一台haproxy
haproxy
三台nginx
nginxa
nginxb
nginxc
一台php 用于实现动静分离
phpng
1、centos
dockerfile
#base image FROM centos:centos7.3.1611 RUN yum install wget -y && mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo && wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo && yum clean all && yum makecache RUN yum install -y wget gcc gcc-c++ glibc make autoconf openssl openssl-devel ntpdata crontabs RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
2、haproxy
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice defaults log global mode http option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms listen stats bind 0.0.0.0:70 stats enable stats uri / frontend balancer bind 0.0.0.0:80 mode http default_backend web_backends backend web_backends mode http option forwardfor balance roundrobin server nginxa nginxa:80 check server nginxb nginxb:80 check server nginxc nginxc:80 check option httpchk GET / http-check expect status 200
3、nginx
dockerfile
#base iamge to nginx FROM centos:v1 RUN useradd -M -s /sbin/nologin www ADD nginx-1.8.1.tar.gz /usr/local/src RUN yum install libxslt-devel -y gd gd-devel GeoIP GeoIP-devel pcre pcre-devel libxml2 libxml2-dev libxslt-devel WORKDIR /usr/local/src/nginx-1.8.1 RUN ./configure --user=www --group=www --prefix=/usr/local/nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module && make && make install copy nginx.conf /usr/local/nginx/conf/nginx.conf copy fastcgi_params /user/local/nginx/conf/fastcgi_params RUN mkdir /usr/local/nginx/conf/conf.d copy www.conf /usr/local/nginx/conf/conf.d/www.conf EXPOSE 80 CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
nginx.conf
user www www; worker_processes 3; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 5120; events { use epoll; worker_connections 5120; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 22m; limit_conn_zone $binary_remote_addr zone=one:32k; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; log_format wwwlogs '$remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #include default.conf; include /usr/local/nginx/conf/conf.d/*.conf; }
www.conf
server { listen 80; root /usr/local/nginx/html; index index.htm index.html index.php; location ~ .php$ { root /usr/local/nginx/html; fastcgi_pass phpng:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
4、PHP
dockerfile
#base image to php FROM centos:v1 ADD libmcrypt-2.5.8.tar.gz /usr/local/src WORKDIR /usr/local/src/libmcrypt-2.5.8 RUN useradd -M -s /sbin/nologin www &&chmod +x configure && ./configure && make && make install ADD php-5.6.35.tar.gz /usr/local/src RUN yum -y install libxml2 libxml2-devel bzip2 bzip2-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel freetype freetype-devel zlib zlib-devel libcurl libcurl-devel WORKDIR /usr/local/src/php-5.6.35 RUN ./configure --prefix=/usr/local/php --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-openssl --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --enable-fpm --with-config-file-path=/usr/local/php/etc --with-bz2 --with-gd && make && make install COPY php.ini-production /usr/local/php/etc/php.ini COPY php-fpm.conf.default /usr/local/php/etc/php-fpm.conf RUN useradd -M -s /sbin/nologin php RUN sed -i -e 's@;pid = run/php-fpm.pid@pid = run/php-fpm.pid@g' -e 's@nobody@php@g' -e 's@listen = 127.0.0.1:9000@listen = 0.0.0.0:9000@g' /usr/local/php/etc/php-fpm.conf RUN sed -i 's@;daemonize = yes@daemonize = no@g' /usr/local/php/etc/php-fpm.conf EXPOSE 9000 CMD ["/usr/local/php/sbin/php-fpm"]
5、 docker-compose.yml
phpng: build: ./php volumes: - /opt/www:/usr/local/nginx/html nginxa: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html links: - phpng expose: - "80" ports: - "91:80" nginxb: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html links: - phpng expose: - "80" ports: - "92:80" nginxc: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html links: - phpng expose: - "80" ports: - "93:80" haproxy: image: haproxy volumes: - /opt/compose-nginx-php/haproxy:/haproxy-override - /opt/compose-nginx-php/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg links: - nginxa - nginxb - nginxc
######################ELK收集nginx容器日志######################
要在dockercompose里面添加label标签,便于filebeat采集
version: '3' services: phpng: build: ./php volumes: - /opt/www:/usr/local/nginx/html nginxa: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html labels: service: nginxa logging: options: labels: "service" links: - phpng expose: - "80" ports: - "91:80" nginxb: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html labels: service: nginxb logging: options: labels: "service" links: - phpng expose: - "80" ports: - "92:80" nginxc: build: ./nginx volumes: - /opt/www:/usr/local/nginx/html labels: service: nginxc logging: options: labels: "service" links: - phpng expose: - "80" ports: - "93:80" haproxy: image: haproxy volumes: - /opt/compose-nginx-php/haproxy:/haproxy-override - /opt/compose-nginx-php/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg links: - nginxa - nginxb - nginxc ports: - "81:80" - "71:70" expose: - "80" - "70"
在nginx的dockerfile里面添加以下内容,确保日志输出到docker的/var/lib/docker/containers 目录下*-json.log里面
RUN ln -sf /dev/stdout /usr/local/nginx/logs/access.log
&& ln -sf /dev/stderr /usr/local/nginx/logs/error.log
在filebeat中 通过label 和stream 状态,过滤对应标签容器和正确/错误输出
filebeat.inputs: - type: log enabled: true paths: - /var/lib/docker/containers/*/*-json.log json.keys_under_root: true json.overwrite_keys: true setup.ilm.enabled: false setup.kibana: host: "192.168.0.2:5601" output.elasticsearch: hosts: ["192.168.0.2:9200"] indices: - index: "nginxa_access-%{[agent.version]}-%{+yyyy.MM}" when.contains: attrs.service: "nginxa" stream: "stdout" - index: "nginxa_error-%{[agent.version]}-%{+yyyy.MM}" when.contains: attrs.service: "nginxa" stream: "stderr" - index: "nginxc_access-%{[agent.version]}-%{+yyyy.MM}" when.contains: attrs.service: "nginxc" stream: "stdout" - index: "nginxc_error-%{[agent.version]}-%{+yyyy.MM.dd}" when.contains: attrs.service: "nginxc" stream: "stderr" setup.template.name: "docker" setup.template.pattern: "docker_*" setup.template.settings: index.number_of_shards: 2 setup.template.enabled: false setup.template.overwrite: true #注意ip地址修改