运行Nginx和PHP-FPM作为具有共享卷的Docker中的分离容器
我想在两个不同的容器中启动NGINX和PHP-FPM,共享一个卷以让Nginx服务该应用程序。我发现的所有解决方案都包括直接在Docker-composer文件中作为卷共享源。
volumes:
- ./:/var/www
我不想实现此解决方案,因为我认为仅是用于发展阶段的。我有一个私有的Docker映像,其中包含源代码并在端口9000上公开php-fpm。我想到的解决方案在于将以下参数添加到NGINX和PHP-FPM容器中。
volumes:
- code:/var/www/html
代码是Docker-Composer文件中已经指定的卷。因此,最终结果应该是类似的:
version: "3.6"
networks:
inside:
external: false
volumes:
code:
driver: local
services:
server:
image: nginx:1.17-alpine
ports:
- "80:80"
volumes:
- code:/var/www/html
- ./nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- app
networks:
- inside
restart: always
app:
image: PRIVATE_IMAGE
volumes:
- code:/var/www/html
networks:
- inside
restart: always
问题是关于权限的:当我尝试加载应用程序时,由于cache在应用程序中的文件夹不写时,我会收到否认。
您知道解决这个问题的最清晰方法吗?
I would like to start NGINX and PHP-FPM in two different containers sharing a volume to let NGINX serve the app. All solutions I've found include sharing the source directly as a volume in the docker-composer file.
volumes:
- ./:/var/www
I don't want to implement this solution as I believe is just for the developing phase. I have a private Docker image that contains the source code and exposes php-fpm on port 9000. The solution I have in mind consists in adding the following parameter to both nginx and php-fpm containers.
volumes:
- code:/var/www/html
code is a volume already specified in the docker-composer file. Thus, the final result should be something like:
version: "3.6"
networks:
inside:
external: false
volumes:
code:
driver: local
services:
server:
image: nginx:1.17-alpine
ports:
- "80:80"
volumes:
- code:/var/www/html
- ./nginx.conf:/etc/nginx/conf.d/default.conf
depends_on:
- app
networks:
- inside
restart: always
app:
image: PRIVATE_IMAGE
volumes:
- code:/var/www/html
networks:
- inside
restart: always
The issue is about permissions: when I try to load the app since the cache folder inside the app is not writable, I receive Permission denied.
Do you know the clearest way to solve this issue?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
命名卷本身并不是将文件从一个容器发布到另一个容器的可靠方法。查看这一点的最简单方法是在您的
html目录中进行一些更改并运行Docker-Compose build build; docker -compose -d。在这种情况下,您会看到的是,代码卷的旧内容无需更新而在NGINX容器中使用,实际上该卷的旧内容隐藏在您的应用程序容器中。对于不称为卷的Docker的东西,包括Docker Bind-Mounts和Kubernetes卷,您将获得一个空的目录,其中没有任何复制。解决此问题的绝对最简单方法是让应用程序提供自己的静态资产。执行此操作的机制是特定于框架的(而且我在PHP方面不太熟悉),但是如果您可以做到这一点,那么您的Nginx配置只有一个
proxy_pass或fastcgi_pass 指令,并且没有任何文件可以使用。这消除了对此卷的需求。如果这不是一个选项,那么您可以为包括静态资产的反向代理创建第二个图像。
现在,您不是“共享文件” 本身本身,但是应用程序和反向代理都包含相同的静态文件从同一源树中构建的相同的静态文件。这意味着您不需要
卷:撰写设置中的,除了做诸如注入配置之类的事情外。 (复制也可能是合理的。)Named volumes, on their own, are not a reliable way to publish files from one container to another. The easiest way to see this is to make some change in your
htmldirectory and rundocker-compose build; docker-compose up -d. What you'll see in this case is that the old contents of thecodevolume are used in the Nginx container without updates, and in fact the old contents of the volume hide the updated code in your application container. For things that aren't Docker named volumes, including Docker bind-mounts and Kubernetes volumes, you'll just get an empty directory with nothing copied into it.The absolute easiest way to address this is to let the application serve its own static assets. The mechanism to do this is framework-specific (and I'm not well-versed in PHP), but if you can do this then your Nginx configuration just has a
proxy_passorfastcgi_passdirective, and it doesn't have any files on its own to serve. That eliminates the need for this volume.If that's not an option, then you can create a second image for the reverse proxy that includes the static assets.
Now you're not "sharing files" per se, but the application and the reverse proxy both contain the same static files built from the same source tree. This means you don't need
volumes:in the Compose setup, except maybe to do things like inject configuration. (It's likely reasonable toCOPYthis into the image as well.)