全面迁移至 Docker 环境
其实一年前开始流行 Docker 的时候就专门部署了一台 vps 尝试折腾 .. (懒 ...
不过终于在看到 @lwl12 的「更新至第三代服务器环境 | Docker 萌新体验记」后开始计划全部迁移 ...
然后又 咕咕咕 了 2 个月,直至 最近 ......
考虑到我 vps 节点不是太多 .. 也用不上 均衡负载 之类 ...
就不用 Deploy.sh 的部署方法,直接执行命令部署了 (主要还是懒...
下面命令基于 CentOS 7 x64 环境,其他 Linux 可能不适用
这里直接把部署过程贴出来了 ... 建议先到「页尾」查看「相关组件」的 README
# 修改 Hostname (按需修改)
sid="cn-gz-01" sed -i "s/$HOSTNAME/$sid.node.wxw.moe/g" /etc/hosts hostname "$sid.node.wxw.moe" echo -e "$sid.node.wxw.moe" > /etc/hostname
# 其他环境参数设置 (按需选择)
# 禁用 selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 修改系统时区 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 修改系统语言环境 echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile # 关闭并停用 firewall 防火墙 systemctl stop firewalld.service && systemctl disable firewalld.service
# 创建 SWAP (按需选择)
dd if=/dev/zero of=/swap bs=1M count=2048 chmod 0600 /swap mkswap /swap swapon /swap echo '/swap none swap defaults 0 0' >> /etc/fstab
# 启用 BBR 算法 (按需选择)
yum install centos-release-xen-48 -y yum upgrade kernel -y reboot uname -a echo 'net.ipv4.tcp_fastopen=3' | tee -a /etc/sysctl.conf echo 'net.core.default_qdisc=fq' | tee -a /etc/sysctl.conf echo 'net.ipv4.tcp_congestion_control=bbr' | tee -a /etc/sysctl.conf yum remove centos-release-xen-48 -y sysctl -p lsmod | grep bbr
# Kernel 性能调优 (按需选择)
vi /etc/sysctl.conf net.ipv4.ip_forward=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 sysctl -p
# 安装 Docker 环境
# 移除旧版 Docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
# 安装依赖
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
# 添加 docker-ce 源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo (国内可选
# 安装 docker-ce
yum install docker-ce
systemctl enable docker
systemctl start docker
docker version
# 安装 docker-compose
COMPOSE_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
# 部署 LNMP 环境
# 创建内部网络 docker network create fsn # 对接 php 权限组 groupadd -g 82 www useradd -g 82 -u 82 www
## Portainer (按需选择)
docker run -d --name portainer --restart always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /root/docker_data/portainer:/data \ -v /etc/localtime:/etc/localtime:ro \ --network fsn portainer/portainer
## Nginx (用了 VeryNginx 镜像)
mkdir -p /root/docker_data/nginx
curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_Nginx_Docker/verynginx/conf/nginx.conf > /root/docker_data/nginx/nginx.conf
curl -fSL https://raw.githubusercontent.com/fghrsh/FSN_Nginx_Docker/verynginx/verynginx/configs/config.json > /root/docker_data/nginx/verynginx.json
chown -R www:www /root/docker_data/nginx
# 修改 nginx.conf 参数
vim /root/docker_data/nginx/nginx.conf
strict_sni off; # 阿里云 CDN 不支持 SNI 回源
more_set_headers 'NodeInfo: FSN / CN-GZ-01 / FS5.online';
docker run -d --restart always \
-p 80:80 -p 443:443 --name nginx \
-v /data/wwwroot:/data/wwwroot \
-v /data/wwwlogs:/data/wwwlogs \
-v /etc/localtime:/etc/localtime:ro \
-v /root/docker_data/nginx/ssl:/etc/nginx/ssl:ro \
-v /root/docker_data/nginx/vhosts:/etc/nginx/vhosts:ro \
-v /root/docker_data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /root/docker_data/nginx/verynginx.json:/opt/verynginx/configs/config.json \
--network fsn fghrsh/fsn_nginx:verynginx
## MySQL 8.0
# 物理内存 < 1GB 不建议使用 MySQL 8.0 mkdir -p /root/docker_data/mysql/conf curl -L "https://raw.githubusercontent.com/lwl12/LFS-Docker-Compose/058a94a51392150048059e1555ff8286e5a9be96/config/mysql/mysql.cnf" -o /root/docker_data/mysql/conf/mysql.cnf docker run -d --restart always \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data/mysql/log:/var/log/mysql \ -v /root/docker_data/mysql/data:/var/lib/mysql \ -v /root/docker_data/mysql/conf:/etc/mysql/conf.d:ro \ -e MYSQL_ROOT_PASSWORD="MySQL ROOT 密码" --name mysql \ --network fsn mysql:8.0
## SMProxy (按需选择)
mkdir -p /root/docker_data/smproxy/conf vim /root/docker_data/smproxy/conf/server.json vim /root/docker_data/smproxy/conf/database.json docker run -d --restart always --name smproxy \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data/smproxy/conf:/usr/local/smproxy/conf \ -v /root/docker_data/smproxy/logs:/usr/local/smproxy/logs \ --network fsn fghrsh/fsn_smproxy
## Redis 5
docker run -d --restart always --name redis \ -v /root/docker_data/redis/log:/var/log/redis \ --network fsn redis:5-alpine
## PHP 7.3
mkdir /root/docker_build mkdir -p /root/docker_data/php/fpm curl -L "https://raw.githubusercontent.com/fghrsh/FSN_PHP_Docker/7.3/php.ini" -o /root/docker_data/php/php.ini curl -L "https://raw.githubusercontent.com/fghrsh/FSN_Docker_Compose/c5a4d8faa94412ccdadecd2b0a7f1bd2a67d8ad8/php/fpm/docker.conf" -o /root/docker_data/php/fpm/docker.conf # 挂载目录按需调整 docker run -d --restart always \ -v /data/wwwroot:/data/wwwroot \ -v /data/wwwlogs:/data/wwwlogs \ -v /etc/localtime:/etc/localtime:ro \ -v /root/docker_data:/usr/local/docker/data \ -v /root/docker_build:/usr/local/docker/build \ -v /root/docker_data/php/php.ini:/usr/local/etc/php/php.ini:ro \ -v /root/docker_data/php/fpm/docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf:ro \ --network fsn --name php fghrsh/fsn_php:7.3
## KodExplorer (按需选择)
mkdir -p /data/wwwroot/$HOSTNAME/kod vim /root/docker_data/nginx/vhosts/$HOSTNAME.conf
server {
listen 80;
listen 443 ssl http2;
include /opt/verynginx/nginx_conf/in_server_block.conf;
server_name cn-gz-01.node.wxw.moe;
root /data/wwwroot/cn-gz-01.node.wxw.moe;
index index.html index.htm index.php;
ssl_certificate /etc/nginx/ssl/star.node.wxw.moe.crt;
ssl_certificate_key /etc/nginx/ssl/star.node.wxw.moe.key;
if ($scheme = http) { return 301 https://$host$request_uri; }
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /data/wwwroot/cn-gz-01.node.wxw.moe;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/cn-gz-01.node.wxw.moe$fastcgi_script_name;
include fastcgi.conf;
}
access_log /data/wwwlogs/cn-gz-01.node.wxw.moe-access.log main;
error_log /data/wwwlogs/cn-gz-01.node.wxw.moe-error.log crit;
}
cd /data/wwwroot/$HOSTNAME/kod wget http://static.kodcloud.com/update/download/kodexplorer4.37.zip unzip kodexplorer4.37.zip rm -f kodexplorer4.37.zip chmod -Rf 777 ./*
## Uptime Robot Page (按需选择)
mkdir -p /root/docker_data/uptimerobot-page curl -L "https://raw.githubusercontent.com/giuem/uptimerobot-page/master/config/default.yml" -o /root/docker_data/uptimerobot-page/default.yml vim /root/docker_data/uptimerobot-page/default.yml
# default configure
app:
port: 3000
log_level: info
crontime: "*/1 * * * *"
uptimerobot:
api_key: "Uptime Robot API KEY"
pattern: "%index/%group/%name"
statuses: "2-9"
website:
title: "FGHRSH Services Status"
copyright: "FGHRSH"
links:
- name: wxw.moe
href: https://wxw.moe
- name: fghrsh.net
href: https://www.fghrsh.net
- name: aizecraft.cn
href: https://www.aizecraft.cn
docker run -d --restart always \ -v /root/docker_data/uptimerobot-page:/app/config:ro \ --network fsn --name uptimerobot-page giuem/uptimerobot-page vim /root/docker_data/nginx/vhosts/fs5.online.conf
upstream uptimerobot-page {
server uptimerobot-page:3000;
}
server {
listen 80;
include /opt/verynginx/nginx_conf/in_server_block.conf;
server_name fs5.online;
location / {
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://uptimerobot-page;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /data/wwwlogs/fs5.online-access.log main;
error_log /data/wwwlogs/fs5.online-error.log crit;
}
## 最后一步
# 同步 SSL 证书 (私有仓库,按需修改) git clone https://gitea.fghrsh.net/fghrsh/fsn_ssl_cert.git /root/docker_data/nginx/ssl # 权限调整 setfacl -R -m u:www:rwx /root/docker_data setfacl -R -m u:www:rwx /root/docker_build chown -R www:www /data/wwwroot chown -R www:www /data/wwwlogs # 重启 Nginx 加载配置 docker restart nginx # 无法启动时 查询日志 用 # docker logs -f -t --tail=20 nginx | less # 登录 https://$HOSTNAME/verynginx/index_zh.html# 修改默认用户 # 登录 https://$HOSTNAME/kod 完成初始化设置(如有)
至此新节点就部署完成了 ···
docker run 方式比较灵活,相关目录、参数可以 按需改动
万物皆可 Docker (大雾
然后把各项服务都塞进了 Docker 镜像里(Alpine Linux 真香
FGHRSH Service Node Infrastructure 系列组件
其他用到的组件
-
SMProxy: https://github.com/louislivi/SMProxy
-
Portainer: https://github.com/portainer/portainer
-
VeryNginx: https://github.com/alexazhou/VeryNginx
-
uptimerobot-page: https://github.com/giuem/uptimerobot-page
参考
-
LFS-Bash-Deploy: https://github.com/lwl12/LFS-Bash-Deploy
-
LFS-Docker-PHP: https://github.com/lwl12/LFS-Docker-PHP
-
LFS-Docker-Nginx: https://github.com/lwl12/LFS-Docker-Nginx
-
LFS-Docker-Compose: https://github.com/lwl12/LFS-Docker-Compose
本文标题:全面迁移至 Docker 环境
本文链接:https://www.fghrsh.net/post/173.html
版权声明:本文使用「署名-非商业性使用-相同方式共享 4.0 国际」创作共享协议,转载或使用请遵守署名协议。
请问一下,里面的大多数docker镜象都是自己建的吗