全面迁移至 Docker 环境
其实一年前开始流行 Docker 的时候就专门部署了一台 vps 尝试折腾 .. (懒 ...
不过终于在看到 @lwl12 的「更新至第三代服务器环境 | Docker 萌新体验记」后开始计划全部迁移 ...
然后又 咕咕咕 了 2 个月,直至 最近 ......
考虑到我 vps 节点不是太多 .. 也用不上 均衡负载 之类 ...
就不用 Deploy.sh 的部署方法,直接执行命令部署了 (主要还是懒...
下面命令基于 CentOS 7 x64 环境,其他 Linux 可能不适用
这里直接把部署过程贴出来了 ... 建议先到「页尾」查看「相关组件」的 README
# 修改 Hostname (按需修改)
sid="cn-gz-01" sed -i "s/$HOSTNAME/$sid.node.wxw.moe/g" /etc/hosts hostname "$sid.node.wxw.moe" echo -e "$sid.node.wxw.moe" > /etc/hostname
# 其他环境参数设置 (按需选择)
# 禁用 selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 修改系统时区 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 修改系统语言环境 echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile # 关闭并停用 firewall 防火墙 systemctl stop firewalld.service && systemctl disable firewalld.service
# 创建 SWAP (按需选择)
dd if=/dev/zero of=/swap bs=1M count=2048 chmod 0600 /swap mkswap /swap swapon /swap echo '/swap none swap defaults 0 0' >> /etc/fstab
# 启用 BBR 算法 (按需选择)
yum install centos-release-xen-48 -y yum upgrade kernel -y reboot uname -a echo 'net.ipv4.tcp_fastopen=3' | tee -a /etc/sysctl.conf echo 'net.core.default_qdisc=fq' | tee -a /etc/sysctl.conf echo 'net.ipv4.tcp_congestion_control=bbr' | tee -a /etc/sysctl.conf yum remove centos-release-xen-48 -y sysctl -p lsmod | grep bbr
# Kernel 性能调优 (按需选择)
vi /etc/sysctl.conf net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 sysctl -p
# 安装 Docker 环境
# 移除旧版 Docker yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine # 安装依赖 yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 # 添加 docker-ce 源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo (国内可选 # 安装 docker-ce yum install docker-ce systemctl enable docker systemctl start docker docker version # 安装 docker-compose COMPOSE_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4) curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose docker-compose --version
# 部署 LNMP 环境
# 创建内部网络 docker network create fsn # 对接 php 权限组 groupadd -g 82 www useradd -g 82 -u 82 www
## Portainer (按需选择)
docker run -d --name portainer --restart always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /root/docker_data/portainer:/data \ -v /etc/localtime:/etc/localtime:ro \ --network fsn portainer/portainer
## Nginx (用了 VeryNginx 镜像)
mkdir -p /root/docker_data/nginx curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_Nginx_Docker/verynginx/conf/nginx.conf > /root/docker_data/nginx/nginx.conf curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_Nginx_Docker/verynginx/verynginx/configs/config.json > /root/docker_data/nginx/verynginx.json chown -R www:www /root/docker_data/nginx # 修改 nginx.conf 参数 vim /root/docker_data/nginx/nginx.conf strict_sni off; # 阿里云 CDN 不支持 SNI 回源 more_set_headers 'NodeInfo: FSN / CN-GZ-01 / FS5.online'; docker run -d --restart always \ -p 80:80 -p 443:443 --name nginx \ -v /data/wwwroot:/data/wwwroot \ -v /data/wwwlogs:/data/wwwlogs \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data/nginx/ssl:/etc/nginx/ssl:ro \ -v /root/docker_data/nginx/vhosts:/etc/nginx/vhosts:ro \ -v /root/docker_data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ -v /root/docker_data/nginx/verynginx.json:/opt/verynginx/configs/config.json \ --network fsn fghrsh/fsn_nginx:verynginx
## MySQL 8.0
# 物理内存 < 1GB 不建议使用 MySQL 8.0 mkdir -p /root/docker_data/mysql/conf curl -L "https://raw.githubusercontent.com/lwl12/LFS-Docker-Compose/058a94a51392150048059e1555ff8286e5a9be96/config/mysql/mysql.cnf" -o /root/docker_data/mysql/conf/mysql.cnf docker run -d --restart always \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data/mysql/log:/var/log/mysql \ -v /root/docker_data/mysql/data:/var/lib/mysql \ -v /root/docker_data/mysql/conf:/etc/mysql/conf.d:ro \ -e MYSQL_ROOT_PASSWORD="MySQL ROOT 密码" --name mysql \ --network fsn mysql:8.0
## SMProxy (按需选择)
mkdir -p /root/docker_data/smproxy/conf vim /root/docker_data/smproxy/conf/server.json vim /root/docker_data/smproxy/conf/database.json docker run -d --restart always --name smproxy \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data/smproxy/conf:/usr/local/smproxy/conf \ -v /root/docker_data/smproxy/logs:/usr/local/smproxy/logs \ --network fsn fghrsh/fsn_smproxy
## Redis 5
docker run -d --restart always --name redis \ -v /root/docker_data/redis/log:/var/log/redis \ --network fsn redis:5-alpine
## PHP 7.3
mkdir /root/docker_build mkdir -p /root/docker_data/php/fpm curl -L "https://raw.githubusercontent.com/fghrsh/FSN_PHP_Docker/7.3/php.ini" -o /root/docker_data/php/php.ini curl -L "https://raw.githubusercontent.com/fghrsh/FSN_Docker_Compose/c5a4d8faa94412ccdadecd2b0a7f1bd2a67d8ad8/php/fpm/docker.conf" -o /root/docker_data/php/fpm/docker.conf # 挂载目录按需调整 docker run -d --restart always \ -v /data/wwwroot:/data/wwwroot \ -v /data/wwwlogs:/data/wwwlogs \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data:/usr/local/docker/data \ -v /root/docker_build:/usr/local/docker/build \ -v /root/docker_data/php/php.ini:/usr/local/etc/php/php.ini:ro \ -v /root/docker_data/php/fpm/docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf:ro \ --network fsn --name php fghrsh/fsn_php:7.3
## KodExplorer (按需选择)
mkdir -p /data/wwwroot/$HOSTNAME/kod vim /root/docker_data/nginx/vhosts/$HOSTNAME.conf
server { listen 80; listen 443 ssl http2; include /opt/verynginx/nginx_conf/in_server_block.conf; server_name cn-gz-01.node.wxw.moe; root /data/wwwroot/cn-gz-01.node.wxw.moe; index index.html index.htm index.php; ssl_certificate /etc/nginx/ssl/star.node.wxw.moe.crt; ssl_certificate_key /etc/nginx/ssl/star.node.wxw.moe.key; if ($scheme = http) { return 301 https://$host$request_uri; } location ~ \.php$ { fastcgi_pass php:9000; fastcgi_index index.php; fastcgi_param DOCUMENT_ROOT /data/wwwroot/cn-gz-01.node.wxw.moe; fastcgi_param SCRIPT_FILENAME /data/wwwroot/cn-gz-01.node.wxw.moe$fastcgi_script_name; include fastcgi.conf; } access_log /data/wwwlogs/cn-gz-01.node.wxw.moe-access.log main; error_log /data/wwwlogs/cn-gz-01.node.wxw.moe-error.log crit; }
cd /data/wwwroot/$HOSTNAME/kod wget http://static.kodcloud.com/update/download/kodexplorer4.37.zip unzip kodexplorer4.37.zip rm -f kodexplorer4.37.zip chmod -Rf 777 ./*
## Uptime Robot Page (按需选择)
mkdir -p /root/docker_data/uptimerobot-page curl -L "https://raw.githubusercontent.com/giuem/uptimerobot-page/master/config/default.yml" -o /root/docker_data/uptimerobot-page/default.yml vim /root/docker_data/uptimerobot-page/default.yml
# default configure app: port: 3000 log_level: info crontime: "*/1 * * * *" uptimerobot: api_key: "Uptime Robot API KEY" pattern: "%index/%group/%name" statuses: "2-9" website: title: "FGHRSH Services Status" copyright: "FGHRSH" links: - name: wxw.moe href: https://wxw.moe - name: fghrsh.net href: https://www.fghrsh.net - name: aizecraft.cn href: https://www.aizecraft.cn
docker run -d --restart always \ -v /root/docker_data/uptimerobot-page:/app/config:ro \ --network fsn --name uptimerobot-page giuem/uptimerobot-page vim /root/docker_data/nginx/vhosts/fs5.online.conf
upstream uptimerobot-page { server uptimerobot-page:3000; } server { listen 80; include /opt/verynginx/nginx_conf/in_server_block.conf; server_name fs5.online; location / { add_header X-Cache-Status $upstream_cache_status; proxy_pass http://uptimerobot-page; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } access_log /data/wwwlogs/fs5.online-access.log main; error_log /data/wwwlogs/fs5.online-error.log crit; }
## 最后一步
# 同步 SSL 证书 (私有仓库,按需修改) git clone https://gitea.fghrsh.net/fghrsh/fsn_ssl_cert.git /root/docker_data/nginx/ssl # 权限调整 setfacl -R -m u:www:rwx /root/docker_data setfacl -R -m u:www:rwx /root/docker_build chown -R www:www /data/wwwroot chown -R www:www /data/wwwlogs # 重启 Nginx 加载配置 docker restart nginx # 无法启动时 查询日志 用 # docker logs -f -t --tail=20 nginx | less # 登录 https://$HOSTNAME/verynginx/index_zh.html# 修改默认用户 # 登录 https://$HOSTNAME/kod 完成初始化设置(如有)
至此新节点就部署完成了 ···
docker run 方式比较灵活,相关目录、参数可以 按需改动
万物皆可 Docker (大雾
然后把各项服务都塞进了 Docker 镜像里(Alpine Linux 真香
FGHRSH Service Node Infrastructure 系列组件
其他用到的组件
-
SMProxy: https://github.com/louislivi/SMProxy
-
Portainer: https://github.com/portainer/portainer
-
VeryNginx: https://github.com/alexazhou/VeryNginx
-
uptimerobot-page: https://github.com/giuem/uptimerobot-page
参考
-
LFS-Bash-Deploy: https://github.com/lwl12/LFS-Bash-Deploy
-
LFS-Docker-PHP: https://github.com/lwl12/LFS-Docker-PHP
-
LFS-Docker-Nginx: https://github.com/lwl12/LFS-Docker-Nginx
-
LFS-Docker-Compose: https://github.com/lwl12/LFS-Docker-Compose
请问一下,里面的大多数docker镜象都是自己建的吗