├── .github └── workflows │ └── docker-publish.yml ├── .gitignore ├── LICENSE ├── README.md ├── caddy-git ├── Caddyfile └── Dockerfile ├── caddy ├── Caddyfile └── Dockerfile ├── docker-compose.yml ├── env-example ├── nodejs-dev └── Dockerfile ├── nodejs └── Dockerfile ├── openresty ├── Dockerfile ├── nginx.conf └── sites │ ├── site-auto-ssl.conf │ ├── site-with-ssl.conf │ └── site1.conf ├── pgadmin └── Dockerfile ├── postgres-postgis └── Dockerfile ├── postgresql ├── Dockerfile └── docker-entrypoint-initdb.d │ └── createdb.sh.example ├── rabbitmq └── Dockerfile └── workspace ├── Dockerfile └── docker-entrypoint.sh /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | # This workflow uses actions that are not certified by GitHub. 4 | # They are provided by a third-party and are governed by 5 | # separate terms of service, privacy policy, and support 6 | # documentation. 7 | 8 | on: 9 | schedule: 10 | - cron: '17 23 * * *' 11 | push: 12 | branches: [ "master" ] 13 | # Publish semver tags as releases. 14 | tags: [ 'v*.*.*' ] 15 | pull_request: 16 | branches: [ "master" ] 17 | 18 | env: 19 | # Use docker.io for Docker Hub if empty 20 | REGISTRY: ghcr.io 21 | # github.repository as / 22 | IMAGE_NAME: ${{ github.repository }}-node 23 | 24 | 25 | jobs: 26 | build: 27 | 28 | runs-on: ubuntu-latest 29 | permissions: 30 | contents: read 31 | packages: write 32 | # This is used to complete the identity challenge 33 | # with sigstore/fulcio when running outside of PRs. 34 | id-token: write 35 | 36 | steps: 37 | - name: Checkout repository 38 | uses: actions/checkout@v3 39 | 40 | # Install the cosign tool except on PR 41 | # https://github.com/sigstore/cosign-installer 42 | - name: Install cosign 43 | if: github.event_name != 'pull_request' 44 | uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 45 | with: 46 | cosign-release: 'v1.13.1' 47 | 48 | 49 | # Workaround: https://github.com/docker/build-push-action/issues/461 50 | - name: Setup Docker buildx 51 | uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf 52 | 53 | # Login against a Docker registry except on PR 54 | # https://github.com/docker/login-action 55 | - name: Log into registry ${{ env.REGISTRY }} 56 | if: github.event_name != 'pull_request' 57 | uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c 58 | with: 59 | registry: ${{ env.REGISTRY }} 60 | username: ${{ github.actor }} 61 | password: ${{ secrets.GITHUB_TOKEN }} 62 | 63 | # Extract metadata (tags, labels) for Docker 64 | # https://github.com/docker/metadata-action 65 | - name: Extract Docker metadata 66 | id: meta 67 | uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 68 | with: 69 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 70 | 71 | # Build and push Docker image with Buildx (don't push on PR) 72 | # https://github.com/docker/build-push-action 73 | - name: Build and push Docker image 74 | id: build-and-push 75 | uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a 76 | with: 77 | context: "nodejs" 78 | push: ${{ github.event_name != 'pull_request' }} 79 | tags: ${{ steps.meta.outputs.tags }} 80 | labels: ${{ steps.meta.outputs.labels }} 81 | cache-from: type=gha 82 | cache-to: type=gha,mode=max 83 | 84 | 85 | # Sign the resulting Docker image digest except on PRs. 86 | # This will only write to the public Rekor transparency log when the Docker 87 | # repository is public to avoid leaking data. If you would like to publish 88 | # transparency data even for private images, pass --force to cosign below. 89 | # https://github.com/sigstore/cosign 90 | - name: Sign the published Docker image 91 | if: ${{ github.event_name != 'pull_request' }} 92 | env: 93 | COSIGN_EXPERIMENTAL: "true" 94 | # This step uses the identity token to provision an ephemeral certificate 95 | # against the sigstore community Fulcio instance. 96 | run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} 97 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .env -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## 使用 2 | 1. cp env-example .env 3 | 2. 修改 .env 配置 4 | 3. docker-compose up caddy postgres nodejs 5 | 6 | 7 | ## Local runtime/binary 8 | 9 | 本机无需安装 yarn 而使用 yarn 的方法: 10 | 11 | 修改 `~/.bashrc` 或者 `~/.zshrc` ,在结尾添加: 12 | 13 | 然后 `source ~/.bashrc` 14 | 15 | alipine 版,同线上 16 | 17 | ``` 18 | yarn () { 19 | tty= 20 | tty -s && tty=--tty 21 | docker run \ 22 | $tty \ 23 | --interactive \ 24 | --rm \ 25 | --user $(id -u):$(id -g) \ 26 | --volume /etc/passwd:/etc/passwd:ro \ 27 | --volume /etc/group:/etc/group:ro \ 28 | --volume $(pwd):/usr/src/app \ 29 | -w /usr/src/app \ 30 | node:alpine-lts yarn ”$@“ 31 | } 32 | ``` 33 | 34 | debian 版,同本地 35 | 36 | ``` 37 | yarn () { 38 | tty= 39 | tty -s && tty=--tty 40 | docker run \ 41 | $tty \ 42 | --interactive \ 43 | --rm \ 44 | --user $(id -u):$(id -g) \ 45 | --volume /etc/passwd:/etc/passwd:ro \ 46 | --volume /etc/group:/etc/group:ro \ 47 | --volume $(pwd):/usr/src/app \ 48 | -w /usr/src/app \ 49 | node:lts yarn ”$@“ 50 | } 51 | ``` 52 | -------------------------------------------------------------------------------- /caddy-git/Caddyfile: -------------------------------------------------------------------------------- 1 | 0.0.0.0:2015 { 2 | root /var/www/site1/ 3 | git { 4 | repo https://gitee.com/caddy-china/docs 5 | ## 私有项目需要添加key 6 | # key /root/.ssh/id_rsa 7 | path /home/caddy-docs 8 | ## password 改成你的密码 9 | hook /webhook password 10 | ## 使webhook支持码云 11 | hook_type generic 12 | ## 更新完之后如果需要执行命令,比如 npm run build,如果需要多个命令,多行then 即可 13 | # then npm run build 14 | } 15 | ## 如果需要自动申请 https 证书 请开启 tls 。 16 | #tls xx@163.com 17 | gzip 18 | } -------------------------------------------------------------------------------- /caddy-git/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM abiosoft/caddy 2 | 3 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && \ 4 | apk --no-cache add git openssh-client 5 | 6 | WORKDIR /var/www 7 | 8 | EXPOSE 80 443 2015 9 | 10 | ENTRYPOINT ["/bin/parent", "caddy"] 11 | CMD ["--conf", "/etc/Caddyfile", "--log", "stdout", "--agree=$ACME_AGREE"] -------------------------------------------------------------------------------- /caddy/Caddyfile: -------------------------------------------------------------------------------- 1 | 0.0.0.0 { 2 | 3 | } -------------------------------------------------------------------------------- /caddy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM abiosoft/caddy 2 | 3 | WORKDIR /var/www 4 | 5 | EXPOSE 80 443 2015 6 | 7 | ENTRYPOINT ["/bin/parent", "caddy"] 8 | #CMD ["--conf", "/etc/Caddyfile", "-quic","--log", "stdout", "--agree=true"] 9 | 10 | CMD ["--conf", "/etc/Caddyfile","--log", "stdout", "--agree=true"] 11 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | networks: 4 | frontend: 5 | driver: ${NETWORKS_DRIVER} 6 | backend: 7 | driver: ${NETWORKS_DRIVER} 8 | 9 | volumes: 10 | postgres: 11 | driver: ${VOLUMES_DRIVER} 12 | 13 | services: 14 | redis: 15 | image: redis:alpine 16 | deploy: 17 | restart_policy: 18 | condition: on-failure 19 | # ports: 20 | # - "${VFAIR_REDIS_PORT}:6379" 21 | networks: 22 | - backend 23 | 24 | ### Postgres ############################################## 25 | postgres: 26 | build: 27 | context: ./postgresql 28 | args: 29 | - PG_VERSION=10 30 | deploy: 31 | restart_policy: 32 | condition: on-failure 33 | volumes: 34 | - ${DATA_PATH_HOST}/postgres:/var/lib/postgresql/data 35 | #- ${POSTGRES_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d 36 | ports: 37 | - "${DB_POSTGRES_PORT}:5432" 38 | environment: 39 | - POSTGRES_DB=${DB_POSTGRES_DATABASE} 40 | - POSTGRES_USER=${DB_POSTGRES_USERNAME} 41 | - POSTGRES_PASSWORD=${DB_POSTGRES_PASSWORD} 42 | networks: 43 | - backend 44 | 45 | 46 | ### RabbitMQ ############################################# 47 | rabbitmq: 48 | build: 49 | context: ./rabbitmq 50 | ports: 51 | - "${RABBITMQ_NODE_HOST_PORT}:5672" 52 | - "${RABBITMQ_MANAGEMENT_HTTP_HOST_PORT}:15672" 53 | - "${RABBITMQ_MANAGEMENT_HTTPS_HOST_PORT}:15671" 54 | privileged: true 55 | environment: 56 | - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER} 57 | - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} 58 | networks: 59 | - backend 60 | 61 | 62 | ### pgAdmin ############################################## 63 | pgadmin: 64 | build: ./pgadmin 65 | ports: 66 | - "5050:5050" 67 | volumes: 68 | - ${DATA_PATH_HOST}/pgadmin-backup:/pgadmin 69 | depends_on: 70 | - postgres 71 | environment: 72 | - PGADMIN_SETUP_EMAIL=${PGADMIN_DEFAULT_USER} 73 | - PGADMIN_SETUP_PASSWORD=${PGADMIN_DEFAULT_PASSWORD} 74 | networks: 75 | - frontend 76 | - backend 77 | 78 | ### Caddy ############################################## 79 | caddy: 80 | build: 81 | context: ./caddy 82 | deploy: 83 | restart_policy: 84 | condition: on-failure 85 | volumes: 86 | - ${CADDY_FILE}:/etc/Caddyfile 87 | - ${APP_CODE_PATH_HOST}/ssl:/var/www/ssl 88 | ports: 89 | - "${HOST_HTTP_PORT}:80" 90 | - "${HOST_HTTPS_PORT}:443" 91 | - "${HOST_DEMO_PORT}:2015" 92 | - "${HOST_HTTP_PORT}:80/udp" 93 | - "${HOST_HTTPS_PORT}:443/udp" 94 | - "${HOST_DEMO_PORT}:2015/udp" 95 | networks: 96 | - frontend 97 | 98 | # openresty: 99 | # build: 100 | # context: ./openresty 101 | # volumes: 102 | # # - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER} 103 | # - ${NGINX_HOST_LOG_PATH}:/var/log/nginx 104 | # - ${NGINX_SITES_PATH}:/etc/nginx/conf.d/ 105 | # ports: 106 | # - "${NGINX_HOST_HTTP_PORT}:80" 107 | # - "${NGINX_HOST_HTTPS_PORT}:443" 108 | # networks: 109 | # - frontend 110 | 111 | ### nodejs ############################################## 112 | node1: 113 | build: 114 | context: ./nodejs 115 | args: 116 | - NODE_VERSION=${NODE_VERSION} 117 | deploy: 118 | restart_policy: 119 | condition: on-failure 120 | volumes: 121 | - ${APP_CODE_PATH_HOST}/site1:/var/www 122 | - ${APP_CODE_PATH_HOST}/ssl:/var/www/ssl 123 | networks: 124 | - frontend 125 | - backend 126 | environment: 127 | - DB_TYPE=${DB_POSTGRES} 128 | - DB_HOST=${DB_POSTGRES_HOST} 129 | - DB_PORT=${DB_POSTGRES_PORT} 130 | - DB_DATABASE=${DB_POSTGRES_DATABASE_SITE1} 131 | - DB_USERNAME=${DB_POSTGRES_USERNAME} 132 | - DB_PASSWORD=${DB_POSTGRES_PASSWORD} 133 | - DB_REDIS_HOST=${DB_REDIS_HOST} 134 | - DB_REDIS_PORT=${DB_REDIS_PORT} 135 | - NODE_ENV=${NODE_ENV} 136 | 137 | node2: 138 | build: 139 | context: ./nodejs 140 | args: 141 | - NODE_VERSION=${NODE_VERSION} 142 | deploy: 143 | restart_policy: 144 | condition: on-failure 145 | volumes: 146 | - ${APP_CODE_PATH_HOST}/site2:/var/www 147 | - ${APP_CODE_PATH_HOST}/ssl:/var/www/ssl 148 | networks: 149 | - frontend 150 | - backend 151 | environment: 152 | - DB_TYPE=${DB_POSTGRES} 153 | - DB_HOST=${DB_POSTGRES_HOST} 154 | - DB_PORT=${DB_POSTGRES_PORT} 155 | - DB_DATABASE=${DB_POSTGRES_DATABASE_SITE2} 156 | - DB_USERNAME=${DB_POSTGRES_USERNAME} 157 | - DB_PASSWORD=${DB_POSTGRES_PASSWORD} 158 | - DB_REDIS_HOST=${DB_REDIS_HOST} 159 | - DB_REDIS_PORT=${DB_REDIS_PORT} 160 | - NODE_ENV=${NODE_ENV} 161 | 162 | node1-dev: 163 | build: 164 | context: ./nodejs-dev 165 | args: 166 | - NODE_VERSION=${NODE_VERSION} 167 | volumes: 168 | - ${APP_CODE_PATH_HOST}/site1:/var/www 169 | - ${APP_CODE_PATH_HOST}/ssl:/var/www/ssl 170 | networks: 171 | - frontend 172 | - backend 173 | environment: 174 | - DB_TYPE=${DB_POSTGRES} 175 | - DB_HOST=${DB_POSTGRES_HOST} 176 | - DB_PORT=${DB_POSTGRES_PORT} 177 | - DB_DATABASE=${DB_POSTGRES_DATABASE_SITE2} 178 | - DB_USERNAME=${DB_POSTGRES_USERNAME} 179 | - DB_PASSWORD=${DB_POSTGRES_PASSWORD} 180 | - DB_REDIS_HOST=${DB_REDIS_HOST} 181 | - DB_REDIS_PORT=${DB_REDIS_PORT} 182 | - NODE_ENV=${NODE_ENV} 183 | 184 | # node-cluster: 185 | # build: 186 | # context: ./nodejs 187 | # args: 188 | # - NODE_VERSION=${NODE_VERSION} 189 | # deploy: 190 | # replicas: 3 191 | # resources: 192 | # limits: 193 | # cpus: "0.2" 194 | # memory: 200M 195 | # restart_policy: 196 | # condition: on-failure 197 | # volumes: 198 | # - ${APP_CODE_PATH_HOST}/site1:/var/www 199 | # - ${APP_CODE_PATH_HOST}/ssl:/var/www/ssl 200 | # networks: 201 | # - frontend 202 | # - backend 203 | # environment: 204 | # - DB_TYPE=${DB_POSTGRES} 205 | # - DB_HOST=${DB_POSTGRES_HOST} 206 | # - DB_DATABASE=${DB_POSTGRES_DATABASE_SITE1} 207 | # - DB_USERNAME=${DB_POSTGRES_USERNAME} 208 | # - DB_PASSWORD=${DB_POSTGRES_PASSWORD} 209 | # - DB_REDIS_HOST=${DB_REDIS_HOST} 210 | # - DB_REDIS_PORT=${DB_REDIS_PORT} 211 | # - NODE_ENV=${NODE_ENV} 212 | 213 | 214 | 215 | ### workspace ############################################## 216 | workspace: 217 | build: 218 | context: ./workspace 219 | args: 220 | - NODE_VERSION=${NODE_VERSION} 221 | deploy: 222 | restart_policy: 223 | condition: on-failure 224 | volumes: 225 | - ${APP_CODE_PATH_HOST}/:/var/www 226 | networks: 227 | - frontend 228 | - backend 229 | ports: 230 | - "${WORKSPACE_SSH_PORT}:22" 231 | tty: true 232 | environment: 233 | - DB_POSTGRES_HOST=${DB_POSTGRES_HOST} 234 | 235 | 236 | -------------------------------------------------------------------------------- /env-example: -------------------------------------------------------------------------------- 1 | APP_CODE_PATH_HOST=~/wwwroot 2 | DATA_PATH_HOST=~/.londx/data 3 | 4 | ################## CADDY_FILE####################### 5 | 6 | CADDY_FILE=./caddy/Caddyfile 7 | 8 | 9 | ################ WORKSPACE ####################### 10 | 11 | WORKSPACE_SSH_PORT=2222 12 | 13 | ################# NODEJS ################################# 14 | 15 | NODE_VERSION=12 16 | DB_POSTGRES_HOST=postgres 17 | DB_POSTGRES_PORT=5432 18 | 19 | DB_REDIS_HOST=redis 20 | DB_REDIS_PORT=6379 21 | 22 | DB_POSTGRES=postgres 23 | DB_POSTGRES_DATABASE_SITE1=default 24 | DB_POSTGRES_DATABASE_SITE2=default 25 | 26 | DB_MYSQL=mysql 27 | 28 | 29 | ############## POSTGRES ################################ 30 | 31 | DB_POSTGRES_HOST=postgres 32 | DB_POSTGRES_PORT=5432 33 | DB_POSTGRES_DATABASE=default 34 | DB_POSTGRES_USERNAME=default 35 | DB_POSTGRES_PASSWORD=secret 36 | 37 | ### RABBITMQ ############################################## 38 | 39 | RABBITMQ_NODE_HOST_PORT=5672 40 | RABBITMQ_MANAGEMENT_HTTP_HOST_PORT=15672 41 | RABBITMQ_MANAGEMENT_HTTPS_HOST_PORT=15671 42 | RABBITMQ_DEFAULT_USER=guest 43 | RABBITMQ_DEFAULT_PASS=guest 44 | 45 | ############## PGADMIN ################################ 46 | 47 | PGADMIN_DEFAULT_USER=admin 48 | PGADMIN_DEFAULT_PASSWORD=secret 49 | 50 | 51 | ############### ENV ######################## 52 | 53 | 54 | # NGINX_HOST_LOG_PATH=~/.londx/log/nginx 55 | # NGINX_SITES_PATH=./openresty/sites 56 | 57 | HOST_HTTP_PORT=80 58 | HOST_HTTPS_PORT=443 59 | HOST_DEMO_PORT=2015 60 | 61 | 62 | NETWORKS_DRIVER=bridge 63 | VOLUMES_DRIVER=local 64 | NODE_ENV=production 65 | PM2_ENV=pm2-dev 66 | -------------------------------------------------------------------------------- /nodejs-dev/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG NODE_VERSION=latest 2 | FROM node:${NODE_VERSION}-alpine 3 | 4 | ENV LANG=C.UTF-8 5 | ARG ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" 6 | ARG ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" 7 | 8 | ## 使用国内时区,日志以中文显示 9 | 10 | RUN ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 11 | ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 12 | ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 13 | apk add --no-cache --virtual=.build-dependencies tzdata wget ca-certificates && \ 14 | cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ 15 | wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \ 16 | wget \ 17 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 18 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 19 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 20 | apk add --no-cache \ 21 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 22 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 23 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 24 | \ 25 | rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 26 | /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 27 | echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 28 | \ 29 | apk del glibc-i18n && \ 30 | \ 31 | rm "/root/.wget-hsts" && \ 32 | apk del .build-dependencies && \ 33 | rm \ 34 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 35 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 36 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 37 | 38 | RUN npm install pm2@latest -g 39 | 40 | WORKDIR /var/www/ 41 | 42 | EXPOSE 3000 43 | 44 | CMD ["pm2-dev", "npm","--","start"] 45 | -------------------------------------------------------------------------------- /nodejs/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG NODE_VERSION=lts 2 | FROM node:${NODE_VERSION}-alpine 3 | 4 | ENV PM2=pm2-runtime 5 | ENV LANG=C.UTF-8 6 | # ARG ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" 7 | # ARG ALPINE_GLIBC_PACKAGE_VERSION="2.35-r0" 8 | 9 | ## 使用国内时区,日志以中文显示 10 | 11 | # RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \ 12 | # wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/"$ALPINE_GLIBC_PACKAGE_VERSION"/glibc-"$ALPINE_GLIBC_PACKAGE_VERSION".apk && \ 13 | # apk add glibc-"$ALPINE_GLIBC_PACKAGE_VERSION".apk 14 | 15 | # RUN apk add --no-cache --virtual=.build-dependencies tzdata wget ca-certificates && \ 16 | # cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 17 | 18 | # RUN /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 19 | # echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 20 | # \ 21 | # apk del glibc-i18n && \ 22 | # \ 23 | # rm "/root/.wget-hsts" && \ 24 | # apk del .build-dependencies 25 | 26 | # RUN ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 27 | # ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 28 | # ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 29 | # apk add --no-cache --virtual=.build-dependencies tzdata wget ca-certificates && \ 30 | # cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ 31 | # wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \ 32 | # wget \ 33 | # "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 34 | # "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 35 | # "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 36 | # apk add --no-cache \ 37 | # "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 38 | # "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 39 | # "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 40 | # \ 41 | # rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 42 | # /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 43 | # echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 44 | # \ 45 | # apk del glibc-i18n && \ 46 | # \ 47 | # rm "/root/.wget-hsts" && \ 48 | # apk del .build-dependencies && \ 49 | # rm \ 50 | # "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 51 | # "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 52 | # "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 53 | 54 | 55 | # RUN yarn add pm2@latest -g && pm2 install typescript 56 | 57 | WORKDIR /var/www/ 58 | 59 | EXPOSE 3000 60 | 61 | CMD [ "npm","--","start"] 62 | 63 | 64 | -------------------------------------------------------------------------------- /openresty/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openresty/openresty:alpine-fat 2 | 3 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories 4 | # China 5 | 6 | COPY nginx.conf /usr/local/openresty/nginx/conf/ 7 | # sites /etc/nginx/conf.d/ 8 | 9 | RUN apk add --no-cache \ 10 | openssl 11 | RUN luarocks install lua-resty-auto-ssl && mkdir -p /etc/resty-auto-ssl/storage/file /var/log/nginx 12 | RUN set -x \ 13 | && addgroup -g 82 -S www-data \ 14 | && adduser -u 82 -D -S -G www-data www-data 15 | 16 | RUN chown -R www-data:www-data /etc/resty-auto-ssl /var/log/nginx 17 | 18 | RUN openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \ 19 | -subj '/CN=sni-support-required-for-valid-ssl' \ 20 | -keyout /etc/ssl/resty-auto-ssl-fallback.key \ 21 | -out /etc/ssl/resty-auto-ssl-fallback.crt && \ 22 | openssl dhparam -out /etc/ssl/dhparam.pem 2048 23 | 24 | WORKDIR /var/www 25 | 26 | CMD [ "openresty","-g","daemon off;" ] 27 | 28 | EXPOSE 80 443 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /openresty/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data www-data; 2 | worker_processes auto; 3 | 4 | #error_log logs/error.log; 5 | #error_log logs/error.log notice; 6 | #error_log logs/error.log info; 7 | 8 | #pid logs/nginx.pid; 9 | 10 | 11 | events { 12 | worker_connections 1024; 13 | } 14 | 15 | http { 16 | include mime.types; 17 | default_type application/octet-stream; 18 | 19 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 20 | # '$status $body_bytes_sent "$http_referer" ' 21 | # '"$http_user_agent" "$http_x_forwarded_for"'; 22 | 23 | #access_log logs/access.log main; 24 | 25 | sendfile on; 26 | #tcp_nopush on; 27 | 28 | #keepalive_timeout 0; 29 | keepalive_timeout 65; 30 | 31 | #gzip on; 32 | 33 | # The "auto_ssl" shared dict should be defined with enough storage space to 34 | # hold your certificate data. 1MB of storage holds certificates for 35 | # approximately 100 separate domains. 36 | lua_shared_dict auto_ssl 1m; 37 | # The "auto_ssl_settings" shared dict is used to temporarily store various settings 38 | # like the secret used by the hook server on port 8999. Do not change or 39 | # omit it. 40 | lua_shared_dict auto_ssl_settings 64k; 41 | 42 | # A DNS resolver must be defined for OCSP stapling to function. 43 | # 44 | # This example uses Google's DNS server. You may want to use your system's 45 | # default DNS servers, which can be found in /etc/resolv.conf. If your network 46 | # is not IPv6 compatible, you may wish to disable IPv6 results by using the 47 | # "ipv6=off" flag (like "resolver 8.8.8.8 ipv6=off"). 48 | resolver 8.8.8.8; 49 | 50 | # Initial setup tasks. 51 | init_by_lua_block { 52 | auto_ssl = (require "resty.auto-ssl").new() 53 | 54 | -- Define a function to determine which SNI domains to automatically handle 55 | -- and register new certificates for. Defaults to not allowing any domains, 56 | -- so this must be configured. 57 | auto_ssl:set("allow_domain", function(domain) 58 | return true 59 | end) 60 | 61 | auto_ssl:init() 62 | 63 | } 64 | 65 | init_worker_by_lua_block { 66 | auto_ssl:init_worker() 67 | } 68 | #####default 80 ##### 69 | # server { 70 | # listen 80 default_server; 71 | # #listen [::]:80 default_server ipv6only=on; 72 | # server_name _; 73 | # index index.html index.htm index.php; 74 | # root /var/www/default; 75 | # } 76 | ##### ADD ###### 77 | server { 78 | listen 127.0.0.1:8999; 79 | # Increase the body buffer size, to ensure the internal POSTs can always 80 | # parse the full POST contents into memory. 81 | client_body_buffer_size 128k; 82 | client_max_body_size 128k; 83 | 84 | location / { 85 | content_by_lua_block { 86 | auto_ssl:hook_server() 87 | } 88 | } 89 | } 90 | include /etc/nginx/conf.d/*.conf; 91 | } 92 | -------------------------------------------------------------------------------- /openresty/sites/site-auto-ssl.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl http2; 3 | #listen [::]:443 ssl http2; 4 | server_name demo.ibenchu.top; 5 | root /var/www; 6 | index index.html index.htm index.php default.html default.htm; 7 | #ssl on; 8 | ssl_certificate_by_lua_block { 9 | auto_ssl:ssl_certificate() 10 | } 11 | ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt; 12 | ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key; 13 | ssl_session_timeout 5m; 14 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 15 | ssl_prefer_server_ciphers on; 16 | ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; 17 | ssl_session_cache builtin:1000 shared:SSL:10m; 18 | # openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048 19 | ssl_dhparam /etc/ssl/dhparam.pem; 20 | # add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 21 | 22 | #error_page 404 /404.html; 23 | 24 | # Deny access to PHP files in specific directory 25 | #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } 26 | # location / { 27 | # proxy_pass http://127.0.0.1:3000/; 28 | # } 29 | location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ 30 | { 31 | expires 30d; 32 | } 33 | 34 | location ~ .*\.(js|css)?$ 35 | { 36 | expires 12h; 37 | } 38 | 39 | location ~ /.well-known { 40 | allow all; 41 | } 42 | 43 | location ~ /\. 44 | { 45 | deny all; 46 | } 47 | access_log /var/log/nginx/log1.log; 48 | } 49 | 50 | 51 | server { 52 | listen 80; 53 | server_name demo.ibenchu.top; 54 | # Endpoint used for performing domain verification with Let's Encrypt. 55 | location /.well-known/acme-challenge/ { 56 | content_by_lua_block { 57 | auto_ssl:challenge_server() 58 | } 59 | } 60 | } 61 | 62 | -------------------------------------------------------------------------------- /openresty/sites/site-with-ssl.conf: -------------------------------------------------------------------------------- 1 | # server { 2 | # listen 443 ssl http2; 3 | # #listen [::]:443 ssl http2; 4 | # server_name hostname.com; 5 | # index index.html index.htm index.php default.html default.htm default.php; 6 | # ssl on; 7 | # ssl_certificate sites/ssl/hostname.com.crt; 8 | # ssl_certificate_key sites/ssl/hostname.com.key; 9 | 10 | # ssl_session_timeout 5m; 11 | # ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 12 | # ssl_prefer_server_ciphers on; 13 | # ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; 14 | # ssl_session_cache builtin:1000 shared:SSL:10m; 15 | # # openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048 16 | # ssl_dhparam /etc/nginx/ssl/dhparam.pem; 17 | # add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 18 | # #error_page 404 /404.html; 19 | 20 | # # Deny access to PHP files in specific directory 21 | # #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } 22 | # location / { 23 | # proxy_pass http://127.0.0.1:3000/; 24 | # } 25 | # location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ 26 | # { 27 | # expires 30d; 28 | # } 29 | 30 | # location ~ .*\.(js|css)?$ 31 | # { 32 | # expires 12h; 33 | # } 34 | 35 | # location ~ /.well-known { 36 | # allow all; 37 | # } 38 | 39 | # location ~ /\. 40 | # { 41 | # deny all; 42 | # } 43 | # # access_log /var/log/nginx/log2.log; 44 | # } 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /openresty/sites/site1.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ibenchu-inc/londx/489c946eb3d7c0610aaf7c711aa180ada3a973ac/openresty/sites/site1.conf -------------------------------------------------------------------------------- /pgadmin/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM chorss/docker-pgadmin4 2 | 3 | LABEL maintainer="Huadong Zuo " 4 | 5 | # user: pgadmin4@pgadmin.org 6 | # password: admin 7 | # pg_dump & postgresql all in "/usr/bin" 8 | # backup in "/var/lib/pgadmin/storage/pgadmin4" 9 | 10 | EXPOSE 5050 11 | -------------------------------------------------------------------------------- /postgres-postgis/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mdillon/postgis:10-alpine 2 | 3 | RUN apk add --no-cache --virtual=.build-dependencies tzdata ca-certificates && \ 4 | cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ 5 | apk del .build-dependencies 6 | 7 | EXPOSE 5432 8 | 9 | CMD ["postgres"] 10 | 11 | 12 | -------------------------------------------------------------------------------- /postgresql/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG PG_VERSION=latest 2 | FROM postgres:${PG_VERSION}-alpine 3 | 4 | RUN apk add --no-cache --virtual=.build-dependencies tzdata ca-certificates && \ 5 | cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ 6 | apk del .build-dependencies 7 | 8 | 9 | CMD ["postgres"] 10 | 11 | EXPOSE 5432 12 | -------------------------------------------------------------------------------- /postgresql/docker-entrypoint-initdb.d/createdb.sh.example: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copy createdb.sh.example to createdb.sh 4 | # then uncomment then set database name and username to create you need databases 5 | # 6 | # example: .env POSTGRES_USER=appuser and need db name is myshop_db 7 | # 8 | # psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL 9 | # CREATE USER myuser WITH PASSWORD 'mypassword'; 10 | # CREATE DATABASE myshop_db; 11 | # GRANT ALL PRIVILEGES ON DATABASE myshop_db TO myuser; 12 | # EOSQL 13 | # 14 | # this sh script will auto run when the postgres container starts and the $DATA_PATH_HOST/postgres not found. 15 | # 16 | 17 | set -e 18 | # psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL 19 | # CREATE USER db1 WITH PASSWORD 'db1'; 20 | # CREATE DATABASE db1; 21 | # GRANT ALL PRIVILEGES ON DATABASE db1 TO db1; 22 | # EOSQL 23 | 24 | # psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL 25 | # CREATE USER db2 WITH PASSWORD 'db2'; 26 | # CREATE DATABASE db2; 27 | # GRANT ALL PRIVILEGES ON DATABASE db2 TO db2; 28 | # EOSQL 29 | 30 | # psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL 31 | # CREATE USER db3 WITH PASSWORD 'db3'; 32 | # CREATE DATABASE db3; 33 | # GRANT ALL PRIVILEGES ON DATABASE db3 TO db3; 34 | # EOSQL -------------------------------------------------------------------------------- /rabbitmq/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rabbitmq 2 | 3 | LABEL maintainer="Mahmoud Zalt " 4 | 5 | RUN rabbitmq-plugins enable --offline rabbitmq_management 6 | 7 | EXPOSE 15671 15672 8 | -------------------------------------------------------------------------------- /workspace/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG NODE_VERSION=${NODE_VERSION} 2 | FROM node:${NODE_VERSION}-alpine 3 | 4 | ENV PM2=pm2-runtime 5 | ENV LANG=C.UTF-8 6 | ARG ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" 7 | ARG ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" 8 | 9 | ### IF you from china### 10 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories 11 | 12 | ## 使用国内时区,日志以中文显示 13 | 14 | RUN ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 15 | ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 16 | ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 17 | apk add --no-cache --virtual=.build-dependencies tzdata wget ca-certificates && \ 18 | cp -r -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ 19 | wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \ 20 | wget \ 21 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 22 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 23 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 24 | apk add --no-cache \ 25 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 26 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 27 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 28 | \ 29 | rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 30 | /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 31 | echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 32 | \ 33 | apk del glibc-i18n && \ 34 | \ 35 | rm "/root/.wget-hsts" && \ 36 | apk del .build-dependencies && \ 37 | rm \ 38 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 39 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 40 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 41 | 42 | RUN apk add --no-cache bash shadow build-base wget curl busybox openssh openssh-sftp-server 43 | 44 | ADD docker-entrypoint.sh /usr/local/bin 45 | #make sure we get fresh keys 46 | RUN rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key 47 | 48 | RUN npm set registry https://registry.npm.taobao.org && \ 49 | npm set disturl https://npm.taobao.org/dist && \ 50 | npm set sass_binary_site https://npm.taobao.org/mirrors/node-sass 51 | 52 | RUN npm install pm2@latest -g && pm2 install typescript 53 | 54 | WORKDIR /var/www/ 55 | 56 | EXPOSE 22 57 | 58 | ENTRYPOINT ["docker-entrypoint.sh"] 59 | CMD ["/usr/sbin/sshd","-D"] 60 | -------------------------------------------------------------------------------- /workspace/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then 4 | # generate fresh rsa key 5 | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa 6 | fi 7 | if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then 8 | # generate fresh dsa key 9 | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa 10 | fi 11 | 12 | #prepare run dir 13 | if [ ! -d "/var/run/sshd" ]; then 14 | mkdir -p /var/run/sshd 15 | fi 16 | 17 | exec "$@" 18 | --------------------------------------------------------------------------------