One , Preface

Docker Notes on the construction of the station , I used four mirrors to build :nginx,certbot,mysql,gradle. Welcome to visit :https://www.zzk0.top

This page is from github Looking for Personal home page , The background is bing Wallpaper of , There are two links in the middle , One that points to me github, One points to the blog Garden . Back end projects currently have only one interface , When someone visits this website , A request will be sent to the back end project , from nginx Responsibility will be for api.zzk0.top Forward the request to the back-end project .

The ideal state is , I'm directly docker-compose up, I'll be able to run the project . But my method , You need to configure it manually , One is initialization application SSL Script for , One is timing division NGINX journal . And then all you need to do is docker-compose up That's it .

Let's talk about what these four images are for .

  • nginx, This is http The server , Used to provide static resources , Most of the content of this blog is about how to configure nginx.
  • certbot, This is used to apply for SSL certificate . Set up a timed task , Refresh the certificate every month .
  • mysql, Back end project database .
  • gradle, Compile and run springboot project .

Two ,NGINX

Reload configuration

Revised NGINX Configuration of , But I don't want to restart the container . We can load the new configuration by sending commands to the container .

# docker exec -it your-name nginx -s reload
2021/01/23 02:30:58 [notice] 23#23: signal process started

HTTPS To configure

First we need certificates and keys , We can use free Let's Encrypt To generate , But it will expire in three months , So you need to refresh .

The certificate can be generated locally or in Docker in , If generated locally , We can choose standalone Pattern , But in that case , It needs to be occupied for a while 80 Port to verify that the domain name is yours . So when you have a running NGINX And occupied 80 Port words , We need to pause it . If in Docker In the middle of , And your website has a root directory , Then you can use webroot Pattern , It will generate some files in the root of your website , Then visit it through the domain name to verify whether the domain name is yours , Use webroot The mode doesn't need to pause NGINX, Therefore, the impact on the running website will be smaller .

The advantage of choosing the former is , No need to customize Docker, But you need to stop the server briefly ; The advantage of choosing the latter is , No need to stop the server , Better portability , This machine only needs to have Docker Can run , But it's troublesome to customize the image . however , This is a common requirement , Let's go docker hub Search for , As soon as you look for it, you will have :https://hub.docker.com/r/staticfloat/nginx-certbot/ . Search again , We will find that Another option : Why not have a certbot What about containers? ? And then nginx The container and certbot To connect the containers of ! good , Then we'll add one more container , To help us generate SSL The certificate is ready .

apply

This article You can refer to certbot The operation of . This article Provides certbot and nginx The plan .

From the article supporting Github Warehouse Copy and paste its script and configuration file in , Put all the example.org Change the domain name to your own , Then run its script . If it fails , It is suggested that we check whether it is NGINX Has not started . This script won't remind you NGINX Has not started , If it fails , Probably NGINX Not configured properly .

Start with this script , I failed several times . The script is then executed step by step , Then start the container to see what's wrong . Take a look , It turned out to be https The recommended parameter file of is not downloaded well , So I downloaded those files manually , Then modify the script to copy instead of download .

Redirect

nginx take http Redirect to https, The complete configuration file can be found in the appendix .

server {
listen 80;
server_name zzk0.top www.zzk0.top;
server_tokens off; location /.well-known/acme-challenge/ {
root /var/www/certbot;
} location / {
return 301 https://$host$request_uri;
}
} server {
listen 443 ssl;
server_name zzk0.top www.zzk0.top;
root /var/www/html;
server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / {
try_files $uri $uri/ =404;
}
}

Configure subdomains

Suppose there is a domain name test.com, We need to be able to api.test.com The request is forwarded to Tomcat, Yes test.com The static website is directly provided by the request of .

This requirement is relatively simple , stay server Now set up server_name That's all right. . in addition , We also need to be careful not to let others use ip Visit our website , The Internet says yes , Others can maliciously use unregistered domain names to point to this ip, And then the site was blocked .

server {
listen 80 default_server;
server_name _;
return 403;
} server {
listen 443 default_server;
server_name _;
ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 403;
}

Access log

In order to record the visit records of the website , have access to NGINX Access log to record , Split by day .NGINX There's no... In my mirror image crontab, So here we use the mainframe to do . The method is to rename the file regularly every day , then reload NGINX. But this part is less intelligent , Every time you change the mainframe , You need to configure it manually , You also need to modify the following path .

#!/bin/sh
LOGS_PATH=/root/home/data/nginx
TODAY=$(date -d 'today' +%Y-%m-%d) mv ${LOGS_PATH}/error.log ${LOGS_PATH}/error_${TODAY}.log
mv ${LOGS_PATH}/access.log ${LOGS_PATH}/access_${TODAY}.log docker exec -i home-nginx nginx -s reload

Next , Add the following to /etc/crontab in , So you can perform daily tasks . Every morning 4 A.m. , Automatically split logs .

0 4 * * * root /root/home/nginx/daily_log.sh >> /root/home/data/nginx/daily_log.log 2>&1

3、 ... and ,MySQL

Sometimes we need to go into the database image to see the data .

# Into the mirror 
docker exec -it your-name bash # Sign in
mysql -uroot -p # List the databases
show database

Four , The back-end project

Backend projects use SpringBoot To do it . Demand is : start-up Docker Then build the source code and run it . This part uses gradle Mirror image , When it starts , function gradle bootRun That's all right. .

When we update the back end project , We just need to restart the container , You can build . My back-end project container is called springboot, The interface can be updated with a restart , However, requests in the restart process will fail .

docker restart springboot

Here is docker-compose.yml Configuration in .

web:
container_name: springboot
restart: always
image: gradle:6.7.1-jdk8
depends_on:
- db
volumes:
- ./api:/home/gradle/project
environment:
TZ : 'Asia/Shanghai'
command: bash -c "cd /home/gradle/project && gradle bootRun"

appendix

NGINX To configure

user nginx;
worker_processes 1; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; events {
worker_connections 1024;
} http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
upstream tomcat {
server web:8080;
} log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; limit_req_zone $binary_remote_addr zone=api_limit_req:10m rate=30r/m; sendfile on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf; # forbid access via ip address
server {
listen 80 default_server;
server_name _;
return 403;
} server {
listen 443 default_server;
server_name _;
ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 403;
} # configure zzk0.top, redirect to https and serve static files
server {
listen 80;
server_name zzk0.top www.zzk0.top;
server_tokens off; location /.well-known/acme-challenge/ {
root /var/www/certbot;
} location / {
return 301 https://$host$request_uri;
}
} server {
listen 443 ssl;
server_name zzk0.top www.zzk0.top;
root /var/www/html;
server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / {
try_files $uri $uri/ =404;
}
} # configure api.zzk0.top, backend api
server {
listen 80;
server_name api.zzk0.top;
server_tokens off; location /.well-known/acme-challenge/ {
root /var/www/certbot;
} location / {
return 301 https://$host$request_uri;
}
} server {
listen 443 ssl;
server_name api.zzk0.top;
server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / {
limit_req zone=api_limit_req;
proxy_pass http://tomcat;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
} }

Docker To configure

version: '3'
services:
certbot:
container_name: home-certbot
restart: always
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 720h & wait $${!}; done;'" nginx:
container_name: home-nginx
restart: always
image: nginx:1.18.0
ports:
- 80:80
- 443:443
depends_on:
- web
links:
- web:web
environment:
TZ : 'Asia/Shanghai'
volumes:
- ./html:/var/www/html
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- ./data/nginx:/var/log/nginx
command: "/bin/sh -c 'while :; do sleep 720h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" db:
container_name: home-db
restart: always
image: mysql:8.0.13
ports:
- 7706:3306
volumes:
- ./data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: backend_database
MYSQL_USER: root
MYSQL_PASSWORD: root web:
container_name: springboot
restart: always
image: gradle:6.7.1-jdk8
depends_on:
- db
volumes:
- ./api:/home/gradle/project
environment:
TZ : 'Asia/Shanghai'
command: bash -c "cd /home/gradle/project && gradle bootRun"

Docker More related articles in the notes of website construction

  1. Githun&HEXO Notes on the construction of the station

    title: Notes on the construction of the station date: 2018-03-04 11:10:54 updated: 2018-03-06 12:00:00 tags: [hexo,next, Station building , Study , The front-end technology , Toss about , Blog ...

  2. be based on ZKEACMS Of .Net Core multi-tenancy CMS Station building system

    Multi tenant Architecture Multi tenancy technology or multi tenancy technology , abbreviation SaaS, It's a software architecture technique , How to share the same system or program components in a multi-user environment , And it can ensure the isolation of data among users . In short : Running a single application instance on a single server , It's for ...

  3. .Net Core 3.0 Open source visual design CMS Content management system, website building system

    brief introduction ZKEACMS, Also known as paper shell CMS, It is a content management system designed by visual editing . be based on .Net Core Development can run across platforms , And has excellent performance . Paper case CMS Based on plug-in design , Rich in functions , extensible , Can quickly create websites . Layout design ...

  4. WordPress Build a website and build an independent blog

    I have the experience of helping the outside company to build the station before Don't care html css js Server scripts, etc For rookies , One WAMP + WordPress( Blog program ) That's enough When it's all done, deploy it to the cloud server In fact, the whole process is just installation ...

  5. WordPress Station building getting started

    WordPress Station building Beginners tutorial series 1. WordPress introduction And What is? WordPress? 2. WordPress introduction And build WordPress What conditions does the site need ? 3. WordPre ...

  6. [web Station building ] Excellent course is urgent 《 Zero basic fast learning station 》 video + Courseware 【 value 399 element 】

    [ Course is an introduction to ] Do you want to build a website quickly ? Do you want to go from nothing to a beautiful station in a day or two ? Do you want to complete the task assigned to you by the leader and find someone to build the station ? Do you want to build your own station to start a business ? You want to learn how to build a website , Make money by building websites for others ? You want to build one with some ...

  7. elementary analysis Magento The choice of website space

    Yes Magento Anyone who knows a little knows , As an extremely powerful online mall program ,Magento The operation of the host space requirements are very high : quite a lot Magento Station companies will recommend VPS Even running on a stand-alone server Magen ...

  8. Notes on the construction of the station :about server stack

    Building a station needs , With your hand : Server Stack: ----------- The standard mezzanine Of Stack Set up front end :Nginx wsgi:gunicorn cms tool: mezzanine ...

  9. vps How to bind a domain name after building a cloud server ?

    There are a lot of novice webmasters , I don't know vps How to bind your own domain name after building a website , This is it Windows Systematic VPS The host uses iis How to bind a website domain name , A brief introduction . Usually , We are using IIS When the station was built , There's a step in the way , ...

  10. Deliver dry goods on national day —— The front-end station is practical UI Tools vajoyJS

    I've been writing about it since July , Now I can show it ,vajoyJS Is a can provide a number of commonly used station UI Plug in Library of functions , Make it easy to create simple slides . Modal window and single screen scrolling etc .vajoyJS Depend on jQu ...

Random recommendation

  1. NPOIHelper

    public class NPOIHelper { public static void WriteDataToExceel(string fileName, DataSet ds) { if (Fi ...

  2. 【MySQL】 Some restrictions on the length of structure lines

    Today's development submitted DDL Change is confusing again , There are many fields in the table , I hope that the two that we have varchar(4000) Change the field to varchar(20000), I think innodb Yes varchar The storage of is not just before retrieval 768 Byte records the current row space ...

  3. Android encapsulation Dialog

    package com.example.myandroid01; import android.support.v7.app.ActionBarActivity; import android.os. ...

  4. cocos2dx 3.x The rendering mechanism in

    1. from 2.x Render nodes for , Change to add render command , You can avoid rendering the same nodes repeatedly , Improved rendering efficiency 2. Stand alone games usually require apk Wrapped in 30M within , No compression 1M There will be 1% Conversion rate of ( Download conversion rate ), That is, the income will increase 3.2.x First of all ...

  5. POJ 2777 Count Color ( Segment trees are updated in segments + Binary thinking )

    Topic link :http://poj.org/problem?id=2777 The meaning of the title is L A unit long drawing board ,T Color ,O Operations . The Sketchpad is initialized to color 1. operation C speak l To r The color between units changes to c, operation P Inquire about l To r Between units ...

  6. Android Boot up the app

    Android Startup time , It's going to send out a system broadcast ACTION_BOOT_COMPLETED, Its string constant is expressed as “android.intent.action.BOOT_COMPLETED” Boot from the boot program ...

  7. hadoop Note it Hive introduction (Hive Architecture of )

    Hive introduction ( Two ) Hive introduction ( Two ) Hive Architecture of ○ Hive Metadata Hive Store metadata in a database (metastore), Support mysql.derby.oracle Such as the database ,Hive The default is ...

  8. Win8.1 Asynchronous programming of application development

    stay win8 App Store Development , We'll come across a lot of asynchronous methods . They're there to make sure your application responds well to tasks that take a lot of time to run , That is to say, calling asynchronously API In response to user actions . Imagine we click on a But ...

  9. java Basics , aggregate ,HashMap, The source code parsing

    Most afraid of , You think you understand , Actually, you don't understand : emulate those better than oneself , Look at the collections we're used to , By definition . Source code , Think and analyze , Deepen the understanding of it , Improve coding ability , Can do a programmer who understands slightly : Do a few of our common collection classes . The opening HashMap ...

  10. Java Basics —— Reflection reflect

    What is reflection (1)Java The reflection mechanism is in the running state , For any class , Can know all the properties and methods of this class : For any object , Can call any of its methods and properties : The function of dynamically obtaining information and dynamically calling methods of objects is called ...