制作Disconf前端的Docker镜像详解

一、环境描述

1. 宿主机

  • CPU:双核
  • 内存:4 GB
  • 硬盘:120 GB
  • IP地址:192.168.190.128
  • 操作系统:CentOS 7.4 x86_64 Minimal

2. Docker

3. 基础镜像

二、构建镜像

1. 安装Git

在shell中运行以下命令:

yum install -y git

2. 克隆Disconf的打包文件

从GitHub克隆编译得到的Disconf打包文件,可参考《编译和打包Disconf详解》。在shell中运行以下命令:

cd /root/Downloads
git clone https://github.com/ghoulich/docker.git
cd docker/disconf

3. 创建服务启动脚本

在shell中运行以下命令,创建start.sh脚本,容器启动时会调用该脚本启动服务:

cat > start.sh << "EOF"
#! /bin/bash

# Source function library.
. /etc/rc.d/init.d/functions

if [ -L $0 ]; then
    initscript=`/bin/readlink -f $0`
else
    initscript=$0
fi

sysconfig=`/bin/basename $initscript`

if [ -f /etc/sysconfig/$sysconfig ]; then
    . /etc/sysconfig/$sysconfig
fi

nginx=${NGINX:-/usr/sbin/nginx}
prog=`/bin/basename $nginx`
conffile=${CONFFILE:-/etc/nginx/nginx.conf}
lockfile=${LOCKFILE:-/var/lock/subsys/nginx}
pidfile=${PIDFILE:-/var/run/nginx.pid}
SLEEPSEC=${SLEEPSEC:-1}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
CHECKSLEEP=${CHECKSLEEP:-3}
RETVAL=0

start() {
    echo -n $"Starting $prog: "

    daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
    RETVAL=$?
    echo
    [ $RETVAL = 0 ] && touch ${lockfile}
    return $RETVAL
}

start

exit $RETVAL
EOF

4. 创建镜像源配置文件

本文通过Nginx的官方镜像源安装Nginx,需要创建镜像源配置文件:

cat > nginx.repo << "EOF"
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
EOF

5. 创建supervisor配置文件

supervisor是一种Linux的进程管理工具,Disconf前端容器会用其管理自身的后台服务。在shell中运行以下命令,创建supervisord.conf文件:

cat > supervisord.conf << "EOF"
[supervisord]
nodaemon=true

[program:nginx]
command=/bin/bash start.sh
EOF

6. 创建Dockerfile文件

在shell中运行以下命令:

cat > /root/Downloads/docker/disconf/Dockerfile << "EOF"
# 使用自建的CentOS 6.9基础镜像
FROM registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos:6.9

# 镜像维护者
MAINTAINER ghoulich@aliyun.com

# 添加Nginx镜像源
COPY nginx.repo /etc/yum.repos.d/
RUN rpm --import http://nginx.org/keys/nginx_signing.key

# 安装Nginx
RUN yum install -y epel-release
RUN rpm --rebuilddb && yum install -y nginx supervisor tar
RUN mkdir -p /var/lib/nginx
COPY start.sh /
COPY supervisord.conf /etc/supervisord.conf

# 复制静态资源
COPY disconf-static.tar.gz /
RUN tar xvzf disconf-static.tar.gz && mv disconf-static /var/lib/nginx/disconf && rm -rf disconf-static.tar.gz

# 清理系统
RUN yum clean all

# 开放端口
EXPOSE 80

# 挂载数据、配置和日志目录
VOLUME ["/etc/nginx", "/var/log/nginx"]

# 自动启动Nginx
CMD ["/usr/bin/supervisord"]
EOF

有以下几点需要注意:

  • 基于自建的CentOS 6.9基础镜像。
  • 开放80端口,这是Nginx的默认服务端口。
  • 将Nginx的配置目录和日志目录设置为挂载点。

7. 构建镜像

在shell中运行以下命令:

docker build -t disconf-frontend:latest .

8. 上传镜像

在shell中运行以下命令,登录阿里云的镜像库,然后为新建镜像创建标签,最后推送至镜像库:

# 登录阿里云镜像库
docker login --username=ghoulich@aliyun.com registry.cn-hangzhou.aliyuncs.com
# 创建镜像标签
docker tag disconf-frontend:latest registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-disconf-frontend:latest
# 推送镜像
docker push registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-disconf-frontend:latest

三、使用方法

1. 创建MIME类型文件

创建mime.types文件,指定Nginx支持的多媒体文件类型:

cd /root/Downloads
cat > /root/Downloads/mime.types << "EOF"
types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}
EOF

2. 创建Nginx配置文件

创建nginx.conf文件,指定Nginx的全局配置:

cat > /root/Downloads/nginx.conf << "EOF"
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
EOF

3. 创建Disconf站点配置文件

创建disconf.conf文件,指定Disconf站点的配置:

cat > /root/Downloads/disconf.conf << "EOF"
upstream disconf {
    server 192.168.0.5:8080;
}

server {

    listen   8080;
    server_name 192.168.190.128;
    access_log /var/log/nginx/disconf_access.log;
    error_log /var/log/nginx/disconf_error.log;

    location / {
        root /var/lib/nginx/disconf;
        if ($query_string) {
            expires max;
        }
    }

    location ~ ^/(api|export) {
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://disconf;
    }
}
EOF

4. 创建必要的目录

在shell中运行以下命令,创建Disconf前端容器的配置目录和日志目录,然后修改访问权限,最后将上面的配置文件拷贝至相应的目录:

mkdir -p /usr/local/disconf-frontend/{conf,logs}
mkdir -p /usr/local/disconf-frontend/conf/conf.d
chown -R 499:499 /usr/local/disconf-frontend/logs
cp /root/Downloads/{nginx.conf,mime.types} /usr/local/disconf-frontend/conf/
cp /root/Downloads/disconf.conf /usr/local/disconf-frontend/conf/conf.d/

注意,499:499是Disconf前端容器中的nginx用户的UID和GID,宿主机没有这个用户。

5. 启动容器

在shell中运行以下命令:

docker run --detach \
    --name disconf-frontend \
    --hostname disconf-frontend \
    --volume /usr/local/disconf-frontend/conf:/etc/nginx \
    --volume /usr/local/disconf-frontend/logs:/var/log/nginx \
    --publish 8080:8080 \
    registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-disconf-frontend:latest

需要注意以下几点:

  • 将容器的8080端口映射至宿主机的8080端口。
  • 将容器的配置目录和日志目录映射至宿主机的相应目录。