前言 nuoyis’s lnmp 作为从原nuoyis’s lnmp-np和mariadb配合使用的容器转变为全编译构建融合的容器,并在此做出了巨大优化和独特的服务方面。此项目为开源项目,但没有上传配置文件,故在文章补足或后续添加。
开源地址: https://github.com/nuoyis/lnmp
改进方案如下: 构建时由原来shell脚本决定版本号融合到容器中变为整体,可以交付各个构建平台只需读取dockerfile
从lnmp-np开始,就已经将php引用转变为仅需include 即可切换最新版和兼容版。
从lnmp 0.0.2版本开始,逐步优化编写conf文件困难,不但每次启动自动写入nginx.conf.full.template 和nginx.conf.succinct.template, 头部需要ssl配置的均有内置include方案,仅需如下面编写
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 server { # 引入头部文件(必须配置ssl,否则使用full版本) include head.conf; server_name www.nuoyis.net; # SSL 配置 ssl_certificate /web/nginx/ssl/nuoyis.net.pem; ssl_certificate_key /web/nginx/ssl/nuoyis.net.key; ssl_trusted_certificate /web/nginx/ssl/nuoyis.net.pem; root /web/nginx/webside/aboutme; index index.html; # http跳转https if ($scheme = http) { return 301 https://$host$request_uri; } # 错误页面配置 error_page 404 /404.html; error_page 500 502 503 504 /50x.html; # php引入方式 # 最新模式(php8+) include start-php-latest.conf; # 兼容模式(php7.4) include start-php-stable.conf; # 伪静态 location / { try_files $uri $uri/ /index.php?$args; } # 禁止访问目录等 location ~ /\. { deny all; return 404; } # 日志系统 access_log /web/logs/nginx/template.log; error_log /web/logs/nginx/template.log; }
nuoyis-lnmp 在未检测到mariadb/init(自己创建的,对应目录目录下的/docker-entrypoint-initdb.d)/lockfiles下两个文件时,将会自动初始化并导入init 目录里所有的sql文件(建议首先创建个init.sql),init.sql参考
1 2 3 4 5 GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; CREATE USER 'nuoyis'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nuoyis.* TO 'nuoyis'@'%'; #上面两行复制给你需要的账号,不会写丢给AI FLUSH PRIVILEGES;
但是需要除init.sql外所有sql在首行引入以下内容
1 2 CREATE DATABASE IF NOT EXISTS 数据库名; USE 数据库名;
抛弃arm32架构编译,因为在实际测试中,arm64启动数据库都有些吃力,arm32编译又多次报错就从0.0.2版本开始抛弃
支持nginx http3,nginx php latest采用lts版本openssl编译
使用方法(发布前已经在服务器上经过验证): docker-compose 启动文件 lnmp系列 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 services: nuoyis-lnmp: container_name: nuoyis-lnmp image: nuoyis1024/nuoyis-lnmp:latest networks: nuoyis-net: aliases: - nuoyis-lnmp ports: - 80:80 - 443:443 - 443:443/udp - 3306:3306 volumes: # nginx 配置文件 - /nuoyis-server/web/nginx/conf:/nuoyis-web/nginx/conf # nginx 网站目录 - /nuoyis-server/web/nginx/webside:/nuoyis-web/nginx/webside # nginx ssl - /nuoyis-server/web/nginx/ssl:/nuoyis-web/nginx/ssl # Log 目录 - /var/log:/nuoyis-web/logs # mariadb 数据与配置 - /nuoyis-server/web/mariadb/init:/docker-entrypoint-initdb.d # MariaDB 数据目录 - /nuoyis-server/web/mariadb/server:/nuoyis-web/mariadb/data # MariaDB 导入目录(自动导入) - /nuoyis-server/web/mariadb/import:/nuoyis-web/mariadb/import # MariaDB 配置 - /nuoyis-server/web/mariadb/config:/nuoyis-web/mariadb/config environment: TIME_ZONE: Asia/Shanghai MYSQL_ROOT_PASSWORD: "" healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s retries: 3 start_period: 10s timeout: 10s user: "${SUID}:${SGID}" restart: always networks: nuoyis-lnmp-net: name: nuoyis-lnmp-net driver: bridge ipam: driver: default config: - subnet: 192.168.223.0/24 gateway: 192.168.223.1
docker-compose 启动文件 新lnmp-np和mariadb系列 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 services: lnmp-np: container_name: lnmp-np image: registry.cn-hangzhou.aliyuncs.com/nuoyis/lnmp-np:latest networks: nuoyis-lnmp-net: aliases: - lnmp-np ports: - 80:80 - 443:443 - 443:443/udp volumes: # nginx 配置文件 - /nuoyis-server/web/nginx/conf:/web/nginx/conf # nginx 网站目录 - /nuoyis-server/web/nginx/webside:/web/nginx/webside # nginx ssl - /nuoyis-server/web/nginx/ssl:/web/nginx/ssl # Log 目录 - /var/log/web:/web/logs environment: TIME_ZONE: Asia/Shanghai healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s retries: 3 start_period: 10s timeout: 10s user: "${SUID}:${SGID}" restart: always lnmp-mariadb: container_name: lnmp-mariadb image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/mariadb:latest networks: nuoyis-lnmp-net: aliases: - lnmp-mariadb environment: TIME_ZONE: Asia/Shanghai MYSQL_ROOT_PASSWORD: "epLpvLcSj9c0U2Vi" volumes: - /web/mariadb/init/init.sql:/docker-entrypoint-initdb.d/init.sql - /web/mariadb/server:/var/lib/mysql - /web/mariadb/import:/nuoyis-web/mariadb/import - /web/mariadb/config/my.cnf:/etc/mysql/my.cnf ports: - 3306:3306 shm_size: '1g' healthcheck: test: ["CMD", "sh", "-c", "mariadb -u root -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1 FROM information_schema.tables LIMIT 1;'"] interval: 30s retries: 3 start_period: 10s timeout: 10s restart: always networks: nuoyis-lnmp-net: name: nuoyis-lnmp-net driver: bridge ipam: driver: default config: - subnet: 192.168.223.0/24 gateway: 192.168.223.1
kubernetes yaml启动文件 lnmp系列 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 apiVersion: v1 kind: Namespace metadata: name: nuoyis-lnmp --- # ===================== Deployment: nuoyis-lnmp ===================== apiVersion: apps/v1 kind: Deployment metadata: name: nuoyis-lnmp namespace: default spec: replicas: 1 selector: matchLabels: app: nuoyis-lnmp template: metadata: labels: app: nuoyis-lnmp spec: nodeSelector: kubernetes.io/hostname: 你的node节点位置 securityContext: runAsUser: 0 runAsGroup: 0 containers: - name: nuoyis-lnmp-np image: registry.cn-hangzhou.aliyuncs.com/nuoyis/nuoyis-lnmp:latest env: - name: MYSQL_ROOT_PASSWORD value: "" ports: - name: http containerPort: 80 - name: https containerPort: 443 - name: mariadb containerPort: 3306 volumeMounts: - name: nginx-conf mountPath: /nuoyis-web/nginx/conf - name: nginx-webside mountPath: /nuoyis-web/nginx/webside - name: nginx-ssl mountPath: /nuoyis-web/nginx/ssl - name: logs mountPath: /nuoyis-web/logs - name: mariadb-init mountPath: /docker-entrypoint-initdb.d - name: mariadb-data mountPath: /nuoyis-web/mariadb/data - name: mariadb-config mountPath: /nuoyis-web/config - name: shm mountPath: /dev/shm livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 10 periodSeconds: 30 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 10 periodSeconds: 30 volumes: - name: nginx-conf hostPath: path: /nuoyis-server/web/nginx/conf - name: nginx-webside hostPath: path: /nuoyis-server/web/nginx/webside - name: nginx-ssl hostPath: path: /nuoyis-server/web/nginx/ssl - name: logs hostPath: path: /nuoyis-server/logs/nginx - name: mariadb-init hostPath: path: /nuoyis-server/web/mariadb/init - name: mariadb-data hostPath: path: /nuoyis-server/web/mariadb/server - name: mariadb-config hostPath: path: /nuoyis-server/web/mariadb/config - name: shm emptyDir: medium: Memory sizeLimit: 1Gi --- apiVersion: v1 kind: Service metadata: name: nuoyis-lnmp-svc namespace: default spec: type: NodePort selector: app: nuoyis-lnmp ports: - name: http port: 80 targetPort: 80 nodePort: 80 protocol: TCP - name: https-tcp port: 443 targetPort: 443 nodePort: 443 protocol: TCP - name: https-udp port: 443 targetPort: 443 nodePort: 443 protocol: UDP - name: mariadb port: 3306 targetPort: 3306 nodePort: 3306 protocol: TCP
kubernetes yaml启动文件 lnmp-np和mariadb系列 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 # ===================== Deployment: lnmp-np ===================== apiVersion: apps/v1 kind: Deployment metadata: name: lnmp-np namespace: default spec: selector: matchLabels: app: lnmp-np template: metadata: labels: app: lnmp-np spec: nodeSelector: kubernetes.io/hostname: nuoyis securityContext: runAsUser: 0 runAsGroup: 0 containers: - name: nuoyis-lnmp-np image: registry.cn-hangzhou.aliyuncs.com/nuoyis/lnmp-np:latest ports: - name: http containerPort: 80 - name: https containerPort: 443 volumeMounts: - name: nginx-conf mountPath: /web/nginx/conf - name: nginx-webside mountPath: /web/nginx/webside - name: nginx-ssl mountPath: /web/nginx/ssl - name: logs mountPath: /web/logs - name: shm mountPath: /dev/shm startupProbe: exec: command: - /bin/bash - -c - /web/healthcheck.sh failureThreshold: 30 periodSeconds: 10 livenessProbe: exec: command: - /bin/bash - -c - /web/healthcheck.sh initialDelaySeconds: 5 failureThreshold: 5 periodSeconds: 8 readinessProbe: exec: command: - /bin/bash - -c - /web/healthcheck.sh initialDelaySeconds: 5 failureThreshold: 3 periodSeconds: 8 volumes: - name: nginx-conf hostPath: path: /web/nginx/conf - name: nginx-webside hostPath: path: /web/nginx/webside - name: nginx-ssl hostPath: path: /web/nginx/ssl - name: logs hostPath: path: /var/log/web - name: shm emptyDir: medium: Memory sizeLimit: 1Gi --- apiVersion: v1 kind: Service metadata: name: lnmp-np-svc namespace: default spec: type: NodePort selector: app: lnmp-np ports: - name: http port: 80 targetPort: 80 nodePort: 80 protocol: TCP - name: https-tcp port: 443 targetPort: 443 nodePort: 443 protocol: TCP - name: https-udp port: 443 targetPort: 443 nodePort: 443 protocol: UDP --- # ===================== Deployment: lnmp-mariadb ===================== apiVersion: apps/v1 kind: Deployment metadata: name: mariadb labels: app: mariadb spec: replicas: 1 selector: matchLabels: app: mariadb template: metadata: labels: app: mariadb spec: containers: - name: mariadb image: mariadb:latest env: - name: MYSQL_ROOT_PASSWORD value: 密码 ports: - containerPort: 3306 volumeMounts: - name: mariadb-data mountPath: /var/lib/mysql - name: mariadb-init mountPath: /docker-entrypoint-initdb.d volumes: - name: mariadb-data hostPath: path: /web/mariadb/server - name: mariadb-init hostPath: path: /web/mariadb/init --- apiVersion: v1 kind: Service metadata: name: mariadb spec: type: NodePort ports: - port: 3306 targetPort: 3306 nodePort: 30036 selector: app: mariadb
nginx http3 配置小提示 nginx http3 采用udp作为底层传输,目的就是减少握手次数,加快访问速度。但是只要有一点配置错误,基本上就无法使用http3。在上面,我已经将udp从软件方面写好放行了,腾讯云/阿里云等云厂商服务器则需要额外放行,还有你的系统防火墙
腾讯云/阿里云等云厂商服务器放行,就是去安全组添加个udp的443端口,如下图所示
