diff --git a/project/Dockerfile b/project/Dockerfile new file mode 100644 index 0000000..629903a --- /dev/null +++ b/project/Dockerfile @@ -0,0 +1,115 @@ +FROM alpine:3.11 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.17.10 +ENV NJS_VERSION 0.4.0 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/project/Makefile b/project/Makefile new file mode 100644 index 0000000..b03c46b --- /dev/null +++ b/project/Makefile @@ -0,0 +1,8 @@ +echo -e "\e[31mBuilding our nginx image!" +sleep 2 +echo -e "\e[39m" +docker build -f Dockerfile -t anginx . +echo -e "\e[31mDeploying service" +sleep 2 +echo -e "\e[39m" +docker stack deploy -c docker-compose.yml wordpress \ No newline at end of file diff --git a/project/docker-compose.yml b/project/docker-compose.yml new file mode 100644 index 0000000..8a25da5 --- /dev/null +++ b/project/docker-compose.yml @@ -0,0 +1,254 @@ +version: '3.7' #version + +services: + + nginx: + image: anginx #image from docker building my Dockerfile (docker build -f Dockerfile -t anginx .) +# build: +# context: . +# dockerfile: Dockerfile + container_name: production_nginx + volumes: + - /home/user/docker/nginx.conf:/etc/nginx/conf.d/default.conf + - /home/user/docker/cert.pem:/etc/nginx/public.crt + - /home/user/docker/key.pem:/etc/nginx/private.key + ports: + - 9080:80 + - 9443:443 + networks: + - main_net + + + mariadb: + image: mariadb + container_name: mariadb +# deploy: +# mode: replicated +# replicas: 2 +# max_replicas_per_node: 1 +# resources: +# limits: +# cpus: '0.50' +# memory: 50M +# reservations: +# cpus: '0.25' +# memory: 20M + volumes: + - db_data:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: wordpress + MYSQL_DATABASE: wordpress + networks: + - main_net + + + wordpress: + image: wordpress:latest + container_name: wordpress + restart: always + deploy: #create replicas with specific resources + mode: replicated + replicas: 2 +# max_replicas_per_node: 1 + resources: + limits: #max resources + cpus: '0.50' + memory: 50M + reservations: #default resources + cpus: '0.25' + memory: 20M + ports: + - 80:80 + volumes: + - wp-app:/var/www/html + environment: + WORDPRESS_DB_HOST: mariadb:3306 + WORDPRESS_DB_NAME: wordpress + WORDPRESS_DB_USER: root + WORDPRESS_DB_PASSWORD: wordpress + networks: + - main_net + depends_on: + - mariadb + + cli: + image: wordpress:cli-php7.4 + restart: always + container_name: cli + deploy: + mode: replicated + replicas: 2 +# max_replicas_per_node: 1 + resources: + limits: + cpus: '0.50' + memory: 50M + reservations: + cpus: '0.25' + memory: 20M + volumes: + - ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini + - ./wp-app:/var/www/html + depends_on: + - wordpress + - mariadb + networks: + - main_net + + phpmyadmin: + image: phpmyadmin/phpmyadmin + container_name: phpmyadmin + deploy: + mode: replicated + replicas: 2 +# max_replicas_per_node: 1 + resources: + limits: + cpus: '0.50' + memory: 50M + reservations: + cpus: '0.25' + memory: 20M + environment: + PMA_HOST: mariadb + MYSQL_ROOT_PASSWORD: wordpress + PMA_PORT: 3306 + ports: + - 8080:80 + networks: + - main_net + + minio1: + image: minio/minio:RELEASE.2020-04-10T03-34-42Z + hostname: minio1 + volumes: + - minio1-data:/export + ports: + - "9001:9000" + networks: + - minio_distributed + deploy: + restart_policy: + delay: 10s + max_attempts: 10 + window: 60s + placement: + constraints: + - node.labels.minio1==true + command: server http://minio{1...4}/export + environment: + MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE + MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # secrets: + # - secret_key + # - access_key + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + minio2: + image: minio/minio:RELEASE.2020-04-10T03-34-42Z + hostname: minio2 + volumes: + - minio2-data:/export + ports: + - "9002:9000" + networks: + - minio_distributed + deploy: + restart_policy: + delay: 10s + max_attempts: 10 + window: 60s + placement: + constraints: + - node.labels.minio2==true + command: server http://minio{1...4}/export + environment: + MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE + MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # secrets: + # - secret_key + # - access_key + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + minio3: + image: minio/minio:RELEASE.2020-04-10T03-34-42Z + hostname: minio3 + volumes: + - minio3-data:/export + ports: + - "9003:9000" + networks: + - minio_distributed + deploy: + restart_policy: + delay: 10s + max_attempts: 10 + window: 60s + placement: + constraints: + - node.labels.minio3==true + command: server http://minio{1...4}/export + environment: + MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE + MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # secrets: + # - secret_key + # - access_key + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + minio4: + image: minio/minio:RELEASE.2020-04-10T03-34-42Z + hostname: minio4 + volumes: + - minio4-data:/export + ports: + - "9004:9000" + networks: + - minio_distributed + deploy: + restart_policy: + delay: 10s + max_attempts: 10 + window: 60s + placement: + constraints: + - node.labels.minio4==true + command: server http://minio{1...4}/export + environment: + MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE + MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # secrets: + # - secret_key + # - access_key + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + +volumes: + db_data: +# external: true + wp-app: + minio1-data: + minio2-data: + minio3-data: + minio4-data: + +networks: + minio_distributed: + driver: overlay + #internal: {} + main_net: \ No newline at end of file