我在更新以生产模式运行的 VueJS 应用程序时遇到问题。每次而不只是运行
docker-compose up --build
我应该做
docker-compose down
docker volume rm mkstat_frontend_dist
docker-compose up --build
而且这期间有很多停机时间,所以想解决这个问题。我知道这是因为体积,但不知道如何解决这个问题。 我试过只删除这个卷,然后 nginx 响应
“/app/dist/”的目录索引被禁止
这是我的应用结构:
.
├── docker/
├── docker-compose.back.yml
├── docker-compose.dev.yml
├── docker-compose.yml
├── fresh_dump.sql
├── init-letsencrypt.sh
├── mkstat_backend/
├── mkstat_frontend/
├── redis.conf
这是我的产品 docker-compose 文件:
docker-compose.yml
version: "3.8"
services:
backend:
container_name: backend
restart: always
build:
context: ./mkstat_backend
dockerfile: Dockerfile.prod
volumes:
- static:/app/static
- media:/app/media
env_file:
- ./mkstat_backend/.env.prod
depends_on:
- db
db:
container_name: db
restart: always
build:
context: ./docker/postgres
dockerfile: Dockerfile
volumes:
- pgdata:/var/lib/postgresql/data/
ports:
- "5432:5432"
env_file:
- ./mkstat_backend/.env.prod
frontend:
container_name: frontend
build:
context: ./mkstat_frontend
dockerfile: Dockerfile.prod
volumes:
- frontend_dist:/app/dist
depends_on:
- backend
nginx:
image: nginx:alpine
restart: unless-stopped
command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./docker/certbot/conf:/etc/letsencrypt
- ./docker/certbot/www:/var/www/certbot
- static:/var/html/static
- media:/var/html/media
- frontend_dist:/app/dist
depends_on:
- backend
- frontend
certbot:
container_name: certbot
image: certbot/certbot
restart: unless-stopped
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
- ./docker/certbot/conf:/etc/letsencrypt
- ./docker/certbot/www:/var/www/certbot
redis:
image: redis:latest
restart: always
container_name: redis
command: [
"bash",
"-c",
"
redis-server
--requirepass $${REDIS_PASS}
",
]
volumes:
- redis:/var/lib/redis/data
- ./redis.conf:/usr/local/etc/redis/redis.conf
ports:
- "6379"
env_file:
- ./mkstat_backend/.env.prod
worker:
build:
context: ./mkstat_backend
command: celery -A mkstat worker -B -l info -s /tmp/celerybeat-schedule
restart: always
container_name: celery
depends_on:
- db
- redis
- backend
volumes:
- ./mkstat_backend:/app
env_file:
- ./mkstat_backend/.env.prod
volumes:
pgdata:
static:
media:
frontend_dist:
redis:
Vue Dockerfile:
FROM node:lts-alpine as build
WORKDIR /app
ENV PATH /app/node_modules/.bin:$PATH
COPY package.json /app/package.json
RUN npm install --silent
RUN npm install @vue/cli@4.5.13 -g
COPY . /app
RUN npm run build
最佳答案
长话短说
docker-compose down
docker volume rm mkstat_frontend_dist
docker-compose up --build
... 不是最优的,因为服务将在构建期间关闭。构建时不需要删除服务,因此:
docker-compose build
docker-compose down
docker volume rm mststat_frontend_dist
docker-compose up -d
...效率会稍高一些,因为服务只会脱机以清除旧容器和卷,然后将从预构建的镜像创建新容器。
据我所知,不需要支持 dist
文件的卷,您可以将其删除。部署中提供的 dist
文件将是构建在镜像中的文件,而无需在每次重新部署时删除卷。
如果您将图像推送到 Docker Hub或其他 docker registry 那么图像已经构建,您不需要在重新部署期间重新构建。您的流程可能如下所示:
- 在您的 PC 上构建 docker 镜像
- 将 docker 镜像推送到 docker registry
- 拉取服务器上的docker镜像
docker-compose down
移除旧容器的服务docker-compose up -d
从镜像启动新容器
对于 nginx 的生产部署,这是我用作基础的示例配置:
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
client_max_body_size 0;
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
upstream web {
server web:80 max_fails=3;
}
server {
listen *:80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'self';";
server {
listen *:443 ssl http2;
listen [::]:443 ssl http2;
server_name *.example.com example.com;
charset utf-8;
error_page 404 = @notfound;
server_tokens off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
resolver 127.0.0.11 1.1.1.1 8.8.8.8 8.8.4.4 valid=86400s;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
error_page 404 = @notfound;
location @notfound {
return 301 /;
}
location /healthz {
allow 127.0.0.1;
deny all;
stub_status;
}
location / {
proxy_http_version 1.1;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://web/;
}
}
}
The
nginx.conf
example is the result of a few third-party pentests, e.g.server_tokens
(Default: on) will be flagged, allowing old versions of TLS/SSL will be flagged, not setting theContent-Security-Policy
header will be flagged, etc.
关于docker - 在不停机的情况下更新生产中正在运行的 VueJs 应用程序时遇到问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70049895/