Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official


KaiWn

Recommended Posts

构建nginx资源

       创建nginx配置文件

root@deploy:/dockerfile/project/nginx# cat nginx.conf 
user  nginx;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#daemon off;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    client_max_body_size 10M;
    client_body_buffer_size 16k;
    gzip  on;


    server {
        listen       80;
        server_name  blogs.magedu.net;

        location / {
            root    html/wordpress;
            index   index.php index.html index.htm;
        }

        location ~ \.php$ {
            root           html/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             include        fastcgi_params;
        }

    }

}

 

       创建nginx运行脚本

root@deploy:/dockerfile/project/nginx# cat run_nginx.sh 
#!/bin/bash
/usr/local/nginx/sbin/nginx
tail -f /usr/local/nginx/logs/access.log /usr/local/nginx/logs/error.log

 

       创建nginx业务镜像Dockerfile

root@deploy:/dockerfile/project/nginx# cat Dockerfile 
FROM harbor.cncf.net/web/nginx:1.20.2 

ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD run_nginx.sh /usr/local/nginx/sbin/run_nginx.sh
RUN mkdir /usr/local/nginx/html/wordpress
RUN chown nginx.nginx /usr/local/nginx/html/wordpress/ -R

EXPOSE 80 443

CMD ["/usr/local/nginx/sbin/run_nginx.sh"]

 

       创建构建脚本

root@deploy:/dockerfile/project/nginx# cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t  harbor.cncf.net/project/wordpress-nginx:${TAG} .

docker push  harbor.cncf.net/project/wordpress-nginx:${TAG}

 

构建php镜像

       创建Dockerfile

root@deploy:/dockerfile/project/php# cat Dockerfile 
FROM harbor.cncf.net/os/centos:7.9

RUN useradd nginx

RUN yum install -y  https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm && yum install  php56-php-fpm php56-php-mysql -y 
ADD www.conf /opt/remi/php56/root/etc/php-fpm.d/www.conf
ADD run_php.sh /usr/local/bin/run_php.sh
EXPOSE 9000

CMD ["/usr/local/bin/run_php.sh"]

 

       创建php-fpm容器运行脚本

root@deploy:/dockerfile/project/php# cat run_php.sh 
#!/bin/bash
#echo "nameserver 10.20.254.254" > /etc/resolv.conf

/opt/remi/php56/root/usr/sbin/php-fpm
#/opt/remi/php56/root/usr/sbin/php-fpm --nodaemonize
tail -f /etc/hosts

 

       创建php-fpm运行配置文件

root@deploy:/dockerfile/project/php# grep -Ev "^;|^$" www.conf 
[www]
user = nginx
group = nginx
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /opt/remi/php56/root/var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /opt/remi/php56/root/var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /opt/remi/php56/root/var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /opt/remi/php56/root/var/lib/php/wsdlcache

 

       创建镜像构建脚本

root@deploy:/dockerfile/project/php# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.cncf.net/project/wordpress-php-5.6:${TAG} .
docker push harbor.cncf.net/project/wordpress-php-5.6:${TAG}

 

创建wordpress资源

       准备nfs共享目录

root@harbor:/data/k8sdata# mkdir /data/k8sdata/wordpress
root@harbor:/data/k8sdata/wordpress# cat /etc/exports
/data/volumes2 *(rw,sync,no_root_squash)
root@harbor:/data/k8sdata/wordpress# exportfs -r

 

       准备wordpress站点文件

       下载wordpress

root@harbor:/data/k8sdata/wordpress# wget https://cn.wordpress.org/wordpress-5.0.16-zh_CN.tar.gz
root@harbor:/data/k8sdata/wordpress# tar xf wordpress-5.0.16-zh_CN.tar.gz 
root@harbor:/data/k8sdata/wordpress# mv wordpress/* .
root@harbor:/data/k8sdata/wordpress# rm -fr wordpress
root@harbor:/data/k8sdata/wordpress# rm -f wordpress-5.0.16-zh_CN.tar.gz

 

       获取nginx用户uid和gid并给与nfs站点目录相应权限

       k8s节点查看用户属主属组对应uid和gid号

root@deploy:/dockerfile/project/php# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-php -- id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
root@deploy:/dockerfile/project/php# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-nginx -- id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)

 

       nfs-server设置查看NFS共享目录赋予wordpress容器用户和组权限

root@harbor:/data/k8sdata# chown 1000.1000 -R wordpress

 

       创建namespace命名空间

root@deploy:/dockerfile/project/wordpress# kubectl create ns wordpress
namespace/wordpress created

 

       准备wordpress yaml资源文件

root@deploy:/dockerfile/project# cat wordpress/wordpress.yaml 
kind: Deployment
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-deployment
  namespace: wordpress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress-app
  template:
    metadata:
      labels:
        app: wordpress-app
    spec:
      containers:
      - name: wordpress-app-nginx
        image: harbor.cncf.net/project/wordpress-nginx:1.0 
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          protocol: TCP
          name: http
        - containerPort: 443
          protocol: TCP
          name: https
        volumeMounts:
        - name: wordpress
          mountPath: /usr/local/nginx/html/wordpress
          readOnly: false

      - name: wordpress-app-php
        image: harbor.cncf.net/project/wordpress-php-5.6:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 9000
          protocol: TCP
          name: http
        volumeMounts:
        - name: wordpress
          mountPath: /usr/local/nginx/html/wordpress
          readOnly: false

      volumes:
      - name: wordpress
        nfs:
          server: 192.168.100.15
          path: /data/k8sdata/wordpress 

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-spec
  namespace: wordpress
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30031
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
    nodePort: 30033
  selector:
    app: wordpress-app

 

       查看资源创建

root@deploy:/dockerfile/project# kubectl get pods
root@deploy:/dockerfile/project# kubectl get svc

2052820-20220819214115727-1874643448.png

 

 

  配置数据库验证数据库地址

       数据库mysql主库全名称DNS地址:mysql-0.mysql.mysql-test.svc.cluster.local,pod名称.service名称.名称空间.svc.集群名称

root@deploy:/dockerfile/project/wordpress# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-nginx -- bash -c "ping mysql-0.mysql.mysql-test.svc.cluster.local"
PING mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8) 56(84) bytes of data.
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=1 ttl=62 time=0.236 ms
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=2 ttl=62 time=0.527 ms
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=3 ttl=62 time=0.705 ms
^C
--- mysql-0.mysql.mysql-test.svc.cluster.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 0.236/0.489/0.705/0.193 ms

2052820-20220819214149336-806738551.png

 

 

数据库添加wordpress账户权限

root@deploy:~# kubectl exec -it -n mysql-test mysql-0 -c mysql -- bash
root@mysql-0:/# mysql -u root -p123456 -P3360
mysql> grant all on wordpress.* to "wordpress"@"%" identified by 'wordpress123456';
mysql> create database wordpress;

2052820-20220819214241881-23154469.png

 

      

  客户端访问wordpress

2052820-20220819214305066-1456748302.png

 

    

     由于mysql端口是非默认3306,所以需要修改wordpress数据库连接php代码文件

       输入数据库名称 wordpress

       输入用户名 wordpress

       输入密码 wordpress123456

       输入数据库主机为k8s 创建的mysql主库全名称:端口号mysql-0.mysql.mysql-test.svc.cluster.local:3360

2052820-20220819214341368-1595249193.png

 

      

  返回浏览器刷新页面开始配置页面信息

2052820-20220819214410766-2089610507.png

 

 

2052820-20220819214430459-723040176.png

 

      

  登录账户

2052820-20220819214452588-795848856.png

 

      

  创建完成

2052820-20220819214514953-273881710.png

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...