Docker installs common services
1. Install mysql
# 1. Pull the mysql image to localdocker pull mysql:tag (tag does not add the latest version by default)# 2. Run mysql servicedocker run --name mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:tag --No external port is exposed and cannot be connected externallydocker run --name mysql -e MYSQL_ROOT_PASSWORD=root -p 3306:3306 -d mysql:tag --Expose the external port and the outside can connect (provided that the firewall opens the exposed port and the port cannot conflict)# 3. Enter the mysql containerdocker exec -it container name|container id bash# 4. View mysql log externallydocker logs container name|container id# 5.mysql container startup configurationdocker run --name mysql -v /root/mysql/data:/var/lib/mysql -v /home/mysql/my.cnf:/etc/my.cnf -e MYSQL_ROOT_PASSWORD=root -p 3306:3306 -d mysql:tagConfiguration item description:
-v /root/mysql/data:/var/lib/mysql: mount data -v /home/mysql/my.cnf:/etc/my.cnf: Mount the mysql configuration file (according to the configuration location in your own container, you can enter the container and use find / -name my.cnf to query the location of the configuration file) -e MYSQL_ROOT_PASSWORD=root: Set the password for the root account# 6. Data backup can be achieved through other client access, such as using client tools in window system | macos system (client tool mode)# 7. Back up mysql database as sql file (command mode)docker exec mysql|container id sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /root/all-databases.sql --Export all datadocker exec mysql sh -c 'exec mysqldump --databases database table -uroot -p"$MYSQL_ROOT_PASSWORD"' > /root/all-databases.sql --Export specified database datadocker exec mysql sh -c 'exec mysqldump --no-data --databases database table -uroot -p"$MYSQL_ROOT_PASSWORD"' > /root/all-databases.sql --Export specified database data without data# 9. Execute sql file into mysqldocker exec -i mysql sh -c 'exec mysql -uroot -p"$MYSQL_ROOT_PASSWORD"' < /root/xxx.sql
2. Install Redis service
# 1. Search redis image in docker hubdocker search redis# 2. Pull the redis image to localdocker pull redis
# 3. Mount configuration file(1) Create configuration filetouch redis.conf(2) Modify the configuration file
vim redis.conf
(3) Add the following configuration
bind 0.0.0.0 ----------enable remote accessappendonly yes ---------enable persistenceappendfilename "appendonly.aof" ----------persistent file namerequirepass 123456 ----------Set password# 4. Start the redis service and run the container (basic)docker run --name redis --network 3c -p 6379:6379 -v /home/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf -v /home/redis/db:/data --restart=always -d redis:5.0.10 redis-server /usr/local/etc/redis/redis.confConfiguration item description:
- -v /home/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf: Mount configuration file
- -v /home/redis/db:/data: Mount data for persistence
- --restart=always: Set the redis container to start automatically when docker starts
- redis-server /usr/local/etc/redis/redis.conf: Specify the redis configuration file path in docker
# 5. View startup logdocker logs -t -f container id|container name# 6. Enter the container to viewdocker exec -it container id|name bash
3. Install Nginx
# 1. Search nginx in docker hubdocker search nginx# 2. Pull the nginx image to the local (if the following download does not specify a version, the latest version will be downloaded by default)[root@localhost ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxafb6ec6fdc1c: Pull completeb90c53a0b692: Pull complete11fa52a0fdc0: Pull completeDigest: sha256:30dfa439718a17baafefadf16c5e7c9d0a1cde97b4fd84f63b69e13513be7097Status: Downloaded newer image for nginx:latestdocker.io/library/nginx:latest# 3. Start nginx container (basic)docker run --name nginx01 -p 80:80 -d nginx:1.19.10# 4. Enter the containerdocker exec -it nginx01 bashFind nginx directory:find / -name 'nginx' ------------------All directories about nginxfind / -name 'nginx.conf' --------------The directory where the nginx configuration file is located ( /etc/nginx/nginx.conf )find / -name 'index.html' --------------nginx's index page is located in the directory that is also nginx's resource directory ( /usr/share/nginx/html/index.html )# 5. Then exit the container to the hostexit# 6. Copy the configuration file to the host machinedocker cp nginx01 (container id|container name):/etc/nginx/nginx.conf host directoryFor example: docker cp nginx-test:/etc/nginx/nginx.conf ./# 7. Hang nginx configuration and html outside the host machinedocker run --name nginx02 -v /root/nginx/nginx.conf:/etc/nginx/nginx.conf -v /root/nginx/html:/usr/share/nginx/html -p 80:80 -d nginx:1.19.10
nginx can be used as a load balancer or as a server.
4. Install Tomcat
# 1. Search tomcat in docker hubdocker search tomcat# 2. Download tomcat imagedocker pull tomcat# 3. Run tomcat imagedocker run -p 8080:8080 -d --name mytomcat tomcat# 4. Enter the tomcat containerdocker exec -it mytomcat bash# 5. Mount the webapps directory externallydocker run -p 8080:8080 -v /root/webapps:/usr/local/tomcat/webapps -d --name mytomcat tomcat#Note: If the server.xml configuration file is mounted, the mounting path must be accurate to the server.xml file.#Example below:docker run --name hkht-tomcat -p 8081:8081 -v /data/hkht/tomcat/webapps:/usr/local/tomcat/webapps -v /data/hkht/tomcat/conf/server.xml:/usr/local/tomcat/conf/server.xml -d tomcat:8.0-jre8#Note here: In the picture below, the configuration file is mounted directly to the conf file. I don’t know the reason yet, but in practice, mounting to conf is not accurate to the configuration file, and access to front-end resources is inaccessible (before and after web projects that are not separated from each other).#Also, the 8.0-jre8 image of tomcat is used here instead of the separate version number 8.0, because there is no separate download of the jdk image. If you want to use 8.0, you need to use the dockerfile for packaging. I directly downloaded the tomcat containing jre, so that The project can be run (a web project where the front and back ends are not separated).
5. Install MongoDB database
# 1. Run mongDBdocker run -d -p 27017:27017 --name mymongo mongo ---No permissions requireddocker logs -f mymongo ---View mongo running logs# 2. Enter the mongodb containerdocker exec -it mymongo bashDirectly execute the mongo command to operate# 3. Common containers with permissionsdocker run --name mymongo -p 27017:27017 -d mongo --auth# 4. Enter the container to configure the username and passwordmongouse admin select admin librarydb.createUser({user:"root",pwd:"root",roles:[{role:'root',db:'admin'}]}) //Create a user. If this user is created successfully, subsequent operations will User authentication requiredexit# 5. Map the data directory in mongoDB to the hostdocker run -d -p 27017:27017 -v /root/mongo/data:/data/db --name mymongo mongo
6. Install ElasticSearch
-
Note: Increase the JVM thread limit
0. Pull the image and run elasticsearch
# 1.dockerhub pulls the imagedocker pull elasticsearch:6.4.2# 2. View docker imagedocker images# 3. Run the docker imagedocker run -p 9200:9200 -p 9300:9300 elasticsearch:6.4.2
-
The following error occurs during startup
-
1. Pre-configured
# 1. In the centos virtual machine, modify the configuration sysctl.confvim /etc/sysctl.conf# 2. Add the following configurationvm.max_map_count=262144# 3. Enable configurationsysctl -pNote: This step is to prevent the following error from being reported when starting the container:bootstrap checks failed max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
2. Start the EleasticSearch container
# 0. Copy the data directory in the container to the hostdocker cp 容器id:/usr/share/share/elasticsearch/data /root/es# 1. Run the ES container to specify the jvm memory size and specify the ik word segmenter locationdocker run -d --name es -p 9200:9200 -p 9300:9300 -e ES_JAVA_OPTS="-Xms128m -Xmx128m" -v /root/es/plugins:/usr/share/elasticsearch/plugins -v /root/es/data:/usr/share/elasticsearch/data elasticsearch:6.4.2
3. Install IK word segmenter
# 1. Download the corresponding version of IK word segmenter# 2. Unzip it into the plugins folderyum install -y unzipunzip -d ik elasticsearch-analysis-ik-6.4.2.zip# 3. Add custom expansion words and stop wordscd plugins/elasticsearch/configvim IKAnalyzer.cfg.xml<properties><comment>IK Analyzer extended configuration</comment><!--Users can configure their own extended dictionary here--><entry key="ext_dict">ext_dict.dic</entry><!--Users can configure their own extended stop word dictionary here--><entry key="ext_stopwords">ext_stopwords.dic</entry></properties># 4. Create the ext_dict.dic file in the config directory under the ik word segmenter directory. The encoding must be UTF-8 to take effect.vim ext_dict.dic Just add expansion words# 5. Create the ext_stopword.dic file in the config directory under the ik word segmenter directoryvim ext_stopwords.dic Just add stop words# 6. Restart the container to take effectdocker restart container id# 7. Submit this container as a new imagedocker commit -a="xiaochen" -m="es with IKAnalyzer" 容器id xiaochen/elasticsearch:6.4.2
4. Install Kibana
# 1. Download the kibana image locallydocker pull kibana:6.4.2# 2. Start kibana containerdocker run -d --name kibana -e ELASTICSEARCH_URL=http://10.15.0.3:9200 -p 5601:5601 kibana:6.4.2
7.docker visualization tool
7.1 Install Portainer
Official installation instructions:
https://www.portainer.io/installation/
[root@ubuntu1804 ~]#docker pull portainer/portainer# -d: background startup, -p: mapped port, --name: container name, --restart=always: auto-start at boot, -v: hang on[root@ubuntu1804 ~]#docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer20db26b67b791648c2ef6aee444a5226a9c897ebcf0160050e722dbf4a4906e3[root@ubuntu1804 ~]#docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES20db26b67b79 portainer/portainer "/portainer" 5 seconds ago Up 4 seconds 0.0.0.0:8000->8000/tcp, 0.0.0.0:9000->9000/tcp portainer
7.2 Log in and use Portainer
Use a browser to visit: http://localhost:9000
7.3 Forgot the admin password, reset and check the password
#View containerdocker ps#View container detailsdocker inspect container id/name#Copy the directory address in the picture
#Execute the following command: docker run --rm -v Hang in the directory address:/data portainer /helper-reset-passworddocker run --rm -v /var/lib/docker/volumes/436d93252d9a382768eab7e9b7a29b8a10cbbf990257e37c9171eedc8df21c2e/_data:/data portainer/helper-reset-password
#Then restart portainerdocker start portainer#Visit again to log in
8. Install Traefik
Official website address: Traefik Labs: Say Goodbye to Connectivity Chaos
1. What is Traefik
Traefik is an open source edge router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.
What sets Traefik apart is that, in addition to its many features, it can automatically discover the correct configuration for your service. The magic happens when Traefik inspects your infrastructure, where it finds relevant information and discovers which service serves which request.
Traefik is natively compatible with all major clustering technologies such as Kubernetes, Docker, Docker Swarm, AWS, Mesos, Marathon, and more ; and can handle many at the same time. (It even works for legacy software running on bare metal.)
With Traefik, there is no need to maintain and synchronize separate configuration files: everything happens automatically and in real time (no reboots, no connection interruptions). With Traefik, you can spend your time developing and deploying new features to your system instead of configuring and maintaining its working state.
2. Concept
Traefik is based on the concepts of entry points, routers, middleware and services.
Key features include dynamic configuration, automatic service discovery, and support for multiple backends and protocols.
-
EntryPoints: It is the network entry point into Traefik. They define the port that will receive packets and whether it listens on TCP or UDP.
-
Router: Router is responsible for connecting incoming requests to services that can handle them.
-
Middleware: Attached to the router, middleware can modify the request or response before sending it to your service.
-
Service: The service is responsible for configuring how to get to the actual service that will ultimately handle the incoming request.
Traefik is an Edge Router , which means it is the front door to your platform, intercepting and routing every incoming request: it knows all the logic and every rule that determines which services handle which requests (based on path , host , headers , etc.) .
Traditionally edge routers (or reverse proxies) require a configuration file that contains every possible path to your service, Traefik gets them from the service itself.
To deploy your service, you append information that tells Traefik the characteristics of the requests that the service can handle.
This means that when a service is deployed, Traefik detects it immediately and updates routing rules in real time. Likewise, when a service is removed from the infrastructure, the corresponding routes are removed accordingly.
You no longer need to create and synchronize configuration files jumbled with IP addresses or other rules.
3. Quick start (start using docker-compose)
3.1. Alibaba Cloud
3.1.1. First of all, you need to have an Alibaba Cloud domain name, and then you need to have a server. It doesn’t matter which platform you purchased it on. Note that the domain name needs to be registered.
3.1.2. Add domain name resolution
3.1.3. Add keys and RAM roles
Add key
To add a RAM role, first select Create Role to specify the role name, then assign permissions, search for the authorization policy AliyunACMFullAccess by keyword, click the authorization policy, add it to the authorization list selected on the right, and click OK.
3.1.4. Create docker-compose.yml file
touch docker-compose.yml
3.1.5. Create a local network
docker network create proxy
3.1.6. Write traefik’s docker-compose.yml
version: '3.8'# networknetworks:proxy:external: true#Define data volumevolumes:acme:services:# service nametraffic:# Mirrorimage:traefik:v2.5.4# networknetworks:- proxy#portports:- "80:80"- "443:443"- "8080:8080"volumes:# Time zone- /etc/timezone:/etc/timezone- /etc/localtime:/etc/localtime# Enable Traefik to listen to Docker events- /var/run/docker.sock:/var/run/docker.sock# Generate persistent acme certificate- acme:/etc/acme#Key locationenv_file:- ./.alidns.envcommand:# Whether to enable the routing and forwarding function of the API- --api.insecure=true# What is the underlying proxy?- --providers.docker# The network using docker- --providers.docker.network=proxy# Whether to expose docker- --providers.docker.exposedByDefault=false# web# webport- --entryPoints.web.address=:80# Whether to redirect http- --entrypoints.web.http.redirections.entrypoint.permanent=true# Redirect category- --entrypoints.web.http.redirections.entrypoint.scheme=https# Redirect entry- --entrypoints.web.http.redirections.entrypoint.to=websecure# websecure# websecure port- --entryPoints.websecure.address=:443# Whether to automatically apply for a certificate- --entrypoints.websecure.http.tls=true# Certificate application manufacturer- --entrypoints.websecure.http.tls.certresolver=ali#Applied main domain name- --entrypoints.websecure.http.tls.domains[0].main=wuxinkeoo.top# Scan all domain names of this level domain name- --entrypoints.websecure.http.tls.domains[0].sans=*.wuxinkeoo.top# Let's Encrypt#Apply for vendors- --certificatesresolvers.ali.acme.dnschallenge.provider=alidns# Apply for certificate storage location- --certificatesresolvers.ali.acme.storage=/etc/acme/acme.json# describelabels:#Whether to hand it over to traefik for management- "traefik.enable=true"#Routing entry- "traefik.http.routers.traefik.entrypoints=web, websecure"# Routing rules- "traefik.http.routers.traefik.rule=Host(`proxy.wuxinkeoo.top`)"# Route port- "traefik.http.services.traefik.loadbalancer.server.port=8080"
3.1.7. Create the .alidns.env file and fill in the manufacturer key
touch .alidns.env
3.1.8. Write key and RAM role information to .alidns.env
ALICLOUD_ACCESS_KEY=LTAIxxxxxxxxxxxxxxxxxxxALICLOUD_SECRET_KEY=VMy3xxxxxxxxxxxxxxxxxxxALICLOUD_REGION_ID=root
3.1.9. Start
docker-compose up -d
3.1.10. Access
3.2. Tencent Cloud
3.2.1. First of all, you need to have a Tencent Cloud domain name, and then you need to have a server. It doesn’t matter which platform you purchased it on. Note that the domain name needs to be registered.
3.2.2. Add domain name resolution (Tencent does not support the use of wildcard *, so it can only be specified)
3.2.3. Create an access key (if it already exists, use the previous one)
Quick access address: Login-Tencent Cloud
3.2.4. Create docker-compose
touch docker-compose.yml
3.2.5. Create a network
docker network create proxy
3.2.6. Create .tencentcloud.env
touch .tencentcloud.env
3.2.7. Write the key to .tencentcloud.env
TENCENTCLOUD_SECRET_ID=AKIxxxxxxxxxxxxxxxxTENCENTCLOUD_SECRET_KEY=rSpxxxxxxxxxxxxxxx
3.2.8. Write docker-compose.yml file
version: '3.8'# networknetworks:proxy:external: true#Define data volumevolumes:acme:services:# service nametraffic:# Mirrorimage:traefik:v2.5.4# networknetworks:- proxy#portports:- "80:80"- "443:443"- "8080:8080"volumes:# Time zone- /etc/timezone:/etc/timezone- /etc/localtime:/etc/localtime# Enable Traefik to listen to Docker events- /var/run/docker.sock:/var/run/docker.sock# Generate persistent acme certificate- acme:/etc/acme# Key locationenv_file:- ./.tencentcloud.envcommand:# Whether to enable the routing and forwarding function of the API- --api.insecure=true# What is the underlying proxy?- --providers.docker# The network using docker- --providers.docker.network=proxy# Whether to expose docker- --providers.docker.exposedByDefault=false# web# webport- --entryPoints.web.address=:80# Whether to redirect http- --entrypoints.web.http.redirections.entrypoint.permanent=true# Redirect category- --entrypoints.web.http.redirections.entrypoint.scheme=https# Redirect entry- --entrypoints.web.http.redirections.entrypoint.to=websecure# websecure# websecure port- --entryPoints.websecure.address=:443# Whether to automatically apply for a certificate- --entrypoints.websecure.http.tls=true# Certificate application manufacturer- --entrypoints.websecure.http.tls.certresolver=tencent#Applied main domain name- --entrypoints.websecure.http.tls.domains[0].main=wuxinke.com# Scan all domain names of this level domain name- --entrypoints.websecure.http.tls.domains[0].sans=*.wuxinke.com# Let's Encrypt#Apply for vendors- --certificatesresolvers.ali.acme.dnschallenge.provider=tencentcloud# Apply for certificate storage location- --certificatesresolvers.ali.acme.storage=/etc/acme/acme.json# describelabels:# Whether to hand it over to traefik for management- "traefik.enable=true"#Routing entry- "traefik.http.routers.traefik.entrypoints=web, websecure"# Routing rules- "traefik.http.routers.traefik.rule=Host(`proxy.wuxinke.com`)"# Route port- "traefik.http.services.traefik.loadbalancer.server.port=8080"
Note: Remember to open port 8080 on the server
3.2.9. Start
docker-compose up -d
3.2.10. Access test
Note: When accessing, he will prompt that the HTTPS protocol is not secure and has not yet been resolved.