如何打包Docker Haproxy?

Docker

1 基础知识

本章节需要你先掌握Linux系统的Haproxy编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,

如何编译部署传统启动的haproxy?

2 最佳实践

2.1 部署前的准备

本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,

如何部署Docker生产环境?

2.2 创建新镜像

2.2.1 创建镜像项目文件夹

mkdir ~/imageProject-haproxy-2.1.4

2.2.2 创建Dockerfile

vim ~/imageProject-haproxy-2.1.4/Dockerfile

加入如下配置,

FROM centos:centos7
MAINTAINER will@cmdschool.org

# Update OS
RUN rm -rf /etc/yum.repos.d/*
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
RUN yum update -y

# Deploy tools
RUN yum install -y wget net-tools vim bzip2
RUN yum -y install gcc make

# Download fiels
WORKDIR /root/
RUN wget https://www.haproxy.org/download/2.1/src/haproxy-2.1.4.tar.gz

# Deploy Haproxy
WORKDIR /root/
RUN tar -xf haproxy-2.1.4.tar.gz
WORKDIR /root/haproxy-2.1.4

RUN sed -i "s/PREFIX = \/usr\/local/PREFIX = \/usr/g" Makefile
RUN sed -i "s/TARGET =/TARGET = linux3100/g" Makefile
RUN sed -i "s/ARCH =/ARCH = x86_64/g" Makefile

RUN make
RUN make install
RUN haproxy -v

RUN mkdir -p /etc/haproxy
COPY haproxy.cfg /etc/haproxy/haproxy.cfg

RUN groupadd  -g 200 haproxy
RUN useradd -u 200 -g 200 -d /var/spool/haproxy -s /sbin/nologin haproxy

# Clean cache
WORKDIR /root
RUN yum clean all
RUN rm -rf /root/haproxy-2.1.4*

# Config Start Scripts
RUN echo '#!/bin/bash' > /root/start.sh
RUN echo 'echo "Starting Haproxy Server...";' >> /root/start.sh
RUN echo '/usr/sbin/haproxy -d -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid' >> /root/start.sh
RUN chmod +x /root/start.sh
EXPOSE 8080

WORKDIR /root
CMD ["/bin/bash","./start.sh"]

注:
“FROM”指令声明基于“centos7”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
根据以上命令的要求,我们需要准备程序所需的配置文件,

vim ~/imageProject-haproxy-2.1.4/haproxy.cfg

加入如下配置,

#
# demo config for Proxy mode
#

global
        maxconn         20000
        ulimit-n        40025
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        nbproc          1
        daemon

frontend test-proxy
        bind            0.0.0.0:8080
        mode            http
        log             global
        option          httplog
        option          dontlognull
        option          nolinger
        option          http_proxy
        maxconn         8000
        timeout client  30s

        # layer3: Valid users
        acl allow_host src 192.168.200.0/32
        http-request deny if !allow_host

        # layer7: prevent private network relaying
        acl forbidden_dst url_ip 192.168.0.0/24
        acl forbidden_dst url_ip 172.16.0.0/12
        acl forbidden_dst url_ip 10.0.0.0/8
        http-request deny if forbidden_dst

        default_backend test-proxy-srv


backend test-proxy-srv
        mode            http
        timeout connect 5s
        timeout server  5s
        retries         2
        option          nolinger
        option          http_proxy

        # layer7: Only GET method is valid
        acl valid_method        method GET
        http-request deny if !valid_method

        # layer7: protect bad reply
        http-response deny if { res.hdr(content-type) audio/mp3 }

然后,可使用如下命令确认文件,

ls ~/imageProject-haproxy-2.1.4

可见如下显示,

Dockerfile  haproxy.cfg

2.2.3 执行打包操作

cd ~/imageProject-haproxy-2.1.4
docker build -t build/haproxy:2.1.4 .

以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,

Sending build context to Docker daemon  3.072kB
Step 1/28 : FROM centos:centos7
 ---> 8652b9f0cb4c
[...]
Successfully built 5c1da1512065
Successfully tagged build/haproxy:2.1.4

完成后,可使用如下命令查看镜像,

docker images

可见如下显示,

REPOSITORY                                               TAG                        IMAGE ID            CREATED             SIZE
build/haproxy                                            2.1.4                      5c1da1512065        3 minutes ago       743MB
[...]

2.2.4 测试软件运行

docker run -d --name haproxy -p 8080:8080 build/haproxy:2.1.4

以上运行容器环境后,我们使用以下命令登录容器虚拟机,

docker exec -it `docker container ls | grep 'haproxy' | cut -d" " -f1` /bin/bash

测试apache-php运行

netstat -antp

可见如下显示,

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      -

测试完成后可使用如下命令退出容器虚拟机,

exit

另外,你可以使用如下命令查询当前运行的container,

docker ps -a

可见如下显示,

CONTAINER ID        IMAGE                                                                  COMMAND                  CREATED             STATUS              PORTS                    NAMES
ec38b112eda4        build/haproxy:2.1.4                                                    "/bin/bash ./start.sh"   51 minutes ago      Up 51 minutes       0.0.0.0:8080->8080/tcp   haproxy
[...]

然后可以使用如下命令停止并删除,

docker container stop ec38b112eda4
docker container rm ec38b112eda4

参阅文档
====================

haproxy
———–
https://www.haproxy.org/

docker hub
————
https://hub.docker.com/_/85c386ff-85a7-4d61-b309-5901f625c36f?tab=description

docker builder
————–
https://docs.docker.com/engine/reference/builder/

没有评论

发表回复

Docker
如何修复连接Docker容器虚机无响应?

1 前言 一个问题,一篇文章,一出故事。 笔者最近使用如下命令连接容器发现一直没有响应, docke …

Docker
如何打包Docker Nginx?

1 前言 一个问题,一篇文章,一出故事。 由于docker hub原版本的nginx镜像过于精简,于 …

Docker
如何打包Docker MAC-Telnet?

1 基础知识 一款可以使用MikroTik RouterOS MAC-Telnet协议连接Mikro …