跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

推荐的帖子

构建nginx资源

       创建nginx配置文件

root@deploy:/dockerfile/project/nginx# cat nginx.conf 
user  nginx;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

#daemon off;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    client_max_body_size 10M;
    client_body_buffer_size 16k;
    gzip  on;


    server {
        listen       80;
        server_name  blogs.magedu.net;

        location / {
            root    html/wordpress;
            index   index.php index.html index.htm;
        }

        location ~ \.php$ {
            root           html/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             include        fastcgi_params;
        }

    }

}

 

       创建nginx运行脚本

root@deploy:/dockerfile/project/nginx# cat run_nginx.sh 
#!/bin/bash
/usr/local/nginx/sbin/nginx
tail -f /usr/local/nginx/logs/access.log /usr/local/nginx/logs/error.log

 

       创建nginx业务镜像Dockerfile

root@deploy:/dockerfile/project/nginx# cat Dockerfile 
FROM harbor.cncf.net/web/nginx:1.20.2 

ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD run_nginx.sh /usr/local/nginx/sbin/run_nginx.sh
RUN mkdir /usr/local/nginx/html/wordpress
RUN chown nginx.nginx /usr/local/nginx/html/wordpress/ -R

EXPOSE 80 443

CMD ["/usr/local/nginx/sbin/run_nginx.sh"]

 

       创建构建脚本

root@deploy:/dockerfile/project/nginx# cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t  harbor.cncf.net/project/wordpress-nginx:${TAG} .

docker push  harbor.cncf.net/project/wordpress-nginx:${TAG}

 

构建php镜像

       创建Dockerfile

root@deploy:/dockerfile/project/php# cat Dockerfile 
FROM harbor.cncf.net/os/centos:7.9

RUN useradd nginx

RUN yum install -y  https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm && yum install  php56-php-fpm php56-php-mysql -y 
ADD www.conf /opt/remi/php56/root/etc/php-fpm.d/www.conf
ADD run_php.sh /usr/local/bin/run_php.sh
EXPOSE 9000

CMD ["/usr/local/bin/run_php.sh"]

 

       创建php-fpm容器运行脚本

root@deploy:/dockerfile/project/php# cat run_php.sh 
#!/bin/bash
#echo "nameserver 10.20.254.254" > /etc/resolv.conf

/opt/remi/php56/root/usr/sbin/php-fpm
#/opt/remi/php56/root/usr/sbin/php-fpm --nodaemonize
tail -f /etc/hosts

 

       创建php-fpm运行配置文件

root@deploy:/dockerfile/project/php# grep -Ev "^;|^$" www.conf 
[www]
user = nginx
group = nginx
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /opt/remi/php56/root/var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /opt/remi/php56/root/var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /opt/remi/php56/root/var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /opt/remi/php56/root/var/lib/php/wsdlcache

 

       创建镜像构建脚本

root@deploy:/dockerfile/project/php# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.cncf.net/project/wordpress-php-5.6:${TAG} .
docker push harbor.cncf.net/project/wordpress-php-5.6:${TAG}

 

创建wordpress资源

       准备nfs共享目录

root@harbor:/data/k8sdata# mkdir /data/k8sdata/wordpress
root@harbor:/data/k8sdata/wordpress# cat /etc/exports
/data/volumes2 *(rw,sync,no_root_squash)
root@harbor:/data/k8sdata/wordpress# exportfs -r

 

       准备wordpress站点文件

       下载wordpress

root@harbor:/data/k8sdata/wordpress# wget https://cn.wordpress.org/wordpress-5.0.16-zh_CN.tar.gz
root@harbor:/data/k8sdata/wordpress# tar xf wordpress-5.0.16-zh_CN.tar.gz 
root@harbor:/data/k8sdata/wordpress# mv wordpress/* .
root@harbor:/data/k8sdata/wordpress# rm -fr wordpress
root@harbor:/data/k8sdata/wordpress# rm -f wordpress-5.0.16-zh_CN.tar.gz

 

       获取nginx用户uid和gid并给与nfs站点目录相应权限

       k8s节点查看用户属主属组对应uid和gid号

root@deploy:/dockerfile/project/php# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-php -- id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
root@deploy:/dockerfile/project/php# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-nginx -- id nginx
uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)

 

       nfs-server设置查看NFS共享目录赋予wordpress容器用户和组权限

root@harbor:/data/k8sdata# chown 1000.1000 -R wordpress

 

       创建namespace命名空间

root@deploy:/dockerfile/project/wordpress# kubectl create ns wordpress
namespace/wordpress created

 

       准备wordpress yaml资源文件

root@deploy:/dockerfile/project# cat wordpress/wordpress.yaml 
kind: Deployment
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-deployment
  namespace: wordpress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress-app
  template:
    metadata:
      labels:
        app: wordpress-app
    spec:
      containers:
      - name: wordpress-app-nginx
        image: harbor.cncf.net/project/wordpress-nginx:1.0 
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          protocol: TCP
          name: http
        - containerPort: 443
          protocol: TCP
          name: https
        volumeMounts:
        - name: wordpress
          mountPath: /usr/local/nginx/html/wordpress
          readOnly: false

      - name: wordpress-app-php
        image: harbor.cncf.net/project/wordpress-php-5.6:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 9000
          protocol: TCP
          name: http
        volumeMounts:
        - name: wordpress
          mountPath: /usr/local/nginx/html/wordpress
          readOnly: false

      volumes:
      - name: wordpress
        nfs:
          server: 192.168.100.15
          path: /data/k8sdata/wordpress 

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-spec
  namespace: wordpress
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30031
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
    nodePort: 30033
  selector:
    app: wordpress-app

 

       查看资源创建

root@deploy:/dockerfile/project# kubectl get pods
root@deploy:/dockerfile/project# kubectl get svc

2052820-20220819214115727-1874643448.png

 

  配置数据库验证数据库地址

       数据库mysql主库全名称DNS地址:mysql-0.mysql.mysql-test.svc.cluster.local,pod名称.service名称.名称空间.svc.集群名称

root@deploy:/dockerfile/project/wordpress# kubectl exec -it wordpress-app-deployment-78cfdc88f7-psvc4 -c wordpress-app-nginx -- bash -c "ping mysql-0.mysql.mysql-test.svc.cluster.local"
PING mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8) 56(84) bytes of data.
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=1 ttl=62 time=0.236 ms
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=2 ttl=62 time=0.527 ms
64 bytes from mysql-0.mysql.mysql-test.svc.cluster.local (10.200.104.8): icmp_seq=3 ttl=62 time=0.705 ms
^C
--- mysql-0.mysql.mysql-test.svc.cluster.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 0.236/0.489/0.705/0.193 ms

2052820-20220819214149336-806738551.png

 

数据库添加wordpress账户权限

root@deploy:~# kubectl exec -it -n mysql-test mysql-0 -c mysql -- bash
root@mysql-0:/# mysql -u root -p123456 -P3360
mysql> grant all on wordpress.* to "wordpress"@"%" identified by 'wordpress123456';
mysql> create database wordpress;

2052820-20220819214241881-23154469.png

      

  客户端访问wordpress

2052820-20220819214305066-1456748302.png

    

     由于mysql端口是非默认3306,所以需要修改wordpress数据库连接php代码文件

       输入数据库名称 wordpress

       输入用户名 wordpress

       输入密码 wordpress123456

       输入数据库主机为k8s 创建的mysql主库全名称:端口号mysql-0.mysql.mysql-test.svc.cluster.local:3360

2052820-20220819214341368-1595249193.png

      

  返回浏览器刷新页面开始配置页面信息

2052820-20220819214410766-2089610507.png

 

2052820-20220819214430459-723040176.png

      

  登录账户

2052820-20220819214452588-795848856.png

      

  创建完成

2052820-20220819214514953-273881710.png

 

链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...