Начинаем с dockerfile, берём за основу Centos 7:
1 2 3 4 |
FROM centos:7 as builder RUN yum -y update RUN yum-y install epel-release WORKDIR /opt |
Добавляем в основу файлы установки, устанавливаем и удаляем. Получаем образ одинэс:
1 2 3 4 5 6 7 8 9 10 |
FROM builder AS app COPY opt/*.tar.gz /opt/ ARG ver1c RUN yum -y install cabextract lcms2 RUN yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm RUN tar zxf *.tar.gz && /opt/*.run --mode unattended --enable-components server && rm /opt/*.* -rf RUN mkdir /var/log/1c/ RUN ln -s /opt/1cv8/x86_64/$ver1c/srv1cv83 /etc/init.d/srv1cv83 RUN ln -s /opt/1cv8/x86_64/$ver1c/srv1cv83.conf /etc/sysconfig/srv1cv83 CMD chown usr1cv8: -R /home/usr1cv8 && chown usr1cv8: -R /var/log/1c && /etc/init.d/srv1cv83 start && /bin/bash |
К основе добавляем установку Postgres 13 от 1С, получаем образ базы:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
FROM builder AS db COPY opt/*.tar.bz2 /opt/ ARG verpg ARG passpg RUN yum -y install centos-release-scl-rh bzip2 RUN for f in *.tar.bz2; do tar jxf "$f"; done && yum -y localinstall /opt/*/* && rm /opt/postgres* -rf && rm /opt/*.* -rf RUN sed -i '/en_US/d' /etc/yum.conf RUN yum -y reinstall glibc-common RUN echo $passpg > /opt/password RUN chown postgres:postgres /opt/password RUN chmod 600 /opt/password RUN echo "/usr/pgsql-$verpg/bin/initdb -D /var/lib/pgsql/$verpg/data/ --locale=ru_RU.UTF8 -A md5 --pwfile=/opt/password" > /opt/run RUN echo "/usr/pgsql-$verpg/bin/pg_ctl -D /var/lib/pgsql/$verpg/data/ start" >> /opt/run RUN echo "PGPASSWORD=$passpg psql -U postgres" >> /opt/run RUN chown postgres:postgres /opt/run RUN chmod +x /opt/run CMD chown -R postgres:postgres /var/lib/pgsql/ && su postgres -c '/opt/run' |
К основе добавляем апач и веб компоненты 1С, получаем образ морды:
1 2 3 4 5 6 |
FROM builder AS web COPY opt/*.tar.gz /opt/ ARG ver1c RUN yum -y install httpd mod_ssl RUN tar zxf *.tar.gz && /opt/*.run --mode unattended --enable-components ws && rm /opt/*.* -rf CMD /usr/sbin/httpd -D FOREGROUND |
Переходим к docker compose. Собираем всё плюс traefik ну и prometheus с grafana в придачу:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
services: web: image: dockerweb container_name: dockerweb hostname: dockerweb tty: true build: context: . target: web args: ver1c: 8.3.20.1710 volumes: - ./html:/var/www/html - ./conf.d:/etc/httpd/conf.d labels: - traefik.enable=true # router dockerweb - traefik.http.routers.dockerweb.entrypoints=http - traefik.http.routers.dockerweb.rule=Host(`docker1c.domain.com`) # router dockerwebs - traefik.http.routers.dockerwebs.entrypoints=https - traefik.http.routers.dockerwebs.rule=Host(`docker1c.domain.com`) - traefik.http.routers.dockerwebs.tls=true - traefik.http.routers.dockerwebs.tls.certresolver=letsEncrypt # service dockerweb-service - traefik.http.services.dockerweb-service.loadbalancer.server.port=80 # redirect to https - traefik.http.middlewares.http-https.redirectscheme.scheme=https - traefik.http.middlewares.http-https.redirectscheme.permanent=true - traefik.http.routers.dockerweb.middlewares=http-https # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g - traefik.http.middlewares.ae-auth.basicauth.users=admin:$$apr1$$M4FznZqL$$dPp1rY0Mvlloam5PDVeU01 - traefik.http.routers.dockerwebs.middlewares=ae-auth - traefik.http.routers.dockerweb.middlewares=ae-auth db: image: dockerpg container_name: dockerpg hostname: dockerpg tty: true build: context: . target: db args: verpg: 13 passpg: 12345 volumes: - ./data:/var/lib/pgsql/13/data app: image: docker1c container_name: docker1c hostname: docker1c tty: true build: target: app context: . args: ver1c: 8.3.20.1710 depends_on: - db volumes: - ./usr1cv8:/home/usr1cv8 - ./1c:/var/log/1c labels: - traefik.enable=true - traefik.tcp.routers.docker1c1540.rule=HostSNI(`*`) - traefik.tcp.routers.docker1c1540.entrypoints=c1540 - traefik.tcp.routers.docker1c1540.service=docker1c1540-service - traefik.tcp.services.docker1c1540-service.loadbalancer.server.port=1540 - traefik.tcp.routers.docker1c1541.rule=HostSNI(`*`) - traefik.tcp.routers.docker1c1541.entrypoints=c1541 - traefik.tcp.routers.docker1c1541.service=docker1c1541-service - traefik.tcp.services.docker1c1541-service.loadbalancer.server.port=1541 traefik: image: traefik container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true ports: - 80:80 - 443:443 - 1540:1540 - 9090:9090 - 9000:9000 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./ae/traefik.yml:/traefik.yml:ro - ./ae/custom/:/custom/:ro - ./ae/acme.json:/acme.json labels: - traefik.enable=true - traefik.http.routers.ae.entrypoints=https - traefik.http.routers.ae.rule=Host(`ku.domain.com`) - traefik.http.routers.ae.tls=true - traefik.http.routers.ae.tls.certresolver=letsEncrypt - traefik.http.routers.ae.service=api@internal - traefik.http.services.dashboard.loadbalancer.server.port=888 metrics: image: prom/prometheus container_name: prometheus restart: unless-stopped volumes: - ./prom/prometheus.yml:/etc/prometheus/prometheus.yml labels: - traefik.enable=true - traefik.http.routers.prom.entrypoints=prom - traefik.http.routers.prom.rule=Host(`ku.domain.com`) #- traefik.http.routers.prom.tls=true #- traefik.http.routers.prom.tls.certresolver=letsEncrypt - traefik.http.routers.prom.service=prom-service - traefik.http.services.prom-service.loadbalancer.server.port=9090 graf: image: grafana/grafana container_name: grafana restart: unless-stopped labels: - traefik.enable=true - traefik.http.routers.graf.entrypoints=graf - traefik.http.routers.graf.rule=Host(`ku.domain.com`) - traefik.http.routers.graf.service=graf-service - traefik.http.services.graf-service.loadbalancer.server.port=3000 |
В ./opt нужно положить дистрибутивы, например:
postgresql_13.4_6.1C_x86_64_addon_rpm.tar.bz2
postgresql_13.4_6.1C_x86_64_rpm.tar.bz2
server64_8_3_20_1710.tar.gz
В ./data расположится база, сюда нужно будет положить postgresql.conf и pg_hba.conf
В ./usr1cv8 настройки кластера 1С
В ./html ссылки default.vrd на базы 1С
В ./conf.d настройка апача, в ./ae трафика
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
entryPoints: http: address: ":80" https: address: ":443" metrics: address: ":8082" c1540: address: ":1540" c1541: address: ":1541" prom: address: ":9090" graf: address: ":9000" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: directory: /custom watch: true certificatesResolvers: letsEncrypt: acme: email: postmaster@domain.com storage: acme.json caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" httpChallenge: entryPoint: http api: dashboard: true metrics: prometheus: entryPoint: metrics |