区别于传统通过Docker方式一键部署wordpress博客(docker pull wordpress:latest 环境为LAMP),这里通过nginx作反向代理,绑定域名,并配置https。
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:db:76 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.13/24 brd 10.0.2.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:db76/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c3:de:bd:d4 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c3ff:fede:bdd4/64 scope link
valid_lft forever preferred_lft forever
37: veth0114a8f@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether a6:23:9f:f7:25:8e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::a423:9fff:fef7:258e/64 scope link
valid_lft forever preferred_lft forever
39: veth4a029ad@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether d2:c7:58:82:1d:8f brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::d0c7:58ff:fe82:1d8f/64 scope link
valid_lft forever preferred_lft forever
41: vethaba9021@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether de:93:40:d6:8e:8c brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::dc93:40ff:fed6:8e8c/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# cat /etc/redhat-release
Rocky Linux release 8.4 (Green Obsidian)
[root@localhost ~]# docker pull mysql:5.7 # 下载docker镜像
[root@localhost ~]# docker pull wordpress
[root@localhost ~]# docker pull nginx
[root@localhost ~]# docker container run -d --name mysql_wordpress_v1 -p 3306:3306 --env MYSQL_ROOT_PASSWORD=123456 --env MYSQL_DATABASE=wordpress mysql:5.7 # 启动mysql容器
[root@localhost ~]# docker run -d --name wordpress_v1 --link mysql_wordpress_v1:mysql --volume "$PWD/wordpress":/var/www/html -p 8001:80 wordpress # -d: 指定容器以守护进程方式在后台运行; --name: 指定容器名称,此处我指定的是wordpressdb; -env 环境参数,MYSQL_ROOT_PASSWORD设置root用户的密码 -p: 指定主机与容器内部的端口号映射关系, [宿主机端口号]:[容器内部端口],使用主机3306端口,映射容器3306端口; mysql:5.7 是nginx的镜像IMAGE ID前4位;docker技术通过image这种模板,生成contaienr实例,下次还可以再生成一个contaienr实例,image像是一个模板,可以多次使用。contaienr实例可以看作小型的虚拟机,多个虚拟机在局域网里面,需要将端口映射到宿主机上面,直接访问局域网的内网ip是不能访问的,通过宿主机的公网IP:映射的端口即可访问
[root@localhost ~]# docker run -d --name wordpress_v1 --link mysql_wordpress_v1:mysql --volume "$PWD/wordpress":/var/www/html -p 8001:80 wordpress # 启动wordpress容器,--volume:将容器的/var/www/html映射到当前目录下,直接操作当前目录与操作容器目录相同,否则还需要进容器操作,容器可以理解成一个阉割过的小型虚拟机,很多像vim这种常用命令默认是没有的;wordpress容器默认开的是80端口,这里将容器的80端口映射到宿主机的8001端口,后面要部署nginx,nginx需要监听80端口。
注意:将容器的目录/etc/nginx映射,需要先通过docker cp命令复制一份完整nginx的目录到宿主机,然后修改文件,再执行上面docker run命令。文件夹映射的时候,文件夹里面的所有文件应该是一样的,文件内容可以不一样
[root@localhost ~]# docker cp e2804cd3aa24:/var/www/html /usr/share/nginx/html
[root@localhost ~]# docker cp ba0a1b64bdac:/etc/nginx /etc/nginx
[root@localhost ~]# cat /etc/nginx/conf.d/www.conf.bak # 80 端口配置文件进行调试,这里http://10.0.2.13:8001,wordpress映射宿主机的端口是8001,这里nginx代理宿主机8001端口,也就是说访问80端口(nginx),相当于代理访问了8001端口(wordpress)
server{
listen 80;
server_name www.ponfey.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # wordpress启动端口不是80,需要添加配置
proxy_pass http://10.0.2.13:8001;
}
}
[root@localhost ~]# cat /etc/nginx/conf.d/www.conf.bak
server{
listen 80;
server_name www.ponfey.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.2.13:8001;
}
}
[root@localhost ~]# cat /etc/nginx/conf.d/www.conf
server {
#监听443端口
listen 443 ssl;
#对应的域名
server_name www.ponfey.com;
ssl_certificate "***.pem";
ssl_certificate_key "***.key";
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.2.13:8001;
}
}
server{
listen 80;
server_name www.ponfey.com;
#把http的域名请求转成https
rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.2.13:8001;
}
}
[root@localhost ~]# docker run -d -p 80:80 --name nginx -v /usr/share/nginx/html:/usr/share/nginx/html -v /etc/nginx:/etc/nginx -v /var/log/nginx:/var/log/nginx nginx # 运行nginx容器(80)
[root@localhost ~]# docker run -d -p 80:80 -p 443:443 --name nginx -v /usr/share/nginx/html:/usr/share/nginx/html -v /etc/nginx:/etc/nginx -v /var/log/nginx:/var/log/nginx nginx # 运行nginx容器(80 + 443),-p 443:443,配置ssl才需要这个参数
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba0a1b64bdac nginx "/docker-entrypoint.…" 24 minutes ago Up 24 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp nginx
e2804cd3aa24 wordpress "docker-entrypoint.s…" 24 minutes ago Up 24 minutes 0.0.0.0:8001->80/tcp, :::8001->80/tcp wordpress_v1
d133682a95ee mysql:5.7 "docker-entrypoint.s…" 26 minutes ago Up 26 minutes 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql_wordpress_v1浏览器访问
.jpg)
.jpg)