自动部署zabbix_agent(批量安装)
install-zabbix-agent.yml
---
- name: Install Zabbix Agent on All Hosts
hosts: all
become: yes
vars:
zabbix_server: "192.168.99.146"
zabbix_agent_package: "zabbix-agent"
zabbix_agent_service: "zabbix-agent"
zabbix_agent_config: "/etc/zabbix/zabbix_agentd.conf"
tasks:
- name: Display target host info
debug:
msg:
- "Host: {{ inventory_hostname }}"
- "System: {{ system_type | default('unknown') }}"
- "Installing: zabbix-agent (v1)"
- "Server: {{ zabbix_server }}"
- name: Check if zabbix-agent2 is running
shell: systemctl is-active zabbix-agent2
register: agent2_status
failed_when: false
changed_when: false
- name: Stop and disable zabbix-agent2 if running
systemd:
name: zabbix-agent2
state: stopped
enabled: no
when: agent2_status.stdout == "active"
ignore_errors: yes
- name: Remove existing zabbix-agent2 (RHEL/CentOS/Anolis)
package:
name: zabbix-agent2
state: absent
when:
- ansible_os_family in ["RedHat"] or system_type in ["anolis8", "anolis7", "centos7", "centos8"]
- agent2_status.stdout == "active"
ignore_errors: yes
- name: Remove existing zabbix-agent2 (Ubuntu)
package:
name: zabbix-agent2
state: absent
when:
- ansible_os_family == "Debian" or system_type in ["ubuntu18", "ubuntu22"]
- agent2_status.stdout == "active"
ignore_errors: yes
- name: Clean up agent2 config files
file:
path: "{{ item }}"
state: absent
loop:
- /etc/zabbix/zabbix_agent2.conf
- /etc/zabbix/zabbix_agent2.conf.backup
- /run/zabbix/zabbix_agent2.pid
ignore_errors: yes
# 使用curl直接下载,避免SSL验证问题
- name: Download Zabbix repository RPM (CentOS 7)
get_url:
url: "https://repo.zabbix.com/zabbix/6.4/rhel/7/x86_64/zabbix-agent-6.4.4-release1.el7.x86_64.rpm"
dest: "/tmp/zabbix-agent-6.4.4-release1.el7.x86_64.rpm"
validate_certs: no
mode: '0644'
timeout: 60
when: system_type == "centos7"
register: download_result
ignore_errors: yes
# 如果下载失败,尝试使用wget
- name: Download via wget if get_url failed (CentOS 7)
shell: |
cd /tmp
wget --no-check-certificate https://repo.zabbix.com/zabbix/6.4/rhel/7/x86_64/zabbix-agent-6.4.4-release1.el7.x86_64.rpm
when:
- system_type == "centos7"
- download_result.failed is defined and download_result.failed
ignore_errors: yes
# 如果wget也失败,尝试curl
- name: Download via curl if wget failed (CentOS 7)
shell: |
cd /tmp
curl -k -O https://repo.zabbix.com/zabbix/6.4/rhel/7/x86_64/zabbix-agent-6.4.4-release1.el7.x86_64.rpm
when: system_type == "centos7"
ignore_errors: yes
# 检查 RPM 包是否存在
- name: Check if RPM package exists (CentOS 7)
stat:
path: "/tmp/zabbix-agent-6.4.4-release1.el7.x86_64.rpm"
when: system_type == "centos7"
register: rpm_file_check
# 使用 shell 直接安装 Zabbix Agent RPM 包 (CentOS 7)
- name: Install Zabbix Agent from RPM (CentOS 7)
shell: |
rpm -ivh /tmp/zabbix-agent-6.4.4-release1.el7.x86_64.rpm --force --nodeps
when:
- system_type == "centos7"
- rpm_file_check.stat.exists
ignore_errors: no
# 如果 RPM 安装失败,显示错误信息
- name: Show error if RPM not found (CentOS 7)
debug:
msg: "错误: 无法找到或下载 Zabbix Agent RPM 包"
when:
- system_type == "centos7"
- not rpm_file_check.stat.exists
# 清理临时文件 (CentOS 7)
- name: Clean up RPM file (CentOS 7)
file:
path: "/tmp/zabbix-agent-6.4.4-release1.el7.x86_64.rpm"
state: absent
when: system_type == "centos7"
ignore_errors: yes
# 导入GPG密钥
- name: Import Zabbix GPG keys (CentOS 7)
shell: |
rpm --import https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 || true
rpm --import https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX || true
when: system_type == "centos7"
ignore_errors: yes
# 其他系统的仓库配置保持不变
# 添加Zabbix仓库 (如果还没有)
- name: Add Zabbix repository (CentOS 8/Anolis 8)
dnf:
name: "https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/zabbix-release-6.4-1.el8.noarch.rpm"
state: present
disable_gpg_check: yes
when: system_type in ["centos8", "anolis8"]
ignore_errors: yes
- name: Add Zabbix repository (Ubuntu 18)
apt:
deb: "https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu18.04_all.deb"
state: present
when: system_type == "ubuntu18"
ignore_errors: yes
- name: Add Zabbix repository (Ubuntu 22)
apt:
deb: "https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb"
state: present
when: system_type == "ubuntu22"
ignore_errors: yes
- name: Update package cache (Ubuntu)
apt:
update_cache: yes
when: ansible_os_family == "Debian"
ignore_errors: yes
- name: Install Zabbix Agent (CentOS 8/Anolis 8)
dnf:
name: "{{ zabbix_agent_package }}"
state: present
when: system_type in ["centos8", "anolis8"]
- name: Install Zabbix Agent (Ubuntu)
apt:
name: "{{ zabbix_agent_package }}"
state: present
when: ansible_os_family == "Debian" or system_type in ["ubuntu18", "ubuntu22"]
- name: Backup original config if exists
copy:
src: "{{ zabbix_agent_config }}"
dest: "{{ zabbix_agent_config }}.backup-{{ ansible_date_time.epoch }}"
remote_src: yes
backup: no
ignore_errors: yes
- name: Ensure Zabbix directories exist
file:
path: "{{ item }}"
state: directory
owner: zabbix
group: zabbix
mode: '0755'
loop:
- /var/log/zabbix
- /run/zabbix
- /etc/zabbix/zabbix_agentd.d
ignore_errors: yes
- name: Configure Zabbix Agent
template:
src: zabbix_agentd.conf.j2
dest: "{{ zabbix_agent_config }}"
owner: root
group: root
mode: '0644'
backup: yes
notify: restart zabbix-agent
- name: Start and enable Zabbix Agent
systemd:
name: "{{ zabbix_agent_service }}"
state: started
enabled: yes
daemon_reload: yes
- name: Wait for agent to start
wait_for:
port: 10050
host: "{{ ansible_default_ipv4.address | default('127.0.0.1') }}"
delay: 2
timeout: 30
ignore_errors: yes
- name: Configure firewall for RHEL/CentOS (if firewalld is running)
firewalld:
port: "10050/tcp"
permanent: yes
state: enabled
immediate: yes
when:
- ansible_os_family in ["RedHat"] or system_type in ["anolis8", "anolis7", "centos7", "centos8"]
ignore_errors: yes
- name: Configure firewall for Ubuntu (if ufw is active)
ufw:
rule: allow
port: '10050'
proto: tcp
when: ansible_os_family == "Debian" or system_type in ["ubuntu18", "ubuntu22"]
ignore_errors: yes
- name: Test agent connectivity
shell: |
# 测试agent是否响应
if command -v zabbix_agentd >/dev/null; then
zabbix_agentd -t agent.ping 2>/dev/null || echo "Test failed"
fi
# 检查端口监听
if ss -tlnp | grep -q ":10050"; then
echo "Port 10050 listening OK"
else
echo "Port 10050 NOT listening"
fi
# 检查服务状态
systemctl is-active zabbix-agent || echo "Service not active"
register: connectivity_test
changed_when: false
failed_when: false
- name: Display test results
debug:
msg:
- "Host: {{ inventory_hostname }}"
- "Connectivity test: {{ connectivity_test.stdout_lines }}"
# 清理临时文件
- name: Clean up temporary files
file:
path: "/tmp/zabbix-release-6.4.4-1.el7.noarch.rpm"
state: absent
when: system_type == "centos7"
ignore_errors: yes
handlers:
- name: restart zabbix-agent
systemd:
name: "{{ zabbix_agent_service }}"
state: restarted
daemon_reload: yes
自动部署nfs(服务端部署+客户端挂载)
13.nfs_srv_cli_v2.yml
---
- hosts: nfs
tasks:
- name: 1. yum安装nfs-utils,rpcbind
yum:
name:
- nfs-utils
- rpcbind
state: present
tags: "01"
- name: 2. template导入配置文件(文件中有变量)
template:
src: /server/scripts/ansible/exports.j2
dest: /etc/exports
backup: yes
tags: "02"
notify:
- 重启服务
#- name: 2. lineinfile修改配置文件
#lineinfile:
# path: /etc/exports
# regexp: "^/nfs/ans/"
# line: |
# ansible-nfs
# /nfs/ans/ 172.16.1.0/24 (rw,all_squash,anonuid=2999,anongid=2999)
- name: 3. 先创建www group
group:
name: "{{ nfs_user }}"
gid: "{{ nfs_user_uid }}"
state: present
tags: "03"
- name: 3.5 将user添加www,uid 1999
user:
name: "{{ nfs_user }}"
uid: "{{ nfs_user_uid }}"
group: "{{ nfs_user }}"
create_home: no
shell: /sbin/nologin
comment: "Ansible created service account"
state: present
tags: "04"
- name: 4. file创建共享目录并改所有者
file:
path: "{{ nfs_dir }}"
owner: "{{ nfs_user }}"
group: "{{ nfs_user }}"
state: directory
tags: "05"
- name: 5. systemd启动服务rpcbind,nfs(注意顺序,一次只能管一个)
systemd:
name: "{{ item }}"
enabled: yes
state: started
loop:
- rpcbind
- nfs
tags: "06"
handlers: #设置踩雷后操作.
- name: 重启服务
systemd:
name: nfs
state: reloaded
tags: "07"
- hosts: web
tasks:
- name: 1. 安装nfs-utils
yum:
name: nfs-utils
state: present
tags: "01"
- name: 2. 创建挂载点
file:
path: "{{ web_upload }}"
state: directory
tags: "09"
- name: 3. 先创建www group
group:
name: "{{ web_user }}"
gid: "{{ web_user_uid }}"
state: present
tags: "10"
- name: 3.5 将user添加www,uid 1999
user:
name: "{{ web_user }}"
uid: "{{ web_user_uid }}"
group: "{{ web_user }}"
create_home: no
shell: /sbin/nologin
comment: "Ansible created service account"
state: present
tags: "11"
- name: 3.挂载与永久挂载
mount:
src: "{{ nfs_server_ip }}:{{ nfs_dir }}"
path: "{{ web_upload }}"
fstype: nfs
state: mounted
tags:
- "01"
- "a1"
LNMP批量部署
web_install.yml
# ansible/playbook.yml
- hosts: webservers
# 添加集合声明
collections:
- community.mysql
tasks:
- name: 安装LNMP环境
dnf:
name: [nginx, mariadb-server, php, php-fpm, php-mysqlnd]
state: latest
web_create.yml
- name: 部署高可用 WordPress 集群
hosts: webservers
become: yes
vars:
# WordPress 配置
wp_db_name: "wordpress"
wp_db_user: "wpuser"
wp_db_password: "wppass"
wp_db_host: "web1"
# PHP 配置
php_modules:
- php-fpm
- php-mysqlnd
- php-curl
- php-gd
- php-mbstring
- php-xml
- php-zip
wordpress_url: "https://wordpress.org/latest.tar.gz"
tasks:
# ================== 初始化阶段 ==================
- name: 初始化本地存储
file:
path: /var/www/html
state: directory
mode: '0755'
owner: nginx
group: nginx
# ================== 软件部署阶段 ==================
- name: 安装 PHP 扩展
yum:
name: "{{ php_modules }}"
state: present
update_cache: yes
notify: restart php-fpm
- name: 创建Nginx配置目录
file:
path: "/etc/nginx/conf.d"
state: directory
mode: '0755'
# ================== WordPress部署阶段 ==================
- name: 下载 WordPress 到目标服务器
get_url:
url: "{{ wordpress_url }}"
dest: /tmp/wordpress.tar.gz
timeout: 30
validate_certs: no
- name: 清空目标目录(首次部署)
file:
path: /var/www/html
state: directory
owner: nginx
group: nginx
mode: '0755'
when: ansible_local.initial_deploy | default(true)
- name: 解压 WordPress 文件
unarchive:
src: /tmp/wordpress.tar.gz
dest: /var/www/html
remote_src: yes
extra_opts:
- --strip-components=1
- --no-same-owner
owner: nginx
group: nginx
# ================== 配置阶段 ==================
- name: 部署 Nginx 配置
template:
src: wordpress.conf.j2
dest: /etc/nginx/conf.d/wordpress.conf
notify: reload nginx
- name: 动态生成wp-config.php
template:
src: wp-config.php.j2
dest: /var/www/html/wp-config.php
mode: '0644'
register: wp_config
notify:
- restart php-fpm
- reload nginx
# ================== 权限管理阶段 ==================
# - name: 递归设置目录权限
# file:
# path: /var/www/html
# state: directory
# owner: nginx
# group: nginx
# mode: '0755'
# recurse: yes
#
#- name: 递归设置文件权限
# shell: |
# find /var/www/html -type f -exec chmod 644 {} \;
# find /var/www/html -type f -exec chown nginx:nginx {} \;
# args:
# warn: false # 禁用 Shell 警告
# changed_when: false # 强制标记为 changed
# ================== 数据库初始化 ==================
- name: 创建 WordPress 数据库(仅主库)
mysql_db:
name: "{{ wp_db_name }}"
state: present
login_unix_socket: /var/lib/mysql/mysql.sock
login_user: root
login_password: "123456Ok"
when: inventory_hostname == "web1"
- name: 创建数据库用户并授权(仅主库)
mysql_user:
name: "{{ wp_db_user }}"
host: "%"
password: "{{ wp_db_password }}"
priv: "{{ wp_db_name }}.*:ALL"
state: present
login_unix_socket: /var/lib/mysql/mysql.sock
login_user: root
login_password: "123456Ok"
when: inventory_hostname == "web1"
handlers:
- name: restart php-fpm
service:
name: php-fpm
state: restarted
- name: reload nginx
service:
name: nginx
state: reloaded
- name: clean wordpress package
file:
path: /tmp/wordpress.tar.gz
state: absent
listen: "cleanup tasks"
wordpress.conf.j2
server {
listen 80;
server_name {{ ansible_host }}; # 请替换为实际域名
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
error_log /var/log/nginx/wordpress_error.log;
access_log /var/log/nginx/wordpress_access.log;
}
wp-config_php.j2
<?php
define('DB_NAME', '{{ wp_db_name }}');
define('DB_USER', '{{ wp_db_user }}');
define('DB_PASSWORD', '{{ wp_db_password }}');
define('DB_HOST', '{{ wp_db_host }}');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
// 测试环境安全密钥(明文)
define('AUTH_KEY', 'test-auth-key-1234567890');
define('SECURE_AUTH_KEY', 'test-secure-auth-key-1234567890');
define('LOGGED_IN_KEY', 'test-logged-in-key-1234567890');
define('NONCE_KEY', 'test-nonce-key-1234567890');
define('AUTH_SALT', 'test-auth-salt-1234567890');
define('SECURE_AUTH_SALT', 'test-secure-auth-salt-1234567890');
define('LOGGED_IN_SALT', 'test-logged-in-salt-1234567890');
define('NONCE_SALT', 'test-nonce-salt-1234567890');
$table_prefix = 'wp_';
define('WP_DEBUG', true); // 测试环境开启调试模式
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
LNMP批量加机器
add_machine.yml
---
- hosts: web1
include_tasks:
- web_src_old/tasks/total_web1.yml
- hosts: web2
roles:
- web_dest_new
从web1导出站点目录:
total_web1.yml
---
- hosts: web01
tasks:
- name: 1.传输站点目录代码
shell: scp -rp /app/code/blog/* root@web02:/app/code/blog/ &>/dev/null增加n台web服务器
total_add_web2.yml
---
- name: 针对 web2 执行任务
hosts: web2
vars:
packages:
- nginx
- php
- php-bcmath
- php-cli
- php-common
- php-devel
- php-embedded
- php-fpm
- php-gd
- php-intl
- php-mbstring
- php-mysqlnd
- php-opcache
- php-pdo
- php-process
- php-xml
- php-json
tasks:
- name: 当前执行剧本的机器
debug:
msg: "这是在 {{ inventory_hostname }} 机器上执行的任务"
- name: 1. 安装nginx,php
yum:
name: "{{ packages }}"
state: present
# yum模块本身就支持直接传递一个包列表,这样可以避免循环,并且只需要一个任务即可安装所有包
# (推荐,因为这样只需要一次yum事务):
# 这里使用列表方式安装的好处是,yum会一次性安装所有包,只需要一个事务,比循环安装每个包更高效。
- name: 2.1创建www用户组
group:
name: www
gid: 1999
state: present
- name: 2.2创建www用户
user:
name: www
group: www
create_home: no
shell: /sbin/nologin
state: present
- name: 3.修改nginx站点目录配置文件/conf.d/blog.linuxjk.cn.conf #(直接copy,与web1保持一致即可)
copy:
src: files/blog.linuxjk.cn.conf
dest: /etc/nginx/conf.d/blog.linuxjk.cn.conf
- name: 4.1修改nginx用户为www,与nfs统一
lineinfile:
path: /etc/nginx/nginx.conf
regexp: '^user'
line: "user www;"
- name: 5.1检查nginx配置是否正确
shell: nginx -t &>/dev/null
register: check_nginx
- name: 4.2 修改php用户为www,与nfs统一,修改php监听socket文件的所属主所属组为www,权限0660
lineinfile:
path: /etc/php-fpm.d/www.conf
# 使用 {{ item.olduser }} 来正确引用变量
regexp: "{{ item.olduser }}"
line: "{{ item.newuser }}"
# 确保修改后配置文件语法正确
backrefs: yes
loop:
- { olduser: '^;?\s*user\s*=', newuser: 'user = www' }
- { olduser: '^;?\s*group\s*=', newuser: 'group = www' }
- { olduser: '^;?\s*listen.owner\s*=', newuser: 'listen.owner = www' }
- { olduser: '^;?\s*listen.group\s*=', newuser: 'listen.group = www' }
- { olduser: '^;?\s*listen.mode\s*=', newuser: 'listen.mode = 0660' }
- name: 4.3 修改php.ini(上传文件大小,默认2M)
lineinfile:
path: /etc/php.ini
regexp: "{{ item.oldsize }}"
line: "{{ item.newsize }}"
backrefs: yes
loop:
- { oldsize: '^;?\s*upload_max_filesize\s*=.*', newsize: 'upload_max_filesize = 500M'}
- { oldsize: '^;?\s*post_max_size\s*=.*', newsize: 'post_max_size = 512M'}
- { oldsize: '^;?\s*memory_limit\s*=.*', newsize: 'memory_limit = 256M'}
- { oldsize: '^;?\s*max_execution_time\s*=.*', newsize: 'max_execution_time = 300'}
- name: 5.2检查php配置是否正确
shell: php-fpm -t &>/dev/null
register: check_php
- name: 6.1设置开机自启动并启动nginx服务
systemd:
name: nginx
enabled: yes
state: started
when: check_nginx.rc == 0
- name: 提示nginx配置错误
debug:
msg: |
nginx配置文件有误,请检查配置
when: check_nginx.rc != 0
- name: 6.2设置开机自启动并启动php服务
systemd:
name: php-fpm
enabled: yes
state: started
when: check_php.rc == 0
- name: 提示php配置错误
debug:
msg: |
php配置文件有误,请检查配置
when: check_php.rc != 0
- name: 8.创建临时目录存放网页目录文件
file:
path: /tmp/test/
state: directory
- name: 8.将upload目录下的内容转移出去
shell: mv /app/code/blog/wp-content/uploads/* /tmp/test &>/dev/null
ignore_errors: yes # 添加错误忽略
- name: 9. web2 挂载 nfs并设置永久挂载
mount:
src: 172.16.1.31:/ans_www/web1
path: /app/code/blog/wp-content/uploads
fstype: nfs
state: mounted
register: mount_nfs
- name: 10. 显示挂载结果(成功)
debug:
msg: mount is successful
when: not mount_nfs.failed
- name: 10. 显示挂载结果(失败)
debug:
msg: mount is failed
when: mount_nfs.failed
- name: 11. 调整站点目录,nginx工作目录权限
file:
path: "{{ item }}"
owner: www
group: www
loop:
- /app/code/blog/
- /var/log/nginx/
- /var/lib/nginx/
Dockerfile生成镜像
可道云部署配置nginx+php
entry.sh
#!/bin/bash
#desc:docker容器的入口脚本
php-fpm7.4
nginx -g "daemon off;"
Dockerfile
FROM debian:bullseye
LABEL author=linuxjk.cn
ENV PHP_PACKAGES="php7.4-bcmath php7.4-bz2 php7.4-cgi \
php7.4-cli php7.4-common php7.4-curl php7.4-dba \
php7.4-dev php7.4-enchant php7.4-fpm php7.4-gd \
php7.4-gmp php7.4-imap php7.4-interbase php7.4-intl \
php7.4-json php7.4-ldap php7.4-mbstring php7.4-mysql \
php7.4-odbc php7.4-opcache php7.4-pgsql php7.4-phpdbg php7.4-pspell php7.4-readline php7.4-snmp \
php7.4-soap php7.4-sybase php7.4-tidy php7.4-xml \
php7.4-xmlrpc php7.4-xsl php7.4-zip php7.4-redis"
ENV CODE_DIR="/app/code/kodbox/"
ENV USER="www-data"
ADD sources.list /etc/apt/sources.list
RUN set -aux \
&& umask 0022 \
&& apt update -o Acquire::https::Verify-Peer=false \
&& sed -i 's/https/http/g' /etc/apt/sources.list \
&& apt install -y ca-certificates \
&& sed -i 's/http/https/g' /etc/apt/sources.list \
&& apt update \
&& apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring unzip \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apt update \
&& apt install -y nginx \
&& apt install -y ${PHP_PACKAGES} \
&& sed -i 's#/run/php/php7.4-fpm.sock#127.0.0.1:9000#g' /etc/php/7.4/fpm/pool.d/www.conf \
&& sed -i 's#/run/php/php7.4-fpm.pid#/run/php7.4-fpm.pid#g' /etc/php/7.4/fpm/php-fpm.conf \
&& sed -i '/^user/s#nginx#www-data#g' /etc/nginx/nginx.conf \
&& mkdir -p ${CODE_DIR} \
&& chown ${USER}:${USER} ${CODE_DIR} \
&& ln -sf /dev/stdout /var/log/nginx/kodbox.access.log \
&& ln -sf /dev/stderr /var/log/nginx/kodbox.error.log \
&& ln -sf /dev/stderr /var/log/php7.4-fpm.log
ADD nginx.conf /etc/nginx/nginx.conf
ADD kodbox.linuxjk.cn.conf /etc/nginx/conf.d/kodbox.linuxjk.cn.conf
ADD info.php ${CODE_DIR}
ADD kodbox.tar.gz ${CODE_DIR}
RUN set -aux \
&& umask 0022 \
&& chown -R ${USER}:${USER} ${CODE_DIR} \
&& chmod 755 /app /app/code/ /app/code/kodbox \
&& apt clean \
&& rm -rf /var/cache \
&& rm -rf /usr/share/doc
EXPOSE 80 443
WORKDIR ${CODE_DIR}
COPY entry.sh /entry.sh
CMD ["/entry.sh"]
多阶段提交编译安装tengine
Dockerfile
#######################
#1. pull ubuntu image
#######################
FROM ubuntu:20.04 AS temp
LABEL maintainer="Tengine docker admin <zhangpeng@linuxjk.cn>" author="linuxjk.cn"
ENV Web_User="nginx"
ENV Web_Server="tengine"
ENV Web_Version="3.0.0"
ENV Server_Dir="/app/tools/tengine-3.0.0"
ENV Server_Dir_Soft="/app/tools/tengine"
#######################
#####ENV vars###########
#######################
#######################
#2. 编译安装 ######
#######################
RUN set -eux \
&& sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -y wget libssl-dev make gcc pcre2-utils libpcre3-dev zlib1g-dev
RUN set -eux \
&& wget -P /tmp/ http://tengine.taobao.org/download/${Web_Server}-${Web_Version}.tar.gz \
&& cd /tmp \
&& tar xf ${Web_Server}-${Web_Version}.tar.gz \
&& cd ${Web_Server}-${Web_Version} \
&& ./configure --prefix=${Server_Dir} \
--user=${Web_User} \
--group=${Web_User} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=modules/ngx_http_upstream_check_module/ \
--add-module=modules/ngx_http_upstream_session_sticky_module
#编译
RUN set -eux \
&& cd /tmp/ \
&& cd ${Web_Server}-${Web_Version} \
&& make -j `nproc` \
&& make install
#后续操作
RUN set -eux \
&& groupadd ${Web_User} \
&& useradd -g ${Web_User} ${Web_User} \
&& ln -s ${Server_Dir} ${Server_Dir_Soft} \
&& ln -s ${Server_Dir_Soft}/sbin/nginx /sbin/
###################################
######创建新的镜像#################
######把上面结果传递到新的镜像#####
###################################
FROM ubuntu:20.04
COPY --from=temp /app/ /app/
ADD bunengsi.tar.gz /app/tools/tengine/html/
RUN set -eux \
&& sed -ri 's#archive.ubuntu.com|security.ubuntu.com#mirrors.aliyun.com#g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -y libssl-dev pcre2-utils libpcre3-dev zlib1g-dev \
&& ln -s /app/tools/tengine/sbin/nginx /sbin/ \
&& groupadd nginx \
&& useradd -g nginx nginx \
&& rm -fr /var/cache/* \
&& apt clean \
&& ln -sf /dev/stdout /app/tools/tengine/logs/access.log \
&& ln -sf /dev/stderr /app/tools/tengine/logs/error.log
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]