Chris
5 years ago
3 changed files with 377 additions and 0 deletions
@ -0,0 +1,115 @@ |
|||||
|
FROM alpine:3.11 |
||||
|
|
||||
|
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>" |
||||
|
|
||||
|
ENV NGINX_VERSION 1.17.10 |
||||
|
ENV NJS_VERSION 0.4.0 |
||||
|
ENV PKG_RELEASE 1 |
||||
|
|
||||
|
RUN set -x \ |
||||
|
# create nginx user/group first, to be consistent throughout docker variants |
||||
|
&& addgroup -g 101 -S nginx \ |
||||
|
&& adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ |
||||
|
&& apkArch="$(cat /etc/apk/arch)" \ |
||||
|
&& nginxPackages=" \ |
||||
|
nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ |
||||
|
nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ |
||||
|
nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ |
||||
|
nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ |
||||
|
nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ |
||||
|
" \ |
||||
|
&& case "$apkArch" in \ |
||||
|
x86_64) \ |
||||
|
# arches officially built by upstream |
||||
|
set -x \ |
||||
|
&& KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ |
||||
|
&& apk add --no-cache --virtual .cert-deps \ |
||||
|
openssl \ |
||||
|
&& wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ |
||||
|
&& if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ |
||||
|
echo "key verification succeeded!"; \ |
||||
|
mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ |
||||
|
else \ |
||||
|
echo "key verification failed!"; \ |
||||
|
exit 1; \ |
||||
|
fi \ |
||||
|
&& apk del .cert-deps \ |
||||
|
&& apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ |
||||
|
;; \ |
||||
|
*) \ |
||||
|
# we're on an architecture upstream doesn't officially build for |
||||
|
# let's build binaries from the published packaging sources |
||||
|
set -x \ |
||||
|
&& tempDir="$(mktemp -d)" \ |
||||
|
&& chown nobody:nobody $tempDir \ |
||||
|
&& apk add --no-cache --virtual .build-deps \ |
||||
|
gcc \ |
||||
|
libc-dev \ |
||||
|
make \ |
||||
|
openssl-dev \ |
||||
|
pcre-dev \ |
||||
|
zlib-dev \ |
||||
|
linux-headers \ |
||||
|
libxslt-dev \ |
||||
|
gd-dev \ |
||||
|
geoip-dev \ |
||||
|
perl-dev \ |
||||
|
libedit-dev \ |
||||
|
mercurial \ |
||||
|
bash \ |
||||
|
alpine-sdk \ |
||||
|
findutils \ |
||||
|
&& su nobody -s /bin/sh -c " \ |
||||
|
export HOME=${tempDir} \ |
||||
|
&& cd ${tempDir} \ |
||||
|
&& hg clone https://hg.nginx.org/pkg-oss \ |
||||
|
&& cd pkg-oss \ |
||||
|
&& hg up ${NGINX_VERSION}-${PKG_RELEASE} \ |
||||
|
&& cd alpine \ |
||||
|
&& make all \ |
||||
|
&& apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ |
||||
|
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ |
||||
|
" \ |
||||
|
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ |
||||
|
&& apk del .build-deps \ |
||||
|
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ |
||||
|
;; \ |
||||
|
esac \ |
||||
|
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) |
||||
|
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ |
||||
|
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ |
||||
|
&& if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ |
||||
|
# Bring in gettext so we can get `envsubst`, then throw |
||||
|
# the rest away. To do this, we need to install `gettext` |
||||
|
# then move `envsubst` out of the way so `gettext` can |
||||
|
# be deleted completely, then move `envsubst` back. |
||||
|
&& apk add --no-cache --virtual .gettext gettext \ |
||||
|
&& mv /usr/bin/envsubst /tmp/ \ |
||||
|
\ |
||||
|
&& runDeps="$( \ |
||||
|
scanelf --needed --nobanner /tmp/envsubst \ |
||||
|
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ |
||||
|
| sort -u \ |
||||
|
| xargs -r apk info --installed \ |
||||
|
| sort -u \ |
||||
|
)" \ |
||||
|
&& apk add --no-cache $runDeps \ |
||||
|
&& apk del .gettext \ |
||||
|
&& mv /tmp/envsubst /usr/local/bin/ \ |
||||
|
# Bring in tzdata so users could set the timezones through the environment |
||||
|
# variables |
||||
|
&& apk add --no-cache tzdata \ |
||||
|
# Bring in curl and ca-certificates to make registering on DNS SD easier |
||||
|
&& apk add --no-cache curl ca-certificates \ |
||||
|
# forward request and error logs to docker log collector |
||||
|
&& ln -sf /dev/stdout /var/log/nginx/access.log \ |
||||
|
&& ln -sf /dev/stderr /var/log/nginx/error.log \ |
||||
|
# make default server listen on ipv6 |
||||
|
&& sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ |
||||
|
/etc/nginx/conf.d/default.conf |
||||
|
|
||||
|
EXPOSE 80 |
||||
|
|
||||
|
STOPSIGNAL SIGTERM |
||||
|
|
||||
|
CMD ["nginx", "-g", "daemon off;"] |
@ -0,0 +1,8 @@ |
|||||
|
echo -e "\e[31mBuilding our nginx image!" |
||||
|
sleep 2 |
||||
|
echo -e "\e[39m" |
||||
|
docker build -f Dockerfile -t anginx . |
||||
|
echo -e "\e[31mDeploying service" |
||||
|
sleep 2 |
||||
|
echo -e "\e[39m" |
||||
|
docker stack deploy -c docker-compose.yml wordpress |
@ -0,0 +1,254 @@ |
|||||
|
version: '3.7' #version |
||||
|
|
||||
|
services: |
||||
|
|
||||
|
nginx: |
||||
|
image: anginx #image from docker building my Dockerfile (docker build -f Dockerfile -t anginx .) |
||||
|
# build: |
||||
|
# context: . |
||||
|
# dockerfile: Dockerfile |
||||
|
container_name: production_nginx |
||||
|
volumes: |
||||
|
- /home/user/docker/nginx.conf:/etc/nginx/conf.d/default.conf |
||||
|
- /home/user/docker/cert.pem:/etc/nginx/public.crt |
||||
|
- /home/user/docker/key.pem:/etc/nginx/private.key |
||||
|
ports: |
||||
|
- 9080:80 |
||||
|
- 9443:443 |
||||
|
networks: |
||||
|
- main_net |
||||
|
|
||||
|
|
||||
|
mariadb: |
||||
|
image: mariadb |
||||
|
container_name: mariadb |
||||
|
# deploy: |
||||
|
# mode: replicated |
||||
|
# replicas: 2 |
||||
|
# max_replicas_per_node: 1 |
||||
|
# resources: |
||||
|
# limits: |
||||
|
# cpus: '0.50' |
||||
|
# memory: 50M |
||||
|
# reservations: |
||||
|
# cpus: '0.25' |
||||
|
# memory: 20M |
||||
|
volumes: |
||||
|
- db_data:/var/lib/mysql |
||||
|
environment: |
||||
|
MYSQL_ROOT_PASSWORD: wordpress |
||||
|
MYSQL_DATABASE: wordpress |
||||
|
networks: |
||||
|
- main_net |
||||
|
|
||||
|
|
||||
|
wordpress: |
||||
|
image: wordpress:latest |
||||
|
container_name: wordpress |
||||
|
restart: always |
||||
|
deploy: #create replicas with specific resources |
||||
|
mode: replicated |
||||
|
replicas: 2 |
||||
|
# max_replicas_per_node: 1 |
||||
|
resources: |
||||
|
limits: #max resources |
||||
|
cpus: '0.50' |
||||
|
memory: 50M |
||||
|
reservations: #default resources |
||||
|
cpus: '0.25' |
||||
|
memory: 20M |
||||
|
ports: |
||||
|
- 80:80 |
||||
|
volumes: |
||||
|
- wp-app:/var/www/html |
||||
|
environment: |
||||
|
WORDPRESS_DB_HOST: mariadb:3306 |
||||
|
WORDPRESS_DB_NAME: wordpress |
||||
|
WORDPRESS_DB_USER: root |
||||
|
WORDPRESS_DB_PASSWORD: wordpress |
||||
|
networks: |
||||
|
- main_net |
||||
|
depends_on: |
||||
|
- mariadb |
||||
|
|
||||
|
cli: |
||||
|
image: wordpress:cli-php7.4 |
||||
|
restart: always |
||||
|
container_name: cli |
||||
|
deploy: |
||||
|
mode: replicated |
||||
|
replicas: 2 |
||||
|
# max_replicas_per_node: 1 |
||||
|
resources: |
||||
|
limits: |
||||
|
cpus: '0.50' |
||||
|
memory: 50M |
||||
|
reservations: |
||||
|
cpus: '0.25' |
||||
|
memory: 20M |
||||
|
volumes: |
||||
|
- ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini |
||||
|
- ./wp-app:/var/www/html |
||||
|
depends_on: |
||||
|
- wordpress |
||||
|
- mariadb |
||||
|
networks: |
||||
|
- main_net |
||||
|
|
||||
|
phpmyadmin: |
||||
|
image: phpmyadmin/phpmyadmin |
||||
|
container_name: phpmyadmin |
||||
|
deploy: |
||||
|
mode: replicated |
||||
|
replicas: 2 |
||||
|
# max_replicas_per_node: 1 |
||||
|
resources: |
||||
|
limits: |
||||
|
cpus: '0.50' |
||||
|
memory: 50M |
||||
|
reservations: |
||||
|
cpus: '0.25' |
||||
|
memory: 20M |
||||
|
environment: |
||||
|
PMA_HOST: mariadb |
||||
|
MYSQL_ROOT_PASSWORD: wordpress |
||||
|
PMA_PORT: 3306 |
||||
|
ports: |
||||
|
- 8080:80 |
||||
|
networks: |
||||
|
- main_net |
||||
|
|
||||
|
minio1: |
||||
|
image: minio/minio:RELEASE.2020-04-10T03-34-42Z |
||||
|
hostname: minio1 |
||||
|
volumes: |
||||
|
- minio1-data:/export |
||||
|
ports: |
||||
|
- "9001:9000" |
||||
|
networks: |
||||
|
- minio_distributed |
||||
|
deploy: |
||||
|
restart_policy: |
||||
|
delay: 10s |
||||
|
max_attempts: 10 |
||||
|
window: 60s |
||||
|
placement: |
||||
|
constraints: |
||||
|
- node.labels.minio1==true |
||||
|
command: server http://minio{1...4}/export |
||||
|
environment: |
||||
|
MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE |
||||
|
MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
||||
|
# secrets: |
||||
|
# - secret_key |
||||
|
# - access_key |
||||
|
healthcheck: |
||||
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] |
||||
|
interval: 30s |
||||
|
timeout: 20s |
||||
|
retries: 3 |
||||
|
|
||||
|
minio2: |
||||
|
image: minio/minio:RELEASE.2020-04-10T03-34-42Z |
||||
|
hostname: minio2 |
||||
|
volumes: |
||||
|
- minio2-data:/export |
||||
|
ports: |
||||
|
- "9002:9000" |
||||
|
networks: |
||||
|
- minio_distributed |
||||
|
deploy: |
||||
|
restart_policy: |
||||
|
delay: 10s |
||||
|
max_attempts: 10 |
||||
|
window: 60s |
||||
|
placement: |
||||
|
constraints: |
||||
|
- node.labels.minio2==true |
||||
|
command: server http://minio{1...4}/export |
||||
|
environment: |
||||
|
MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE |
||||
|
MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
||||
|
# secrets: |
||||
|
# - secret_key |
||||
|
# - access_key |
||||
|
healthcheck: |
||||
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] |
||||
|
interval: 30s |
||||
|
timeout: 20s |
||||
|
retries: 3 |
||||
|
|
||||
|
minio3: |
||||
|
image: minio/minio:RELEASE.2020-04-10T03-34-42Z |
||||
|
hostname: minio3 |
||||
|
volumes: |
||||
|
- minio3-data:/export |
||||
|
ports: |
||||
|
- "9003:9000" |
||||
|
networks: |
||||
|
- minio_distributed |
||||
|
deploy: |
||||
|
restart_policy: |
||||
|
delay: 10s |
||||
|
max_attempts: 10 |
||||
|
window: 60s |
||||
|
placement: |
||||
|
constraints: |
||||
|
- node.labels.minio3==true |
||||
|
command: server http://minio{1...4}/export |
||||
|
environment: |
||||
|
MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE |
||||
|
MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
||||
|
# secrets: |
||||
|
# - secret_key |
||||
|
# - access_key |
||||
|
healthcheck: |
||||
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] |
||||
|
interval: 30s |
||||
|
timeout: 20s |
||||
|
retries: 3 |
||||
|
|
||||
|
minio4: |
||||
|
image: minio/minio:RELEASE.2020-04-10T03-34-42Z |
||||
|
hostname: minio4 |
||||
|
volumes: |
||||
|
- minio4-data:/export |
||||
|
ports: |
||||
|
- "9004:9000" |
||||
|
networks: |
||||
|
- minio_distributed |
||||
|
deploy: |
||||
|
restart_policy: |
||||
|
delay: 10s |
||||
|
max_attempts: 10 |
||||
|
window: 60s |
||||
|
placement: |
||||
|
constraints: |
||||
|
- node.labels.minio4==true |
||||
|
command: server http://minio{1...4}/export |
||||
|
environment: |
||||
|
MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE |
||||
|
MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
||||
|
# secrets: |
||||
|
# - secret_key |
||||
|
# - access_key |
||||
|
healthcheck: |
||||
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] |
||||
|
interval: 30s |
||||
|
timeout: 20s |
||||
|
retries: 3 |
||||
|
|
||||
|
volumes: |
||||
|
db_data: |
||||
|
# external: true |
||||
|
wp-app: |
||||
|
minio1-data: |
||||
|
minio2-data: |
||||
|
minio3-data: |
||||
|
minio4-data: |
||||
|
|
||||
|
networks: |
||||
|
minio_distributed: |
||||
|
driver: overlay |
||||
|
#internal: {} |
||||
|
main_net: |
Loading…
Reference in new issue