一、搭建私有仓库
- 支持 HTTPS
- 支持账号登录
首先安装Docker (CentOS7)
# 卸载旧版本
$ yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
$ yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
$ yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
$ yum install docker-ce docker-ce-cli containerd.io
# 启动服务
$ systemctl start docker
# 设置开机自启动
$ systemctl enable docker
安装 docker-compose
$ curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
$ docker-compose --version
- 创建映射目录
$ mkdir -p /docker/registry
$ cd /docker/registry
- 拷入域名证书
可以去申请免费HTTPS证书 Let's Encrypt
$ mkdir /docker/registry/certs
$ cp mydomain.key mydomain.pem /docker/registry/certs
- 创建仓库账号
修改指令中的用户名testuser和密码testpassword
$ mkdir /docker/registry/auth
$ docker run \
--entrypoint htpasswd \
registry:2 -Bbn testuser testpassword > /docker/registry/auth/htpasswd
- 启动容器
- 配置
docker-compose.yml
registry:
restart: always
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/mydomain.pem
REGISTRY_HTTP_TLS_KEY: /certs/mydomain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /docker/registry/data:/var/lib/registry
- /docker/registry/certs:/certs
- /docker/registry/auth:/auth
- 启动
$ docker-compose up -d
二、本地推送版本
- 编译译成 Linux 可执行文件
$ CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo .
- 配置 Dockerfile
FROM scratch
ENV APPHOME /app
WORKDIR $APPHOME
COPY demo-api data.json upload.json $APPHOME/
EXPOSE 7770
CMD ["./demo-api", "/data/config.json"]
- 编译成镜像
$ docker build -t demo-api .
- 推送镜像到远程
$ docker login mydomain.com:5000
$ docker tag demo-api mydomain.com:5000/demo-api
$ docker push mydomain.com:5000/demo-api
- 打包前端
前端是 Vue cli 3 创建的的工程,这里用 nginx 打包成服务镜像
- 创建 nginx.conf 文件
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://demo-api:7770;
}
}
- 创建 Dockerfile 文件 (使用了精简的*-alpine版本)
FROM nginx:1.15.9-alpine
COPY dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
- 编译过程同
demo-api
三、远程部署版本
- 拉取镜像
$ docker login mydomain.com:5000
$ docker pull mydomain.com:5000/demo-api
$ docker pull mydomain.com:5000/demo-html
- 创建数据挂载目录
$ mkdir -p /docker/demo
$ cd /docker/demo
- 创建项目配置文件
$ vim demo-api/config.json
- 配置
docker-compose.yml
- redis容器务必配置
--appendonly yes否则数据不会落到挂载目录上,重建容器数据会丢失
version: "3"
services:
demo-html:
image: mydomain.com:5000/demo-html
ports:
- "8070:80"
volumes:
- ./demo-html/nginx.conf:/etc/nginx/conf.d/default.conf
environment:
- VIRTUAL_HOST=ticket.mydomain.com
networks:
- demo
demo-api:
image: mydomain.com:5000/demo-api
restart: always
ports:
- "7770:7770"
volumes:
- ./demo-api:/data
environment:
- VIRTUAL_HOST=ticket-api.mydomain.com
depends_on:
- mariadb
- redis
networks:
- demo
command: ./demo-api /data/config.json
mariadb:
image: mariadb:10.3
restart: always
volumes:
- ./mysql:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: demo
MYSQL_USER: demo
MYSQL_PASSWORD: demo
networks:
demo:
aliases:
- mariadb
command: mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
redis:
image: redis:5.0
restart: always
volumes:
- ./redis:/data
networks:
demo:
aliases:
- redis
command: redis-server --appendonly yes --requirepass release
networks: demo:
注意:docker容器默认是UTC时间,如果需要指定为与主机一致,可以通过额外挂载时间配置文件来实现
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- 启动组合
$ docker-compose up -d
- 宿主机器配置 Nginx 域名反向代理
# 已省略SSL配置部分
# 前端HTML
server {
listen 443 ssl;
server_name ticket.mydomain.com;
location / {
proxy_pass http://127.0.0.1:8070;
}
}
# 后端API
server {
listen 443 ssl;
server_name ticket-api.mydomain.com;
location / {
proxy_pass http://127.0.0.1:7770;
}
allow all;
}
四、后续更新
- 本地打新版本
$ CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo .
$ docker build -t demo-api .
$ docker tag demo-api mydomain.com:5000/demo-api
$ docker push mydomain.com:5000/demo-api
- 远程拉取并更新(差量)
$ docker login mydomain.com:5000
$ docker-compose pull
$ docker-compose up -d
- 项目中创建
Makefile,集成命令简化操作
all: image tag
# 生成镜像
image:
# 1. 编译成Linux可执行文件
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo .
# 2. 删除Docker悬挂的镜像
docker image prune -f
# 3. 编译Docker镜像
docker build -t demo-api .
# 4. 删除可执行文件
rm demo-api
# 发版并推送
tag:
# 1. 登录到私有仓库
docker login -u=ma --password-stdin < ./Password mydomain.com:5000
# 2. 发版
docker tag demo-api:latest mydomain.com:5000/demo-api
# 3. 推送到远程仓库
docker push mydomain.com:5000/demo-api:latest
$ make image
$ make tag
$ make