Docker部署CRMEB多商户版再优化

不说费话，上一篇已经讲过了，直接上代码。

Dockerfile：

# 使用官方的Ubuntu 24.04镜像作为基础镜像
FROM ubuntu:24.04

# 设置环境变量以避免交互式配置工具
ENV DEBIAN_FRONTEND=noninteractive

# 设置时区
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    echo "Asia/Shanghai" > /etc/timezone

RUN mkdir -p /usr/src/swoole
COPY swoole-src/swoole-src-4.8.13 /usr/src/swoole

# 更新包列表并安装必要的软件包
RUN apt-get update && \
    apt-get install -y software-properties-common ca-certificates supervisor && \
    add-apt-repository ppa:ondrej/php && \
    apt-get update && \
    apt-get install -y \
        php7.4 \
        php7.4-cli \
        php7.4-fpm \
        php7.4-dev \
        php7.4-bcmath \
        php7.4-soap \
        php7.4-intl \
        php7.4-readline \
        php7.4-ldap \
        php7.4-msgpack \        
        php7.4-igbinary \
        php7.4-mysql \
        php7.4-pgsql \
        php7.4-gd \
        php7.4-imagick \
        php7.4-curl \
        php7.4-mbstring \
        php7.4-xml \
        php7.4-zip \
        php7.4-redis \
        php7.4-memcached \
        php7.4-amqp \
        git \
        unzip \
        curl \
        openssl \
        libssl-dev \
        libcurl4-openssl-dev \
    && cd /usr/src/swoole \
    && phpize \
    && ./configure --enable-openssl --enable-sockets --enable-http2 --enable-swoole-json --enable-swoole-curl  \
    && make -j$(nproc) \
    && make install \
    && echo "extension=swoole.so" > /etc/php/7.4/mods-available/swoole.ini \
    && phpenmod swoole \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
    && apt-get -y autoremove \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/src/swoole

COPY swoole_loader74.so /usr/lib/php/20190902
RUN echo "extension=swoole_loader74.so" > /etc/php/7.4/mods-available/swoole_loader.ini \
    && phpenmod swoole_loader 

# 确保目录存在
RUN mkdir -p /run/php \
    && chown -R www-data:www-data /run/php

# 设置工作目录
WORKDIR /var/www/html

# 设置权限
RUN chown -R www-data:www-data /var/www/html

# 配置 Supervisor
COPY supervisord.conf /etc/supervisord.conf

# 暴露默认的PHP-FPM端口
EXPOSE 8324

# 启动 Supervisor
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

supervisord.conf文件：

[supervisord]
nodaemon=true
logfile=/var/log/nginx/supervisord.log
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)

[unix_http_server]
file=/var/run/supervisor.sock   ; (the path to the socket file)
chmod=0700                       ; sockef file mode (default 0700)

[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket

[rpcinterface:supervisor]
supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface  

[program:crmeb-queue]
command=/usr/bin/php7.4 /var/www/html/think queue:listen --tries=2
autostart=true
autorestart=true
stdout_logfile=/var/log/nginx/crmeb-queue.stdout.log
stderr_logfile=/var/log/nginx/crmeb-queue.stderr.log

[program:crmeb-swoole]
command=/usr/bin/php7.4 /var/www/html/think swoole restart
autostart=true
autorestart=true
stdout_logfile=/var/log/nginx/crmeb-swoole.stdout.log
stderr_logfile=/var/log/nginx/crmeb-swoole.stderr.log

编译镜像：

docker build -t crmeb_mer/PHP74:latest .

创建容器：

docker run -itd --name=crmeb-mer \

            -v /data/www/crmeb_mer:/var/www/html \

            -v /data/log/crmeb:/var/log/nginx \

            -p 8324:8324 \

            my-crmeb:7.4

宿主机做反向代理，nginx中创建站点：

server {
    listen       80;
    server_name  mall.myweb.net;
    root /data/www/crmeb_mer/public;
    index index.php;

    charset utf-8;

    #access_log  /var/log/nginx/host.access.log  main;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #

#PROXY-START/

location ^~ /
{
    proxy_pass http://127.0.0.1:8324;
    proxy_http_version 1.1;
    proxy_read_timeout 360s;   
    proxy_redirect off; 
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;

    add_header X-Cache $upstream_cache_status;

    #Set Nginx Cache


    set $static_fileLzXnun8E 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_fileLzXnun8E 1;
        expires 12h;
    }
    if ( $static_fileLzXnun8E = 0 )
    {
        add_header Cache-Control no-cache;
    }
}

#PROXY-END/


    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.(?!well-know).* {
        deny  all;
    }

    #HTTPS的默认访问端口443。
    #如果未在此处配置HTTPS的默认访问端口，可能会造成Nginx无法启动。
    listen 443 ssl;
 
    #填写证书文件绝对路径
    ssl_certificate cert/jihmall.myweb.net.pem;
    #填写证书私钥文件绝对路径
    ssl_certificate_key cert/mall.myweb.net.key;
 
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
         
    #自定义设置使用的TLS协议的类型以及加密套件（以下为配置示例，请您自行评估是否需要配置）
    #TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

    #表示优先使用服务端加密套件。默认开启
    ssl_prefer_server_ciphers on;

}

-结束-