day56-Dockerfile自定义镜像

网站架构容器化（迁移到容器中）

• 服务，代码，自定义镜像（没有直接可用的镜像或官网的镜像无法满足）
  • 自定义tomcat镜像
  • 自定义jar包镜像
  • nginx+php
  • 自定义tengine镜像（多阶段构建）

创建nginx+php镜像

部署步骤

• 配置apt源(ubuntu 20.04)

#阿里云服务使用mirrors.cloud.aliyuncs.com
sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.listdeb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse# deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

• 配置apt源(ubuntu 22.04)

#阿里云服务使用mirrors.cloud.aliyuncs.com
sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.listdeb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse# deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse

• 安装nginx

apt-get install -y nginx

• 安装php

DEBIAN_FRONTEND=noninteractive apt-get install -y php8.1-bcmath php8.1-bz2 php8.1-cgi php8.1-cli php8.1-common php8.1-curl php8.1-fpm php8.1-gd php8.1-intl php8.1-mbstring php8.1-mysql php8.1-opcache php8.1-readline php8.1-soap php8.1-xml php8.1-zip php8.1-apcu php8.1-redis php8.1-snmp

• 修改nginx/php配置文件

1.修改nginx子配置文件
vim /etc/nginx/conf.d/blog.conf
server {listen 80;server_name blog.zhubl.xyz;root  /app/code/blog/;location  / {index index.php;}location ~ \.php$ {fastcgi_pass  127.0.0.1:9000;fastcgi_index  index.php; fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;include   fastcgi_params;}
}#删除默认站点配置文件
rm -f /etc/ngin/sites-enabled/default2.修改nginx主配置文件
sed -i 's#^user.*#user www;#g' /etc/nginx/nginx.conf3.修改php配置文件
sed -i 's#^listen =.*#listen = 127.0.0.1:9000#g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's#^user =.*#user = www#g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's#^group =.*#group = www#g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's#www-data#www#g' /etc/php/8.1/fpm/pool.d/www.conf4.添加虚拟用户
useradd -s /sbin/nologin -M -u 1999 www5.创建站点目录
mkdir -p /app/code/blog/6.创建首页文件
<?php
phpinfo();
?>

• 启动php与nginx

php-fpm8.1
nginx -g "daemon off;"

书写Dockerfile

FROM ubuntu:22.04
LABEL author="zhu" desc="nginx+php"ENV CODE /app/code/blog/
ENV TZ=/Asia/ShanghaiRUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g'   /etc/apt/sources.list \&& apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata \&& ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime \&& echo ${TZ} > /etc/timezone \&& apt-get install -y nginx \&& apt-get install -y php8.1-bcmath php8.1-bz2 php8.1-cgi php8.1-cli php8.1-common php8.1-curl php8.1-fpm php8.1-gd php8.1-intl php8.1-mbstring php8.1-mysql php8.1-opcache php8.1-readline php8.1-soap php8.1-xml php8.1-zip php8.1-apcu php8.1-redis php8.1-snmp \&& mkdir -p ${CODE} \&& rm -fr /var/cache/*  /var/lib/apt/* /tmp/* \&& ln -sf /var/log/nginx/access.log /dev/stdout \&& ln -sf /var/log/nginx/error.log /dev/stderrADD blog.conf /etc/nginx/conf.d/
RUN sed -i 's#^user.*#user www;#g' /etc/nginx/nginx.conf
RUN sed -i 's#^listen =.*#listen = 127.0.0.1:9000#g' /etc/php/8.1/fpm/pool.d/www.conf
RUN sed -i 's#www-data#www#g' /etc/php/8.1/fpm/pool.d/www.conf
RUN useradd -s /sbin/nologin -M -u 1999 wwwADD index.php ${CODE}
ADD entry.sh /EXPOSE 80 443CMD ["/entry.sh"]

• 准备文件

• 生成镜像

docker build -t web:nginx_php .

• 运行容器

docker run -d --name blog -p 80:80 web:nginx_php

• 浏览器访问

http://blog.zhubl.xyz

镜像暴露日志

• 将日志文件软连接到/dev/stdout /dev/stderr，日志会输出标准输出，标准错误输出（命令行，屏幕中）
• 配置文件中配置loggin.prexxx Console命令行
• tail -F logs/*

docker logs 查看日志的本质：
容器中的/var/log/服务日志文件软连接到了/dev/stdout /dev/stderr
/dev/stdout /dev/stderr会将输出的内容打印到屏幕上，然后被docker获取到，就可以使用docker logs查看日志内容

Dockerfile多阶段提交

• 编译安装（tengine）/编译代码（java后端，vue前端）
• 书写dockerfile
• 多阶段提交（from临时镜像编译操作，把编译结果COPY到最终镜像，最后使用最终镜像）
• 更加方便使用dockerfile缓存

未使用多阶段提交

• ubuntu 22.04编译安装tengine

#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04 
LABEL maintainer="Tengine docker admin  <2501379813@qq.com>"  author="zhu"#######################
####ENV vars###########
#######################
ENV  Web_User        "nginx"
ENV  Web_Server      "tengine"
ENV  Web_Version     "3.1.0"
ENV  Server_Dir      "/app/tools/tengine-3.1.0"
ENV  Server_Dir_Soft "/app/tools/tengine"#######################
#2. 编译安装     ######
#######################
#如果是阿里云服务器可以走内网  mirrors.cloud.aliyuncs.com
#sed命令修改为 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g'   /etc/apt/sources.list \&& apt-get update \&& apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-devRUN wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \&& cd /tmp \&& tar xf ${Web_Server}-${Web_Version}.tar.gz \&& cd ${Web_Server}-${Web_Version} \&&  ./configure --prefix=${Server_Dir}  \--user=${Web_User} \--group=${Web_User} \--with-http_ssl_module \--with-http_v2_module   \--with-http_realip_module \--with-http_stub_status_module \--with-http_mp4_module \--with-stream  \--with-stream_ssl_module   \--with-stream_realip_module   \--add-module=modules/ngx_http_upstream_check_module/ \--add-module=modules/ngx_http_upstream_session_sticky_module 
#编译
RUN    cd /tmp/ \&& cd ${Web_Server}-${Web_Version} \&& make -j `nproc` \&& make install 
#后续操作
RUN    groupadd  ${Web_User} \&& useradd   -g ${Web_User}  ${Web_User} \&& ln -s ${Server_Dir}   ${Server_Dir_Soft} \&& ln -s ${Server_Dir_Soft}/sbin/nginx  /sbin/ \&& rm -fr /var/cache/*  /var/lib/apt/* /tmp/* \&& ln -sf /dev/stdout /app/tools/tengine/logs/access.log \&& ln -sf /dev/stderr /app/tools/tengine/logs/error.logEXPOSE 80 443CMD  ["nginx","-g","daemon off;"]

使用多阶段提交

• FROM 搭配 AS 别名

• 使用的时候COPY --from=别名

• 优点

  • 精简镜像大小
  • 安全（把中间过程依赖，保留在中间镜像，最终镜像精简）
  • 编译环境，运行环境分开

• 书写Dockerfile

#######################
#1. pull ubuntu image##
#######################
FROM ubuntu:20.04 AS temp
LABEL maintainer="Tengine docker admin  <2501379813@qq.com>"  author="zhu"#######################
####ENV vars###########
#######################
ENV  Web_User        "nginx"
ENV  Web_Server      "tengine"
ENV  Web_Version     "3.1.0"
ENV  Server_Dir      "/app/tools/tengine-3.1.0"
ENV  Server_Dir_Soft "/app/tools/tengine"#######################
#2. 编译安装     ######
#######################
#如果是阿里云服务器可以走内网  mirrors.cloud.aliyuncs.com
#sed命令修改为 sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list
RUN    sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g'   /etc/apt/sources.list \&& apt-get update \&& apt-get install  -y wget  libssl-dev make gcc pcre2-utils   libpcre3-dev  zlib1g-dev RUN    wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \&& cd /tmp \&& tar xf ${Web_Server}-${Web_Version}.tar.gz \&& cd ${Web_Server}-${Web_Version} \&&  ./configure --prefix=${Server_Dir}  \--user=${Web_User} \--group=${Web_User} \--with-http_ssl_module \--with-http_v2_module   \--with-http_realip_module \--with-http_stub_status_module \--with-http_mp4_module \--with-stream  \--with-stream_ssl_module   \--with-stream_realip_module   \--add-module=modules/ngx_http_upstream_check_module/ \--add-module=modules/ngx_http_upstream_session_sticky_module 
#编译
RUN     cd /tmp/ \&& cd ${Web_Server}-${Web_Version} \&&  make -j `nproc` \&&  make install FROM ubuntu:20.04 
LABEL maintainer="Tengine docker admin  <2501379813@qq.com>"  author="zhu"
ENV  Web_User        "nginx"
ENV  Web_Server      "tengine"
ENV  Web_Version     "3.1.0"
ENV  Server_Dir      "/app/tools/tengine-3.1.0"
ENV  Server_Dir_Soft "/app/tools/tengine"  #从中间镜像复制内容到最终镜像
COPY --from=temp /app/ /app/
#准备信息RUN sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.cloud.aliyuncs.com#g' /etc/apt/sources.list \&& apt-get update \&& apt install -y libssl-dev pcre2-utils   libpcre3-dev  zlib1g-dev \&&    groupadd  ${Web_User} \&&  useradd   -g ${Web_User}  ${Web_User} \&&  ln -s ${Server_Dir}   ${Server_Dir_Soft} \&&  ln -s ${Server_Dir_Soft}/sbin/nginx  /sbin/ \&&  rm -fr /var/cache/*  /var/lib/apt/* /tmp/* \&&  ln -sf /dev/stdout /app/tools/tengine/logs/access.log \&&  ln -sf /dev/stderr /app/tools/tengine/logs/error.logEXPOSE 80 443CMD  ["nginx","-g","daemon off;"]

• 运行镜像

Docker-Compose

目前面临的问题：

1. docker run 指令越来越长
2. docker build后需要手动运行docker run

解决：

通过docker-compose实现 类似 docker run 指令

compose带来的新问题：docker-compose单机编排工具，遇到网站集群管理较为费劲

容器集群管理解决方案：

1. 脚本
2. ansible+shell或docker-compose
3. docker swarm 实现集群管理 docker官方提供集群管理工具
4. k8s(kubernetes)容器集群编排与管理工具
5. mesos
6. rancher web页面 批量管理容器或k8s
7. …

• 通过Dockerfile一键创建镜像

• 目前问题：docker容器的管理（启动，关闭，重启）需要手动执行，如何管理多个容器

• 了解：docker三剑客之一：docker machine(管理虚拟机)，docker compose(容器编排)，docker swarm(集群)

• docker compose 需要单独安装(epel源中就有)，语法yaml格式

安装docker-compose

yum -y install docker-compose
注意：yum安装的版本比较旧，建议使用二进制安装

官网二进制版本(最新):https://github.com/docker/compose/releases

1.修改权限
chmod +x docker-compose-linux-x86_64-2.30.32.二进制文件移动到/bin目录下
mv docker-compose-linux-x86_64-2.30.3 /bin/docker-compose3.检查
docker-compose --version

书写docker-compose

• 创建目录

mkdir -p /server/docker-compose/01-test/

vim docker-compose.yml 
#version: "3.3"
services:ngx:image: "nginx:1.24"container_name: ngx_testports:- 1888:80restart: alwaysvolumes:- "./index.html:/usr/share/nginx/html/index.html"

• 运行docker-compose

docker-compose up -d

docker-compose调用dockerfile创建镜像

• 编写docker-compose

services:bird:image: "web:bird_vw50"build:context: .dockerfile: Dockerfilecontainer_name: bird_vw50ports:- 8888:80restart: always

• 创建镜像

docker-compose build

• 运行镜像

docker-compose up -d

• 浏览器访问

http://10.0.0.81:8888

docker-compose命令

docker-compose命令
容器
docker-compose up -d	创建并运行容器，类似docker run -d
docker-compose down	删除容器
docker-compose stop/start/restart	docker container 关闭、开启、重启容器
docker-compose ps	查看容器运行情况 只有-q选项
docker-compose top	容器进程信息
docker-compose logs	容器日志
docker-compose rm	删除容器（需要容器已经关闭）
镜像
docker-compose images	查看镜像

docker-compose启动nginx+php

• 编写docker-compose.yml

services:blog:image: "web:nginx_php"build:context: .dockerfile: Dockerfilecontainer_name: blog_v1ports:- 80:80restart: always

• 使用docker-compose生成镜像

docker-compose build

• 运行镜像

docker-compose up -d

• 浏览器访问

http://blog.zhubl.xyz

总结

• war,jar,nginx+php镜像（dockerfile）
• docker run 操作改为docker-compose实现