1、安装Debian
a. 一定要装英文版的,如果盘很小,那就全部都使用一个分区。
b.安装完之后,将时区调整到中国这边来。
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
c.新建自动更新证书 :
apt install certbot
curl https://get.acme.sh | sh
alias acme.sh=~/.acme.sh/acme.sh
d.创建a.sh文件
export Ali_Key="啊里云key"
export Ali_Secret="啊里云Secret"
source ~/.bashrc
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue --dns dns_ali -d '*.abc.com'
acme.sh --install-cert -d '*.abc.com' \
--key-file /home/nginx/cert/privkey.pem \
--fullchain-file /home/nginx/cert/fullchain.pem \
--reloadcmd "docker restart nginx"
'腾讯云权限策略
{
"statement": [
{
"action": [
"dnspod:DescribeRecordFilterList",
"dnspod:DescribeRecordList",
"dnspod:CreateRecord",
"dnspod:DeleteRecord"
],
"effect": "allow",
"resource": [
"*"
]
}
],
"version": "2.0"
}
#腾讯云
export Tencent_SecretId="__"
export Tencent_SecretKey="__"
source ~/.bashrc
/home/lighthouse/ecs-assist-user/acme_sh/acme.sh --set-default-ca --server letsencrypt
/home/lighthouse/ecs-assist-user/acme_sh/acme.sh --issue --dns dns_tencent -d '*._.cn'
/home/lighthouse/ecs-assist-user/acme_sh/acme.sh --install-cert -d '*._.cn' \
--key-file /etc/lighthouse/nginx/cert/_.cn.key \
--fullchain-file /etc/lighthouse/nginx/cert/_.com.crt \
--reloadcmd "docker restart nginx|docker restart gitlab"
crontab -e
#每个月的1号检查一遍
0 23 1 * * root /home/ecs-assist-user/a.sh
2、安装Docker
Install Docker Engine on Debian | Docker Documentation
然后按照这个教程进行安装,选择Debian操作系统最好。
不要看到英文就害怕,里面写着步骤1、2、3、4 、。。。很清楚的,把命令复制出来运行就好了。
修改Docker的源
在配置文件 /etc/docker/daemon.json 中加入:
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
修改docker默认的存储目录:
systemctl stop docker
mv /var/lib/docker /home/docker_container/docker-root
ln -s /home/docker_container/docker-root /var/lib/docker
重新启动 dockerd:
sudo systemctl restart docker
3、创建网络交换机
docker network create --driver bridge --subnet=172.19.12.0/24 --gateway=172.19.12.1 mynet
4、创建第一个网站
docker run -d --network=mynet --ip 172.19.12.4 --name httpd1-web -v /home/httpd1/htdocs:/var/www/ -v /home/httpd1/apache_conf:/etc/apache2 -v /home/httpd1/php_conf:/usr/local/etc/php --privileged=true --restart=always php:7.2-apache
在/home/httpd1/htdocs目录添加一个Index.html
<html>
<body>
<h1>打工人,打工魂</h1>
</body>
</html>
5、创建第二个网站
docker run -d --network=mynet --ip 172.19.12.5 --name httpd2-web -v /home/httpd2/htdocs:/var/www/ -v /home/httpd2/apache_conf:/etc/apache2 -v /home/httpd2/php_conf:/usr/local/etc/php --privileged=true --restart=always php:7.2-apache
在/home/httpd2/htdocs目录添加一个Index.html
<html>
<body>
<h1>月薪2000的打工人</h1>
</body>
</html>
添加扩展
sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
apt-get update
apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ --with-png-dir=/usr/include \
&& docker-php-ext-install -j$(nproc) gd ###### 7.3
apt-get install -y --no-install-recommends \
autoconf \
build-essential \
apt-utils \
zlib1g-dev \
libzip-dev \
unzip \
zip \
libmagick++-dev \
libmagickwand-dev \
libpq-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libwebp-dev \
libxpm-dev
docker-php-ext-configure gd \
--with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \
--with-freetype-dir=/usr/include/
docker-php-ext-install gd
docker-php-ext-configure zip --with-libzip
docker-php-ext-install pdo pdo_mysql
docker-php-ext-install mysqli
6、创建Nginx,用于域名转发
创建文件 /home/nginx/conf.d/default.conf
server {
listen 443 ssl;
server_name tc.abc.com;
ssl on;
ssl_certificate /etc/nginx/cert/fullchain.pem;
ssl_certificate_key /etc/nginx/cert/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.19.12.5:80; # 这里设置你要代理的ip+端口
add_header Access-Control-Allow-Origin *;#根据自己需求设置
}
client_max_body_size 50m;
types_hash_max_size 2048;
}
server {
listen 80;
server_name abc.com; # 把域名替换成你自己的,第一个网站
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.19.12.4:80; # 这里设置你要代理的ip+端口
add_header Access-Control-Allow-Origin *;#根据自己需求设置
}
client_max_body_size 50m;
types_hash_max_size 2048;
}
server {
listen 80;
server_name efg.com; # 把域名替换成你自己的,第二个网站
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.19.12.5:80; # 这里设置你要代理的ip+端口
add_header Access-Control-Allow-Origin *;#根据自己需求设置
}
client_max_body_size 50m;
types_hash_max_size 2048;
}
执行命令:
docker run \
-p 80:80 \
-p 443:443 \
--name nginx \
-it \
--restart=always \
-v /home/nginx/conf.d:/etc/nginx/conf.d \
-v /home/nginx/www:/www \
-v /home/nginx/cert:/etc/nginx/cert \
-d \
--network=mynet --ip 172.19.12.2 \
nginx
可以了。