从想法产生到彻底实现,一共耗时三个月 (主要是太懒了)
安装 Docker
使用了 APT 进行安装
- 添加 HTTPS 传输的软件包以及 CA 证书
1
2
3
4
5
6
7
8
9
10
# 先更新一下
sudo apt-get update
# 然后安装
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
- 为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥
1
2
3
4
5
6
# 国内源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 官方源
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
- 向 sources.list 中添加 Docker 软件源
首先需要确定 Debian 的版本号,然后替换下面命令的
$(lsb_release -cs)版本号需要在 https://mirrors.aliyun.com/docker-ce/linux/debian/dists/ 中
1
2
3
4
5
6
7
8
9
10
# 国内源
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 官方源
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
如 Debian10 的是 buster ,Debian11 的为 bullseye
1
2
3
4
# 此为 Debian11 的
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
bullseye stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
以上命令会添加稳定版本的 Docker APT 源,如果需要测试版本的 Docker 请将
stable改为test
- 然后安装
1
2
3
4
5
6
7
8
# 更新缓存
sudo apt-get update
# 安装 docker
sudo apt-get install docker-ce docker-ce-cli containerd.io
# 安装 docker-compose
sudo apt-get install docker-compose
或者可以试试一键安装脚本
1
2
3
4
5
6
7
8
9
10
11
# 测试版
curl -fsSL test.docker.com -o get-docker.sh
# 以下为稳定版
curl -fsSL get.docker.com -o get-docker.sh
# 阿里云源
sudo sh get-docker.sh --mirror Aliyun
# 微软 AzureChina 源
sudo sh get-docker.sh --mirror AzureChinaCloud
启动 Docker
1
2
sudo systemctl enable docker
sudo systemctl start docker
使用命令以下测试是否成功启动
1
docker run --rm hello-world
出现下述类似输出即安装启动成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:c77be1d3a47d0caf71a82dd893ee61ce01f32fc758031a6ec4cf1389248bb833
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Blog1: WordPress
创建相应文件夹 (例如 /root/wordpress),然后创建 docker-compose.yml 文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- /root/wordpress/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
ports:
- 8000:80
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
创建 uploads.ini 文件
1
2
3
4
5
file_uploads = On
memory_limit = 256M
upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 600
docker 容器运行相关
1
2
3
4
5
6
7
8
# 后台运行
docker-compose up -d
# 停止
docker-compose stop
# 停止并删除
docker-compose down
Blog2: Typecho
使用镜像:80x86/typecho
创建文件夹与相应文件
1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3.0'
services:
typecho:
image: 80x86/typecho:latest
container_name: Typecho_Blog
volumes:
- /root/typecho/data:/data
ports:
- 8001:80
restart: always
environment:
PHP_TZ: Asia/Shanghai
PHP_MAX_EXECUTION_TIME: 600
网盘网站
使用项目:https://github.com/px-org/PanIndex
1
2
3
4
5
6
7
8
9
10
version: "3.0"
services:
PanIndex:
restart: always
image: iicm/pan-index:latest
container_name: VRC_Pan
volumes:
- /root/pan/data:/app/data
ports:
- 8002:5238
nginx 与 SSL 证书
使用项目:https://github.com/0xJacky/nginx-ui
1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3.1'
services:
nginx-ui:
restart: always
image: uozi/nginx-ui:latest
container_name: nginx_UI
volumes:
- /root/nginx/nginx:/etc/nginx
- /root/nginx/nginx-ui:/etc/nginx-ui
- /root/nginx/www:/www
ports:
- 80:80
- 443:443
在配置时代理宿主机的话,可以将宿主机 IP 视为 172.17.0.1
具体可通过一些命令查询
1
ip addr show docker0
GUI 没什么好说的
进入容器内部
- 获取容器 ID
1
docker container ls
- 进入
1
docker exec -i [ID] bash
然后使用 bash 命令即可 (没有 bash 提示符)
以下仅记录
耗时最长的就是调 nginx 和 ssl 配置了,最后一直不成功,便使用 GUI
SSL 证书
使用了 neilpang/acme.sh ,使用了 DNS 验证,其他方式请参考 Run acme.sh in docker · acmesh-official/acme.sh Wiki (github.com)
创建相应文件夹与文件
1
2
3
4
5
6
7
8
9
10
11
12
version: '3.1'
services:
acme.sh:
image: neilpang/acme.sh
container_name: acme.sh
command: daemon
volumes:
- /root/acme/acme.sh:/acme.sh
- /root/acme/conf:/.acme.sh
environment:
- CF_Key="这是CF的API"
- CF_Email="这是CF的邮箱"
对于其他 DNS 服务商,请参考:https://github.com/acmesh-official/acme.sh/wiki/dnsapi
注册账号:
1
docker exec acme.sh --register-account -m [email protected]
获取证书 (此处为 CF)
1
docker exec acme.sh --issue --dns dns_cf -d example.com -d www.example.com
获取后的证书和存储目录会打印出来,将此目录映射到 nginx 容器
可以设置 cron 定时任务以自动更新证书,参考:Linux Crontab 定时任务 - 菜鸟教程
参考资料
docker获取Let’s Encrypt永久免费SSL证书 - 腾讯云开发者社区-腾讯云 (tencent.com)
ZeroSSL.com CA · acmesh-official/acme.sh Wiki (github.com)
Nginx
创建相应文件夹 (例如 /root/nginx),然后创建 docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3.1'
services:
nginx:
restart: always
image: nginx
container_name: nginx
ports:
- 80:80
volumes:
- /root/docker/nginx/conf.d:/etc/nginx/conf.d
- /root/docker/nginx/www:/user/share/nfinx/html
- /root/docker/nginx/log:/var/log/nginx
- /root/acme/acme.sh:/ssl
然后运行,启动后当前目录有 conf.d 文件夹,在该文件夹新建以 .conf 为后缀的文件,例如 default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
server {
listen 80;
listen [::]:80;
server_name <your_server_name>;
rewrite ^(.*)$ https://$host$1 permanent;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <your_server_name>;
# ssl 证书位置
ssl_certificate /path/to/ssl_cert;
# ssl 密钥位置
ssl_certificate_key /path/to/ssl_cert_key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://172.17.0.1:9000/;
}
}
参考资料
docker安装nginx并配置ssl证书,代理宿主机服务_Blueeyedboy521的博客-CSDN博客_bitwarden docker ssl
Nginx 安装 SSL 配置 HTTPS 超详细完整全过程-阿里云开发者社区 (aliyun.com)
快速部署 Docker 同时发布多个网站或服务_天道酬勤~的博客-CSDN博客_docker部署 一台服务器多个系统
Let’s Encrypt 使用教程,免费的SSL证书,让你的网站拥抱 HTTPS - Diamond-Blog (diamondfsd.com)
Nginx反向代理的一次使用总结 - 简书 (jianshu.com)
Nginx配置反向代理隐藏服务端口 - &大飞 - 博客园 (cnblogs.com)
参考文章
Debian - Docker — 从入门到实践 (gitbook.io)
Docker 安装 Wordpress 博客 - 腾讯云开发者社区-腾讯云 (tencent.com)
Docker部署WordPress解决“上传的文件尺寸超过php.ini中定义的upload_max_filesize值”问题_neiro-DevPress官方社区 (csdn.net)
let’s Encrypt 证书之安装故障 Could not bind to IPv4 or IPv6. - 料网 (liaosam.com)
基于Let’s Encrypt生成免费证书-支持多域名泛域名证书 - DevOps在路上 - 博客园 (cnblogs.com)
Docker Compose-菜鸟教程 (runoob.com)
Nginx配置文件详解 - 程序员自由之路 - 博客园 (cnblogs.com)