1. 准备Docker

1.1 安装Docker

Ubuntu

apt install -y docker.io

CentOS

wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
yum repolist && yum install -y docker

1.2 设置namespace与cgroup

vim /etc/docker/daemon.json

{
        "userns-remap": "default",
        "exec-opts": ["native.cgroupdriver=systemd"]
}

1.3 开机自启动Docker

systemctl enable --now docker

1.4 创建Docker网络

docker network create halo

1.5 创建Docker存储卷

docker volume create halo
docker volume create mariadb
docker volume create nginx_logs

1.6 创建软连接（个人方便起见）

docker volume inspect halo
docker volume inspect mariadb
docker volume inspect nginx_logs

此处是为了查询存储卷的实际存储路径，在Mountpoint键值对中体现，如：
“Mountpoint” = “/var/lib/docker/362144.362144/volumes/halo/_data”

ln -sv /opt/halo /var/lib/docker/362144.362144/volumes/halo/_data
ln -sv /var/lib/mysql /var/lib/docker/362144.362144/volumes/mariadb/_data
ln -sv /var/log/nginx /var/lib/docker/362144.362144/volumes/nginx_logs/_data

2. 准备镜像

2.1Nginx

2.1.1 准备Nginx源码包：

http://nginx.org/en/download.html
此处选用1.21.6

2.1.2 准备依赖

Pcre2:
https://github.com/PCRE2Project/pcre2/releases
此处选用pcre2-10.40
Openssl
https://www.openssl.org/source/
此处选用1.1.1-n
zlib
http://www.zlib.net/
此处选用1.2.12

2.1.3 准备nginx.conf

此处根据业务情况进行准备

2.1.4 拉取base镜像

docker pull ubuntu

2.1.5 配置nginx.conf

示例文件如下：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  escape=json '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    autoindex           off;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    server_tokens       off;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        listen 80;
        server_name web;
        return 301 https://$host$request_uri;
    }

    server {
        listen       443 ssl;
        server_name             web;
        ssl_certificate         CA.pem;
        ssl_certificate_key     CA.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5:!RC4:!DHE:!3DES;
        ssl_prefer_server_ciphers on;
        client_max_body_size 10m;
        
        if ($request_method !~* GET|POST|PUT|DELETE) {
          return 403;
        }

        if ($http_user_agent = "") {
                return 403;
        }
        
        location / {
            proxy_pass http://halo:8090;
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

2.1.6 编写dockerfile

FROM ubuntu:latest
ADD *.tar.gz /opt/
COPY Shanghai /etc/localtime
RUN apt update && apt install -y cpp g++ gcc perl make m4 autoconf automake vim
WORKDIR /opt/nginx-1.21.6
RUN ./configure --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/log/nginx.lock --with-http_gzip_static_module --with-http_ssl_module --with-openssl=../openssl-OpenSSL_1_1_1n/ --with-pcre=../pcre2-10.40/ --with-zlib=../zlib-1.2.12/
RUN make && make install
WORKDIR /root/
RUN rm -rf /opt/* && useradd nginx -s /usr/sbin/nologin
ADD key.tar /etc/nginx/
COPY nginx.conf /etc/nginx/
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]

①此处所有依赖包都是.tar.gz结尾，key.tar是CA证书的公私钥对
②cmd里，nginx的执行方式一定要以前台方式运行，否则容器执行nginx后会自动退出
③Shanghai位于Ubuntu系统中/usr/share/zoneinfo/Asia/Shanghai，用于指定时区
④安装vim是为了以后方便编辑配置文件

2.1.7 生成镜像

docker build nginx:latest .

2.2 Mariadb

2.2.1 拉取镜像

使用现成的mariadb镜像

docker pull mariadb

2.3 Openjdk

2.3.1 拉取base镜像（同Nginx处一样，如已拉取可跳过）

docker pull ubuntu

2.3.2 编写dockerfile

FROM ubuntu:latest
ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
ENV CLASSPATH=.${JAVA_HOME}/lib:$CLASSPATH
ENV JAVA_PATH=${JAVA_HOME}/bin
ENV PATH=$PATH:${JAVA_PATH}
RUN apt update && apt install -y openjdk-17-jre openjdk-17-jdk
COPY Shanghai /etc/localtime

2.3.3 生成镜像

docker build -t openjdk:latest .

2.4 Halo

2.4.1 编写dockerfile

FROM openjdk:latest
WORKDIR /root/
EXPOSE 8090
CMD ["java","-jar","/root/halo.jar"]

2.4.2 生成镜像

docker build -t halo:latest .

3. 准备数据库

3.1 宿主机安装mariadb-client

Ubuntu:

apt install -y mariadb-client

CentOS

yum -y install mariadb

3.2 启动mariadb-server容器

docker run -itd -p 127.0.0.1:3306:3306 -v mariadb:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="pass" --name mariadb --net helo --restart=unless-stopped mariadb

pass请自行修改

3.3 观察容器是否正常运行

docker ps -a

3.4 创建网站数据库

docker exec -it mariadb bash
mariadb-secure-installation

按照以下内容选择：

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] n
 ... skipping.

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

3.5 添加root远程管理与halo用户

宿主机内

docker inspect halo

此处是为了查询创建的Docker网络的容器IP，查看键值对Subnet即可，如：
“Subnet” = “172.19.0.0/16”

mariadb容器内

mysql -uroot -p

GRANT ALL PRIVILEGES ON *.* TO 'root'@'172.19.0.1' identify by 'pass';
CREATE DATABASE halodb CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;
GRANT ALL PRIVILEGES ON halodb.* TO 'halo'@'172.19.0.3' identify by 'pass';
FLUSH PRIVILEGES;

pass请自行修改
这里172.19.0.3是halo容器的ip地址

4. 准备halo

4.1 下载halo

①主程序
https://halo.run/#quickstart
此处选用1.5.2
②配置文件
https://github.com/halo-dev/halo-common/blob/master/application-template.yaml

4.2 拷贝至存储卷

cd /opt/halo
mkdir .halo
cp /opt/halo-1.5.2.jar ./halo.jar
cp /opt/application-template.yaml ./.halo/application.yaml

4.3 修改配置文件

vim /opt/halo/.halo/application.yaml

server:
  port: 8090

  # Response data gzip.
  compression:
    enabled: false
spring:
  datasource:

    # H2 database configuration.
    #driver-class-name: org.h2.Driver
    #url: jdbc:h2:file:~/.halo/db/halo
    #username: admin
    #password: 123456

    # MySQL database configuration.
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://mariadb:3306/halodb?characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
    username: halo
    password: pass

  # H2 database console configuration.
  h2:
    console:
      settings:
        web-allow-others: false
      path: /h2-console
      enabled: false

halo:

  # Your admin client path is https://your-domain/{admin-path}
  admin-path: admin

  # memory or level
  cache: memory

4.4 启动halo容器

docker run -itd -v halo:/root --name halo --net helo --restart=unless-stopped halo

4.5 观察容器是否正常运行

docker logs halo

5. 准备Nginx反向代理

5.1 启动nginx容器

docker run -itd -v nginx_logs:/var/log/nginx -p 80:80 -p 443:443 --name nginx --net halo --restart=unless-stopped nginx

5.2 观察容器是否正常运行

docker ps -a

至此halo已部署成功

文章作者: Re3et

文章链接: /archives/从零搭建halo

微信扫一扫

Re3et

文章

标签

About Me

公告

本站部分资源或者图片源于网络，仅供学习和研究使用。如有侵犯您的版权请联系我删除对应内容。

A part of resources or pictures of this website are from internet, only for study or research. If there is any dissidence please contact us and we will delete it immediately.

このウェブサイトのリソースとかピクとかはインターネットから集めだった、学習と研究を用いるのみ、もし贵方の著作権を侵害したことがあったならお問い合わせください、私たちすぐ相関の内容を削除されます