前言
nuoyis-lnmp 作为从原nuoyis-lnmp-np和mariadb配合使用的容器转变为全编译构建融合的容器,并在此做出了巨大优化和独特的服务方面。此项目为开源项目,但没有上传配置文件,故在文章补足或后续添加。
开源地址: https://github.com/nuoyis/nuoyis-lnmp
改进方案如下:
- 构建时由原来shell脚本决定版本号融合到容器中变为整体,可以交付各个构建平台只需读取dockerfile
- 从nuoyis-lnmp-np开始,就已经将php引用转变为仅需include 即可切换最新版和兼容版。
从nuoyis-lnmp 0.0.2版本开始,逐步优化编写conf文件困难,不但每次启动自动写入一个nginx.conf.template, 头部需要ssl配置的均有内置include方案,仅需如下面编写
server { include head.template; server_name nuoyis.net www.nuoyis.net; ssl_certificate /nuoyis-web/nginx/ssl/nuoyis.net.pem; ssl_certificate_key /nuoyis-web/nginx/ssl/nuoyis.net.key; root /nuoyis-web/nginx/webside/nuoyis-main; index index.php index.html; if ($scheme = http) { return 301 https://$host$request_uri; } if (!-e $request_filename) { rewrite ^(.*)$ /index.php$1 last; } # PHP 最新版 # include start-php-latest.conf; # PHP 兼容版 include start-php-stable.conf; location ~ /\. { deny all; return 404; } access_log /nuoyis-web/logs/nginx/blog.nuoyis.net.log; error_log /nuoyis-web/logs/nginx/blog.nuoyis.net.error.log; }nuoyis-lnmp 在未检测到mariadb/init(自己创建的,对应目录目录下的/docker-entrypoint-initdb.d)/lockfiles下两个文件时,将会自动初始化并导入init 目录里所有的sql文件(建议首先创建个init.sql),init.sql参考
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; CREATE USER 'nuoyis'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nuoyis.* TO 'nuoyis'@'%'; #上面两行复制给你需要的账号,不会写丢给AI FLUSH PRIVILEGES;但是需要除init.sql外所有sql在首行引入以下内容
CREATE DATABASE IF NOT EXISTS 数据库名; USE 数据库名;- 抛弃arm32架构编译,因为在实际测试中,arm64启动数据库都有些吃力,arm32编译又多次报错就从0.0.2版本开始抛弃
- 支持nginx http3,nginx php latest采用lts版本openssl编译
使用方法(发布前已经在服务器上经过验证):
docker-compose 启动文件
services:
nuoyis-lnmp:
container_name: nuoyis-lnmp
image: nuoyis1024/nuoyis-lnmp:latest
networks:
nuoyis-net:
aliases:
- nuoyis-lnmp
ports:
- 80:80
- 443:443
- 443:443/udp
- 3306:3306
volumes:
# nginx 配置文件
- /nuoyis-server/web/nginx/conf:/nuoyis-web/nginx/conf
# nginx 网站目录
- /nuoyis-server/web/nginx/webside:/nuoyis-web/nginx/webside
# nginx ssl
- /nuoyis-server/web/nginx/ssl:/nuoyis-web/nginx/ssl
# Log 目录
- /var/log:/nuoyis-web/logs
# mariadb 数据与配置
- /nuoyis-server/web/mariadb/init:/docker-entrypoint-initdb.d
# MariaDB 数据目录
- /nuoyis-server/web/mariadb/server:/nuoyis-web/mariadb/data
# MariaDB 导入目录(自动导入)
- /nuoyis-server/web/mariadb/import:/nuoyis-web/mariadb/import
# MariaDB 配置
- /nuoyis-server/web/mariadb/config:/nuoyis-web/mariadb/config
environment:
TIME_ZONE: Asia/Shanghai
MYSQL_ROOT_PASSWORD: ""
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
retries: 3
start_period: 10s
timeout: 10s
user: "${SUID}:${SGID}"
restart: always
networks:
nuoyis-lnmp-net:
name: nuoyis-lnmp-net
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.223.0/24
gateway: 192.168.223.1kubernetes yaml启动文件
apiVersion: v1
kind: Namespace
metadata:
name: nuoyis-lnmp
---
# ===================== Deployment: nuoyis-lnmp =====================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nuoyis-lnmp
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nuoyis-lnmp
template:
metadata:
labels:
app: nuoyis-lnmp
spec:
nodeSelector:
kubernetes.io/hostname: 你的node节点位置
securityContext:
runAsUser: 0
runAsGroup: 0
containers:
- name: nuoyis-lnmp-np
image: registry.cn-hangzhou.aliyuncs.com/nuoyis/nuoyis-lnmp:latest
env:
- name: MYSQL_ROOT_PASSWORD
value: ""
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: mariadb
containerPort: 3306
volumeMounts:
- name: nginx-conf
mountPath: /nuoyis-web/nginx/conf
- name: nginx-webside
mountPath: /nuoyis-web/nginx/webside
- name: nginx-ssl
mountPath: /nuoyis-web/nginx/ssl
- name: logs
mountPath: /nuoyis-web/logs
- name: mariadb-init
mountPath: /docker-entrypoint-initdb.d
- name: mariadb-data
mountPath: /nuoyis-web/mariadb/data
- name: mariadb-config
mountPath: /nuoyis-web/config
- name: shm
mountPath: /dev/shm
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
volumes:
- name: nginx-conf
hostPath:
path: /nuoyis-server/web/nginx/conf
- name: nginx-webside
hostPath:
path: /nuoyis-server/web/nginx/webside
- name: nginx-ssl
hostPath:
path: /nuoyis-server/web/nginx/ssl
- name: logs
hostPath:
path: /nuoyis-server/logs/nginx
- name: mariadb-init
hostPath:
path: /nuoyis-server/web/mariadb/init
- name: mariadb-data
hostPath:
path: /nuoyis-server/web/mariadb/server
- name: mariadb-config
hostPath:
path: /nuoyis-server/web/mariadb/config
- name: shm
emptyDir:
medium: Memory
sizeLimit: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: nuoyis-lnmp-svc
namespace: default
spec:
type: NodePort
selector:
app: nuoyis-lnmp
ports:
- name: http
port: 80
targetPort: 80
nodePort: 80
protocol: TCP
- name: https-tcp
port: 443
targetPort: 443
nodePort: 443
protocol: TCP
- name: https-udp
port: 443
targetPort: 443
nodePort: 443
protocol: UDP
- name: mariadb
port: 3306
targetPort: 3306
nodePort: 3306
protocol: TCPnginx http3 配置小提示
nginx http3 采用udp作为底层传输,目的就是减少握手次数,加快访问速度。但是只要有一点配置错误,基本上就无法使用http3。在上面,我已经将udp从软件方面写好放行了,腾讯云/阿里云等云厂商服务器则需要额外放行,还有你的系统防火墙
腾讯云/阿里云等云厂商服务器放行,就是去安全组添加个udp的443端口,如下图所示
鄂公网安备