在 Docker nginx 反向代理设置 介绍了通过 nginx 反向代理关联容器。此为真实的使用场景。通过 Gitea 作为代码管理工具;Kanboard 作为任务管理;Jenkins 作为 CI 工具。这样的组合比较适合小型团队使用,相比起 GitLab 这种巨无霸来说,部署简单,使用简单。
准备
- 安装 Docker
$ curl -fsSL get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group grants the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
- 安装 Docker Compose
$ sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ docker-compose --version
注:Docker 以及 Docker Compose 的安装,官方文档讲得非常清晰,在此不再赘述。
docker-compose.yml 文件
version: "3.5"
services:
mysql:
image: mysql:latest
container_name: mysql
ports:
- "3306:3306"
networks:
- devops
environment:
- MYSQL_ROOT_PASSWORD=/run/secrets/db_root_password
volumes:
- type: bind
source: ./mysql/conf.d
target: /etc/mysql/conf.d
- type: bind
source: ./mysql/data
target: /var/lib/mysql
# - ./mysql/conf.d:/etc/mysql/conf.d
# - ./mysql/data:/var/lib/mysql
secrets:
- db_root_password
restart: always
gitea:
image: gitea/gitea:latest
container_name: gitea
ports:
- "10080:3000"
- "10022:22"
networks:
- devops
environment:
- VIRTUAL_HOST=git.vking.io
- VIRTUAL_PORT=3000
- GITEA_CUSTOM=/etc/gitea
depends_on:
- mysql
volumes:
- type: bind
source: ./gitea
target: /data
- type: bind
source: ./gitea/custom
target: /etc/gitea
# - ./gitea:/data
# - ./gitea/custom:/etc/gitea
restart: always
task:
image: kanboard/kanboard:latest
container_name: kanboard
ports:
- "8888:80"
networks:
- devops
environment:
- VIRTUAL_HOST=task.vking.io
- VIRTUAL_PORT=80
volumes:
- type: bind
source: ./kanboard/data
target: /var/www/app/data
- type: bind
source: ./kanboard/plugins
target: /var/www/app/plugins
# - ./kanboard/data:/var/www/app/data
# - ./kanboard/plugins:/var/www/app/plugins
restart: always
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins
ports:
- "8081:8080"
- "50000:5000"
networks:
- devops
environment:
- VIRTUAL_HOST=jenkins.vking.io
- VIRTUAL_PORT=8080
volumes:
- type: bind
source: ./jenkins/data
target: /var/jenkins_home
# - ./jenkins/data:/var/jenkins_home
restart: always
nginx:
image: jwilder/nginx-proxy:alpine
container_name: nginx
ports:
- "80:80"
depends_on:
- gitea
- task
- jenkins
networks:
- devops
volumes:
- type: bind
source: /var/run/docker.sock
target: /tmp/docker.sock
# - /var/run/docker.sock:/tmp/docker.sock
restart: always
secrets:
db_root_password:
file: ./mysql/my_secret.txt
networks:
devops:
name: devops-network
注: 通过 volumes bind 方式挂载的外部文件/目录,如果不存在的话,不会自动创建。
使用
- MySQL 的管理员密码,通过
mysql/my_my_secret.txt设置,构建容器的时候会自动加载并设置。 - 不同 services 管理的域名,通过环境变量设置
VIRTUAL_HOST=域名;VIRTUAL_PORT=端口 - 创建镜像并执行
docker-compose up -d - 删除容器及
volumn数据docker-compose down -v
后记
因为通过反向代理隐藏了暴露端口的细节,如果没有外部注册的域名的话,还需要通过 Dnsmasq 进行内部域名解析。
---EOF---