實戰專案-基於K8s平臺進行wordpress建站

Mugetsukun發表於2024-05-31

(240523更新到部署k8s叢集規劃檔案)

基本資訊

系統:Debian 12.05
k8s版本:1.30
環境:虛擬機器

序號 IP地址 域名 主機名
1 192.168.100.12 k8s-master.yourname.com k8s-master
2 192.168.100.15 k8s-node1.yourname.com k8s-node1
3 192.168.100.16 k8s-node2.yourname.com k8s-node2
4 192.168.100.21 k8s-register.yourname.com k8s-register

基本設定

VMware虛擬網路編輯器

image
image

ssh設定

sudo apt-get update && apt-get upgrade
sudo apt-get install vim

/etc/ssh/sshd_config

...
PermitRootLogin yes
PubkeyAuthentication no
...

master連通其他node

 for i in master node1 node2 register; do ssh-copy-id root@k8s-$i; done

映象修改國內源

阿里雲Debian系統映象

sed -i 's|deb.debian.org|mirrors.aliyun.com|g' /etc/apt/sources.list

靜態IP設定

/etc/network/interfaces
其他主機修改IP即可

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114
/etc/init.d/networking restart

主機名和域名

/etc/hostname

k8s-master

/etc/hosts

127.0.0.1       localhost
127.0.1.1       k8s01

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.100.12 k8s-master.yourname.com k8s-master
192.168.100.15 k8s-node1.yourname.com k8s-node1
192.168.100.16 k8s-node2.yourname.com k8s-node2
192.168.100.21 k8s-register.yourname.com k8s-register

用scp將hosts檔案傳輸到node

for i in node1 node2 register; do scp /etc/hosts root@k8s-$i:/etc/hosts; done

關閉swap

# 關閉當前已啟用的swap分割槽
swapoff -a

#禁用swap裝置
sed -i 's/.*swap.*/#&/' /etc/fstab

#核心禁用swap引數
cat >> /etc/sysctl.d/k8s.conf << EOF
vm.swappiness=0
EOF

核心最佳化

#配置iptables引數,允許流量透過防火牆
cat << EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF
#下載overlay和br_netfilter
sudo modprobe overlay
sudo modprobe br_netfilter

lsmod | grep overlay
lsmod | grrp br_netfilter
#載入k8s.conf
sysctl -p /etc/sysctl.d/k8s.conf

kubeadm安裝

安裝 kubeadm | Kubernetes文件

更新 apt 包索引並安裝使用 Kubernetes apt 倉庫所需要的包

sudo apt-get update
# apt-transport-https 可能是一個虛擬包(dummy package);如果是的話,你可以跳過安裝這個包
sudo apt-get install -y apt-transport-https ca-certificates curl gpg

下載用於 Kubernetes 軟體包倉庫的公共簽名金鑰(阿里雲國內源)

# 如果 `/etc/apt/keyrings` 目錄不存在,則應在 curl 命令之前建立它,請閱讀下面的註釋。
# sudo mkdir -p -m 755 /etc/apt/keyrings

curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key |     gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

新增 Kubernetes apt 倉庫(阿里雲國內源)

echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list

更新 apt 包索引,安裝 kubelet、kubeadm 和 kubectl,並鎖定其版本

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

Docker Engine安裝

Debian系統安裝Docker Engine | Docker文件

刪除舊版本Docker

for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

新增金鑰和儲存庫

# 新增Docker的官方GPG金鑰:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# 將儲存庫新增到Apt源:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

安裝Docker元件

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#檢驗時候安裝成功
sudo docker run hello-world

容器環境修改

mkdir -p /home/data/{softs,server,tools}
systemctl stop docker
cat >> /etc/docker/daemon.json << EOF
{
 "registry-mirrors":[
   "http://hub-mirror.c.163.com",
   "https://mirror.baidubce.com",
   "https://docker.mirrors.sjtug.sjtu.edu.cn"
 ],
 "insecure-registries":["k8s-register.yourname.com"],
 "exec-opts":["native.cgroupdriver=systemd"],
 "runtimes": {
    "custom": {
      "path": "/usr/local/bin/my-runc-replacement",
      "runtimeArgs": [
        "--debug"
      ]
    }
  }
}
EOF
systemctl daemon-reload
systemctl start docker

Harbor倉庫搭建

Harbor主頁

#k8s-register執行,關閉Debian系統裡的apache
systemctl stop apache2
cd /home/data/softs

wget https://github.com/goharbor/harbor/releases/download/v2.11.0-rc1/harbor-offline-installer-v2.11.0-rc1.tgz

tar -zxvf harbor-offline-installer-v2.11.0-rc1.tgz -C /home/data/server
cd /home/data/server/harbor

docker load < harbor.v2.11.0.tar.gz
docker images

cp harbor.yml.tmpl{,.bak}

images映象

REPOSITORY                      TAG       IMAGE ID       CREATED         SIZE
goharbor/harbor-exporter        v2.11.0   553bf54feb6a   3 days ago      108MB
goharbor/redis-photon           v2.11.0   f8d119d79368   3 days ago      165MB
goharbor/trivy-adapter-photon   v2.11.0   7d0463fdcf2a   3 days ago      498MB
goharbor/harbor-registryctl     v2.11.0   ec03a8c8a09e   3 days ago      162MB
goharbor/registry-photon        v2.11.0   2d8ee161f0e4   3 days ago      84.5MB
goharbor/nginx-photon           v2.11.0   1e2296f9e618   3 days ago      153MB
goharbor/harbor-log             v2.11.0   376053bebc25   3 days ago      163MB
goharbor/harbor-jobservice      v2.11.0   b64aa39a5179   3 days ago      158MB
goharbor/harbor-core            v2.11.0   36c4bd04c98e   3 days ago      185MB
goharbor/harbor-portal          v2.11.0   c076e09f295d   3 days ago      162MB
goharbor/harbor-db              v2.11.0   d10461eddcd1   3 days ago      271MB
goharbor/prepare                v2.11.0   9fb0b7c71e35   3 days ago      207MB
hello-world                     latest    d2c94e258dcb   12 months ago   13.3kB

配置harbor.yml.tmpl

hostname: k8s-register.yourname.com

http:
  port: 80

harbor_admin_password: 123456

data_volume: /data/server/harbor/data

執行harbor

mv harbor.yml.tmpl harbor.yml

./prepare
./install.sh


docker-compose ps

      Name                   Command                    State                     Ports
-------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh       Up (health: starting)
harbor-db           /docker-entrypoint.sh 14    Exit 128
                    15
harbor-jobservice   /harbor/entrypoint.sh       Restarting
harbor-log          /bin/sh -c                  Up (health: starting)   127.0.0.1:1514->10514/tcp
                    /usr/local/bin/ ...
harbor-portal       nginx -g daemon off;        Exit 128
nginx               nginx -g daemon off;        Exit 128
redis               redis-server                Exit 128
                    /etc/redis.conf
registry            /home/harbor/entrypoint.s   Exit 2
                    h
registryctl         /home/harbor/start.sh       Exit 1

啟動後遊覽器登陸IP:80,則出現Harbor管理頁面
輸入admin賬號和密碼
image

定製啟動服務檔案

# vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=https://github.com/goharbor/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose --file /home/data/server/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose --file /home/data/server/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

建立專案

建立使用者
image
建立後退出admin登陸新使用者

image
訪問級別選擇公開

# k8s-master執行

docker pull nginx
docker pull busybox

# 確保"insecure-registries"裡是你的域名
cat /etc/docker/daemon.json

#登陸新使用者,給busybox打上標籤,拉取busybox
docker login k8s-register.yourname.com -u yourname
docker tag busybox k8s-register.yourname.com/wordpress/busybox
docker push k8s-register.yourname.com/wordpress/busybox

cri-dockerd部署

cri-dockerd | github

cd /home/data/softs
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14.amd64.tgz

tar -zxvf cri-dockerd-0.3.14.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/

cri-dockerd --version
# cri-dockerd 0.3.14 (683f70f)

whereis cri-dockerd
# cri-dockerd: /usr/local/bin/cri-dockerd

定製cri-dockerd啟動服務檔案

# vim /etc/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface fo Docker Application Container Engine
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Documentation=https://docs.mirantis.com/

[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker --pod-infra-container-image=k8s-register.yourname.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yese
KillMode=process

[Install]
WantedBy=multi-user.target

定製cri-dockerd.sock啟動服務檔案

[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

啟動執行

systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl status cri-docker

傳輸啟動服務檔案到node1和node2

for i in node1 node2; do scp /usr/local/bin/cri-dockerd root@k8s-$i:/usr/local/bin/cri-dockerd; scp /usr/lib/systemd/system/cri-docker.socket root@k8s-$i:/usr/lib/systemd/system/cri-docker.socket; scp /etc/systemd/system/cri-docker.service root@k8s-$i:/etc/systemd/system/cri-docker.service; done

# node1和node2檢測是否收到
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl status cri-docker

k8s叢集部署

kubeadm version
kubeadm config images list
#阿里雲google_containers
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.1

for i in $(kubeadm config images list --kubernetes-version=1.30.1 | awk -F '/' '{print $NF}'); do docker pull registry.aliyuncs.com/google_containers/$i; docker tag registry.aliyuncs.com/google_containers/$i k8s-register.yourname.com/google_containers/$i; docker push k8s-register.yourname.com/google_containers/$i; docker rmi registry.aliyuncs.com/google_containers/$i; done

kubeadm init --kubernetes-version=1.30.1 --service-cidr="10.96.0.0/12" --pod-network-cidr="10.244.0.0/16" --apiserver-advertise-address="192.168.100.12" --ignore-preflight-errors=Swap --image-repository=k8s-register.yourname.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

mkdir /home/data/kubernetes/network/flannel -p
cd/home/data/kubernetes/network/flannel
cd /home/data/kubernetes/network/flannel
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
cp kube-flannel.yml{,.bak}
grep image kube-flannel.yml | sort | uniq | awk -F '/' '{print $NF}'

for i in $(grep image kube-flannel.yml | sort | uniq | awk -F '/' '{print $NF}'); do docker pull docker.io/flannel/$i; docker tag docker.io/flannel/$i k8s-register.yourname.com/google_containers/$i; docker push k8s-register.yourname.com/google_containers/$i; docker rmi docker.io/flannel/$i; done

sed -i 's#docker.io/flannel#k8s-register.yourname.com/google_containers#g' kube-flannel.yml

kubectl apply -f kube-flannel.yml

kubectl get node

補全命令配置

vim /root/.bashrc
···
source <(kubectl completion bash)
source <(kubeadm completion bash)
···

構建映象並在k8s部署

  • 新增lnmp的容器網段
  • Wordpress安裝在宿主機
  • php、Mysql、Nginx裝在容器內
  • 安裝ingress
    • 建立HTTP證書
  • k8s部署wordpress
    • 指定mysql的Namespace
    • 指定mysql服務於埠號
    • 配置mysql的Pod資訊與映象來源
    • 指定wordpress的Namespace
    • 指定wordpress的協議埠與代理埠
    • 配置wordpress的Pod資訊與映象來源
    • 部署證書
  • 映象推送Harbor

Docker網段

docker network create lnmp
docker network ls
#找到NAME為lnmp的網路卡id
ifconfig
#找到網路卡ID相同的IP地址
172.19.0.1

Wordpress部分

cd /home/data/server
wget https://cn.wordpress.org/wordpress-6.5.3-zh_CN.tar.gz
tar -xf wordpress-6.5.3-zh_CN.tar.gz

/nginx/wordpress/wp-config.php
/php/wordpress/wp-config.php

/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );

/** MySQL database username */
define( 'DB_USER', 'wp' );

/** MySQL database password */
define( 'DB_PASSWORD', 'yourpasswd' );

/** MySQL hostname */
define( 'DB_HOST', 'mysql.mysql.svc.cluster.local' );


* @link https://wordpress.org/support/article/debugging-in-wordpress/
define( 'WP_DEBUG', true );

php部分

Dockerfile

# apt-cache depends php 透過apt-cahce查出php需要什麼依賴包

# phpinfo給出加裝什麼支援的模組

--prefix # 指定安裝目錄
--with-config-file-scan-dir # 指定php配置檔案目錄

# 支援mysql的模組
--with-pdo-mysql
--with-mysqli

# 加密擴充套件的模組
--with-mhash
--with-openssl

# 國際化與字元編碼支援
--with-iconv
--with-gettext

# 壓縮與歸檔擴充套件
--with-zlib

# URL互動
--with-curl
--enable-xml
--with-xmlrpc
--enable-sockets
--enable-ftp

# 不包含PEAR庫
--without-pear

# 不包含GDBM庫
--without-gdbm

# 禁用除錯模式
--disable-debug

# 禁用執行時路徑
--disable-rpath

# 禁用檔案型別檢測
--disable-fileinfo

# 啟用內聯最佳化
--enable-inline-optimization

# 啟用共享庫的支援
--enable-shared

# 啟用bcmath擴充套件
--enable-bcmath

# 允許PHP訪問共享記憶體段,訪問System V訊號量和共享記憶體
--enable-shmop
--enable-sysvsem
--enable-sysvshm

# 啟用多位元組正規表示式支援
--enable-mbregex

# 啟用程序控制功能
--enable-pcntl

# 啟用SOAP協議
--enable-soap

# 啟用會話支援
--enable-session

# 啟用OPcache擴充套件,用於加速PHP指令碼的執行
--enable-opcache

# 啟用PHP-FPM
--enable-fpm

# 快速安裝
--enable-fast-install
FROM Debian:12.5.0
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN echo 'Asia/Shanghai' >/etc/timezone
RUN apt-get update && apt-get install wget \
 && wget https://www.php.net/distributions/php-8.3.7.tar.gz
RUN apt-get install -y install gcc \
gcc-c++ \
make \
libxml2-devel \
openssl-devel \
curl-devel \
libjpeg-devel \
libpng-devel \
libicu-devel \
sqlite-devel \
freetype-devel \
openldap-devel \
openldap \
openldap-devel \
libzip-devel

RUN tar -zxvf php-8.3.7.tar.gz
WORKDIR /php-8.3.7
RUN ./configure \
    --prefix=/usr/local/php \
    --with-config-file-scan-dir=/usr/local/php/etc/ \
    --with-mhash --with-pdo-mysql \
    --with-openssl --with-mysqli \
    --with-iconv --with-zlib \
    --enable-inline-optimization \
    --disable-debug --disable-rpath \
    --enable-shared --enable-xml \
    --enable-bcmath --enable-shmop \
    --enable-sysvsem --enable-sysvshm --enable-mbregex \
    --enable-ftp \
    --enable-pcntl --enable-sockets \
    --with-xmlrpc --enable-soap \
    --without-pear --with-gettext \
    --enable-session --with-curl \
    --enable-opcache --enable-fpm \
    --without-gdbm --enable-fast-install \
    --disable-fileinfo

RUN make && make install
RUN groupadd www -g 666 && \
useradd www -u /sbin/nologin -M
ADD /home/data/server/php/www.conf /usr/local/php/etc/php-fpm.d/
ADD /home/data/server/php/php.ini /usr/local/php/etc/
ADD /home/data/server/php/php-fpm.conf /usr/local/php/etc/
EXPOSE 9000
CMD ["/usr/local/php/sbin/php-fpm","-F"]
EOF

php.ini

php.ini-production | github php.ini檔案選項詳解

[PHP]
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
zend.enable_gc = On
zend.exception_ignore_args = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
xmlrpc_errors = 0
xmlrpc_error_number = 0
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 200M
default_mimetype = "text/html"
default_charset = "UTF-8"
enable_dl = Off
file_uploads = On
upload_max_filesize = 200M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
extension=curl
extension=ftp
extension=gettext
extension=mysqli
extension=odbc
extension=openssl
extension=pdo_mysql
extension=pdo_odbc
extension=shmop
extension=soap
extension=sockets
zend_extension=opcache
[CLI Server]
cli_server.color = On
[iconv]
[Pdo]
pdo_odbc.connection_pooling=strict
[Pdo_mysql]
pdo_mysql.default_socket=
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[ffi]
ffi.enable=true

www.conf

[www]
user = www
group = www
listen = 9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
request_terminate_timeout = 1

php-fpm.conf

[global]
daemonize = no
include=/usr/local/php/etc/php-fpm.d/*.conf

Nginx部分

Dockerfile

FROM nginx
RUN groupadd www -g 666 && \
    useradd www -u 666 -g 666 -s /sbin/nologin -M
ADD /home/data/server/nginx/yourname.wp.com.conf /etc/nginx/conf.d/
ADD /home/data/server/nginx/nginx.conf /etc/nginx/
RUN mkdir /server/wordpress/ -p
RUN rm -rf /etc/nginx/conf.d/default.conf
EXPOSE 80
WORKDIR /root
CMD ["nginx","-g","daemon off;"]

Nginx.conf

user  www;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/conf.d/*.conf;
}

yourname.wp.com.conf

server {
    listen 80;
    server_name yourname.wp.com;
    charset utf-8
    location / {
        root /server/wordpress;
        index index.html index.php;
    }
    
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /server/wordpress;
    }

    location ~* \.php$ {
        root /server/wordpress;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /server/wordpress/$fastcgi_script_name;
        include fastcgi_params;
    }
}

Mysql部分

Dockerfile

FROM mysql:8.4.0

ENV MYSQL_ALLOW_EMPTY_PASSWORD yes

ADD /home/data/server/mysql/setup.sh /mysql/setup.sh
ADD /home/data/server/mysql/schema.sql /mysql/schema.sql
ADD /home/data/server/mysql/privileges.sql /mysql/privileges.sql


CMD ["sh", "/mysql/setup.sh"]

privileges.sql

use mysql;
grant all on wordpress.* to wp@'10.244.%.%' identified by 'yourpasswd';
grant all on wordpress.* to wp@'172.19.0.%' identified by 'yourpasswd';
SET PASSWORD=PASSWORD('yourpasswd');
flush privileges;

schema.sql

CREATE DATABASE wordpress;

setup.sh

set -e

echo `systemctl status mysql`
 
echo '1.Start mysql'
systemctl start mysql
sleep 3
echo `systemctl status mysql`
 
echo '2.Import data'

mysql < /mysql/schema.sql
echo '3.Import completed'
 
sleep 3
echo `systemctl status mysql`
 

echo '4.Change password'
mysql < /mysql/privileges.sql
echo '5.Change password completed'
 

echo `systemctl status mysql`
echo `Complete the all`
 
tail -f /dev/null

相關文章