# 创建Dockerfile目录
[root@docker ~]# mkdir -p /fglinux/docker/fgedu-web
[root@docker ~]# cd /fglinux/docker/fgedu-web

# 创建Dockerfile
[root@docker fgedu-web]# cat > Dockerfile << 'EOF' # 基础镜像 FROM rockylinux:9.3 # 维护者信息 LABEL maintainer="fgedu ”
LABEL version=”1.0″
LABEL description=”FGEDU Web Application”

# 设置环境变量
ENV APP_NAME=fgedu-web \
APP_VERSION=1.0.0 \
APP_HOME=/opt/fgedu

# 安装依赖
RUN dnf install -y \
nginx \
python39 \
python39-pip \
&& dnf clean all \
&& rm -rf /var/cache/dnf

# 创建应用目录
RUN mkdir -p ${APP_HOME}/logs ${APP_HOME}/data

# 复制应用文件
COPY app/ ${APP_HOME}/app/
COPY config/ ${APP_HOME}/config/
COPY scripts/start.sh ${APP_HOME}/

# 设置权限
RUN chmod +x ${APP_HOME}/start.sh

# 暴露端口
EXPOSE 80 443

# 健康检查
HEALTHCHECK –interval=30s –timeout=10s –start-period=5s –retries=3 \
CMD curl -f http://localhost/health || exit 1

# 数据卷
VOLUME [“${APP_HOME}/logs”, “${APP_HOME}/data”]

# 工作目录
WORKDIR ${APP_HOME}

# 启动命令
CMD [“./start.sh”]
EOF

# 构建镜像
[root@docker fgedu-web]# docker build -t fgedu-web:v1.0 .
[+] Building 45.2s (12/12) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> [internal] load .dockerignore 0.0s
=> [internal] load metadata for docker.io/library/rockylinux:9.3 2.1s
=> [internal] load build context 0.2s
=> [1/7] FROM docker.io/library/rockylinux:9.3@sha256:abc123 5.0s
=> [2/7] RUN dnf install -y nginx python39 python39-pip 25.3s
=> [3/7] RUN mkdir -p /opt/fgedu/logs /opt/fgedu/data 0.3s
=> [4/7] COPY app/ /opt/fgedu/app/ 0.5s
=> [5/7] COPY config/ /opt/fgedu/config/ 0.3s
=> [6/7] COPY scripts/start.sh /opt/fgedu/ 0.2s
=> [7/7] RUN chmod +x /opt/fgedu/start.sh 0.2s
=> exporting to image 5.0s
=> => writing image sha256:def4567890123456789012345678901234567890 0.1s
=> => naming to docker.io/library/fgedu-web:v1.0 0.0s

# 查看构建的镜像
[root@docker fgedu-web]# docker images fgedu-web
REPOSITORY TAG IMAGE ID CREATED SIZE
fgedu-web v1.0 def456789012 30 seconds ago 500MB

# 多阶段构建示例
[root@docker fgedu-web]# cat > Dockerfile.multi-stage << 'EOF' # 构建阶段 FROM golang:1.21 AS builder WORKDIR /app COPY go.mod go.sum ./ RUN go mod download COPY . . RUN CGO_ENABLED=0 GOOS=linux go build -o fgedu-app . # 运行阶段 FROM alpine:3.19 RUN apk --no-cache add ca-certificates tzdata WORKDIR /app COPY --from=builder /app/fgedu-app . COPY --from=builder /app/config ./config EXPOSE 8080 CMD ["./fgedu-app"] EOF # 构建多阶段镜像 [root@docker fgedu-web]# docker build -f Dockerfile.multi-stage -t fgedu-app:v1.0 . [+] Building 60.5s (14/14) FINISHED ... => exporting to image 2.0s
=> => writing image sha256:abc123def4567890123456789012345678901234 0.1s
=> => naming to docker.io/library/fgedu-app:v1.0 0.0s

[root@docker fgedu-web]# docker images fgedu-app
REPOSITORY TAG IMAGE ID CREATED SIZE
fgedu-app v1.0 abc123def456 30 seconds ago 25MB

# Dockerfile最佳实践
[root@docker ~]# cat > /fglinux/docker/best-practices.txt << 'EOF' Dockerfile最佳实践 ================= 1. 基础镜像选择 - 使用官方镜像 - 选择Alpine版本减小体积 - 指定具体版本标签 2. 指令优化 - 合并RUN指令减少层数 - 清理缓存文件 - 使用多阶段构建 3. 安全考虑 - 不以root用户运行 - 不存储敏感信息 - 扫描镜像漏洞 4. 构建优化 - 使用.dockerignore - 利用构建缓存 - 合理安排指令顺序 5. 可维护性 - 添加清晰的注释 - 使用LABEL标记 - 版本化管理 EOF # 创建.dockerignore [root@docker fgedu-web]# cat > .dockerignore << 'EOF' .git .gitignore *.md *.log *.tmp node_modules venv __pycache__ *.pyc .env EOF # 优化的Dockerfile示例 [root@docker fgedu-web]# cat > Dockerfile.optimized << 'EOF' FROM python:3.11-slim AS builder WORKDIR /app COPY requirements.txt . RUN pip install --no-cache-dir --user -r requirements.txt FROM python:3.11-slim RUN groupadd -r fgedu && useradd -r -g fgedu fgedu WORKDIR /app COPY --from=builder /root/.local /home/fgedu/.local COPY --chown=fgedu:fgedu . . USER fgedu ENV PATH=/home/fgedu/.local/bin:$PATH EXPOSE 8000 HEALTHCHECK CMD curl -f http://localhost:8000/health || exit 1 CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"] EOF