1、使用dockerfile制作nginx+php-fpm镜像,实现lnmp。
1.1 制作基础镜像
[root@offline base]# cat Dockerfile
FROM centos:centos7.8.2003
MAINTAINER RICKZHU
RUN yum install wget -y \
&& rm -rf /etc/yum.repos.d/*.repo \
&& wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
&& wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel ntpdata crontabs
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@offline base]# docker build -t centos:base .
[root@offline base]# docker images |grep centos
centos base dbddb0186fa6 4 minutes ago 542MB
1.2 制作nginx+php-fpm镜像
[root@offline nginx-php]# cat Dockerfile
FROM centos:base
MAINTAINER Rickzhu
RUN yum install nginx -y && mkdir -p /data/php
ADD lnmp.conf /etc/nginx/conf.d/
ADD index.php /data/php
ADD abc.html /data/php
RUN yum install php php-mysql php-fpm -y
EXPOSE 80 9000
CMD /usr/sbin/php-fpm -D && nginx -g "daemon off;"
[root@offline nginx-php]# ls
abc.html Dockerfile index.php lnmp.conf nginx.conf
[root@offline nginx-php]# cat abc.html
<h1>Hello Docker nginx-php</h1>
[root@offline nginx-php]# cat index.php
<?php phpinfo() ?>
[root@offline nginx-php]# cat lnmp.conf
server {
listen 80;
server_name 10.0.1.24;
root /data/php;
index index.html index.php;
location ~* \.php$ {
root /data/php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@offline nginx-php]# docker build -t nginx-php:v1 .
[root@offline nginx-php]# docker images |grep nginx-php
nginx-php v1 b35cdbd20e76 3 minutes ago 669MB
1.4 启动nginx-php容器
[root@offline nginx-php]# docker run --name nginx-php -d -p 80:80 nginx-php:v1
[root@offline nginx-php]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1531116fc0a0 nginx-php:v1 "/bin/sh -c '/usr/sb…" 7 seconds ago Up 6 seconds 0.0.0.0:80->80/tcp, 9000/tcp nginx-php
1.5 测试
2、使用dockerfile制作tomcat镜像,并实现对jsp测试页访问
2.1 编写Dockerfile文件
[root@offline tomcat]# cat Dockerfile
#Tomcat Base Image
FROM centos:centos7.8.2003
MAINTAINER rickzhu "1779526363@qq.com"
ADD apache-tomcat-8.5.57.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/apache-tomcat-8.5.57 /usr/local/src/tomcat
RUN yum install java-1.8.0-openjdk -y
ADD index.jsp /usr/local/src/tomcat/webapps/ROOT/
EXPOSE 8080 8009
ADD run_tomcat.sh /
CMD ["/run_tomcat.sh"]
2.2 准备所需文件
[root@offline tomcat]# cat run_tomcat.sh
#!/bin/bash
sh /usr/local/src/tomcat/bin/startup.sh start
tail -f /etc/hosts
[root@offline tomcat]# cat index.jsp
<%@ page language="java" %>
<%@ page import="java.util.*" %>
<html>
<head>
<title>JSP Test Page</title>
</head>
<body>
<% out.println("Welcom to access Tomcat!");%>
</body>
</html>
[root@offline tomcat]# ls
apache-tomcat-8.5.57.tar.gz Dockerfile index.jsp run_tomcat.sh
2.3 创建镜像
[root@offline tomcat]# docker build -t tomcat-web:app1 .
[root@offline tomcat]# docker images |grep tomcat
tomcat-web app1 ec07ca837027 3 minutes ago 506MB
2.4 测试
#创建容器
[root@offline tomcat]# docker run --name tomcat -it -d -p 8080:8080 tomcat-web:app1
1d97384560c6faced5c198d083be01be5dd09e7259acb194eb48d06c5e5d8934
[root@offline tomcat]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d97384560c6 tomcat-web:app1 "/run_tomcat.sh" 5 seconds ago Up 4 seconds 8009/tcp, 0.0.0.0:8080->8080/tcp tomcat
3、安装配置harbor服务,并将打包好的镜像提交到harbor仓库
3.1.安装Docker Compose
root@offline:~#curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
root@offline:~#chmod +x /usr/local/bin/docker-compose
root@offline:~#ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
root@offline:~# docker-compose --version
docker-compose version 1.18.0, build 8dd22a9
3.2下载并解压harbor离线安装包
root@offline:~# wget https://github.com/goharbor/harbor/releases/download/v1.10.3/harbor-offline-installer-v1.10.3.tgz
root@offline:~# cd /usr/local/src/
root@offline:/usr/local/src# tar xf harbor-offline-installer-v1.10.3.tgz
root@offline:/usr/local/src# ls
harbor harbor-offline-installer-v1.10.3.tgz
3.3 编辑配置文件并安装harbor
[root@offline harbor]# grep hostname harbor.yml
# The IP address or hostname to access admin UI and registry service.
hostname: 10.0.1.24
# And when it enabled the hostname will no longer used
[root@offline harbor]# ./install.sh --with-clair
3.4 验证
浏览器输入10.0.1.25,账号admin,默认密码Harbor12345
4.配置https的harbor
4.1 生成相关证书
#生成ca证书
[root@offline cert]# mkdir /data/cert/^C
[root@offline cert]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
......................++
.........................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@offline cert]# ls
ca.key
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \
> -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net" \
> -key ca.key \
> -out ca.crt
[root@offline cert]# ls
ca.crt ca.key
#生成服务器证书
[root@offline cert]# openssl genrsa -out harbor.nassoft.net.key 4096
Generating RSA private key, 4096 bit long modulus
.........++
................++
e is 65537 (0x10001)
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net" -key harbor.nassoft.net.key -out harbor.nassoft.net.crt
[root@offline cert]# ks
bash: ks: command not found...
[root@offline cert]# ls
ca.crt ca.key harbor.nassoft.net.crt harbor.nassoft.net.key
#分发server证书
[root@offline cert]# mkdir /etc/docker/certs.d/harbor.nassoft.net -p
[root@offline cert]# cp harbor.nassoft.net.crt /etc/docker/certs.d/harbor.nassoft.net/
4.2 修改harbor配置
[root@offline harbor]# docker-compose down -v
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping clair ... done
Stopping redis ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping harbor-portal ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-core ... done
Removing clair ... done
Removing redis ... done
Removing registry ... done
Removing registryctl ... done
Removing harbor-portal ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
Removing network harbor_harbor-clair
[root@offline harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.nassoft.net
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# # https port for harbor, default is 443
port: 443
# # The path of cert and key files for nginx
certificate: /data/cert/harbor.nassoft.net.crt
private_key: /data/cert/harbor.nassoft.net.key
[root@offline harbor]# ./prepare
prepare base dir is set to /usr/local/src/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/clair/postgresql-init.d/README.md
Clearing the configuration file: /config/clair/postgres_env
Clearing the configuration file: /config/clair/config.yaml
Clearing the configuration file: /config/clair/clair_env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@offline harbor]# ls
common docker-compose.yml harbor.v1.9.4.tar.gz harbor.yml install.sh LICENSE prepare
[root@offline harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating redis ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating harbor-portal ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
[root@offline harbor]#
4.3 测试
4.3.1 测试上传镜像
[root@offline cert]# echo 10.0.1.24 harbor.nassoft.net >> /etc/hosts
[root@offline cert]# docker login harbor.nassoft.net
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@offline cert]# docker pull busybox:latest
[root@offline cert]# docker tag busybox:latest harbor.nassoft.net/baseimages/busybox:latest
[root@offline cert]# docker push harbor.nassoft.net/baseimages/busybox:latest
The push refers to repository [harbor.nassoft.net/baseimages/busybox]
50761fe126b6: Pushed
latest: digest: sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907 size: 527
[root@offline cert]#
4.3.2 浏览器测试