一、准备工作
1、同步服务器时间
bash
yum -y install ntp
systemctl enable ntpd
systemctl start ntpd
timedatectl set-timezone Asia/Shanghai
ntpdate -u time.nist.gov
date2、关闭防火墙和swap
bash
# 关闭selinux
setenforce 0
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 设置iptables规则
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
# 关闭swap
swapoff -a && free --h二、安装部署docker
bash
#安装编译器环境
yum -y install gcc gcc-c++
#卸载之前下载的docker(防止和之前安装过的docker出现冲突)
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#安装yum-utils
yum install -y yum-utils
#将docker-ce.repo添加到/etc/yum.repos.d/
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#提升yum安装的速度
yum makecache fast
#安装docker
yum install docker-ce docker-ce-cli containerd.io -y
#启动docker
systemctl start docker三、安装部署docker-compose
1、在线安装
bash
#Github下载最新版Docker-compose二进制文件
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#赋予可执行权限
chmod +x /usr/local/bin/docker-compose
#验证安装
docker-compose --version2、离线安装
bash
#访问Github地址(https://github.com/docker/compose/releases/tag),下载需要版本的压缩包,选下方的下载
docker-compose-linux-x86_64
#将压缩包上传到服务器的的/usr/local/bin目录下
mv docker-compose-linux-x86_64 docker-compose
#赋予可执行权限
chmod +x /usr/local/bin/docker-compose
#验证安装
docker-compose --version四、安装部署harbor
bash
#harbor安装包有两种,一种线上下载,一种线下,这边用的是线下下载安装
#下载地址:https://github.com/goharbor/harbor/releases
#https://github.com/goharbor/harbor/releases/download/v2.14.1/harbor-offline-installer-v2.14.1.tgz
cd /data/
tar -zxvf harbor-offline-installer-v2.14.1.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
#harbor.yaml配置参考下面修改
hostname: 172.16.5.20
harbor_admin_password: HZQz34Hfs6JfMdj
#启动harbor
./install.sh --with-trivy #首次启动
docker-compose up -d #往后用docker-compose启动
#停止harbor
docker-compose down五、配置docker镜像拉取源
bash
#修改docker配置文件,insecure-registries配置当harbor用的是http时候用,如果是https就不需要加了
#vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com",
"https://docker.m.daocloud.io",
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com",
"https://your_preferred_mirror",
"https://dockerhub.icu",
"https://docker.registry.cyou",
"https://docker-cf.registry.cyou",
"https://dockercf.jsdelivr.fyi",
"https://docker.jsdelivr.fyi",
"https://dockertest.jsdelivr.fyi",
"https://mirror.aliyuncs.com",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc"
],
"insecure-registries":["172.16.5.20:8080"]
}
#重启docker生效
systemctl restart docker六、打包java服务的docker镜像
bash
#创建java服务目录
mkdir /data/jar/banana
#在原有的banana目录下所有东西的基础上加入Dockerfile
bash
vim /data/jar/banana/Dockerfile
FROM eclipse-temurin:8-jdk
RUN apt-get update && \
apt-get install -y --no-install-recommends \
libfreetype6 \
fontconfig \
libfontconfig1 \
libxrender1 \
fonts-dejavu-core \
fonts-noto-cjk && \
rm -rf /var/lib/apt/lists/*
WORKDIR /data/jar/banana
COPY ./banana.jar ./
EXPOSE 8080
CMD ["sh", "-c", "mkdir -p log && java -server -Xms256m -Xmx256m -XX:MetaspaceSize=256m -XX:MaxMetaspaceSize=256m -Denv.profile=prod -jar banana.jar >> log/app.log 2>&1"]
bash
#orange服务同理,添加Dockerfile文件
bash
vim /data/jar/orange/Dockerfile
FROM openjdk:8u212-jre-slim
WORKDIR /data/jar/orange
COPY ./orange.jar ./
EXPOSE 8083
CMD ["sh", "-c", "java -server -Xms128m -Xmx128m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=256m -jar orange.jar --spring.profiles.active=prod >> nohup.out 2>&1"]
bash
#添加对应的Dockerfile文件后,进入对应存放Dockerfile文件的目录下执行,打包镜像
docker build -t banana-app:1.0 .
docker build -t orange-app:1.0 .
#需要将docker镜像上传到harbor(在上传镜像时,一定要核验步骤五,是否配置好了,否则可能登录不了)
docker login 172.16.5.20:8080
#给创建的镜像打标签
docker tag banana-app:1.0 172.16.5.20:8080/store/banana-app:1.0
docker tag orange-app:1.0 172.16.5.20:8080/store/orange-app:1.0
#将镜像推到harbor上
docker push 172.16.5.20:8080/store/banana-app:1.0
docker push 172.16.5.20:8080/store/orange-app:1.0七、创建挂载目录及文件
bash
#nginx服务
/data/java-platform/conf/nginx/nginx.conf
#mysql服务
/data/java-platform/data/fruits_mysql
/data/java-platform/conf/mysql/my.cnf
#redis服务
/data/java-platform/data/redis
/data/java-platform/conf/redis/redis.conf
#java服务
#banana服务目录及文件
/data/jar/banana/configure
/data/jar/banana/log
/data/jar/banana/nohup.out
#orange服务目录及文件
/data/jar/orange/application-prod.yml
/data/jar/orange/goorange.db
/data/jar/orange/nohup.out
/data/jar/orange/upload
#前端服务
/home/work/website/love
/home/work/website/love-orange
#系统时间目录(已存在)
/etc/localtime八、编写docker-compose文件
bash
#为了密码的敏感信息的安全,不能在docker-compose文件中存在密码信息,需要通过在项目根目录下创建名为.env的文件,在文件中定义需要的环境变量
cd /data/java-platform/
vim .env
MYSQL_ROOT_PASSWORD=MQcsWrUdzmmRs3Q
MYSQL_DATABASE=fruits-db
MYSQL_USER=kk
MYSQL_PASSWORD=MQcsWrUdzmmRs3Q
bash
vim /data/java-platform/docker-compose.yml
version: '2.4'
services:
# ================== Nginx 反向代理 ==================
nginx-proxy:
image: nginx:alpine
container_name: nginx-proxy
environment:
TZ: Asia/Shanghai
ports:
- "81:81"
- "82:82"
- "83:83"
- "84:84"
- "85:85"
volumes:
- /data/java-platform/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/work/website/love:/var/www/love:ro
- /home/work/website/love-orange:/var/www/love-orange:ro
- /data/jar/orange/upload:/var/www/upload:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
depends_on:
- banana-app
- orange-app
networks:
- app-network
# ================== MySQL ==================
fruits-mysql:
image: mysql:8.0.30
container_name: fruits-mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
TZ: Asia/Shanghai
ports:
- "3306:3306"
volumes:
- /data/java-platform/data/fruits_mysql:/var/lib/mysql
- /data/java-platform/conf/mysql/my.cnf:/etc/mysql/conf.d/my.cnf:ro
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
mem_limit: 2g
networks:
- app-network
# ================== Redis ==================
redis:
image: redis:4.0.10
container_name: redis
environment:
TZ: Asia/Shanghai
ports:
- "6379:6379"
volumes:
- /data/java-platform/data/redis:/data
- /data/java-platform/conf/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
- /etc/localtime:/etc/localtime:ro
command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
restart: unless-stopped
mem_limit: 1536m
networks:
- app-network
# ================== banana-app (Java 后端) ==================
banana-app:
image: 172.16.5.20:8080/store/banana-app:1.0
container_name: banana-app
ports:
- "8080:8080" # 保留用于直接调试(可选)
volumes:
- /data/jar/banana/configure:/data/jar/banana/configure:ro
- /data/jar/banana/log:/data/jar/banana/log:rw
- /data/jar/banana/nohup.out:/data/jar/banana/nohup.out:rw
environment:
TZ: Asia/Shanghai
restart: unless-stopped
depends_on:
- fruits-mysql
- redis
networks:
- app-network
# ================== orange-app (Java 后端) ==================
orange-app:
image: 172.16.5.20:8080/store/orange-app:1.0
container_name: orange-app
ports:
- "8083:8083" # 保留用于直接调试(可选)
volumes:
- /data/jar/orange/application-prod.yml:/data/jar/orange/application-prod.yml:ro
- /data/jar/orange/goorange.db:/data/jar/orange/goorange.db:ro
- /data/jar/orange/nohup.out:/data/jar/orange/nohup.out:rw
- /data/jar/orange/upload:/data/jar/orange/upload:rw
environment:
TZ: Asia/Shanghai
restart: unless-stopped
depends_on:
- fruits-mysql
- redis
networks:
- app-network
# =============== 自定义网络(确保服务互通) ===============
networks:
app-network:
driver: bridge域名备注:
web.love.cn 172.16.5.21:81 根目录/home/work/website/love/
api.love.cn 172.16.5.21:84 反向代理到127.0.0.1:8080
upload.love.cn 172.16.5.21:83 根目录/data/upload,同时还有个location / {
try_files uri uri/ =404;
}
orange-api.love.cn 172.16.5.21:85 反向代理到127.0.0.1:8083
orange.love.cn 172.16.5.21:82 根目录/home/work/website/love-orange/
九、启动、关闭Docker-compose
bash
cd /data/java-platform
#启动
docker-compose up -d
#关闭
docker-compose down