banner
Violet

Violet's Blog

A Web <Developer />. Code_ for Fun.
x
github
bilibili
email

Docker部署应用程序

使用 docker 在 centos8 下部署一个 springboot+vue 应用程序,使用的容器有 springboot、mysql、redis、nginx。包含 springboot 镜像构建 Dockerfile、bridge 容器互联、目录映射等内容。

基础环境#

  • 开启 centos 防火墙端口转发
firewall-cmd --add-masquerade --permanent
  • 重启防火墙
firewall-cmd --reload
  • 创建目录

    根目录下创建 /data 文件夹,用于统一保存挂载到容器内的文件

    • /data/redis/data:[目录] 保存 redis 持久化数据
  • /data/redis/redis.conf:[文件] redis 配置文件

    • /data/nginx/html:[目录] nginx html 文件目录
  • /data/nginx/log:[目录] 日志

    • /data/nginx/nginx/nginx.conf:[文件] nginx 配置文件

网络#

  • 创建 docker 子网
docker network create --subnet 192.168.0.0/16 --gateway 192.168.0.1 docker-net

192.168.0.0/16:子网范围

192.168.0.1:网关地址

docker-net:子网名称

  • 创建后查看
docker network inspect docker-net
[
    {
        "Name": "docker-net",
        "Id": "1fc4884e63c593800fbbf263d10c09a8dadb52307096d57a5b2e80f84574ab90",
        "Created": "2023-01-11T19:18:32.691672677+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]
  • 加入网络

    • 在 docker 启动参数中加入--net docker-net

    • 容器启动之后,使用命令docker network connect docker-net <容器ID/NAME>

redis#

  • 下载 redis docker 镜像
docker pull redis
  • 创建 redis 配置文件
vi redis.conf
  • redis.conf 文件中写入
requirepass <你的redis密码>
  • 启动 redis
docker run -d -p 6379:6379 --name docker-redis --restart always -v /data/redis:/etc/redis -v /data/redis/data:/data --net docker-net redis redis-server /etc/redis/redis.conf

-d:后台运行

-p:端口映射,宿主机 6379 端口映射到容器 6379 端口

--name:容器启动后的名字

--restart always:容器自动重启

-v:文件挂载将容器内目录挂载到宿主机,左边是宿主机地址,右边是容器内地址

--net docker-net:加入 docker 子网

  • 启动后使用docker ps -a查看容器是否正常启动

MySQL#

  • 获取镜像
docker pull mysql:8.0.25

":" 用于指定 MySQL 版本

  • 启动 mysql 容器
docker run -d -p 3306:3306 --name d-mysql --net docker-net --restart always -e MYSQL_ROOT_PASSWORD=mysqlpwd -e MYSQL_USER=violet -e MYSQL_PASSWORD=Dd112211 mysql:8.0.25

-e MYSQL_ROOT_PASSWORD=mysqlpwd:-e 表示自定义参数,root 用户密码

-e MYSQL_USER=violet:容器启动时创建一个用户

-e MYSQL_PASSWORD=Dd112211:该用户的密码

其他参数可以在docker hub mysql查看

  • 设置用户权限

可以为容器启动时创建的用户赋予权限,或者让 root 用户可以远程登录

进入容器内

docker exec -it d-mysql /bin/bash

进入 mysql-client

mysql -uroot -p

设置 root 可以远程登录

grant all privileges on *.* to 'root'@'%';

刷新权限

FLUSH PRIVILEGES;
  • 退出 mysql-client,退出 docker 容器
exit
  • mysql 数据库数据导入 docker mysql

在 mysql-client 中执行

mysqldump -uroot -p --databases arrogant javawebsql my_blog springcloud vote_sys >/data/mysql/data-backup.sql

使用 mysqldump 来下载数据,保存在可执行的 sql 文件中

/data/mysql/data-backup.sql:目录及最后生成 sql 文件名字

--databases 和 目录之间的是需要转储的数据库名

将 sql 文件复制到 mysql 容器内

docker cp /data/mysql/data-backup.sql d-mysql:/home/

进入 mysql 容器,进入 mysql-client,执行命令,将数据写入,必须在 sql 文件目录下进入

source data-backup.sql

构建 springboot 镜像#

  • application.yml 设置

数据库地址设置为 d-mysql,即 mysql docker 容器 name

url: jdbc:mysql://d-mysql:3306/my_blog?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true

redis 地址设置为 d-redis

host: d-redis
  • 在 src 目录下创建文件 Dockerfile
FROM openjdk:8
LABEL maintainer=lnbiuc
COPY ./*.jar /app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
  • 上传文件

将 Dockerfile 和 jar 包放到同一个目录下

  • 构建镜像
docker build -t api:8.8 .

-t:表示 tag 这里,这里指镜像版本,api 是镜像名字

.:点非常重要,表示在当前目录下构建

  • 构建完成,查看镜像
docker images

image

  • 启动容器
docker run -d -p 8888:8888 -v /data/api:/log --name api --net docker-net --restart always  api:8.8.3

这里将 log 文件夹挂载出来方便查看,jar 包根目录,所以 log 文件夹也在同级的根目录下

Nginx#

  • 拉取镜像
docker pull nginx
  • 获取 springboot 访问地址
docker network inspect docker-net

输出

[
    {
        "Name": "docker-net",
        "Id": "1fc4884e63c593800fbbf263d10c09a8dadb52307096d57a5b2e80f84574ab90",
        "Created": "2023-01-11T19:18:32.691672677+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "00729e5b41d6ddcec195722869e57d1baf7bd754793cac7f986d452032b6810d": {
                "Name": "d-redis",
                "EndpointID": "2ea0446903341146ccc741aac0431ae3f3e0e6acc8972763f024136a3499a0ae",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            },
            "0682772aaec9f7d6bb435cf0d38e478c5298fa577783a226d086867d71bcf4b3": {
                "Name": "d-nginx",
                "EndpointID": "97dde4d3e0b8fff81722518b3b62094af5f0c1b1b484ef112c7db3490fb89ee7",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            },
            "27325e2b869eb28534e5a3e65de5eb8a650fa8488ded994de46cbb271af40a17": {
                "Name": "d-gitea",
                "EndpointID": "1a9ab8e968041b4df12ebaacecb74a166f23438cbba9b5345878c6fa672d982d",
                "MacAddress": "02:42:c0:a8:00:04",
                "IPv4Address": "192.168.0.4/16",
                "IPv6Address": ""
            },
            "bf2d1cf717fbc3a39c06068bba9638ad6ce49d407b3a6e28c196803188597038": {
                "Name": "api",
                "EndpointID": "34a832756b3c9c051d67e096f27448a80165407579de0a25877fe4d4e9f6e5d3",
                "MacAddress": "02:42:c0:a8:00:05",
                "IPv4Address": "192.168.0.5/16",
                "IPv6Address": ""
            },
            "ebb72c81a769e9e8385cdbf910a5845ae3f53d8cd8e4d3d317046dd726b74947": {
                "Name": "d-mysql",
                "EndpointID": "c86a7becc085a4f47a35a8488b81bef771e0ae9f6eadd7e41d0db2beae3a8862",
                "MacAddress": "02:42:c0:a8:00:06",
                "IPv4Address": "192.168.0.6/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

其中 name 为 api 下的 IPv4Address 即使 nginx 需要反向代理的地址

  • 准备好 ssl 证书和 nginx.conf 文件,放到 /data/nginx/nginx 目录下

我的 nginx.conf

error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;
# include enable-cors.conf

events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
    gzip on;
    gzip_static on;
	gzip_min_length 1k;
    gzip_comp_level 7;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;

	server {
    	listen *:80;
		listen [::]:80;
    	server_name beyondhorizon.top;

    	rewrite ^(.*)$ https://${server_name}$1 permanent;
	}

    server {
    	listen *:80;
		listen [::]:80;
    	server_name www.beyondhorizon.top;

    	rewrite ^(.*)$ https://${server_name}$1 permanent;
	}

    server {
		listen *:443 ssl http2;
    	listen [::]:443  ssl http2;
        server_name beyondhorizon.top www.beyondhorizon.top;
		ssl on;
        ssl_certificate beyondhorizon.top_bundle.crt;
        ssl_certificate_key beyondhorizon.top.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        ssl_prefer_server_ciphers on;

	    ssl_session_cache   shared:SSL:10m;
    	ssl_session_tickets on;
    	ssl_stapling        on;
    	ssl_stapling_verify on;
		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        client_max_body_size 10m;
        keepalive_timeout   70;
        include /etc/nginx/default.d/*.conf;

        location / {
                root /usr/share/nginx/html;
                index index.html;
                try_files $uri $uri/ /index.html;
		}

        location ~ /api/ {
                add_header Cache-Control max-age=3600;
                proxy_pass http://192.168.0.5:8888;
        }

       error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}
  • 上传 html 文件到 /data/nginx/html 下
  • 启动 nginx
docker run -d -p 80:80 -p 443:443 -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/nginx:/etc/nginx -v /data/nginx/log:/var/log/nginx --name d-nginx --restart always --net docker-net nginx
  • 后续如果修改了 nginx 配置文件,使用命令重启容器即可
docker restart d-nginx

此时全部容器都应该已经启动了,并且网站也可以正常访问啦

加载中...
此文章数据所有权由区块链加密技术和智能合约保障仅归创作者所有。