深入解析:day056-Dockerfile案例与Docker Compose
文章目录
0. 老男孩思想-老男孩名言警句
- 成功绝非偶然,而是正确选择和持续努力后的必然
- 成功最有效的途径就是不断的和有经验的、成功的人学习
- 学习成功人士的思维和习惯,是成功的捷径
- 要做别人不敢做、做不到的事,才能从竞争者胜出
- 自己最不想改变的,往往是自己最需要改变的;要多接收、多学习他人的思维或习惯
- 找一份能让自己快速成长的企业,比多1-2千工资更重要
1. Dockerfile指令:ENV与ARG的区别?
- ENV:定义全局的环境变量,在脚本和容器中生效
- ARG:定义局部环境变量,仅在docker build时生效;使用–build-arg指定变量值
2. 创建WordPress镜像
- 基础镜像:ubuntu,nginx+php+代码
2.1 CA证书
CA(Certificate Authority,证书颁发机构)证书是数字证书体系的核心,用于验证网站、服务器、软件等的身份,并确保 HTTPS 加密通信的安全。
2.1.1 客户端访问HTTPS站点(阿里云镜像源)过程
- 服务端发送证书:阿里云服务器将SSL证书(由CA机构签发)发送给客户端
- 客户端那验证证书有效性:客户端使用本地预装的CA证书包:
- 验证签名:确认服务端证书是由受信任的CA签发
- 验证有效性:检查证书是否过期、域名是否匹配等
- 建立加密通道:验证通过后才开始加密数据传输
2.1.2 查看Windows的CA证书
- 管理员打开PowerShell:
Get-ChildItem -Path Cert:\LocalMachine\Root | Format-List Subject, Thumbprint, NotAfter
2.1.3 ubuntu查看CA证书是否安装
dpkg -s ca-certificates |grep Status- 如果已安装,会显示:
Status:install ok installed
2.2 准备apt下载源
ubuntu容器有可能是精简版本,可能没有安装CA证书包;
- 这时apt下载源需要使用http地址
[root@docker01 /server/dockerfile/04-wordpress]# cat sources.list
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
# deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse2.3 编写Dockerfile文件
[root@docker01 /server/dockerfile/04-wordpress]# cat Dockerfile
FROM ubuntu:22.04
LABEL author=skx desc="WordPress镜像:nginx+php"
# 变量
# 时区
ENV TZ=Asia/Shanghai
# 站点目录
ENV CODE=/app/code/blog
# 发送apt源文件和代码
ADD sources.list /etc/apt
# 指定时区;若不提前指定,则在安装php时会有交互式选项
# 安装软件
# 暴露日志
RUN apt update \
&&
DEBIAN_FRONTEND=noninteractive apt install -y tzdata \
&&
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \
&&
echo $TZ > /etc/timezone \
&&
apt install -y nginx \
&&
apt install -y php8.1-common php8.1-bcmath php8.1-cli php8.1-curl php8.1-dev php8.1-fpm php8.1-gd php8.1-mysql php8.1-mbstring php8.1-redis \
&&
mkdir -p ${CODE} \
&&
ln -sf /var/log/nginx/access.log /dev/stdout \
&&
ln -sf /var/log/nginx/error.log /dev/stderr \
&&
sed -i 's#^listen =.*#listen = 127.0.0.1:9000#g' /etc/php/8.1/fpm/pool.d/www.conf
# 上传文件
ADD blog.oldboy.cn.conf /etc/nginx/conf.d
ADD entry.sh /
ADD wordpress.tar.gz ${CODE}
# 修改权限
RUN chown -R www-data:www-data ${CODE}
# 暴露端口
EXPOSE 80 443
# 容器启动命令
CMD ["/entry.sh"]2.4 nginx配置文件和容器启动脚本
[root@docker01 /server/dockerfile/04-wordpress]# cat blog.oldboy.cn.conf
server {
listen 80;
server_name blog.oldboy.cn;
root /app/code/blog/wordpress;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
#################################################################
[root@docker01 /server/dockerfile/04-wordpress]# cat entry.sh
#!/bin/bash
##############################################################
# File Name:entry.sh
# Version:V1.0
# Author:SunKexu
# Organization:www.oldboyedu.com
# Desc:
##############################################################
php-fpm8.1
nginx -g 'daemon off;'
2.5 构建镜像和启动容器
docker build -t web:wp .
docker run -d --name wp -p 80:80 web:wp- 添加hosts解析
- 浏览器访问
3. 面试题:容器怎么暴露日志
- 将容器中服务的日志文件软链接到/dev/stdout,或/dev/stderr,就是输出到标准输出和标准错误输出
- docker就会收集到这些信息,并可以用docker logs查看
# 以nginx容器为例
ln -sf /var/log/nginx/access.log /dev/stdout
ln -sf /var/log/nginx/error.log /dev/stderr- 或者,在Dockerfile中加上:
tail -F logs/*;- 表示一直输出日志到屏幕,也会被docker捕获
4. Dockerfile多阶段构建
Docker 多阶段构建(Multi-Stage Builds)是一种优化 Docker 镜像大小的技术,允许在单个
Dockerfile中使用多个FROM指令,每个阶段(Stage)可以独立构建,并仅将必要的文件复制到最终镜像中,丢弃中间阶段的冗余内容。
- 以编译tengine为例
4.1 未使用多阶段构建的Dockerfile
[root@docker01 /server/dockerfile/05-tengine]# cat Dockerfile
#正常的一个tengine的镜像(编译安装) 未使用多阶段提交
#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine"
#######################
####ENV vars###########
#######################
#######################
#2. 编译安装 ######
#######################
#如果是阿里云服务器可以走内网 mirrors.cloud.aliyuncs.com
#sed命令修改为 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&&
apt-get update \
&&
apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev
RUN wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \
&&
cd /tmp \
&&
tar xf ${Web_Server}-${Web_Version}.tar.gz \
&&
cd ${Web_Server}-${Web_Version} \
&& ./configure --prefix=${Server_Dir} \
--user=${Web_User} \
--group=${Web_User} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=modules/ngx_http_upstream_check_module/ \
--add-module=modules/ngx_http_upstream_session_sticky_module
#编译
RUN cd /tmp/ \
&&
cd ${Web_Server}-${Web_Version} \
&&
make -j `nproc` \
&&
make install
#后续操作
RUN groupadd ${Web_User} \
&&
useradd -g ${Web_User} ${Web_User} \
&&
ln -s ${Server_Dir} ${Server_Dir_Soft} \
&&
ln -s ${Server_Dir_Soft}/sbin/nginx /sbin/ \
&&
rm -fr /var/cache/* /var/lib/apt/* /tmp/* \
&&
ln -sf /dev/stdout /app/tools/tengine/logs/access.log \
&&
ln -sf /dev/stderr /app/tools/tengine/logs/error.log
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]4.2 使用多阶段构建的Dockerfile
- From 镜像名称 AS 别名
- 复制中间镜像内容只能使用COPY --from,指定镜像别名
- 环境变量不能跨镜像使用
#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04 AS temp
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine"
#######################
####ENV vars###########
#######################
#######################
#2. 编译安装 ######
#######################
#如果是阿里云服务器可以走内网 mirrors.cloud.aliyuncs.com
#sed命令修改为 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&&
apt-get update \
&&
apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev
RUN wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \
&&
cd /tmp \
&&
tar xf ${Web_Server}-${Web_Version}.tar.gz \
&&
cd ${Web_Server}-${Web_Version} \
&& ./configure --prefix=${Server_Dir} \
--user=${Web_User} \
--group=${Web_User} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=modules/ngx_http_upstream_check_module/ \
--add-module=modules/ngx_http_upstream_session_sticky_module
#编译
RUN cd /tmp/ \
&&
cd ${Web_Server}-${Web_Version} \
&&
make -j `nproc` \
&&
make install
FROM ubuntu:20.04
LABEL maintainer="Tengine docker admin <youjiu_linux@qq.com>" author="oldboylidao996"
ENV Web_User "nginx"
ENV Web_Server "tengine"
ENV Web_Version "3.1.0"
ENV Server_Dir "/app/tools/tengine-3.1.0"
ENV Server_Dir_Soft "/app/tools/tengine"
#从中间镜像复制内容到最终镜像
COPY --from=temp /app/ /app/
#准备信息
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&&
apt-get update \
&&
apt install -y libssl-dev pcre2-utils libpcre3-dev zlib1g-dev \
&&
groupadd ${Web_User} \
&&
useradd -g ${Web_User} ${Web_User} \
&&
ln -s ${Server_Dir} ${Server_Dir_Soft} \
&&
ln -s ${Server_Dir_Soft}/sbin/nginx /sbin/ \
&&
rm -fr /var/cache/* /var/lib/apt/* /tmp/* \
&&
ln -sf /dev/stdout /app/tools/tengine/logs/access.log \
&&
ln -sf /dev/stderr /app/tools/tengine/logs/error.log
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]5. Docker Compose
Docker Compose 是用于定义和运行多容器应用程序的工具。
- docker-compose相当于docker run命令,可以指定docker run的选项,如-p,-v,–restart等
5.1 安装docker compose
- docker compose软件:
docker-compose-linux-x86_64-2.30.3 链接: https://pan.baidu.com/s/1aWWsRTrBkpM9BjjFcj5FLw?pwd=f95j 提取码: f95j
[root@docker01 ~]# chmod +x docker-compose-linux-x86_64-2.30.3
[root@docker01 ~]# mv docker-compose-linux-x86_64-2.30.3 /bin/docker-compose
[root@docker01 ~]# docker-compose -v
Docker Compose version v2.30.35.2 编写docker-compose测试文件
[root@docker01 ~]# mkdir -p /server/docker-compose/01-test
[root@docker01 /server/docker-compose/01-test]# cat docker-compose.yml
#version: "3.3"
services:
ngx:
image: "nginx:1.24"
container_name: ngx_test
ports:
- 18888:80
restart: always
volumes:
- "./index.html:/usr/share/nginx/html/index.html"
[root@docker01 /server/docker-compose/01-test]# echo 520SunKexu >index.html5.3 执行docker-compose文件,启动容器
[root@docker01 /server/docker-compose/01-test]# docker-compose up -d
[+] Running 2/2
✔ Network 01-test_default Created 0.1s
✔ Container ngx_test Started 1.2s
[root@docker01 /server/docker-compose/01-test]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
ngx_test nginx:1.24 "/docker-entrypoint.…" ngx 5 minutes ago Up 4 minutes 0.0.0.0:18888->
80/tcp, [::]:18888->
80/tcp- 浏览器访问:
5.4 案例-小鸟飞飞
- 基础镜像:nginx,代码
- 使用之前的Dockerfile文件,自定义构建镜像
5.4.1 编写docker-compose文件
[root@docker01 /server/docker-compose/02-bird]# cat docker-compose.yaml
services:
bird:
image: "web:bird_v2" # 指定镜像名字;本地没有该镜像,需要使用Dockerfile构建
build: # 构建镜像
context: . # 指定Dockerfile文件位置;就在本地
dockerfile: Dockerfile # Dockerfile文件名称
container_name: bird_v2
ports:
- 80:80
restart: always5.4.2 运行docker-compose
# 先构建镜像
[root@docker01 /server/docker-compose/02-bird]# docker-compose build
[+] Building 0.5s (10/10) FINISHED docker:default
=>
[bird internal] load build definition from Dockerfile 0.0s
=>
=> transferring dockerfile: 489B 0.0s
=>
[bird internal] load metadata for docker.io/library/nginx:alpine 0.0s
=>
[bird internal] load .dockerignore 0.0s
=>
=> transferring context: 2B 0.0s
=>
[bird 1/4] FROM docker.io/library/nginx:alpine 0.0s
=>
[bird internal] load build context 0.0s
=>
=> transferring context: 91.96kB 0.0s
=>
[bird 2/4] RUN mkdir -p /app/code/bird 0.2s
=>
[bird 3/4] ADD bird.tar.gz /app/code/bird 0.1s
=>
[bird 4/4] ADD default.conf /etc/nginx/conf.d/ 0.0s
=>
[bird] exporting to image 0.0s
=>
=> exporting layers 0.0s
=>
=> writing image sha256:02c222e4257e82e73d6c2126eff63f534083205079c39c51fda1572251642820 0.0s
=>
=> naming to docker.io/library/web:bird_v2 0.0s
=>
[bird] resolving provenance for metadata file 0.0s
# 再运行docker-compose
[root@docker01 /server/docker-compose/02-bird]# docker-compose up -d
[+] Running 2/2
? Network 02-bird_default Created 0.1s
? Container bird_v2 Started 0.3s- 浏览器访问
- 删除容器
- 不删除镜像
[root@docker01 /server/docker-compose/02-bird]# docker-compose down
[+] Running 2/1
✔ Container bird_v2 Removed 0.2s
✔ Network 02-bird_default Removed 0.1s6. 踩坑记录
1. apt update时报错
- 没有CA证书
- apt下载源需要使用http地址
浙公网安备 33010602011771号