このページは Docker および Docker Compose を使って、コンテナによるサーバアプリケーションの構築手順についてまとめたものである。内容としては docker-compose.yml ファイルの記述をメインにしているため、細かい設定の説明などは端折っています。
docker コマンドはデフォルトだと root ユーザでしか実行できません。そのため、一般ユーザでも実行できるように設定する必要があります。
例えば、起動ユーザが qurataro で、/home/qurataro に環境を構築すると仮定した場合、 /etc/group に qurataro を追加します。
docker:x:117:qurataro
docker-compose.yml
version'2'
services
confluence
build.
container_name confluence
hostname confluence
restart always
volumes
./confluence_home:/var/atlassian/confluence
./index_home/index:/var/atlassian/confluence/index
/tmp:/tmp
ports
8090:8090
8091:8091
environment
ENABLE_CROWD=0
JVM_MAXIMUM_MEMORY=8g
APPLICATION_NAME=confluence
APPLICATION_PASSWORD=confluence
APPLICATION_LOGIN_URL=https://wiki.example.com/confluence/
# - CROWD_SERVER_URL=https://wiki.happyelements.mydns.jp/crowd/services/
# - CROWD_BASE_URL=https://wiki.happyelements.mydns.jp/crowd/
X_PROXY_NAME=wiki.example.com
X_PROXY_PORT=443
X_PROXY_SCHEME=https
X_PATH=/confluence
CATALINA_OPTS=-Dsynchrony.proxy.enabled=true
LD_LIBRARY_PATH=/lib64
external_links
mysql
networks
default
mysql_default
# - crowd_default
logging
driver"json-file"
options
max-size"1m"
max-file"1"
volumes
tmp
confluence_data
networks
mysql_default
externaltrue
# crowd_default:
# external: true
docker-compose.yml
version'2'
services
jira
image cptactionhank/atlassian-jira
container_name jira
hostname jira
restart always
volumes
./jira_home:/var/atlassian/jira
ports
1080:8080
environment
# - JVM_MAXIMUM_MEMORY=2g
X_PROXY_NAME=example.com
X_PROXY_PORT=80
X_PROXY_SCHEME=http
X_PATH=/
# - LD_LIBRARY_PATH=/lib64
external_links
mysql
networks
default
mysql_default
logging
driver"json-file"
options
max-size"1m"
max-file"1"
volumes
jira_data
networks
mysql_default
externaltrue
MySQL
do
version'3.1'
services
mysql
image mysql5.7
restart always
ttytrue
environment
MYSQL_ROOT_PASSWORD example
volumes
./mysql:/var/lib/mysql
./docker.cnf:/etc/mysql/conf.d/docker.cnf
./backup:/backup
gging
driver"json-file"
options
max-size"1m"
max-file"1"
docker.cnf
[mysqld]
character-set-server=utf8
collation-server=utf8_bin
default-storage-engine=INNODB
max_allowed_packet=1GB
innodb_log_file_size=2GB
transaction-isolation=READ-COMMITTED
binlog_format=row
skip-host-cache
skip-name-resolve
# innodb_force_recovery=1
docker-compose.yml
version'2'
services
nginx
image nginx
restart always
# container_name: nginx
privilegedtrue
ports
80:80
443:443
volumes
./nginx.conf:/etc/nginx/nginx.conf
./conf.d:/etc/nginx/conf.d
./ssl.d:/etc/nginx/ssl.d
./.htpasswd:/var/www/.htpasswd
network_mode host
# networks:
# - default
# - crowi_default
# - gitlab_default
# - jenkins_default
logging
driver"json-file"
options
max-size"1m"
max-file"1"
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
conf.d/server.conf
xxxxxxxxxx
server {
listen 80;
server_name jira.example.com;
location / {
proxy_pass http://127.0.0.1:1080;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
}
}
docker-compose.yml
version"2"
services
master
container_name master
image jenkins/jenkins2.186
ports
8080:8080
50000:50000
volumes
./jenkins_home:/var/jenkins_home
docker-compose.yml
version'3'
services
nginx
image nginx
restart always
privilegedtrue
ports
80:80
443:443
volumes
./nginx.conf:/etc/nginx/nginx.conf
./conf.d:/etc/nginx/conf.d
./ssl.d:/etc/nginx/ssl.d
./.htpasswd:/var/www/.htpasswd
network_mode host
logging
driver"json-file"
options
max-size"1m"
max-file"1"
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events
worker_connections 768;
# multi_accept on;
http
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
conf.d/server.conf
xxxxxxxxxx
server {
listen 80;
server_name jenkins.example.com;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://jenkins.example.com:8080;
#proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90;
#proxy_redirect http://127.0.0.1:8080 https://jenkins.example.com;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.example.com:50022' always;
}
}
server {
listen 443 ssl http2;
server_name jenkins.example.com;
ssl_certificate /etc/nginx/ssl.d/server.pem;
ssl_certificate_key /etc/nginx/ssl.d/private.key;
return 301 http://$host$request_uri;
}
docker-compose.yml
xxxxxxxxxx
version'3'
services
redis
restart always
image sameersbn/redis 4.0.9-2
command --loglevel warning
volumes
redis-data:/var/lib/redis:Z
privilegedtrue
postgresql
restart always
image sameersbn/postgresql 10-2
volumes
postgresql-data:/var/lib/postgresql:Z
privilegedtrue
environment
TZ Asia/Tokyo
DB_USER gitlab
DB_PASS gitlab
DB_NAME gitlabhq_production
DB_EXTENSION pg_trgm
gitlab
restart always
#image: sameersbn/gitlab:12.5.2
image sameersbn/gitlab12.9.2
depends_on
redis
postgresql
ports
"80:80"
"443:443"
"2224:22"
external_links
"registry:heapregistry.example.com"
volumes
#- /srv/docker/gitlab/gitlab:/home/git/data
/datadrive/gitlab:/home/git/data:Z
./certs:/certs
./crt:/crt
privilegedtrue
environment
VIRTUAL_HOST gitlab.example.com
DEBUG'false'
DB_ADAPTER postgresql
DB_HOST postgresql
DB_PORT5432
DB_USER gitlab
DB_PASS gitlab
DB_NAME gitlabhq_production
REDIS_HOST redis
REDIS_PORT6379
TZ Asia/Tokyo
GITLAB_TIMEZONE Tokyo
GITLAB_HTTPS'true'
SSL_SELF_SIGNED'true'
GITLAB_HOST gitlab.example.com
GITLAB_PORT443
GITLAB_SSH_PORT2224
GITLAB_RELATIVE_URL_ROOT
GITLAB_SECRETS_DB_KEY_BASE gitlab
GITLAB_SECRETS_SECRET_KEY_BASE gitlab
GITLAB_SECRETS_OTP_KEY_BASE gitlab
GITLAB_REGISTRY_ENABLED'true'
GITLAB_REGISTRY_HOST heapregistry.example.com
#GITLAB_REGISTRY_PORT: 5000
GITLAB_REGISTRY_PORT5000
GITLAB_REGISTRY_API_URL https //heapregistry.example.com5000
#GITLAB_REGISTRY_ISSUER: gitlab-issuer
#SSL_REGISTRY_KEY_PATH: /crt/gitlab.example.com.key
#SSL_REGISTRY_CERT_PATH: /crt/gitlab.example.com.crt
GITLAB_REGISTRY_CERT_PATH /certs/registry.crt
GITLAB_REGISTRY_KEY_PATH /certs/registry.key
#GITLAB_REGISTRY_CERT_PATH: /crt/gitilab.example.com.crt
#GITLAB_REGISTRY_KEY_PATH: /crt/gitlab.example.com.key
GITLAB_ROOT_PASSWORD
GITLAB_ROOT_EMAIL
GITLAB_NOTIFY_ON_BROKEN_BUILDS'true'
GITLAB_NOTIFY_PUSHER'false'
GITLAB_EMAIL gitlab.example.smtp@gmail.com
GITLAB_EMAIL_REPLY_TO gitlab.example.smtp@gmail.com
GITLAB_INCOMING_EMAIL_ADDRESS gitlab.example.smtp@gmail.com
GITLAB_BACKUP_SCHEDULE daily
GITLAB_BACKUP_EXPIRY604800
GITLAB_BACKUP_TIME 0100
SMTP_ENABLED'true'
SMTP_DOMAIN www.gmail.com
SMTP_HOST smtp.gmail.com
SMTP_PORT587
SMTP_USER gitlab.example.smtp@gmail.com
SMTP_PASS bEQXQ z*r1DI<#08+UH9
SMTP_STARTTLS'true'
SMTP_AUTHENTICATION plain
IMAP_ENABLED'false'
IMAP_HOST imap.gmail.com
IMAP_PORT 993
IMAP_USER mailer@example.com
IMAP_PASS password
IMAP_SSL'true'
IMAP_STARTTLS'false'
OAUTH_ENABLED'false'
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
OAUTH_ALLOW_SSO
OAUTH_BLOCK_AUTO_CREATED_USERS'true'
OAUTH_AUTO_LINK_LDAP_USER'false'
OAUTH_AUTO_LINK_SAML_USER'false'
OAUTH_EXTERNAL_PROVIDERS
OAUTH_CAS3_LABEL cas3
OAUTH_CAS3_SERVER
OAUTH_CAS3_DISABLE_SSL_VERIFICATION'false'
OAUTH_CAS3_LOGIN_URL /cas/login
OAUTH_CAS3_VALIDATE_URL /cas/p3/serviceValidate
OAUTH_CAS3_LOGOUT_URL /cas/logout
OAUTH_GOOGLE_API_KEY
OAUTH_GOOGLE_APP_SECRET
OAUTH_GOOGLE_RESTRICT_DOMAIN
OAUTH_FACEBOOK_API_KEY
OAUTH_FACEBOOK_APP_SECRET
OAUTH_TWITTER_API_KEY
OAUTH_TWITTER_APP_SECRET
OAUTH_GITHUB_API_KEY
OAUTH_GITHUB_APP_SECRET
OAUTH_GITHUB_URL
OAUTH_GITHUB_VERIFY_SSL
OAUTH_GITLAB_API_KEY
OAUTH_GITLAB_APP_SECRET
OAUTH_BITBUCKET_API_KEY
OAUTH_BITBUCKET_APP_SECRET
OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL
OAUTH_SAML_IDP_CERT_FINGERPRINT
OAUTH_SAML_IDP_SSO_TARGET_URL
OAUTH_SAML_ISSUER
OAUTH_SAML_LABEL"Our SAML Provider"
OAUTH_SAML_NAME_IDENTIFIER_FORMAT urn oasis names tc SAML 2.0 nameid-format transient
OAUTH_SAML_GROUPS_ATTRIBUTE
OAUTH_SAML_EXTERNAL_GROUPS
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME
OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME
OAUTH_CROWD_SERVER_URL
OAUTH_CROWD_APP_NAME
OAUTH_CROWD_APP_PASSWORD
OAUTH_AUTH0_CLIENT_ID
OAUTH_AUTH0_CLIENT_SECRET
OAUTH_AUTH0_DOMAIN
OAUTH_AUTH0_SCOPE
OAUTH_AZURE_API_KEY
OAUTH_AZURE_API_SECRET
OAUTH_AZURE_TENANT_ID
gitlab-runner
image gitlab/gitlab-runner v12.9.0
volumes
'/var/run/docker.sock:/var/run/docker.sock'
'./crt:/etc/gitlab-runner/certs'
privilegedtrue
ttytrue
stdin_opentrue
restart always
depends_on
gitlab
registry
#image: registry:2.7.1
image registry 2.7.1
ports
"5000:5000"
volumes
registry-data:/var/lib/registry
./certs:/certs
./crt:/crt
external_links
"gitlab:gitlab.example.com"
privilegedtrue
environment
REGISTRY_LOG_LEVEL info
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY /var/lib/registry
REGISTRY_AUTH_TOKEN_REALM https //gitlab.example.com/jwt/auth
REGISTRY_AUTH_TOKEN_SERVICE container_registry
REGISTRY_AUTH_TOKEN_ISSUER gitlab-issuer
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE /certs/registry.crt
#REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /crt/gitlab.example.com.crt
REGISTRY_STORAGE_DELETE_ENABLED'true'
REGISTRY_HTTP_TLS_CERTIFICATE /certs/registry.crt
#REGISTRY_HTTP_TLS_CERTIFICATE: /crt/gitlab.example.com.crt
REGISTRY_HTTP_TLS_KEY /certs/registry.key
#REGISTRY_HTTP_TLS_KEY: /crt/gitlab.example.com.key
REGISTRY_HTTP_SECRET secret
restart always
volumes
redis-data
postgresql-data
gitlab-data
registry-data
networks
default
external
name ssl_proxy