共计 10527 个字符,预计需要花费 27 分钟才能阅读完成。
Web 服务器与利用
Nginx
我的 Nginx Docker 镜像
## 设置继承本人创立的 sshd 镜像
FROM caseycui/ubuntu-sshd
## 维护者
LABEL maintainer="CaseyCui cuikaidong@foxmail.com"
## 装置 nginx
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
nginx \
geoip-bin \
fcgiwrap \
ssl-cert \
&& rm -rf /var/lib/apt/lists/* \
&& chown -R www-data:www-data /var/lib/nginx
## 增加脚本,并设置权限
COPY run-nginx.sh /run-nginx.sh
##RUN chmod 755 /run-nginx.sh
## 定义工作目录
WORKDIR /etc/nginx
## 增加挂载点 /var/www
VOLUME /var/www
## forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
## 定义输入端口
EXPOSE 80
EXPOSE 443
## 定义输入命令
CMD ["/run-nginx.sh"]
run-nginx.sh 脚本:
## nginx 以 daemon off 模式启动
/usr/sbin/nginx -g "daemon off;"
为什么须要
daemon off;
?设想这样的场景:
如果没有 daemon off, nginx 后盾运行, 这时 nginx 并不是 pid 为 1 的程序, 而是执行的其余(如 bash), 这个 bash 执行了 nginx 指令后就完结了, 容器也会随之退出.
或间接批改 /etc/nginx/nginx.conf 文件:
echo -e "\ndaemon off;" >> /etc/nginx/nginx.conf
Tomcat
Tomcat 最后是由 Sun 的软件架构师詹姆斯. 邓肯. 戴维森 开发的, 起初在他的帮忙下称为开源我的项目, 并由 Sun 奉献给 Apache 软件基金会.
Tomcat 次要性能: 运行 JSP 页面和 Servlet.
JAVA
企业通常应用 Sun JDK 6 或 Oracle JDK 7+. Dockerfile 如下:
FROM caseycui/ubuntu-sshd
LABEL maintainer="CaseyCui cuikaidong@foxmail.com"
## 创立 /java 目录
RUN mkdir /java
## 解压 jdk 压缩包到 /java 目录
ADD jdk-7u80-linux-x64.tar.gz /java
## 1. 删除 src.zip,缩小镜像 size
## ~~2. 配置 JAVA 环境变量~~
## ~~3. 使失效~~
## 上面为几种不同的 echo 写法(配置 ENV 则不须要手动在 /etc/profile 里增加)## =======================================================
## echo -e "\nexport JAVA_HOME=/java/jdk1.7.0_80\nexport PATH=/java/jdk1.7.0_80/bin:$PATH\nexport CLASSPATH=.:/java/jdk1.7.0_80/lib/dt.jar:/java/jdk1.7.0_80/lib/tools.jar" >> /etc/profile
## =======================================================
## RUN { \
## echo; \
## echo 'export JAVA_HOME=/java/jdk1.7.0_80'; \
## echo 'export PATH=$JAVA_HOME/bin:$PATH'; \
## echo 'export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar'; \
## } >> /etc/profile \
## && source /etc/profile \
## && rm -f /java/jdk1.7.0_80/src.zip
## =======================================================
RUN rm -f /java/jdk1.7.0_80/src.zip
## 配置 ENV
## > The environment variables set using `ENV` will persist when a container is run from the resulting image.
ENV JAVA_HOME /java/jdk1.7.0_80
ENV JAVA_VERSION 7u80
ENV PATH $JAVA_HOME/bin:$PATH
ENV CLASSPATH .:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
备注:
- JDK 的压缩包来自 Oracle Support 网站.
- JAVA 环境变量间接在
ENV
里配置即可, 无需手动写入 /etc/profile 中- 如何把多行, 且含有多种特殊字符的字符串写入文件? – 用大括号
Tomcat 8
基于 Oracle JDK 7 的 Tomcat 8.0.X 的 Dockerfile 如下:
FROM caseycui/jdk7:7u80
LABEL maintainer='CaseyCui cuikaidong@foxmail.com'
ENV CATALINA_HOME /tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
RUN mkdir -p "$CATALINA_HOME"
WORKDIR $CATALINA_HOME
## let "Tomcat Native" live somewhere isolated
ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib
ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR
## runtime dependencies for Tomcat Native Libraries
## Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available
## > checking OpenSSL library version >= 1.0.2...
## > configure: error: Your version of OpenSSL is not compatible with this version of tcnative
## see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion)
## and https://github.com/docker-library/tomcat/pull/31
ENV OPENSSL_VERSION 1.0.2g-1ubuntu4.8
## RUN set -ex; \
## if ! grep -q stretch /etc/apt/sources.list; then \
## # only add stretch if we're not already building from within stretch
## { \
## echo 'deb http://deb.debian.org/debian stretch main'; \
## } > /etc/apt/sources.list.d/stretch.list; \
## { \
## # add a negative "Pin-Priority" so that we never ever get packages from stretch unless we explicitly request them
## echo 'Package: *'; \
## echo 'Pin: release n=stretch'; \
## echo 'Pin-Priority: -10'; \
## echo; \
## # ... except OpenSSL, which is the reason we're here
## echo 'Package: openssl libssl*'; \
## echo "Pin: version $OPENSSL_VERSION"; \
## echo 'Pin-Priority: 990'; \
## } > /etc/apt/preferences.d/stretch-openssl; \
## fi
RUN apt-get update && apt-get install -y --no-install-recommends \
libapr1 \
openssl="$OPENSSL_VERSION" \
&& rm -rf /var/lib/apt/lists/*
## 装置跟 tomcat 用户认证相干的软件
RUN apt-get update && \
DIBIAN_FRONTEND=noninteractive \
apt-get install -yq --no-install-recommends \
wget \
pwgen \
ca-certificates && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
## see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS
## see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh)
ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
RUN set -ex; \
for key in $GPG_KEYS; do \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done
## 设置 tomcat 的环境变量
ENV TOMCAT_MAJOR 8
ENV TOMCAT_VERSION 8.0.46
ENV TOMCAT_TGZ_URL http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz
ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc
## 复制 tomcat 到镜像中
RUN set -x \
\
&& wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" \
&& wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" \
&& gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz \
&& tar -xvf tomcat.tar.gz --strip-components=1 \
&& rm bin/*.bat \
&& rm tomcat.tar.gz* \
\
&& nativeBuildDir="$(mktemp -d)" \
&& tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 \
&& nativeBuildDeps=" \
dpkg-dev \
gcc \
libapr1-dev \
libssl-dev \
make \
" \
&& apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* \
&& ( \
export CATALINA_HOME="$PWD" \
&& cd "$nativeBuildDir/native" \
&& gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& ./configure \
--build="$gnuArch" \
--libdir="$TOMCAT_NATIVE_LIBDIR" \
--prefix="$CATALINA_HOME" \
--with-apr="$(which apr-1-config)" \
--with-java-home="/java/jdk1.7.0_80" \
--with-ssl=yes \
&& make -j "$(nproc)" \
&& make install \
) \
&& apt-get purge -y --auto-remove $nativeBuildDeps \
&& rm -rf "$nativeBuildDir" \
&& rm bin/tomcat-native.tar.gz
## verify Tomcat Native is working properly
RUN set -e \
&& nativeLines="$(catalina.sh configtest 2>&1)" \
&& nativeLines="$(echo"$nativeLines"| grep'Apache Tomcat Native')" \
&& nativeLines="$(echo"$nativeLines"| sort -u)" \
&& if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then \
echo >&2 "$nativeLines"; \
exit 1; \
fi
## 创立 tomcat 用户脚本
COPY create_tomcat_admin_user.sh /create_tomcat_admin_user.sh
## 创立 tomcat 运行脚本
COPY run-tomcat.sh /run-tomcat.sh
RUN chmod +x /*.sh && \
chmod +x /tomcat/bin/*.sh
## 挂载点
## 日志文件
VOLUME $CATALINA_HOME/logs
## 程序文件
VOLUME $CATALINA_HOME/webapps
EXPOSE 8080
CMD ["/run-tomcat.sh"]
创立 Tomcat 用户和明码脚本文件 create_tomcat_admin_user.sh
, 内容如下:
##!/bin/bash
if [-f /.tomcat_admin_created]; then
echo "Tomcat'admin'user already created"
exit 0
fi
## generate password
PASS=${TOMCAT_PASS:-$(pwgen -s 12 1)}
_word=$([ ${TOMCAT_PASS} ] && echo "preset" || echo "random")
echo "=> Creating and admin user with a ${_word} password in Tomcat"
##sed -i -r 's/<\/tomcat-user>//' ${CATALINA_HOME}/conf/tomcat-users.xml
## 这句的次要用法就是本来的 `tomcat-users.xml` 里存在一个空的 `<tomcat-users>` 到 `</tomcat-users>` 的字段,间接用 sed 删除最初一行,即 `</tomcat-users>`
## 而后补上咱们生成的明码的相干内容,最初再加上 `</tomcat-users>`
sed -i '$d' ${CATALINA_HOME}/conf/tomcat-users.xml
echo '<role rolename="manager-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo '<role rolename="manager-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo '<role rolename="manager-jmx"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo '<role rolename="admin-gui"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo '<role rolename="admin-script"/>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo "<user username=\"admin\"password=\"${PASS}\"roles=\"manager-gui, manager-script, manager-jmx, admin-gui, admin-script\"/>" >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo '</tomcat-users>' >> ${CATALINA_HOME}/conf/tomcat-users.xml
echo "=> Done!"
touch /.tomcat_admin_created
echo "======================================================"
echo "You can now configure to this Tomcat server using:"
echo ""echo" admin:${PASS}"echo""
echo "======================================================"
Tomcat 启动脚本 run-tomcat.sh
:
##!/bin/bash
if [! -f /.tomcat_admin_created]; then
/create_tomcat_admin_user.sh
fi
exec ${CATALINA_HOME}/bin/catalina.sh run
tomcat 明码脚本最初生成的 tomcat-users.xml
文件:
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
application.
-->
<!--
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password="vNc8guWjdrBP" roles="manager-gui, manager-script, manager-jmx, admin-gui, admin-script"/>
</tomcat-users>
本章小结
中间件服务器 是 Docker 容器利用的最佳实际, 理由如下:
- 中间件服务器是除数据库服务器外的次要计算节点, 很容易成为性能瓶颈, 所以通常须要大批量部署, 而 Docker 对于批量部署有着许多的先天劣势
- 中间件服务器构造清晰, 在剥离了 配置文件 日志 代码目录 之后, 容器简直能够处于零增长状态, 这使得容器的迁徙和批量部署更加不便.
- 中间件服务器很容易实现集群, 在应用硬件的 F5, 软件的 Nginx 等负载平衡后, 中间件服务器集群变得非常容易
在应用中间件容器的时候, 须要当时布局好容器的用处和可能凋谢的网络端口等资源.
对于 程序代码 程序的资源目录 日志 数据库文件 等须要实时更新的数据肯定要通过 -v
参数映射到宿主主机的目录中来, 应用 Docker 的 AUFS 文件格式, 会产生较大的性能问题.
IBM 研究院对于 Docker 各项性能的测试报告