docker_lnmp_搭建记录
更新系统
apt update -y && apt upgrade -y && apt install -y curl wget sudo socat unzip tar htop安装docker和docker-compose
curl -fsSL https://get.docker.com | sh
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose创建数据目录
mkdir mydata && cd mydata && mkdir certs mysql php html nginx alist lsky-pro && touch docker-compose.yml && cd nginx && mkdir conf.d && nano nginx.conf NGINX配置
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 打开高效传输文件模式
sendfile on;
# 连接时间,默认65s
keepalive_timeout 65;
#上传限制参数1G以内文件可上传
client_max_body_size 1000m;
# 修改Nginx设置防止SQLite数据库被下载
# 在站点配置文件加入此代码
#location ~ (.db)$ {
# return 404;
#}
# 若还有其他不允许被查看的文件,如 .key,如此增加即可
#location ~ (.db|.key)$ {
# return 404;
#}
# typecho博客
server {
listen 80;
listen 443 ssl http2;
#listen [::]:80;
#listen [::]:443 ssl http2;
server_name blog.xxxx.com;
#网站目录路径
root /var/www/html/typecho;
index index.php index.html index.htm default.php default.htm default.html;
#SSL块
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 强制HTTPS
#if ($server_port !~ 443){
# rewrite ^(/.*)$ https://$host$1 permanent;
#}
#伪静态
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php$1 last;
}
# PHP-FPM configuration
location ~ ^(.+\.php)(.*)$ {
fastcgi_pass php74:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
client_max_body_size 50m;
}
# onenav 导航站
server {
listen 80;
listen 443 ssl http2;
server_name d.xxxx.com;
#SSL块
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#网站目录路径
root /var/www/html/onenav;
index index.php index.html index.htm default.php default.htm default.html;
#安全设置
location ~* ^/(class|controller|initial|data|templates)/.*.(db3|php|php5|sql)$ {
return 403;
}
location ~* ^/data/upload/.*.html$ {
deny all;
}
#伪静态
rewrite ^/click/(.*) /index.php?c=click&id=$1 break;
rewrite ^/api/(.*)?(.*) /index.php?c=api&method=$1&$2 break;
rewrite /login /index.php?c=login break;
rewrite ^/(.*)/index.php /index.php?u=$1 break;
# PHP-FPM configuration
location ~ ^(.+\.php)(.*)$ {
fastcgi_pass php74:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
client_max_body_size 50m;
}
#ALIST
server {
listen 80;
listen 443 ssl http2;
server_name alist.xxxx.com;
#SSL块
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#反向代理块
location / {
proxy_pass http://172.17.0.1:5244;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#lsky-pro
#server {
#listen 80;
# listen 443 ssl http2;
# server_name lsky.xxxx.com;
#SSL块
# ssl_certificate /etc/nginx/certs/cert.pem;
# ssl_certificate_key /etc/nginx/certs/key.pem;
# ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
#反向代理块
# location / {
# proxy_pass http://172.17.0.1:7791;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
# 转发 Alist WebDAV 图片访问请求
# location /img {
# proxy_pass http://172.17.0.1:5244/d/temp;
# proxy_read_timeout 600s;
# }
#}
#重定向块
#server {
#listen 80;
#listen 443 ssl http2;
#server_name img.xxxx.com;
#ssl_certificate /etc/nginx/certs/cert.pem;
#ssl_certificate_key /etc/nginx/certs/key.pem;
#return 301 https://www.baidu.com$request_uri;
#return 302 https://www.baidu.com$request_uri;
#}
#easyimage
server {
listen 80;
listen 443 ssl http2;
server_name img.xxxx.com;
#SSL块
ssl_certificate /etc/nginx/certs/xxxx.com_cert.pem;
ssl_certificate_key /etc/nginx/certs/xxxx.com_key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#反向代理块
location / {
proxy_pass http://172.17.0.1:20231;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#伪静态
try_files $uri $uri/ /index.php?$args;
}
}
配置docker-compose
version: '3'
services:
nginx:
image: nginx:1.20
container_name: nginx
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/conf.d:/etc/nginx/conf.d
- ./certs:/etc/nginx/certs
- ./html:/var/www/html
php:
image: php:7.4-fpm
container_name: php74
restart: always
volumes:
- ./html:/var/www/html
mysql:
image: mysql:5.6
container_name: mysql
restart: always
volumes:
- ./mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=xxxx
- MYSQL_USER=xxxxx
- MYSQL_PASSWORD=xxxxx
alist:
restart: always
volumes:
- './alist:/opt/alist/data'
ports:
- '5244:5244'
environment:
- PUID=0
- PGID=0
- UMASK=022
container_name: alist
image: 'xhofe/alist:latest'
lsky-pro:
container_name: lsky-pro
image: dko0/lsky-pro
restart: always
volumes:
- ./lskydata:/var/www/html
ports:
- 7791:80检查端口是否占用
lsof -i:7791填入证书
cd /root/mydata/certs && touch cert.pem && touch key.pem && nano cert.pem开放端口
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F赋予容器访问权限
docker exec -it nginx chmod -R 777 /var/www/html
docker exec -it php74 chmod -R 777 /var/www/html运行docker-compose
cd /root/mydata/ && docker-compose up -d安装PHP扩展,调整上传文件大小限制,内存限制
docker exec php apt update && docker exec php apt install -y libmariadb-dev-compat libmariadb-dev libzip-dev libmagickwand-dev imagemagick
docker exec php docker-php-ext-install mysqli pdo_mysql zip exif gd intl bcmath opcache
docker exec php pecl install imagick && docker exec php sh -c 'echo "extension=imagick.so" > /usr/local/etc/php/conf.d/imagick.ini'
docker exec php pecl install redis && docker exec php sh -c 'echo "extension=redis.so" > /usr/local/etc/php/conf.d/docker-php-ext-redis.ini'
docker exec php sh -c 'echo "upload_max_filesize=50M \n post_max_size=50M" > /usr/local/etc/php/conf.d/uploads.ini'
docker exec php sh -c 'echo "memory_limit=256M" > /usr/local/etc/php/conf.d/memory.ini'PHP7.4安装PHP扩展,调整上传文件大小限制,内存限制
docker exec php74 apt update && docker exec php74 apt install -y libmariadb-dev-compat libmariadb-dev libzip-dev libmagickwand-dev imagemagick
docker exec php74 docker-php-ext-install mysqli pdo_mysql zip gd intl bcmath opcache
docker exec php74 pecl install imagick && docker exec php74 sh -c 'echo "extension=imagick.so" > /usr/local/etc/php/conf.d/imagick.ini'
docker exec php74 pecl install redis && docker exec php74 sh -c 'echo "extension=redis.so" > /usr/local/etc/php/conf.d/docker-php-ext-redis.ini'
docker exec php74 sh -c 'echo "upload_max_filesize=50M \n post_max_size=50M" > /usr/local/etc/php/conf.d/uploads.ini'
docker exec php74 sh -c 'echo "memory_limit=256M" > /usr/local/etc/php/conf.d/memory.ini'重启php
docker restart php
docker restart php74查看php扩展安装情况
docker exec -it php php -m
docker exec -it php74 php -m数据库相关操作
创建新数据库
docker exec -it mysql mysql -u root -p //进入MySQL容器
CREATE DATABASE typecho; //创建新数据库数据库赋予权限
GRANT ALL PRIVILEGES ON typecho.* TO 'xxxxx'@'%'; //给用户授权查看数据库列表
SHOW DATABASES typecho;查看权限赋予情况
SHOW GRANTS FOR 'xxxxx'@'%';删除数据库
REVOKE ALL PRIVILEGES ON typecho.* FROM 'xxxxx'@'%'; //删除授权
DROP DATABASE web3; //删除数据库docker MySQL 数据导出
docker exec mysql mysqldump -uroot -p typecho > /mydata/typecho_bak.sql //本机路径,非容器路径docker MySQL 一行命令导入
docker exec -i mysql(容器名称) mysql -u -p typecho(数据库名称) < /root/xxxxx.sql(本地数据路径)docker MySQL 数据导入
docker cp mydata/typecho_bak.sql mysql:/typecho.sql //将本机sql文件拷贝进容器内
docker exec -it mysql mysql -uroot -p typecho < typecho.sql //此处为容器内路径,非本机路径docker MySQL 数据导入(备用)
docker cp mydatabase.sql my_mysql_container:/path/to/mydatabase.sql //导入容器
docker exec -it my_mysql_container mysql -u root -p mydatabase < /path/to/mydatabase.sql //恢复数据手动打包备份
tar czvf mydata_$(date +"%Y%m%d%H%M%S").tar.gz mydata
tar -zxvf mydata.tar.gz -C /root/mydata //解压到指定的目录