├── README.md ├── SonarQube.yml ├── confd.etcd.nginx.yml ├── dcs.yml ├── devops ├── README.md ├── conf │ ├── mysqld.cnf │ └── omnibus_config.rb ├── data │ ├── gitlab │ │ ├── etc │ │ │ └── .gitignore │ │ ├── log │ │ │ └── .gitignore │ │ └── opt │ │ │ └── .gitignore │ ├── jenkins │ │ └── .gitignore │ ├── jira │ │ ├── data │ │ │ └── .gitignore │ │ └── logs │ │ │ └── .gitignore │ └── mysql │ │ └── .gitignore └── devops.yml ├── elk ├── README.md ├── conf │ ├── elasticsearch.yml │ ├── filebeat.docker.yml │ ├── kibana.yml │ ├── limits.d │ │ └── elasticsearch.conf │ ├── logstash.conf │ ├── nginx.conf │ ├── nginx.db │ ├── redis.conf │ └── sysctl.d │ │ └── elasticsearch.conf ├── ek.yml ├── example │ ├── filebeat.example.yaml │ ├── kafka.conf │ ├── logstash.yml │ └── nginx.conf └── filebeat.yml ├── etcd-cluster.yml ├── gogs.yml ├── graylog ├── conf │ └── mongod.conf └── docker-compose.yml ├── jenkins ├── README.md ├── conf │ └── jenkins.yml └── stack.yml ├── lamp ├── README.md ├── apache │ └── httpd.conf ├── lamp.yml ├── mysql │ ├── data │ │ └── .gitignore │ └── mysqld.cnf ├── php │ └── php.ini └── www │ └── index.php ├── lnmp ├── Makefile ├── README.md ├── conf │ ├── daemon.json │ ├── mysqld.cnf │ ├── nginx.conf │ ├── php.ini │ └── www.conf ├── data │ ├── mysql │ │ └── .gitignore │ ├── redis │ │ └── .gitignore │ └── www │ │ └── .gitignore └── stack.yml ├── minio.yml ├── mongo.yml ├── monitor ├── conf │ └── prometheus.yml └── monitor.yml ├── mysql-replication ├── README.md ├── docker-compose.yml ├── master │ ├── data │ │ └── .gitignore │ └── mysqld.cnf └── slave │ ├── data │ └── .gitignore │ ├── init.sh │ └── mysqld.cnf ├── nfs.yml ├── redis-cluster ├── README.md ├── docker-compose.yml ├── redis-haproxy │ └── haproxy.cfg ├── redis-master │ └── README.md ├── redis-sentinel │ └── sentinel.conf ├── redis-slave │ └── README.md └── redis │ ├── README.md │ ├── redis-haproxy │ └── haproxy.cfg │ └── redis-sentinel │ └── sentinel.conf ├── registry ├── certs │ ├── hub.xmitd.com.crt │ └── hub.xmitd.com.key ├── minio │ ├── conf │ │ └── config.yml │ ├── data │ │ ├── minio │ │ │ ├── config │ │ │ │ └── .gitignore │ │ │ └── data │ │ │ │ └── .gitignore │ │ └── redis │ │ │ └── .gitignore │ └── docker-compose.yml ├── nginx.conf ├── qingyun.yml ├── registry │ ├── config.yml │ ├── registry.auth.yaml │ ├── registry.oss.yml │ ├── registry.ssl.yml │ ├── registry.ui.yml │ └── registry.yml └── ssl.conf ├── splunk ├── README.md ├── deploy.sh ├── search.yml ├── splunk.yml ├── splunk_cluster.yml ├── splunk_cluster.yml.bak ├── splunk_cluster_overlay.yml ├── splunk_monitor_docker.yml ├── splunk_universalforwarder.yml └── uninstall-universalforwarder.sh ├── tidb.yml ├── virtualhost ├── README.md ├── docker-compose.yml ├── mysql │ ├── data │ │ └── .gitignore │ ├── ftp.sql │ └── mysqld.cnf ├── nginx │ ├── default.conf │ └── nginx.conf ├── php │ ├── ext │ │ └── uploads.ini │ └── php.ini └── www │ └── .gitignore ├── wordpress ├── README.md ├── healthcheck.sh ├── mysql │ └── mysqld.cnf ├── nginx │ └── nginx.conf ├── php │ ├── ext │ │ └── uploads.ini │ └── php.ini ├── redis │ ├── redis-haproxy │ │ └── haproxy.cfg │ └── redis-sentinel │ │ └── sentinel.conf ├── stack.yml ├── wordpress.3.yaml └── wordpress.yaml └── zabbix ├── README.md ├── alertscripts └── .gitignore ├── enc └── .gitignore ├── externalscripts └── .gitignore ├── mibs └── .gitignore ├── modules └── .gitignore ├── mysql ├── data │ └── .gitignore └── mysqld.cnf ├── ssh_keys └── .gitignore └── zabbix.yml /README.md: -------------------------------------------------------------------------------- 1 | # docker-compose仓库说明 2 | 3 | 本仓库包含本人使用过的docker镜像以及常见架构的编排文件,非特殊声明,均为集群编排。 4 | 5 | 已验证列表: 6 | 7 | | 名称 | 说明 | 备注 | 8 | | ------------- | ---------------- | ---- | 9 | | devops | 包含jenkins,gitlab,jira | N/A | 10 | | elk | ELK一键部署 | 日志分析可视化套件 | 11 | | lnmp | 一键部署lnmp环境 | N/A | 12 | | lamp | 一键部署lamp环境 | N/A | 13 | | mysql-replication | MySql主从复制架构一键部署 | 主从复制架构一键部署 | 14 | | redis-cluster | redis哨兵架构 | N/A | 15 | | wordpress | wp一键部署,包含redis缓存 | 高可用集群环境 | 16 | | splunk | splunk集群部署编排 | 日志分析可视化套件 | 17 | | zabbix | zabbix监控 | N/A | -------------------------------------------------------------------------------- /SonarQube.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | sonarqube: 4 | image: sonarqube:7.0 5 | hostname: sonarqube 6 | ports: 7 | - 9000:9000/tcp 8 | - 9092:9092/tcp 9 | networks: 10 | dcs: 11 | environment: 12 | - SONARQUBE_JDBC_USERNAME=userdcs 13 | - SONARQUBE_JDBC_PASSWORD=userdcs 14 | - SONARQUBE_JDBC_URL==jdbc:postgresql://postgres:5432/sonar 15 | volumes: 16 | - sonarqube_conf:/opt/sonarqube/conf 17 | - sonarqube_data:/opt/sonarqube/data 18 | - sonarqube_extensions:/opt/sonarqube/extensions 19 | - sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins 20 | logging: 21 | driver: json-file 22 | options: 23 | max-file: '3' 24 | max-size: 100m 25 | deploy: 26 | mode: replicated 27 | replicas: 1 28 | update_config: 29 | parallelism: 1 30 | delay: 10s 31 | placement: 32 | constraints: 33 | - node.role == worker 34 | postgres: 35 | image: postgres:10.3 36 | hostname: postgres 37 | ports: 38 | - 9000:9000/tcp 39 | - 9092:9092/tcp 40 | networks: 41 | dcs: 42 | environment: 43 | - POSTGRES_USER=sonar 44 | - POSTGRES_PASSWORD=sonar 45 | volumes: 46 | - postgresql:/var/lib/postgresql 47 | - postgresql_data:/var/lib/postgresql/data 48 | logging: 49 | driver: json-file 50 | options: 51 | max-file: '3' 52 | max-size: 100m 53 | deploy: 54 | mode: replicated 55 | replicas: 1 56 | update_config: 57 | parallelism: 1 58 | delay: 10s 59 | placement: 60 | constraints: 61 | - node.role == worker 62 | networks: 63 | sonarqube: 64 | external: true 65 | -------------------------------------------------------------------------------- /confd.etcd.nginx.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | nginx: 4 | image: nginx:1.13.8-alpine 5 | networks: 6 | access: 7 | volumes: 8 | - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro 9 | - /etc/nginx/conf.d:/etc/nginx/conf.d:ro 10 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 11 | deploy: 12 | mode: replicated 13 | replicas: 1 14 | update_config: 15 | parallelism: 1 16 | delay: 10s 17 | 18 | etcd: 19 | image: daocloud.io/buxiaomo/etcd:3.2.9 20 | networks: 21 | access: 22 | volumes: 23 | - /var/lib/etcd/default:/etcd:rw 24 | deploy: 25 | mode: replicated 26 | replicas: 1 27 | update_config: 28 | parallelism: 1 29 | delay: 10s 30 | command: --name etcd --data-dir /etcd --advertise-client-urls http://0.0.0.0:4001 --initial-advertise-peer-urls http://0.0.0.0:7001 31 | 32 | etcd-browser: 33 | image: daocloud.io/buxiaomo/etcd-browser:master-cccf57a 34 | environment: 35 | - ETCD_HOST=127.0.0.1 36 | - ETCD_PORT=4001 37 | deploy: 38 | mode: replicated 39 | replicas: 1 40 | update_config: 41 | parallelism: 1 42 | delay: 10s 43 | 44 | confd: 45 | image: daocloud.io/buxiaomo/confd:0.15.0-docker 46 | networks: 47 | access: 48 | volumes: 49 | - /etc/confd/templates:/etc/confd/templates 50 | - /etc/confd/conf.d:/etc/confd/conf.d 51 | - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf 52 | - /var/run/docker.sock:/var/run/docker.sock:ro 53 | deploy: 54 | mode: replicated 55 | replicas: 1 56 | update_config: 57 | parallelism: 1 58 | delay: 10s 59 | command: confd -interval=30 -backend etcd -node http://127.0.0.1:4001 60 | 61 | networks: 62 | access: 63 | external: 64 | name: "host" 65 | -------------------------------------------------------------------------------- /dcs.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | rabbitmq: 4 | image: rabbitmq:3.7.3 5 | hostname: rabbitmq 6 | networks: 7 | dcs: 8 | environment: 9 | - RABBITMQ_DEFAULT_USER=userdcs 10 | - RABBITMQ_DEFAULT_PASS=userdcs 11 | volumes: 12 | - /var/lib/dcs/rabbitmq:/var/lib/rabbitmq:rw 13 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 14 | logging: 15 | driver: json-file 16 | options: 17 | max-file: '3' 18 | max-size: 100m 19 | deploy: 20 | mode: replicated 21 | replicas: 1 22 | update_config: 23 | parallelism: 1 24 | delay: 10s 25 | placement: 26 | constraints: 27 | - node.labels.dcsbase == true 28 | redis: 29 | image: redis:4.0.6 30 | hostname: redis 31 | networks: 32 | dcs: 33 | volumes: 34 | - /var/lib/dcs/redis:/data:rw 35 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 36 | logging: 37 | driver: json-file 38 | options: 39 | max-file: '3' 40 | max-size: 100m 41 | deploy: 42 | mode: replicated 43 | replicas: 1 44 | update_config: 45 | parallelism: 1 46 | delay: 10s 47 | placement: 48 | constraints: 49 | - node.labels.dcsbase == true 50 | postgres: 51 | image: postgres:10.3 52 | hostname: postgres 53 | networks: 54 | dcs: 55 | environment: 56 | - POSTGRES_USER=postgres 57 | - POSTGRES_PASSWORD=postgres 58 | volumes: 59 | - /var/lib/dcs/postgresql:/var/lib/postgresql/data 60 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 61 | deploy: 62 | mode: replicated 63 | replicas: 1 64 | placement: 65 | constraints: 66 | - node.labels.dcsbase == true 67 | logging: 68 | driver: json-file 69 | options: 70 | max-file: '3' 71 | max-size: 100m 72 | openldap: 73 | image: dinkel/openldap 74 | hostname: openldap 75 | environment: 76 | - SLAPD_PASSWORD=password 77 | - SLAPD_DOMAIN=daocloud.io 78 | volumes: 79 | - /var/lib/dcs/ldap/etc:/etc/ldap:rw 80 | - /var/lib/dcs/ldap/lib:/var/lib/ldap:rw 81 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 82 | networks: 83 | dcs: 84 | deploy: 85 | mode: replicated 86 | replicas: 1 87 | placement: 88 | constraints: 89 | - node.labels.dcsbase == true 90 | logging: 91 | driver: json-file 92 | options: 93 | max-file: '3' 94 | max-size: 100m 95 | phpldapadmin: 96 | image: dinkel/phpldapadmin 97 | hostname: phpldapadmin 98 | environment: 99 | - LDAP_SERVER_HOST=10.0.11.254 100 | networks: 101 | dcs: 102 | deploy: 103 | mode: replicated 104 | replicas: 1 105 | placement: 106 | constraints: 107 | - node.labels.dcsbase == true 108 | logging: 109 | driver: json-file 110 | options: 111 | max-file: '3' 112 | max-size: 100m 113 | networks: 114 | dcs: 115 | external: 116 | name: "host" 117 | 118 | # mkdir -p /var/lib/dcs/ldap/etc /var/lib/dcs/ldap/lib /var/lib/dcs/postgresql /var/lib/dcs/rabbitmq /var/lib/dcs/redis -------------------------------------------------------------------------------- /devops/README.md: -------------------------------------------------------------------------------- 1 | # 部署说明 2 | ## 准备好共享存储,否则请绑定主机运行 3 | 4 | 修改`conf`目录中`omnibus_config.rb`文件中的`external_url`参数为主机IP -------------------------------------------------------------------------------- /devops/conf/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | default-character-set = utf8 6 | 7 | [client] 8 | default-character-set=utf8 9 | 10 | [mysql] 11 | default-character-set=utf8 12 | 13 | [mysqld] 14 | #bind-address = 127.0.0.1 15 | collation-server = utf8_unicode_ci 16 | init-connect='SET NAMES utf8' 17 | character-set-server = utf8 18 | symbolic-links=0 19 | port = 3306 20 | socket = /var/run/mysqld/mysqld.sock 21 | pid-file = /var/run/mysqld/mysqld.pid 22 | datadir = /var/lib/mysql 23 | skip-external-locking 24 | key_buffer_size = 32M 25 | max_allowed_packet = 1M 26 | table_open_cache = 128 27 | sort_buffer_size = 768K 28 | net_buffer_length = 8K 29 | read_buffer_size = 768K 30 | read_rnd_buffer_size = 512K 31 | myisam_sort_buffer_size = 8M 32 | thread_cache_size = 16 33 | query_cache_size = 16M 34 | tmp_table_size = 32M 35 | performance_schema_max_table_instances = 500 36 | 37 | explicit_defaults_for_timestamp = true 38 | #skip-networking 39 | max_connections = 500 40 | max_connect_errors = 100 41 | open_files_limit = 65535 42 | 43 | log-bin=mysql-bin 44 | binlog_format=mixed 45 | server-id = 1 46 | expire_logs_days = 10 47 | early-plugin-load = "" 48 | 49 | #loose-innodb-trx=0 50 | #loose-innodb-locks=0 51 | #loose-innodb-lock-waits=0 52 | #loose-innodb-cmp=0 53 | #loose-innodb-cmp-per-index=0 54 | #loose-innodb-cmp-per-index-reset=0 55 | #loose-innodb-cmp-reset=0 56 | #loose-innodb-cmpmem=0 57 | #loose-innodb-cmpmem-reset=0 58 | #loose-innodb-buffer-page=0 59 | #loose-innodb-buffer-page-lru=0 60 | #loose-innodb-buffer-pool-stats=0 61 | #loose-innodb-metrics=0 62 | #loose-innodb-ft-default-stopword=0 63 | #loose-innodb-ft-inserted=0 64 | #loose-innodb-ft-deleted=0 65 | #loose-innodb-ft-being-deleted=0 66 | #loose-innodb-ft-config=0 67 | #loose-innodb-ft-index-cache=0 68 | #loose-innodb-ft-index-table=0 69 | #loose-innodb-sys-tables=0 70 | #loose-innodb-sys-tablestats=0 71 | #loose-innodb-sys-indexes=0 72 | #loose-innodb-sys-columns=0 73 | #loose-innodb-sys-fields=0 74 | #loose-innodb-sys-foreign=0 75 | #loose-innodb-sys-foreign-cols=0 76 | 77 | default_storage_engine = InnoDB 78 | innodb_file_per_table = 1 79 | innodb_data_home_dir = /var/lib/mysql 80 | innodb_data_file_path = ibdata1:10M:autoextend 81 | innodb_log_group_home_dir = /var/lib/mysql 82 | innodb_buffer_pool_size = 128M 83 | innodb_log_file_size = 32M 84 | innodb_log_buffer_size = 8M 85 | innodb_flush_log_at_trx_commit = 1 86 | innodb_lock_wait_timeout = 50 87 | 88 | [mysqldump] 89 | quick 90 | max_allowed_packet = 16M 91 | 92 | [mysql] 93 | no-auto-rehash 94 | 95 | [myisamchk] 96 | key_buffer_size = 32M 97 | sort_buffer_size = 768K 98 | read_buffer = 2M 99 | write_buffer = 2M 100 | 101 | [mysqlhotcopy] 102 | interactive-timeout -------------------------------------------------------------------------------- /devops/conf/omnibus_config.rb: -------------------------------------------------------------------------------- 1 | external_url 'http://10.0.3.11/' 2 | gitlab_rails['time_zone'] = 'Asia/Shanghai' 3 | gitlab_rails['smtp_enable'] = false -------------------------------------------------------------------------------- /devops/data/gitlab/etc/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/gitlab/etc/.gitignore -------------------------------------------------------------------------------- /devops/data/gitlab/log/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/gitlab/log/.gitignore -------------------------------------------------------------------------------- /devops/data/gitlab/opt/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/gitlab/opt/.gitignore -------------------------------------------------------------------------------- /devops/data/jenkins/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/jenkins/.gitignore -------------------------------------------------------------------------------- /devops/data/jira/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/jira/data/.gitignore -------------------------------------------------------------------------------- /devops/data/jira/logs/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/jira/logs/.gitignore -------------------------------------------------------------------------------- /devops/data/mysql/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/devops/data/mysql/.gitignore -------------------------------------------------------------------------------- /devops/devops.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | gitlab: 4 | # image: twang2218/gitlab-ce-zh:11.1 5 | image: gitlab/gitlab-ce:11.2.3-ce.0 6 | ports: 7 | - 20001:80 8 | - 20002:443 9 | - 20003:22 10 | networks: 11 | devops: 12 | aliases: 13 | - gitlab 14 | environment: 15 | - TZ='Asia/Shanghai' 16 | - GITLAB_OMNIBUS_CONFIG="from_file('/omnibus_config.rb')" 17 | configs: 18 | - source: gitlab 19 | target: /omnibus_config.rb 20 | volumes: 21 | - ./data/gitlab/etc:/etc/gitlab 22 | - ./data/gitlab/opt:/var/opt/gitlab 23 | - ./data/gitlab/log:/var/log/gitlab 24 | deploy: 25 | mode: replicated 26 | replicas: 1 27 | update_config: 28 | order: start-first 29 | parallelism: 1 30 | delay: 10s 31 | logging: 32 | driver: json-file 33 | options: 34 | max-file: '3' 35 | max-size: 100m 36 | 37 | jenkins: 38 | image: daocloud.io/buxiaomo/jenkins:2.121.3 39 | ports: 40 | - 20004:8080/tcp 41 | networks: 42 | devops: 43 | aliases: 44 | - jenkins 45 | environment: 46 | - LC_ALL=C.UTF-8 47 | volumes: 48 | - /var/run/docker.sock:/var/run/docker.sock:ro 49 | - ./data/jenkins:/var/jenkins:rw 50 | deploy: 51 | mode: replicated 52 | replicas: 1 53 | update_config: 54 | order: start-first 55 | parallelism: 1 56 | delay: 10s 57 | logging: 58 | driver: json-file 59 | options: 60 | max-file: '3' 61 | max-size: 100m 62 | 63 | jira: 64 | image: cptactionhank/atlassian-jira:7.11.2 65 | ports: 66 | - 20005:8080/tcp 67 | networks: 68 | devops: 69 | aliases: 70 | - server 71 | volumes: 72 | - ./data/jira/data:/var/atlassian/jira 73 | - ./data/jira/logs:/opt/atlassian/jira/logs 74 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 75 | deploy: 76 | mode: replicated 77 | replicas: 1 78 | update_config: 79 | order: stop-first 80 | parallelism: 1 81 | delay: 10s 82 | logging: 83 | driver: json-file 84 | options: 85 | max-file: '3' 86 | max-size: 100m 87 | 88 | mysql: 89 | image: mysql:5.7.20 90 | hostname: mysql 91 | networks: 92 | devops: 93 | aliases: 94 | - mysql 95 | environment: 96 | - MYSQL_ROOT_PASSWORD=root 97 | - MYSQL_DATABASE=jira 98 | - MYSQL_USER=jira 99 | - MYSQL_PASSWORD=jira 100 | configs: 101 | - source: mysql 102 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 103 | volumes: 104 | - ./data/mysql:/var/lib/mysql 105 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 106 | deploy: 107 | mode: replicated 108 | replicas: 1 109 | update_config: 110 | order: stop-first 111 | parallelism: 1 112 | delay: 10s 113 | logging: 114 | driver: json-file 115 | options: 116 | max-file: '3' 117 | max-size: 100m 118 | 119 | configs: 120 | mysql: 121 | file: ./conf/mysqld.cnf 122 | gitlab: 123 | file: ./conf/omnibus_config.rb 124 | networks: 125 | devops: 126 | external: true -------------------------------------------------------------------------------- /elk/README.md: -------------------------------------------------------------------------------- 1 | # 设置ELK运行主机 2 | ``` 3 | docker node update --label-add elk=true Docker 4 | ``` 5 | 6 | # 配置内核参数(elk节点,如上Docker-Work01、Docker-Work02、Docker-Work03折三个节点需要设置) 7 | ``` 8 | cat > /etc/sysctl.d/elasticsearch.conf << EOF 9 | vm.max_map_count = 262144 10 | fs.file-max = 65536 11 | EOF 12 | sysctl -p /etc/sysctl.d/elasticsearch.conf 13 | ``` 14 | 15 | # 配置资源限制参数,elk用户是Elasticsearch运行的用户(elk节点,如上Docker-Work01、Docker-Work02、Docker-Work03折三个节点需要设置) 16 | ``` 17 | cat > /etc/security/limits.d/elasticsearch.conf << EOF 18 | elk soft memlock unlimited 19 | elk hard memlock unlimited 20 | EOF 21 | echo "* soft nproc 4096" > /etc/security/limits.d/20-nproc.conf 22 | ``` 23 | 24 | # 修改数据目录所有者(共享存储) 25 | ``` 26 | chown -R 1000:1000 data/elasticsearch data/logstash 27 | ``` 28 | 29 | # 部署 30 | ``` 31 | docker network create -d overlay elk 32 | docker stack deploy -c elk.yml elk 33 | ``` 34 | 35 | # filebeat 36 | ``` 37 | src: https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.1-linux-x86_64.tar.gz 38 | deb: https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.1-amd64.deb 39 | rpm: https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.4.1-x86_64.rpm 40 | ``` -------------------------------------------------------------------------------- /elk/conf/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | # ======================== Elasticsearch Configuration ========================= 2 | # 3 | # NOTE: Elasticsearch comes with reasonable defaults for most settings. 4 | # Before you set out to tweak and tune the configuration, make sure you 5 | # understand what are you trying to accomplish and the consequences. 6 | # 7 | # The primary way of configuring a node is via this file. This template lists 8 | # the most important settings you may want to configure for a production cluster. 9 | # 10 | # Please consult the documentation for further information on configuration options: 11 | # https://www.elastic.co/guide/en/elasticsearch/reference/index.html 12 | # 13 | # ---------------------------------- Cluster ----------------------------------- 14 | # 15 | # Use a descriptive name for your cluster: 16 | # 17 | #cluster.name: my-application 18 | # 19 | # ------------------------------------ Node ------------------------------------ 20 | # 21 | # Use a descriptive name for the node: 22 | # 23 | #node.name: node-1 24 | # 25 | # Add custom attributes to the node: 26 | # 27 | #node.attr.rack: r1 28 | # 29 | # ----------------------------------- Paths ------------------------------------ 30 | # 31 | # Path to directory where to store the data (separate multiple locations by comma): 32 | # 33 | path.data: /usr/share/elasticsearch/data 34 | # 35 | # Path to log files: 36 | # 37 | path.logs: /usr/share/elasticsearch/logs 38 | # 39 | # ----------------------------------- Memory ----------------------------------- 40 | # 41 | # Lock the memory on startup: 42 | # 43 | # bootstrap.memory_lock: true 44 | bootstrap.memory_lock: false 45 | # 46 | # Make sure that the heap size is set to about half the memory available 47 | # on the system and that the owner of the process is allowed to use this 48 | # limit. 49 | # 50 | # Elasticsearch performs poorly when the system is swapping the memory. 51 | # 52 | # ---------------------------------- Network ----------------------------------- 53 | # 54 | # Set the bind address to a specific IP (IPv4 or IPv6): 55 | # 56 | network.host: 0.0.0.0 57 | # 58 | # Set a custom port for HTTP: 59 | # 60 | http.port: 9200 61 | # 62 | # For more information, consult the network module documentation. 63 | # 64 | # --------------------------------- Discovery ---------------------------------- 65 | # 66 | # Pass an initial list of hosts to perform discovery when new node is started: 67 | # The default list of hosts is ["127.0.0.1", "[::1]"] 68 | # 69 | #discovery.zen.ping.unicast.hosts: ["host1", "host2"] 70 | # 71 | # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): 72 | # 73 | #discovery.zen.minimum_master_nodes: 74 | # 75 | # For more information, consult the zen discovery module documentation. 76 | # 77 | # ---------------------------------- Gateway ----------------------------------- 78 | # 79 | # Block initial recovery after a full cluster restart until N nodes are started: 80 | # 81 | #gateway.recover_after_nodes: 3 82 | # 83 | # For more information, consult the gateway module documentation. 84 | # 85 | # ---------------------------------- Various ----------------------------------- 86 | # 87 | # Require explicit names when deleting indices: 88 | # 89 | #action.destructive_requires_name: true -------------------------------------------------------------------------------- /elk/conf/filebeat.docker.yml: -------------------------------------------------------------------------------- 1 | filebeat.config: 2 | modules: 3 | path: ${path.config}/modules.d/*.yml 4 | reload.enabled: false 5 | 6 | filebeat.autodiscover: 7 | providers: 8 | - type: docker 9 | hints.enabled: true 10 | 11 | processors: 12 | - add_cloud_metadata: ~ 13 | 14 | output.elasticsearch: 15 | hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' 16 | username: '${ELASTICSEARCH_USERNAME:}' 17 | password: '${ELASTICSEARCH_PASSWORD:}' -------------------------------------------------------------------------------- /elk/conf/kibana.yml: -------------------------------------------------------------------------------- 1 | # Kibana is served by a back end server. This setting specifies the port to use. 2 | server.port: 5601 3 | 4 | # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. 5 | # The default is 'localhost', which usually means remote machines will not be able to connect. 6 | # To allow connections from remote users, set this parameter to a non-loopback address. 7 | server.host: "0.0.0.0" 8 | 9 | # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects 10 | # the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests 11 | # to Kibana. This setting cannot end in a slash. 12 | #server.basePath: "" 13 | 14 | # The maximum payload size in bytes for incoming server requests. 15 | #server.maxPayloadBytes: 1048576 16 | 17 | # The Kibana server's name. This is used for display purposes. 18 | #server.name: "your-hostname" 19 | 20 | # The URL of the Elasticsearch instance to use for all your queries. 21 | elasticsearch.url: "http://elasticsearch:9200" 22 | 23 | # When this setting's value is true Kibana uses the hostname specified in the server.host 24 | # setting. When the value of this setting is false, Kibana uses the hostname of the host 25 | # that connects to this Kibana instance. 26 | #elasticsearch.preserveHost: true 27 | 28 | # Kibana uses an index in Elasticsearch to store saved searches, visualizations and 29 | # dashboards. Kibana creates a new index if the index doesn't already exist. 30 | #kibana.index: ".kibana" 31 | 32 | # The default application to load. 33 | #kibana.defaultAppId: "home" 34 | 35 | # If your Elasticsearch is protected with basic authentication, these settings provide 36 | # the username and password that the Kibana server uses to perform maintenance on the Kibana 37 | # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which 38 | # is proxied through the Kibana server. 39 | #elasticsearch.username: "user" 40 | #elasticsearch.password: "pass" 41 | 42 | # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. 43 | # These settings enable SSL for outgoing requests from the Kibana server to the browser. 44 | #server.ssl.enabled: false 45 | #server.ssl.certificate: /path/to/your/server.crt 46 | #server.ssl.key: /path/to/your/server.key 47 | 48 | # Optional settings that provide the paths to the PEM-format SSL certificate and key files. 49 | # These files validate that your Elasticsearch backend uses the same key files. 50 | #elasticsearch.ssl.certificate: /path/to/your/client.crt 51 | #elasticsearch.ssl.key: /path/to/your/client.key 52 | 53 | # Optional setting that enables you to specify a path to the PEM file for the certificate 54 | # authority for your Elasticsearch instance. 55 | #elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] 56 | 57 | # To disregard the validity of SSL certificates, change this setting's value to 'none'. 58 | #elasticsearch.ssl.verificationMode: full 59 | 60 | # Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of 61 | # the elasticsearch.requestTimeout setting. 62 | #elasticsearch.pingTimeout: 1500 63 | 64 | # Time in milliseconds to wait for responses from the back end or Elasticsearch. This value 65 | # must be a positive integer. 66 | #elasticsearch.requestTimeout: 30000 67 | 68 | # List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side 69 | # headers, set this value to [] (an empty list). 70 | #elasticsearch.requestHeadersWhitelist: [ authorization ] 71 | 72 | # Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten 73 | # by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. 74 | #elasticsearch.customHeaders: {} 75 | 76 | # Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. 77 | #elasticsearch.shardTimeout: 0 78 | 79 | # Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. 80 | #elasticsearch.startupTimeout: 5000 81 | 82 | # Specifies the path where Kibana creates the process ID file. 83 | #pid.file: /var/run/kibana.pid 84 | 85 | # Enables you specify a file where Kibana stores log output. 86 | #logging.dest: stdout 87 | 88 | # Set the value of this setting to true to suppress all logging output. 89 | #logging.silent: false 90 | 91 | # Set the value of this setting to true to suppress all logging output other than error messages. 92 | #logging.quiet: false 93 | 94 | # Set the value of this setting to true to log all events, including system usage information 95 | # and all requests. 96 | #logging.verbose: false 97 | 98 | # Set the interval in milliseconds to sample system and process performance 99 | # metrics. Minimum is 100ms. Defaults to 5000. 100 | #ops.interval: 5000 101 | 102 | # The default locale. This locale can be used in certain circumstances to substitute any missing 103 | # translations. 104 | #i18n.defaultLocale: "en" -------------------------------------------------------------------------------- /elk/conf/limits.d/elasticsearch.conf: -------------------------------------------------------------------------------- 1 | elk soft memlock unlimited 2 | elk hard memlock unlimited -------------------------------------------------------------------------------- /elk/conf/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | redis { 3 | # logstash redis插件工作方式 4 | data_type => "list" 5 | # 监听的键值 6 | key => "logstash-nginx" 7 | # redis地址 8 | host => "redis" 9 | # redis端口号 10 | port => 6379 11 | # # redis数据库的编号 12 | # db => 0 13 | # 如果有安全认证,此项为密码 14 | password => 'eCha4Sei' 15 | # # 启用线程数量 16 | # threads => 1 17 | } 18 | } 19 | 20 | filter { 21 | json { 22 | source => "message" 23 | remove_field => ["message","beat"] 24 | } 25 | } 26 | 27 | # data { 28 | # match => ["time_local","dd/MMMM/yyyy:HH:mm:ss"] 29 | # target => "@timestamp" 30 | # } 31 | 32 | output { 33 | elasticsearch { 34 | hosts => [ "http://elasticsearch:9200" ] 35 | index => "nginx-%{+YYYY.MM.dd}" 36 | } 37 | } -------------------------------------------------------------------------------- /elk/conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 51200; 10 | multi_accept on; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '{"site": "$server_name",' 18 | '"server": "$host",' 19 | '"dest_port": "$server_port",' 20 | '"dest_ip": "$server_addr",' 21 | '"src": "$remote_addr",' 22 | '"src_ip": "$realip_remote_addr",' 23 | '"user": "$remote_user",' 24 | '"@timestamp": "$time_local",' 25 | '"protocol": "$server_protocol",' 26 | '"status": "$status",' 27 | '"bytes_out": "$bytes_sent",' 28 | '"bytes_in": "$upstream_bytes_received",' 29 | '"http_referer": "$http_referer",' 30 | '"http_user_agent": "$http_user_agent",' 31 | '"nginx_version": "$nginx_version",' 32 | '"http_x_forwarded_for": "$http_x_forwarded_for",' 33 | '"http_x_header": "$http_x_header",' 34 | '"uri_query": "$query_string",' 35 | '"uri_path": "$uri",' 36 | '"http_method": "$request_method",' 37 | '"response_time": "$upstream_response_time",' 38 | '"cookie": "$http_cookie",' 39 | '"request_time":"$request_time"}'; 40 | 41 | server_names_hash_bucket_size 128; 42 | client_header_buffer_size 32k; 43 | large_client_header_buffers 4 32k; 44 | client_max_body_size 50m; 45 | 46 | sendfile on; 47 | tcp_nopush on; 48 | 49 | keepalive_timeout 60; 50 | 51 | tcp_nodelay on; 52 | 53 | fastcgi_connect_timeout 300; 54 | fastcgi_send_timeout 300; 55 | fastcgi_read_timeout 300; 56 | fastcgi_buffer_size 64k; 57 | fastcgi_buffers 4 64k; 58 | fastcgi_busy_buffers_size 128k; 59 | fastcgi_temp_file_write_size 256k; 60 | 61 | gzip on; 62 | gzip_min_length 1k; 63 | gzip_buffers 4 16k; 64 | gzip_http_version 1.1; 65 | gzip_comp_level 2; 66 | gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; 67 | gzip_vary on; 68 | gzip_proxied expired no-cache no-store private auth; 69 | gzip_disable "MSIE [1-6]\."; 70 | 71 | server_tokens off; 72 | 73 | server { 74 | listen 80; 75 | server_name _; 76 | access_log /var/log/nginx/access.log main; 77 | location / { 78 | auth_basic "User Authentication"; 79 | auth_basic_user_file /etc/nginx/nginx.db; 80 | proxy_redirect off; 81 | proxy_set_header X-Real-IP $remote_addr; 82 | proxy_set_header Host $host; 83 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 84 | proxy_pass_request_headers on; 85 | proxy_pass http://kibana:5601; 86 | } 87 | } 88 | } -------------------------------------------------------------------------------- /elk/conf/nginx.db: -------------------------------------------------------------------------------- 1 | admin:.XUbrKzTfP17c -------------------------------------------------------------------------------- /elk/conf/sysctl.d/elasticsearch.conf: -------------------------------------------------------------------------------- 1 | vm.max_map_count = 262144 -------------------------------------------------------------------------------- /elk/ek.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | nginx: 4 | image: nginx:1.13.6-alpine 5 | ports: 6 | - 80:80/tcp 7 | networks: 8 | elk: 9 | aliases: 10 | - nginx 11 | configs: 12 | - source: nginx 13 | target: /etc/nginx/nginx.conf 14 | - source: nginxdb 15 | target: /etc/nginx/nginx.db 16 | volumes: 17 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 18 | deploy: 19 | mode: replicated 20 | replicas: 1 21 | resources: 22 | limits: 23 | cpus: '0.50' 24 | memory: 100M 25 | update_config: 26 | parallelism: 1 27 | delay: 10s 28 | placement: 29 | constraints: 30 | - node.labels.elk == true 31 | healthcheck: 32 | test: ["CMD-SHELL", "nc -w 1 127.0.0.1 80 -z &> /dev/null || exit 1"] 33 | interval: 10s 34 | timeout: 5s 35 | retries: 3 36 | logging: 37 | driver: json-file 38 | options: 39 | max-file: '3' 40 | max-size: 100m 41 | 42 | kibana: 43 | image: kibana:6.6.0 44 | # ports: 45 | # - 5601:5601/tcp 46 | networks: 47 | elk: 48 | aliases: 49 | - kibana 50 | environment: 51 | - SERVER_NAME=${SERVER_NAME:-kibana} 52 | - ELASTICSEARCH_HOSTS=${ELASTICSEARCH_HOSTS:-http://elasticsearch:9200} 53 | volumes: 54 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 55 | deploy: 56 | mode: replicated 57 | replicas: 1 58 | update_config: 59 | parallelism: 1 60 | delay: 10s 61 | placement: 62 | constraints: 63 | - node.labels.elk == true 64 | # healthcheck: 65 | # test: ["CMD-SHELL", "nc -w 1 127.0.0.1 5601 -z &> /dev/null || exit 1"] 66 | # interval: 10s 67 | # timeout: 5s 68 | # retries: 3 69 | logging: 70 | driver: json-file 71 | options: 72 | max-file: '3' 73 | max-size: 100m 74 | 75 | elasticsearch: 76 | image: elasticsearch:6.6.0 77 | ports: 78 | - 9200:9200/tcp 79 | - 9300:9300/tcp 80 | configs: 81 | - source: elasticsearch 82 | target: /usr/share/elasticsearch/config/elasticsearch.yml 83 | networks: 84 | elk: 85 | aliases: 86 | - elasticsearch 87 | volumes: 88 | - elasticsearch:/usr/share/elasticsearch/data 89 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 90 | deploy: 91 | mode: replicated 92 | replicas: 1 93 | update_config: 94 | parallelism: 1 95 | delay: 10s 96 | placement: 97 | constraints: 98 | - node.labels.elk == true 99 | # healthcheck: 100 | # test: ["CMD-SHELL", "curl http://127.0.0.1:9200 &> /dev/null|| exit 1"] 101 | # interval: 10s 102 | # timeout: 5s 103 | # retries: 3 104 | logging: 105 | driver: json-file 106 | options: 107 | max-file: '3' 108 | max-size: 100m 109 | 110 | # redis: 111 | # image: redis:4.0.6 112 | # command: redis-server /etc/redis.conf 113 | # ports: 114 | # - 6379:6379/tcp 115 | # networks: 116 | # elk: 117 | # aliases: 118 | # - redis 119 | # configs: 120 | # - source: redis 121 | # target: /etc/redis.conf 122 | # volumes: 123 | # - redis:/data:rw 124 | # - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 125 | # deploy: 126 | # mode: replicated 127 | # replicas: 1 128 | # resources: 129 | # limits: 130 | # cpus: '0.50' 131 | # memory: 100M 132 | # update_config: 133 | # parallelism: 1 134 | # delay: 10s 135 | # placement: 136 | # constraints: 137 | # - node.labels.elk == true 138 | # healthcheck: 139 | # test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 -a eCha4Sei PING &> /dev/null || exit 1"] 140 | # interval: 10s 141 | # timeout: 5s 142 | # retries: 3 143 | # logging: 144 | # driver: json-file 145 | # options: 146 | # max-file: '3' 147 | # max-size: 100m 148 | 149 | # logstash: 150 | # image: daocloud.io/buxiaomo/logstash:6.2.4 151 | # command: /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/logstash.conf 152 | # # ports: 153 | # # - 5043:5043/tcp 154 | # networks: 155 | # elk: 156 | # aliases: 157 | # - logstash 158 | # configs: 159 | # - source: logstash 160 | # target: /usr/local/logstash/config/logstash.conf 161 | # uid: '1000' 162 | # gid: '1000' 163 | # mode: 0660 164 | # volumes: 165 | # - logstash:/usr/local/logstash/data:rw 166 | # - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 167 | # deploy: 168 | # mode: replicated 169 | # replicas: 1 170 | # update_config: 171 | # parallelism: 1 172 | # delay: 10s 173 | # placement: 174 | # constraints: 175 | # - node.labels.elk == true 176 | # logging: 177 | # driver: json-file 178 | # options: 179 | # max-file: '3' 180 | # max-size: 100m 181 | 182 | configs: 183 | nginx: 184 | file: ./conf/nginx.conf 185 | nginxdb: 186 | file: ./conf/nginx.db 187 | elasticsearch: 188 | file: ./conf/elasticsearch.yml 189 | kibana: 190 | file: ./conf/kibana.yml 191 | # logstash: 192 | # file: ./conf/logstash.conf 193 | # redis: 194 | # file: ./conf/redis.conf 195 | volumes: 196 | elasticsearch: {} 197 | # redis: {} 198 | # logstash: {} 199 | 200 | networks: 201 | elk: 202 | external: true 203 | -------------------------------------------------------------------------------- /elk/example/filebeat.example.yaml: -------------------------------------------------------------------------------- 1 | filebeat.prospectors: 2 | - type: log 3 | enabled: true 4 | paths: 5 | - /var/log/nginx/access.log 6 | output.elasticsearch: 7 | hosts: ["localhost:9200"] 8 | protocol: "https" 9 | username: "elastic" 10 | password: "changeme" 11 | hosts: ["localhost:5044"] 12 | ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 13 | ssl.certificate: "/etc/pki/client/cert.pem" 14 | ssl.key: "/etc/pki/client/cert.key" 15 | 16 | # filebeat.config.modules: 17 | # path: ${path.config}/modules.d/*.yml 18 | # reload.enabled: false 19 | # setup.template.settings: 20 | # index.number_of_shards: 3 21 | # setup.kibana: 22 | # #host: "localhost:5601" 23 | # filebeat.inputs: 24 | # - type: log 25 | # enabled: false 26 | # paths: 27 | # - /var/log/nginx/access.log 28 | # output.redis: 29 | # hosts: ["127.0.0.1"] 30 | # port: 6379 31 | # password: "eCha4Sei" 32 | # key: "logstash-nginx" 33 | # # output.elasticsearch: 34 | # #hosts: ["localhost:9200"] 35 | # #protocol: "https" 36 | # #username: "elastic" 37 | # #password: "changeme" 38 | # #hosts: ["localhost:5044"] 39 | # #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] 40 | # #ssl.certificate: "/etc/pki/client/cert.pem" 41 | # #ssl.key: "/etc/pki/client/cert.key" -------------------------------------------------------------------------------- /elk/example/kafka.conf: -------------------------------------------------------------------------------- 1 | # 从Kafka读取日志消息 2 | input { 3 | kafka { 4 | zk_connect => "localhost:2181" 5 | group_id => "logstash" 6 | topic_id => "test" 7 | reset_beginning => false 8 | consumer_threads => 1 9 | queue_size => 20 10 | rebalance_max_retries => 4 11 | rebalance_backoff_ms => 2000 12 | consumer_timeout_ms => -1 13 | consumer_restart_on_error => true 14 | consumer_restart_sleep_ms => 0 15 | decorate_events => false 16 | consumer_id => nil 17 | fetch_message_max_bytes => 1048576 18 | } 19 | } 20 | 21 | # 将消息发送到Kafka 22 | output { 23 | kafka { 24 | broker_list => "localhost:9092" 25 | topic_id => "test" 26 | compression_codec => "none" 27 | compressed_topics => "" 28 | request_required_acks => 0 # [-1, 0, 1] 29 | serializer_class => "kafka.serializer.StringEncoder" 30 | partitioner_class => "kafka.producer.DefaultPartitioner" 31 | request_timeout_ms => 10000 32 | producer_type => 'sync' 33 | key_serializer_class => "kafka.serializer.StringEncoder" 34 | message_send_max_retries => 3 35 | retry_backoff_ms => 100 36 | topic_metadata_refresh_interval_ms => 600 * 1000 37 | queue_buffering_max_ms => 5000 38 | queue_buffering_max_messages => 10000 39 | queue_enqueue_timeout_ms => -1 40 | batch_num_messages => 200 41 | send_buffer_bytes => 100 * 1024 42 | client_id => "" 43 | } 44 | } -------------------------------------------------------------------------------- /elk/example/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data www-data; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 51200; 10 | multi_accept on; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '{"site": "$server_name",' 18 | '"server": "$host",' 19 | '"dest_port": "$server_port",' 20 | '"dest_ip": "$server_addr",' 21 | '"src": "$remote_addr",' 22 | '"src_ip": "$realip_remote_addr",' 23 | '"user": "$remote_user",' 24 | '"@timestamp": "$time_local",' 25 | '"protocol": "$server_protocol",' 26 | '"status": "$status",' 27 | '"bytes_out": "$bytes_sent",' 28 | '"bytes_in": "$upstream_bytes_received",' 29 | '"http_referer": "$http_referer",' 30 | '"http_user_agent": "$http_user_agent",' 31 | '"nginx_version": "$nginx_version",' 32 | '"http_x_forwarded_for": "$http_x_forwarded_for",' 33 | '"http_x_header": "$http_x_header",' 34 | '"uri_query": "$query_string",' 35 | '"uri_path": "$uri",' 36 | '"http_method": "$request_method",' 37 | '"response_time": "$upstream_response_time",' 38 | '"cookie": "$http_cookie",' 39 | '"request_time":"$request_time"}'; 40 | 41 | server_names_hash_bucket_size 128; 42 | client_header_buffer_size 32k; 43 | large_client_header_buffers 4 32k; 44 | client_max_body_size 50m; 45 | 46 | sendfile on; 47 | tcp_nopush on; 48 | 49 | keepalive_timeout 60; 50 | 51 | tcp_nodelay on; 52 | 53 | fastcgi_connect_timeout 300; 54 | fastcgi_send_timeout 300; 55 | fastcgi_read_timeout 300; 56 | fastcgi_buffer_size 64k; 57 | fastcgi_buffers 4 64k; 58 | fastcgi_busy_buffers_size 128k; 59 | fastcgi_temp_file_write_size 256k; 60 | 61 | gzip on; 62 | gzip_min_length 1k; 63 | gzip_buffers 4 16k; 64 | gzip_http_version 1.1; 65 | gzip_comp_level 2; 66 | gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; 67 | gzip_vary on; 68 | gzip_proxied expired no-cache no-store private auth; 69 | gzip_disable "MSIE [1-6]\."; 70 | 71 | server_tokens off; 72 | 73 | server { 74 | listen 8080; 75 | root /var/www/html; 76 | index index.html index.htm index.nginx-debian.html; 77 | access_log /var/log/nginx/access.log main; 78 | server_name _; 79 | location / { 80 | try_files $uri $uri/ =404; 81 | } 82 | } 83 | } -------------------------------------------------------------------------------- /elk/filebeat.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | filebeat: 4 | image: docker.elastic.co/beats/filebeat:6.6.0 5 | user: root 6 | command: filebeat -e -strict.perms=false -E output.elasticsearch.hosts=["elasticsearch:9200"] 7 | networks: 8 | elk: 9 | aliases: 10 | - filebeat 11 | configs: 12 | - source: docker 13 | target: /usr/share/filebeat/filebeat.yml 14 | volumes: 15 | - /var/lib/docker/containers:/var/lib/docker/containers:ro 16 | - /var/run/docker.sock:/var/run/docker.sock:ro 17 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 18 | deploy: 19 | mode: replicated 20 | replicas: 1 21 | resources: 22 | limits: 23 | cpus: '0.50' 24 | memory: 100M 25 | update_config: 26 | parallelism: 1 27 | delay: 10s 28 | placement: 29 | constraints: 30 | - node.labels.elk == true 31 | healthcheck: 32 | test: ["CMD-SHELL", "nc -w 1 127.0.0.1 80 -z &> /dev/null || exit 1"] 33 | interval: 10s 34 | timeout: 5s 35 | retries: 3 36 | logging: 37 | driver: json-file 38 | options: 39 | max-file: '3' 40 | max-size: 100m 41 | 42 | eg-apache: 43 | image: httpd:2.4 44 | networks: 45 | elk: 46 | aliases: 47 | - apache 48 | volumes: 49 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 50 | deploy: 51 | mode: replicated 52 | labels: 53 | - co.elastic.logs/module=apache2 54 | - co.elastic.logs/fileset.stdout=access 55 | - co.elastic.logs/fileset.stderr=error 56 | - co.elastic.metrics/module=apache 57 | - co.elastic.metrics/metricsets=status 58 | replicas: 1 59 | resources: 60 | limits: 61 | cpus: '0.50' 62 | memory: 100M 63 | update_config: 64 | parallelism: 1 65 | delay: 10s 66 | placement: 67 | constraints: 68 | - node.labels.elk == true 69 | healthcheck: 70 | test: ["CMD-SHELL", "nc -w 1 127.0.0.1 80 -z &> /dev/null || exit 1"] 71 | interval: 10s 72 | timeout: 5s 73 | retries: 3 74 | logging: 75 | driver: json-file 76 | options: 77 | max-file: '3' 78 | max-size: 100m 79 | 80 | configs: 81 | docker: 82 | file: ./conf/filebeat.docker.yml 83 | 84 | networks: 85 | elk: 86 | external: true -------------------------------------------------------------------------------- /etcd-cluster.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | etcd01: 4 | image: daocloud.io/daocloud/etcd:v3.2.9 5 | hostname: etcd01 6 | networks: 7 | etcd: 8 | aliases: 9 | - etcd01 10 | volumes: 11 | - /mnt/nfs/etcd/etcd01:/etcd-data:rw 12 | environment: 13 | - ETCD_NAME="etcd-01" 14 | - ETCD_DATA_DIR="/etcd-data" 15 | - ETCD_ADVERTISE_CLIENT_URLS="http://etcd01:22379" 16 | - ETCD_LISTEN_PEER_URLS="http://0.0.0.0:22380" 17 | - ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" 18 | - ETCD_INITIAL_ADVERTISE_PEER_URLS="http://etcd01:22380" 19 | - ETCD_INITIAL_CLUSTER="etcd-01=http://etcd01:22380,etcd-02=http://etcd02:22380,etcd-03=http://etcd03:22380" 20 | - ETCD_INITIAL_CLUSTER_STATE="new" 21 | - ETCD_INITIAL_CLUSTER_TOKEN="admin" 22 | - ETCD_AUTO_COMPACTION_RETENTION="3" 23 | - ETCD_QUOTA_BACKEND_BYTES="8589934592" 24 | - ETCD_SNAPSHOT_COUNT="5000" 25 | deploy: 26 | mode: replicated 27 | replicas: 1 28 | update_config: 29 | parallelism: 1 30 | delay: 10s 31 | placement: 32 | constraints: 33 | - node.role == worker 34 | etcd02: 35 | image: daocloud.io/daocloud/etcd:v3.2.9 36 | hostname: etcd02 37 | networks: 38 | etcd: 39 | aliases: 40 | - etcd02 41 | volumes: 42 | - /mnt/nfs/etcd/etcd02:/etcd-data:rw 43 | environment: 44 | - ETCD_NAME="etcd-02" 45 | - ETCD_DATA_DIR="/etcd-data" 46 | - ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:22379" 47 | - ETCD_LISTEN_PEER_URLS="http://0.0.0.0:22380" 48 | - ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" 49 | - ETCD_INITIAL_ADVERTISE_PEER_URLS="http://etcd02:22380" 50 | - ETCD_INITIAL_CLUSTER="etcd-01=http://etcd01:22380,etcd-02=http://etcd02:22380,etcd-03=http://etcd03:22380" 51 | - ETCD_INITIAL_CLUSTER_STATE="new" 52 | - ETCD_INITIAL_CLUSTER_TOKEN="admin" 53 | - ETCD_AUTO_COMPACTION_RETENTION="3" 54 | - ETCD_QUOTA_BACKEND_BYTES="8589934592" 55 | - ETCD_SNAPSHOT_COUNT="5000" 56 | deploy: 57 | mode: replicated 58 | replicas: 1 59 | update_config: 60 | parallelism: 1 61 | delay: 10s 62 | placement: 63 | constraints: 64 | - node.role == worker 65 | etcd03: 66 | image: daocloud.io/daocloud/etcd:v3.2.9 67 | hostname: etcd03 68 | networks: 69 | etcd: 70 | aliases: 71 | - etcd03 72 | volumes: 73 | - /mnt/nfs/etcd/etcd03:/etcd-data:rw 74 | environment: 75 | - ETCD_NAME="etcd-03" 76 | - ETCD_DATA_DIR="/etcd-data" 77 | - ETCD_ADVERTISE_CLIENT_URLS="http://etcd03:22379" 78 | - ETCD_LISTEN_PEER_URLS="http://0.0.0.0:22380" 79 | - ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" 80 | - ETCD_INITIAL_ADVERTISE_PEER_URLS="http://etcd03:22380" 81 | - ETCD_INITIAL_CLUSTER="etcd-01=http://etcd01:22380,etcd-02=http://etcd02:22380,etcd-03=http://etcd03:22380" 82 | - ETCD_INITIAL_CLUSTER_STATE="new" 83 | - ETCD_INITIAL_CLUSTER_TOKEN="admin" 84 | - ETCD_AUTO_COMPACTION_RETENTION="3" 85 | - ETCD_QUOTA_BACKEND_BYTES="8589934592" 86 | - ETCD_SNAPSHOT_COUNT="5000" 87 | deploy: 88 | mode: replicated 89 | replicas: 1 90 | update_config: 91 | parallelism: 1 92 | delay: 10s 93 | placement: 94 | constraints: 95 | - node.role == worker 96 | networks: 97 | etcd: 98 | external: true 99 | -------------------------------------------------------------------------------- /gogs.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | gogs: 4 | image: gogs/gogs:latest 5 | ports: 6 | - 22:22/tcp 7 | - 80:3000/tcp 8 | volumes: 9 | - /docker/gogs/gogs:/data 10 | networks: 11 | gogs: 12 | aliases: 13 | - gogs 14 | mysql: 15 | image: mysql:5.7.18 16 | volumes: 17 | - /docker/gogs/mysql:/var/lib/mysql 18 | environment: 19 | - MYSQL_ROOT_PASSWORD=root 20 | - MYSQL_DATABASE=gogs 21 | - MYSQL_USER=gogs 22 | - MYSQL_PASSWORD=gogs 23 | networks: 24 | gogs: 25 | aliases: 26 | - mysql 27 | networks: 28 | gogs: 29 | external: true 30 | -------------------------------------------------------------------------------- /graylog/conf/mongod.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/graylog/conf/mongod.conf -------------------------------------------------------------------------------- /graylog/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | mongo: 4 | image: mongo:4.0.1 5 | networks: 6 | graylog: 7 | aliases: 8 | - mongo 9 | configs: 10 | - source: mongod 11 | target: /etc/mongo/mongod.conf 12 | volumes: 13 | - ./mongo:/data/db:rw 14 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 15 | deploy: 16 | mode: replicated 17 | replicas: 1 18 | resources: 19 | limits: 20 | cpus: '0.50' 21 | memory: 100M 22 | reservations: 23 | cpus: '0.25' 24 | memory: 50M 25 | update_config: 26 | order: start-first 27 | parallelism: 1 28 | delay: 10s 29 | # healthcheck: 30 | # test: ["CMD-SHELL", "nc -w 1 127.0.0.1 -z 80 || exit 1"] 31 | # interval: 10s 32 | # timeout: 5s 33 | # retries: 3 34 | logging: 35 | driver: json-file 36 | options: 37 | max-file: '3' 38 | max-size: 100m 39 | elasticsearch: 40 | image: daocloud.io/buxiaomo/elasticsearch:6.2.4 41 | command: elasticsearch -Des.cluster.name='graylog' 42 | ports: 43 | - 9200:9200/tcp 44 | - 9300:9300/tcp 45 | configs: 46 | - source: elasticsearch 47 | target: /usr/local/elasticsearch/config/elasticsearch.yml 48 | uid: '1000' 49 | gid: '1000' 50 | mode: 0660 51 | networks: 52 | elk: 53 | aliases: 54 | - elasticsearch 55 | volumes: 56 | - ./elasticsearch/data:/usr/local/elasticsearch/data 57 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 58 | deploy: 59 | mode: replicated 60 | replicas: 1 61 | update_config: 62 | parallelism: 1 63 | delay: 10s 64 | # healthcheck: 65 | # test: ["CMD-SHELL", "curl http://127.0.0.1:9200 &> /dev/null|| exit 1"] 66 | # interval: 10s 67 | # timeout: 5s 68 | # retries: 3 69 | logging: 70 | driver: json-file 71 | options: 72 | max-file: '3' 73 | max-size: 100m 74 | 75 | graylog: 76 | image: graylog2/server:2.1.1-1 77 | hostname: mysql 78 | networks: 79 | lnmp: 80 | aliases: 81 | - mysql 82 | environment: 83 | - MYSQL_ROOT_PASSWORD=root 84 | - MYSQL_DATABASE=lnmp 85 | - MYSQL_USER=lnmp 86 | - MYSQL_PASSWORD=lnmp 87 | configs: 88 | - source: mysql 89 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 90 | volumes: 91 | - ./mysql/data:/var/lib/mysql 92 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 93 | deploy: 94 | mode: replicated 95 | replicas: 1 96 | update_config: 97 | # order: start-first 98 | parallelism: 1 99 | delay: 10s 100 | placement: 101 | constraints: 102 | - node.labels.lnmp == true 103 | # healthcheck: 104 | # test: ["CMD-SHELL", "curl -f http://localhost:80/ || exit 1"] 105 | # interval: 10s 106 | # timeout: 5s 107 | # retries: 3 108 | logging: 109 | driver: json-file 110 | options: 111 | max-file: '3' 112 | max-size: 100m 113 | 114 | phpmyadmin: 115 | image: phpmyadmin/phpmyadmin:4.7 116 | hostname: phpmyadmin 117 | ports: 118 | - 3002:80/tcp 119 | networks: 120 | lnmp: 121 | aliases: 122 | - phpmyadmin 123 | environment: 124 | - PMA_HOST=mysql 125 | deploy: 126 | mode: replicated 127 | replicas: 1 128 | update_config: 129 | order: start-first 130 | parallelism: 1 131 | delay: 10s 132 | placement: 133 | constraints: 134 | - node.labels.mysql == true 135 | # healthcheck: 136 | # test: ["CMD-SHELL", "curl -f http://localhost:80/ || exit 1"] 137 | # interval: 10s 138 | # timeout: 5s 139 | # retries: 3 140 | logging: 141 | driver: json-file 142 | options: 143 | max-file: '3' 144 | max-size: 100m 145 | 146 | configs: 147 | nginx: 148 | file: ./nginx/nginx.conf 149 | php: 150 | file: ./php/php.ini 151 | phpuploads: 152 | file: ./php/ext/uploads.ini 153 | mysql: 154 | file: ./mysql/mysqld.cnf 155 | 156 | networks: 157 | lnmp: 158 | external: true -------------------------------------------------------------------------------- /jenkins/README.md: -------------------------------------------------------------------------------- 1 | # Jenkins 2 | 3 | ## 必要插件 4 | ``` 5 | configuration-as-code 6 | configuration-as-code-support 7 | ``` 8 | 9 | 详情见 `conf/jenkins.yml` 与编排文件呢 10 | 11 | 12 | ## Links 13 | 14 | * https://jenkins.io/projects/jcasc/ -------------------------------------------------------------------------------- /jenkins/conf/jenkins.yml: -------------------------------------------------------------------------------- 1 | jenkins: 2 | agentProtocols: 3 | - "JNLP4-connect" 4 | - "Ping" 5 | crumbIssuer: 6 | standard: 7 | excludeClientIPFromCrumb: true 8 | disableRememberMe: false 9 | mode: NORMAL 10 | # 节点配置 11 | nodes: 12 | - permanent: 13 | name: "Slave01" 14 | remoteFS: "/var/jenkins_home" 15 | launcher: 16 | sSHLauncher: 17 | credentialsId: "SlaveAuth" 18 | host: "slave01" 19 | port: 22 20 | launchTimeoutSeconds: 210 21 | maxNumRetries: 10 22 | retryWaitTime: 15 23 | - permanent: 24 | name: "Slave02" 25 | remoteFS: "/var/jenkins_home" 26 | launcher: 27 | sSHLauncher: 28 | credentialsId: "SlaveAuth" 29 | host: "slave02" 30 | port: 22 31 | launchTimeoutSeconds: 210 32 | maxNumRetries: 10 33 | retryWaitTime: 15 34 | numExecutors: 5 35 | primaryView: 36 | all: 37 | name: "all" 38 | quietPeriod: 0 39 | remotingSecurity: 40 | enabled: true 41 | scmCheckoutRetryCount: 0 42 | securityRealm: 43 | local: 44 | allowsSignup: false 45 | enableCaptcha: false 46 | users: 47 | - id: ${JENKINS_USER:-admin} 48 | password: ${JENKINS_PASS:-admin} 49 | # ldap: 50 | # configurations: 51 | # - groupMembershipStrategy: 52 | # fromUserRecord: 53 | # attributeName: "memberOf" 54 | # inhibitInferRootDN: false 55 | # rootDN: "dc=acme,dc=org" 56 | # server: "ldaps://ldap.acme.org:1636" 57 | authorizationStrategy: 58 | globalMatrix: 59 | grantedPermissions: 60 | - "Overall/Read:admin" 61 | - "Overall/Administer:admin" 62 | slaveAgentPort: 50000 63 | updateCenter: 64 | sites: 65 | - id: "default" 66 | url: "https://updates.jenkins.io/update-center.json" 67 | views: 68 | - all: 69 | name: "all" 70 | 71 | # 账号信息 72 | credentials: 73 | system: 74 | domainCredentials: 75 | - credentials: 76 | # - basicSSHUserPrivateKey: 77 | # scope: GLOBAL 78 | # id: "basic-SSH" 79 | # username: "ssh-username" 80 | # passphrase: "" #Doable, but not recommended 81 | # description: "SSH Credentials for ssh-username" 82 | # privateKeySource: 83 | # directEntry: 84 | # privateKey: ${SSH_PRIVATE_KEY} #Load from Environment Variable 85 | - usernamePassword: 86 | scope: GLOBAL 87 | id: "SlaveAuth" 88 | username: "root" 89 | password: "root" 90 | description: "Username/Password Credentials for Slave SSH" 91 | - usernamePassword: 92 | scope: GLOBAL 93 | id: "RegistryAuth" 94 | username: "admin" 95 | password: "admin123" 96 | description: "Username/Password Credentials for Docker Registry" 97 | - gitLabApiTokenImpl: 98 | scope: GLOBAL 99 | apiToken: ${GITLAB_TOKEN:-None} 100 | id: "GitLabToken" 101 | # - string: 102 | # scope: GLOBAL 103 | # id: "secret-text" 104 | # secret: ${SecretText} #Load from Environment Variable 105 | # description: "Secret Text" 106 | # - aws: 107 | # scope: GLOBAL 108 | # id: "AWS" 109 | # accessKey: ${AWS_ACCESS_KEY_ID} #Load from Environment Variable 110 | # secretKey: ${AWS_SECRET_ACCESS_KEY} #Load from Environment Variable 111 | # description: "AWS Credentials" 112 | # - file: 113 | # scope: GLOBAL 114 | # id: "secret-file" 115 | # fileName: "mysecretfile.txt" 116 | # secretBytes: ${SECRET_FILE_BYTES} # SECRET_FILE_BYTES="$(cat mysecretfile.txt | base64)" 117 | 118 | security: 119 | remotingCLI: 120 | enabled: false 121 | 122 | unclassified: 123 | location: 124 | adminAddress: ${JENKINS_EMAIL:-admin@localhost} 125 | url: ${JENKINS_URL:-http://127.0.0.1:8080/} 126 | gitLabConnectionConfig: 127 | connections: 128 | - apiTokenId: "GitLabToken" 129 | clientBuilderId: "autodetect" 130 | connectionTimeout: 10 131 | ignoreCertificateErrors: true 132 | name: "gitlab" 133 | readTimeout: 10 134 | url: "https://gitlab.com" 135 | sonarGlobalConfiguration: 136 | installations: 137 | - name: "SonarQube" 138 | serverAuthenticationToken: ${SONAR_TOKEN:-None} 139 | serverUrl: "http://sonar.example.com" 140 | triggers: 141 | skipScmCause: false 142 | skipUpstreamCause: false 143 | bitbucketEndpointConfiguration: 144 | endpoints: 145 | - bitbucketCloudEndpoint: 146 | enableCache: false 147 | manageHooks: false 148 | repositoriesCacheDuration: 0 149 | teamCacheDuration: 0 150 | # globalLibraries: 151 | # libraries: 152 | # - name: "Jenkins-Pipeline-Library" 153 | # allowVersionOverride: true 154 | # defaultVersion: "master" 155 | # includeInChangesets: true 156 | # retriever: 157 | # modernSCM: 158 | # scm: 159 | # git: 160 | # remote: "" 161 | # credentialsId: "STB_BITBUCKET_PRIVATE_SSH_KEY" 162 | 163 | # 全局工具配置 164 | tool: 165 | ant: 166 | installations: 167 | - home: "/usr/share/ant" 168 | name: "Ant" 169 | git: 170 | installations: 171 | - home: "/usr/bin/git" 172 | name: "Default" 173 | gradle: 174 | installations: 175 | - home: "/usr/local/gradle" 176 | name: "gradle" 177 | maven: 178 | installations: 179 | - home: "/usr/share/maven" 180 | name: "maven" 181 | jdk: 182 | defaultProperties: 183 | - installSource: 184 | installers: 185 | - jdkInstaller: 186 | acceptLicense: false 187 | installations: 188 | - home: "/usr/lib/jvm/java-8-openjdk-amd64" 189 | name: "java1.8" 190 | sonarRunnerInstallation: 191 | installations: 192 | - home: "/usr/local/sonar-scanner-cli" 193 | name: "SonarScanner" -------------------------------------------------------------------------------- /jenkins/stack.yml: -------------------------------------------------------------------------------- 1 | version: '3.6' 2 | services: 3 | master: 4 | image: ${JENKINS_MASTER_IMAGE:-daocloud.io/buxiaomo/jenkins:2.164.1} 5 | ports: 6 | - 8080:8080/tcp 7 | - 50000:50000/tcp 8 | networks: 9 | jenkins: 10 | depends_on: 11 | - slave01 12 | - slave02 13 | environment: 14 | - TZ=Asia/Shanghai 15 | - LANG=zh_CN.UTF-8 16 | # Jenkins 相关配置 17 | - JENKINS_URL=${JENKINS_URL:-http://127.0.0.1:8080/} 18 | - JENKINS_EMAIL=${JENKINS_EMAIL:-admin@localhost} 19 | - JENKINS_USER=${JENKINS_USER:-admin} 20 | - JENKINS_PASS=${JENKINS_PASS:-admin} 21 | # GitLab 相关配置 22 | - GITLAB_TOKEN=${GITLAB_TOKEN:-None} 23 | - SONAR_TOKEN=${SONAR_TOKEN:-None} 24 | # Jenkins 启动参数设置 25 | - JAVA_OPTS=-Djenkins.install.runSetupWizard=false -Dfile.encoding=UTF-8 -Dhudson.model.DirectoryBrowserSupport.CSP= 26 | volumes: 27 | - master:/var/jenkins_home:rw 28 | - maven_cache:/root/.m2 29 | - gradle_cache:/root/.gradle:rw 30 | - /var/run/docker.sock:/var/run/docker.sock:ro 31 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 32 | configs: 33 | - source: master 34 | target: /usr/share/jenkins/ref/jenkins.yaml 35 | healthcheck: 36 | test: ["CMD-SHELL", "curl -s http://127.0.0.1:8080 -o /dev/null || exit 1"] 37 | interval: 30s 38 | timeout: 5s 39 | retries: 3 40 | deploy: 41 | replicas: 1 42 | mode: replicated 43 | resources: 44 | limits: 45 | cpus: '4' 46 | memory: '8Gi' 47 | # reservations: 48 | # cpus: '4' 49 | # memory: '4Gi' 50 | update_config: 51 | order: stop-first 52 | parallelism: 1 53 | delay: 10s 54 | placement: 55 | constraints: 56 | - node.role == manager 57 | logging: 58 | driver: json-file 59 | options: 60 | max-file: '3' 61 | max-size: 100m 62 | 63 | slave01: 64 | image: ${JENKINS_SLAVE_IMAGE:-daocloud.io/buxiaomo/jenkins-slave-ssh:2.164.1} 65 | networks: 66 | jenkins: 67 | environment: 68 | - LANG=zh_CN.UTF-8 69 | - TZ=Asia/Shanghai 70 | - JAVA_OPTS="-Dfile.encoding=UTF-8" 71 | volumes: 72 | - slave01:/var/jenkins_home 73 | - maven_cache:/root/.m2 74 | - gradle_cache:/root/.gradle:rw 75 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 76 | - /var/run/docker.sock:/var/run/docker.sock:ro 77 | deploy: 78 | replicas: 1 79 | mode: replicated 80 | resources: 81 | limits: 82 | cpus: '4' 83 | memory: '8Gi' 84 | update_config: 85 | order: stop-first 86 | parallelism: 1 87 | delay: 10s 88 | placement: 89 | constraints: 90 | - node.role == manager 91 | healthcheck: 92 | test: ["CMD-SHELL", "nc -v -w 10 -z 127.0.0.1 22"] 93 | interval: 10s 94 | timeout: 5s 95 | retries: 3 96 | logging: 97 | driver: json-file 98 | options: 99 | max-file: '3' 100 | max-size: 100m 101 | 102 | slave02: 103 | image: ${JENKINS_SLAVE_IMAGE:-daocloud.io/buxiaomo/jenkins-slave-ssh:2.164.1} 104 | networks: 105 | jenkins: 106 | environment: 107 | - LANG=zh_CN.UTF-8 108 | - TZ=Asia/Shanghai 109 | - JAVA_OPTS="-Dfile.encoding=UTF-8" 110 | volumes: 111 | - slave02:/var/jenkins_home 112 | - maven_cache:/root/.m2 113 | - gradle_cache:/root/.gradle:rw 114 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 115 | - /var/run/docker.sock:/var/run/docker.sock:ro 116 | deploy: 117 | replicas: 1 118 | mode: replicated 119 | resources: 120 | limits: 121 | cpus: '4' 122 | memory: '8Gi' 123 | update_config: 124 | order: stop-first 125 | parallelism: 1 126 | delay: 10s 127 | placement: 128 | constraints: 129 | - node.role == manager 130 | healthcheck: 131 | test: ["CMD-SHELL", "nc -v -w 10 -z 127.0.0.1 22"] 132 | interval: 10s 133 | timeout: 5s 134 | retries: 3 135 | logging: 136 | driver: json-file 137 | options: 138 | max-file: '3' 139 | max-size: 100m 140 | 141 | volumes: 142 | master: {} 143 | slave01: {} 144 | slave02: {} 145 | gradle_cache: {} 146 | maven_cache: {} 147 | 148 | configs: 149 | master: 150 | file: ./conf/jenkins.yml 151 | 152 | networks: 153 | jenkins: 154 | external: true -------------------------------------------------------------------------------- /lamp/README.md: -------------------------------------------------------------------------------- 1 | # 部署LAMP -------------------------------------------------------------------------------- /lamp/lamp.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | php: 4 | image: php:7.2.8-apache 5 | ports: 6 | - 10015:80/tcp 7 | networks: 8 | lamp: 9 | aliases: 10 | - php 11 | configs: 12 | - source: php 13 | target: /usr/local/etc/php/php.ini 14 | volumes: 15 | - ./www:/var/www/html:rw 16 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 17 | deploy: 18 | mode: replicated 19 | replicas: 1 20 | resources: 21 | limits: 22 | cpus: '0.50' 23 | memory: 100M 24 | reservations: 25 | cpus: '0.25' 26 | memory: 50M 27 | update_config: 28 | order: start-first 29 | parallelism: 1 30 | delay: 10s 31 | # healthcheck: 32 | # test: ["CMD-SHELL", "curl -f http://localhost:9000/ || exit 1"] 33 | # interval: 10s 34 | # timeout: 5s 35 | # retries: 3 36 | logging: 37 | driver: json-file 38 | options: 39 | max-file: '3' 40 | max-size: 100m 41 | 42 | mysql: 43 | image: mysql:5.7.20 44 | hostname: mysql 45 | networks: 46 | lamp: 47 | aliases: 48 | - mysql 49 | environment: 50 | - MYSQL_ROOT_PASSWORD=root 51 | - MYSQL_DATABASE=lamp 52 | - MYSQL_USER=lamp 53 | - MYSQL_PASSWORD=lamp 54 | configs: 55 | - source: mysql 56 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 57 | volumes: 58 | - ./mysql/data:/var/lib/mysql 59 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 60 | deploy: 61 | mode: replicated 62 | replicas: 1 63 | update_config: 64 | # order: start-first 65 | parallelism: 1 66 | delay: 10s 67 | logging: 68 | driver: json-file 69 | options: 70 | max-file: '3' 71 | max-size: 100m 72 | 73 | configs: 74 | php: 75 | file: ./php/php.ini 76 | mysql: 77 | file: ./mysql/mysqld.cnf 78 | 79 | networks: 80 | lamp: 81 | external: true -------------------------------------------------------------------------------- /lamp/mysql/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/lamp/mysql/data/.gitignore -------------------------------------------------------------------------------- /lamp/mysql/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | 6 | [mysqld] 7 | #bind-address = 127.0.0.1 8 | symbolic-links=0 9 | port = 3306 10 | socket = /var/run/mysqld/mysqld.sock 11 | pid-file = /var/run/mysqld/mysqld.pid 12 | datadir = /var/lib/mysql 13 | skip-external-locking 14 | key_buffer_size = 32M 15 | max_allowed_packet = 1M 16 | table_open_cache = 128 17 | sort_buffer_size = 768K 18 | net_buffer_length = 8K 19 | read_buffer_size = 768K 20 | read_rnd_buffer_size = 512K 21 | myisam_sort_buffer_size = 8M 22 | thread_cache_size = 16 23 | query_cache_size = 16M 24 | tmp_table_size = 32M 25 | performance_schema_max_table_instances = 500 26 | 27 | explicit_defaults_for_timestamp = true 28 | #skip-networking 29 | max_connections = 500 30 | max_connect_errors = 100 31 | open_files_limit = 65535 32 | 33 | log-bin=mysql-bin 34 | binlog_format=mixed 35 | server-id = 1 36 | expire_logs_days = 10 37 | early-plugin-load = "" 38 | 39 | #loose-innodb-trx=0 40 | #loose-innodb-locks=0 41 | #loose-innodb-lock-waits=0 42 | #loose-innodb-cmp=0 43 | #loose-innodb-cmp-per-index=0 44 | #loose-innodb-cmp-per-index-reset=0 45 | #loose-innodb-cmp-reset=0 46 | #loose-innodb-cmpmem=0 47 | #loose-innodb-cmpmem-reset=0 48 | #loose-innodb-buffer-page=0 49 | #loose-innodb-buffer-page-lru=0 50 | #loose-innodb-buffer-pool-stats=0 51 | #loose-innodb-metrics=0 52 | #loose-innodb-ft-default-stopword=0 53 | #loose-innodb-ft-inserted=0 54 | #loose-innodb-ft-deleted=0 55 | #loose-innodb-ft-being-deleted=0 56 | #loose-innodb-ft-config=0 57 | #loose-innodb-ft-index-cache=0 58 | #loose-innodb-ft-index-table=0 59 | #loose-innodb-sys-tables=0 60 | #loose-innodb-sys-tablestats=0 61 | #loose-innodb-sys-indexes=0 62 | #loose-innodb-sys-columns=0 63 | #loose-innodb-sys-fields=0 64 | #loose-innodb-sys-foreign=0 65 | #loose-innodb-sys-foreign-cols=0 66 | 67 | default_storage_engine = InnoDB 68 | innodb_file_per_table = 1 69 | innodb_data_home_dir = /var/lib/mysql 70 | innodb_data_file_path = ibdata1:10M:autoextend 71 | innodb_log_group_home_dir = /var/lib/mysql 72 | innodb_buffer_pool_size = 128M 73 | innodb_log_file_size = 32M 74 | innodb_log_buffer_size = 8M 75 | innodb_flush_log_at_trx_commit = 1 76 | innodb_lock_wait_timeout = 50 77 | 78 | [mysqldump] 79 | quick 80 | max_allowed_packet = 16M 81 | 82 | [mysql] 83 | no-auto-rehash 84 | 85 | [myisamchk] 86 | key_buffer_size = 32M 87 | sort_buffer_size = 768K 88 | read_buffer = 2M 89 | write_buffer = 2M 90 | 91 | [mysqlhotcopy] 92 | interactive-timeout -------------------------------------------------------------------------------- /lamp/php/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | engine = On 3 | short_open_tag = On 4 | precision = 14 5 | output_buffering = 4096 6 | zlib.output_compression = Off 7 | implicit_flush = Off 8 | unserialize_callback_func = 9 | serialize_precision = -1 10 | disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server 11 | disable_classes = 12 | zend.enable_gc = On 13 | expose_php = On 14 | max_execution_time = 300 15 | max_input_time = 60 16 | memory_limit = 128M 17 | file_uploads = On 18 | upload_max_filesize = 64M 19 | post_max_size = 64M 20 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 21 | display_errors = Off 22 | display_startup_errors = Off 23 | log_errors = On 24 | log_errors_max_len = 1024 25 | ignore_repeated_errors = Off 26 | ignore_repeated_source = Off 27 | report_memleaks = On 28 | html_errors = On 29 | variables_order = "GPCS" 30 | request_order = "GP" 31 | register_argc_argv = Off 32 | auto_globals_jit = On 33 | auto_prepend_file = 34 | auto_append_file = 35 | default_mimetype = "text/html" 36 | default_charset = "UTF-8" 37 | doc_root = 38 | user_dir = 39 | enable_dl = Off 40 | cgi.fix_pathinfo=0 41 | max_file_uploads = 20 42 | allow_url_fopen = On 43 | allow_url_include = Off 44 | default_socket_timeout = 60 45 | [CLI Server] 46 | cli_server.color = On 47 | [Date] 48 | date.timezone = Asia/Shanghai 49 | [filter] 50 | [iconv] 51 | [intl] 52 | [sqlite3] 53 | [Pcre] 54 | [Pdo] 55 | [Pdo_mysql] 56 | pdo_mysql.cache_size = 2000 57 | pdo_mysql.default_socket= 58 | [Phar] 59 | [mail function] 60 | SMTP = localhost 61 | smtp_port = 25 62 | mail.add_x_header = Off 63 | [ODBC] 64 | odbc.allow_persistent = On 65 | odbc.check_persistent = On 66 | odbc.max_persistent = -1 67 | odbc.max_links = -1 68 | odbc.defaultlrl = 4096 69 | odbc.defaultbinmode = 1 70 | [Interbase] 71 | ibase.allow_persistent = 1 72 | ibase.max_persistent = -1 73 | ibase.max_links = -1 74 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 75 | ibase.dateformat = "%Y-%m-%d" 76 | ibase.timeformat = "%H:%M:%S" 77 | [MySQLi] 78 | mysqli.max_persistent = -1 79 | mysqli.allow_persistent = On 80 | mysqli.max_links = -1 81 | mysqli.cache_size = 2000 82 | mysqli.default_port = 3306 83 | mysqli.default_socket = 84 | mysqli.default_host = 85 | mysqli.default_user = 86 | mysqli.default_pw = 87 | mysqli.reconnect = Off 88 | [mysqlnd] 89 | mysqlnd.collect_statistics = On 90 | mysqlnd.collect_memory_statistics = Off 91 | [OCI8] 92 | [PostgreSQL] 93 | pgsql.allow_persistent = On 94 | pgsql.auto_reset_persistent = Off 95 | pgsql.max_persistent = -1 96 | pgsql.max_links = -1 97 | pgsql.ignore_notice = 0 98 | pgsql.log_notice = 0 99 | [bcmath] 100 | bcmath.scale = 0 101 | [browscap] 102 | [Session] 103 | session.save_handler = redis 104 | session.save_path = "tcp://redis-haproxy:6379" 105 | ; session.save_handler = files 106 | session.use_strict_mode = 0 107 | session.use_cookies = 1 108 | session.use_only_cookies = 1 109 | session.name = PHPSESSID 110 | session.auto_start = 0 111 | session.cookie_lifetime = 0 112 | session.cookie_path = / 113 | session.cookie_domain = 114 | session.cookie_httponly = 115 | session.serialize_handler = php 116 | session.gc_probability = 1 117 | session.gc_divisor = 1000 118 | session.gc_maxlifetime = 1440 119 | session.referer_check = 120 | session.cache_limiter = nocache 121 | session.cache_expire = 180 122 | session.use_trans_sid = 0 123 | session.sid_length = 26 124 | session.trans_sid_tags = "a=href,area=href,frame=src,form=" 125 | session.sid_bits_per_character = 5 126 | [Assertion] 127 | zend.assertions = -1 128 | [COM] 129 | [mbstring] 130 | [gd] 131 | [exif] 132 | [Tidy] 133 | tidy.clean_output = Off 134 | [soap] 135 | soap.wsdl_cache_enabled=1 136 | soap.wsdl_cache_dir="/tmp" 137 | soap.wsdl_cache_ttl=86400 138 | soap.wsdl_cache_limit = 5 139 | [sysvshm] 140 | [ldap] 141 | ldap.max_links = -1 142 | [dba] 143 | [opcache] 144 | [curl] 145 | [openssl] -------------------------------------------------------------------------------- /lnmp/Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | 3 | runtime: 4 | @curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun 5 | @mkdir -p /etc/docker 6 | @cp conf/daemon.json /etc/docker/daemon.json 7 | @systemctl enable docker.service 8 | @systemctl restart docker.service 9 | 10 | deploy: 11 | @docker stack deploy -c stack.yml lnmp --with-registry-auth 12 | @chown -R 33.101 ./data/www 13 | 14 | fix: 15 | @find ./data/www -type d -exec chmod 755 {} \; 16 | @find ./data/www -type f -exec chmod 644 {} \; -------------------------------------------------------------------------------- /lnmp/README.md: -------------------------------------------------------------------------------- 1 | # 部署LNMP 2 | 3 | ​ 集群环境下,自行解决共享存储问题(GFS、NFS),或者注释编排文件中 `placement` 配置 4 | 5 | ## 本实例知识点 6 | 7 | * 学习如何查阅官方镜像的文档,该镜像暴露的端口,配置文件路径,数据目录,有那些环境变量,分别是什么作用。 8 | * 学习容器之间如何通讯(networks.*.aliases),应该使用服务名,网络别名,不要使用links! 9 | * 配置文件如何设置(主机映射,或configs) 10 | * 如何定义容器在那些主机运行(deploy.placement.constraints) 11 | * 如何限制容器资源(deploy.resources.limits) 12 | 13 | ## Nginx镜像帮助文档 14 | https://hub.docker.com/_/nginx/ 15 | 16 | ## PHP镜像帮助文档 17 | https://hub.docker.com/_/php/ 18 | 19 | ## MYSQL镜像帮助文档 20 | https://hub.docker.com/_/mysql/ 21 | 22 | ## PHPMYADMIN镜像帮助文档 23 | https://hub.docker.com/r/phpmyadmin/phpmyadmin/ 24 | 25 | # 部署 26 | ```shell 27 | # 安装运行环境 28 | make runtime 29 | 30 | # 部署应用 31 | make deploy 32 | ``` 33 | 34 | ​ 服务访问链接:http://${HOSTIP}:80/index.php 35 | 36 | ​ 数据库管理链接:http://${HOSTIP}:81 -------------------------------------------------------------------------------- /lnmp/conf/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "data-root": "/var/lib/docker", 3 | "debug": false, 4 | "default-ulimits": { 5 | "core": { 6 | "Hard": -1, 7 | "Name": "core", 8 | "Soft": -1 9 | }, 10 | "nofile": { 11 | "Hard": 65535, 12 | "Name": "nofile", 13 | "Soft": 65535 14 | }, 15 | "nproc": { 16 | "Hard": 65535, 17 | "Name": "nproc", 18 | "Soft": 65535 19 | } 20 | }, 21 | "exec-opts": [ 22 | "native.cgroupdriver=systemd" 23 | ], 24 | "experimental": false, 25 | "icc": false, 26 | "insecure-registries": [ 27 | "0.0.0.0/0" 28 | ], 29 | "log-driver": "json-file", 30 | "log-opts": { 31 | "max-file": "5", 32 | "max-size": "100m" 33 | }, 34 | "max-concurrent-downloads": 20, 35 | "max-concurrent-uploads": 10, 36 | "registry-mirrors": [ 37 | "https://i3jtbyvy.mirror.aliyuncs.com" 38 | ], 39 | "storage-driver": "overlay2", 40 | "storage-opts": [ 41 | "overlay2.override_kernel_check=true" 42 | ], 43 | "userland-proxy": false 44 | } -------------------------------------------------------------------------------- /lnmp/conf/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | default-character-set = utf8mb4 3 | #password = your_password 4 | port = 3306 5 | socket = /var/run/mysqld/mysqld.sock 6 | 7 | [mysqld] 8 | #bind-address = 127.0.0.1 9 | character-set-server = utf8mb4 10 | collation-server = utf8mb4_unicode_ci 11 | init_connect = 'SET NAMES utf8mb4' 12 | symbolic-links=0 13 | port = 3306 14 | socket = /var/run/mysqld/mysqld.sock 15 | pid-file = /var/run/mysqld/mysqld.pid 16 | datadir = /var/lib/mysql 17 | skip-external-locking 18 | key_buffer_size = 32M 19 | max_allowed_packet = 1M 20 | table_open_cache = 128 21 | sort_buffer_size = 768K 22 | net_buffer_length = 8K 23 | read_buffer_size = 768K 24 | read_rnd_buffer_size = 512K 25 | myisam_sort_buffer_size = 8M 26 | thread_cache_size = 16 27 | query_cache_size = 16M 28 | tmp_table_size = 32M 29 | performance_schema_max_table_instances = 500 30 | 31 | explicit_defaults_for_timestamp = true 32 | #skip-networking 33 | max_connections = 500 34 | max_connect_errors = 100 35 | open_files_limit = 65535 36 | 37 | log-bin=mysql-bin 38 | binlog_format=mixed 39 | server-id = 1 40 | expire_logs_days = 10 41 | early-plugin-load = "" 42 | 43 | #loose-innodb-trx=0 44 | #loose-innodb-locks=0 45 | #loose-innodb-lock-waits=0 46 | #loose-innodb-cmp=0 47 | #loose-innodb-cmp-per-index=0 48 | #loose-innodb-cmp-per-index-reset=0 49 | #loose-innodb-cmp-reset=0 50 | #loose-innodb-cmpmem=0 51 | #loose-innodb-cmpmem-reset=0 52 | #loose-innodb-buffer-page=0 53 | #loose-innodb-buffer-page-lru=0 54 | #loose-innodb-buffer-pool-stats=0 55 | #loose-innodb-metrics=0 56 | #loose-innodb-ft-default-stopword=0 57 | #loose-innodb-ft-inserted=0 58 | #loose-innodb-ft-deleted=0 59 | #loose-innodb-ft-being-deleted=0 60 | #loose-innodb-ft-config=0 61 | #loose-innodb-ft-index-cache=0 62 | #loose-innodb-ft-index-table=0 63 | #loose-innodb-sys-tables=0 64 | #loose-innodb-sys-tablestats=0 65 | #loose-innodb-sys-indexes=0 66 | #loose-innodb-sys-columns=0 67 | #loose-innodb-sys-fields=0 68 | #loose-innodb-sys-foreign=0 69 | #loose-innodb-sys-foreign-cols=0 70 | 71 | default_storage_engine = InnoDB 72 | innodb_file_per_table = 1 73 | innodb_data_home_dir = /var/lib/mysql 74 | innodb_data_file_path = ibdata1:10M:autoextend 75 | innodb_log_group_home_dir = /var/lib/mysql 76 | innodb_buffer_pool_size = 128M 77 | innodb_log_file_size = 32M 78 | innodb_log_buffer_size = 8M 79 | innodb_flush_log_at_trx_commit = 1 80 | innodb_lock_wait_timeout = 50 81 | 82 | [mysqldump] 83 | quick 84 | max_allowed_packet = 16M 85 | 86 | [mysql] 87 | no-auto-rehash 88 | default-character-set=utf8mb4 89 | 90 | [myisamchk] 91 | key_buffer_size = 32M 92 | sort_buffer_size = 768K 93 | read_buffer = 2M 94 | write_buffer = 2M 95 | 96 | [mysqlhotcopy] 97 | interactive-timeout -------------------------------------------------------------------------------- /lnmp/conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 51200; 10 | multi_accept on; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '{"site": "$server_name",' 18 | '"server": "$host",' 19 | '"dest_port": $server_port,' 20 | '"dest_ip": "$server_addr",' 21 | '"src": "$remote_addr",' 22 | '"src_ip": "$realip_remote_addr",' 23 | '"user": "$remote_user",' 24 | '"time_local": "$time_local",' 25 | '"protocol": "$server_protocol",' 26 | '"status": $status,' 27 | '"bytes_out": $bytes_sent,' 28 | '"bytes_in": $upstream_bytes_received,' 29 | '"http_referer": "$http_referer",' 30 | '"http_user_agent": "$http_user_agent",' 31 | '"nginx_version": $nginx_version,' 32 | '"http_x_forwarded_for": "$http_x_forwarded_for",' 33 | '"http_x_header": "$http_x_header",' 34 | '"uri_query": "$query_string",' 35 | '"uri_path": "$uri",' 36 | '"http_method": "$request_method",' 37 | '"response_time": $upstream_response_time,' 38 | '"cookie": "$http_cookie",' 39 | '"request_time":$request_time}'; 40 | 41 | access_log /var/log/nginx/access.log main; 42 | 43 | server_names_hash_bucket_size 128; 44 | client_header_buffer_size 32k; 45 | large_client_header_buffers 4 32k; 46 | client_max_body_size 50m; 47 | 48 | sendfile on; 49 | tcp_nopush on; 50 | 51 | keepalive_timeout 60; 52 | 53 | tcp_nodelay on; 54 | 55 | fastcgi_connect_timeout 300; 56 | fastcgi_send_timeout 300; 57 | fastcgi_read_timeout 300; 58 | fastcgi_buffer_size 64k; 59 | fastcgi_buffers 4 64k; 60 | fastcgi_busy_buffers_size 128k; 61 | fastcgi_temp_file_write_size 256k; 62 | 63 | gzip on; 64 | gzip_min_length 1k; 65 | gzip_buffers 4 16k; 66 | gzip_http_version 1.1; 67 | gzip_comp_level 2; 68 | gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; 69 | gzip_vary on; 70 | gzip_proxied expired no-cache no-store private auth; 71 | gzip_disable "MSIE [1-6]\."; 72 | 73 | server_tokens off; 74 | 75 | server { 76 | listen 80; 77 | server_name localhost; 78 | index index.html index.htm index.php default.html default.htm default.php; 79 | root /var/www/html; 80 | 81 | location / { 82 | try_files $uri $uri/ /index.php?$args; 83 | } 84 | 85 | location ~ [^/]\.php(/|$) { 86 | try_files $uri = 404; 87 | fastcgi_pass php:9000; 88 | fastcgi_index index.php; 89 | include fastcgi.conf; 90 | } 91 | 92 | location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { 93 | expires 30d; 94 | } 95 | 96 | location ~ .*\.(js|css)?$ { 97 | expires 12h; 98 | } 99 | 100 | location ~ /.well-known { 101 | allow all; 102 | } 103 | 104 | location ~ /\. { 105 | deny all; 106 | } 107 | } 108 | } -------------------------------------------------------------------------------- /lnmp/conf/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | engine = On 3 | short_open_tag = On 4 | precision = 14 5 | output_buffering = 4096 6 | zlib.output_compression = Off 7 | implicit_flush = Off 8 | unserialize_callback_func = 9 | serialize_precision = -1 10 | disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server 11 | disable_classes = 12 | zend.enable_gc = On 13 | expose_php = On 14 | max_execution_time = 300 15 | max_input_time = 60 16 | memory_limit = 128M 17 | file_uploads = On 18 | upload_max_filesize = 64M 19 | post_max_size = 64M 20 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 21 | display_errors = Off 22 | display_startup_errors = Off 23 | log_errors = On 24 | log_errors_max_len = 1024 25 | ignore_repeated_errors = Off 26 | ignore_repeated_source = Off 27 | report_memleaks = On 28 | html_errors = On 29 | variables_order = "GPCS" 30 | request_order = "GP" 31 | register_argc_argv = Off 32 | auto_globals_jit = On 33 | auto_prepend_file = 34 | auto_append_file = 35 | default_mimetype = "text/html" 36 | default_charset = "UTF-8" 37 | doc_root = 38 | user_dir = 39 | enable_dl = Off 40 | cgi.fix_pathinfo=0 41 | max_file_uploads = 20 42 | allow_url_fopen = On 43 | allow_url_include = Off 44 | default_socket_timeout = 60 45 | [CLI Server] 46 | cli_server.color = On 47 | [Date] 48 | date.timezone = Asia/Shanghai 49 | [filter] 50 | [iconv] 51 | [intl] 52 | [sqlite3] 53 | [Pcre] 54 | [Pdo] 55 | [Pdo_mysql] 56 | pdo_mysql.cache_size = 2000 57 | pdo_mysql.default_socket= 58 | [Phar] 59 | [mail function] 60 | SMTP = localhost 61 | smtp_port = 25 62 | mail.add_x_header = Off 63 | [ODBC] 64 | odbc.allow_persistent = On 65 | odbc.check_persistent = On 66 | odbc.max_persistent = -1 67 | odbc.max_links = -1 68 | odbc.defaultlrl = 4096 69 | odbc.defaultbinmode = 1 70 | [Interbase] 71 | ibase.allow_persistent = 1 72 | ibase.max_persistent = -1 73 | ibase.max_links = -1 74 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 75 | ibase.dateformat = "%Y-%m-%d" 76 | ibase.timeformat = "%H:%M:%S" 77 | [MySQLi] 78 | mysqli.max_persistent = -1 79 | mysqli.allow_persistent = On 80 | mysqli.max_links = -1 81 | mysqli.cache_size = 2000 82 | mysqli.default_port = 3306 83 | mysqli.default_socket = 84 | mysqli.default_host = 85 | mysqli.default_user = 86 | mysqli.default_pw = 87 | mysqli.reconnect = Off 88 | [mysqlnd] 89 | mysqlnd.collect_statistics = On 90 | mysqlnd.collect_memory_statistics = Off 91 | [OCI8] 92 | [PostgreSQL] 93 | pgsql.allow_persistent = On 94 | pgsql.auto_reset_persistent = Off 95 | pgsql.max_persistent = -1 96 | pgsql.max_links = -1 97 | pgsql.ignore_notice = 0 98 | pgsql.log_notice = 0 99 | [bcmath] 100 | bcmath.scale = 0 101 | [browscap] 102 | [Session] 103 | session.save_handler = redis 104 | session.save_path = "tcp://redis:6379?database=0" 105 | session.use_strict_mode = 0 106 | session.use_cookies = 1 107 | session.use_only_cookies = 1 108 | session.name = PHPSESSID 109 | session.auto_start = 0 110 | session.cookie_lifetime = 0 111 | session.cookie_path = / 112 | session.cookie_domain = 113 | session.cookie_httponly = 114 | session.serialize_handler = php 115 | session.gc_probability = 1 116 | session.gc_divisor = 1000 117 | session.gc_maxlifetime = 1440 118 | session.referer_check = 119 | session.cache_limiter = nocache 120 | session.cache_expire = 180 121 | session.use_trans_sid = 0 122 | session.sid_length = 26 123 | session.trans_sid_tags = "a=href,area=href,frame=src,form=" 124 | session.sid_bits_per_character = 5 125 | [Assertion] 126 | zend.assertions = -1 127 | [COM] 128 | [mbstring] 129 | [gd] 130 | [exif] 131 | [Tidy] 132 | tidy.clean_output = Off 133 | [soap] 134 | soap.wsdl_cache_enabled=1 135 | soap.wsdl_cache_dir="/tmp" 136 | soap.wsdl_cache_ttl=86400 137 | soap.wsdl_cache_limit = 5 138 | [sysvshm] 139 | [ldap] 140 | ldap.max_links = -1 141 | [dba] 142 | [opcache] 143 | [curl] 144 | [openssl] -------------------------------------------------------------------------------- /lnmp/conf/www.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | user = www-data 3 | group = www-data 4 | listen = 127.0.0.1:9000 5 | pm = dynamic 6 | pm.max_children = 40 7 | pm.start_servers = 32 8 | pm.min_spare_servers = 10 9 | pm.max_spare_servers = 40 -------------------------------------------------------------------------------- /lnmp/data/mysql/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/lnmp/data/mysql/.gitignore -------------------------------------------------------------------------------- /lnmp/data/redis/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/lnmp/data/redis/.gitignore -------------------------------------------------------------------------------- /lnmp/data/www/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/lnmp/data/www/.gitignore -------------------------------------------------------------------------------- /lnmp/stack.yml: -------------------------------------------------------------------------------- 1 | version: "3.6" 2 | services: 3 | nginx: 4 | image: nginx:1.21.6-alpine 5 | ports: 6 | - 80:80/tcp 7 | networks: 8 | lnmp: 9 | configs: 10 | - source: nginx 11 | target: /etc/nginx/nginx.conf 12 | - source: timezome 13 | target: /etc/localtime 14 | volumes: 15 | - ./data/www:/var/www/html:rw 16 | deploy: 17 | mode: replicated 18 | replicas: 1 19 | resources: 20 | limits: 21 | cpus: "0.50" 22 | memory: 100M 23 | reservations: 24 | cpus: "0.25" 25 | memory: 50M 26 | update_config: 27 | order: start-first 28 | parallelism: 1 29 | delay: 10s 30 | healthcheck: 31 | test: ["CMD-SHELL", "nc -w 1 127.0.0.1 -z 80 || exit 1"] 32 | interval: 10s 33 | timeout: 5s 34 | retries: 3 35 | logging: 36 | driver: json-file 37 | options: 38 | max-file: "3" 39 | max-size: 100m 40 | 41 | php: 42 | image: buxiaomo/php:7.3.33-fpm 43 | networks: 44 | lnmp: 45 | configs: 46 | - source: php 47 | target: /usr/local/etc/php/php.ini 48 | - source: php-fpm 49 | target: /usr/local/etc/php-fpm.d/www.conf 50 | - source: timezome 51 | target: /etc/localtime 52 | volumes: 53 | - ./data/www:/var/www/html:rw 54 | deploy: 55 | mode: replicated 56 | replicas: 1 57 | resources: 58 | limits: 59 | cpus: "1" 60 | memory: 1G 61 | reservations: 62 | cpus: "0.5" 63 | memory: 100M 64 | update_config: 65 | order: start-first 66 | parallelism: 1 67 | delay: 10s 68 | # healthcheck: 69 | # test: ["CMD-SHELL", "nc -w 1 127.0.0.1 -z 9000 || exit 1"] 70 | # interval: 10s 71 | # timeout: 5s 72 | # retries: 3 73 | logging: 74 | driver: json-file 75 | options: 76 | max-file: "3" 77 | max-size: 100m 78 | 79 | redis: 80 | image: redis:6.2.7-alpine 81 | networks: 82 | lnmp: 83 | volumes: 84 | - ./data/redis:/data:rw 85 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 86 | # healthcheck: 87 | # test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 PING &> /dev/null || exit 1"] 88 | # interval: 10s 89 | # timeout: 5s 90 | # retries: 3 91 | deploy: 92 | mode: replicated 93 | replicas: 1 94 | update_config: 95 | order: stop-first 96 | parallelism: 1 97 | delay: 10s 98 | logging: 99 | driver: json-file 100 | options: 101 | max-file: "3" 102 | max-size: 100m 103 | 104 | mysql: 105 | image: mysql:5.7.20 106 | networks: 107 | lnmp: 108 | environment: 109 | - MYSQL_ROOT_PASSWORD=root 110 | - MYSQL_DATABASE=demo 111 | - MYSQL_USER=demo 112 | - MYSQL_PASSWORD=demo 113 | configs: 114 | - source: mysql 115 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 116 | - source: timezome 117 | target: /etc/localtime 118 | volumes: 119 | - ./data/mysql:/var/lib/mysql 120 | deploy: 121 | mode: replicated 122 | replicas: 1 123 | update_config: 124 | order: stop-first 125 | parallelism: 1 126 | delay: 10s 127 | # healthcheck: 128 | # test: ["CMD-SHELL", "mysql -uroot -proot -An -e 'show databases;' &> /dev/null"] 129 | # interval: 10s 130 | # timeout: 5s 131 | # retries: 3 132 | logging: 133 | driver: json-file 134 | options: 135 | max-file: "3" 136 | max-size: 100m 137 | 138 | phpmyadmin: 139 | image: phpmyadmin:5.2.0-apache 140 | hostname: phpmyadmin 141 | ports: 142 | - 81:80/tcp 143 | networks: 144 | lnmp: 145 | environment: 146 | - PMA_HOST=mysql 147 | configs: 148 | - source: timezome 149 | target: /etc/localtime 150 | deploy: 151 | mode: replicated 152 | replicas: 1 153 | update_config: 154 | order: stop-first 155 | parallelism: 1 156 | delay: 10s 157 | healthcheck: 158 | test: ["CMD-SHELL", "curl http://127.0.0.1 &> /dev/null || exit 1"] 159 | interval: 10s 160 | timeout: 5s 161 | retries: 3 162 | logging: 163 | driver: json-file 164 | options: 165 | max-file: "3" 166 | max-size: 100m 167 | 168 | configs: 169 | nginx: 170 | file: ./conf/nginx.conf 171 | php: 172 | file: ./conf/php.ini 173 | php-fpm: 174 | file: ./conf/www.conf 175 | mysql: 176 | file: ./conf/mysqld.cnf 177 | timezome: 178 | file: /usr/share/zoneinfo/Asia/Shanghai 179 | 180 | networks: 181 | lnmp: 182 | -------------------------------------------------------------------------------- /minio.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | minio1: 4 | image: minio/minio:RELEASE.2018-07-23T18-34-49Z 5 | command: server http://minio1:9000/export http://minio2:9000/export http://minio3:9000/export http://minio4:9000/export 6 | ports: 7 | - "9001:9000" 8 | networks: 9 | minio_distributed: 10 | volumes: 11 | - /mnt/nfs/miniodata1:/export 12 | environment: 13 | - MINIO_ACCESS_KEY=LTAIG6PsqCGSEY9D 14 | - MINIO_SECRET_KEY=umyGkKjWOr9d3FdoOThHeCD9c3jxr1 15 | deploy: 16 | mode: replicated 17 | replicas: 1 18 | update_config: 19 | order: start-first 20 | parallelism: 1 21 | delay: 10s 22 | placement: 23 | constraints: 24 | - node.labels.minio1 == true 25 | logging: 26 | driver: json-file 27 | options: 28 | max-file: '3' 29 | max-size: 100m 30 | 31 | minio2: 32 | image: minio/minio:RELEASE.2018-07-23T18-34-49Z 33 | command: server http://minio1:9000/export http://minio2:9000/export http://minio3:9000/export http://minio4:9000/export 34 | ports: 35 | - "9002:9000" 36 | networks: 37 | minio_distributed: 38 | volumes: 39 | - /mnt/nfs/miniodata2:/export 40 | environment: 41 | - MINIO_ACCESS_KEY=LTAIG6PsqCGSEY9D 42 | - MINIO_SECRET_KEY=umyGkKjWOr9d3FdoOThHeCD9c3jxr1 43 | deploy: 44 | mode: replicated 45 | replicas: 1 46 | update_config: 47 | order: start-first 48 | parallelism: 1 49 | delay: 10s 50 | placement: 51 | constraints: 52 | - node.labels.minio2 == true 53 | logging: 54 | driver: json-file 55 | options: 56 | max-file: '3' 57 | max-size: 100m 58 | 59 | minio3: 60 | image: minio/minio:RELEASE.2018-07-23T18-34-49Z 61 | command: server http://minio1:9000/export http://minio2:9000/export http://minio3:9000/export http://minio4:9000/export 62 | ports: 63 | - "9003:9000" 64 | networks: 65 | minio_distributed: 66 | volumes: 67 | - /mnt/nfs/miniodata3:/export 68 | environment: 69 | - MINIO_ACCESS_KEY=LTAIG6PsqCGSEY9D 70 | - MINIO_SECRET_KEY=umyGkKjWOr9d3FdoOThHeCD9c3jxr1 71 | deploy: 72 | mode: replicated 73 | replicas: 1 74 | update_config: 75 | order: start-first 76 | parallelism: 1 77 | delay: 10s 78 | placement: 79 | constraints: 80 | - node.labels.minio3 == true 81 | logging: 82 | driver: json-file 83 | options: 84 | max-file: '3' 85 | max-size: 100m 86 | 87 | minio4: 88 | image: minio/minio:RELEASE.2018-07-23T18-34-49Z 89 | command: server http://minio1:9000/export http://minio2:9000/export http://minio3:9000/export http://minio4:9000/export 90 | ports: 91 | - "9004:9000" 92 | networks: 93 | minio_distributed: 94 | volumes: 95 | - /mnt/nfs/miniodata4:/export 96 | environment: 97 | - MINIO_ACCESS_KEY=LTAIG6PsqCGSEY9D 98 | - MINIO_SECRET_KEY=umyGkKjWOr9d3FdoOThHeCD9c3jxr1 99 | deploy: 100 | mode: replicated 101 | replicas: 1 102 | update_config: 103 | order: start-first 104 | parallelism: 1 105 | delay: 10s 106 | placement: 107 | constraints: 108 | - node.labels.minio4 == true 109 | logging: 110 | driver: json-file 111 | options: 112 | max-file: '3' 113 | max-size: 100m 114 | 115 | networks: 116 | minio_distributed: 117 | driver: overlay 118 | 119 | # mc config host add test http://10.0.3.11:9000 CA436NH8GXAC086GXFHO 'EIhM5gp68Ri/2Pqq6LIKv7pz8QofVonIAcuj7q45' S3v4 120 | # mc --debug mb test/docker 121 | 122 | # mc mb --region ch-docker-1 test/xiaomo 123 | 124 | # mc cp a test/xiaomo 125 | 126 | 127 | # mc policy test/docker 128 | 129 | # mc policy public test/docker -------------------------------------------------------------------------------- /mongo.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | master: 4 | image: mongo:3.6.0 5 | hostname: master 6 | ports: 7 | - 27017/tcp 8 | volumes: 9 | - /mongo/01/db:/data/db 10 | - /mongo/01/configdb:/data/configdb 11 | networks: 12 | mongodb: 13 | aliases: 14 | - master 15 | command: mongod –dbpath /data/db –master 16 | slave: 17 | image: mongo:3.6.0 18 | hostname: slave 19 | ports: 20 | - 27017/tcp 21 | volumes: 22 | - /mongo/02/db:/data/db 23 | - /mongo/02/configdb:/data/configdb 24 | networks: 25 | mongodb: 26 | aliases: 27 | - slave 28 | command: mongod –dbpath /data/db –slave –source master:27017 29 | networks: 30 | mongodb: 31 | external: true 32 | -------------------------------------------------------------------------------- /monitor/conf/prometheus.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. 3 | evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. 4 | # scrape_timeout is set to the global default (10s). 5 | 6 | # Alertmanager configuration 7 | alerting: 8 | alertmanagers: 9 | - static_configs: 10 | - targets: 11 | # - alertmanager:9093 12 | 13 | # Load rules once and periodically evaluate them according to the global ‘evaluation_interval‘. 14 | rule_files: 15 | # - "first_rules.yml" 16 | # - "second_rules.yml" 17 | 18 | # A scrape configuration containing exactly one endpoint to scrape: 19 | # Here it‘s Prometheus itself. 20 | scrape_configs: 21 | # The job name is added as a label `job=` to any timeseries scraped from this config. 22 | - job_name: 'container' 23 | static_configs: 24 | - targets: ['10.0.3.11:9090','10.0.3.12:9090','10.0.3.13:9090','10.0.3.14:9090','10.0.3.15:9090','10.0.3.16:9090'] -------------------------------------------------------------------------------- /monitor/monitor.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | grafana: 4 | image: grafana/grafana:5.2.2 5 | ports: 6 | - 3000:3000/tcp 7 | networks: 8 | monitor: 9 | aliases: 10 | - grafana 11 | volumes: 12 | - ./grafana:/var/lib/grafana/plugins:rw 13 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 14 | deploy: 15 | mode: replicated 16 | replicas: 1 17 | resources: 18 | limits: 19 | cpus: '0.50' 20 | memory: 100M 21 | reservations: 22 | cpus: '0.25' 23 | memory: 50M 24 | update_config: 25 | order: start-first 26 | parallelism: 1 27 | delay: 10s 28 | logging: 29 | driver: json-file 30 | options: 31 | max-file: '3' 32 | max-size: 100m 33 | 34 | prometheus: 35 | image: prom/prometheus:v2.3.2 36 | ports: 37 | - 9090:9090/tcp 38 | networks: 39 | monitor: 40 | aliases: 41 | - prometheus 42 | configs: 43 | - source: prometheus 44 | target: /etc/prometheus/prometheus.yml 45 | volumes: 46 | # - ./prometheus:/prometheus:rw 47 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 48 | deploy: 49 | mode: replicated 50 | replicas: 1 51 | resources: 52 | limits: 53 | cpus: '0.50' 54 | memory: 100M 55 | reservations: 56 | cpus: '0.25' 57 | memory: 50M 58 | update_config: 59 | order: start-first 60 | parallelism: 1 61 | delay: 10s 62 | logging: 63 | driver: json-file 64 | options: 65 | max-file: '3' 66 | max-size: 100m 67 | 68 | cadvisor: 69 | image: google/cadvisor:v0.30.2 70 | ports: 71 | - 8081:8080/tcp 72 | networks: 73 | monitor: 74 | aliases: 75 | - cadvisor 76 | volumes: 77 | - /:/rootfs:ro 78 | - /var/run:/var/run:rw 79 | - /sys:/sys:ro 80 | - /var/lib/docker/:/var/lib/docker:ro 81 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 82 | deploy: 83 | mode: global 84 | resources: 85 | limits: 86 | cpus: '0.50' 87 | memory: 100M 88 | reservations: 89 | cpus: '0.25' 90 | memory: 50M 91 | update_config: 92 | order: start-first 93 | parallelism: 1 94 | delay: 10s 95 | logging: 96 | driver: json-file 97 | options: 98 | max-file: '3' 99 | max-size: 100m 100 | 101 | configs: 102 | prometheus: 103 | file: ./conf/prometheus.yml 104 | 105 | networks: 106 | monitor: 107 | external: true -------------------------------------------------------------------------------- /mysql-replication/README.md: -------------------------------------------------------------------------------- 1 | # MySql主从编排 2 | 3 | 通过脚本将主从配置过程Shell化并挂载到从库镜像中的 `/docker-entrypoint-initdb.d`,添加执行权限,以完成主从的配置过程,减少重新构建的步骤与管理,若想完善,直接修改 `slave/init.sh` 脚本即可。 4 | 5 | # 环境变量说明 6 | 7 | 若主库设置了 `MYSQL_DATABASE` 、 `MYSQL_USER` 、 `MYSQL_PASSWORD`这几个环境变量,请复制一份到从库的环境变量中。 8 | 9 | `MYSQL_MASTER_HOST` 设置为主库的内部服务名,默认:master 10 | 11 | `MYSQL_MASTER_PASSWORD` 设置为主库的root密码,默认:root 12 | 13 | `MYSQL_REPLICATION_USER` 设置为主库的复制用户,默认:replication 14 | 15 | `MYSQL_REPLICATION_PASSWORD` 设置为主库的复制密码,默认:replication 16 | 17 | # 服务健康检查 18 | 19 | 修改编排 `healthcheck.test` 字段中 `-p` 参数为 `MYSQL_ROOT_PASSWORD`, 并取消注释。 -------------------------------------------------------------------------------- /mysql-replication/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | master: 4 | image: mysql:5.7.20 5 | networks: 6 | mysql: 7 | aliases: 8 | - master 9 | environment: 10 | - MYSQL_ROOT_PASSWORD=iech5Cah 11 | - MYSQL_DATABASE=lnmp 12 | - MYSQL_USER=lnmp 13 | - MYSQL_PASSWORD=chooT1yu 14 | configs: 15 | - source: master 16 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 17 | volumes: 18 | - ./master/data:/var/lib/mysql 19 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 20 | deploy: 21 | mode: replicated 22 | replicas: 1 23 | update_config: 24 | order: stop-first 25 | parallelism: 1 26 | delay: 10s 27 | # healthcheck: 28 | # test: ["CMD-SHELL", "mysql -uroot -piech5Cah -An -e 'show databases;' &> /dev/null || exit 1"] 29 | # interval: 10s 30 | # timeout: 5s 31 | # retries: 3 32 | logging: 33 | driver: json-file 34 | options: 35 | max-file: '3' 36 | max-size: 100m 37 | 38 | slave: 39 | image: mysql:5.7.20 40 | networks: 41 | mysql: 42 | aliases: 43 | - mysql-slave 44 | environment: 45 | - MYSQL_ROOT_PASSWORD=eacae0Im 46 | - MYSQL_DATABASE=lnmp 47 | - MYSQL_USER=lnmp 48 | - MYSQL_PASSWORD=chooT1yu 49 | - MYSQL_MASTER_HOST=master 50 | - MYSQL_MASTER_PASSWORD=iech5Cah 51 | - MYSQL_REPLICATION_USER=replication 52 | - MYSQL_REPLICATION_PASSWORD=aibeeT6o 53 | configs: 54 | - source: slave 55 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 56 | - source: initslave 57 | target: /docker-entrypoint-initdb.d/init.sh 58 | mode: 0755 59 | volumes: 60 | - ./slave/data:/var/lib/mysql 61 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 62 | deploy: 63 | mode: replicated 64 | replicas: 1 65 | update_config: 66 | order: stop-first 67 | parallelism: 1 68 | delay: 10s 69 | # healthcheck: 70 | # test: ["CMD-SHELL", "mysql -uroot -peacae0Im -An -e 'show databases;' &> /dev/null || exit 1"] 71 | # interval: 10s 72 | # timeout: 5s 73 | # retries: 3 74 | logging: 75 | driver: json-file 76 | options: 77 | max-file: '3' 78 | max-size: 100m 79 | 80 | configs: 81 | master: 82 | file: ./master/mysqld.cnf 83 | slave: 84 | file: ./slave/mysqld.cnf 85 | initslave: 86 | file: ./slave/init.sh 87 | 88 | networks: 89 | mysql: 90 | external: true -------------------------------------------------------------------------------- /mysql-replication/master/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/mysql-replication/master/data/.gitignore -------------------------------------------------------------------------------- /mysql-replication/master/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | 6 | [mysqld] 7 | server-id = 1 8 | log-bin = mysql-bin 9 | log-bin-index = master-bin.index 10 | gtid-mode=on 11 | enforce-gtid-consistency=1 12 | 13 | #bind-address = 127.0.0.1 14 | symbolic-links=0 15 | port = 3306 16 | socket = /var/run/mysqld/mysqld.sock 17 | pid-file = /var/run/mysqld/mysqld.pid 18 | datadir = /var/lib/mysql 19 | skip-external-locking 20 | key_buffer_size = 32M 21 | max_allowed_packet = 1M 22 | table_open_cache = 128 23 | sort_buffer_size = 768K 24 | net_buffer_length = 8K 25 | read_buffer_size = 768K 26 | read_rnd_buffer_size = 512K 27 | myisam_sort_buffer_size = 8M 28 | thread_cache_size = 16 29 | query_cache_size = 16M 30 | tmp_table_size = 32M 31 | performance_schema_max_table_instances = 500 32 | 33 | explicit_defaults_for_timestamp = true 34 | #skip-networking 35 | max_connections = 500 36 | max_connect_errors = 100 37 | open_files_limit = 65535 38 | 39 | 40 | binlog_format=mixed 41 | expire_logs_days = 10 42 | early-plugin-load = "" 43 | 44 | #loose-innodb-trx=0 45 | #loose-innodb-locks=0 46 | #loose-innodb-lock-waits=0 47 | #loose-innodb-cmp=0 48 | #loose-innodb-cmp-per-index=0 49 | #loose-innodb-cmp-per-index-reset=0 50 | #loose-innodb-cmp-reset=0 51 | #loose-innodb-cmpmem=0 52 | #loose-innodb-cmpmem-reset=0 53 | #loose-innodb-buffer-page=0 54 | #loose-innodb-buffer-page-lru=0 55 | #loose-innodb-buffer-pool-stats=0 56 | #loose-innodb-metrics=0 57 | #loose-innodb-ft-default-stopword=0 58 | #loose-innodb-ft-inserted=0 59 | #loose-innodb-ft-deleted=0 60 | #loose-innodb-ft-being-deleted=0 61 | #loose-innodb-ft-config=0 62 | #loose-innodb-ft-index-cache=0 63 | #loose-innodb-ft-index-table=0 64 | #loose-innodb-sys-tables=0 65 | #loose-innodb-sys-tablestats=0 66 | #loose-innodb-sys-indexes=0 67 | #loose-innodb-sys-columns=0 68 | #loose-innodb-sys-fields=0 69 | #loose-innodb-sys-foreign=0 70 | #loose-innodb-sys-foreign-cols=0 71 | 72 | default_storage_engine = InnoDB 73 | innodb_file_per_table = 1 74 | innodb_data_home_dir = /var/lib/mysql 75 | innodb_data_file_path = ibdata1:10M:autoextend 76 | innodb_log_group_home_dir = /var/lib/mysql 77 | innodb_buffer_pool_size = 128M 78 | innodb_log_file_size = 32M 79 | innodb_log_buffer_size = 8M 80 | innodb_flush_log_at_trx_commit = 1 81 | innodb_lock_wait_timeout = 50 82 | 83 | [mysqldump] 84 | quick 85 | max_allowed_packet = 16M 86 | 87 | [mysql] 88 | no-auto-rehash 89 | 90 | [myisamchk] 91 | key_buffer_size = 32M 92 | sort_buffer_size = 768K 93 | read_buffer = 2M 94 | write_buffer = 2M 95 | 96 | [mysqlhotcopy] 97 | interactive-timeout -------------------------------------------------------------------------------- /mysql-replication/slave/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/mysql-replication/slave/data/.gitignore -------------------------------------------------------------------------------- /mysql-replication/slave/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | # 检查主从复制是否正常 4 | check_slave_health () { 5 | echo Checking replication health: 6 | status=$(mysql --defaults-file=/tmp/slave.cnf -e "SHOW SLAVE STATUS\G") 7 | echo "$status" | egrep 'Slave_(IO|SQL)_Running:|Seconds_Behind_Master:|Last_.*_Error:' | grep -v "Error: $" 8 | if ! echo "$status" | grep -qs "Slave_IO_Running: Yes" || 9 | ! echo "$status" | grep -qs "Slave_SQL_Running: Yes" || 10 | ! echo "$status" | grep -qs "Seconds_Behind_Master: 0" ; then 11 | echo WARNING: Replication is not healthy. 12 | return 1 13 | fi 14 | return 0 15 | } 16 | # 设置默认值 17 | MYSQL_MASTER_HOST=${MYSQL_MASTER_HOST:-'master'} 18 | MYSQL_MASTER_PASSWORD=${MYSQL_MASTER_PASSWORD:-'root'} 19 | MYSQL_REPLICATION_USER=${MYSQL_REPLICATION_USER:-'replication'} 20 | MYSQL_REPLICATION_PASSWORD=${MYSQL_REPLICATION_PASSWORD:-'replication'} 21 | 22 | # 创建配置文件 23 | cat > /tmp/slave.cnf << EOF 24 | [client] 25 | user = root 26 | password = ${MYSQL_ROOT_PASSWORD} 27 | port = 3306 28 | socket = /var/run/mysqld/mysqld.sock 29 | EOF 30 | cat > /tmp/master.cnf << EOF 31 | [client] 32 | user = root 33 | password = ${MYSQL_MASTER_PASSWORD} 34 | port = 3306 35 | host = ${MYSQL_MASTER_HOST} 36 | EOF 37 | 38 | # 启动后等待5秒 39 | echo "* Sleep 5s then Configure replication" 40 | sleep 5 41 | # 检查主库能否连接 42 | mysql --defaults-file=/tmp/master.cnf -e "show databases;" > /dev/null 2>&1 43 | if [ $? -eq 0 ];then 44 | # 判断主从是否配置,0:未配置,1:已配置 45 | if [ $(mysql --defaults-file=/tmp/slave.cnf -AN -e "show slave status;" | wc -l) -eq 0 ];then 46 | # 创建主从复制账户 47 | echo "* Create replication user" 48 | mysql --defaults-file=/tmp/master.cnf -AN -e "GRANT FILE, SELECT, SHOW VIEW, LOCK TABLES, RELOAD, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO '${MYSQL_REPLICATION_USER}'@'%' IDENTIFIED BY '${MYSQL_REPLICATION_PASSWORD}';" 49 | mysql --defaults-file=/tmp/master.cnf -AN -e "FLUSH PRIVILEGES;" 50 | # 配置主从信息 51 | echo "* Configure replication Info" 52 | # mysql --defaults-file=/tmp/slave.cnf -AN -e "RESET MASTER;" 53 | MYSQL_MASTER_Position=$(eval "mysql --defaults-file=/tmp/master.cnf -e 'show master status \G' | awk '/Position/{print \$2}'") 54 | MYSQL_MASTER_FILE=$(eval "mysql --defaults-file=/tmp/master.cnf -e 'show master status \G' | awk '/File/{print \$2}'") 55 | mysql --defaults-file=/tmp/slave.cnf -e "STOP SLAVE;" 56 | mysql --defaults-file=/tmp/slave.cnf -e "RESET SLAVE;" 57 | mysql --defaults-file=/tmp/slave.cnf -e "CHANGE MASTER TO \ 58 | MASTER_HOST='$MYSQL_MASTER_HOST', \ 59 | MASTER_PORT=3306, \ 60 | MASTER_USER='$MYSQL_REPLICATION_USER', \ 61 | MASTER_PASSWORD='$MYSQL_REPLICATION_PASSWORD', \ 62 | MASTER_LOG_FILE='$MYSQL_MASTER_FILE', \ 63 | MASTER_LOG_POS=$MYSQL_MASTER_Position;" 64 | mysql --defaults-file=/tmp/slave.cnf -e "START SLAVE;" 65 | 66 | # 检查主从状态,失败直接退出 67 | # mysql -uroot -p${MYSQL_ROOT_PASSWORD} -AN -e "show slave status\G" 68 | echo "* Check Replication healthy." 69 | counter=0 70 | while ! check_slave_health; do 71 | if (( counter >= 10 )); then 72 | echo "* Replication not healthy, health timeout reached, failing." 73 | break 74 | exit 1 75 | fi 76 | let counter=counter+1 77 | sleep 1 78 | done 79 | fi 80 | else 81 | exit 1 82 | fi 83 | # 安全考虑,取消主库相关信息以及临时文件 84 | unset MYSQL_MASTER_HOST MYSQL_MASTER_PASSWORD 85 | rm -rf /tmp/master.cnf /tmp/slave.cnf 86 | echo "* MySQL Replicate Done." -------------------------------------------------------------------------------- /mysql-replication/slave/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | 6 | [mysqld] 7 | server-id = 2 8 | relay-log-index = slave-relay-bin.index 9 | relay-log = slave-relay-bin 10 | replicate-ignore-db = mysql 11 | gtid-mode=on 12 | enforce-gtid-consistency=1 13 | 14 | slave-parallel-type=LOGICAL_CLOCK 15 | slave-parallel-workers=16 16 | master_info_repository=TABLE 17 | relay_log_info_repository=TABLE 18 | relay_log_recovery=ON 19 | 20 | #bind-address = 127.0.0.1 21 | symbolic-links=0 22 | port = 3306 23 | socket = /var/run/mysqld/mysqld.sock 24 | pid-file = /var/run/mysqld/mysqld.pid 25 | datadir = /var/lib/mysql 26 | skip-external-locking 27 | key_buffer_size = 32M 28 | max_allowed_packet = 1M 29 | table_open_cache = 128 30 | sort_buffer_size = 768K 31 | net_buffer_length = 8K 32 | read_buffer_size = 768K 33 | read_rnd_buffer_size = 512K 34 | myisam_sort_buffer_size = 8M 35 | thread_cache_size = 16 36 | query_cache_size = 16M 37 | tmp_table_size = 32M 38 | performance_schema_max_table_instances = 500 39 | 40 | explicit_defaults_for_timestamp = true 41 | #skip-networking 42 | max_connections = 500 43 | max_connect_errors = 100 44 | open_files_limit = 65535 45 | binlog_format=mixed 46 | expire_logs_days = 10 47 | early-plugin-load = "" 48 | 49 | #loose-innodb-trx=0 50 | #loose-innodb-locks=0 51 | #loose-innodb-lock-waits=0 52 | #loose-innodb-cmp=0 53 | #loose-innodb-cmp-per-index=0 54 | #loose-innodb-cmp-per-index-reset=0 55 | #loose-innodb-cmp-reset=0 56 | #loose-innodb-cmpmem=0 57 | #loose-innodb-cmpmem-reset=0 58 | #loose-innodb-buffer-page=0 59 | #loose-innodb-buffer-page-lru=0 60 | #loose-innodb-buffer-pool-stats=0 61 | #loose-innodb-metrics=0 62 | #loose-innodb-ft-default-stopword=0 63 | #loose-innodb-ft-inserted=0 64 | #loose-innodb-ft-deleted=0 65 | #loose-innodb-ft-being-deleted=0 66 | #loose-innodb-ft-config=0 67 | #loose-innodb-ft-index-cache=0 68 | #loose-innodb-ft-index-table=0 69 | #loose-innodb-sys-tables=0 70 | #loose-innodb-sys-tablestats=0 71 | #loose-innodb-sys-indexes=0 72 | #loose-innodb-sys-columns=0 73 | #loose-innodb-sys-fields=0 74 | #loose-innodb-sys-foreign=0 75 | #loose-innodb-sys-foreign-cols=0 76 | 77 | default_storage_engine = InnoDB 78 | innodb_file_per_table = 1 79 | innodb_data_home_dir = /var/lib/mysql 80 | innodb_data_file_path = ibdata1:10M:autoextend 81 | innodb_log_group_home_dir = /var/lib/mysql 82 | innodb_buffer_pool_size = 128M 83 | innodb_log_file_size = 32M 84 | innodb_log_buffer_size = 8M 85 | innodb_flush_log_at_trx_commit = 1 86 | innodb_lock_wait_timeout = 50 87 | 88 | [mysqldump] 89 | quick 90 | max_allowed_packet = 16M 91 | 92 | [mysql] 93 | no-auto-rehash 94 | 95 | [myisamchk] 96 | key_buffer_size = 32M 97 | sort_buffer_size = 768K 98 | read_buffer = 2M 99 | write_buffer = 2M 100 | 101 | [mysqlhotcopy] 102 | interactive-timeout -------------------------------------------------------------------------------- /nfs.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | nfs-server: 4 | image: fuzzle/docker-nfs-server 5 | privileged: true 6 | networks: 7 | nfs: 8 | environment: 9 | - NFS_EXPORT_DIR_1=/nfs 10 | - NFS_EXPORT_DOMAIN_1=* 11 | - NFS_EXPORT_OPTIONS_1=rw,sync,no_root_squash 12 | volumes: 13 | - /etc/localtime:/etc/localtime:ro 14 | - /opt/nfsdata:/nfs 15 | networks: 16 | nfs: 17 | external: 18 | name: "host" 19 | 20 | # yum install nfs-utils.x86_64 -y && mkdir /nfs && mount IP:/nfs /nfs && df -h | grep nfs 21 | -------------------------------------------------------------------------------- /redis-cluster/README.md: -------------------------------------------------------------------------------- 1 | # 架构 2 | 3 | Redis哨兵 4 | 5 | # 镜像文档 6 | 7 | 全部使用官方镜像,以挂载配置文件的方式配置容器里面的服务。 8 | 9 | Haproxy:https://hub.docker.com/_/haproxy/ 10 | 11 | Redis: https://hub.docker.com/_/redis/ 12 | 13 | # 服务说明 14 | 15 | `haproxy` 服务作为主从切换且是整个服务的入口。暴露6379端口 16 | 17 | `redis master` redis主节点 18 | 19 | `redis slave` redis从节点 20 | 21 | `sentinel` 作为redis主从架构的角色切换 22 | 23 | # 启动 24 | 25 | ```shell 26 | docker network create -d overlay redis 27 | docker node update --label-add redis=true node01 28 | docker stack deploy -c docker-compose.yml rediscluster 29 | ``` 30 | 31 | 32 | 33 | # haproxy高可用 34 | 35 | 调整 `rediscluster_haproxy` 副本数 36 | 37 | ```shell 38 | docker service scale rediscluster_haproxy=2 -d 39 | ``` 40 | -------------------------------------------------------------------------------- /redis-cluster/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | haproxy: 4 | image: haproxy:1.8.3 5 | hostname: redis-haproxy 6 | ports: 7 | - 6379:6379/tcp 8 | networks: 9 | redis: 10 | aliases: 11 | - redis-haproxy 12 | volumes: 13 | - ./redis-haproxy:/usr/local/etc/haproxy:ro 14 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 15 | deploy: 16 | mode: replicated 17 | replicas: 1 18 | placement: 19 | constraints: 20 | - node.labels.redis == true 21 | logging: 22 | driver: json-file 23 | options: 24 | max-file: '3' 25 | max-size: 100m 26 | 27 | master: 28 | image: redis:4.0.6 29 | hostname: redis-master 30 | networks: 31 | redis: 32 | aliases: 33 | - redis-master 34 | volumes: 35 | - ./redis-master:/data:rw 36 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 37 | deploy: 38 | mode: replicated 39 | replicas: 1 40 | placement: 41 | constraints: 42 | - node.labels.redis == true 43 | logging: 44 | driver: json-file 45 | options: 46 | max-file: '3' 47 | max-size: 100m 48 | 49 | slave: 50 | image: redis:4.0.6 51 | hostname: redis-slave 52 | command: redis-server --slaveof redis-master 6379 53 | networks: 54 | redis: 55 | aliases: 56 | - redis-slave 57 | volumes: 58 | - ./redis-slave:/data:rw 59 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 60 | deploy: 61 | mode: replicated 62 | replicas: 1 63 | placement: 64 | constraints: 65 | - node.labels.redis == true 66 | logging: 67 | driver: json-file 68 | options: 69 | max-file: '3' 70 | max-size: 100m 71 | 72 | sentinel: 73 | image: redis:4.0.6 74 | hostname: redis-sentinel 75 | command: redis-sentinel /etc/redis/sentinel.conf --sentinel 76 | networks: 77 | redis: 78 | aliases: 79 | - redis-sentinel 80 | volumes: 81 | - ./redis-sentinel/sentinel.conf:/etc/redis/sentinel.conf:rw 82 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 83 | deploy: 84 | mode: replicated 85 | replicas: 1 86 | placement: 87 | constraints: 88 | - node.labels.redis == true 89 | logging: 90 | driver: json-file 91 | options: 92 | max-file: '3' 93 | max-size: 100m 94 | 95 | networks: 96 | redis: 97 | external: true 98 | -------------------------------------------------------------------------------- /redis-cluster/redis-haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log 127.0.0.1 local2 3 | 4 | pidfile /var/run/haproxy.pid 5 | maxconn 20480 6 | 7 | defaults REDIS 8 | mode tcp 9 | timeout connect 4s 10 | timeout server 5m 11 | timeout client 5m 12 | 13 | frontend ft_redis 14 | bind 0.0.0.0:6379 name redis 15 | default_backend bk_redis 16 | 17 | backend bk_redis 18 | option tcp-check 19 | tcp-check connect 20 | tcp-check send PING\r\n 21 | tcp-check expect string +PONG 22 | tcp-check send info\ replication\r\n 23 | tcp-check expect string role:master 24 | tcp-check send QUIT\r\n 25 | tcp-check expect string +OK 26 | server redis0 redis-master check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 27 | server redis1 redis-slave check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 28 | -------------------------------------------------------------------------------- /redis-cluster/redis-master/README.md: -------------------------------------------------------------------------------- 1 | 存放Redis Master数据目录 2 | -------------------------------------------------------------------------------- /redis-cluster/redis-sentinel/sentinel.conf: -------------------------------------------------------------------------------- 1 | ## redis-0 2 | ##sentinel实例之间的通讯端口 3 | port 26379 4 | # master1 5 | sentinel monitor master1 redis-master 6379 1 6 | sentinel down-after-milliseconds master1 5000 7 | sentinel failover-timeout master1 900000 8 | # sentinel can-failover master1 yes 9 | sentinel parallel-syncs master1 2 10 | -------------------------------------------------------------------------------- /redis-cluster/redis-slave/README.md: -------------------------------------------------------------------------------- 1 | 存放Redis Slave数据目录 2 | -------------------------------------------------------------------------------- /redis-cluster/redis/README.md: -------------------------------------------------------------------------------- 1 | Redis数据库目录 2 | -------------------------------------------------------------------------------- /redis-cluster/redis/redis-haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log 127.0.0.1 local2 3 | 4 | pidfile /var/run/haproxy.pid 5 | maxconn 20480 6 | 7 | defaults REDIS 8 | mode tcp 9 | timeout connect 4s 10 | timeout server 5m 11 | timeout client 5m 12 | 13 | frontend ft_redis 14 | bind 0.0.0.0:6379 name redis 15 | default_backend bk_redis 16 | 17 | backend bk_redis 18 | option tcp-check 19 | tcp-check connect 20 | tcp-check send PING\r\n 21 | tcp-check expect string +PONG 22 | tcp-check send info\ replication\r\n 23 | tcp-check expect string role:master 24 | tcp-check send QUIT\r\n 25 | tcp-check expect string +OK 26 | server redis0 redis-master check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 27 | server redis1 redis-slave check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 28 | -------------------------------------------------------------------------------- /redis-cluster/redis/redis-sentinel/sentinel.conf: -------------------------------------------------------------------------------- 1 | ## redis-0 2 | ##sentinel实例之间的通讯端口 3 | port 26379 4 | # master1 5 | sentinel monitor master1 redis-master 6379 1 6 | sentinel down-after-milliseconds master1 5000 7 | sentinel failover-timeout master1 900000 8 | # sentinel can-failover master1 yes 9 | sentinel parallel-syncs master1 2 10 | dir "/data" 11 | -------------------------------------------------------------------------------- /registry/certs/hub.xmitd.com.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFbjCCA1YCCQCMEdWjMYYLVTANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJD 3 | TjELMAkGA1UECAwCSEIxCzAJBgNVBAcMAldIMQswCQYDVQQKDAJNbzELMAkGA1UE 4 | CwwCTWUxFjAUBgNVBAMMDWh1Yi54bWl0ZC5jb20xHjAcBgkqhkiG9w0BCQEWDzk1 5 | MTEyMDgyQHFxLmNvbTAeFw0xODA2MjgwODI5MDBaFw0xOTA2MjgwODI5MDBaMHkx 6 | CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJIQjELMAkGA1UEBwwCV0gxCzAJBgNVBAoM 7 | Ak1vMQswCQYDVQQLDAJNZTEWMBQGA1UEAwwNaHViLnhtaXRkLmNvbTEeMBwGCSqG 8 | SIb3DQEJARYPOTUxMTIwODJAcXEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A 9 | MIICCgKCAgEAwTXwc1xCwBy55NjkHOqjA7V/MbAROzU2cBnDFwiBAchAZPWOv6wT 10 | W9p4y8pPgWMrd6gDN6j22N+yQbihNH4yJIN/M5rtNcqPbk1JnqgzUJEPWfzFttSI 11 | JX7+FI9t/XaOkSCoX+a6wOE3byHFppEsueiV97+SbDArQDqLmytkjUZLXkdlDp62 12 | MPJQVWPCVVhzzl5wNoEKICB3OgN0WGyP+3cCSUkZ8o/+4vLnd/9PDcwbUjawC866 13 | 5HGlSam1VzMEgYISQYBRaSGukLHPsLQb1bJVPxZb/8uGw+tFbqunlyISd0TkPEyL 14 | +euO0KTOTGRZzA/DazV69dO1t10+kr5Hi1HytJXbaXNzeU6Dl8Jbv5zs6QUT3RC8 15 | 3FOR1FRqfWagCBAbzeTYvL21JcAAGgEe41wUGqJSh5k6k5uXCyk4MbJMTM9tgmed 16 | LAidhkyDxFrA/368xieQ9rE1CQvDESALvGBFIweIWqL0iA8aH+lYKoXcuFMeW08p 17 | hSmhC6RePQLBGnmTkVSFb7ZPjEGsWkuUNOIITdD2qf3KxEwW+ku7zUZCyNtyEElO 18 | q2CzCKEcE9k5Jhsjw+RJXtugYXsRV1/Ic1jKdBWlgzsElh1ZcChFzUlVR4MChnly 19 | qa9WRPzQa+AhlwJyJLN0tzTWMNUscMj+c4GXzHwtqTqBVeqvH7nSufMCAwEAATAN 20 | BgkqhkiG9w0BAQsFAAOCAgEALgFdRGE8caQe3WWZjkJN5UsByTrRoEyAh0dbv00c 21 | z1Vn8NjaWjMG+MqS8sm17rNLKR3E1iTH7qhN97o1VG/FYExwWYTeC0uqa0w7PdXY 22 | q681Q2abeyd90s1dx877nr45exiv0YWveTS6/YlzLOzNE/0jrgk5mRm3MwBDApiL 23 | rRBpqGU3qqG/vA/ROJlQDoKxwCmuI4VkJ7JEPtG+5UGW/38vwXWqSUp6XhiusFPE 24 | YCoUbmtf+LM8n7QJgFdeTsw0jexGFb4WdRL+fxCyUa2QDCEPruCrJLhFCjNftbuO 25 | YNsTZ/4qdTv+EpmGuodvQRpvcdF4ebNhTPxaVdeYQp2sS2jAgtxsVeVmf/xz3FzU 26 | 3NGXyg91Txf7BAcqw6ackWIbWGcMT0oMWEBkAOgqr8GS4y+lD2Q7aQ4O0G2itsqB 27 | EiZYxbOT+urLWgKy8VNBovEqzmpIqQ/BflUF1dT1Zjqv+f2up02A+GmMb+Oyurmt 28 | ysUF12scbY9kCP/xfSNwHfWjXq1BDYFOqoOLRnxrTO1Si9raWmraWVc0E6BN7roP 29 | Cqf552dGTWa/SrvXF76UMPGpFKKlu3je6E2T+GXm9B9J9a5oUyAx4ufXTtWRrDBd 30 | avH+4z7lkYQZEHPvZB9sQ7zWc17hWLMzGnMrrJyvYhpwYVJFBH1+oarkkibmZLMc 31 | lng= 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /registry/certs/hub.xmitd.com.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDBNfBzXELAHLnk 3 | 2OQc6qMDtX8xsBE7NTZwGcMXCIEByEBk9Y6/rBNb2njLyk+BYyt3qAM3qPbY37JB 4 | uKE0fjIkg38zmu01yo9uTUmeqDNQkQ9Z/MW21Iglfv4Uj239do6RIKhf5rrA4Tdv 5 | IcWmkSy56JX3v5JsMCtAOoubK2SNRkteR2UOnrYw8lBVY8JVWHPOXnA2gQogIHc6 6 | A3RYbI/7dwJJSRnyj/7i8ud3/08NzBtSNrALzrrkcaVJqbVXMwSBghJBgFFpIa6Q 7 | sc+wtBvVslU/Flv/y4bD60Vuq6eXIhJ3ROQ8TIv5647QpM5MZFnMD8NrNXr107W3 8 | XT6SvkeLUfK0ldtpc3N5ToOXwlu/nOzpBRPdELzcU5HUVGp9ZqAIEBvN5Ni8vbUl 9 | wAAaAR7jXBQaolKHmTqTm5cLKTgxskxMz22CZ50sCJ2GTIPEWsD/frzGJ5D2sTUJ 10 | C8MRIAu8YEUjB4haovSIDxof6Vgqhdy4Ux5bTymFKaELpF49AsEaeZORVIVvtk+M 11 | QaxaS5Q04ghN0Pap/crETBb6S7vNRkLI23IQSU6rYLMIoRwT2TkmGyPD5Ele26Bh 12 | exFXX8hzWMp0FaWDOwSWHVlwKEXNSVVHgwKGeXKpr1ZE/NBr4CGXAnIks3S3NNYw 13 | 1SxwyP5zgZfMfC2pOoFV6q8fudK58wIDAQABAoICAQC+T0wFxUW2h1UPtheS6Acj 14 | ux2LKrr+T97MMoP4ZxbzU3UiPMGbyHnVCu/bA+6mKrGBDgwFQjfKzSR/GcYnt3na 15 | f2/Gu/6U8m2vHw+56EGLRScS4yk4ekWUcW8Bf3m+pI2vI7TVqaYgIHaCz4gpFmww 16 | vokhXCB00kl33XLvp6FGiovoVHiVGv2oXrWENlwPxq1jA6CR/y6jEHd/vDFYe66i 17 | 6clluEyHoRBWKR6YEvGiTH5Iz7c+GiX6qHo/gZsuRgFVM3KZ9DO8U0HoIkzJ585X 18 | Am53UqXR4n5e8poUdZ4A/r2jn0cUoe1qgXzNxNezZVER8CDzs9zm0N73uy/MSQKb 19 | 4MfrLZg9hgr07cGN6ZPsint/EpA4CVdgPzqSKpNfdBPtvm2uHIV4RTx3eshS2f7F 20 | 22eldBAzOpafrTqKaZuwzYtQrS9O9apR5lJ8yUsGT9+jed/WbdoRuSBMUbR9BeTK 21 | kRp56VdKAIjnsE+1AFXuBTieL2Zs+t9K+NvVaHyUT1QdsvP8H8PPRsqzhg4oOAAh 22 | GQ2SXh4cMAbl1TOtY4aBZcLpcmPnIgRXlJSSm54da71ARNZKITubXm3f10roJEeU 23 | fx1Ap+q1wCwrNwyxP0kQf8LiJ6KykFHnme8Quk0sz1TV2VrgqeYnc0PpzV04U/o1 24 | Qdalt+9mGvSTescb4xcgCQKCAQEA6NkHeesq4rwAI5WtTBkwrauVUP5auBWzKiw6 25 | A5WVLnw5B6l5dZEUJHGQPIQ4rua2Jnrz0ogvUO9MQvH2UaQcBaFDXnRvUT7vgTbE 26 | wXZHBc+mC7XqzyLcr7ABOa7GXVVA+7fF9U/Xtz51PDfcpfv5xl+2GneYL3WxMU4d 27 | 4tbQhbGS7i0DFppWl+RXVo/lpC/SBT77KE6nHVV8Qc5SWCGNl0v6lN1io4tKKJqe 28 | gOeTfUWOIBNbVz0u+0fJc6rPwNqf437i3aOiwlwqmy+7ciDyw42YMpwoPkIvvp8I 29 | SmUYxuFTwvX/IzTkYZwgFwIUko+KFQfvkL8gK2zVnJ05vNTYvQKCAQEA1Gv6LFbN 30 | QFNNjsLFHr2pg+oeR+PEwBLeJsOtJf/mRjh+pGa/a+QQYQ8G/PWFxmCUgAp/LmgA 31 | Xex7EmktLN14DCuiAk8ofZRFcwMTrqx1I5Xf2Zdf9/5NIqc8uTcCV0AHFg7qhIlD 32 | p/YEIT7DIlJlygHCjy5pnrlMII6cqdNrgWCuH3dr7WgCuNEX1KmTQb66qsKPRLK1 33 | psnAiN0xuWz24CBFSUKeBdjaEjnZUfvsEKvbhE3UbsY0jkc5Do5Bu2FaSVH1/9HC 34 | COdh4v+h28YIpQ5l7RUnLceD/HOic8bikKIGdeFJ6g3XjffCEMeQJ6/AKRHMSwFn 35 | +rSVkFjNlhfAbwKCAQEAwyejLHv9pasMMsbwSCeUtPpqW0fToRYO4/nNZdOpBRz4 36 | b4OLWQ4PY7wKt63aFD0pzXafhIS/o4Xs1O8XE7YIBm/yluffpKiq9BGDNuJ7BFPV 37 | R1thQdpmPJm3bTEe8HrTzCVqtQAGPH8Mozvuou9dmPX/Go/B7YUmzbw7MDP68RKz 38 | owv22qrgiM3IpbRVNBcgX2U5+75wMhXD3yOdwF/e3D/B9aLXWVsU/JMa5c8xvnzd 39 | ceTHWYbeKZ0xKtCu72RNPc7LNhhAAcZdr1OCN1WGIoA6X7ChygyPF6USvcedzJJu 40 | Makb/dYG1AiWnLIRrATCJn5QO3D09XByWKEuEyYRwQKCAQBLtLPzq3f5TfcdQyM3 41 | woawwfbKzk1n2xGbpS+HlH1AV5AjDY95Z03DGbT24JYtzmv+ej87jctbrhVqyVtV 42 | WxUW2VIjGo0mvHpH9DfGkCYraZXfGckVPGfHSu0kYYuPBv2/ic9hLv6S1OZB5vlq 43 | uQ0YAqqRlwwDiqysCceh6vysnoVQJ6KqeOBHeBXTMCCQVOZ4R2ECLeL5r3vUC2lW 44 | WZRe6oFnC7v//3ow9rcSNgO7KVTSAV8Nn8xJTO7z1hVtL9Qav4A6DUrnG3fSjCLm 45 | jdy03r3K0jglY68RgTDLrH1A6M3+oy1Rol9JdJyQmF8zFbsZqAM0VCr3ufZ3/H5A 46 | 2PQ3AoIBAQDm6Qb2hVW9WxcwmKTGgLs6xP+Hvq7abP3gVKPC4bptu9vSiVyC0u3D 47 | SfCwPQh4nZVfpRXOUJGFmhGqaEOi0gWwlL80DFAyTbeM6mCYrEf/Jb2NrQMr1CaK 48 | 8cO9SkemqPt9yQnoH5s/3JJhXwBXCRzSLiijkliqERJq2BV+SyyKLVldvepCLCrc 49 | 6AcNd0pYZesO7rzzqUKZNiI7cPuBz/eCCh/U8QWx5UxfvvwmIlUK1Y+FzAMw2ueM 50 | hKlS5yBIxj41LW9BPojKZHC18+deN9M6SePn1CcomCpBAmCZ5l8IuZg5+vduCE9V 51 | QWkKVD2R2/FZg9HYbqg5VbzHojlvQF3E 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /registry/minio/conf/config.yml: -------------------------------------------------------------------------------- 1 | version: 0.1 2 | log: 3 | fields: 4 | service: registry 5 | http: 6 | addr: :5000 7 | storage: 8 | cache: 9 | layerinfo: inmemory 10 | s3: 11 | accesskey: BR7F96JG3FWWKPSO7GQB 12 | secretkey: drHhl1rpsfBdxOEXQdUIw2uLaTsQqZElAFozNdGw 13 | region: us-east-1 14 | regionendpoint: http://minio:9000/ 15 | bucket: docker-registry 16 | encrypt: false 17 | secure: true 18 | v4auth: true 19 | chunksize: 5242880 20 | rootdirectory: / 21 | delete: 22 | enabled: true 23 | redirect: 24 | disable: false -------------------------------------------------------------------------------- /registry/minio/data/minio/config/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/registry/minio/data/minio/config/.gitignore -------------------------------------------------------------------------------- /registry/minio/data/minio/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/registry/minio/data/minio/data/.gitignore -------------------------------------------------------------------------------- /registry/minio/data/redis/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/registry/minio/data/redis/.gitignore -------------------------------------------------------------------------------- /registry/minio/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | registry: 4 | image: registry:2.6.1 5 | hostname: registry 6 | ports: 7 | - 5000:5000/tcp 8 | networks: 9 | registry: 10 | aliases: 11 | - registry 12 | configs: 13 | - source: registryconfig 14 | target: /etc/docker/registry/config.yml 15 | deploy: 16 | mode: replicated 17 | replicas: 1 18 | update_config: 19 | order: start-first 20 | parallelism: 1 21 | delay: 10s 22 | healthcheck: 23 | test: ["CMD-SHELL", "nc -z 127.0.0.1 5000 || exit 1"] 24 | interval: 10s 25 | timeout: 5s 26 | retries: 3 27 | logging: 28 | driver: json-file 29 | options: 30 | max-file: '3' 31 | max-size: 100m 32 | 33 | redis: 34 | image: redis:4.0.6 35 | networks: 36 | registry: 37 | aliases: 38 | - redis 39 | volumes: 40 | - ./data/redis:/data:rw 41 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 42 | healthcheck: 43 | test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 PING &> /dev/null || exit 1"] 44 | interval: 10s 45 | timeout: 5s 46 | retries: 3 47 | deploy: 48 | mode: replicated 49 | replicas: 1 50 | update_config: 51 | order: stop-first 52 | parallelism: 1 53 | delay: 10s 54 | logging: 55 | driver: json-file 56 | options: 57 | max-file: '3' 58 | max-size: 100m 59 | 60 | minio: 61 | image: minio/minio:RELEASE.2018-09-01T00-38-25Z 62 | command: server /data 63 | networks: 64 | registry: 65 | aliases: 66 | - minio 67 | environment: 68 | - MINIO_ACCESS_KEY=BR7F96JG3FWWKPSO7GQB 69 | - MINIO_SECRET_KEY=drHhl1rpsfBdxOEXQdUIw2uLaTsQqZElAFozNdGw 70 | volumes: 71 | - ./data/minio/data:/data:rw 72 | - ./data/minio/config:/root/.minio:rw 73 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 74 | deploy: 75 | mode: replicated 76 | replicas: 1 77 | update_config: 78 | order: stop-first 79 | parallelism: 1 80 | delay: 10s 81 | logging: 82 | driver: json-file 83 | options: 84 | max-file: '3' 85 | max-size: 100m 86 | configs: 87 | registryconfig: 88 | file: ./conf/config.yml 89 | networks: 90 | registry: 91 | external: true -------------------------------------------------------------------------------- /registry/nginx.conf: -------------------------------------------------------------------------------- 1 | upstream registry { 2 | server 192.168.100.10:10005; 3 | } 4 | 5 | upstream registryui { 6 | ip_hash; 7 | server 192.168.100.10:10006; 8 | } 9 | 10 | map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { 11 | 'registry/2.0' ''; 12 | default registry/2.0; 13 | } 14 | 15 | server { 16 | listen 80; 17 | access_log /var/log/nginx/hub.zdoo.com.log main; 18 | server_name hub.zdoo.com; 19 | client_max_body_size 0; 20 | chunked_transfer_encoding on; 21 | # include ssl.conf 22 | 23 | location / { 24 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 25 | proxy_redirect off; 26 | proxy_buffering off; 27 | proxy_set_header Host $host; 28 | proxy_set_header X-Real-IP $remote_addr; 29 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 30 | proxy_pass http://registryui; 31 | } 32 | 33 | location /v2/ { 34 | if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { 35 | return 404; 36 | } 37 | # auth_basic "Registry realm"; 38 | # auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd; 39 | add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; 40 | proxy_pass http://registry; 41 | proxy_set_header Host $http_host; 42 | proxy_set_header X-Real-IP $remote_addr; 43 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 | proxy_set_header X-Forwarded-Proto $scheme; 45 | proxy_read_timeout 900; 46 | } 47 | } -------------------------------------------------------------------------------- /registry/qingyun.yml: -------------------------------------------------------------------------------- 1 | version: 0.1 2 | log: 3 | accesslog: 4 | disabled: true 5 | level: debug 6 | formatter: text 7 | fields: 8 | service: registry 9 | environment: staging 10 | loglevel: debug 11 | storage: 12 | oss: 13 | accesskeyid: XXMQXDYYXPRKDAAISNUO 14 | accesskeysecret: MFutwJyzBnL5srqxM2rT8KyRNRWKoyhJpLl00w0C 15 | region: pek3b 16 | bucket: registry 17 | endpoint: registry.pek3b.qingstor.com 18 | delete: 19 | enabled: true 20 | redirect: 21 | disable: false 22 | cache: 23 | blobdescriptor: redis 24 | #auth: 25 | # token: 26 | # realm: http://192.168.31.136:8080/auth 27 | # service: "Docker registry" 28 | # issuer: "Auth Service" 29 | # rootcertbundle: /certs/hub.xmitd.com.crt 30 | http: 31 | addr: :5000 32 | headers: 33 | X-Content-Type-Options: [nosniff] 34 | redis: 35 | addr: redis:6379 36 | db: 0 37 | dialtimeout: 10ms 38 | readtimeout: 10ms 39 | writetimeout: 10ms 40 | pool: 41 | maxidle: 16 42 | maxactive: 64 43 | idletimeout: 300s -------------------------------------------------------------------------------- /registry/registry/config.yml: -------------------------------------------------------------------------------- 1 | version: 0.1 2 | log: 3 | accesslog: 4 | disabled: true 5 | level: debug 6 | formatter: text 7 | fields: 8 | service: registry 9 | environment: staging 10 | loglevel: debug 11 | storage: 12 | oss: 13 | accesskeyid: xxxx 14 | accesskeysecret: xxxx 15 | region: oss-cn-shanghai 16 | bucket: xxxx 17 | # endpoint: optional endpoints 18 | # internal: optional internal endpoint 19 | # encrypt: optional data encryption setting 20 | # secure: optional ssl setting 21 | # chunksize: optional size valye 22 | # rootdirectory: optional root directory 23 | delete: 24 | enabled: true 25 | redirect: 26 | disable: false 27 | cache: 28 | blobdescriptor: redis 29 | #auth: 30 | # token: 31 | # realm: http://192.168.31.136:8080/auth 32 | # service: "Docker registry" 33 | # issuer: "Auth Service" 34 | # rootcertbundle: /certs/hub.xmitd.com.crt 35 | http: 36 | addr: :5000 37 | headers: 38 | X-Content-Type-Options: [nosniff] 39 | redis: 40 | addr: redis:6379 41 | db: 0 42 | dialtimeout: 10ms 43 | readtimeout: 10ms 44 | writetimeout: 10ms 45 | pool: 46 | maxidle: 16 47 | maxactive: 64 48 | idletimeout: 300s -------------------------------------------------------------------------------- /registry/registry/registry.auth.yaml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | registry: 4 | image: registry:2.6.1 5 | hostname: registry 6 | ports: 7 | - 80:5000/tcp 8 | networks: 9 | registry: 10 | aliases: 11 | - registry 12 | volumes: 13 | - ./config.yml:/etc/docker/registry/config.yml 14 | - ./certs:/certs 15 | # - /var/lib/registry:/var/lib/registry:rw 16 | environment: 17 | - REGISTRY_HTTP_TLS_KEY=/certs/hub.xmitd.com.key 18 | - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/hub.xmitd.com.crt 19 | networks: 20 | registry: 21 | external: true 22 | 23 | # openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key -x509 -days 365 -out domain.crt -------------------------------------------------------------------------------- /registry/registry/registry.oss.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | registry: 4 | image: registry:2.6.1 5 | hostname: registry 6 | ports: 7 | - 10000:5000/tcp 8 | networks: 9 | registry: 10 | aliases: 11 | - registry 12 | configs: 13 | - source: config 14 | target: /etc/docker/registry/config.yml 15 | redis: 16 | image: redis:4.0.6 17 | hostname: redis 18 | networks: 19 | registry: 20 | aliases: 21 | - redis 22 | deploy: 23 | mode: replicated 24 | replicas: 1 25 | logging: 26 | driver: json-file 27 | options: 28 | max-file: '3' 29 | max-size: 100m 30 | 31 | configs: 32 | config: 33 | file: ./config.yml 34 | 35 | networks: 36 | registry: 37 | external: true 38 | -------------------------------------------------------------------------------- /registry/registry/registry.ssl.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | registry: 4 | image: registry:2.6.1 5 | hostname: registry 6 | ports: 7 | - 443:5000/tcp 8 | networks: 9 | registry: 10 | aliases: 11 | - registry 12 | configs: 13 | - source: TLS_KEY 14 | target: /certs/gcr.io.key 15 | - source: TLS_CRT 16 | target: /usr/local/etc/php-fpm.d/www.conf 17 | volumes: 18 | - /var/lib/registry:/var/lib/registry:rw 19 | - ./certs:/certs 20 | environment: 21 | - REGISTRY_HTTP_TLS_KEY=/certs/gcr.io.key 22 | - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/gcr.io.crt 23 | networks: 24 | registry: 25 | external: true 26 | 27 | # Registry主机 28 | 29 | # openssl genrsa -out ./hub.xmitd.com.pem 4096 30 | 31 | # openssl req -new -x509 -key ./hub.xmitd.com.pem \ 32 | # -out hub.xmitd.com.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=Mo/OU=Me/CN=hub.xmitd.com/emailAddress=95112082@qq.com" 33 | 34 | # Client主机 35 | # mkdir -p /etc/docker/certs.d/hub.xmitd.com 36 | # /home/certs/hub.xmitd.com.crt是registry主机生成的 37 | # cp /home/certs/hub.xmitd.com.crt /etc/docker/certs.d/hub.xmitd.com/ 38 | 39 | # openssl req -newkey rsa:4096 \ 40 | # -nodes -sha256 -keyout hub.xmitd.com.key \ 41 | # -x509 -days 365 -out hub.xmitd.com.crt \ 42 | # -subj "/C=CN/ST=HB/L=WH/O=Mo/OU=Me/CN=hub.xmitd.com/emailAddress=95112082@qq.com" 43 | # Client主机 44 | # mkdir -p /etc/docker/certs.d/hub.xmitd.com 45 | # /home/certs/hub.xmitd.com.crt是registry主机生成的 46 | # cp /home/certs/hub.xmitd.com.crt /etc/docker/certs.d/hub.xmitd.com/ 47 | -------------------------------------------------------------------------------- /registry/registry/registry.ui.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | ui: 4 | image: daocloud.io/buxiaomo/dockerregistryui 5 | ports: 6 | - 10001:5000/tcp 7 | environment: 8 | - RegistryURL=hub.daoyun.rog.cn 9 | networks: 10 | registry: 11 | aliases: 12 | - registryui 13 | deploy: 14 | mode: replicated 15 | replicas: 1 16 | update_config: 17 | parallelism: 1 18 | delay: 10s 19 | logging: 20 | driver: json-file 21 | options: 22 | max-file: '3' 23 | max-size: 100m 24 | registry: 25 | image: registry:2.6.1 26 | ports: 27 | - 4004:5000/tcp 28 | networks: 29 | registry: 30 | aliases: 31 | - registry 32 | volumes: 33 | - /Users/momo/docker/registry/config.yml:/etc/docker/registry/config.yml:ro 34 | deploy: 35 | mode: replicated 36 | replicas: 1 37 | update_config: 38 | parallelism: 1 39 | delay: 10s 40 | placement: 41 | constraints: 42 | - node.labels.role == userservice 43 | logging: 44 | driver: json-file 45 | options: 46 | max-file: '3' 47 | max-size: 100m 48 | redis: 49 | image: redis:4.0.6 50 | hostname: redis 51 | networks: 52 | registry: 53 | aliases: 54 | - redis 55 | deploy: 56 | mode: replicated 57 | replicas: 1 58 | update_config: 59 | parallelism: 1 60 | delay: 10s 61 | logging: 62 | driver: json-file 63 | options: 64 | max-file: '3' 65 | max-size: 100m 66 | networks: 67 | registry: 68 | external: true 69 | -------------------------------------------------------------------------------- /registry/registry/registry.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | registry: 4 | image: registry:2.6.1 5 | hostname: registry 6 | ports: 7 | - 80:5000/tcp 8 | networks: 9 | registry: 10 | aliases: 11 | - registry 12 | volumes: 13 | - /Users/momo/registry:/var/lib/registry:rw 14 | networks: 15 | registry: 16 | external: true 17 | -------------------------------------------------------------------------------- /registry/ssl.conf: -------------------------------------------------------------------------------- 1 | # SSL 2 | listen 443 ssl; 3 | ssl_certificate /etc/nginx/conf.d/domain.crt; 4 | ssl_certificate_key /etc/nginx/conf.d/domain.key; 5 | 6 | # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 7 | ssl_protocols TLSv1.1 TLSv1.2; 8 | ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 9 | ssl_prefer_server_ciphers on; 10 | ssl_session_cache shared:SSL:10m; -------------------------------------------------------------------------------- /splunk/README.md: -------------------------------------------------------------------------------- 1 | # 基于Docker Swarm Cluster部署Splunk Cluster 2 | 3 | ## 安装Docker 4 | 5 | 略 (请安装17.12以上的版本) 6 | 7 | ## 配置Docker Swarm Cluster 8 | 9 | 略 10 | 11 | ## 主机节点 12 | 13 | | 主机名 | IP地址 | Splunk角色 | 14 | | :- | :-- | :-- | 15 | | splunk-search01 | 10.211.55.29 | Splunk Search | 16 | | splunk-index01 | 10.211.55.30 | Splunk Index, Splunk Slave License Server | 17 | | splunk-index02 | 10.211.55.31 | Splunk Index, Splunk Slave License Server | 18 | | splunk-master | 10.211.55.33 | Splunk Master | 19 | | splunk-licenser | 10.211.55.34 | Splunk Master License Server | 20 | | splunk-deployment | 10.211.55.35 | Splunk Deployment Server | 21 | | splunk-fd01 | 10.211.55.32 | Splunk Forword | 22 | 23 | ## 修改编排 24 | 25 | 替换编排文件中的 SPLUNK_DEPLOYMENT_SERVER_IP、SPLUNK_MASTER_SERVER_IP、SPLUNK_LICENS_SERVER_IP为对应的IP地址 26 | 27 | ```shell 28 | SPLUNK_DEPLOYMENT_SERVER_IP=10.0.3.51 29 | SPLUNK_MASTER_SERVER_IP=10.0.3.51 30 | SPLUNK_LICENS_SERVER_IP=10.0.3.51 31 | 32 | sed -i "s/SPLUNK_DEPLOYMENT_SERVER_IP/${SPLUNK_DEPLOYMENT_SERVER_IP}/g" splunk_cluster.yml 33 | sed -i "s/SPLUNK_MASTER_SERVER_IP/${SPLUNK_MASTER_SERVER_IP}/g" splunk_cluster.yml 34 | sed -i "s/SPLUNK_LICENS_SERVER_IP/${SPLUNK_LICENS_SERVER_IP}/g" splunk_cluster.yml 35 | 36 | ``` 37 | 38 | ## 配置主机角色 39 | 40 | ```shell 41 | docker node update --label-add splunk=searchead01 splunk-search 42 | docker node update --label-add splunk=master splunk-master 43 | docker node update --label-add splunk=indexer01 splunk-index01 44 | docker node update --label-add splunk=indexer02 splunk-index02 45 | docker node update --label-add splunk=licenser splunk-licenser 46 | docker node update --label-add splunk=deployment splunk-deployment 47 | ``` 48 | 49 | ## 部署集群 50 | 51 | 启动方法,查看 `deploy.sh` 与 `uninstall-universalforwarder.sh` 脚本逻辑 52 | 53 | ```shell 54 | ./deploy.sh 55 | ``` 56 | 57 | ## 访问集群 58 | 59 | http://10.211.55.29:8000 -------------------------------------------------------------------------------- /splunk/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 删除服务 3 | if [ $(docker stack ls | grep -E ^splunk | wc -l) != 0 ];then 4 | docker stack rm splunk 5 | sleep 5 6 | fi 7 | 8 | # 清理数据文件 9 | HOST_LIST=( 10 | 'root@10.0.3.51' 11 | 'root@10.0.3.52' 12 | 'root@10.0.3.53' 13 | ) 14 | 15 | for HOST in ${HOST_LIST[*]}; 16 | do 17 | ssh ${HOST} 'rm -rf /opt/splunk/etc /opt/splunk/var' 18 | ssh ${HOST} 'mkdir -p /opt/splunk/etc /opt/splunk/var' 19 | done 20 | 21 | docker stack deploy -c splunk_cluster.yml splunk 22 | 23 | ECHO=0 24 | while true 25 | do 26 | N=$(docker service logs splunk_master 2> /dev/null | grep "Waiting for web server at" 2> /dev/null | wc -l) 27 | if [[ ${N} -ge 2 ]]; then 28 | break 29 | else 30 | if [[ ${ECHO} -eq 0 ]]; then 31 | echo "Wait for the splunk server initialization to complete." 32 | ECHO=1 33 | fi 34 | fi 35 | sleep 1 36 | done 37 | sleep 5 38 | docker service scale splunk_indexer01=1 splunk_indexer02=1 -d -------------------------------------------------------------------------------- /splunk/search.yml: -------------------------------------------------------------------------------- 1 | searchead01: 2 | image: daocloud.io/buxiaomo/splunk:7.0.0 3 | hostname: searchead01 4 | environment: 5 | - SPLUNK_START_ARGS=--accept-license --answer-yes 6 | - SPLUNK_CMD_1=set servername searchead01 -auth admin:changeme 7 | - SPLUNK_CMD_2=edit cluster-config -mode searchhead -master_uri https://10.3.236.31:8089 -secret admin 8 | - SPLUNK_CMD_3=restart 9 | networks: 10 | splunk: 11 | depends_on: 12 | - splunkserver 13 | volumes: 14 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 15 | - /opt/splunk/var:/opt/splunk/var:rw 16 | - /opt/splunk/etc:/opt/splunk/etc:rw 17 | deploy: 18 | mode: replicated 19 | replicas: 0 20 | update_config: 21 | parallelism: 1 22 | delay: 10s 23 | placement: 24 | constraints: 25 | - node.hostname == splunk-searchead01 26 | logging: 27 | driver: json-file 28 | options: 29 | max-file: '3' 30 | max-size: 100m 31 | deployment: 32 | image: daocloud.io/buxiaomo/splunk:7.0.0 33 | hostname: deployment 34 | environment: 35 | - SPLUNK_START_ARGS=--accept-license --answer-yes 36 | - SPLUNK_ENABLE_DEPLOY_SERVER=true 37 | - SPLUNK_DEPLOYMENT_SERVER=10.3.236.31:8089 38 | - SPLUNK_CMD_1=set servername deployment -auth admin:changeme 39 | - SPLUNK_CMD_2=edit licenser-localslave -master_uri 'https://10.3.236.31:8089' -auth admin:changeme 40 | - SPLUNK_CMD_3=restart 41 | networks: 42 | splunk: 43 | depends_on: 44 | - splunkserver 45 | volumes: 46 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 47 | - /opt/splunk/var:/opt/splunk/var:rw 48 | - /opt/splunk/etc:/opt/splunk/etc:rw 49 | deploy: 50 | mode: replicated 51 | replicas: 0 52 | update_config: 53 | parallelism: 1 54 | delay: 10s 55 | placement: 56 | constraints: 57 | - node.hostname == splunk-department 58 | -------------------------------------------------------------------------------- /splunk/splunk.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | server: 4 | image: daocloud.io/buxiaomo/splunk:7.0.0 5 | hostname: server 6 | environment: 7 | - SPLUNK_START_ARGS=--accept-license --answer-yes 8 | - SPLUNK_ENABLE_LISTEN=9997 9 | networks: 10 | splunk: 11 | volumes: 12 | - /opt/splunk/var:/opt/splunk/var:rw 13 | - /opt/splunk/etc:/opt/splunk/etc:rw 14 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 15 | deploy: 16 | mode: replicated 17 | replicas: 1 18 | update_config: 19 | parallelism: 1 20 | delay: 10s 21 | logging: 22 | driver: json-file 23 | options: 24 | max-file: '3' 25 | max-size: 100m 26 | networks: 27 | splunk: 28 | external: 29 | name: "host" 30 | -------------------------------------------------------------------------------- /splunk/splunk_cluster.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | master: 4 | image: splunk/splunk:7.1.2 5 | environment: 6 | - SPLUNK_START_ARGS=--accept-license --answer-yes --seed-passwd changeme 7 | - SPLUNK_CMD_1=edit cluster-config -mode master -replication_factor 2 -search_factor 2 -secret admin -cluster_label swarm -auth admin:changeme 8 | - SPLUNK_CMD_2=set servername master -auth admin:changeme 9 | - SPLUNK_CMD_3=add licenses /licenses/daocloud.license 10 | - SPLUNK_CMD_4=restart 11 | networks: 12 | splunk: 13 | configs: 14 | - source: license 15 | target: /licenses/daocloud.license 16 | volumes: 17 | - /opt/splunk/var:/opt/splunk/var:rw 18 | - /opt/splunk/etc:/opt/splunk/etc:rw 19 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 20 | deploy: 21 | mode: replicated 22 | replicas: 1 23 | update_config: 24 | parallelism: 1 25 | delay: 10s 26 | placement: 27 | constraints: 28 | - node.labels.splunk == master 29 | logging: 30 | driver: json-file 31 | options: 32 | max-file: '3' 33 | max-size: 100m 34 | 35 | indexer01: 36 | image: splunk/splunk:7.1.2 37 | environment: 38 | - SPLUNK_START_ARGS=--accept-license --answer-yes --seed-passwd changeme 39 | - SPLUNK_ENABLE_LISTEN=9997 40 | - SPLUNK_DEPLOYMENT_SERVER=SPLUNK_DEPLOYMENT_SERVER_IP:8089 41 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 42 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://SPLUNK_MASTER_SERVER_IP:8089 -replication_port 9887 -secret admin -auth admin:changeme 43 | - SPLUNK_CMD_3=set servername indexer01 -auth admin:changeme 44 | - SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://SPLUNK_LICENS_SERVER_IP:8089' -auth admin:changeme 45 | - SPLUNK_CMD_5=restart 46 | networks: 47 | splunk: 48 | volumes: 49 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 50 | - /opt/splunk/var:/opt/splunk/var:rw 51 | - /opt/splunk/etc:/opt/splunk/etc:rw 52 | deploy: 53 | mode: replicated 54 | replicas: 1 55 | update_config: 56 | parallelism: 1 57 | delay: 10s 58 | placement: 59 | constraints: 60 | - node.labels.splunk == indexer01 61 | logging: 62 | driver: json-file 63 | options: 64 | max-file: '3' 65 | max-size: 100m 66 | 67 | indexer02: 68 | image: splunk/splunk:7.1.2 69 | environment: 70 | - SPLUNK_START_ARGS=--accept-license --answer-yes --seed-passwd changeme 71 | - SPLUNK_ENABLE_LISTEN=9997 72 | - SPLUNK_DEPLOYMENT_SERVER=SPLUNK_DEPLOYMENT_SERVER_IP:8089 73 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 74 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://SPLUNK_MASTER_SERVER_IP:8089 -replication_port 9887 -secret admin -auth admin:changeme 75 | - SPLUNK_CMD_3=set servername indexer02 -auth admin:changeme 76 | - SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://SPLUNK_LICENS_SERVER_IP:8089' 77 | - SPLUNK_CMD_5=restart 78 | networks: 79 | splunk: 80 | volumes: 81 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 82 | - /opt/splunk/var:/opt/splunk/var:rw 83 | - /opt/splunk/etc:/opt/splunk/etc:rw 84 | deploy: 85 | mode: replicated 86 | replicas: 1 87 | update_config: 88 | parallelism: 1 89 | delay: 10s 90 | placement: 91 | constraints: 92 | - node.labels.splunk == indexer02 93 | logging: 94 | driver: json-file 95 | options: 96 | max-file: '3' 97 | max-size: 100m 98 | configs: 99 | license: 100 | file: ./daocloud.license 101 | networks: 102 | splunk: 103 | external: 104 | name: "host" 105 | 106 | # docker stack deploy -c splunk_cluster.yml splunk 107 | 108 | # When splunk server initialization is complete run the following command to start index: 109 | # docker service scale splunk_indexer01=1 splunk_indexer02=1 -d 110 | 111 | # Run the following command to start universalforwarder after index initialization is completed 112 | # docker service scale splunk_forward-monitor-docker=1 -d 113 | -------------------------------------------------------------------------------- /splunk/splunk_cluster.yml.bak: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | searchead01: 4 | image: daocloud.io/buxiaomo/splunk:7.0.0 5 | environment: 6 | - SPLUNK_START_ARGS=--accept-license --answer-yes 7 | - SPLUNK_ENABLE_LISTEN=9997 8 | - SPLUNK_DEPLOYMENT_SERVER=10.211.55.35:8089 9 | - SPLUNK_CMD_1=set servername searchead01 -auth admin:changeme 10 | - SPLUNK_CMD_2=restart 11 | networks: 12 | splunk: 13 | volumes: 14 | - /opt/splunk/var:/opt/splunk/var:rw 15 | - /opt/splunk/etc:/opt/splunk/etc:rw 16 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 17 | deploy: 18 | mode: replicated 19 | replicas: 0 20 | update_config: 21 | parallelism: 1 22 | delay: 10s 23 | placement: 24 | constraints: 25 | - node.labels.splunk == searchead01 26 | logging: 27 | driver: json-file 28 | options: 29 | max-file: '3' 30 | max-size: 100m 31 | 32 | master: 33 | image: daocloud.io/buxiaomo/splunk:7.0.0 34 | environment: 35 | - SPLUNK_START_ARGS=--accept-license --answer-yes 36 | - SPLUNK_ENABLE_LISTEN=9997 37 | - SPLUNK_CMD_1=edit cluster-config -mode master -replication_factor 2 -search_factor 2 -secret admin -cluster_label swarm -auth admin:changeme 38 | - SPLUNK_CMD_2=set servername master -auth admin:changeme 39 | - SPLUNK_CMD_3=add licenses /licenses/oem-tail-5-22.lic 40 | - SPLUNK_CMD_4=restart 41 | networks: 42 | splunk: 43 | volumes: 44 | - /opt/splunk/var:/opt/splunk/var:rw 45 | - /opt/splunk/etc:/opt/splunk/etc:rw 46 | - /opt/splunk/licenses:/licenses:rw 47 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 48 | deploy: 49 | mode: replicated 50 | replicas: 1 51 | update_config: 52 | parallelism: 1 53 | delay: 10s 54 | placement: 55 | constraints: 56 | - node.labels.splunk == master 57 | logging: 58 | driver: json-file 59 | options: 60 | max-file: '3' 61 | max-size: 100m 62 | 63 | indexer01: 64 | image: daocloud.io/buxiaomo/splunk:7.0.0 65 | environment: 66 | - SPLUNK_START_ARGS=--accept-license --answer-yes 67 | - SPLUNK_ENABLE_LISTEN=9997 68 | - SPLUNK_DEPLOYMENT_SERVER=10.211.55.35:8089 69 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 70 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://10.211.55.33:8089 -replication_port 9887 -secret admin -auth admin:changeme 71 | - SPLUNK_CMD_3=set servername indexer01 -auth admin:changeme 72 | - SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://10.211.55.33:8089' -auth admin:changeme 73 | - SPLUNK_CMD_5=restart 74 | networks: 75 | splunk: 76 | volumes: 77 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 78 | - /opt/splunk/var:/opt/splunk/var:rw 79 | - /opt/splunk/etc:/opt/splunk/etc:rw 80 | deploy: 81 | mode: replicated 82 | replicas: 0 83 | update_config: 84 | parallelism: 1 85 | delay: 10s 86 | placement: 87 | constraints: 88 | - node.labels.splunk == indexer01 89 | logging: 90 | driver: json-file 91 | options: 92 | max-file: '3' 93 | max-size: 100m 94 | 95 | indexer02: 96 | image: daocloud.io/buxiaomo/splunk:7.0.0 97 | environment: 98 | - SPLUNK_START_ARGS=--accept-license --answer-yes 99 | - SPLUNK_ENABLE_LISTEN=9997 100 | - SPLUNK_DEPLOYMENT_SERVER=10.211.55.35:8089 101 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 102 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://10.211.55.33:8089 -replication_port 9887 -secret admin -auth admin:changeme 103 | - SPLUNK_CMD_3=set servername indexer02 -auth admin:changeme 104 | - SPLUNK_CMD_4=edit licenser-localslave -master_uri 'https://10.211.55.33:8089' 105 | - SPLUNK_CMD_5=restart 106 | networks: 107 | splunk: 108 | volumes: 109 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 110 | - /opt/splunk/var:/opt/splunk/var:rw 111 | - /opt/splunk/etc:/opt/splunk/etc:rw 112 | deploy: 113 | mode: replicated 114 | replicas: 0 115 | update_config: 116 | parallelism: 1 117 | delay: 10s 118 | placement: 119 | constraints: 120 | - node.labels.splunk == indexer02 121 | logging: 122 | driver: json-file 123 | options: 124 | max-file: '3' 125 | max-size: 100m 126 | 127 | deployment: 128 | image: daocloud.io/buxiaomo/splunk:7.0.0 129 | environment: 130 | - SPLUNK_START_ARGS=--accept-license --answer-yes 131 | - SPLUNK_CMD_1=set servername deployment -auth admin:changeme 132 | - SPLUNK_CMD_2=restart 133 | networks: 134 | splunk: 135 | volumes: 136 | - /opt/splunk/var:/opt/splunk/var:rw 137 | - /opt/splunk/etc:/opt/splunk/etc:rw 138 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 139 | deploy: 140 | mode: replicated 141 | replicas: 0 142 | update_config: 143 | parallelism: 1 144 | delay: 10s 145 | placement: 146 | constraints: 147 | - node.labels.splunk == deployment 148 | logging: 149 | driver: json-file 150 | options: 151 | max-file: '3' 152 | max-size: 100m 153 | 154 | networks: 155 | splunk: 156 | external: 157 | name: "host" 158 | 159 | # docker stack deploy -c splunk_cluster.yml splunk 160 | 161 | # When splunk server initialization is complete run the following command to start index: 162 | # docker service scale splunk_indexer01=1 splunk_indexer02=1 -d 163 | 164 | # Run the following command to start universalforwarder after index initialization is completed 165 | # docker service scale splunk_forward-monitor-docker=1 -d 166 | -------------------------------------------------------------------------------- /splunk/splunk_cluster_overlay.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | master: 4 | image: daocloud.io/buxiaomo/splunk:7.0.2 5 | ports: 6 | - 8000:8000/tcp 7 | environment: 8 | - SPLUNK_START_ARGS=--accept-license --answer-yes 9 | - SPLUNK_CMD_1=edit cluster-config -mode master -replication_factor 2 -search_factor 2 -secret admin -cluster_label swarm -auth admin:changeme 10 | - SPLUNK_CMD_2=set servername master -auth admin:changeme 11 | - SPLUNK_CMD_3=restart 12 | networks: 13 | splunk: 14 | aliases: 15 | - master 16 | # volumes: 17 | # - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 18 | deploy: 19 | mode: replicated 20 | replicas: 1 21 | update_config: 22 | parallelism: 1 23 | delay: 10s 24 | logging: 25 | driver: json-file 26 | options: 27 | max-file: '3' 28 | max-size: 100m 29 | 30 | indexer01: 31 | image: daocloud.io/buxiaomo/splunk:7.0.2 32 | environment: 33 | - SPLUNK_START_ARGS=--accept-license --answer-yes 34 | - SPLUNK_ENABLE_LISTEN=9997 35 | - SPLUNK_DEPLOYMENT_SERVER=master:8089 36 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 37 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://master:8089 -replication_port 9887 -secret admin -auth admin:changeme 38 | - SPLUNK_CMD_3=set servername indexer01 -auth admin:changeme 39 | - SPLUNK_CMD_4=restart 40 | networks: 41 | splunk: 42 | aliases: 43 | - indexer01 44 | # volumes: 45 | # - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 46 | deploy: 47 | mode: replicated 48 | replicas: 1 49 | update_config: 50 | parallelism: 1 51 | delay: 10s 52 | logging: 53 | driver: json-file 54 | options: 55 | max-file: '3' 56 | max-size: 100m 57 | 58 | indexer02: 59 | image: daocloud.io/buxiaomo/splunk:7.0.2 60 | environment: 61 | - SPLUNK_START_ARGS=--accept-license --answer-yes 62 | - SPLUNK_ENABLE_LISTEN=9997 63 | - SPLUNK_DEPLOYMENT_SERVER=master:8089 64 | - SPLUNK_CMD_1=enable webserver -auth admin:changeme 65 | - SPLUNK_CMD_2=edit cluster-config -mode slave -master_uri https://master:8089 -replication_port 9887 -secret admin -auth admin:changeme 66 | - SPLUNK_CMD_3=set servername indexer02 -auth admin:changeme 67 | - SPLUNK_CMD_4=restart 68 | networks: 69 | splunk: 70 | aliases: 71 | - indexer02 72 | # volumes: 73 | # - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 74 | deploy: 75 | mode: replicated 76 | replicas: 1 77 | update_config: 78 | parallelism: 1 79 | delay: 10s 80 | logging: 81 | driver: json-file 82 | options: 83 | max-file: '3' 84 | max-size: 100m 85 | 86 | networks: 87 | splunk: 88 | external: true -------------------------------------------------------------------------------- /splunk/splunk_monitor_docker.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | docker: 4 | image: outcoldsolutions/collectorfordocker:2.1.59.171210 5 | networks: 6 | splunk: 7 | aliases: 8 | - monitor_docker 9 | volumes: 10 | - /sys/fs/cgroup:/rootfs/sys/fs/cgroup:ro 11 | - /proc:/rootfs/proc:ro 12 | - /var/log:/rootfs/var/log:ro 13 | - /var/lib/docker/containers/:/var/lib/docker/containers/:ro 14 | - /var/run/docker.sock:/var/run/docker.sock:ro 15 | - collector_data:/data/ 16 | environment: 17 | - COLLECTOR__SPLUNK_URL=output.splunk__url=http://demo.splunk.org.cn:8080/services/collector/event/1.0 18 | - COLLECTOR__SPLUNK_TOKEN=output.splunk__token=8e55544d-1d35-492e-8060-abece5f66514 19 | - COLLECTOR__SPLUNK_INSECURE=output.splunk__insecure=true 20 | deploy: 21 | mode: global 22 | restart_policy: 23 | condition: any 24 | resources: 25 | limits: 26 | cpus: '0.1' 27 | memory: 100M 28 | reservations: 29 | cpus: '0.05' 30 | memory: 20M 31 | logging: 32 | driver: json-file 33 | options: 34 | max-file: '3' 35 | max-size: 100m 36 | networks: 37 | splunk: 38 | external: true 39 | volumes: 40 | collector_data: 41 | -------------------------------------------------------------------------------- /splunk/splunk_universalforwarder.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | uf: 4 | image: daocloud.io/buxiaomo/universalforwarder:7.0.0 5 | networks: 6 | splunk: 7 | aliases: 8 | - universalforwarder 9 | volumes: 10 | - /opt/universalforwarder/etc:/opt/splunk/etc 11 | - /opt/universalforwarder/var:/opt/splunk/var 12 | - /var/run/docker.sock:/var/run/docker.sock:ro 13 | environment: 14 | - SPLUNK_START_ARGS=--accept-license --answer-yes 15 | - SPLUNK_DEPLOYMENT_SERVER=splunkserver:8089 16 | - SPLUNK_FORWARD_SERVER_1=indexer01:9997 17 | - SPLUNK_FORWARD_SERVER_2=indexer02:9997 18 | deploy: 19 | mode: replicated 20 | replicas: 1 21 | update_config: 22 | parallelism: 1 23 | delay: 10s 24 | restart_policy: 25 | condition: any 26 | resources: 27 | limits: 28 | cpus: '0.1' 29 | memory: 100M 30 | reservations: 31 | cpus: '0.05' 32 | memory: 20M 33 | placement: 34 | constraints: 35 | - node.hostname == Docker-Swarm-M01 36 | logging: 37 | driver: json-file 38 | options: 39 | max-file: '3' 40 | max-size: 100m 41 | networks: 42 | splunk: 43 | external: true 44 | -------------------------------------------------------------------------------- /splunk/uninstall-universalforwarder.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST_LIST=( 3 | 'root@10.3.236.30' 4 | 'root@10.3.236.31' 5 | 'root@10.3.236.32' 6 | 'root@10.3.236.33' 7 | 'root@10.3.236.34' 8 | 'root@10.3.236.35' 9 | 'root@10.3.236.38' 10 | 'root@10.3.236.39' 11 | 'root@10.3.236.40' 12 | 'root@10.3.236.50' 13 | 'root@10.3.236.51' 14 | 'root@10.3.236.52' 15 | 'root@10.3.236.41' 16 | ) 17 | 18 | case $1 in 19 | install ) 20 | for HOST in ${HOST_LIST[*]}; 21 | do 22 | ssh ${HOST} 'rm -rf /opt/universalforwarder' 23 | ssh ${HOST} 'mkdir -p /opt/universalforwarder/etc /opt/universalforwarder/var' 24 | done 25 | docker stack deploy -c universalforwarder.yml splunk 26 | ;; 27 | rm ) 28 | docker service rm splunk_uf 29 | ;; 30 | uninstall ) 31 | docker service rm splunk_uf 32 | sleep 5 33 | for HOST in ${HOST_LIST[*]}; 34 | do 35 | ssh ${HOST} 'rm -rf /opt/universalforwarder' 36 | ssh ${HOST} 'mkdir -p /opt/universalforwarder/etc /opt/universalforwarder/var' 37 | done 38 | docker stack deploy -c universalforwarder.yml splunk 39 | ;; 40 | * ) 41 | echo "$0 install|uninstall|rm" 42 | ;; 43 | esac 44 | -------------------------------------------------------------------------------- /tidb.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | pd1: 4 | image: daocloud.io/buxiaomo/tidb:latest 5 | hostname: pd1 6 | networks: 7 | tidb: 8 | aliases: 9 | - pd1 10 | volumes: 11 | - /etc/localtime:/etc/localtime:ro 12 | environment: 13 | - TYPE=PD 14 | - INITIAL_CLUSTER=pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380 15 | # command: ping www.baidu.com 16 | # command: pd-server --name="pd1" --data-dir="/data" --client-urls="http://0.0.0.0:2379" --advertise-client-urls="http://pd1:2379" --peer-urls="http://0.0.0.0:2380" --advertise-peer-urls="http://pd1:2380" --initial-cluster="pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380" 17 | pd2: 18 | image: daocloud.io/buxiaomo/tidb:latest 19 | hostname: pd2 20 | networks: 21 | tidb: 22 | aliases: 23 | - pd2 24 | environment: 25 | - TYPE=PD 26 | - INITIAL_CLUSTER=pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380 27 | volumes: 28 | - /etc/localtime:/etc/localtime:ro 29 | # command: ping www.baidu.com 30 | # command: pd-server --name="pd2" --data-dir="/data" --client-urls="http://0.0.0.0:2379" --advertise-client-urls="http://pd2:2379" --peer-urls="http://0.0.0.0:2380" --advertise-peer-urls="http://pd2:2380" --initial-cluster="pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380" 31 | pd3: 32 | image: daocloud.io/buxiaomo/tidb:latest 33 | hostname: pd3 34 | networks: 35 | tidb: 36 | aliases: 37 | - pd3 38 | environment: 39 | - TYPE=PD 40 | - INITIAL_CLUSTER=pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380 41 | volumes: 42 | - /etc/localtime:/etc/localtime:ro 43 | # command: ping www.baidu.com 44 | # command: pd-server --name="pd3" --data-dir="/data" --client-urls="http://0.0.0.0:2379" --advertise-client-urls="http://pd3:2379" --peer-urls="http://0.0.0.0:2380" --advertise-peer-urls="http://pd3:2380" --initial-cluster="pd1=http://pd1:2380,pd2=http://pd2:2380,pd3=http://pd3:2380" 45 | tikv1: 46 | image: daocloud.io/buxiaomo/tidb:latest 47 | hostname: tikv1 48 | networks: 49 | tidb: 50 | aliases: 51 | - tikv1 52 | environment: 53 | - TYPE=TIKV 54 | - PD=pd1:2379,pd2:2379,pd3:2379 55 | volumes: 56 | - /etc/localtime:/etc/localtime:ro 57 | # command: ping www.baidu.com 58 | # command: tikv-server --addr="0.0.0.0:20160" --advertise-addr="tikv1:20160" --data-dir="/data" --pd="pd1:2379,pd2:2379,pd3:2379" 59 | tikv2: 60 | image: daocloud.io/buxiaomo/tidb:latest 61 | hostname: tikv2 62 | networks: 63 | tidb: 64 | aliases: 65 | - tikv2 66 | environment: 67 | - TYPE=TIKV 68 | - PD=pd1:2379,pd2:2379,pd3:2379 69 | volumes: 70 | - /etc/localtime:/etc/localtime:ro 71 | # command: ping www.baidu.com 72 | # command: tikv-server --addr="0.0.0.0:20160" --advertise-addr="tikv2:20160" --data-dir="/data" --pd="pd1:2379,pd2:2379,pd3:2379" 73 | tikv3: 74 | image: daocloud.io/buxiaomo/tidb:latest 75 | hostname: tikv3 76 | networks: 77 | tidb: 78 | aliases: 79 | - tikv3 80 | environment: 81 | - TYPE=TIKV 82 | - PD=pd1:2379,pd2:2379,pd3:2379 83 | volumes: 84 | - /etc/localtime:/etc/localtime:ro 85 | # command: ping www.baidu.com 86 | # command: tikv-server --addr="0.0.0.0:20160" --advertise-addr="tikv3:20160" --data-dir="/data" --pd="pd1:2379,pd2:2379,pd3:2379" 87 | tidb1: 88 | image: daocloud.io/buxiaomo/tidb:latest 89 | hostname: tidb1 90 | networks: 91 | tidb: 92 | aliases: 93 | - tidb1 94 | environment: 95 | - TYPE=TIDB 96 | - PD=pd1:2379,pd2:2379,pd3:2379 97 | volumes: 98 | - /etc/localtime:/etc/localtime:ro 99 | # command: ping www.baidu.com 100 | # command: tidb-server --store=tikv --path="pd1:2379,pd2:2379,pd3:2379" -lease 1 -P 3306 101 | tidb2: 102 | image: daocloud.io/buxiaomo/tidb:latest 103 | hostname: tidb2 104 | networks: 105 | tidb: 106 | aliases: 107 | - tidb2 108 | environment: 109 | - TYPE=TIDB 110 | - PD=pd1:2379,pd2:2379,pd3:2379 111 | volumes: 112 | - /etc/localtime:/etc/localtime:ro 113 | # command: ping www.baidu.com 114 | # command: tidb-server --store=tikv --path="pd1:2379,pd2:2379,pd3:2379" -lease 1 -P 3306 115 | tidb3: 116 | image: daocloud.io/buxiaomo/tidb:latest 117 | hostname: tidb3 118 | networks: 119 | tidb: 120 | aliases: 121 | - tidb3 122 | environment: 123 | - TYPE=TIDB 124 | - PD=pd1:2379,pd2:2379,pd3:2379 125 | volumes: 126 | - /etc/localtime:/etc/localtime:ro 127 | # command: ping www.baidu.com 128 | # command: tidb-server --store=tikv --path="pd1:2379,pd2:2379,pd3:2379" -lease 1 -P 3306 129 | nginx: 130 | image: daocloud.io/buxiaomo/tidb-nginx:latest 131 | hostname: nginx 132 | networks: 133 | tidb: 134 | aliases: 135 | - nginx 136 | environment: 137 | - PD_CLUSTER=tidb1:4000,tidb2:4000,tidb3:4000 138 | ports: 139 | - 3306:3306/tcp 140 | volumes: 141 | - /etc/localtime:/etc/localtime:ro 142 | networks: 143 | tidb: 144 | external: true 145 | -------------------------------------------------------------------------------- /virtualhost/README.md: -------------------------------------------------------------------------------- 1 | # 添加主机角色 2 | 3 | ``` 4 | docker node update --label-add virtualhost.mysql=true Docker01 5 | docker node update --label-add virtualhost.ftp=true Docker01 6 | ``` 7 | 8 | # 部署服务 9 | 10 | ``` 11 | docker stack deploy -c docker-compose.yml virtualhost 12 | ``` 13 | 14 | # 创建数据库 15 | 16 | ``` 17 | use ftp; 18 | CREATE TABLE ftp_group ( 19 | groupname varchar(16) NOT NULL default '', 20 | gid smallint(6) NOT NULL default '82', 21 | members varchar(16) NOT NULL default '', 22 | KEY groupname (groupname) 23 | ) ENGINE=MyISAM COMMENT='ProFTP group table'; 24 | CREATE TABLE ftp_user ( 25 | id int(10) unsigned NOT NULL auto_increment, 26 | userid varchar(32) NOT NULL default '', 27 | passwd varchar(32) NOT NULL default '', 28 | uid smallint(6) NOT NULL default '82', 29 | gid smallint(6) NOT NULL default '82', 30 | homedir varchar(255) NOT NULL default '', 31 | shell varchar(16) NOT NULL default '/sbin/nologin', 32 | count int(11) NOT NULL default '0', 33 | accessed datetime NOT NULL DEFAULT '2018-03-02 13:45:45', 34 | modified datetime NOT NULL DEFAULT '2018-03-02 13:45:45', 35 | PRIMARY KEY (id), 36 | UNIQUE KEY userid (userid) 37 | ) ENGINE=MyISAM COMMENT='ProFTP user table'; 38 | CREATE INDEX groups_gid_idx ON ftp_group (gid); 39 | ``` 40 | 41 | # 创建FTP管理员 42 | ``` 43 | INSERT INTO `ftp_group` (`groupname`, `gid`, `members`) VALUES ('www-data', 82, 'ftpuser') 44 | INSERT INTO `ftp_user` (`userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`) VALUES ('ftpuser', ENCRYPT('ftppassword'), 82, 82, '/var/www', '/sbin/nologin', 0, '2018-03-02 13:45:45', '2018-03-02 13:45:45') 45 | ``` 46 | 47 | # 设置FTP目录权限 48 | 49 | ``` 50 | chown -R 82:82 /var/www 51 | chmod 755 /var/www 52 | ``` 53 | 54 | # 创建虚拟站点 55 | 56 | ## 部署Nginx+PHP环境 57 | 58 | 进入本项目的 `lnmp` 目录部署环境 59 | ``` 60 | docker node update --label-add lnmp=true Docker01 61 | docker network create -d overlay lnmp72 62 | docker stack deploy -c lnmp.yml lnmp72 63 | ``` 64 | 65 | ## 创建虚拟站点FTP账户 66 | 67 | ``` 68 | INSERT INTO `ftp_user` (`userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`) VALUES ('xiaomo', ENCRYPT('xiaomo'), 82, 82, '/var/www/xiaomo', '/sbin/nologin', 0, '2018-03-02 13:45:45', '2018-03-02 13:45:45') 69 | ``` 70 | 71 | ## 创建虚拟站点目录 72 | 进入本项目的www目录创建虚拟站点根目录 73 | 74 | ``` 75 | mkdir xiaomo 76 | chown -R 82:82 /var/www 77 | chmod 755 /var/www 78 | ``` 79 | 80 | ## 功能测试 81 | 82 | * FTP功能测试,登陆、上传、下载、创建目录等操作 83 | * 虚拟站点访问测试 `http://10.211.55.61:10000/xiaomo/index.php` -------------------------------------------------------------------------------- /virtualhost/mysql/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/virtualhost/mysql/data/.gitignore -------------------------------------------------------------------------------- /virtualhost/mysql/ftp.sql: -------------------------------------------------------------------------------- 1 | /* 2 | Navicat MySQL Data Transfer 3 | 4 | Source Server : 106.38.205.214 5 | Source Server Version : 50720 6 | Source Host : 106.38.205.214:3306 7 | Source Database : ftp 8 | 9 | Date: 2018-07-11 12:38:22 10 | */ 11 | 12 | SET FOREIGN_KEY_CHECKS=0; 13 | 14 | -- ---------------------------- 15 | -- Table structure for ftp_group 16 | -- ---------------------------- 17 | CREATE TABLE IF NOT EXISTS `ftp_group` ( 18 | `groupname` varchar(16) NOT NULL DEFAULT '', 19 | `gid` smallint(6) NOT NULL DEFAULT '82', 20 | `members` varchar(16) NOT NULL DEFAULT '', 21 | KEY `groupname` (`groupname`), 22 | KEY `groups_gid_idx` (`gid`) 23 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='ProFTP group table'; 24 | 25 | -- ---------------------------- 26 | -- Table structure for ftp_user 27 | -- ---------------------------- 28 | CREATE TABLE IF NOT EXISTS `ftp_user` ( 29 | `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 30 | `userid` varchar(32) NOT NULL DEFAULT '', 31 | `passwd` varchar(32) NOT NULL DEFAULT '', 32 | `uid` smallint(6) NOT NULL DEFAULT '82', 33 | `gid` smallint(6) NOT NULL DEFAULT '82', 34 | `homedir` varchar(255) NOT NULL DEFAULT '', 35 | `shell` varchar(16) NOT NULL DEFAULT '/sbin/nologin', 36 | `count` int(11) NOT NULL DEFAULT '0', 37 | `accessed` datetime NOT NULL DEFAULT '2018-03-02 13:45:45', 38 | `modified` datetime NOT NULL DEFAULT '2018-03-02 13:45:45', 39 | PRIMARY KEY (`id`), 40 | UNIQUE KEY `userid` (`userid`) 41 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='ProFTP user table'; -------------------------------------------------------------------------------- /virtualhost/mysql/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | 6 | [mysqld] 7 | #bind-address = 127.0.0.1 8 | symbolic-links=0 9 | port = 3306 10 | socket = /var/run/mysqld/mysqld.sock 11 | pid-file = /var/run/mysqld/mysqld.pid 12 | datadir = /var/lib/mysql 13 | skip-external-locking 14 | key_buffer_size = 32M 15 | max_allowed_packet = 1M 16 | table_open_cache = 128 17 | sort_buffer_size = 768K 18 | net_buffer_length = 8K 19 | read_buffer_size = 768K 20 | read_rnd_buffer_size = 512K 21 | myisam_sort_buffer_size = 8M 22 | thread_cache_size = 16 23 | query_cache_size = 16M 24 | tmp_table_size = 32M 25 | performance_schema_max_table_instances = 500 26 | 27 | explicit_defaults_for_timestamp = true 28 | #skip-networking 29 | max_connections = 500 30 | max_connect_errors = 100 31 | open_files_limit = 65535 32 | 33 | log-bin=mysql-bin 34 | binlog_format=mixed 35 | server-id = 1 36 | expire_logs_days = 10 37 | early-plugin-load = "" 38 | 39 | #loose-innodb-trx=0 40 | #loose-innodb-locks=0 41 | #loose-innodb-lock-waits=0 42 | #loose-innodb-cmp=0 43 | #loose-innodb-cmp-per-index=0 44 | #loose-innodb-cmp-per-index-reset=0 45 | #loose-innodb-cmp-reset=0 46 | #loose-innodb-cmpmem=0 47 | #loose-innodb-cmpmem-reset=0 48 | #loose-innodb-buffer-page=0 49 | #loose-innodb-buffer-page-lru=0 50 | #loose-innodb-buffer-pool-stats=0 51 | #loose-innodb-metrics=0 52 | #loose-innodb-ft-default-stopword=0 53 | #loose-innodb-ft-inserted=0 54 | #loose-innodb-ft-deleted=0 55 | #loose-innodb-ft-being-deleted=0 56 | #loose-innodb-ft-config=0 57 | #loose-innodb-ft-index-cache=0 58 | #loose-innodb-ft-index-table=0 59 | #loose-innodb-sys-tables=0 60 | #loose-innodb-sys-tablestats=0 61 | #loose-innodb-sys-indexes=0 62 | #loose-innodb-sys-columns=0 63 | #loose-innodb-sys-fields=0 64 | #loose-innodb-sys-foreign=0 65 | #loose-innodb-sys-foreign-cols=0 66 | 67 | default_storage_engine = InnoDB 68 | innodb_file_per_table = 1 69 | innodb_data_home_dir = /var/lib/mysql 70 | innodb_data_file_path = ibdata1:10M:autoextend 71 | innodb_log_group_home_dir = /var/lib/mysql 72 | innodb_buffer_pool_size = 128M 73 | innodb_log_file_size = 32M 74 | innodb_log_buffer_size = 8M 75 | innodb_flush_log_at_trx_commit = 1 76 | innodb_lock_wait_timeout = 50 77 | 78 | [mysqldump] 79 | quick 80 | max_allowed_packet = 16M 81 | 82 | [mysql] 83 | no-auto-rehash 84 | 85 | [myisamchk] 86 | key_buffer_size = 32M 87 | sort_buffer_size = 768K 88 | read_buffer = 2M 89 | write_buffer = 2M 90 | 91 | [mysqlhotcopy] 92 | interactive-timeout -------------------------------------------------------------------------------- /virtualhost/nginx/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name _; 4 | index index.html index.htm index.php default.html default.htm default.php; 5 | location / { 6 | deny all; 7 | } 8 | } -------------------------------------------------------------------------------- /virtualhost/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 51200; 10 | multi_accept on; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '{"remote_addr":"$remote_addr",' 18 | '"http_x_forwarded_for":"$http_x_forwarded_for",' 19 | '"remote_user":"$remote_user",' 20 | '"time_local":"$time_local",' 21 | '"request":"$request",' 22 | '"status":"$status",' 23 | '"request_time":"$request_time",' 24 | '"body_bytes_sent":"$body_bytes_sent",' 25 | '"http_referer":"$http_referer",' 26 | '"http_user_agent":"$http_user_agent"}'; 27 | 28 | server_names_hash_bucket_size 128; 29 | client_header_buffer_size 32k; 30 | large_client_header_buffers 4 32k; 31 | client_max_body_size 50m; 32 | 33 | sendfile on; 34 | tcp_nopush on; 35 | 36 | keepalive_timeout 60; 37 | 38 | tcp_nodelay on; 39 | 40 | fastcgi_connect_timeout 300; 41 | fastcgi_send_timeout 300; 42 | fastcgi_read_timeout 300; 43 | fastcgi_buffer_size 64k; 44 | fastcgi_buffers 4 64k; 45 | fastcgi_busy_buffers_size 128k; 46 | fastcgi_temp_file_write_size 256k; 47 | 48 | gzip on; 49 | gzip_min_length 1k; 50 | gzip_buffers 4 16k; 51 | gzip_http_version 1.1; 52 | gzip_comp_level 2; 53 | gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; 54 | gzip_vary on; 55 | gzip_proxied expired no-cache no-store private auth; 56 | gzip_disable "MSIE [1-6]\."; 57 | 58 | server_tokens off; 59 | 60 | include /etc/nginx/conf.d/*.conf; 61 | } 62 | -------------------------------------------------------------------------------- /virtualhost/php/ext/uploads.ini: -------------------------------------------------------------------------------- 1 | file_uploads = On 2 | memory_limit = 64M 3 | upload_max_filesize = 64M 4 | post_max_size = 64M 5 | max_execution_time = 600 6 | -------------------------------------------------------------------------------- /virtualhost/php/php.ini: -------------------------------------------------------------------------------- 1 | [Date] 2 | date.timezone = Asia/Shanghai 3 | -------------------------------------------------------------------------------- /virtualhost/www/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/virtualhost/www/.gitignore -------------------------------------------------------------------------------- /wordpress/README.md: -------------------------------------------------------------------------------- 1 | # 单机模式 2 | 3 | ​ 网站卷将由宿主机挂载到容器内部 4 | 5 | ```shell 6 | docker-compose -f docker-compose.yml -p webname up -d 7 | ``` 8 | # 单机模式迁移 9 | 10 | ​ 打包 `docker-compose.yml` 所在目录,scp到新主机执行上面的命令即可 11 | 12 | 13 | # 集群模式 14 | 15 | ​ 由后端NFS提供共享存储,存放配置文件以及网站文件,Redis与MySQL将单独运行在各自的节点,这两个节点上不会运行其他服务,所以compose文件中写的是NFS路径挂载目录,要求所有container会运行的节点都必须挂载NFS目录。集群模式将会有一台前端Nginx左右入口所以,后端暴露的端口为3000,有前端Nginx做反代理访问 16 | 17 | ```shell 18 | mkdir -p ./www ./mysql/data 19 | docker network create -d overlay wordpress 20 | docker stack deploy -c stack.yml wordpress 21 | ``` -------------------------------------------------------------------------------- /wordpress/healthcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | 4 | cat > /tmp/mysql.cnf << EOF 5 | [client] 6 | user = root 7 | password = ${MYSQL_ROOT_PASSWORD} 8 | port = 3306 9 | socket = /var/run/mysqld/mysqld.sock 10 | EOF 11 | 12 | if [ -z $MYSQL_REPLICATION_USER ];then 13 | mysqladmin --defaults-file=/tmp/mysql.cnf ping 14 | else 15 | mysql --defaults-file=/tmp/mysql.cnf -e "SHOW SLAVE STATUS\G" | grep -qs "Slave_IO_Running: Yes" 16 | mysql --defaults-file=/tmp/mysql.cnf -e "SHOW SLAVE STATUS\G" | grep -qs "Slave_SQL_Running: Yes" 17 | mysqladmin --defaults-file=/tmp/mysql.cnf ping 18 | fi -------------------------------------------------------------------------------- /wordpress/mysql/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | 6 | [mysqld] 7 | #bind-address = 127.0.0.1 8 | symbolic-links=0 9 | port = 3306 10 | socket = /var/run/mysqld/mysqld.sock 11 | pid-file = /var/run/mysqld/mysqld.pid 12 | datadir = /var/lib/mysql 13 | skip-external-locking 14 | key_buffer_size = 32M 15 | max_allowed_packet = 1M 16 | table_open_cache = 128 17 | sort_buffer_size = 768K 18 | net_buffer_length = 8K 19 | read_buffer_size = 768K 20 | read_rnd_buffer_size = 512K 21 | myisam_sort_buffer_size = 8M 22 | thread_cache_size = 16 23 | query_cache_size = 16M 24 | tmp_table_size = 32M 25 | performance_schema_max_table_instances = 500 26 | 27 | explicit_defaults_for_timestamp = true 28 | #skip-networking 29 | max_connections = 500 30 | max_connect_errors = 100 31 | open_files_limit = 65535 32 | 33 | log-bin=mysql-bin 34 | binlog_format=mixed 35 | server-id = 1 36 | expire_logs_days = 10 37 | early-plugin-load = "" 38 | 39 | #loose-innodb-trx=0 40 | #loose-innodb-locks=0 41 | #loose-innodb-lock-waits=0 42 | #loose-innodb-cmp=0 43 | #loose-innodb-cmp-per-index=0 44 | #loose-innodb-cmp-per-index-reset=0 45 | #loose-innodb-cmp-reset=0 46 | #loose-innodb-cmpmem=0 47 | #loose-innodb-cmpmem-reset=0 48 | #loose-innodb-buffer-page=0 49 | #loose-innodb-buffer-page-lru=0 50 | #loose-innodb-buffer-pool-stats=0 51 | #loose-innodb-metrics=0 52 | #loose-innodb-ft-default-stopword=0 53 | #loose-innodb-ft-inserted=0 54 | #loose-innodb-ft-deleted=0 55 | #loose-innodb-ft-being-deleted=0 56 | #loose-innodb-ft-config=0 57 | #loose-innodb-ft-index-cache=0 58 | #loose-innodb-ft-index-table=0 59 | #loose-innodb-sys-tables=0 60 | #loose-innodb-sys-tablestats=0 61 | #loose-innodb-sys-indexes=0 62 | #loose-innodb-sys-columns=0 63 | #loose-innodb-sys-fields=0 64 | #loose-innodb-sys-foreign=0 65 | #loose-innodb-sys-foreign-cols=0 66 | 67 | default_storage_engine = InnoDB 68 | innodb_file_per_table = 1 69 | innodb_data_home_dir = /var/lib/mysql 70 | innodb_data_file_path = ibdata1:10M:autoextend 71 | innodb_log_group_home_dir = /var/lib/mysql 72 | innodb_buffer_pool_size = 128M 73 | innodb_log_file_size = 32M 74 | innodb_log_buffer_size = 8M 75 | innodb_flush_log_at_trx_commit = 1 76 | innodb_lock_wait_timeout = 50 77 | 78 | [mysqldump] 79 | quick 80 | max_allowed_packet = 16M 81 | 82 | [mysql] 83 | no-auto-rehash 84 | 85 | [myisamchk] 86 | key_buffer_size = 32M 87 | sort_buffer_size = 768K 88 | read_buffer = 2M 89 | write_buffer = 2M 90 | 91 | [mysqlhotcopy] 92 | interactive-timeout -------------------------------------------------------------------------------- /wordpress/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 51200; 10 | multi_accept on; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '{"remote_addr":"$remote_addr",' 18 | '"http_x_forwarded_for":"$http_x_forwarded_for",' 19 | '"remote_user":"$remote_user",' 20 | '"time_local":"$time_local",' 21 | '"request":"$request",' 22 | '"status":"$status",' 23 | '"request_time":"$request_time",' 24 | '"body_bytes_sent":"$body_bytes_sent",' 25 | '"http_referer":"$http_referer",' 26 | '"http_user_agent":"$http_user_agent"}'; 27 | 28 | server_names_hash_bucket_size 128; 29 | client_header_buffer_size 32k; 30 | large_client_header_buffers 4 32k; 31 | client_max_body_size 50m; 32 | 33 | sendfile on; 34 | tcp_nopush on; 35 | 36 | keepalive_timeout 60; 37 | 38 | tcp_nodelay on; 39 | 40 | fastcgi_connect_timeout 300; 41 | fastcgi_send_timeout 300; 42 | fastcgi_read_timeout 300; 43 | fastcgi_buffer_size 64k; 44 | fastcgi_buffers 4 64k; 45 | fastcgi_busy_buffers_size 128k; 46 | fastcgi_temp_file_write_size 256k; 47 | 48 | gzip on; 49 | gzip_min_length 1k; 50 | gzip_buffers 4 16k; 51 | gzip_http_version 1.1; 52 | gzip_comp_level 2; 53 | gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; 54 | gzip_vary on; 55 | gzip_proxied expired no-cache no-store private auth; 56 | gzip_disable "MSIE [1-6]\."; 57 | 58 | server_tokens off; 59 | 60 | server{ 61 | listen 80; 62 | server_name _; 63 | index index.html index.htm index.php default.html default.htm default.php; 64 | root /var/www/html; 65 | 66 | location / { 67 | try_files $uri $uri/ /index.php?$args; 68 | } 69 | 70 | # Add trailing slash to */wp-admin requests. 71 | rewrite /wp-admin$ $scheme://$host$uri/ permanent; 72 | 73 | # Deny access to PHP files in specific directory 74 | #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } 75 | 76 | location ~ [^/]\.php(/|$) { 77 | try_files $uri =404; 78 | fastcgi_pass wordpress:9000; 79 | fastcgi_index index.php; 80 | include fastcgi.conf; 81 | } 82 | 83 | location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { 84 | expires 30d; 85 | } 86 | 87 | location ~ .*\.(js|css)?$ { 88 | expires 12h; 89 | } 90 | 91 | location ~ /.well-known { 92 | allow all; 93 | } 94 | 95 | location ~ /\. { 96 | deny all; 97 | } 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /wordpress/php/ext/uploads.ini: -------------------------------------------------------------------------------- 1 | file_uploads = On 2 | memory_limit = 64M 3 | upload_max_filesize = 64M 4 | post_max_size = 64M 5 | max_execution_time = 600 6 | -------------------------------------------------------------------------------- /wordpress/php/php.ini: -------------------------------------------------------------------------------- 1 | [Date] 2 | date.timezone = Asia/Shanghai 3 | 4 | session.save_handler = Redis 5 | session.save_path = “tcp://redis-haproxy:6379” -------------------------------------------------------------------------------- /wordpress/redis/redis-haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log 127.0.0.1 local2 3 | 4 | pidfile /var/run/haproxy.pid 5 | maxconn 20480 6 | 7 | defaults REDIS 8 | mode tcp 9 | timeout connect 4s 10 | timeout server 5m 11 | timeout client 5m 12 | 13 | frontend ft_redis 14 | bind 0.0.0.0:6379 name redis 15 | default_backend bk_redis 16 | 17 | backend bk_redis 18 | option tcp-check 19 | tcp-check connect 20 | tcp-check send PING\r\n 21 | tcp-check expect string +PONG 22 | tcp-check send info\ replication\r\n 23 | tcp-check expect string role:master 24 | tcp-check send QUIT\r\n 25 | tcp-check expect string +OK 26 | server redis0 redis-master check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 27 | server redis1 redis-slave check port 6379 inter 5s fastinter 2s downinter 5s rise 3 fall 3 28 | -------------------------------------------------------------------------------- /wordpress/redis/redis-sentinel/sentinel.conf: -------------------------------------------------------------------------------- 1 | ## redis-0 2 | ##sentinel实例之间的通讯端口 3 | port 26379 4 | # master1 5 | sentinel monitor master1 redis-master 6379 1 6 | sentinel down-after-milliseconds master1 5000 7 | sentinel failover-timeout master1 900000 8 | # sentinel can-failover master1 yes 9 | sentinel parallel-syncs master1 2 10 | -------------------------------------------------------------------------------- /wordpress/wordpress.3.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | nginx: 4 | image: nginx:1.13.6-alpine 5 | hostname: nginx 6 | ports: 7 | - 10000:80/tcp 8 | networks: 9 | wordpress: 10 | aliases: 11 | - nginx 12 | volumes: 13 | - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro 14 | - ./www:/var/www/html:rw 15 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 16 | deploy: 17 | mode: replicated 18 | replicas: 1 19 | resources: 20 | limits: 21 | cpus: '0.50' 22 | memory: 100M 23 | reservations: 24 | cpus: '0.25' 25 | memory: 50M 26 | update_config: 27 | parallelism: 1 28 | delay: 10s 29 | placement: 30 | constraints: 31 | - node.labels.wp == true 32 | logging: 33 | driver: json-file 34 | options: 35 | max-file: '3' 36 | max-size: 100m 37 | wordpress: 38 | image: wordpress:4.9.1-php7.1-fpm-alpine 39 | hostname: php 40 | networks: 41 | wordpress: 42 | aliases: 43 | - wordpress 44 | environment: 45 | - WORDPRESS_DB_HOST=mysql 46 | - WORDPRESS_DB_USER=root 47 | - WORDPRESS_DB_PASSWORD=root 48 | - WORDPRESS_DB_NAME=xbclub 49 | - WORDPRESS_TABLE_PREFIX=wp_ 50 | volumes: 51 | - ./www:/var/www/html:rw 52 | - ./php/ext/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro 53 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 54 | deploy: 55 | mode: replicated 56 | replicas: 1 57 | resources: 58 | limits: 59 | cpus: '0.50' 60 | memory: 100M 61 | reservations: 62 | cpus: '0.25' 63 | memory: 50M 64 | update_config: 65 | parallelism: 1 66 | delay: 10s 67 | placement: 68 | constraints: 69 | - node.labels.wp == true 70 | logging: 71 | driver: json-file 72 | options: 73 | max-file: '3' 74 | max-size: 100m 75 | mysql: 76 | image: mysql:5.7.20 77 | hostname: mysql 78 | networks: 79 | wordpress: 80 | aliases: 81 | - mysql 82 | environment: 83 | - MYSQL_ROOT_PASSWORD=root 84 | volumes: 85 | - ./mysql/data:/var/lib/mysql 86 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 87 | deploy: 88 | mode: replicated 89 | replicas: 1 90 | resources: 91 | limits: 92 | cpus: '0.50' 93 | memory: 100M 94 | reservations: 95 | cpus: '0.25' 96 | memory: 50M 97 | update_config: 98 | parallelism: 1 99 | delay: 10s 100 | placement: 101 | constraints: 102 | - node.labels.wp == true 103 | logging: 104 | driver: json-file 105 | options: 106 | max-file: '3' 107 | max-size: 100m 108 | redis: 109 | image: redis:4.0.6 110 | hostname: redis 111 | networks: 112 | wordpress: 113 | aliases: 114 | - redis 115 | volumes: 116 | - ./redis:/data:rw 117 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 118 | deploy: 119 | mode: replicated 120 | replicas: 1 121 | resources: 122 | limits: 123 | cpus: '0.50' 124 | memory: 100M 125 | reservations: 126 | cpus: '0.25' 127 | memory: 50M 128 | update_config: 129 | parallelism: 1 130 | delay: 10s 131 | placement: 132 | constraints: 133 | - node.labels.wp == true 134 | logging: 135 | driver: json-file 136 | options: 137 | max-file: '3' 138 | max-size: 100m 139 | networks: 140 | wordpress: 141 | external: true 142 | -------------------------------------------------------------------------------- /wordpress/wordpress.yaml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | nginx: 4 | image: nginx:1.13.6-alpine 5 | hostname: nginx 6 | ports: 7 | - 80:80/tcp 8 | networks: 9 | wordpress: 10 | aliases: 11 | - nginx 12 | volumes: 13 | - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro 14 | - ./www:/var/www/html:rw 15 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 16 | logging: 17 | driver: json-file 18 | options: 19 | max-file: '3' 20 | max-size: 100m 21 | wordpress: 22 | image: wordpress:4.9.1-php7.1-fpm-alpine 23 | hostname: php 24 | networks: 25 | wordpress: 26 | aliases: 27 | - wordpress 28 | environment: 29 | - WORDPRESS_DB_HOST=mysql 30 | - WORDPRESS_DB_USER=root 31 | - WORDPRESS_DB_PASSWORD=root 32 | - WORDPRESS_DB_NAME=xbclub 33 | - WORDPRESS_TABLE_PREFIX=wp_ 34 | volumes: 35 | - ./www:/var/www/html:rw 36 | - ./php/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro 37 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 38 | logging: 39 | driver: json-file 40 | options: 41 | max-file: '3' 42 | max-size: 100m 43 | mysql: 44 | image: mysql:5.7.20 45 | hostname: mysql 46 | networks: 47 | wordpress: 48 | aliases: 49 | - mysql 50 | environment: 51 | - MYSQL_ROOT_PASSWORD=root 52 | volumes: 53 | - ./mysql:/var/lib/mysql 54 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 55 | logging: 56 | driver: json-file 57 | options: 58 | max-file: '3' 59 | max-size: 100m 60 | redis: 61 | image: redis:4.0.6 62 | hostname: redis 63 | networks: 64 | wordpress: 65 | aliases: 66 | - redis 67 | volumes: 68 | - ./redis:/data:rw 69 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 70 | logging: 71 | driver: json-file 72 | options: 73 | max-file: '3' 74 | max-size: 100m 75 | networks: 76 | wordpress: 77 | external: true 78 | -------------------------------------------------------------------------------- /zabbix/README.md: -------------------------------------------------------------------------------- 1 | # 添加zabbix组 2 | 3 | ``` 4 | docker node update --label-add zabbix=true Docker-Work03 5 | docker node update --label-add zabbix=true Docker-Work04 6 | ``` 7 | 8 | # 部署应用 9 | 10 | ``` 11 | docker stack deploy -c zabbix.yml zabbix 12 | ``` 13 | 14 | # 部署Agent 15 | ``` 16 | wget https://repo.zabbix.com/zabbix/3.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.0-1+xenial_all.deb 17 | dpkg -i zabbix-release_3.0-1+xenial_all.deb 18 | apt update 19 | apt-get install zabbix-agent -y 20 | 21 | # Server设置为本机IP地址 22 | sed -i "s/^Server=.*/Server=10.0.3.13,10.0.3.14/g" /etc/zabbix/zabbix_agentd.conf 23 | # ServerActive设置为zabbix service会运行的主机IP 24 | sed -i "s/^ServerActive=.*/ServerActive=10.0.3.13,10.0.3.14/g" /etc/zabbix/zabbix_agentd.conf 25 | sed -i "s/^Hostname=.*/Hostname=Docker04/g" /etc/zabbix/zabbix_agentd.conf 26 | sed -i "s/^#.UnsafeUserParameters=.*/UnsafeUserParameters=1/g" /etc/zabbix/zabbix_agentd.conf 27 | systemctl start zabbix-agent.service 28 | systemctl enable zabbix-agent.service 29 | systemctl restart zabbix-agent.service 30 | ``` -------------------------------------------------------------------------------- /zabbix/alertscripts/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/alertscripts/.gitignore -------------------------------------------------------------------------------- /zabbix/enc/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/enc/.gitignore -------------------------------------------------------------------------------- /zabbix/externalscripts/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/externalscripts/.gitignore -------------------------------------------------------------------------------- /zabbix/mibs/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/mibs/.gitignore -------------------------------------------------------------------------------- /zabbix/modules/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/modules/.gitignore -------------------------------------------------------------------------------- /zabbix/mysql/data/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/mysql/data/.gitignore -------------------------------------------------------------------------------- /zabbix/mysql/mysqld.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | #password = your_password 3 | port = 3306 4 | socket = /var/run/mysqld/mysqld.sock 5 | default-character-set = utf8 6 | 7 | [client] 8 | default-character-set=utf8 9 | 10 | [mysql] 11 | default-character-set=utf8 12 | 13 | [mysqld] 14 | #bind-address = 127.0.0.1 15 | collation-server = utf8_unicode_ci 16 | init-connect='SET NAMES utf8' 17 | character-set-server = utf8 18 | symbolic-links=0 19 | port = 3306 20 | socket = /var/run/mysqld/mysqld.sock 21 | pid-file = /var/run/mysqld/mysqld.pid 22 | datadir = /var/lib/mysql 23 | skip-external-locking 24 | key_buffer_size = 32M 25 | max_allowed_packet = 1M 26 | table_open_cache = 128 27 | sort_buffer_size = 768K 28 | net_buffer_length = 8K 29 | read_buffer_size = 768K 30 | read_rnd_buffer_size = 512K 31 | myisam_sort_buffer_size = 8M 32 | thread_cache_size = 16 33 | query_cache_size = 16M 34 | tmp_table_size = 32M 35 | performance_schema_max_table_instances = 500 36 | 37 | explicit_defaults_for_timestamp = true 38 | #skip-networking 39 | max_connections = 500 40 | max_connect_errors = 100 41 | open_files_limit = 65535 42 | 43 | log-bin=mysql-bin 44 | binlog_format=mixed 45 | server-id = 1 46 | expire_logs_days = 10 47 | early-plugin-load = "" 48 | 49 | #loose-innodb-trx=0 50 | #loose-innodb-locks=0 51 | #loose-innodb-lock-waits=0 52 | #loose-innodb-cmp=0 53 | #loose-innodb-cmp-per-index=0 54 | #loose-innodb-cmp-per-index-reset=0 55 | #loose-innodb-cmp-reset=0 56 | #loose-innodb-cmpmem=0 57 | #loose-innodb-cmpmem-reset=0 58 | #loose-innodb-buffer-page=0 59 | #loose-innodb-buffer-page-lru=0 60 | #loose-innodb-buffer-pool-stats=0 61 | #loose-innodb-metrics=0 62 | #loose-innodb-ft-default-stopword=0 63 | #loose-innodb-ft-inserted=0 64 | #loose-innodb-ft-deleted=0 65 | #loose-innodb-ft-being-deleted=0 66 | #loose-innodb-ft-config=0 67 | #loose-innodb-ft-index-cache=0 68 | #loose-innodb-ft-index-table=0 69 | #loose-innodb-sys-tables=0 70 | #loose-innodb-sys-tablestats=0 71 | #loose-innodb-sys-indexes=0 72 | #loose-innodb-sys-columns=0 73 | #loose-innodb-sys-fields=0 74 | #loose-innodb-sys-foreign=0 75 | #loose-innodb-sys-foreign-cols=0 76 | 77 | default_storage_engine = InnoDB 78 | innodb_file_per_table = 1 79 | innodb_data_home_dir = /var/lib/mysql 80 | innodb_data_file_path = ibdata1:10M:autoextend 81 | innodb_log_group_home_dir = /var/lib/mysql 82 | innodb_buffer_pool_size = 128M 83 | innodb_log_file_size = 32M 84 | innodb_log_buffer_size = 8M 85 | innodb_flush_log_at_trx_commit = 1 86 | innodb_lock_wait_timeout = 50 87 | 88 | [mysqldump] 89 | quick 90 | max_allowed_packet = 16M 91 | 92 | [mysql] 93 | no-auto-rehash 94 | 95 | [myisamchk] 96 | key_buffer_size = 32M 97 | sort_buffer_size = 768K 98 | read_buffer = 2M 99 | write_buffer = 2M 100 | 101 | [mysqlhotcopy] 102 | interactive-timeout -------------------------------------------------------------------------------- /zabbix/ssh_keys/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/buxiaomo/docker-compose/fcd31f9013d42489ce00a5d8269dec727502e016/zabbix/ssh_keys/.gitignore -------------------------------------------------------------------------------- /zabbix/zabbix.yml: -------------------------------------------------------------------------------- 1 | version: '3.4' 2 | services: 3 | server: 4 | image: zabbix/zabbix-server-mysql:ubuntu-3.4.4 5 | hostname: server 6 | stop_grace_period: 30s 7 | user: root 8 | networks: 9 | zabbix: 10 | aliases: 11 | - server 12 | environment: 13 | - DB_SERVER_HOST=mysql 14 | - DB_SERVER_PORT=3306 15 | - MYSQL_USER=zabbix 16 | - MYSQL_PASSWORD=zabbix 17 | - MYSQL_DATABASE=zabbix 18 | - ZBX_DEBUGLEVEL=3 19 | ports: 20 | - "10051:10051" 21 | volumes: 22 | - /etc/localtime:/etc/localtime:ro 23 | - /etc/timezone:/etc/timezone:ro 24 | - ./alertscripts:/usr/lib/zabbix/alertscripts:ro 25 | - ./externalscripts:/usr/lib/zabbix/externalscripts:ro 26 | - ./modules:/var/lib/zabbix/modules:ro 27 | - ./enc:/var/lib/zabbix/enc:ro 28 | - ./ssh_keys:/var/lib/zabbix/ssh_keys:ro 29 | - ./mibs:/var/lib/zabbix/mibs:ro 30 | deploy: 31 | mode: replicated 32 | replicas: 1 33 | resources: 34 | limits: 35 | cpus: '0.70' 36 | memory: 1G 37 | reservations: 38 | cpus: '0.5' 39 | memory: 512M 40 | placement: 41 | constraints: 42 | - node.labels.zabbix == true 43 | sysctls: 44 | - net.ipv4.ip_local_port_range=1024 65000 45 | - net.ipv4.conf.all.accept_redirects=0 46 | - net.ipv4.conf.all.secure_redirects=0 47 | - net.ipv4.conf.all.send_redirects=0 48 | ulimits: 49 | nproc: 65535 50 | nofile: 51 | soft: 20000 52 | hard: 40000 53 | logging: 54 | driver: json-file 55 | options: 56 | max-file: '3' 57 | max-size: 100m 58 | 59 | web: 60 | image: zabbix/zabbix-web-nginx-mysql:ubuntu-3.4.4 61 | hostname: web 62 | networks: 63 | zabbix: 64 | aliases: 65 | - web 66 | environment: 67 | - ZBX_SERVER_HOST=server 68 | - ZBX_SERVER_PORT=10051 69 | - DB_SERVER_HOST=mysql 70 | - DB_SERVER_PORT=3306 71 | - MYSQL_USER=zabbix 72 | - MYSQL_PASSWORD=zabbix 73 | - MYSQL_DATABASE=zabbix 74 | - PHP_TZ=Asia/Shanghai 75 | - ZBX_SERVER_NAME=zabbix server 76 | - ZBX_MAXEXECUTIONTIME=300 77 | - ZBX_MEMORYLIMIT=128M 78 | - ZBX_POSTMAXSIZE=16M 79 | - ZBX_UPLOADMAXFILESIZE=2M 80 | - ZBX_MAXINPUTTIME=300 81 | ports: 82 | - 3007:80/tcp 83 | - 3008:443/tcp 84 | volumes: 85 | - /etc/localtime:/etc/localtime:ro 86 | - /etc/timezone:/etc/timezone:ro 87 | - ./alertscripts:/usr/lib/zabbix/alertscripts:rw 88 | - ./externalscripts:/usr/lib/zabbix/externalscripts:rw 89 | - ./modules:/var/lib/zabbix/modules:rw 90 | - ./enc:/var/lib/zabbix/enc:rw 91 | - ./ssh_keys:/var/lib/zabbix/ssh_keys:rw 92 | - ./mibs:/var/lib/zabbix/mibs:rw 93 | deploy: 94 | mode: replicated 95 | replicas: 1 96 | placement: 97 | constraints: 98 | - node.labels.zabbix == true 99 | logging: 100 | driver: json-file 101 | options: 102 | max-file: '3' 103 | max-size: 100m 104 | 105 | mysql: 106 | image: mysql:5.7.20 107 | hostname: mysql 108 | networks: 109 | zabbix: 110 | aliases: 111 | - mysql 112 | configs: 113 | - source: mysql 114 | target: /etc/mysql/mysql.conf.d/mysqld.cnf 115 | environment: 116 | - MYSQL_ROOT_PASSWORD=root 117 | - MYSQL_USER=zabbix 118 | - MYSQL_PASSWORD=zabbix 119 | - MYSQL_DATABASE=zabbix 120 | volumes: 121 | - ./mysql/data:/var/lib/mysql:rw 122 | - /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro 123 | deploy: 124 | mode: replicated 125 | replicas: 1 126 | placement: 127 | constraints: 128 | - node.labels.zabbix == true 129 | logging: 130 | driver: json-file 131 | options: 132 | max-file: '3' 133 | max-size: 100m 134 | 135 | configs: 136 | mysql: 137 | file: ./mysql/mysqld.cnf 138 | 139 | networks: 140 | zabbix: 141 | external: true --------------------------------------------------------------------------------