在编写此小指南之前,经历了数周的折磨,试图在项目上进行工作,当时有必要启动一个带有工作现场的容器,带有测试组件的容器,以便测试人员可以安全地测试基本数据的新系统功能以及研究技术支持的构建在接近“战斗”的条件下使用该系统。
此外,应该为我的开发团队的成员提供一个服务Web界面。在这种情况下,某些系统应可在一个版本的php上运行,而另一些版本应可。同时,站点的工作环境有所不同,从操作系统和处理请求的http服务器开始,到安装的php模块结束。
似乎没有什么复杂的,提起容器并将端口向前移到外面。但是对于每个容器,您需要指定您需要记住的自己的外部端口,然后将其转移到例如会计师(这也是测试人员),以便他检查所用系统的改进。有时我本人不明白为什么我刚刚修复的脚本无法按预期运行,或者为什么站点完全无法打开。
经过深思熟虑,决定通过前端的HAPRoxy转发所有请求,该前端在端口80和443上可用,并且根据主机名将请求发送到所需的容器。
Docker配置
让我们从docker网络配置开始,因为我们需要控制将分配给容器的网络地址。
创建带有子网的Docker网络。必须指定子网以将请求从HAProxy发送到特定的ip地址,以便在某些容器未运行的情况下域名解析不会出现问题。
docker network create develop --subnet=172.20.0.0/16
ip docker-compose.yml :
networks:
default:
external:
name: develop
, HAProxy, ip-.
networks:
default:
ipv4_address: 172.20.1.1
https
HAProxy https .
, HAProxy.
- (key)
sudo openssl genrsa -out site.key 2048
- Certificate Signing Request (csr)
sudo openssl req -new -key site.key -out site.csr
- (crt)
sudo openssl x509 -req -days 365 -in site.csr -signkey site.key -out site.crt
- (pem)
sudo bash -c 'cat site.key site.crt >> site.pem'
HAProxy.
, HAProxy Docker.
haproxy.cfg docker-compose.yml.
, . , HAProxy docker-compose.
HAPRoxy
HAProxy 80 443, , , 80 . https.
443 .
HAProxy frontend , .
frontend , backend.
Backend, , .
defaults .
docker HAProxy /usr/local/etc/haproxy/haproxy.cfg
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http_frontend
bind *:80
redirect scheme https if !{ ssl_fc }
frontend https_frontend
bind *:443 ssl crt /etc/ssl/certs/site.pem
acl is_microbase hdr_end(host) -i microbase.localhost
use_backend microbase if is_microbase
acl is_coordinator hdr_end(host) -i coordinator.localhost
use_backend coordinator if is_coordinator
backend microbase
server microbase 172.20.1.1:80 check
backend coordinator
server coordinator 172.20.1.2:80 check
docker-compose.yml
docker docker-compose, yml .
microbase.localhost coordinator.localhost HAProxy.
c HAProxy .
docker-compose docker-compose.yml .
-f.
docker-compose -f. , .
version: "3"
services:
microbase:
image: "inblank/php7.4-apache"
volumes:
- ./microbase:/var/www
networks:
default:
ipv4_address: 172.20.1.1
coordinator:
image: "inblank/php7.4-apache"
volumes:
- ./coordinator:/var/www
networks:
default:
ipv4_address: 172.20.1.2
haproxy:
image: "haproxy:2.2-alpine"
ports:
- 80:80
- 443:443
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
- ./cert.pem:/etc/ssl/certs/site.pem
networks:
default:
external:
name: develop
siege 25 . 1- .
siege coordinator.localhost -t 1m
php :
<?php
echo "Hello World!";
apache 2.4 php .
Intel Core i5-8250U 1.60GHz, 8 SSD . Linux Mint 20 Cinnamon
.
- 80
HAProxy ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 258084 hits Availability: 100.00 % Elapsed time: 59.39 secs Data transferred: 2.95 MB Response time: 0.01 secs Transaction rate: 4345.58 trans/sec Throughput: 0.05 MB/sec Concurrency: 24.72 Successful transactions: 258084 Failed transactions: 0 Longest transaction: 0.04 Shortest transaction: 0.00
** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 314572 hits Availability: 100.00 % Elapsed time: 59.18 secs Data transferred: 3.60 MB Response time: 0.00 secs Transaction rate: 5315.51 trans/sec Throughput: 0.06 MB/sec Concurrency: 24.64 Successful transactions: 314572 Failed transactions: 0 Longest transaction: 0.11 Shortest transaction: 0.00
~18%.
- 80 443
HAProxy ** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 114804 hits Availability: 100.00 % Elapsed time: 59.44 secs Data transferred: 0.66 MB Response time: 0.01 secs Transaction rate: 1931.43 trans/sec Throughput: 0.01 MB/sec Concurrency: 24.78 Successful transactions: 114824 Failed transactions: 0 Longest transaction: 1.03 Shortest transaction: 0.00
** SIEGE 4.0.4 ** Preparing 25 concurrent users for battle. The server is now under siege... Lifting the server siege... Transactions: 134364 hits Availability: 100.00 % Elapsed time: 59.80 secs Data transferred: 19.99 MB Response time: 0.01 secs Transaction rate: 2246.89 trans/sec Throughput: 0.33 MB/sec Concurrency: 24.74 Successful transactions: 134374 Failed transactions: 0 Longest transaction: 0.08 Shortest transaction: 0.00
~14.5%.
不出所料,将解决方案与HAProxy一起使用时性能会下降,但是在开发站点和提供对测试程序集的访问过程中使用此配置并不重要。