准备
app.py
from flask import Flask
from redis import StrictRedis
import os
import socket
app = Flask(__name__)
redis = StrictRedis(host=os.environ.get('REDIS_HOST', '127.0.0.1'),
port=6379, password=os.environ.get('REDIS_PASS')) # 从环境变量读密码
@app.route('/')
def hello():
redis.incr('hits')
return f"Hello Container World! I have been seen {redis.get('hits').decode('utf-8')} times and my hostname is {socket.gethostname()}.\n"
Dockerfile
FROM python:3.9.5-slim
RUN pip install flask redis && \
groupadd -r flask && useradd -r -g flask flask && \
mkdir /src && \
chown -R flask:flask /src
USER flask
COPY app.py /src/app.py
WORKDIR /src
ENV FLASK=app.py REDIS_HOST=redis
EXPOSE 5000
CMD ["flask", "run", "-h", "0.0.0.0"]
nginx.conf
server {
listen 80 default_server;
location / {
proxy_pass http://flask:5000;
}
}
docker-compose.yml
environment
环境变量参数
version: "3.8"
services:
flask:
build:
context: ./flask
dockerfile: Dockerfile
image: flask-demo:latest
environment:
- REDIS_HOST=redis-server
- REDIS_PASS=abc123 # app.py 读取密码
networks:
- backend
- frontend
redis-server:
image: redis:latest
command: redis-server --requirepass abc123
networks:
- backend
nginx:
image: nginx:stable-alpine
ports:
- 8000:80
depends_on:
- flask
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./var/log/nginx:/var/log/nginx
networks:
- frontend
networks:
backend:
frontend:
执行
执行步骤:
- build构建
- up -d 后台启动
- ps 查看
PS C:\Users\柏杉\Downloads\compose-env> docker-compose build
redis-server uses an image, skipping
nginx uses an image, skipping
Building flask
Sending build context to Docker daemon 3.072kB
Step 1/8 : FROM python:3.9.5-slim
---> c71955050276
Step 2/8 : RUN pip install flask redis && groupadd -r flask && useradd -r -g flask flask && mkdir /src && chown -R flask:flask /src
---> Using cache
---> cbe62d2158d1
Step 3/8 : USER flask
---> Using cache
---> 6f59861a4345
Step 4/8 : COPY app.py /src/app.py
---> Using cache
---> 11fe82f12b2b
Step 5/8 : WORKDIR /src
---> Using cache
---> f7b7dce07bf7
Step 6/8 : ENV FLASK=app.py REDIS_HOST=redis
---> Using cache
---> 8457b24cf78f
Step 7/8 : EXPOSE 5000
---> Using cache
---> 960825bd910b
Step 8/8 : CMD ["flask", "run", "-h", "0.0.0.0"]
---> Using cache
---> f19971896f07
Successfully built f19971896f07
Successfully tagged flask-demo:latest
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
PS C:\Users\柏杉\Downloads\compose-env> docker-compose up -d
Creating network "compose-env_backend" with the default driver
Creating network "compose-env_frontend" with the default driver
Creating compose-env_flask_1 ... done
Creating compose-env_redis-server_1 ... done
Creating compose-env_nginx_1 ... done
PS C:\Users\柏杉\Downloads\compose-env> docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------
compose-env_flask_1 flask run -h 0.0.0.0 Up 5000/tcp
compose-env_nginx_1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8000->80/tcp
compose-env_redis-server_1 docker-entrypoint.sh redis ... Up 6379/tcp
PS C:\Users\柏杉\Downloads\compose-env>
浏览器访问:http://127.0.0.1:8000/
查看启动成功!
使用环境变量
把密码 abc123
改成${REDIS_PASSWORD}
别人无法根docker-compose.yml
看到密码,据提高了安全性。在构建时才把密码放进去!
version: "3.8"
services:
flask:
build:
context: ./flask
dockerfile: Dockerfile
image: flask-demo:latest
environment:
- REDIS_HOST=redis-server
- REDIS_PASS=${REDIS_PASSWORD}
networks:
- backend
- frontend
redis-server:
image: redis:latest
command: redis-server --requirepass ${REDIS_PASSWORD}
networks:
- backend
nginx:
image: nginx:stable-alpine
ports:
- 8000:80
depends_on:
- flask
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./var/log/nginx:/var/log/nginx
networks:
- frontend
networks:
backend:
frontend:
创建 .env
管理环境变量
docker-compose.yml
出现环境变量时,会自动找.env文件
REDIS_PASSWORD=ABC123
使用git管理,创建.gitignore
,管理上传文件
.env
配置文件预览 docker-compose config
提前预览一下,查看设置的有没有问题
PS C:\Users\柏杉\Downloads\compose-env> docker-compose config
networks:
backend: {}
frontend: {}
services:
flask:
build:
context: C:\Users\柏杉\Downloads\compose-env\flask
dockerfile: Dockerfile
environment:
REDIS_HOST: redis-server
REDIS_PASS: abc123
image: flask-demo:latest
networks:
backend: null
frontend: null
nginx:
depends_on:
flask:
condition: service_started
image: nginx:stable-alpine
networks:
frontend: null
ports:
- published: 8000
target: 80
volumes:
- C:\Users\柏杉\Downloads\compose-env\nginx\nginx.conf:/etc/nginx/conf.d/default.conf:ro
- C:\Users\柏杉\Downloads\compose-env\var\log\nginx:/var/log/nginx:rw
redis-server:
command: redis-server --requirepass abc123
image: redis:latest
networks:
backend: null
version: '3.8'
若要没有设置.env
文件
出现提示:REDIS_PASSWORD
没有设置,默认为空的字符串。
WARNING: The REDIS_PASSWORD variable is not set. Defaulting to a blank string.
自定义环境变量文件名
默认是.env
创建自定义的文件 myenv
:
REDIS_PASSWORD=ABC123
--env-file
参数
查看
docker-compose --env-file .\myenv config
启动
docker-compose --env-file .\myenv up -d