Docker website

itread01 2021-01-24 13:07:24
docker website


# One , Preface Docker Notes on the construction of the station , I used four images to build :nginx,certbot,mysql,gradle. Welcome to :https://www.zzk0.top This page is from github Looking for [ Personal home page ](https://github.com/dmego/home.github.io), The background is bing My tablecloth , There are two links in the middle , One that points to me github, One points to the blog Garden . Back end projects currently have only one interface , When someone visits this website , A request is sent to the back-end project , from nginx To be responsible for api.zzk0.top Forward the request to the back-end project . The ideal state is , I'm directly `docker-compose up`, I'll be able to execute the project . But my method , You need to configure it manually , One is initialization application SSL The command code of , One is timing division NGINX The Journal . And then all you need to do is `docker-compose up` That's it . Let's talk about what these four images are for .- nginx, This is http Server , Used to provide static resources , Most of this blog is about how to configure nginx.- certbot, This is used to apply for SSL Certificate . Set a timing task , Rearrange the certificate every month .- mysql, Back end project database .- gradle, Compile and execute springboot Project .# Two ,NGINX## Reload configuration changed NGINX Configuration of , But I don't want to restart the container . We can load the new configuration by sending commands to the container .```# docker exec -it your-name nginx -s reload2021/01/23 02:30:58 [notice] 23#23: signal process started```## HTTPS First of all, we need a certificate and a key , We can use free Let's Encrypt To generate , But it will expire in three months , So it needs to be rearranged . The certificate can be generated locally or in Docker Li , If generated locally , We can choose standalone Pattern , But in that case , It needs to be occupied for a while 80 Port to verify that the domain name is yours . So when you have an ongoing NGINX And occupied 80 In the words of port , We need to pause it . If in Docker In the middle of , And your website has a root directory , Then you can use webroot Pattern , It will generate some files in the root of your website , Then visit it through the domain name to verify whether the domain name is yours , Use webroot The mode doesn't need to pause NGINX, Therefore, the impact on the website being implemented will be smaller . The advantage of choosing the former is , No need to customize Docker, But you need to stop the server briefly ; The advantage of choosing the latter is , There is no need to stop the server , Better portability , This machine only needs to have Docker Can run , But it's troublesome to customize the image . But , This is a common requirement , Let's go docker hub Search for , As soon as you look for it, you will have :https://hub.docker.com/r/staticfloat/nginx-certbot/ . Search again , We will find that [ Another solution ](https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71): Why not have a certbot What about containers? ? Then the nginx The container and certbot The containers are wired up ! good , Then we'll add one more container , To help us generate SSL The certificate is ready .** Application **[ This article ](https://diamondfsd.com/lets-encrytp-hand-https/) You can refer to certbot The operation of .[ This article ](https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71) Provides certbot and nginx The plan . From the article supporting [Github Warehouse ](https://github.com/wmnnd/nginx-certbot) Copy and paste its command code and configuration file in , Put all the example.org Change the domain name to your own , And then execute its instruction code . If it fails , It is suggested that we check whether it is NGINX It didn't start . This command code doesn't remind you NGINX It didn't start , If it fails , Probably NGINX Not configured . Run this command code at first , I failed several times . Then step through the instruction code , Then start the container to see what the problem is . Take a look , It turned out to be https The recommended arguments file of is not downloaded well , So I downloaded those files manually , Then modify the script to copy instead of download .** Redirect **nginx Will http Redirect to https, The complete configuration file can be seen in the appendix .```server { listen 80; server_name zzk0.top www.zzk0.top; server_tokens off; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; }}server { listen 443 ssl; server_name zzk0.top www.zzk0.top; root /var/www/html; server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { try_files $uri $uri/ =404; }}```## Configure a subdomain name, assuming that there is a domain name test.com, We need to be able to api.test.com Forward your request to Tomcat, Yes test.com The static website is directly provided by the request of . This requirement is relatively simple , stay server Now set up server_name That's all right. . in addition , We also need to be careful not to let others use ip Visit our website , The saying on the Internet is , Others can maliciously use unregistered domain names to point to this ip, And then the site was blocked .```server { listen 80 default_server; server_name _; return 403;}server { listen 443 default_server; server_name _; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; return 403;}```## Visit log is to record the visit records of the website , have access to NGINX Access log to record , Split by day .NGINX There's no... In the image of crontab, So here we use the mainframe to do . The method is to rename the file regularly every day , And then reload NGINX. But this part is less intelligent , Every time you change the mainframe , You need to configure them manually , You also need to modify the following path .```#!/bin/shLOGS_PATH=/root/home/data/nginxTODAY=$(date -d 'today' +%Y-%m-%d)mv ${LOGS_PATH}/error.log ${LOGS_PATH}/error_${TODAY}.logmv ${LOGS_PATH}/access.log ${LOGS_PATH}/access_${TODAY}.logdocker exec -i home-nginx nginx -s reload``` Next , Add the following to `/etc/crontab` in , So you can perform daily tasks . Every morning 4 When it's time to order , Automatically split logs .```0 4 * * * root /root/home/nginx/daily_log.sh >> /root/home/data/nginx/daily_log.log 2>&1```# 3、 ... and ,MySQL Sometimes we need to go into the image of the database to see the data .```shell# Enter the image docker exec -it your-name bash# Log in mysql -uroot -p# List the databases show database```# Four , Back end projects back end projects use SpringBoot To do . Demand is : Start Docker Then build the source code and execute . This part uses gradle Mapping of , At startup , Execute `gradle bootRun` That's all right. . When we update the back end project , We just need to restart the container , You can build . My back-end project container is called springboot, Restart the interface to update it , However, requests in the restart process will fail .```docker restart springboot``` Here is docker-compose.yml Configuration in .```web: container_name: springboot restart: always image: gradle:6.7.1-jdk8 depends_on: - db volumes: - ./api:/home/gradle/project environment: TZ : 'Asia/Shanghai' command: bash -c "cd /home/gradle/project && gradle bootRun"```# Appendix ## NGINX To configure ```user nginx;worker_processes 1;error_log /var/log/nginx/error.log warn;pid /var/run/nginx.pid;events { worker_connections 1024;}http { include /etc/nginx/mime.types; default_type application/octet-stream; upstream tomcat { server web:8080; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; limit_req_zone $binary_remote_addr zone=api_limit_req:10m rate=30r/m; sendfile on; keepalive_timeout 65; gzip on; include /etc/nginx/conf.d/*.conf; # forbid access via ip address server { listen 80 default_server; server_name _; return 403; } server { listen 443 default_server; server_name _; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; return 403; } # configure zzk0.top, redirect to https and serve static files server { listen 80; server_name zzk0.top www.zzk0.top; server_tokens off; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name zzk0.top www.zzk0.top; root /var/www/html; server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { try_files $uri $uri/ =404; } } # configure api.zzk0.top, backend api server { listen 80; server_name api.zzk0.top; server_tokens off; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name api.zzk0.top; server_tokens off; ssl_certificate /etc/letsencrypt/live/zzk0.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zzk0.top/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { limit_req zone=api_limit_req; proxy_pass http://tomcat; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }}```## Docker To configure ```version: '3'services: certbot: container_name: home-certbot restart: always image: certbot/certbot volumes: - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 720h & wait $${!}; done;'" nginx: container_name: home-nginx restart: always image: nginx:1.18.0 ports: - 80:80 - 443:443 depends_on: - web links: - web:web environment: TZ : 'Asia/Shanghai' volumes: - ./html:/var/www/html - ./nginx/nginx.conf:/etc/nginx/nginx.conf - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot - ./data/nginx:/var/log/nginx command: "/bin/sh -c 'while :; do sleep 720h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" db: container_name: home-db restart: always image: mysql:8.0.13 ports: - 7706:3306 volumes: - ./data:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: root MYSQL_DATABASE: backend_database MYSQL_USER: root MYSQL_PASSWORD: root web: container_name: springboot restart: always image: gradle:6.7.1-jdk8 depends_on: - db volumes: - ./api:/home/gradle/project environment: TZ : 'Asia/Shanghai' command: bash -c "cd /home/gradle/project && gradle bootR
版权声明
本文为[itread01]所创,转载请带上原文链接,感谢
https://javamana.com/2021/01/20210124130559010j.html

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云