我很难为自动docker部署设置服务器。我使用jwdilder/nginx-proxy和一个php7.3-fpm容器来尝试运行我的symfony4应用程序。这是应用程序的docker-compose文件:
version: '3.7'
networks:
default:
external:
name: nginx-proxy
services:
mysql:
image: mysql:5.7
restart: on-failure
environment:
MYSQL_ROOT_PASSWORD: test
MYSQL_DATABASE: database
MYSQL_USER: test
MYSQL_PASSWORD: test
php:
build:
context: .
dockerfile: docker/php/Dockerfile
restart: on-failure
hostname: test.org
ports:
- 9000
links:
- mysql
environment:
- VIRTUAL_HOST=test.org
- VIRTUAL_PORT=9000
- VIRTUAL_PROTO=fastcgi
- VIRTUAL_ROOT=/var/www/symfony/public
- LETSENCRYPT_HOST=test.org
- LETSENCRYPT_EMAIL=contact@test.org
volumes:
- ./www:/var/www/symfony:cached
command: >
sh -c "cd /var/www/symfony
&& composer install
&& php bin/console doctrine:database:create -n --if-not-exists
&& php bin/console doctrine:migrations:migrate -n --allow-no-migration
&& rm -rf var/cache
&& php bin/console cache:warmup
&& php-fpm"
node:
build:
context: .
dockerfile: docker/node/Dockerfile
command: yarn encore production
restart: on-failure
volumes:
- ./www/public:/var/www/symfony/public:cached
- ./www/assets:/var/www/symfony/assets:cached
- ./www/yarn.lock:/var/www/symfony/yarn.lock
- ./www/package.json:/var/www/symfony/package.json
- ./www/.npmrc:/var/www/symfony/.npmrc
- ./www/node_modules:/var/www/symfony/node_modules:cached
- ./www/webpack.config.js:/var/www/symfony/webpack.config.js
working_dir: /var/www/symfony
我的PHP dockerFile:
FROM php:7.3-fpm
RUN docker-php-ext-install pdo_mysql
RUN pecl install apcu-5.1.11
RUN docker-php-ext-enable apcu
RUN apt-get update && apt-get install -y --no-install-recommends apt-utils
RUN apt-get update && \
apt-get install -y \
libzip-dev
RUN docker-php-ext-install zip
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng-dev
RUN pecl install mcrypt-1.0.2 \
&& docker-php-ext-enable mcrypt \
&& docker-php-ext-install iconv \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install gd
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
&& php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" \
&& php composer-setup.php --filename=composer \
&& php -r "unlink('composer-setup.php');" \
&& mv composer /usr/local/bin/composer
WORKDIR /var/www/symfony
nginx代理的docker-compose文件:
version: '3'
services:
nginx-proxy:
image: jwilder/nginx-proxy:alpine
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- confd:/etc/nginx/conf.d
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-letsencrypt
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- confd:/etc/nginx/conf.d
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs:rw
environment:
- DEFAULT_EMAIL=test@test.test
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
confd:
vhostd:
html:
certs:
networks:
default:
external:
name: nginx-proxy
这是nginx-proxy生成的nginx配置:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# nepalfederatie.org
upstream nepalfederatie.org {
## Can be connected with "nginx-proxy" network
# nepalfederatieorg_php_1
server 172.18.0.8:9000;
## Can be connected with "nginx-proxy" network
# nepalfederatie_php_1
server 172.18.0.6:9000;
}
server {
server_name nepalfederatie.org;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name nepalfederatie.org;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/nepalfederatie.org.crt;
ssl_certificate_key /etc/nginx/certs/nepalfederatie.org.key;
ssl_dhparam /etc/nginx/certs/nepalfederatie.org.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/nepalfederatie.org.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
root /var/www/symfony/public;
include fastcgi.conf;
fastcgi_pass nepalfederatie.org;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/$fastcgi_script_name;
}
}
导航到test.org时,我的Nginx代理日志中出现以下错误:
* 179从上游读取响应头时,stderr发送了FastCGI:“主脚本未知”
但是,当我导航到test.org/index.php时,网站将返回(没有我遇到403错误的任何资产,但以后会出现问题)。
SSL证书和HTTPS重定向效果很好。
我只是进入整个docker和nginx场景,因为我以前总是一直直接部署到直接在服务器上运行的apache2服务器。
对于我的本地开发环境,我还使用nginx容器(没有任何代理),并且在.conf文件中,我有以下几行:
location / {
root /var/www/symfony/public;
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
client_max_body_size 50m;
fastcgi_pass php:9000;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/index.php;
}
特别是线
fastcgi_param SCRIPT_FILENAME /var/www/symfony/public/index.php;
由于我的部署服务器的配置是由nginx-proxy自动生成的,有人知道这是否是缺少此行的事实吗?
很抱歉,如果有人可以指出正确的方向,将不胜感激。