完成了上一篇Wikijs,现在搭建Wordpress
本案例使用:bot.wuushu.cn
将bot.wuushu.cn域名解析到CNAME的***.cn-hongkong.alb.aliyuncs.com
进入ASK-ALLINONE集群,点击【命名空间与配额】,点击【创建】,创建namespace为wordpress的ns空间
因为我们之前的项目已在同一个集群创建过【存储】下的pv-mntnas-ghost【存储卷】,存储卷类型:NAS,所以本项目不再创建PV。
部署Wordpress的MySQL
在宝塔ECS创建/mntNAS/base/wordpress/mysql/data文件夹
点击【配置管理】下【保密字典】,创建Mysql的secret
apiVersion: v1
data:
password: d29yZHByZXNzcm9ja3M=
kind: Secret
metadata:
name: wp-mysql-prod-secrets
namespace: wordpress
type: Opaque
wordpressrocks的64base编码是:d29yZHByZXNzcm9ja3M=
点击【工作负载】下【无状态】,命名空间为【wordpress】,点击【使用镜像创建】
- 应用名称:【wp-mysql-prod】
- 副本数量:1
- 类型:无状态
- 点击【下一步】
- 镜像名称:【docker.io/library/mysql】
- 镜像Tag:【8.0.4】
- 所需资源:1核2GB
- 端口新增:名称mysql-port,容器端口3306,协议TCP
- 环境变量:点击【从镜像元数据中获取】,会出现键值:MYSQL_MAJOR
- 点击【新增】,保密字典类型,变量名称MYSQL_ROOT_PASSWORD,选择变量/变量引用wp-mysql-prod-secrets/password
- 启动执行:参数:["--collation-server=utf8mb4_0900_ai_ci"]
- 在下方数据卷,增加NAS:
名称:wp-mysql-prod-data
地址:***.cn-hongkong.extreme.nas.aliyuncs.com
主机路径:/base/wordpress/mysql/data
容器路径:/var/lib/mysql
记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/mysql/data
点击【下一步】
创建【服务】wp-mysql-prod-svc,虚拟集群ip,端口名称svcmysqlport,服务端口3306,容器端口3306,协议TCP,点击【创建】
用宝塔ECS查看NAS目录/mntNAS/base/wordpress/mysql/data,看到初始数据创建成功。
点击【工作负载】下的【无状态】,命名空间为【wordpress】,点击wp-mysql-prod
点击容器【终端】,进入命令行
mysql -uroot -p
输入secret密码登录
create database wpbot;
flush privileges;
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'wordpressrocks';
flush privileges;
show databases;
部署Wordpress和Php8.1-fpm
在宝塔ECS创建/mntNAS/base/wordpress/html文件夹
准备工作:创建配置项Configmap,让容器启动时替换nginx.conf
apiVersion: v1
data:
nginx.conf: |
user www-data;
worker_processes auto;
#error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 10240;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 512;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon image/svg+xml;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/mime.types;
default_type application/octet-stream;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 10m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx/conf.d/*.conf;
}
kind: ConfigMap
metadata:
name: nginx-conf
namespace: wordpress
准备工作:创建配置项Configmap,让容器启动时替换default.conf
apiVersion: v1
data:
default.conf: |
server {
listen 80 default_server;
client_max_body_size 2000m;
root /var/www/html;
server_name bot.wuushu.cn;
index index.php;
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
location / {
try_files $uri $uri/ /index.php?$args;
}
#REWRITE-START
rewrite ^http://bot.wuushu.cn(.*) https://bot.wuushu.cn$1 permanent;
#REWRITE-END
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
kind: ConfigMap
metadata:
name: default-conf
namespace: wordpress
一定要加上:
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
点击【工作负载】下的【无状态】,命名空间为【wordpress】,点击【使用镜像创建】
- 应用名称:【wp-prod】
- 副本数量:1
- 类型:无状态
- 点击【下一步】
- 镜像名称:【docker.io/library/wordpress】
- 镜像Tag:【php8.1-fpm】
- 所需资源:1核2GB
- 在下方数据卷,增加NAS:
名称:wp-prod-data
地址:***.cn-hongkong.extreme.nas.aliyuncs.com
主机路径:/base/wordpress/html
容器路径:/var/www/html
记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/html
点击最上方标签【添加容器】
- 镜像名称:【docker.io/nginx】
- 镜像Tag:【1.23】
- 所需资源:1核2GB
- 端口新增:名称http-port,容器端口80,协议TCP
- 在下方数据卷:
增加本地存储,存储卷类型为配置项,挂载源选择default-conf,容器路径为/etc/nginx/conf.d,子路径留空。
增加本地存储,存储卷类型为配置项,挂载源选择nginx-conf,容器路径为/etc/nginx/nginx.conf,子路径输入nginx.conf - 在下方数据卷,增加NAS:
名称:wp-prod-data
地址:***.cn-hongkong.extreme.nas.aliyuncs.com
主机路径:/base/wordpress/html
容器路径:/var/www/html
记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/html
创建【服务】wp-prod-svc,虚拟集群ip
端口名称svcwpport,服务端口80,容器端口80,协议TCP
端口名称svcphpport,服务端口9000,容器端口9000,协议TCP
点击【创建】,等待pod状态变成running
用宝塔ECS查看NAS目录/mntNAS/base/wordpress/html,看到初始数据创建成功。
点击【网络】下【路由】,点击【创建ALB Ingress】
- 名称:wp-prod-albingress
- 域名:bot.wuushu.cn
- 路径:/*
- 服务名称选择wp-prod-svc,端口80,勾选开启TLS,因为阿里云有证书自动发现功能,所以不用配置ssl,勾选TLS后记得加上自定义注解:alb.ingress.kubernetes.io/ssl-redirect 为 true
进入https://bot.wuushu.cn/index.php
会跳转到https://bot.wuushu.cn/wp-admin/setup-config.php
- 数据库名:wpbot
- 用户名:root
- 密码:wordpressrocks
- 数据库主机:上面创建的wp-mysql-prod-svc服务的集群ip
- 表前缀:botwp_
安装成功后,进入wordpress后台插件安装:WPvivid备份插件
千万不要改设置里的url,保持http,不要改成https
点击密钥标签,生成key
将其复制到旧的wp的WPvivid备份插件里,从旧wp迁移到新的bot.wuushu.cn地址
在新wp里面刷新备份&恢复,看到传来的backup,点击【还原】
还原后,进到设置里的常规,看到WP地址和站点地址依然是http的,千万不要改!改成https会导致报错,不改不会影响正常https访问
如果不小心改了,则需要到登录数据库:你的前缀_options表格的siteurl和home这两个option_name的option_value修改回http。
也就是旧wp如果是https,导入还原到新wp,设置依然是http,不用改。
切记,不要使用【WP安全】插件的文件系统权限修改,要去nas目录下手工修改,通过集群安装在nas盘的wordpress,可能owner是33,用户组是node,请手工修改合适的文件和目录权限。
在wp根目录下:
chown -R 33 *
chgrp -R node *
下一篇测试安装一个(几乎)有状态的宝塔国际版aaPanel。
后记:Pure YAML for Wordpress-FPM-Mysql all in one
need CoreDNS installed
apiVersion: v1
data:
password: (这个是root password 的 base64)
kind: Secret
metadata:
name: prod-wp-mysql-secrets
namespace: prod-wordpress
type: Opaque
---
apiVersion: v1
data:
init.sql: |-
CREATE DATABASE dbname;
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '******';
FLUSH PRIVILEGES;
kind: ConfigMap
metadata:
name: prod-wp-mysql-cm-sqlinit
namespace: prod-wordpress
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: prod-wp-mysql
name: prod-wp-mysql
namespace: prod-wordpress
spec:
replicas: 1
selector:
matchLabels:
app: prod-wp-mysql
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: prod-wp-mysql
spec:
containers:
- args:
- '--collation-server=utf8mb4_0900_ai_ci'
env:
- name: MYSQL_MAJOR
value: '8.0'
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: prod-wp-mysql-secrets
image: 'docker.io/library/mysql:8.0.4'
imagePullPolicy: IfNotPresent
name: prod-wp-mysql
ports:
- containerPort: 3306
name: mysql-port
protocol: TCP
resources:
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d
name: volume-initsql
- mountPath: /var/lib/mysql
name: volume-mntnas-wp-mysql
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes:
- configMap:
defaultMode: 420
name: prod-wp-mysql-cm-sqlinit
name: volume-initsql
- name: volume-mntnas-wp-mysql
persistentVolumeClaim:
claimName: mntnas-wp-mysql
---
apiVersion: v1
kind: Service
metadata:
name: prod-svc-wp-mysql
namespace: prod-wordpress
spec:
clusterIP: None
clusterIPs:
- None
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: mysqlport
port: 3306
protocol: TCP
targetPort: 3306
selector:
app: prod-wp-mysql
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
---
apiVersion: v1
data:
nginx.conf: |
user www-data;
worker_processes auto;
#error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 10240;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 512;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon image/svg+xml;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx/conf.d/*.conf;
}
kind: ConfigMap
metadata:
name: nginx-conf
namespace: prod-wordpress
---
apiVersion: v1
data:
default.conf: |
server {
listen 80 default_server;
client_max_body_size 2000m;
root /var/www/html;
server_name yourdomain;
index index.php;
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
location / {
try_files $uri $uri/ /index.php?$args;
}
#REWRITE-START
rewrite ^http://yourdomain(.*) https://yourdomain$1 permanent;
#REWRITE-END
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
kind: ConfigMap
metadata:
name: default-conf
namespace: prod-wordpress
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: prod-wp
name: prod-wp
namespace: prod-wordpress
spec:
replicas: 1
selector:
matchLabels:
app: prod-wp
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: prod-wp
spec:
containers:
- image: 'docker.io/library/wordpress:php8.1-fpm'
imagePullPolicy: IfNotPresent
name: prod-wp-0
resources:
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- mountPath: /var/www/html
name: volume-mntnas-wp
- image: 'docker.io/nginx:1.23'
imagePullPolicy: IfNotPresent
name: prod-wp-1
ports:
- containerPort: 80
name: http-port
protocol: TCP
resources:
requests:
cpu: 250m
memory: 512Mi
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: volume-default-conf
- mountPath: /etc/nginx/nginx.conf
name: volume-nginx-conf
subPath: nginx.conf
- mountPath: /var/www/html
name: volume-mntnas-wp
volumes:
- name: volume-mntnas-wp
persistentVolumeClaim:
claimName: mntnas-wp
- configMap:
defaultMode: 420
name: default-conf
name: volume-default-conf
- configMap:
defaultMode: 420
name: nginx-conf
name: volume-nginx-conf
---
apiVersion: v1
kind: Service
metadata:
name: prod-svc-wp
namespace: prod-wordpress
spec:
clusterIP: None
clusterIPs:
- None
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: svcwpport
port: 80
protocol: TCP
targetPort: 80
- name: svcphpport
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: prod-wp
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/ssl-redirect: 'true'
kubernetes.io/ingress.class: alb
name: prod-wp-albingress
namespace: prod-wordpress
spec:
rules:
- host: yourdomain
http:
paths:
- backend:
service:
name: prod-wp-svc
port:
number: 80
path: /*
pathType: ImplementationSpecific
tls:
- hosts:
- yourdomain
status:
loadBalancer:
ingress:
- hostname: ***.alb.aliyuncs.com
if restore from WP duplicator lite plugin, you must replace URL https with http when using installer.php(after connected to db) [URL, Scan Options Site URL, both need to be http]
进入https://domain/index.php
会跳转到https://domain/wp-admin/setup-config.php
数据库名:dbname
用户名:root
密码:***
数据库主机:上面创建的prod-svc-wp-mysql服务的集群内部端点(no ip)
表前缀:***_
安装成功后,进入wordpress后台插件安装:WPvivid备份插件
千万不要改设置里的url,保持http,不要改成https
点击密钥标签,生成key
将其复制到旧的wp的WPvivid备份插件里,从旧wp迁移到新的domain地址
在新wp里面刷新备份&恢复,看到传来的backup,点击【还原】
还原后,进到设置里的常规,看到WP地址和站点地址依然是http的,千万不要改!改成https会导致报错,不改不会影响正常https访问
如果不小心改了,则需要到登录数据库:你的前缀_options表格的siteurl和home这两个option_name的option_value修改回http。
也就是旧wp如果是https,导入还原到新wp,设置依然是http,不用改。
切记,不要使用【WP安全】插件的文件系统权限修改,要去nas目录下手工修改,通过集群安装在nas盘的wordpress,可能owner是33,用户组是node or tape,请手工修改合适的文件和目录权限。
在wp根目录下:
chown -R 33 *
chgrp -R node *