Dockerfile構建nginx、php和tomcat鏡像以及搭建企業級harbor

一、使用dockerfile製做nginx+php-fpm鏡像，實現lnmp。

1.1 製做基礎鏡像

[root@offline base]# cat Dockerfile 
FROM centos:centos7.8.2003

MAINTAINER RICKZHU
RUN yum install wget -y \
    && rm -rf /etc/yum.repos.d/*.repo \
    && wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
    && wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel ntpdata crontabs
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@offline base]# docker build -t centos:base .
[root@offline base]# docker images |grep centos
centos                                        base                            dbddb0186fa6        4 minutes ago        542MB

1.2 製做nginx+php-fpm鏡像

[root@offline nginx-php]# cat Dockerfile 
FROM centos:base
MAINTAINER Rickzhu
RUN yum install nginx -y && mkdir -p /data/php
ADD lnmp.conf /etc/nginx/conf.d/
ADD index.php /data/php
ADD abc.html /data/php
RUN yum install php php-mysql php-fpm -y
EXPOSE 80 9000
CMD /usr/sbin/php-fpm -D && nginx -g "daemon off;"
[root@offline nginx-php]# ls
abc.html  Dockerfile  index.php  lnmp.conf  nginx.conf
[root@offline nginx-php]# cat abc.html 
<h1>Hello Docker nginx-php</h1>
[root@offline nginx-php]# cat index.php 
<?php phpinfo() ?>
[root@offline nginx-php]# cat lnmp.conf 
server {
        listen       80;
        server_name  10.0.1.24;
        root /data/php;
        index index.html index.php;
        location ~* \.php$ {
                root /data/php;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}
[root@offline nginx-php]# docker build -t nginx-php:v1 .
[root@offline nginx-php]# docker images |grep nginx-php
nginx-php                                     v1                              b35cdbd20e76        3 minutes ago       669MB

1.4 啓動nginx-php容器

[root@offline nginx-php]# docker run --name nginx-php -d -p 80:80 nginx-php:v1
[root@offline nginx-php]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                          NAMES
1531116fc0a0        nginx-php:v1        "/bin/sh -c '/usr/sb…"   7 seconds ago       Up 6 seconds        0.0.0.0:80->80/tcp, 9000/tcp   nginx-php

1.5 測試

二、使用dockerfile製做tomcat鏡像，並實現對jsp測試頁訪問

2.1 編寫Dockerfile文件

[root@offline tomcat]# cat Dockerfile 
#Tomcat Base Image
FROM centos:centos7.8.2003

MAINTAINER rickzhu "1779526363@qq.com"

ADD apache-tomcat-8.5.57.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/apache-tomcat-8.5.57 /usr/local/src/tomcat
RUN yum install java-1.8.0-openjdk -y
ADD index.jsp /usr/local/src/tomcat/webapps/ROOT/
EXPOSE 8080 8009
ADD run_tomcat.sh /
CMD ["/run_tomcat.sh"]

2.2 準備所需文件

[root@offline tomcat]# cat run_tomcat.sh 
#!/bin/bash

sh /usr/local/src/tomcat/bin/startup.sh start
tail -f /etc/hosts
[root@offline tomcat]# cat index.jsp 
  <%@ page language="java" %>
<%@ page import="java.util.*" %>
  <html>

  <head>
  <title>JSP Test Page</title>
  </head>

  <body>
     <% out.println("Welcom to access Tomcat!");%>
         </body>
  </html>
[root@offline tomcat]# ls
apache-tomcat-8.5.57.tar.gz  Dockerfile  index.jsp  run_tomcat.sh

2.3 建立鏡像

[root@offline tomcat]# docker build -t tomcat-web:app1 .
[root@offline tomcat]# docker images |grep tomcat
tomcat-web                                    app1                            ec07ca837027        3 minutes ago       506MB

2.4 測試

#建立容器
[root@offline tomcat]# docker run --name tomcat -it -d -p 8080:8080 tomcat-web:app1
1d97384560c6faced5c198d083be01be5dd09e7259acb194eb48d06c5e5d8934
[root@offline tomcat]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                              NAMES
1d97384560c6        tomcat-web:app1     "/run_tomcat.sh"    5 seconds ago       Up 4 seconds        8009/tcp, 0.0.0.0:8080->8080/tcp   tomcat

三、安裝配置harbor服務，並將打包好的鏡像提交到harbor倉庫

3.1.安裝Docker Compose

root@offline:~#curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
root@offline:~#chmod +x /usr/local/bin/docker-compose
root@offline:~#ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
root@offline:~# docker-compose --version
docker-compose version 1.18.0, build 8dd22a9

3.2下載並解壓harbor離線安裝包

root@offline:~# wget https://github.com/goharbor/harbor/releases/download/v1.10.3/harbor-offline-installer-v1.10.3.tgz
root@offline:~# cd /usr/local/src/
root@offline:/usr/local/src# tar xf harbor-offline-installer-v1.10.3.tgz
root@offline:/usr/local/src# ls
harbor  harbor-offline-installer-v1.10.3.tgz

3.3 編輯配置文件並安裝harbor

[root@offline harbor]# grep hostname harbor.yml
# The IP address or hostname to access admin UI and registry service.
hostname: 10.0.1.24
# And when it enabled the hostname will no longer used
[root@offline harbor]# ./install.sh --with-clair

3.4 驗證

瀏覽器輸入10.0.1.25，帳號admin，默認密碼Harbor12345

4.配置https的harbor

4.1 生成相關證書

#生成ca證書
[root@offline cert]# mkdir /data/cert/^C
[root@offline cert]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
......................++
.........................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@offline cert]# ls
ca.key
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \
>  -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net" \
>  -key ca.key \
>  -out ca.crt
[root@offline cert]# ls
ca.crt  ca.key
#生成服務器證書
[root@offline cert]# openssl genrsa -out harbor.nassoft.net.key 4096
Generating RSA private key, 4096 bit long modulus
.........++
................++
e is 65537 (0x10001)
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net"  -key harbor.nassoft.net.key  -out harbor.nassoft.net.crt
[root@offline cert]# ks
bash: ks: command not found...
[root@offline cert]# ls
ca.crt  ca.key  harbor.nassoft.net.crt  harbor.nassoft.net.key
#分發server證書
[root@offline cert]# mkdir /etc/docker/certs.d/harbor.nassoft.net -p
[root@offline cert]# cp harbor.nassoft.net.crt /etc/docker/certs.d/harbor.nassoft.net/

4.2 修改harbor配置

[root@offline harbor]# docker-compose down -v
Stopping harbor-jobservice ... done
Stopping nginx             ... done
Stopping harbor-core       ... done
Stopping clair             ... done
Stopping redis             ... done
Stopping registry          ... done
Stopping registryctl       ... done
Stopping harbor-portal     ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done
Removing harbor-jobservice ... done
Removing nginx             ... done
Removing harbor-core       ... done
Removing clair             ... done
Removing redis             ... done
Removing registry          ... done
Removing registryctl       ... done
Removing harbor-portal     ... done
Removing harbor-db         ... done
Removing harbor-log        ... done
Removing network harbor_harbor
Removing network harbor_harbor-clair
[root@offline harbor]# cat harbor.yml 
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.nassoft.net

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
#   # https port for harbor, default is 443
  port: 443
#   # The path of cert and key files for nginx
  certificate: /data/cert/harbor.nassoft.net.crt
  private_key: /data/cert/harbor.nassoft.net.key
[root@offline harbor]# ./prepare 
prepare base dir is set to /usr/local/src/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/clair/postgresql-init.d/README.md
Clearing the configuration file: /config/clair/postgres_env
Clearing the configuration file: /config/clair/config.yaml
Clearing the configuration file: /config/clair/clair_env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@offline harbor]# ls
common  docker-compose.yml  harbor.v1.9.4.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@offline harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating redis         ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
[root@offline harbor]#

4.3 測試

4.3.1 測試上傳鏡像

[root@offline cert]# echo 10.0.1.24 harbor.nassoft.net >> /etc/hosts
[root@offline cert]# docker login harbor.nassoft.net
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@offline cert]# docker pull busybox:latest
[root@offline cert]# docker tag busybox:latest harbor.nassoft.net/baseimages/busybox:latest
[root@offline cert]# docker push harbor.nassoft.net/baseimages/busybox:latest
The push refers to repository [harbor.nassoft.net/baseimages/busybox]
50761fe126b6: Pushed 
latest: digest: sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907 size: 527
[root@offline cert]#

4.3.2 瀏覽器測試