iT邦幫忙

0

Docker -week2_LaraDock+nginx+mysql+Vue

建議學習dock,會linux基礎會比較好

有架設過Apache2 nginx mysql phpmyadmin過有些東西比較好理解

裏面maybe跳很快 我上手docker沒有很久 1~2星期內 將專案轉換成docker使用

大多運行再beta上,online版本還不敢改成docker使用

目前有4個專案
1.web 前端 vue+nuxt+pm2
2.middleware apiServer php laravel
3.vendor 後台1 php laravel
4.backend 後台2 php CI

部份指令

docker ps ; 可以看現在運行中的
docker exec -it CONTAINER_ID bash ;進入那台docker bash裏面察看一下問題
docker-compose ;一定要再laradock裏面執行

docker-compose build XXXX; xxxx like nginx mysql 建立新或重建
docker-compose up -d xxxx;xxxx like nginx mysql 啟動 這個docker -d 背景執行
docker-compose down;關閉所有


參考

laradock影片先看


LaraDock

就是laravel+Dock 幾乎把可以用到的用好了

由於專案較多且需要獨立vue的前端


下載laraDock

laradock 就是開發環境相關的設定
www 就是你的code放置的地方

https://ithelp.ithome.com.tw/upload/images/20200526/20120035wRMobviWHE.png


.env設定

cd laradock
cp env-example .env
vi .env

修改 同步docker內外資料夾在哪裡

# Point to the path of your applications code on your host
APP_CODE_PATH_HOST=../www

mysql

vi .env

記得要先修改 mysql的帳密

MYSQL_VERSION=latest
MYSQL_DATABASE=default
MYSQL_USER= user
MYSQL_PASSWORD= urpassword
MYSQL_PORT=3306
MYSQL_ROOT_PASSWORD= rootpassword
MYSQL_ENTRYPOINT_INITDB=./mysql/docker-entrypoint-initdb.d

建制mysql docker 然後運行

docker-compose build mysql
docker-compose up -d mysql

如果之後要清空資料庫的話 相關資料再 直接清空

ls ~/.laradock/data/mysql/
sudo rm -fr ~/.laradock/data/mysql/

sql 直接匯入docker mysql

啟動mysql
然後察看 msyql CONTAINER ID
將你的sql檔案直接匯入XDBnameX 裏面去

docker-compose up -d mysql
docker ps 
docker exec -i  xCONTAINER IDx mysql -uroot -prootpassword XDBnameX < ???.sql

phpmyadmin

設定 phpmyadmin port 你自己喜歡就好 EX 我設定再8081
之後用 127.0.0.1:8081 直接進去

### PHP MY ADMIN ##########################################
# Accepted values: mariadb - mysql
PMA_DB_ENGINE=mysql
# Credentials/Port:
PMA_USER=default
PMA_PASSWORD=secret
PMA_ROOT_PASSWORD=secret
PMA_PORT=8081

建制phpmyadmin docker 然後運行
需要配合mysql一起上

docker-compose build phpmyadmin
docker-compose up -d mysql phpmyadmin

登入

伺服器:mysql
使用者名稱:root
密碼: rootpassword
https://ithelp.ithome.com.tw/upload/images/20200526/2012003586XZLoWMys.png


設定專案

進入docker 環境裡 進入到/var/www裡
是否與 ../www相同
設定你的laravel專案
同理給vendor backend

docker-compose exec workspace bash
cd /var/www/middleware
composer install
npm install 
vi .env
DB_CONNECTION=mysql
DB_HOST=mysql
DB_PORT=3306
DB_DATABASE=XDBnameX
DB_USERNAME=root
DB_PASSWORD=rootpassword

nginx

1.同理給 middleware vendor backend
先假設網域名稱為 middleware,先複製 config

cd laradock/nginx/sites
cp laravel.conf.example laravel.middleware.conf
vi laravel.middleware.conf

先關閉SSL
server_name laravel.middleware 自己想取自己想
重點 root /var/www/middleware/public;
因為開啟dock後 你的專案會再docker /var/www 裏面:ㄆ

server {

    listen 80;
    listen [::]:80;

    # For https
#    listen 443 ssl http2;
#    ssl_certificate ;
#    ssl_certificate_key ;

    server_name laravel.middleware;
    root /var/www/middleware/public;
    index index.php index.html index.htm;
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
        log_not_found off;
    }
    location / {
         try_files $uri $uri/ /index.php$is_args$args;
    }
    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_pass php-upstream;
        fastcgi_index index.php;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #fixes timeouts
        fastcgi_read_timeout 600;
        include fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
}
docker-compose build nginx
docker-compose up -d nginx

修改目錄權限

因為php-fpm運行為www-data

docker-compose exec php-fpm id www-data

uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)

所以需要設定權限

cd ../www/
chown -R 1000:1000 middleware/storage

修改本地端的/etc/hosts

vi /etc/hosts
127.0.0.1 laravel.middleware
127.0.0.1 laravel.vendor
127.0.0.1 laravel.backend
127.0.0.1 laravel.web

這樣再網頁打上laravel.middleware
就可以看到你的專案了


新增加node docker 給vue使用

或許有更好的方式建制
當初處理了一段時間
要將vue一起混著用

cd laradock
mkdir node
cd node
vi Dockerfile

使用node 10 你可以自己換成你要的
安裝vim pm2 gulp
我們使用gulp打包nuxt vue

# Use an official node runtime as a parent image
FROM node:10
MAINTAINER JERRY
RUN apt-get update &&\
    apt-get -y install vim
WORKDIR /var/www
# Install dependencies
# COPY package.json yarn.lock /app/

RUN npm install -g pm2
RUN npm uninstall -g gulp

設定 docker-compose.yml for vue

cd laradock
vi docker-compose.yml

增加node的設定
1.container_name 之後對應nginx設定
2.command 開啟後一些流程 可以再優化
3.ports 再package 上面有設定"beta-start": "HOST=0.0.0.0 PORT=3333 nuxt start"
4.volumes 吃相同/var/www

### node  ####################################################
    node:
      build:
        context: ./node
      container_name: web
      command: >
        /bin/bash -c 'cd web/;
                      dpkg -i --force-overwrite *.deb;
                      rm  *.deb;
                      npm install;
                      pm2-runtime start npm --name "web" -- run beta-start;'
      ports:
        - "3030:3333"
      networks:
        - frontend
        - backend
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
      links:
        - docker-in-docker
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
      environment:
        - PHP_IDE_CONFIG=${PHP_IDE_CONFIG}
        - DOCKER_HOST=tcp://docker-in-docker:2376
        - DOCKER_TLS_VERIFY=1
        - DOCKER_TLS_CERTDIR=/certs
        - DOCKER_CERT_PATH=/certs/client
        - FAKETIME=${PHP_FPM_FAKETIME}

讓前端要call api找的到地方 再backend:aliases:

### NGINX Server #########################################
    nginx:
      container_name: nginx
      build:
        context: ./nginx
        args:
          - CHANGE_SOURCE=${CHANGE_SOURCE}
          - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
          - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
          - http_proxy
          - https_proxy
          - no_proxy
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
        - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
        - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
        - ${NGINX_SSL_PATH}:/etc/nginx/ssl
      ports:
        - "${NGINX_HOST_HTTP_PORT}:80"
        - "${NGINX_HOST_HTTPS_PORT}:443"
        - "${VARNISH_BACKEND_PORT}:81"
      depends_on:
        - php-fpm
      networks:
        frontend:
          aliases:
            - test
        backend:
          aliases:
            - laravel.middleware
            - laravel.vendor
            - laravel.backend
            - laravel.web

設定 nginx for vue

vi laradock/nginx/sites/laravel.web.conf

代理proxy_pass http://web:3333; 其中web是container_name設定的
開啟css jpg js ....等等功能

map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}

server {
    listen 80;
    listen [::]:80;

    gzip            on;
    gzip_types      text/plain application/xml text/css application/javascript;
    gzip_min_length 1000;
    fastcgi_intercept_errors on;

    server_name laravel.web;

    charset utf-8;

    root /var/www/web/.nuxt;
    index index.html index.htm;

    proxy_set_header X-Forwarded-Proto $scheme;

    location /  {
        expires $expires;
        proxy_pass http://web:3333;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_redirect              off;
        proxy_read_timeout          1m;
        proxy_connect_timeout       1m;

    }
    
    location ~* \.(?:css|js|json|map)$ {
            expires 60d;
            access_log off;
            add_header Cache-Control "public";
    }

    location ~* \.(png|jpg|gif|ico)$ {
            expires 60d;
            access_log off;
            add_header Cache-Control "public";
    }

    location ~* \.(woff|woff2|ttf)$ {
            expires 1y;
            access_log off;
            add_header Cache-Control "public";
    }
   location ~* \.(html|xml|txt)$ {
            add_header Cache-Control "public";
   }

    location /apple-app-site-association {
            default_type application/json;
            add_header Cache-Control "public";
    }

    location ~ /\.{
            access_log off;
            log_not_found off;
            deny all;
    }

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
        log_not_found off;
    }

    error_log /var/log/nginx/laravel_error.log;
    access_log /var/log/nginx/laravel_access.log;
}


certbot SSL驗證

參考 Docker-HTTPS

一共4網站要做SSL驗證的話
上述的laravel.web laravel.middleware為localhost的使用使用
之後上線版本 修改成你的DNS
建議使用fullchain 我也不知道WHY.....

run-certbot.sh

letsencrypt certonly --webroot -w /var/www/letsencrypt -d $CNMIDDLEWARE --agree-tos --email $EMAIL --non-interactive --text

letsencrypt certonly --webroot -w /var/www/letsencrypt -d $CNWEB --agree-tos --email $EMAIL --non-interactive --text

letsencrypt certonly --webroot -w /var/www/letsencrypt -d $CNVENDOR --agree-tos --email $EMAIL --non-interactive --text

letsencrypt certonly --webroot -w /var/www/letsencrypt -d $CNBACKEND --agree-tos --email $EMAIL --non-interactive --text

cp /etc/letsencrypt/archive/$CNMIDDLEWARE/cert1.pem /var/certs/cert1.$CNMIDDLEWARE.pem
cp /etc/letsencrypt/archive/$CNMIDDLEWARE/fullchain.pem /var/certs/fullchain.$CNMIDDLEWARE.pem
cp /etc/letsencrypt/archive/$CNMIDDLEWARE/privkey1.pem /var/certs/privkey1.$CNMIDDLEWARE.pem


cp /etc/letsencrypt/archive/$CNWEB/cert1.pem /var/certs/cert1.$CNWEB.pem
cp /etc/letsencrypt/archive/$CNWEB/privkey1.pem /var/certs/privkey1.$CNWEB.pem

cp /etc/letsencrypt/archive/$CNVENDOR/cert1.pem /var/certs/cert1.$CNVENDOR.pem
cp /etc/letsencrypt/archive/$CNVENDOR/privkey1.pem /var/certs/privkey1.$CNVENDOR.pem


cp /etc/letsencrypt/archive/$CNBACKEND/cert1.pem /var/certs/cert1.$CNBACKEND.pem
cp /etc/letsencrypt/archive/$CNBACKEND/privkey1.pem /var/certs/privkey1.$CNBACKEND.pem

設定 docker-compose.yml for https

修改對應 run-certbot.sh 的變數名稱
然後再你的www裏面增加 letsencrypt資料夾

cd www/
mkdir letsencrypt

之後跑certbot會用到
這些設定跟nginx有關,再驗證的時後會網址會增加xxxxx.tw/.well-known/acme-challenge
然後會對應到 你資料夾 www/letsencrypt

location ^~ /.well-known/acme-challenge/ {
    root /var/www/letsencrypt/;
    log_not_found off;
}

然後驗證完了你的憑證都在 laradock/data/certbot/certs 裏面
./certbot/log/:/var/log/letsencrypt 這段只是察看log error

### Certbot #########################################
    certbot:
      build:
        context: ./certbot
      volumes:
        - ./data/certbot/certs/:/var/certs
        - ../www/letsencrypt/:/var/www/letsencrypt
        - ./certbot/log/:/var/log/letsencrypt
      environment:
        - CNWEB=web.yourdns.tw
        - CNMIDDLEWARE=middleware.yourdns.tw
        - CNVENDOR=vendor.yourdns.tw
        - CNBACKEND=backend.yourdns.tw
        - EMAIL=XXXXXXX@gmail.com
      networks:
        - frontend

把./data/certbot/certs/:/var/certs SSL憑證掛載進去docker nginx裏面

### NGINX Server #########################################
    nginx:
      container_name: nginx
      build:
        context: ./nginx
        args:
          - CHANGE_SOURCE=${CHANGE_SOURCE}
          - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
          - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
          - http_proxy
          - https_proxy
          - no_proxy
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
        - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
        - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
        - ${NGINX_SSL_PATH}:/etc/nginx/ssl
        - ./data/certbot/certs/:/var/certs
.....等等

如果無法掛載/var/certs的話

cd laradock/nginx
vi Dockerfile

增加一行
讓nginx形成的時候有資料夾

RUN mkdir /var/certs

Supervisor

當我們有使用 queue 或是 scheduler 的功能時, 會需要在背景起一個 process 用來監聽 queue job, 這時便需要使用程序管理器

cd laradock/php-worker/supervisord.d
cp  laravel-worker.conf.example  middleware.conf
cp  laravel-worker.conf.example  vendor.conf
---

內容填
program:laravel-middleware 如果有多專案 要換名稱阿

[program:laravel-middleware]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/middleware/artisan queue:work --sleep=3 --tries=3 --daemon
autostart=true
autorestart=true
numprocs=3
user=laradock
redirect_stderr=true
stdout_logfile=/var/www/middleware/storage/logs/worker.log







1 則留言

0
slamgundam
iT邦新手 4 級 ‧ 2020-12-12 22:01:04

想問請問 laradock 的 certbot 會自動更新憑證嗎?

我要留言

立即登入留言