使用Dockerfile制作一个完整的服务(Java+Vue+所需中间件)镜像(Springboot+Redis+Nginx)
提示:本文并非使用docker-compose,仅仅使用一个Dockerfile,也没用使用挂载宿主机文件的形式。
前言
docker的好处
● 不关心环境的改变,安装简单,开箱即用,运行结果一致
● 方便卸载,删掉容器和挂载目录即可
一、安装docker?
# 1、yum 包更新到最新
yum update
# 2、安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的
yum install -y yum-utils device-mapper-persistent-data lvm2
# 3、设置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 4、安装docker,出现输入的界面都按y。下载比较慢,比较费时,耐心等待
yum install -y docker-ce
# 5、查看docker版本,验证是否验证成功
docker -v
# 6、可以选择配置阿里云镜像加速
二、docker常用命令
下载镜像(:后面是版本号,如果不写,默认下载最新lastest):
● docker pull redis:5.0
查看下载的镜像:
● docker images
启动容器:
● docker run -it --name=mysql mysql:5.7 /bin/bash(交互式,创建后直接进入容器,退出后容器关闭)
● docker run -id --name=mysql mysql:5.7(后台运行)
-it方式会在创建容器后直接进入容器,一顿操作后exit退出时容器也会关闭。
-id方式会在后台启动容器,如果你想进入容器,需要配合另一个命令:
● docker exec -it mysql /bin/bash
docker容器的启动比较麻烦,更多细节后面安装过程中自行体会。
启动容器后会用到以下几个操作, 比如查看容器:
● docker ps -a
启动、停止、重启:
● docker start rabbitmq
● docker stop rabbitmq
● docker restart rabbitmq
停止容器后,才能删除容器(镜像就好比qq.exe,容器则是运行的qq程序,你卸载qq和删除qq.exe安装包无关)
● docker rm rabbitmq(具体名字根据自己的来)
如果想连带镜像也删了(多了i,盲猜是 remove images 的缩写):
● docker rmi rabbitmq(具体名字根据自己的来)
另外介绍几个批量操作的命令,后面你可能会需要:
启动docker
systemctl start docker
开机启动docker
systemctl enable docker
停止docker
systemctl stop docker
查看docker状态
systemctl status docker
docker中 启动所有的容器命令
docker start $(docker ps -a | awk '{ print $1}' | tail -n +2)
docker中 关闭所有的容器命令
docker stop $(docker ps -a | awk '{ print $1}' | tail -n +2)
docker中 删除所有的容器命令
docker rm $(docker ps -a | awk '{ print $1}' | tail -n +2)
docker中 删除所有的镜像
docker rmi $(docker images | awk '{print $3}' |tail -n +2)
三、准备好要在制作镜像的所有相关文件
四、编写Dockerfile
FROM centos:centos7
RUN \
mkdir -p /opt/tools \
&& mkdir -p /etc/redis \
&& mkdir /opt/logs \
&& mkdir -p /Users/apple/file \
&& mkdir -p /var/log/nginx \
&& mkdir config
# 复制文件
COPY redis.conf /etc/redis/redis.conf
ADD web_html/ /web_html/
ADD *.jar dcs-server.jar
ADD nginx/ /etc/nginx/
COPY application.yml /config/
COPY run.sh /
ADD http://download.redis.io/releases/redis-5.0.9.tar.gz /opt/tools
ADD http://nginx.org/download/nginx-1.20.2.tar.gz /opt/tools
COPY nginx.conf /opt/tools/nginx.conf
COPY jdk-8u181-linux-x64.tar.gz /opt/tools
RUN yum -y install gcc automake autoconf libtool make
# 安装redis
RUN \
yum install gcc -y \
&& cd /opt/tools \
&& tar -xzf redis-5.0.9.tar.gz \
&& rm -rf redis-5.0.9.tar.gz \
&& cd redis-5.0.9 && yum -y install tcl && make && make install \
&& cd /opt/tools \
&& rm -rf redis-5.0.9 \
&& rm -rf /var/cache/yum/*
# 安装 nginx
RUN \
yum -y install gcc-c++ zlib zlib-devel openssl openssl--devel pcre pcre-devel \
&& cd /opt/tools \
&& tar -zxv -f nginx-1.20.2.tar.gz \
&& rm -rf nginx-1.20.2.tar.gz \
&& cd nginx-1.20.2 \
&& yum -y install openssl openssl-devel \
&& ./configure --with-http_stub_status_module --with-http_ssl_module --sbin-path=/usr/sbin/nginx \
&& make && make install \
&& cd .. \
&& rm -rf nginx-1.20.2 \
&& rm -rf /var/cache/yum/* \
&& cp -rf /opt/tools/nginx.conf /usr/local/nginx/conf/nginx.conf
# 设置java环境变量
RUN \
cd /opt/tools \
&& tar -zxvf jdk-8u181-linux-x64.tar.gz
ENV JAVA_HOME /opt/tools/jdk1.8.0_181
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH .:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
ENV PATH $JAVA_HOME/bin:$JRE_HOME/bin:$PATH
# 我的nginx监听的是9998端口 这里暴露端口
EXPOSE 9998
# RUN \
# cd / \
# && chmod +x /run.sh \
# && ./run.sh
#使用cmd命令启动你需要启动的进程 或者 镜像制作完成之后进入容器内启动
sh脚本
# 启动nginx
/usr/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
# 启动redis
redis-server /etc/redis/redis.conf
# 启动java 服务
nohup java -jar -Dfile.encoding=utf-8 dcs-server.jar &
五、制作镜像并启动
# 进入到Dockerfile所在的父级目录执行 第一次时间可能比较久
docker build -t monitor:v1.0 .
# 构建镜像结束之后 查看镜像
docker images
# 启动 把容器中的9998端口映射到宿主机的9998端口
docker run -itd --name test -p 9998:9998 mointor:v1.0
# 进入容器内部 先查看已经启动容器的名称或id
docker ps
docker exec -it 容器名/容器id /bin/bash
# 启动需要的服务 nginx redis java
/usr/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
redis-server /etc/redis/redis.conf
nohup java -jar -Dfile.encoding=utf-8 dcs-0.0.1-SNAPSHOT.jar &
#ctrl+c 退出
# 查看是否正常启动
tail -f nohup.out
ps -ef | grep nginx 查看nginx启动 是否是指定的配置文件启动
ps -ef | grep redis-server 查看redis启动
# 退出容器
exit
最后查看是否启动成功
arm-DockerFile:
FROM centos:centos7
RUN \
mkdir -p /opt/tools \
&& mkdir -p /etc/redis \
&& mkdir /opt/logs \
&& mkdir -p /Users/apple/file \
&& mkdir -p /var/log/nginx \
&& mkdir config \
&& mkdir vulnevaluate
# 复制文件
COPY redis.conf /etc/redis/redis.conf
ADD web_html/ /web_html/
ADD *.jar dcs-server.jar
ADD nginx/ /etc/nginx/
COPY application.yml /config/
COPY run.sh /
COPY vulnevaluate/* /vulnevaluate/
ADD http://download.redis.io/releases/redis-5.0.9.tar.gz /opt/tools
ADD http://nginx.org/download/nginx-1.20.2.tar.gz /opt/tools
COPY nginx.conf /opt/tools/nginx.conf
# COPY jdk-8u181-linux-x64.tar.gz /opt/tools
COPY jdk-8u333-linux-aarch64.tar.gz /opt/tools
RUN yum -y install gcc automake autoconf libtool make
# 安装redis
RUN \
yum install gcc -y
# 安装 nginx
RUN \
yum -y install gcc-c++ zlib zlib-devel openssl openssl--devel pcre pcre-devel \
&& cd /opt/tools \
&& tar -zxv -f nginx-1.20.2.tar.gz \
&& rm -rf nginx-1.20.2.tar.gz \
&& cd nginx-1.20.2 \
&& yum -y install openssl openssl-devel \
&& ./configure --with-http_stub_status_module --with-http_ssl_module --sbin-path=/usr/sbin/nginx \
&& make && make install \
&& cd .. \
&& rm -rf nginx-1.20.2 \
&& rm -rf /var/cache/yum/* \
&& cp -rf /opt/tools/nginx.conf /usr/local/nginx/conf/nginx.conf
# 设置java环境变量
RUN \
cd /opt/tools \
&& tar -zxvf jdk-8u333-linux-aarch64.tar.gz
ENV JAVA_HOME /opt/tools/jdk1.8.0_333
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH .:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
ENV PATH $JAVA_HOME/bin:$JRE_HOME/bin:$PATH
EXPOSE 9998
# RUN \
# cd / \
# && chmod +x /run.sh \
# && ./run.sh
将*.tar.gz 解压为*.tar
tar zxvf .tar.gz
将宿主机的monitor文件夹 复制到web_html文件夹下
docker cp ./web_html/monitor e1ce91f6e305:/web_html
docker pull redis
sudo mkdir /data/redis
sudo mkdir /data/redis/data
sudo cp -p redis.conf /data/redis/
docker run -d --name redis -p 6379:6379 -v /data/redis/redis.conf:/etc/redis/redis.conf -v /data/redis/data:/data redis:5.0.9 redis-server --appendonly yes
解压 *.tar到指定目录
tar -xvf /root/mysql-8.0.28-linux-glibc2.12-x86_64.tar -C /usr/local/
nginx.conf
user root;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 9998 ssl;
server_name 172.16.14.28;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
root /web_html;
rewrite ^/$ /monitor/index.html break;
try_files $uri $uri/index.html break;
}
location ^~ /api/monitor {
proxy_pass http://127.0.0.1:8081;
client_max_body_size 100m;
}
location ^~ /api/vulnevaluate/ {
proxy_pass http://127.0.0.1:4001/vulnevaluate/;
client_max_body_size 100m;
}
location ^~ /knowledge/ {
rewrite ^/knowledge/req/(.*) /knowledge/req/$1 break;
rewrite ^/knowledge/(.*) /$1 break;
proxy_pass https://172.16.14.28:450;
client_max_body_size 100m;
}
# binwalk 代理
location ^~ /binwalk {
proxy_pass http://172.16.14.31:7799;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
# cyber代理
location ~ /(images|dcs_topo|pve_webvnc|guacamole|api2|novnc|xtermjs|api/cyberrange|api/common)/ {
proxy_pass https://172.16.14.26;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Cookie $http_cookie;
proxy_cookie_domain 172.16.14.26 172.16.14.28;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
server {
listen 443 ssl;
server_name 172.16.3.205;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# 前端及静态资源代理
location / {
root /web_html;
rewrite ^/$ /monitor/index.html break;
try_files $uri $uri/index.html break;
}
# 代理
location ^~ /api/monitor {
proxy_pass http://172.16.3.205:8081;
client_max_body_size 100m;
}
# 代理
location ^~ /api/vulnevaluate/ {
proxy_pass http://172.16.3.205:4001/vulnevaluate/;
client_max_body_size 100m;
}
# 代理
location ~ /(knowledge|api/knowledge)/ {
rewrite ^/knowledge/req/(.*) /knowledge/req/$1 break;
rewrite ^/api/knowledge/req/(.*) /knowledge/req/$1 break;
rewrite ^/knowledge/(.*) /$1 break;
proxy_pass http://172.16.3.205:8002;
client_max_body_size 100m;
}
# 代理
location ^~ /binwalk {
proxy_pass http://172.16.3.205:7799;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
# cyber代理
location ~ /(images|dcs_topo|pve_webvnc|guacamole|api2|novnc|xtermjs|api/cyberrange|api/common|upload/images/scene_cover|dcs_manager)/ {
proxy_pass https://172.16.3.247;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Cookie $http_cookie;
proxy_cookie_domain 172.16.3.247 172.16.3.205;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
diabled SElinux
info 'Disable SElinux .....'
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/SELINUX=enabled/SELINUX=disabled/g' /etc/selinux/config
cat /etc/selinux/config | grep 'SELINUX=disabled' || error 'Config SElinux Failed'
setenforce 0 || ignore_error
right 'Disable SElinux success'
1067
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
