Docker_001 - 码农教程

Docker_MySQL 5.7

FROM debian:buster-slim

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql

RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/*

# add gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x 
	&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* 
	&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" 
	&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" 
	&& export GNUPGHOME="$(mktemp -d)" 
	&& gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 
	&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu 
	&& gpgconf --kill all 
	&& rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc 
	&& chmod +x /usr/local/bin/gosu 
	&& gosu nobody true 
	&& apt-get purge -y --auto-remove ca-certificates wget

RUN mkdir /docker-entrypoint-initdb.d

RUN apt-get update && apt-get install -y --no-install-recommends 
# for MYSQL_RANDOM_ROOT_PASSWORD
		pwgen 
# for mysql_ssl_rsa_setup
		openssl 
# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db:
# File::Basename
# File::Copy
# Sys::Hostname
# Data::Dumper
		perl 
# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
		xz-utils 
	&& rm -rf /var/lib/apt/lists/*

RUN set -ex; 
# gpg: key 5072E1F5: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
	key='A4A9406876FCBD3C456770C88C718D3B5072E1F5'; 
	export GNUPGHOME="$(mktemp -d)"; 
	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; 
	gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; 
	gpgconf --kill all; 
	rm -rf "$GNUPGHOME"; 
	apt-key list > /dev/null

ENV MYSQL_MAJOR 5.7
ENV MYSQL_VERSION 5.7.29-1debian10

RUN echo "deb http://repo.mysql.com/apt/debian/ buster mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list

# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN { 
		echo mysql-community-server mysql-community-server/data-dir select ''; 
		echo mysql-community-server mysql-community-server/root-pass password ''; 
		echo mysql-community-server mysql-community-server/re-root-pass password ''; 
		echo mysql-community-server mysql-community-server/remove-test-db select false; 
	} | debconf-set-selections 
	&& apt-get update && apt-get install -y mysql-server="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* 
	&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld 
	&& chown -R mysql:mysql /var/lib/mysql /var/run/mysqld 
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
	&& chmod 777 /var/run/mysqld 
# comment out a few problematic configuration values
	&& find /etc/mysql/ -name '*.cnf' -print0 
		| xargs -0 grep -lZE '^(bind-address|log)' 
		| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/' 
# don't reverse lookup hostnames, they are usually another container
	&& echo '[mysqld]nskip-host-cachenskip-name-resolve' > /etc/mysql/conf.d/docker.cnf

VOLUME /var/lib/mysql

COPY docker-entrypoint.sh /usr/local/bin/
RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
ENTRYPOINT ["docker-entrypoint.sh"]

EXPOSE 3306 33060
CMD ["mysqld"]

Docker_NGINX_1.17.9

FROM alpine:3.10

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

ENV NGINX_VERSION 1.17.9
ENV NJS_VERSION   0.3.9
ENV PKG_RELEASE   1

RUN set -x 
# create nginx user/group first, to be consistent throughout docker variants
    && addgroup -g 101 -S nginx 
    && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx 
    && apkArch="$(cat /etc/apk/arch)" 
    && nginxPackages=" 
        nginx=${NGINX_VERSION}-r${PKG_RELEASE} 
        nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} 
        nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} 
        nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} 
        nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} 
    " 
    && case "$apkArch" in 
        x86_64) 
# arches officially built by upstream
            set -x 
            && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" 
            && apk add --no-cache --virtual .cert-deps 
                openssl 
            && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub 
            && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then 
                echo "key verification succeeded!"; 
                mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; 
            else 
                echo "key verification failed!"; 
                exit 1; 
            fi 
            && apk del .cert-deps 
            && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages 
            ;; 
        *) 
# we're on an architecture upstream doesn't officially build for
# let's build binaries from the published packaging sources
            set -x 
            && tempDir="$(mktemp -d)" 
            && chown nobody:nobody $tempDir 
            && apk add --no-cache --virtual .build-deps 
                gcc 
                libc-dev 
                make 
                openssl-dev 
                pcre-dev 
                zlib-dev 
                linux-headers 
                libxslt-dev 
                gd-dev 
                geoip-dev 
                perl-dev 
                libedit-dev 
                mercurial 
                bash 
                alpine-sdk 
                findutils 
            && su nobody -s /bin/sh -c " 
                export HOME=${tempDir} 
                && cd ${tempDir} 
                && hg clone https://hg.nginx.org/pkg-oss 
                && cd pkg-oss 
                && hg up ${NGINX_VERSION}-${PKG_RELEASE} 
                && cd alpine 
                && make all 
                && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk 
                && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz 
                " 
            && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ 
            && apk del .build-deps 
            && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages 
            ;; 
    esac 
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
    && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi 
    && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi 
    && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi 
# Bring in gettext so we can get `envsubst`, then throw
# the rest away. To do this, we need to install `gettext`
# then move `envsubst` out of the way so `gettext` can
# be deleted completely, then move `envsubst` back.
    && apk add --no-cache --virtual .gettext gettext 
    && mv /usr/bin/envsubst /tmp/ 
    
    && runDeps="$( 
        scanelf --needed --nobanner /tmp/envsubst 
            | awk '{ gsub(/,/, "nso:", $2); print "so:" $2 }' 
            | sort -u 
            | xargs -r apk info --installed 
            | sort -u 
    )" 
    && apk add --no-cache $runDeps 
    && apk del .gettext 
    && mv /tmp/envsubst /usr/local/bin/ 
# Bring in tzdata so users could set the timezones through the environment
# variables
    && apk add --no-cache tzdata 
# forward request and error logs to docker log collector
    && ln -sf /dev/stdout /var/log/nginx/access.log 
    && ln -sf /dev/stderr /var/log/nginx/error.log

EXPOSE 80

STOPSIGNAL SIGTERM

CMD ["nginx", "-g", "daemon off;"]