ASK-104-WordPress

本案例使用:bot.wuushu.cn

将bot.wuushu.cn域名解析到CNAME的***.cn-hongkong.alb.aliyuncs.com

进入ASK-ALLINONE集群,点击【命名空间与配额】,点击【创建】,创建namespace为wordpress的ns空间

因为我们之前的项目已在同一个集群创建过【存储】下的pv-mntnas-ghost【存储卷】,存储卷类型:NAS,所以本项目不再创建PV。

在宝塔ECS创建/mntNAS/base/wordpress/mysql/data文件夹

点击【配置管理】下【保密字典】,创建Mysql的secret

apiVersion: v1 data: password: d29yZHByZXNzcm9ja3M= kind: Secret metadata: name: wp-mysql-prod-secrets namespace: wordpress type: Opaque

wordpressrocks的64base编码是:d29yZHByZXNzcm9ja3M=

点击【工作负载】下【无状态】,命名空间为【wordpress】,点击【使用镜像创建】

  • 应用名称:【wp-mysql-prod】
  • 副本数量:1
  • 类型:无状态
  • 点击【下一步】
  • 镜像名称:【docker.io/library/mysql】
  • 镜像Tag:【8.0.4】
  • 所需资源:1核2GB
  • 端口新增:名称mysql-port,容器端口3306,协议TCP
  • 环境变量:点击【从镜像元数据中获取】,会出现键值:MYSQL_MAJOR
  • 点击【新增】,保密字典类型,变量名称MYSQL_ROOT_PASSWORD,选择变量/变量引用wp-mysql-prod-secrets/password
  • 启动执行:参数:["–collation-server=utf8mb4_0900_ai_ci"]
  • 在下方数据卷,增加NAS:
    名称:wp-mysql-prod-data
    地址:***.cn-hongkong.extreme.nas.aliyuncs.com
    主机路径:/base/wordpress/mysql/data
    容器路径:/var/lib/mysql

记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/mysql/data

点击【下一步】

创建【服务】wp-mysql-prod-svc,虚拟集群ip,端口名称svcmysqlport,服务端口3306,容器端口3306,协议TCP,点击【创建】

用宝塔ECS查看NAS目录/mntNAS/base/wordpress/mysql/data,看到初始数据创建成功。

点击【工作负载】下的【无状态】,命名空间为【wordpress】,点击wp-mysql-prod

点击容器【终端】,进入命令行

mysql -uroot -p

输入secret密码登录

create database wpbot; flush privileges; ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'wordpressrocks'; flush privileges; show databases;

在宝塔ECS创建/mntNAS/base/wordpress/html文件夹

准备工作:创建配置项Configmap,让容器启动时替换nginx.conf

apiVersion: v1 data: nginx.conf: | user www-data; worker_processes auto; #error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 10240; use epoll; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; server_names_hash_bucket_size 512; server_tokens off; sendfile on; tcp_nopush on; keepalive_timeout 65; types_hash_max_size 4096; gzip on; gzip_min_length 1k; gzip_buffers 16 8k; gzip_comp_level 4; gzip_proxied any; gzip_types text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype application/x-font-ttf application/vnd.ms-fontobject image/x-icon image/svg+xml; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; include /etc/nginx/mime.types; default_type application/octet-stream; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_session_cache shared:SSL:1m; #ssl_session_timeout 10m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_prefer_server_ciphers on; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; include /etc/nginx/conf.d/*.conf; } kind: ConfigMap metadata: name: nginx-conf namespace: wordpress

准备工作:创建配置项Configmap,让容器启动时替换default.conf

apiVersion: v1 data: default.conf: | server { listen 80 default_server; client_max_body_size 2000m; root /var/www/html; server_name bot.wuushu.cn; index index.php; add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *"; location / { try_files $uri $uri/ /index.php?$args; } #REWRITE-START rewrite ^http://bot.wuushu.cn(.*) https://bot.wuushu.cn$1 permanent; #REWRITE-END location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } kind: ConfigMap metadata: name: default-conf namespace: wordpress

一定要加上:

add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";

点击【工作负载】下的【无状态】,命名空间为【wordpress】,点击【使用镜像创建】

  • 应用名称:【wp-prod】
  • 副本数量:1
  • 类型:无状态
  • 点击【下一步】
  • 镜像名称:【docker.io/library/wordpress】
  • 镜像Tag:【php8.1-fpm】
  • 所需资源:1核2GB
  • 在下方数据卷,增加NAS:
    名称:wp-prod-data
    地址:***.cn-hongkong.extreme.nas.aliyuncs.com
    主机路径:/base/wordpress/html
    容器路径:/var/www/html

记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/html

  • 镜像名称:【docker.io/nginx】
  • 镜像Tag:【1.23】
  • 所需资源:1核2GB
  • 端口新增:名称http-port,容器端口80,协议TCP
  • 在下方数据卷:
    增加本地存储,存储卷类型为配置项,挂载源选择default-conf,容器路径为/etc/nginx/conf.d,子路径留空。
    增加本地存储,存储卷类型为配置项,挂载源选择nginx-conf,容器路径为/etc/nginx/nginx.conf,子路径输入nginx.conf
  • 在下方数据卷,增加NAS:
    名称:wp-prod-data
    地址:***.cn-hongkong.extreme.nas.aliyuncs.com
    主机路径:/base/wordpress/html
    容器路径:/var/www/html

记得用宝塔ECS在NAS数据盘创建文件夹/mntNAS/base/wordpress/html

创建【服务】wp-prod-svc,虚拟集群ip
端口名称svcwpport,服务端口80,容器端口80,协议TCP
端口名称svcphpport,服务端口9000,容器端口9000,协议TCP

点击【创建】,等待pod状态变成running

用宝塔ECS查看NAS目录/mntNAS/base/wordpress/html,看到初始数据创建成功。

点击【网络】下【路由】,点击【创建ALB Ingress】

  • 名称:wp-prod-albingress
  • 域名:bot.wuushu.cn
  • 路径:/*
  • 服务名称选择wp-prod-svc,端口80,勾选开启TLS,因为阿里云有证书自动发现功能,所以不用配置ssl,勾选TLS后记得加上自定义注解:alb.ingress.kubernetes.io/ssl-redirect 为 true

进入https://bot.wuushu.cn/index.php
会跳转到https://bot.wuushu.cn/wp-admin/setup-config.php

  • 数据库名:wpbot
  • 用户名:root
  • 密码:wordpressrocks
  • 数据库主机:上面创建的wp-mysql-prod-svc服务的集群ip
  • 表前缀:botwp_

安装成功后,进入wordpress后台插件安装:WPvivid备份插件

千万不要改设置里的url,保持http,不要改成https

点击密钥标签,生成key

将其复制到旧的wp的WPvivid备份插件里,从旧wp迁移到新的bot.wuushu.cn地址

在新wp里面刷新备份&恢复,看到传来的backup,点击【还原】

还原后,进到设置里的常规,看到WP地址和站点地址依然是http的,千万不要改!改成https会导致报错,不改不会影响正常https访问

如果不小心改了,则需要到登录数据库:你的前缀_options表格的siteurl和home这两个option_name的option_value修改回http。

也就是旧wp如果是https,导入还原到新wp,设置依然是http,不用改。

切记,不要使用【WP安全】插件的文件系统权限修改,要去nas目录下手工修改,通过集群安装在nas盘的wordpress,可能owner是33,用户组是node,请手工修改合适的文件和目录权限。

在wp根目录下:
chown -R 33 *
chgrp -R node *

下一篇测试安装一个(几乎)​有状态的宝塔国际版aaPanel。​

后记:Pure YAML for WordPress-FPM-Mysql all in one

need CoreDNS installed

apiVersion: v1 data: password: (这个是root password 的 base64) kind: Secret metadata: name: prod-wp-mysql-secrets namespace: prod-wordpress type: Opaque --- apiVersion: v1 data: init.sql: |- CREATE DATABASE dbname; ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '******'; FLUSH PRIVILEGES; kind: ConfigMap metadata: name: prod-wp-mysql-cm-sqlinit namespace: prod-wordpress --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app: prod-wp-mysql name: prod-wp-mysql namespace: prod-wordpress spec: replicas: 1 selector: matchLabels: app: prod-wp-mysql strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: prod-wp-mysql spec: containers: - args: - '--collation-server=utf8mb4_0900_ai_ci' env: - name: MYSQL_MAJOR value: '8.0' - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: key: password name: prod-wp-mysql-secrets image: 'docker.io/library/mysql:8.0.4' imagePullPolicy: IfNotPresent name: prod-wp-mysql ports: - containerPort: 3306 name: mysql-port protocol: TCP resources: requests: cpu: 250m memory: 512Mi volumeMounts: - mountPath: /docker-entrypoint-initdb.d name: volume-initsql - mountPath: /var/lib/mysql name: volume-mntnas-wp-mysql dnsPolicy: ClusterFirst restartPolicy: Always volumes: - configMap: defaultMode: 420 name: prod-wp-mysql-cm-sqlinit name: volume-initsql - name: volume-mntnas-wp-mysql persistentVolumeClaim: claimName: mntnas-wp-mysql --- apiVersion: v1 kind: Service metadata: name: prod-svc-wp-mysql namespace: prod-wordpress spec: clusterIP: None clusterIPs: - None internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: mysqlport port: 3306 protocol: TCP targetPort: 3306 selector: app: prod-wp-mysql sessionAffinity: None type: ClusterIP status: loadBalancer: {} --- apiVersion: v1 data: nginx.conf: | user www-data; worker_processes auto; #error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 10240; use epoll; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; server_names_hash_bucket_size 512; server_tokens off; sendfile on; tcp_nopush on; keepalive_timeout 65; types_hash_max_size 4096; gzip on; gzip_min_length 1k; gzip_buffers 16 8k; gzip_comp_level 4; gzip_proxied any; gzip_types text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype application/x-font-ttf application/vnd.ms-fontobject image/x-icon image/svg+xml; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; include /etc/nginx/mime.types; default_type application/octet-stream; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; include /etc/nginx/conf.d/*.conf; } kind: ConfigMap metadata: name: nginx-conf namespace: prod-wordpress --- apiVersion: v1 data: default.conf: | server { listen 80 default_server; client_max_body_size 2000m; root /var/www/html; server_name yourdomain; index index.php; add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *"; location / { try_files $uri $uri/ /index.php?$args; } #REWRITE-START rewrite ^http://yourdomain(.*) https://yourdomain$1 permanent; #REWRITE-END location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } kind: ConfigMap metadata: name: default-conf namespace: prod-wordpress --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app: prod-wp name: prod-wp namespace: prod-wordpress spec: replicas: 1 selector: matchLabels: app: prod-wp strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: prod-wp spec: containers: - image: 'docker.io/library/wordpress:php8.1-fpm' imagePullPolicy: IfNotPresent name: prod-wp-0 resources: requests: cpu: 250m memory: 512Mi volumeMounts: - mountPath: /var/www/html name: volume-mntnas-wp - image: 'docker.io/nginx:1.23' imagePullPolicy: IfNotPresent name: prod-wp-1 ports: - containerPort: 80 name: http-port protocol: TCP resources: requests: cpu: 250m memory: 512Mi volumeMounts: - mountPath: /etc/nginx/conf.d name: volume-default-conf - mountPath: /etc/nginx/nginx.conf name: volume-nginx-conf subPath: nginx.conf - mountPath: /var/www/html name: volume-mntnas-wp volumes: - name: volume-mntnas-wp persistentVolumeClaim: claimName: mntnas-wp - configMap: defaultMode: 420 name: default-conf name: volume-default-conf - configMap: defaultMode: 420 name: nginx-conf name: volume-nginx-conf --- apiVersion: v1 kind: Service metadata: name: prod-svc-wp namespace: prod-wordpress spec: clusterIP: None clusterIPs: - None internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: svcwpport port: 80 protocol: TCP targetPort: 80 - name: svcphpport port: 9000 protocol: TCP targetPort: 9000 selector: app: prod-wp sessionAffinity: None type: ClusterIP status: loadBalancer: {} --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: alb.ingress.kubernetes.io/ssl-redirect: 'true' kubernetes.io/ingress.class: alb name: prod-wp-albingress namespace: prod-wordpress spec: rules: - host: yourdomain http: paths: - backend: service: name: prod-wp-svc port: number: 80 path: /* pathType: ImplementationSpecific tls: - hosts: - yourdomain status: loadBalancer: ingress: - hostname: ***.alb.aliyuncs.com

if restore from WP duplicator lite plugin, you must replace URL https with http when using installer.php(after connected to db) [URL, Scan Options Site URL, both need to be http]

进入https://domain/index.php
会跳转到https://domain/wp-admin/setup-config.php

数据库名:dbname
用户名:root
密码:***
数据库主机:上面创建的prod-svc-wp-mysql服务的集群内部端点(no ip)
表前缀:***_
安装成功后,进入wordpress后台插件安装:WPvivid备份插件

千万不要改设置里的url,保持http,不要改成https

点击密钥标签,生成key

将其复制到旧的wp的WPvivid备份插件里,从旧wp迁移到新的domain地址

在新wp里面刷新备份&恢复,看到传来的backup,点击【还原】

还原后,进到设置里的常规,看到WP地址和站点地址依然是http的,千万不要改!改成https会导致报错,不改不会影响正常https访问

如果不小心改了,则需要到登录数据库:你的前缀_options表格的siteurl和home这两个option_name的option_value修改回http。

也就是旧wp如果是https,导入还原到新wp,设置依然是http,不用改。

切记,不要使用【WP安全】插件的文件系统权限修改,要去nas目录下手工修改,通过集群安装在nas盘的wordpress,可能owner是33,用户组是node or tape,请手工修改合适的文件和目录权限。

在wp根目录下:
chown -R 33 *
chgrp -R node *

原文链接:https://blog.csdn.net/qq_16670221/article/details/125736458?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522168994674616800227425886%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=168994674616800227425886&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-9-125736458-null-null.268%5Ev1%5Ekoosearch&utm_term=docker%E3%80%81wordpress%E3%80%81wordpress%E5%BB%BA%E7%AB%99%E3%80%81wordpress%E4%B8%BB%E9%A2%98%E3%80%81%E5%AE%B9%E5%99%A8%E9%95%9C%E5%83%8F%E3%80%81

© 版权声明
THE END
喜欢就支持一下吧
点赞9 分享