标签：tomcat harbor config 企业级 nginx offline php root

1、使用dockerfile制作nginx+php-fpm镜像，实现lnmp。

1.1 制作基础镜像

[root@offline base]# cat Dockerfile 
FROM centos:centos7.8.2003

MAINTAINER RICKZHU
RUN yum install wget -y \
    && rm -rf /etc/yum.repos.d/*.repo \
    && wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
    && wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel ntpdata crontabs
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@offline base]# docker build -t centos:base .
[root@offline base]# docker images |grep centos
centos                                        base                            dbddb0186fa6        4 minutes ago        542MB

1.2 制作nginx+php-fpm镜像

[root@offline nginx-php]# cat Dockerfile 
FROM centos:base
MAINTAINER Rickzhu
RUN yum install nginx -y && mkdir -p /data/php
ADD lnmp.conf /etc/nginx/conf.d/
ADD index.php /data/php
ADD abc.html /data/php
RUN yum install php php-mysql php-fpm -y
EXPOSE 80 9000
CMD /usr/sbin/php-fpm -D && nginx -g "daemon off;"
[root@offline nginx-php]# ls
abc.html  Dockerfile  index.php  lnmp.conf  nginx.conf
[root@offline nginx-php]# cat abc.html 
<h1>Hello Docker nginx-php</h1>
[root@offline nginx-php]# cat index.php 
<?php phpinfo() ?>
[root@offline nginx-php]# cat lnmp.conf 
server {
        listen       80;
        server_name  10.0.1.24;
        root /data/php;
        index index.html index.php;
        location ~* \.php$ {
                root /data/php;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}
[root@offline nginx-php]# docker build -t nginx-php:v1 .
[root@offline nginx-php]# docker images |grep nginx-php
nginx-php                                     v1                              b35cdbd20e76        3 minutes ago       669MB

1.4 启动nginx-php容器

[root@offline nginx-php]# docker run --name nginx-php -d -p 80:80 nginx-php:v1
[root@offline nginx-php]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                          NAMES
1531116fc0a0        nginx-php:v1        "/bin/sh -c '/usr/sb…"   7 seconds ago       Up 6 seconds        0.0.0.0:80->80/tcp, 9000/tcp   nginx-php

1.5 测试

2、使用dockerfile制作tomcat镜像，并实现对jsp测试页访问

2.1 编写Dockerfile文件

[root@offline tomcat]# cat Dockerfile 
#Tomcat Base Image
FROM centos:centos7.8.2003

MAINTAINER rickzhu "1779526363@qq.com"

ADD apache-tomcat-8.5.57.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/apache-tomcat-8.5.57 /usr/local/src/tomcat
RUN yum install java-1.8.0-openjdk -y
ADD index.jsp /usr/local/src/tomcat/webapps/ROOT/
EXPOSE 8080 8009
ADD run_tomcat.sh /
CMD ["/run_tomcat.sh"]

2.2 准备所需文件

[root@offline tomcat]# cat run_tomcat.sh 
#!/bin/bash

sh /usr/local/src/tomcat/bin/startup.sh start
tail -f /etc/hosts
[root@offline tomcat]# cat index.jsp 
  <%@ page language="java" %>
<%@ page import="java.util.*" %>
  <html>

  <head>
  <title>JSP Test Page</title>
  </head>

  <body>
     <% out.println("Welcom to access Tomcat!");%>
         </body>
  </html>
[root@offline tomcat]# ls
apache-tomcat-8.5.57.tar.gz  Dockerfile  index.jsp  run_tomcat.sh

2.3 创建镜像

[root@offline tomcat]# docker build -t tomcat-web:app1 .
[root@offline tomcat]# docker images |grep tomcat
tomcat-web                                    app1                            ec07ca837027        3 minutes ago       506MB

2.4 测试

#创建容器
[root@offline tomcat]# docker run --name tomcat -it -d -p 8080:8080 tomcat-web:app1
1d97384560c6faced5c198d083be01be5dd09e7259acb194eb48d06c5e5d8934
[root@offline tomcat]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                              NAMES
1d97384560c6        tomcat-web:app1     "/run_tomcat.sh"    5 seconds ago       Up 4 seconds        8009/tcp, 0.0.0.0:8080->8080/tcp   tomcat

3、安装配置harbor服务，并将打包好的镜像提交到harbor仓库

3.1.安装Docker Compose

root@offline:~#curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
root@offline:~#chmod +x /usr/local/bin/docker-compose
root@offline:~#ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
root@offline:~# docker-compose --version
docker-compose version 1.18.0, build 8dd22a9

3.2下载并解压harbor离线安装包

root@offline:~# wget https://github.com/goharbor/harbor/releases/download/v1.10.3/harbor-offline-installer-v1.10.3.tgz
root@offline:~# cd /usr/local/src/
root@offline:/usr/local/src# tar xf harbor-offline-installer-v1.10.3.tgz
root@offline:/usr/local/src# ls
harbor  harbor-offline-installer-v1.10.3.tgz

3.3 编辑配置文件并安装harbor

[root@offline harbor]# grep hostname harbor.yml
# The IP address or hostname to access admin UI and registry service.
hostname: 10.0.1.24
# And when it enabled the hostname will no longer used
[root@offline harbor]# ./install.sh --with-clair

3.4 验证

浏览器输入10.0.1.25，账号admin，默认密码Harbor12345

4.配置https的harbor

4.1 生成相关证书

#生成ca证书
[root@offline cert]# mkdir /data/cert/^C
[root@offline cert]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
......................++
.........................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@offline cert]# ls
ca.key
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \
>  -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net" \
>  -key ca.key \
>  -out ca.crt
[root@offline cert]# ls
ca.crt  ca.key
#生成服务器证书
[root@offline cert]# openssl genrsa -out harbor.nassoft.net.key 4096
Generating RSA private key, 4096 bit long modulus
.........++
................++
e is 65537 (0x10001)
[root@offline cert]# openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=example/OU=Personal/CN=harbor.nassoft.net"  -key harbor.nassoft.net.key  -out harbor.nassoft.net.crt
[root@offline cert]# ks
bash: ks: command not found...
[root@offline cert]# ls
ca.crt  ca.key  harbor.nassoft.net.crt  harbor.nassoft.net.key
#分发server证书
[root@offline cert]# mkdir /etc/docker/certs.d/harbor.nassoft.net -p
[root@offline cert]# cp harbor.nassoft.net.crt /etc/docker/certs.d/harbor.nassoft.net/

4.2 修改harbor配置

[root@offline harbor]# docker-compose down -v
Stopping harbor-jobservice ... done
Stopping nginx             ... done
Stopping harbor-core       ... done
Stopping clair             ... done
Stopping redis             ... done
Stopping registry          ... done
Stopping registryctl       ... done
Stopping harbor-portal     ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done
Removing harbor-jobservice ... done
Removing nginx             ... done
Removing harbor-core       ... done
Removing clair             ... done
Removing redis             ... done
Removing registry          ... done
Removing registryctl       ... done
Removing harbor-portal     ... done
Removing harbor-db         ... done
Removing harbor-log        ... done
Removing network harbor_harbor
Removing network harbor_harbor-clair
[root@offline harbor]# cat harbor.yml 
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.nassoft.net

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
#   # https port for harbor, default is 443
  port: 443
#   # The path of cert and key files for nginx
  certificate: /data/cert/harbor.nassoft.net.crt
  private_key: /data/cert/harbor.nassoft.net.key
[root@offline harbor]# ./prepare 
prepare base dir is set to /usr/local/src/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/clair/postgresql-init.d/README.md
Clearing the configuration file: /config/clair/postgres_env
Clearing the configuration file: /config/clair/config.yaml
Clearing the configuration file: /config/clair/clair_env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@offline harbor]# ls
common  docker-compose.yml  harbor.v1.9.4.tar.gz  harbor.yml  install.sh  LICENSE  prepare
[root@offline harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating redis         ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
[root@offline harbor]# 

4.3 测试

4.3.1 测试上传镜像

[root@offline cert]# echo 10.0.1.24 harbor.nassoft.net >> /etc/hosts
[root@offline cert]# docker login harbor.nassoft.net
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@offline cert]# docker pull busybox:latest
[root@offline cert]# docker tag busybox:latest harbor.nassoft.net/baseimages/busybox:latest
[root@offline cert]# docker push harbor.nassoft.net/baseimages/busybox:latest
The push refers to repository [harbor.nassoft.net/baseimages/busybox]
50761fe126b6: Pushed 
latest: digest: sha256:2131f09e4044327fd101ca1fd4043e6f3ad921ae7ee901e9142e6e36b354a907 size: 527
[root@offline cert]# 

4.3.2 浏览器测试

标签：tomcat,harbor,config,企业级,nginx,offline,php,root
来源： https://blog.51cto.com/rickzhu/2535634

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。