설치
https://docs.docker.com/engine/install/
패키지 관리자를 통한 설치는 최신 버전 설치가 안됨
우분투
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
권한 없음
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
docker를 sudo 권한으로 사용하여야 함. 그냥 sudo 붙여도 되는데 vscode 등에서 사용하기 불편해짐.
#sudo usermod -aG docker [사용자이름]
sudo usermod -aG docker $USER
# 이후 docker 서비스 재시작
# service
sudo service docker restart
# systemctl
sudo systemctl restart docker
# 그룹 갱신
newgrp docker
# 안되면 재부팅 ㅋㅋ
사용
각 컨테이너는 ip 말고 이름으로 연결
docker-compose.yml
version: "3.7"
services:
caddy:
image: caddy
container_name: wiki-caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
- 443:443/udp
volumes:
- ./config/caddy/Caddyfile:/etc/caddy/Caddyfile
- ./data/caddy:/data/caddy
# 선택사항
- ./data/caddy/config/:/config/caddy
- ./log/caddy/caddy.log:/var/log/caddy/caddy.log
- ./site:/srv
depends_on:
- php-fpm # <- 각 컨테이너는 ip 말고 이름으로 연결
- db # <- 각 컨테이너는 ip 말고 이름으로 연결
extra_hosts:
- host.docker.internal:host-gateway
#- host.docker.internal:127.0.0.1
php-fpm:
build:
dockerfile: dockerfile-php-fpm
container_name: wiki-php-fpm
restart: unless-stopped
volumes:
- ./site:/srv
- ./log/php-fpm/error.log:/usr/local/var/log/error.log
- ./log/php-fpm/access.log:/usr/local/var/log/access.log
- ./config/php-fpm/php-fpm.conf:/usr/local/etc/php-fpm.conf
- ./config/php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
- ./config/php-fpm/php.ini:/usr/local/etc/php/php.ini
# 포트 정의는 컴퓨터 외부로 포트 공개가 필요할 경우만 사용. 방화벽 규칙을 무시하도록 되어있음. 컨테이너끼리만 통신하면 없어도 됨.
# ports:
# - 9000:9000
db:
image: mariadb
container_name: wiki-mariadb
environment:
- "MARIADB_ROOT_PASSWORD=**********"
- "MARIADB_DATABASE=********"
- "MARIADB_USER=*********"
- "MARIADB_PASSWORD=**********"
volumes:
- ./config/mariadb/:/etc/mysql
- ./data/mariadb/:/var/lib/mysql
- ./db.sql/:/tmp/db.sql
# ports:
# - "3306:3306"
dockerfile-php-fpm
ARG PHP_VER=8.0.30
# php 이미지 설정
FROM php:${PHP_VER}-fpm-alpine
# 작업 경로
WORKDIR /srv
# 패키지 업데이트
RUN apk update; apk upgrade
# php 익스텐션 설치
ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
RUN chmod +x /usr/local/bin/install-php-extensions
RUN install-php-extensions xml intl imagick
RUN install-php-extensions mysqli pdo_mysql apcu opcache
# 패키지 설치
RUN apk add diffutils vim bash lua5.1
# edge 패키지 추가
RUN echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories
RUN apk add rsvg-convert
# 디렉토리 액세스를 위한 권한 설정
# 도커의 기능 사용하면 아래 필요없음.
RUN apk add -U shadow
ARG UNAME=www-data
ARG UGROUP=www-data
ARG UID=1000
ARG GID=1001
RUN usermod --uid ${UID} ${UNAME}
RUN groupmod --gid ${GID} ${UGROUP}
# composer 설치
RUN curl -sSL https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# php.ini 설정
#RUN mv /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
RUN rm -rf /var/cache/apk /etc/apk/cache
{
auto_https disable_redirects
log {
output file /var/log/caddy/caddy.log {
roll_size 10MiB
}
format json {
time_format iso8601
}
level DEBUG
}
}
https://www.example.com, :80 {
root * /srv
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
Cache-Control public, max-age=3600, s-maxage=3600
}
# 각 컨테이너는 ip 말고 이름으로 연결 (
php_fastcgi php-fpm :9000 {
split .php
index index.php
}
reverse_proxy /********/* host.docker.internal:9090 {
transport http {
tls_insecure_skip_verify
}
}
reverse_proxy /********/* host.docker.internal:9443 {
transport http {
tls_insecure_skip_verify
}
}
redir / /w/ permanent
rewrite /wiki/* /w/index.php?{query}
respond /w/cache/* 404
respond /status/* 404
respond /status 404
file_server /w/skins/*
file_server /w/images/*
file_server /w/resources/*
encode zstd gzip
}
alpine 이미지는 lua가 깨지는 경우가 있음 아래 추가.
기본 바이너리는 속도가 느림 아래 php-luasandbox 확장기능 설치
$wgScribuntoDefaultEngine = 'luastandalone';
$wgScribuntoDefaultEngine = 'luasandbox';