環境部署一直是一個很大的問題,無論是開發環境還是生産環境,但是 Docker
将開發環境和生産環境以輕量級方式打包,提供了一緻的環境。極大的提升了開發部署一緻性。當然,實際情況并沒有這麼簡單,因為生産環境和開發環境的配置是完全不同的,比如日志等的問題都需要單獨配置,但是至少比以前更加簡單友善了,這裡以
PHP 開發作為例子講解 Docker 如何布置開發環境。
一般來說,一個 PHP 項目會需要以下工具:
Web 伺服器: Nginx/Tengine
Web 程式: PHP-FPM
資料庫: MySQL/PostgreSQL
緩存服務: Redis/Memcache
這是最簡單的架構方式,在 Docker 發展早期,Docker 被大量的濫用,比如,一個鏡像内啟動多服務,日志收集依舊是按照 Syslog
或者别的老方式,鏡像容量非常龐大,基礎鏡像就能達到 80M,這和 Docker 當初提出的思想完全南轅北轍了,而 Alpine Linux
發行版作為一個輕量級 Linux 環境,就非常适合作為 Docker 基礎鏡像,Docker 官方也推薦使用 Alpine 而不是 Debian
作為基礎鏡像,未來大量的現有官方鏡像也将會遷移到 Alpine 上。本文所有鏡像都将以 Alpine 作為基礎鏡像。
Nginx/Tengine
這部分筆者已經在另一篇文章 Docker 容器的 Nginx 實踐中講解了 Tengine 的 Docker 實踐,并且給出了
Dockerfile,由于比較偏好 Tengine,而且官方已經給出了 Nginx 的 alpine 鏡像,是以這裡就用
Tengine。筆者已經将鏡像上傳到官方 DockerHub,可以通過
docker pull chasontang/tengine:2.1.2_f
擷取鏡像,具體請看 Dockerfile。
PHP-FPM
Docker 官方已經提供了 PHP 的 7.0.7-fpm-alpine 鏡像,Dockerfile 如下:
FROM alpine:3.4
# persistent / runtime deps
ENV PHPIZE_DEPS \
autoconf \
file \
g++ \
gcc \
libc-dev \
make \
pkgconf \
re2c
RUN apk add --no-cache --virtual .persistent-deps \
ca-certificates \
curl
# ensure www-data user exists
RUN set -x \
&& addgroup -g 82 -S www-data \
&& adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
ENV PHP_INI_DIR /usr/local/etc/php
RUN mkdir -p $PHP_INI_DIR/conf.d
####
ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
####
ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
ENV PHP_VERSION 7.0.7
ENV PHP_FILENAME php-7.0.7.tar.xz
ENV PHP_SHA256 9cc64a7459242c79c10e79d74feaf5bae3541f604966ceb600c3d2e8f5fe4794
RUN set -xe \
&& apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
curl-dev \
gnupg \
libedit-dev \
libxml2-dev \
openssl-dev \
sqlite-dev \
&& curl -fSL "http://php.net/get/$PHP_FILENAME/from/this/mirror" -o "$PHP_FILENAME" \
&& echo "$PHP_SHA256 *$PHP_FILENAME" | sha256sum -c - \
&& curl -fSL "http://php.net/get/$PHP_FILENAME.asc/from/this/mirror" -o "$PHP_FILENAME.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& for key in $GPG_KEYS; do \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done \
&& gpg --batch --verify "$PHP_FILENAME.asc" "$PHP_FILENAME" \
&& rm -r "$GNUPGHOME" "$PHP_FILENAME.asc" \
&& mkdir -p /usr/src \
&& tar -Jxf "$PHP_FILENAME" -C /usr/src \
&& mv "/usr/src/php-$PHP_VERSION" /usr/src/php \
&& rm "$PHP_FILENAME" \
&& cd /usr/src/php \
&& ./configure \
--with-config-file-path="$PHP_INI_DIR" \
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
$PHP_EXTRA_CONFIGURE_ARGS \
--disable-cgi \
# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
--enable-mysqlnd \
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
--enable-mbstring \
--with-curl \
--with-libedit \
--with-openssl \
--with-zlib \
&& make -j"$(getconf _NPROCESSORS_ONLN)" \
&& make install \
&& { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \
&& make clean \
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
| sort -u \
)" \
&& apk add --no-cache --virtual .php-rundeps $runDeps \
&& apk del .build-deps
COPY docker-php-ext-* /usr/local/bin/
####
WORKDIR /var/www/html
RUN set -ex \
&& cd /usr/local/etc \
&& if [ -d php-fpm.d ]; then \
# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \
cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \
else \
# PHP 5.x don't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency
mkdir php-fpm.d; \
cp php-fpm.conf.default php-fpm.d/www.conf; \
{ \
echo '[global]'; \
echo 'include=etc/php-fpm.d/*.conf'; \
} | tee php-fpm.conf; \
fi \
&& { \
echo '[global]'; \
echo 'error_log = /proc/self/fd/2'; \
echo; \
echo '[www]'; \
echo '; if we send this to /proc/self/fd/1, it never appears'; \
echo 'access.log = /proc/self/fd/2'; \
echo; \
echo 'clear_env = no'; \
echo; \
echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
echo 'catch_workers_output = yes'; \
} | tee php-fpm.d/docker.conf \
&& { \
echo '[global]'; \
echo 'daemonize = no'; \
echo; \
echo '[www]'; \
echo 'listen = [::]:9000'; \
} | tee php-fpm.d/zz-docker.conf
EXPOSE 9000
CMD ["php-fpm"]
####