nginx反向代理harbor
1、构建基础镜像
#构建ubuntu系统基础镜像[root@DY-ubuntu-01 ubuntu_base]#vim Dockerfile
FROM ubuntu:20.04
LABEL maintainer="www.wang.org" version="ubuntu_base:v1.0"
RUN sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list && \
apt update && \
apt -y install tree wget vim curl iproute2 tzdata zip unzip && \
rm -rf /etc/localtime && \
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
rm -rf /var/lib/apt/lists/*
[root@DY-ubuntu-01 ubuntu_base]#docker build -t ubuntu_base:v1.0 .#构建php基础镜像
[root@DY-ubuntu-01 php]#vim Dockerfile
FROM ubuntu_base:v1.0
LABEL maintarner="www.wang.org" version="ubuntu_php:v1.1"
ADD php-7.4.30.tar.gz /usr/local/src/
RUN apt update && \
apt -y install gcc make libssl-dev libxml2-dev libsqlite3-dev libcurl3-dev libxml2 sqlite3 pkg-config zlib1g-dev libonig-dev libkrb5-dev libssl-dev libbz2-dev libcurl4-openssl-dev libpng-dev libjpeg-dev libfreetype-dev g++ libonig-dev libxslt-dev libzip-dev && \
cd /usr/local/src/php-7.4.30 && \
./configure --prefix=/apps/php74 --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo && \
make && make install && \
useradd -r -u 888 nginx && \
rm -rf /usr/local/src/php-7.4.30
COPY php.ini /usr/local/src/php-7.4.30/
COPY www.conf /apps/php74/etc/php-fpm.d/
COPY php-fpm.conf /apps/php74/etc/
[root@DY-ubuntu-01 php]#docker build -t ubuntu_php:v1.1 .#构建nginx基础镜像:
[root@DY-ubuntu-01 nginx]#vim Dockerfile
FROM ubuntu_php:v1.1
LABEL maintainer="www.wang.org" version="ubuntu_nginx:v1.0"
ADD nginx-1.22.0.tar.gz /usr/local/src/
RUN apt update && \
apt install -y nfs-kernel-server nfs-common openssh-server openssl libpcre3 libpcre3-dev
RUN cd /usr/local/src/nginx-1.22.0 && \
./configure --prefix=/apps/nginx && \
make && make install && \
ln -s /apps/nginx/sbin/nginx /usr/bin && \
mkdir /apps/nginx/conf/conf.d && \
rm -rf /usr/local/src/nginx-1.22.0/*
ADD nginx.conf /apps/nginx/conf/nginx.conf
RUN chown -R nginx.nginx /apps/nginx/
COPY run_nginx.sh /usr/local/sbin/
EXPOSE 80 443
CMD ["run_nginx.sh"]
[root@DY-ubuntu-01 nginx]#vim run_nginx.sh
#!/bin/bash
/apps/php74/sbin/php-fpm
/apps/nginx/sbin/nginx -g "daemon off;"
[root@DY-ubuntu-01 nginx]#docker build -t ubuntu_nginx:v1.0 .
2、搭建harbor
#192.168.100.215、192.168.100.216都执行:#准备harbor安装脚本,脚本参照:https://blog.皇冠云.com/dayu/5787187
[root@DY-ubuntu-06 ~]#bash install_harbor.sh
[root@DY-ubuntu-05 ~]#vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://"],
"insecure-registries": ["192.168.100.215","192.168.100.216","harbor.wang.org"]
}
[root@DY-ubuntu-05 ~]#systemctl restart docker
[root@DY-ubuntu-05 ~]#vim /etc/hosts
192.168.100.217 harbor.wang.org
[root@DY-ubuntu-05 ~]#vim /apps/harbor/harbor.yml
hostname: 192.168.100.215 #改为本机IP
[root@DY-ubuntu-05 ~]#cd /apps/harbor/
[root@DY-ubuntu-05 harbor]#./prepare
[root@DY-ubuntu-05 harbor]#docker-compose down
[root@DY-ubuntu-05 harbor]#docker-compose up -d
#浏览器分别登陆215和216设置harbor复制规则,具体请参照https://blog.皇冠云.com/dayu/5786146
3、nginx反向代理harbor
#192.168.100.217:[root@DY-ubuntu-07 conf]#cd certs/
[root@DY-ubuntu-07 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 2650 -out ca.crt
[root@DY-ubuntu-07 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.wang.org.key -out harbor.wang.org.csr
[root@DY-ubuntu-07 certs]#openssl x509 -req -days 3650 -in harbor.wang.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.wang.org.crt
[root@DY-ubuntu-07 certs]#cat harbor.wang.org.crt ca.crt > harbor.wang.org.pem
[root@DY-ubuntu-07 certs]#cd
[root@DY-ubuntu-07 ~]#vim /apps/nginx/conf/conf.d/harbor.wang.org.conf
upstream harbor {
hash $remote_addr;
server 192.168.100.215;
server 192.168.100.216;
}
server {
listen 80;
server_name harbor.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /apps/nginx/conf/certs/harbor.wang.org.pem;
ssl_certificate_key /apps/nginx/conf/certs/harbor.wang.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name harbor.wang.org;
client_max_body_size 10g;
location / {
proxy_pass http://harbor;
}
}
4、构建jpress业务镜像
[root@DY-ubuntu-01 jpress]#vim DockerfileFROM ubuntu_base:v1.0
LABEL maintainer="www.wang.org" version="ubuntu_jpress:v1.0"
ADD jdk-8u341-linux-x64.tar.gz /usr/local/
RUN cd /usr/local && \
ln -s jdk1.8.0_341/ jdk && \
echo "export JAVA_HOME=/usr/local/jdk\nexport PATH=$PATH:/usr/local/jdk/bin" > /etc/profile.d/jdk.sh
ENV JAVA_HOME /usr/local/jdk
ENV PATH $PATH:${JAVA_HOME}/bin
ADD apache-tomcat-9.0.65.tar.gz /usr/local/
RUN cd /usr/local && \
ln -s apache-tomcat-9.0.65 tomcat
COPY jpress-v5.0.2.war /data/jpress/
COPY server.xml /usr/local/tomcat/conf/server.xml
COPY run_tomcat.sh /usr/local/tomcat/bin/run_tomcat.sh
RUN cd /data/jpress && \
mv jpress-v5.0.2.war ROOT.war && \
groupadd -g 808 -r tomcat && \
useradd -u 808 -g tomcat -M -r tomcat && \
chown -R tomcat.tomcat /data/jpress/ /usr/local/tomcat/
CMD ["/usr/local/tomcat/bin/run_tomcat.sh"]
[root@DY-ubuntu-01 jpress]#ls
Dockerfile jdk-8u341-linux-x64.tar.gz run_tomcat.sh
apache-tomcat-9.0.65.tar.gz jpress-v5.0.2.war server.xml
[root@DY-ubuntu-01 jpress]#vim server.xml
......
<Server port="-1" shutdown="SHUTDOWN">
......
<Host name="localhost" appBase="/data/jpress" unpackWARs="true" autoDeploy="false">
.....
[root@DY-ubuntu-01 jpress]#vim run_tomcat.sh
echo "nameserver 180.76.76.76" > /etc/resolv.conf
su - tomcat -c "usr/local/tomcat/bin/ start"
tail -f /etc/hosts
[root@DY-ubuntu-01 jpress]#docker build -t ubuntu_tomcat:v1.0 .