As the hottest applications, Docker does exist its own unique, either ape or operation and maintenance program should have heard the name Docker, Docker has gone through many of the pit, it should be said to be fully capable of carrying the development and use operation and maintenance monitoring, this tool can help us efficient packaging, distribution and operation of the vessel carrying the system application. And collect logs, help has a significant role in the rapid development of App.
Containers and virtual machines are often out to compare the two products, both in fact there is a fundamental difference between the virtual machine is a complete simulation of a real computer, operating system above may or may not know that they run in a virtual under environment and the virtual machine to convert the user carries the instructions for the privileged instruction function, so the virtual machine is very complex, but very complete, and Docker is completely different. Docker use the host's own Linux kernel, and then generate the disk directory and software from the mirror, all processes running on the host, if there are interested can inquire about ps aux, you can find a process running in Docker, but Docker almost like it did the concept of chroot package.
Docker real usage
In the early development of the Docker, as busybox and other lightweight mirror is not complete, so the major release of reduced weight-loss mirroring got more use, especially because Docker itself was developed in the Ubuntu environment, so many Ubuntu and Debian as a mirror image group, as a basis for generating the target image. As used in practice, however, the disadvantages are also exposed, is too weight of such Docker systemd logging and logging function itself is repeatedly used, the mirror is difficult reduced to less than 300M. Docker and recommended way is to use a single process model, rather than multiple processes as a complete operating system in general. So arises alpine and other lightweight mirror substrate, alpine what you can own Baidu, this image is a mirror image of Docker official recommendation, the future will be migrated to the official mirror mirrored alpine as the basis, so we should be familiar with this as soon as possible mirror.
Construction of Dockerfile
This article is about Nginx practice Docker containers, but the official has actually been mirrored on the Nginx alpine. In actual use, the more the author is using Tengine, so the reference official Dockerfile, I wrote Dockerfile Tengine own mirror, hoping to start a discussion, you can criticism.
FROM alpine:3.3 MAINTAINER ChasonTang <[email protected]> ENV TENGINE_VERSION 2.1.2 ENV CONFIG "\ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --http-client-body-temp-path=/var/cache/nginx/client_temp \ --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_auth_request_module \ --with-mail \ --with-mail_ssl_module \ --with-file-aio \ --with-http_spdy_module \ --with-ipv6 \ --with-jemalloc \ " ADD ngx_user.patch / ADD repositories /etc/apk/repositories RUN \ addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ && apk add --no-cache --virtual .build-deps \ gcc \ libc-dev \ make \ openssl-dev \ pcre-dev \ zlib-dev \ linux-headers \ curl \ jemalloc-dev \ && curl "http://tengine.taobao.org/download/tengine-$TENGINE_VERSION.tar.gz" -o tengine.tar.gz \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f tengine.tar.gz \ && rm tengine.tar.gz \ && cd /usr/src/tengine-$TENGINE_VERSION/src/os/unix/ \ && mv /ngx_user.patch ./ngx_user.patch \ && patch ngx_user.c ngx_user.patch \ && rm ngx_user.patch \ && cd ../../../ \ # && cd /usr/src/tengine-$TENGINE_VERSION \ && ./configure $CONFIG --with-debug \ && make \ && mv objs/nginx objs/nginx-debug \ && ./configure $CONFIG \ && make \ && make install \ && rm -rf /etc/nginx/html/ \ && mkdir /etc/nginx/conf.d/ \ && mkdir -p /usr/share/nginx/html/ \ && install -m644 html/index.html /usr/share/nginx/html/ \ && install -m644 html/50x.html /usr/share/nginx/html/ \ && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ && strip /usr/sbin/nginx* \ && runDeps="$( \ scanelf --needed --nobanner /usr/sbin/nginx \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ && apk add --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ && rm -rf /usr/src/nginx-$NGINX_VERSION \ && apk add --no-cache gettext \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf EXPOSE 80 443 CMD ["nginx", "-g", "daemon off;"]
We know, Docker image can be constructed according to Dockerfile, the above is the author wrote Dockerfile. First, using the FROM instruction specifies this mirror the mirror base is alpine: 3.3, the second statement behavior Dockerfile defenders, then two instruction statement ENV two environment variables, a version number specified Tengine needs to be acquired, a compiler is installed options. Here to explain temporarily, and then copy a patch file and alpine image source profile to the container, in fact, because tengine v2.1.2 there is a legacy of glibc bug will result in an error when compiling Nginx's latest upstream code has been repaired while the development branch above tengine has also fixed the problem, I recently put this issue tengine v2.1.3 patch fixes branch code, but unfortunately, v2.1.3 version has not yet been officially released, so only the first use manual patch to fix this problem. As for mirroring, it is because there are domestic network problems, leading apk package management command can not successfully download the various dependencies, so assign it to domestic sources, if you can remove the official use of the two files.
Then is to use the RUN command to execute code, where you can see and I use && \ all the instructions are compressed for his party, here are two reasons:
RUN command does not save a directive on the working path, each RUN command will only work for the specified directory / directory
a Dockerfile the instructions will produce a mirror image of submission, in other words, reducing Dockerfile the instructions can improve image multiplexing level
and is used apk download package management commands like installation includes a compiler dependency, and these dependencies labeled .build-deps group, to facilitate later uninstall cleanup. Then that is a very conventional way of thinking,. / Configure && make && make install, compiler options are very law-abiding, a basic familiarity with compiling Nginx friends can understand. But above it may be noted, Nginx is compiled twice, once opened the --with-debug parameters, not once, because in many cases, we need to Nginx provide debug level log monitoring, particularly in the development environment , so it compiled twice, easy to use. Then the end of the string analyzing process operation Tengine dependency when extracted, labeled and then uninstall .nginx-rundeps .build-deps, the last is the symbolic link accessLog and two errorLog linked to the standard input and output, so we docker logs command can be used easily view the log. Finally, there is a custom copy Nginx configuration file, and then use nginx -g daemon off; let Nginx previously run as a background process.
https://mp.weixin.qq.com/s/vkvYJnKfQyuUeD_BDQy_1g
For more learning materials, can be added to the group: 473 984 645 or under the Fanger Wei code scanning
