前言
nuoyis's lnmp 作为从原nuoyis's lnmp-np和mariadb配合使用的容器转变为全编译构建融合的容器,并在此做出了巨大优化和独特的服务方面。此项目为开源项目,但没有上传配置文件,故在文章补足或后续添加。
开源地址: https://github.com/nuoyis/lnmp
改进方案如下:
- 构建时由原来shell脚本决定版本号融合到容器中变为整体,可以交付各个构建平台只需读取dockerfile
- 从lnmp-np开始,就已经将php引用转变为仅需include 即可切换最新版和兼容版。
从lnmp 0.0.2版本开始,逐步优化编写conf文件困难,不但每次启动自动写入nginx.conf.full.template 和nginx.conf.succinct.template, 头部需要ssl配置的均有内置include方案,仅需如下面编写
server { # 引入头部文件(必须配置ssl,否则使用full版本) include head.conf; server_name www.nuoyis.net; # SSL 配置 ssl_certificate /web/nginx/ssl/nuoyis.net.pem; ssl_certificate_key /web/nginx/ssl/nuoyis.net.key; ssl_trusted_certificate /web/nginx/ssl/nuoyis.net.pem; root /web/nginx/webside/aboutme; index index.html; # http跳转https if ($scheme = http) { return 301 https://$host$request_uri; } # 错误页面配置 error_page 404 /404.html; error_page 500 502 503 504 /50x.html; # php引入方式 # 最新模式(php8+) include start-php-latest.conf; # 兼容模式(php7.4) include start-php-stable.conf; # 伪静态 location / { try_files $uri $uri/ /index.php?$args; } # 禁止访问目录等 location ~ /\. { deny all; return 404; } # 日志系统 access_log /web/logs/nginx/template.log; error_log /web/logs/nginx/template.log; }nuoyis-lnmp 在未检测到mariadb/init(自己创建的,对应目录目录下的/docker-entrypoint-initdb.d)/lockfiles下两个文件时,将会自动初始化并导入init 目录里所有的sql文件(建议首先创建个init.sql),init.sql参考
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; CREATE USER 'nuoyis'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nuoyis.* TO 'nuoyis'@'%'; #上面两行复制给你需要的账号,不会写丢给AI FLUSH PRIVILEGES;但是需要除init.sql外所有sql在首行引入以下内容
CREATE DATABASE IF NOT EXISTS 数据库名; USE 数据库名;- 抛弃arm32架构编译,因为在实际测试中,arm64启动数据库都有些吃力,arm32编译又多次报错就从0.0.2版本开始抛弃
- 支持nginx http3,nginx php latest采用lts版本openssl编译
使用方法(发布前已经在服务器上经过验证):
docker-compose 启动文件 lnmp系列
services:
nuoyis-lnmp:
container_name: nuoyis-lnmp
image: nuoyis1024/nuoyis-lnmp:latest
networks:
nuoyis-net:
aliases:
- nuoyis-lnmp
ports:
- 80:80
- 443:443
- 443:443/udp
- 3306:3306
volumes:
# nginx 配置文件
- /nuoyis-server/web/nginx/conf:/nuoyis-web/nginx/conf
# nginx 网站目录
- /nuoyis-server/web/nginx/webside:/nuoyis-web/nginx/webside
# nginx ssl
- /nuoyis-server/web/nginx/ssl:/nuoyis-web/nginx/ssl
# Log 目录
- /var/log:/nuoyis-web/logs
# mariadb 数据与配置
- /nuoyis-server/web/mariadb/init:/docker-entrypoint-initdb.d
# MariaDB 数据目录
- /nuoyis-server/web/mariadb/server:/nuoyis-web/mariadb/data
# MariaDB 导入目录(自动导入)
- /nuoyis-server/web/mariadb/import:/nuoyis-web/mariadb/import
# MariaDB 配置
- /nuoyis-server/web/mariadb/config:/nuoyis-web/mariadb/config
environment:
TIME_ZONE: Asia/Shanghai
MYSQL_ROOT_PASSWORD: ""
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
retries: 3
start_period: 10s
timeout: 10s
user: "${SUID}:${SGID}"
restart: always
networks:
nuoyis-lnmp-net:
name: nuoyis-lnmp-net
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.223.0/24
gateway: 192.168.223.1docker-compose 启动文件 新lnmp-np和mariadb系列
services:
lnmp-np:
container_name: lnmp-np
image: registry.cn-hangzhou.aliyuncs.com/nuoyis/lnmp-np:latest
networks:
nuoyis-lnmp-net:
aliases:
- lnmp-np
ports:
- 80:80
- 443:443
- 443:443/udp
volumes:
# nginx 配置文件
- /nuoyis-server/web/nginx/conf:/web/nginx/conf
# nginx 网站目录
- /nuoyis-server/web/nginx/webside:/web/nginx/webside
# nginx ssl
- /nuoyis-server/web/nginx/ssl:/web/nginx/ssl
# Log 目录
- /var/log/web:/web/logs
environment:
TIME_ZONE: Asia/Shanghai
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
retries: 3
start_period: 10s
timeout: 10s
user: "${SUID}:${SGID}"
restart: always
lnmp-mariadb:
container_name: lnmp-mariadb
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/mariadb:latest
networks:
nuoyis-lnmp-net:
aliases:
- lnmp-mariadb
environment:
TIME_ZONE: Asia/Shanghai
MYSQL_ROOT_PASSWORD: "epLpvLcSj9c0U2Vi"
volumes:
- /web/mariadb/init/init.sql:/docker-entrypoint-initdb.d/init.sql
- /web/mariadb/server:/var/lib/mysql
- /web/mariadb/import:/nuoyis-web/mariadb/import
- /web/mariadb/config/my.cnf:/etc/mysql/my.cnf
ports:
- 3306:3306
shm_size: '1g'
healthcheck:
test: ["CMD", "sh", "-c", "mariadb -u root -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1 FROM information_schema.tables LIMIT 1;'"]
interval: 30s
retries: 3
start_period: 10s
timeout: 10s
restart: always
networks:
nuoyis-lnmp-net:
name: nuoyis-lnmp-net
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.223.0/24
gateway: 192.168.223.1kubernetes yaml启动文件 lnmp系列
apiVersion: v1
kind: Namespace
metadata:
name: nuoyis-lnmp
---
# ===================== Deployment: nuoyis-lnmp =====================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nuoyis-lnmp
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nuoyis-lnmp
template:
metadata:
labels:
app: nuoyis-lnmp
spec:
nodeSelector:
kubernetes.io/hostname: 你的node节点位置
securityContext:
runAsUser: 0
runAsGroup: 0
containers:
- name: nuoyis-lnmp-np
image: registry.cn-hangzhou.aliyuncs.com/nuoyis/nuoyis-lnmp:latest
env:
- name: MYSQL_ROOT_PASSWORD
value: ""
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: mariadb
containerPort: 3306
volumeMounts:
- name: nginx-conf
mountPath: /nuoyis-web/nginx/conf
- name: nginx-webside
mountPath: /nuoyis-web/nginx/webside
- name: nginx-ssl
mountPath: /nuoyis-web/nginx/ssl
- name: logs
mountPath: /nuoyis-web/logs
- name: mariadb-init
mountPath: /docker-entrypoint-initdb.d
- name: mariadb-data
mountPath: /nuoyis-web/mariadb/data
- name: mariadb-config
mountPath: /nuoyis-web/config
- name: shm
mountPath: /dev/shm
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
volumes:
- name: nginx-conf
hostPath:
path: /nuoyis-server/web/nginx/conf
- name: nginx-webside
hostPath:
path: /nuoyis-server/web/nginx/webside
- name: nginx-ssl
hostPath:
path: /nuoyis-server/web/nginx/ssl
- name: logs
hostPath:
path: /nuoyis-server/logs/nginx
- name: mariadb-init
hostPath:
path: /nuoyis-server/web/mariadb/init
- name: mariadb-data
hostPath:
path: /nuoyis-server/web/mariadb/server
- name: mariadb-config
hostPath:
path: /nuoyis-server/web/mariadb/config
- name: shm
emptyDir:
medium: Memory
sizeLimit: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: nuoyis-lnmp-svc
namespace: default
spec:
type: NodePort
selector:
app: nuoyis-lnmp
ports:
- name: http
port: 80
targetPort: 80
nodePort: 80
protocol: TCP
- name: https-tcp
port: 443
targetPort: 443
nodePort: 443
protocol: TCP
- name: https-udp
port: 443
targetPort: 443
nodePort: 443
protocol: UDP
- name: mariadb
port: 3306
targetPort: 3306
nodePort: 3306
protocol: TCPkubernetes yaml启动文件 lnmp-np和mariadb系列
# ===================== Deployment: lnmp-np =====================
apiVersion: apps/v1
kind: Deployment
metadata:
name: lnmp-np
namespace: default
spec:
selector:
matchLabels:
app: lnmp-np
template:
metadata:
labels:
app: lnmp-np
spec:
nodeSelector:
kubernetes.io/hostname: nuoyis
securityContext:
runAsUser: 0
runAsGroup: 0
containers:
- name: nuoyis-lnmp-np
image: registry.cn-hangzhou.aliyuncs.com/nuoyis/lnmp-np:latest
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: nginx-conf
mountPath: /web/nginx/conf
- name: nginx-webside
mountPath: /web/nginx/webside
- name: nginx-ssl
mountPath: /web/nginx/ssl
- name: logs
mountPath: /web/logs
- name: shm
mountPath: /dev/shm
startupProbe:
exec:
command:
- /bin/bash
- -c
- /web/healthcheck.sh
failureThreshold: 30
periodSeconds: 10
livenessProbe:
exec:
command:
- /bin/bash
- -c
- /web/healthcheck.sh
initialDelaySeconds: 5
failureThreshold: 5
periodSeconds: 8
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /web/healthcheck.sh
initialDelaySeconds: 5
failureThreshold: 3
periodSeconds: 8
volumes:
- name: nginx-conf
hostPath:
path: /web/nginx/conf
- name: nginx-webside
hostPath:
path: /web/nginx/webside
- name: nginx-ssl
hostPath:
path: /web/nginx/ssl
- name: logs
hostPath:
path: /var/log/web
- name: shm
emptyDir:
medium: Memory
sizeLimit: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: lnmp-np-svc
namespace: default
spec:
type: NodePort
selector:
app: lnmp-np
ports:
- name: http
port: 80
targetPort: 80
nodePort: 80
protocol: TCP
- name: https-tcp
port: 443
targetPort: 443
nodePort: 443
protocol: TCP
- name: https-udp
port: 443
targetPort: 443
nodePort: 443
protocol: UDP
---
# ===================== Deployment: lnmp-mariadb =====================
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
labels:
app: mariadb
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:latest
env:
- name: MYSQL_ROOT_PASSWORD
value: 密码
ports:
- containerPort: 3306
volumeMounts:
- name: mariadb-data
mountPath: /var/lib/mysql
- name: mariadb-init
mountPath: /docker-entrypoint-initdb.d
volumes:
- name: mariadb-data
hostPath:
path: /web/mariadb/server
- name: mariadb-init
hostPath:
path: /web/mariadb/init
---
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
type: NodePort
ports:
- port: 3306
targetPort: 3306
nodePort: 30036
selector:
app: mariadbnginx http3 配置小提示
nginx http3 采用udp作为底层传输,目的就是减少握手次数,加快访问速度。但是只要有一点配置错误,基本上就无法使用http3。在上面,我已经将udp从软件方面写好放行了,腾讯云/阿里云等云厂商服务器则需要额外放行,还有你的系统防火墙
腾讯云/阿里云等云厂商服务器放行,就是去安全组添加个udp的443端口,如下图所示
鄂公网安备