Слияние кода завершено, страница обновится автоматически
version: "3.9"
#
# khs1994.com Docker Swarm mode
# @link https://docs.docker.com/engine/swarm/
#
#
# $ docker compose -f docker-production.yml build
# $ docker compose -f docker-production.yml push
#
# $ docker stack deploy -c docker-production.yml lnmp
# $ docker stack ps lnmp
#
# 1. less `volumes`
# 2. config put `configs`
# 3. secrets put `secrets`
# 4. use log driver journald
#
# tips:
# 1. `docker stack deploy` not support env
#
#
# Don't edit this file
#
# $ cp docker-production.yml docker-production.khs1994.yml
#
# Then Edit `docker-production.*.yml`
x-logging:
&default-logging
driver: journald
x-common:
&common
env_file:
- ./scripts/cli/timezone.env
networks:
- backend
read_only: false
# dns:
# - 114.114.114.114
tmpfs: /run:exec
x-deploy:
&default-deploy
restart_policy:
condition: any
delay: 25s
max_attempts: 5
window: 123s
update_config:
parallelism: 2
delay: 10s
order: stop-first
x-labels:
&default-labels
labels:
- com.khs1994.lnmp=true
- com.khs1994.lnmp.app.env=production_swarm_mode
x-build:
&default-build
# Dockerfile: my.Dockerfile
args:
ALPINE_URL: mirrors.aliyun.com # dl-cdn.alpinelinux.org
x-build-debian:
&default-build-debian
# Dockerfile: my.Dockerfile
args:
DEB_URL: mirrors.ustc.edu.cn # deb.debian.org
DEB_SECURITY_URL: mirrors.ustc.edu.cn/debian-security/ # security.debian.org
x-php-common:
&default-php
image: khs1994/php:8.2.3-fpm-alpine
volumes:
- ./app:/app
- type: volume
source: zoneinfo-data
target: /usr/share/zoneinfo
volume:
nocopy: false
# s6
- ./config/s6/s6-overlay/s6-rc.d:/etc/s6-overlay/s6-rc.d
- ./config/s6/s6-overlay/scripts:/etc/s6-overlay/scripts
- ./config/crontabs/root:/etc/crontabs/root.s6
- php-var-log:/var/log
environment:
- APP_ENV=production
configs:
- source: php_ini
target: /usr/local/etc/php/php.ini
- source: php_ini_include
target: /usr/local/etc/php/conf.d/zz-docker-php.ini
- source: php_fpm_conf_d_zz_docker_conf
target: /usr/local/etc/php-fpm.d/zz-docker.conf
secrets:
- source: ssh_id_rsa
target: /root/.ssh/id_rsa
mode: 0600
- source: ssh_config
target: /root/.ssh/config
depends_on:
- mysql
- redis
networks:
- backend
services:
mysql:
<< : [*common,*default-labels]
build:
<< : *default-build-debian
context: ./dockerfile/mysql/
dockerfile: Dockerfile
image: mysql:8.0.33
# image: khs1994/lnmp-mysql:8.0.33
# image: username/lnmp-mysql:tag
environment:
# MYSQL_ROOT_PASSWORD: mytest
MYSQL_ROOT_PASSWORD_FILE: /etc/db_root_password
MYSQL_DATABASE: test
# ports:
# - "127.0.0.1:3306:3306"
volumes:
- ./scripts/backup/init.production:/docker-entrypoint-initdb.d:ro
- ./scripts/backup/mysql:/backup
- mysql-data:/var/lib/mysql
command: ["mysqld","--character-set-server=utf8mb4","--default-authentication-plugin=mysql_native_password"]
# logging: *default-logging
deploy:
<< : [*default-deploy,*default-labels]
placement:
constraints: [node.role == manager]
# resources:
# limits:
# cpus: '0.50'
# memory: 50M
# reservations:
# cpus: '0.25'
# memory: 20M
secrets:
- source: db_root_password
target: /etc/db_root_password
configs:
- source: mysql_conf_d_docker_cnf
target: /etc/mysql/conf.d/docker.cnf
mode: 0644
uid: "0"
gid: "0"
tmpfs: /var/run/mysqld
# mariadb:
# << : [*common,*default-labels]
# build:
# << : *default-build-debian
# context: ./dockerfile/mariadb/
# dockerfile: Dockerfile
# image: "mariadb:10.8.3"
# # image: username/lnmp-mariadb:tag
# # image: khs1994/lnmp-mariadb:10.8.3
# environment:
# MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
# MYSQL_DATABASE: test
# # MYSQL_USER:
# # MYSQL_PASSWORD:
# # ports:
# # - "127.0.0.1:3306:3306"
# volumes:
# # https://github.com/docker-library/docs/tree/master/mariadb#initializing-a-fresh-instance
# - ./scripts/backup/init.production:/docker-entrypoint-initdb.d:ro
# - mariadb-data:/var/lib/mysql
# - ./scripts/backup/mariadb:/backup
# command:
# - mysqld
# - --character-set-server=utf8mb4
# deploy:
# << : [*default-deploy,*default-labels]
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# secrets:
# - db_root_password
# configs:
# - source: mariadb_conf_d_docker_cnf
# target: /etc/mysql/conf.d/docker.cnf
redis:
<< : [*common,*default-labels]
build:
<< : *default-build
# << : *default-build-debian
context: ./dockerfile/redis/
dockerfile: Dockerfile
image: redis:7.0.0-alpine
# image: username/lnmp-redis:tag
# image: khs1994/lnmp-redis:7.0.0
# ports:
# - "127.0.0.1:6379:6379"
volumes:
- redis-data:/data
command: [
"redis-server",
"/redis.conf",
"--daemonize no",
"--bind 0.0.0.0",
"--appendonly yes",
# "--save \"\"",
"--aof-use-rdb-preamble yes"
]
# logging: *default-logging
deploy:
<< :
- *default-deploy
- *default-labels
# replicas: 2
placement:
constraints: [node.role == manager]
configs:
- source: redis_conf
target: /redis.conf
# memcached:
# << :
# - *common
# - *default-labels
# build:
# << : *default-build
# # << : *default-build-debian
# context: ./dockerfile/memcached/
# dockerfile: Dockerfile
# image: memcached:1.5.7-alpine
# # image: username/lnmp-memcached:tag
# # image: khs1994/lnmp-memcached:1.5.7
# # ports:
# # - "127.0.0.1:11211:11211"
# volumes:
# - zoneinfo-data:/usr/share/zoneinfo
# deploy:
# << : *default-deploy
# << : *default-labels
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# rabbitmq:
# << : *common
# << : *default-labels
# build:
# << : *default-build
# # << : *default-build-debian
# context: ./dockerfile/rabbitmq/
# dockerfile: Dockerfile
# image: rabbitmq:3.7.3-management-alpine
# # image: username/lnmp-rabbitmq:tag
# # image: khs1994/lnmp-rabbitmq:3.7.3
# volumes:
# - rabbitmq-data:/var/lib/rabbitmq
# - zoneinfo-data:/usr/share/zoneinfo
# # ports:
# # - "127.0.0.1:15672:15672"
# # - "127.0.0.1:5672:5672"
# deploy:
# << : *default-deploy
# << : *default-labels
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# postgresql:
# << : *common
# << : *default-labels
# build:
# << : *default-build
# # << : *default-build-debian
# context: ./dockerfile/postgresql/
# dockerfile: Dockerfile
# image: postgres:12.0-alpine
# # image: username/lnmp-postgresql:tag
# # image: khs1994/lnmp-postgresql:12.0
# environment:
# - POSTGRES_PASSWORD_FILE=/run/secrets/db_root_password
# - POSTGRES_DB=test
# volumes:
# - zoneinfo-data:/usr/share/zoneinfo
# - postgresql-data:/var/lib/postgresql/data
# # ports:
# # - "127.0.0.1:5432:5432"
# deploy:
# << : *default-deploy
# << : *default-labels
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# secrets:
# # default is mysql password
# - db_root_password
# mongodb:
# << : *common
# << : *default-labels
# build:
# << : *default-build-debian
# context: ./dockerfile/mongodb/
# dockerfile: Dockerfile
# image: mongo:5.0.3
# # image: username/lnmp-mongodb:tag
# # image: khs1994/lnmp-mongodb:5.0.3
# volumes:
# # - ./config/mongodb/mongod.conf:/etc/mongod.conf:ro
# - mongodb-data:/data/db
# deploy:
# << : *default-deploy
# << : *default-labels
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# # ports:
# # - "127.0.0.1:27017:27017"
# command: ["mongod","--config","/etc/mongod.conf"]
# configs:
# - source: mongod_conf
# target: /etc/mongod.conf
pcit:
<< :
- *common
- *default-labels
- *default-php
image: pcit/pcit:unit
volumes:
- ./pcit/.env.production:/app/pcit/.env.production
- ./pcit/key:/app/pcit/framework/storage/private_key
- pcit-tmp:/tmp
working_dir: /app/pcit
command:
- up
# logging: *default-logging
networks:
- backend
- frontend
extra_hosts:
- "api.github.com:140.82.114.6"
deploy:
<< :
- *default-deploy
- *default-labels
# replicas: 2
placement:
constraints: [node.role == manager]
resources:
limits:
cpus: '0.50'
memory: 256M
reservations:
cpus: '0.25'
memory: 128M
php7:
<< :
- *common
- *default-labels
- *default-php
# image: khs1994/php:8.2.3-s6-alpine
# entrypoint:
# - /s6-init
build:
<< : *default-build
# << : *default-build-debian
# context: ./dockerfile/php/
context: ./app/demo/
dockerfile: Dockerfile
# args:
# foo: bar
# command: php-fpm -R -F
networks:
- frontend
- backend
environment:
- APP_ENV=production
- LNMP_DOCKER_VERSION=v20.10 x86_64 Docker Swarm
- PATH=/command:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# logging: *default-logging
deploy:
<< :
- *default-deploy
- *default-labels
# replicas: 2
placement:
constraints: [node.role == manager]
# php7-laravel-queue:
# << : *common
# << : *default-labels
# << : *default-php
# command:
# - php
# - /app/laravel/artisan
# - queue:work
# - --tries=3
# # logging: *default-logging
# deploy:
# << : *default-deploy
# << : *default-labels
# replicas: 1
# placement:
# constraints: [node.role == manager]
nginx:
<< :
- *common
- *default-labels
build:
<< : *default-build
# << : *default-build-debian
# context: ./dockerfile/nginx/
context: ./config/nginx
dockerfile: Dockerfile
image: nginx:1.23.3-alpine
# image: khs1994/nginx:1.23.3-alpine
ports:
- "443:443/tcp"
- "443:443/udp"
- "80:80"
volumes:
- ./app:/app
# - ./config/nginx:/etc/nginx/conf.d:ro
networks:
- frontend
depends_on:
- php7
# condition: service_completed_successfully
# service_started service_healthy service_completed_successfully
- minio
# logging: *default-logging
deploy:
<< :
- *default-deploy
- *default-labels
# replicas: 2
placement:
constraints: [node.role == manager]
configs:
- source: nginx_conf
target: /etc/nginx/nginx.conf
# uid: '103'
# gid: '103'
# mode: 0440
# one domain one conf file
- source: nginx_80_conf
target: /etc/nginx/conf.d/80.conf
- source: nginx_301_conf
target: /etc/nginx/conf.d/301.conf
- source: nginx_ssl_conf
target: /etc/nginx/conf.d/ssl.config
- source: nginx_khs1994_com_conf
target: /etc/nginx/conf.d/khs1994.com.conf
#
# Example Don't Edit
#
# - source: nginx_domain_com_conf
# target: /etc/nginx/conf.d/domain.com.conf
secrets:
#
# ECC + RSA
#
# @link https://github.com/khs1994-docker/lnmp/issues/239
#
- source: khs1994_com_ssl_crt
target: /etc/nginx/conf.d/ssl/khs1994.com.crt
- source: khs1994_com_ssl_key
target: /etc/nginx/conf.d/ssl/khs1994.com.key
- source: khs1994_com_ssl_rsa_crt
target: /etc/nginx/conf.d/ssl/khs1994.com.rsa.crt
- source: khs1994_com_ssl_rsa_key
target: /etc/nginx/conf.d/ssl/khs1994.com.rsa.key
# - source: developer_khs1994_com_ssl_crt
# target: /etc/nginx/conf.d/ssl/developer.khs1994.com.crt
# - source: developer_khs1994_com_ssl_key
# target: /etc/nginx/conf.d/ssl/developer.khs1994.com.key
# - source: developer_khs1994_com_ssl_rsa_crt
# target: /etc/nginx/conf.d/ssl/developer.khs1994.com.rsa.crt
# - source: developer_khs1994_com_ssl_rsa_key
# target: /etc/nginx/conf.d/ssl/developer.khs1994.com.rsa.key
#
# - source: auth_htpasswd
# target: /etc/nginx/conf.d/auth/nginx.htpasswd
#
# Example Don't Edit
#
# ECC + RSA
#
# - source: domain_com_ssl_crt
# target: /etc/nginx/conf.d/ssl/domain.com.crt
# - source: domain_com_ssl_key
# target: /etc/nginx/conf.d/ssl/domain.com.key
# - source: domain_com_ssl_rsa_crt
# target: /etc/nginx/conf.d/ssl/domain.com.rsa.crt
# - source: domain_com_ssl_rsa.key
# target: /etc/nginx/conf.d/ssl/domain.com.rsa.key
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost"]
# interval: 1m30s
# timeout: 10s
# retries: 3
# start_period: 40s
# httpd:
# << :
# - *common
# - *default-labels
# build:
# << : *default-build
# # << : *default-build-debian
# context: ./config/httpd
# dockerfile: Dockerfile
# image: "httpd:2.4.53-alpine"
# # image: username/lnmp-httpd:tag
# # image: khs1994/lnmp-httpd:2.4.53
# ports:
# - "443:443"
# - "80:80"
# volumes:
# - ./app:/app
# # - ./config/etc/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf
# # - ./config/httpd:/usr/local/apache2/conf.d
# - zoneinfo-data:/usr/share/zoneinfo
# working_dir: /app
# networks:
# - frontend
# depends_on:
# - php7
# # logging: *default-logging
# deploy:
# << :
# - *default-deploy
# - *default-labels
# placement:
# constraints: [node.role == manager]
# configs:
# - source: httpd_conf
# target: /usr/local/apache2/conf/httpd.conf
# - source: vhost_khs1994_com_conf
# target: /usr/local/apache2/conf.d/vhost.khs1994.com.conf
# #
# # Example Don't Edit
# #
# # - source: vhost_domain_com_conf
# # target: /usr/local/apache2/conf.d/vhost.domain.com.conf
# secrets:
# - source: khs1994_com_ssl_crt
# target: /usr/local/apache2/conf.d/ssl/khs1994.com.crt
# - source: khs1994_com_ssl_key
# target: /usr/local/apache2/conf.d/ssl/khs1994.com.key
# - source: developer_khs1994_com_ssl_crt
# target: /usr/local/apache2/conf.d/ssl/developer.khs1994.com.crt
# - source: developer_khs1994_com_ssl_key
# target: /usr/local/apache2/conf.d/ssl/developer.khs1994.com.key
# #
# # Example Don’t Edit
# #
# # - source: domain_com_ssl_crt
# # target: /usr/local/apache2/conf.d/ssl/domain.com.crt
# # - source: domain_com_ssl_key
# # target: /usr/local/apache2/conf.d/ssl/domain.com.key
# registry:
# << :
# - *common
# - *default-labels
# build:
# << : *default-build
# # << : *default-build-debian
# context: ./config/registry
# dockerfile: Dockerfile
# image: registry:latest
# # image: username/lnmp-registry:tag
# # image: khs1994/lnmp-registry:latest
# networks:
# - frontend
# - backend
# # ports:
# # - "127.0.0.1:5000:5000"
# volumes:
# # - ./config/registry:/etc/docker/registry
# - registry-data:/var/lib/registry
# deploy:
# << :
# - *default-deploy
# - *default-labels
# placement:
# constraints: [node.role == manager]
# # logging: *default-logging
# configs:
# - source: registy_yml
# target: /etc/docker/registry/config.yml
minio:
<< :
- *common
- *default-labels
image: minio/minio:RELEASE.2022-10-24T18-35-07Z
command:
- server
- /data
- --console-address
- ':9090'
environment:
MINIO_ROOT_USER_FILE: minio-root-user
MINIO_ROOT_PASSWORD_FILE: minio-root-password
MINIO_REGION_NAME: ${MINIO_REGION_NAME:-us-east-1}
MINIO_BROWSER: ${MINIO_BROWSER:-on}
MINIO_DOMAIN: ${MINIO_DOMAIN:-''}
networks:
- backend
- frontend
volumes:
- minio-data:/data
secrets:
- minio-root-user
- minio-root-password
networks:
frontend:
<< : *default-labels
attachable: true
backend:
<< : *default-labels
attachable: true
volumes:
mysql-data:
<< : *default-labels
# mariadb-data:
# << : *default-labels
redis-data:
<< : *default-labels
# rabbitmq-data:
# << : *default-labels
#
# postgresql-data:
# << : *default-labels
#
# mongodb-data:
# << : *default-labels
zoneinfo-data:
<< : *default-labels
# registry-data:
# << : *default-labels
pcit-tmp:
<< : *default-labels
minio-data:
<< : *default-labels
php-var-log:
<< : *default-labels
secrets:
db_root_password:
<< : *default-labels
file: secrets/db_root_password.txt
# ECC + RSA
khs1994_com_ssl_key:
<< : *default-labels
file: ./config/nginx/ssl/khs1994.com.key
khs1994_com_ssl_crt:
<< : *default-labels
file: ./config/nginx/ssl/khs1994.com.crt
khs1994_com_ssl_rsa_key:
<< : *default-labels
file: ./config/nginx/ssl/khs1994.com.rsa.key
khs1994_com_ssl_rsa_crt:
<< : *default-labels
file: ./config/nginx/ssl/khs1994.com.rsa.crt
#
# developer_khs1994_com_ssl_crt:
# file: ./config/nginx/ssl/developer.khs1994.com.crt
# << : *default-labels
#
# developer_khs1994_com_ssl_key:
# file: ./config/nginx/ssl/developer.khs1994.com.key
# << : *default-labels
#
# developer_khs1994_com_ssl_rsa_crt:
# file: ./config/nginx/ssl/developer.khs1994.com.rsa.crt
# << : *default-labels
#
# developer_khs1994_com_ssl_rsa_key:
# file: ./config/nginx/ssl/developer.khs1994.com.rsa.key
# << : *default-labels
#
# auth_htpasswd:
# file: ./config/nginx/auth/nginx.htpasswd
# << : *default-labels
#
# Example Don't Edit
#
# domain_com_ssl_key:
# file: ./config/nginx/ssl/domain.com.key
# << : *default-labels
#
# domain_com_ssl_crt:
# file: ./config/nginx/ssl/domain.com.crt
# << : *default-labels
#
# domain_com_ssl_key:
# file: ./config/nginx/ssl/domain.com.key
# << : *default-labels
#
# domain_com_ssl_crt:
# file: ./config/nginx/ssl/domain.com.crt
# << : *default-labels
#
# SSH use in CI/CD
ssh_id_rsa:
file: /root/.ssh/id_rsa
<< : *default-labels
# SSH config
ssh_config:
file: ./secrets/ssh_config
<< : *default-labels
minio-root-user:
file: ./secrets/minio/root-user.txt
<< : *default-labels
minio-root-password:
file: ./secrets/minio/root-password.txt
<< : *default-labels
configs:
mysql_conf_d_docker_cnf:
file: ./config/mysql/docker.production.cnf
<< : *default-labels
# mariadb_conf_d_docker_cnf:
# file: ./config/mariadb/docker.production.cnf
# << : *default-labels
nginx_conf:
file: ./config/etc/nginx/nginx.production.conf
<< : *default-labels
nginx_80_conf:
file: ./config/nginx/80.conf
<< : *default-labels
nginx_301_conf:
file: ./config/nginx/301.conf
<< : *default-labels
nginx_ssl_conf:
file: ./config/nginx/ssl.config
<< : *default-labels
nginx_khs1994_com_conf:
file: ./config/nginx/khs1994.com.conf
<< : *default-labels
#
# NGINX Example Don't Edit
#
# nginx_domain_com_conf:
# file ./config/nginx/domain.com.conf
# << : *default-labels
#
# httpd_conf:
# file: ./config/etc/httpd/httpd.production.conf
# << : *default-labels
#
# vhost_khs1994_com_conf:
# file: ./config/httpd/khs1994.com.conf
# << : *default-labels
#
# Apache Example Don't Edit
#
# vhost_domain_com_conf:
# file: ./config/httpd/domain.com.conf
# << : *default-labels
php_ini:
file: ./config/php8/php.production.ini
<< : *default-labels
php_development_ini:
file: ./config/php8/php.development.ini
<< : *default-labels
# 重写 php.ini
php_ini_include:
file: ./config/php8/docker-php.ini
<< : *default-labels
php_fpm_conf_d_zz_docker_conf:
file: ./config/php8/zz-docker.production.conf
<< : *default-labels
redis_conf:
file: ./config/redis/redis.production.conf
<< : *default-labels
# mongod_conf:
# file: ./config/mongodb/mongod.production.conf
# << : *default-labels
#
# registy_yml:
# file: ./config/registry/config.production.yml
# << : *default-labels
Неприемлемый контент может быть отображен здесь и не будет показан на странице. Вы можете проверить и изменить его с помощью соответствующей функции редактирования.
Если вы подтверждаете, что содержание не содержит непристойной лексики/перенаправления на рекламу/насилия/вульгарной порнографии/нарушений/пиратства/ложного/незначительного или незаконного контента, связанного с национальными законами и предписаниями, вы можете нажать «Отправить» для подачи апелляции, и мы обработаем ее как можно скорее.