nginx with let’s encrypt ssl , php-fpm , tomcat , mariadb environment

nginx 啟動時會自動安裝let’s encrypt ssl ,nginx與tomcat及php-fpm間使用proxy_pass,大概如下:

server {
    # Listen to port 443 on both IPv4 and IPv6.
    listen 443 ssl default_server reuseport;
    listen [::]:443 ssl default_server reuseport;

    # Domain names this server should respond to.
    server_name a.yslifes.com;

    root /var/www/html;
    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/a.yslifes.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/a.yslifes.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/a.yslifes.com/chain.pem;

    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

    #return 200 'Let\'s Encrypt certificate successfully installed!';
    #add_header Content-Type text/plain;


    gzip on;
    gzip_types text/plain application/xml application/json;
    gzip_comp_level 9;
    gzip_min_length 1000;


    #brotli on;
 
    # 預設為 6, 0 ~ 11; 值愈大壓縮率愈高,使用的 CPU 愈多~
    #brotli_comp_level 6;
    #brotli_static on;
 
    # 壓縮對像
    #brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
 



    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    #location / {
    #        proxy_pass http://api/;
    #}


        # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;


#    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
#            try_files $uri $uri/ =404;
#    }
    location / {
        proxy_pass http://tomcat10:8080/;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Forwarded $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }
#    location ~ [^/]\.php(/|$) {
#       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#       if (!-f $document_root$fastcgi_script_name) {
#           return 404;
#       }

       # Mitigate https://httpoxy.org/ vulnerabilities
#       fastcgi_param HTTP_PROXY "";
   
#       fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
#       fastcgi_param PATH_INFO        $fastcgi_path_info;

#       fastcgi_pass phpfpm7.4:9000;
#       fastcgi_index index.php; 

       # include the fastcgi_param setting
#       include fastcgi_params;

       # SCRIPT_FILENAME parameter is used for PHP FPM determining
       #  the script name. If it is not set in fastcgi_params file,
       # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
       # please comment off following line:
       # fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
#    }
}

docker-compose.yml檔如下:

Read More

建立maven及docker private repositories

使用docker images sonatype/nexus3來快速建立環境,nexus3是opensource,可自行編譯使用。不過有部份外掛套件是需要付費使用的,像是Azure Blob Storage,此時可以選擇付費使用Nexus3 pro版本。

建立docker-compose.yml (記得建立一個nexus-data目錄來存放blob資料)

version: "3.5"

services:
  mariadb:
    container_name: nexus3
    image: sonatype/nexus3
    environment:
      TZ: Asia/Taipei
    ports:
      - "127.0.0.1:8081:8081"
    volumes:
      - ./nexus-data:/nexus-data
    restart: unless-stopped
    logging:
      options:
        max-size: 512M
#    deploy:
#      resources:
#        limits:
          #cpus: '0.50'
#          memory: 1024M

啟動docker

sudo docker-compose up -d 

設定virtualhost來對應Nexus3服務

<VirtualHost *:80> 
        ServerName nexus3.yourdomain 
        ProxyRequests off 
        ProxyPreserveHost On 
        ProxyPass "/" "http://127.0.0.1:8081/" 
        ProxyPassReverse "/" "http://127.0.0.1:8081/" 
</VirtualHost> 

取得admin預設密碼,來登入設定

nano nexus-data/admin.password

新增repository

選擇新增一個maven host及docker host

Read More

如何在 Rocky Linux 8 上安裝 Docker 和 Docker-Compose

眾所周知,Docker容器是IT世界中技術需求量很大。在 Docker Container協助下,開發人員和基礎設施管理員可以打包他們的應用程式及其依賴項目,並可以在一個computer將其deploy,換到另一個computer中一樣可行。

以下將介紹如何逐步在Rocky Linux 8(AlamLinux)上安裝Docker和Docker Compose。

Step 1 安裝所需套件及repository

 sudo yum install -y yum-utils
 sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

Step 2 安裝docker 及docker compose

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Step 3 啟動docker

sudo systemctl start docker

Step 4 測試一下

sudo docker run hello-world

設定啟動Linux自動啟動

sudo systemctl enable docker

wordpress昇級php版本-使用docker phpFPM

1.上wordpress docker 找到要的版本

wordpress docker hub

2.把Dockerfile下方下載wordpress tar功能拿掉

#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#

FROM php:7.4-fpm

# persistent dependencies
RUN set -eux; \
	apt-get update; \
	apt-get install -y --no-install-recommends \
# Ghostscript is required for rendering PDF previews
		ghostscript \
	; \
	rm -rf /var/lib/apt/lists/*

# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions)
RUN set -ex; \
	\
	savedAptMark="$(apt-mark showmanual)"; \
	\
	apt-get update; \
	apt-get install -y --no-install-recommends \
		libfreetype6-dev \
		libjpeg-dev \
		libmagickwand-dev \
		libpng-dev \
		libzip-dev \
	; \
	\
	docker-php-ext-configure gd \
		--with-freetype \
		--with-jpeg \
	; \
	docker-php-ext-install -j "$(nproc)" \
		bcmath \
		exif \
		gd \
		mysqli \
		zip \
	; \
	pecl install imagick-3.4.4; \
	docker-php-ext-enable imagick; \
	rm -r /tmp/pear; \
	\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
	apt-mark auto '.*' > /dev/null; \
	apt-mark manual $savedAptMark; \
	ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
		| awk '/=>/ { print $3 }' \
		| sort -u \
		| xargs -r dpkg-query -S \
		| cut -d: -f1 \
		| sort -u \
		| xargs -rt apt-mark manual; \
	\
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*

# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN set -eux; \
	docker-php-ext-enable opcache; \
	{ \
		echo 'opcache.memory_consumption=128'; \
		echo 'opcache.interned_strings_buffer=8'; \
		echo 'opcache.max_accelerated_files=4000'; \
		echo 'opcache.revalidate_freq=2'; \
		echo 'opcache.fast_shutdown=1'; \
	} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
		echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
		echo 'display_errors = Off'; \
		echo 'display_startup_errors = Off'; \
		echo 'log_errors = On'; \
		echo 'error_log = /dev/stderr'; \
		echo 'log_errors_max_len = 1024'; \
		echo 'ignore_repeated_errors = On'; \
		echo 'ignore_repeated_source = Off'; \
		echo 'html_errors = Off'; \
	} > /usr/local/etc/php/conf.d/error-logging.ini


COPY docker-entrypoint.sh /usr/local/bin/
 

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["php-fpm"]

3.倒數第三行加上執行權限

Read More