: nacos/nacos-server:v2.0.4
image: nacos/nacos-server:v2.2.3
container_name: mw-nacos
ports:
- "18848:18848"
- "19848:19848"
environment:
TZ: Asia/Shanghai
MODE: standalone
SERVER_PORT: 18848
NACOS_APPLICATION_PORT: 18848
NACOS_GRPC_ADDR: 19848
SERVER_IP: 0.0.0.0
SPRING_DATASOURCE_PLATFORM: mysql
NACOS_AUTH_ENABLE: true
NACOS_AUTH_SYSTEM_TYPE: nacos
NACOS_AUTH_IDENTITY_KEY: serverIdentity
NACOS_AUTH_IDENTITY_VALUE: security
NACOS_AUTH_TOKEN: SecretKey012345678901234567890123456789012345678901234567890123456789
MYSQL_SERVICE_HOST: mw-mysql
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: root
MYSQL_SERVICE_PASSWORD: azi123...
MYSQL_SERVICE_DB_NAME: nacos_config
MYSQL_SERVICE_DB_PARAM: characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=Asia/Shanghai
NACOS.REMOTE.SERVER.GRPC.PORT: 19848
volumes:
- ./data/nacos/logs/:/home/nacos/logs
- ./data/nacos/config/custom.properties:/home/nacos/init.d/custom.properties
- ./data/nacos/config/application.properties:/home/nacos/conf/application.properties
privileged: true
# restart: always
networks:
mw_net:
ipv4_address: 172.30.5.14
deploy:
resources:
limits:
#cpus: 0.5
memory: 2g
reservations:
# cpus: 0.2
memory: 2g
# 办公类 下面是从50开始
# 系统类 从100开始
# 直播
ruphy-live-admin:
build:
context: ./
dockerfile: ./Dockerfile-live-admin
#restart: on-failure
restart: no
container_name: ruphy-live-admin
image: java17_app
#ports:
#- "16002:6002"
environment:
- JAVA_OPTS=-Xms768m -Xmx768m
- SERVER_PORT=6002
- SPRING_PROFILES_ACTIVE=dev
- NACOS_GRPC_ADDR=nacos:19848
- SPRING_CLOUD_NACOS_DISCOVERY_GRPC_PORT=19848
- SPRING_CLOUD_NACOS_CONFIG_GRPC_PORT=19848
- SPRING_CLOUD_NACOS_DISCOVERY_SERVER_ADDR=nacos:18848
- SPRING_CLOUD_NACOS_DISCOVERY_NAMESPACE=dev
- SPRING_CLOUD_NACOS_CONFIG_SERVER_ADDR=nacos:18848
- SPRING_CLOUD_NACOS_CONFIG_NAMESPACE=public
- SPRING_CLOUD_NACOS_CONFIG_FILE_EXTENSION=yml
- SPRING_CLOUD_NACOS_CONFIG_SHARED_CONFIGS=application-dev.yml
volumes:
- /etc/hosts:/etc/hosts:ro
- ./logs:/app/logs
- ./ruphy-live-admin.jar:/app/app.jar
networks:
mw_net:
ipv4_address: 172.30.5.100
deploy:
resources:
limits:
#cpus: 0.25
memory: 1g
reservations:
# cpus: 0.2
memory: 1g
networks:
mw_net:
driver: bridge
ipam:
config:
- subnet: 172.30.5.0/24
启动
docker-compose up -d
浙公网安备 33010602011771号