📢 本文由 gemini-3-flash-preview 翻譯
從想法產生到徹底實現,一共耗時三個月 (主要是太懶了)
安裝 Docker
使用了 APT 進行安裝 (系統為 Debian)
- 新增 HTTPS 傳輸的套件以及 CA 憑證
1
2
3
4
5
6
7
8
9
10
| # 先更新一下
sudo apt-get update
# 然後安裝
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
|
- 為了確認所下載套件的合法性,需要新增軟體源的 GPG 金鑰
1
2
3
4
5
6
| # 國內來源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 官方來源
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
- 向 sources.list 中新增 Docker 軟體源
首先需要確定 Debian 的版本號,然後替換下面命令的 $(lsb_release -cs)
版本號需要在
https://mirrors.aliyun.com/docker-ce/linux/debian/dists/
中
1
2
3
4
5
6
7
8
9
10
| # 國內來源
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 官方來源
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
如 Debian10 的是 buster ,Debian11 的為 bullseye
1
2
3
4
| # 此為 Debian11 的
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
bullseye stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
以上命令會新增穩定版本的 Docker APT 來源,如果需要測試版本的 Docker 請將 stable 改為 test
- 然後安裝
1
2
3
4
5
6
7
8
| # 更新快取
sudo apt-get update
# 安裝 docker
sudo apt-get install docker-ce docker-ce-cli containerd.io
# 安裝 docker-compose
sudo apt-get install docker-compose
|
或者可以試試一鍵安裝腳本
1
2
3
4
5
6
7
8
9
10
11
| # 測試版
curl -fsSL test.docker.com -o get-docker.sh
# 以下為穩定版
curl -fsSL get.docker.com -o get-docker.sh
# 阿里雲來源
sudo sh get-docker.sh --mirror Aliyun
# 微軟 AzureChina 來源
sudo sh get-docker.sh --mirror AzureChinaCloud
|
啟動 Docker
1
2
| sudo systemctl enable docker
sudo systemctl start docker
|
使用以下命令測試是否成功啟動
1
| docker run --rm hello-world
|
出現下述類似輸出即安裝啟動成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:c77be1d3a47d0caf71a82dd893ee61ce01f32fc758031a6ec4cf1389248bb833
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
|
Blog1: WordPress
建立相應資料夾 (例如 /root/wordpress),然後建立 docker-compose.yml 檔案
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| version: '3.3'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- /root/wordpress/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
ports:
- 8000:80
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
db_data: {}
|
建立 uploads.ini 檔案
1
2
3
4
5
| file_uploads = On
memory_limit = 256M
upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 600
|
docker 容器執行相關
1
2
3
4
5
6
7
8
| # 背景執行
docker-compose up -d
# 停止
docker-compose stop
# 停止並刪除
docker-compose down
|
Blog2: Typecho
使用映像檔:
80x86/typecho
建立資料夾與相應檔案
1
2
3
4
5
6
7
8
9
10
11
12
13
| version: '3.0'
services:
typecho:
image: 80x86/typecho:latest
container_name: Typecho_Blog
volumes:
- /root/typecho/data:/data
ports:
- 8001:80
restart: always
environment:
PHP_TZ: Asia/Shanghai
PHP_MAX_EXECUTION_TIME: 600
|
網路硬碟網站
使用專案:
https://github.com/px-org/PanIndex
官方教學:
https://docs.noki.icu/
1
2
3
4
5
6
7
8
9
10
| version: "3.0"
services:
PanIndex:
restart: always
image: iicm/pan-index:latest
container_name: VRC_Pan
volumes:
- /root/pan/data:/app/data
ports:
- 8002:5238
|
nginx 與 SSL 憑證
使用專案:
https://github.com/0xJacky/nginx-ui
1
2
3
4
5
6
7
8
9
10
11
12
13
| version: '3.1'
services:
nginx-ui:
restart: always
image: uozi/nginx-ui:latest
container_name: nginx_UI
volumes:
- /root/nginx/nginx:/etc/nginx
- /root/nginx/nginx-ui:/etc/nginx-ui
- /root/nginx/www:/www
ports:
- 80:80
- 443:443
|
在配置時代理宿主機的話,可以將宿主機 IP 視為 172.17.0.1
具體可透過一些命令查詢
GUI 沒什麼好說的
進入容器內部
- 獲取容器 ID
- 進入
1
| docker exec -i [ID] bash
|
然後使用 bash 命令即可 (沒有 bash 提示符號)
以下僅記錄
耗時最長的就是調校 nginx 和 ssl 配置了,最後一直不成功,便使用 GUI
SSL 憑證
使用了
neilpang/acme.sh
,使用了 DNS 驗證,其他方式請參考
Run acme.sh in docker · acmesh-official/acme.sh Wiki (github.com)
建立相應資料夾與檔案
1
2
3
4
5
6
7
8
9
10
11
12
| version: '3.1'
services:
acme.sh:
image: neilpang/acme.sh
container_name: acme.sh
command: daemon
volumes:
- /root/acme/acme.sh:/acme.sh
- /root/acme/conf:/.acme.sh
environment:
- CF_Key="這是CF的API"
- CF_Email="這是CF的信箱"
|
對於其他 DNS 服務商,請參考:
https://github.com/acmesh-official/acme.sh/wiki/dnsapi
註冊帳號:
獲取憑證 (此處為 CF)
1
| docker exec acme.sh --issue --dns dns_cf -d example.com -d www.example.com
|
獲取後的憑證和儲存目錄會列印出來,將此目錄對應到 nginx 容器
可以設置 cron 定時任務以自動更新憑證,參考:
Linux Crontab 定時任務 - 菜鳥教程
參考資料
docker獲取Let’s Encrypt永久免費SSL憑證 - 騰訊雲開發者社區-騰訊雲 (tencent.com)
ZeroSSL.com CA · acmesh-official/acme.sh Wiki (github.com)
Nginx
建立相應資料夾 (例如 /root/nginx),然後建立 docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
| version: '3.1'
services:
nginx:
restart: always
image: nginx
container_name: nginx
ports:
- 80:80
volumes:
- /root/docker/nginx/conf.d:/etc/nginx/conf.d
- /root/docker/nginx/www:/user/share/nfinx/html
- /root/docker/nginx/log:/var/log/nginx
- /root/acme/acme.sh:/ssl
|
然後執行,啟動後當前目錄有 conf.d 資料夾,在該資料夾新建以 .conf 為副檔名的檔案,例如 default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| server {
listen 80;
listen [::]:80;
server_name <your_server_name>;
rewrite ^(.*)$ https://$host$1 permanent;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <your_server_name>;
# ssl 憑證位置
ssl_certificate /path/to/ssl_cert;
# ssl 金鑰位置
ssl_certificate_key /path/to/ssl_cert_key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://172.17.0.1:9000/;
}
}
|
參考資料
docker安裝nginx並配置ssl憑證,代理宿主機服務_Blueeyedboy521的博客-CSDN博客_bitwarden docker ssl
Nginx 安裝 SSL 配置 HTTPS 超詳細完整全過程-阿里雲開發者社區 (aliyun.com)
快速部署 Docker 同時發布多個網站或服務_天道酬勤~的博客-CSDN博客_docker部署 一台服务器多个系统
Let’s Encrypt 使用教學,免費的SSL憑證,讓你的網站擁抱 HTTPS - Diamond-Blog (diamondfsd.com)
Nginx反向代理的一次使用總結 - 簡書 (jianshu.com)
Nginx配置反向代理隱藏服務埠 - &大飛 - 博客園 (cnblogs.com)
參考文章
Debian - Docker — 從入門到實踐 (gitbook.io)
Docker 安裝 Wordpress 博客 - 騰訊雲開發者社區-騰訊雲 (tencent.com)
Docker部署WordPress解決“上傳的檔案尺寸超過php.ini中定義的upload_max_filesize值”問題_neiro-DevPress官方社區 (csdn.net)
let’s Encrypt 憑證之安裝故障 Could not bind to IPv4 or IPv6. - 料網 (liaosam.com)
基於Let’s Encrypt生成免費憑證-支援多網域泛網域憑證 - DevOps在路上 - 博客園 (cnblogs.com)
Docker Compose-菜鳥教程 (runoob.com)
Nginx配置文件詳解 - 程序員自由之路 - 博客園 (cnblogs.com)
Docker使用acme.sh申請ssl憑證 – 萌精靈 (moeelf.com)
docker安裝nginx並配置ssl憑證,代理宿主機服務