diff --git a/docker/Dockerfile b/docker/Dockerfile index 7a3a08e..3387b3e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -50,21 +50,24 @@ RUN apk add --no-cache tzdata nginx openssh \ # 设置时区和语言环境 ENV TZ="Asia/Shanghai" ENV LANG="en_US.UTF-8" +# 运行环境 +ENV APPENV="prod" WORKDIR /usr/local/omc # 前端编译 -COPY --from=build-nodejs /frontend/dist /usr/local/omc/bin/frontend -RUN touch /usr/local/omc/bin/frontend/config.js +COPY --from=build-nodejs /frontend/dist /usr/local/bin/omc-frontend +RUN touch /usr/local/bin/omc-frontend/config.js # 后端编译 -COPY --from=build-go /backend/restagent/backend /usr/local/omc/bin/backend +COPY --from=build-go /backend/restagent/backend /usr/local/bin/omc-backend # 其余文件 -COPY ./backend/docker/omc/etc/omc.yaml /usr/local/omc/etc/omc.yaml -COPY ./backend/docker/omc/nginx/nginx.conf /etc/nginx/nginx.conf -COPY ./backend/docker/omc/static /usr/local/omc/static +COPY ./backend/docker/omc ./ +RUN mkdir -p /var/log/omc && mkdir /var/log/omc/nginx +RUN touch /var/log/omc/nginx/error.log +RUN touch /var/log/omc/nginx/access.log -EXPOSE 22 80 3030 +EXPOSE 22 80 3030 6060 -CMD ["/bin/sh", "-c", "/usr/sbin/sshd && nginx && /usr/local/omc/bin/backend --env prod -c /usr/local/omc/etc/omc.yaml"] +CMD ["/bin/sh", "-c", "/usr/sbin/sshd && nginx -c /usr/local/omc/nginx/nginx.conf && /usr/local/bin/omc-backend --env ${APPENV} -c /usr/local/omc/etc/omc.yaml"] diff --git a/docker/README.md b/docker/README.md index 49c6cb4..82cf993 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,14 +1,31 @@ -## Docker 编译 +# Docker 编译 -docker build --build-arg VERSION=2.240111 -t omc:2.240111 . +编译目录内含 `frontend` 和 `backend` 两个项目代码,将后端项目代码中的 `backend/docker/Dockerfile` 文件移动到最外层目录下。 -docker run -it omc:2.240111 sh +编译目录结构 --v /var/log/omc --v /etc/nginx --v /usr/local/omc/etc --v /usr/local/omc/static --v /usr/local/omc/upload +```text +omc +├── frontend 目录-前端项目代码 +├── backend 目录-后端项目代码 +└── Dockerfile 文件-Docker编译需要 +``` + +## 打包 + +- `VERSION` 变量是后端程序打包版本号注入 + +```sh + +docker build --build-arg VERSION="2.240111" -t omc:2.240111 . + +``` + +## 部署 + +- `APPENV` 程序启动环境变量 local、prod (-e APPENV="local") + +```sh docker run -d \ --privileged=true \ @@ -16,7 +33,26 @@ docker run -d \ -p 3222:22 \ -p 3280:80 \ -p 3230:3030 \ +-p 3260:6060 \ +-v /home/mask/Probject/omc/omc:/usr/local/omc \ +-v /home/mask/Probject/omc/logs:/var/log/omc \ -e TZ="Asia/Shanghai" \ -m 512M \ --name omc_001 \ omc:2.240111 + + +``` + +## 调试 + +```sh + +docker run -it omc:2.240111 sh + +docker exec -it omc:2.240111 sh + + +/usr/sbin/sshd && nginx -c /usr/local/omc/nginx/nginx.conf && /usr/local/omc/bin/backend --env prod -c /usr/local/omc/etc/omc.yaml + +``` diff --git a/docker/omc/nginx/cert/dhparams.pem b/docker/omc/nginx/cert/dhparams.pem new file mode 100644 index 0000000..14cf484 --- /dev/null +++ b/docker/omc/nginx/cert/dhparams.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAlgLQ4jKKVmeAuZG3w7+QNXh/hJIba+/eHV3PA0zGBCyN63lqOED/ +87/WzUKQxLuzJeSiQ3EGPUit/aVRS8guAajFXLx81Lj5BaID8GWhJziQUk97GX6E +UyAvHqZdtJNNp30ds3A5KL/p09Wo6HGvCYwYCFdJwkR26PGFitjDR2KYkuCzAnbx +iiMAb67pP0KtGBkShgvJUTnSs1Klpofh9ylf20QuR9oZ9+NtOMhGa3ttNIcIwxem +Uqk8n5OP9PM5DX2TqL4fD4o43+UNKPdSbyv2dOCyLTGD6nmz/Jwx7vd1s+DKeWIq +y/Sce8+DybCuto+tJACsWRh9W6JL/O4vBuZeU+wp8V4/kGutcsVisAaKKGgJEMSi +FEMu5FQRKdi2vP4wbZcG5usmgRlXQN9rJXuJ3yigmj8ffrdyCCDAMniTflta02n+ +RJv0329h4OYzdMkb1+IMwr+0go0KfiahDfaCeO/8OYlA5dzeVAbGE8dHTG2j9Lpr +M/SoAcObUEHnMDS0FCrnyMVimUKOZoPhpo/xUdVFYoM73okFN0qG76b/Vj6Je1SN +xOV8e0riVJnB4j07CnXpNuUDBgxqaVWpoZa2NU/94KwCukuPZppzk3d3QrfV01lq +XKlIcvLVW1rrq1Ty0f9YMqim7K6LE4/kUBurA4nGUyFx/p+KfxkcysMCAQI= +-----END DH PARAMETERS----- diff --git a/docker/omc/nginx/nginx.conf b/docker/omc/nginx/nginx.conf index 4307f14..1043908 100644 --- a/docker/omc/nginx/nginx.conf +++ b/docker/omc/nginx/nginx.conf @@ -1,44 +1,94 @@ -user nginx; -worker_processes auto; +# /etc/nginx/nginx.conf -error_log /var/log/omc/nginx/error.log notice; +user nginx; pid /var/run/nginx.pid; +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /var/log/omc/nginx/error.log warn; events { - worker_connections 1024; -} + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; +} http { - include mime.types; + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/omc/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - + # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; - #开启gzip功能 + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. Default is '1m'. + client_max_body_size 1024m; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). Default is off. + sendfile on; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. Default is 'off'. + tcp_nopush on; + + # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. + # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` + ssl_dhparam /usr/local/omc/nginx/cert/dhparams.pem; + + # Specifies that our cipher suits should be preferred over client ciphers. + # Default is 'off'. + ssl_prefer_server_ciphers on; + + # Enables a shared SSL cache with size that can hold around 8000 sessions. + # Default is 'none'. + ssl_session_cache shared:SSL:2m; + + # Specifies a time during which a client may reuse the session parameters. + # Default is '5m'. + ssl_session_timeout 1h; + + # Disable TLS session tickets (they are insecure). Default is 'on'. + ssl_session_tickets off; + + # Helper variable for proxying websockets. + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /var/log/omc/nginx/access.log main; + + keepalive_timeout 65; + + # Enable gzipping of responses. gzip on; - #开启gzip静态压缩功能 gzip_static on; - #gzip缓存大小 gzip_buffers 4 16k; - #gzip http版本 gzip_http_version 1.1; - #gzip 压缩级别 1-10 gzip_comp_level 5; - #gzip 压缩类型 gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; - # 是否在http header中添加Vary: Accept-Encoding,建议开启 + # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; server { @@ -62,7 +112,7 @@ http { } location / { - root /usr/local/omc/bin/frontend; + root /usr/local/bin/omc-frontend; try_files $uri $uri/ /index.html; index index.html index.htm;