增加Docker部署，Github Actions自动构建Docker镜像，Docker容器环境变量配置

Signed-off-by: niliovo <1791356563@qq.com>
niliovo · Dec 8, 2024 · 0c2eaf5 · 0c2eaf5
1 parent 15b3156
commit 0c2eaf5
Show file tree

Hide file tree

Showing 7 changed files with 467 additions and 2 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,8 @@
+.dockerignore
+.git
+.gitignore
+Dockerfile
+.gitlab-ci.yml
+LICENSE
+README.md
+DOCKER.md
diff --git a/.github/workflows/auto_build_docker_container.yml b/.github/workflows/auto_build_docker_container.yml
@@ -0,0 +1,105 @@
+name: 自动构建docker镜像
+
+on:
+  schedule:
+    - cron: "00 12 * * 0"
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  watch:
+    types: started
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check Out Repo
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: akile monitor server meta
+        id: server_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.DOCKER_USERNAME }}/akile_monitor_server
+          tags: |
+            type=raw,value=latest
+            {{date 'YYYY/MM/DD/hh/mm/ss'}}
+
+      - name: akile monitor frontend meta
+        id: fe_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.DOCKER_USERNAME }}/akile_monitor_fe
+          tags: |
+            type=raw,value=latest
+            {{date 'YYYY/MM/DD/hh/mm/ss'}}
+
+      - name: akile monitor client meta
+        id: client_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.DOCKER_USERNAME }}/akile_monitor_client
+          tags: |
+            type=raw,value=latest
+            {{date 'YYYY/MM/DD/hh/mm/ss'}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push server
+        id: docker_build_server
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          target: server
+          tags: ${{ steps.server_meta.outputs.tags }}
+          labels: ${{ steps.server_meta.outputs.labels }}
+      - name: server Image digest
+        run: echo ${{ steps.docker_build_server.outputs.digest }}
+
+      - name: Build and push frontend
+        id: docker_build_fe
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          target: fe
+          tags: ${{ steps.fe_meta.outputs.tags }}
+          labels: ${{ steps.fe_meta.outputs.labels }}
+      - name: fe Image digest
+        run: echo ${{ steps.docker_build_fe.outputs.digest }}
+
+      - name: Build and push client
+        id: docker_build_client
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          target: client
+          tags: ${{ steps.client_meta.outputs.tags }}
+          labels: ${{ steps.client_meta.outputs.labels }}
+      - name: client Image digest
+        run: echo ${{ steps.docker_build_client.outputs.digest }}
diff --git a/DOCKER.md b/DOCKER.md
@@ -0,0 +1,168 @@
+# Docker 部署介绍
+
+- 将前端[akile_monitor_fe](https://github.com/akile-network/akile_monitor_fe)，主控服务[ak_monitor](https://github.com/akile-network/akile_monitor)以及被控客户端[ak_client](https://github.com/akile-network/akile_monitor)打包进容器，并利用 GitHub Actions 自动构建Docker镜像并推送至Docker Hub
+- 前端 端口80 主控服务端 端口3000 可自行映射到宿主机或反向代理TLS加密
+
+## 支持架构
+
+- linux/amd64
+- linux/arm64
+
+# 准备工作
+
+> *以下所有 `/CHANGE_PATH` 替换为你的宿主机路径*
+> *SQLite 数据库需要提前创建，避免Docker自动创建文件夹导致失败*
+
+- [Docker](https://docs.docker.com/get-started/get-docker/) 安装
+
+## 主控服务端
+
+- SQLite数据库 `/CHANGE_PATH/akile_monitor/ak_monitor.db`
+
+# [compose文件](./docker-compose.yml)
+
+# 主控服务端
+
+- 环境变量(默认) 与 配置文件 二选一即可
+
+- 如需映射配置文件，请提前创建文件并挂载至目录 `/CHANGE_PATH/akile_monitor/server/config.json:/app/config.json`
+
+- [主控服务端配置文件参考](https://github.com/akile-network/akile_monitor/blob/main/config.json)
+
+## Docker Cli 部署
+
+```
+docker run -it --name akile_monitor_server --restart always -v /CHANGE_PATH/akile_monitor/server/ak_monitor.db:/app/ak_monitor.db -e AUTH_SECRET="auth_secret" -e LISTEN=":3000" -e ENABLE_TG=false -e TG_TOKEN="your_telegram_bot_token" -e HOOK_URI="/hook" -e UPDATE_URI="/monitor" -e WEB_URI="/ws" -e HOOK_TOKEN="hook_token" -e TG_CHAT_ID=0 -p 3000:3000 -e TZ="Asia/Shanghai" niliaerith/akile_monitor_server
+```
+
+## Docker Compose 部署
+
+```compose.yml
+cat <<EOF > server-compose.yml
+services:
+  akile_monitor_server:
+    image: niliaerith/akile_monitor_server
+    container_name: akile_monitor_server
+    hostname: akile_monitor_server
+    restart: always
+    ports:
+      - 3000:3000 #主控服务端 端口
+    volumes:
+      - /CHANGE_PATH/akile_monitor/server/ak_monitor.db:/app/ak_monitor.db
+    environment:
+      TZ: "Asia/Shanghai"
+      AUTH_SECRET: "auth_secret"
+      LISTEN: ":3000"
+      ENABLE_TG: false
+      TG_TOKEN: "your_telegram_bot_token"
+      HOOK_URI: "/hook"
+      UPDATE_URI: "/monitor"
+      WEB_URI: "/ws"
+      HOOK_TOKEN: "hook_token"
+      TG_CHAT_ID: 0
+EOF
+docker compose -f server-compose.yml up -d
+```
+
+# 前端 部署
+
+- 环境变量(默认) 与 配置文件 二选一即可
+
+- 如需映射配置文件，请提前创建文件并挂载至目录 `/CHANGE_PATH/akile_monitor/caddy/config.json:/usr/share/caddy/config.json`
+
+- 前端配置文件参考如下
+
+```
+{
+  "socket": "ws://192.168.31.64:3000/ws",
+  "apiURL": "http://192.168.31.64:3000"
+}
+```
+
+## Docker Cli 部署
+
+```
+docker run -it --name akile_monitor_server --restart always -e SOCKET="ws://192.168.31.64:3000/ws" -e APIURL="http://192.168.31.64:3000" -p 80:80 -e TZ="Asia/Shanghai" niliaerith/akile_monitor_fe
+```
+
+## Docker Compose 部署
+
+```compose.yml
+cat <<EOF > fe-compose.yml
+services:
+  akile_monitor_fe:
+    image: niliaerith/akile_monitor_fe
+    container_name: akile_monitor_fe
+    hostname: akile_monitor_fe
+    restart: always
+    ports:
+      - 80:80 #前端 端口
+    environment:
+      TZ: "Asia/Shanghai"
+      SOCKET: "ws://192.168.31.64:3000/ws"
+      APIURL: "http://192.168.31.64:3000"
+EOF
+docker compose -f fe-compose.yml up -d
+```
+
+# 被控客户端 部署
+
+- 必须添加 `host` 网络模式，否则识别的流量为容器内的
+- 必须添加 `/var/run/docker.sock` 卷，否则识别的系统为容器内的
+
+- 环境变量(默认) 与 配置文件 二选一即可
+
+- 如需映射配置文件，请提前创建文件并挂载至目录 `/CHANGE_PATH/akile_monitor/client/client.json:/app/client.json`
+
+- [被控客户端配置文件参考](https://github.com/akile-network/akile_monitor/blob/main/client.json)
+
+## Docker Cli 部署
+
+```
+docker run -it --name akile_monitor_client --restart always -e AUTH_SECRET="auth_secret" -e URL="ws://localhost:3000/monitor" -e NET_NAME="eth0" -e NAME="HK-Akile" -v /var/run/docker.sock:/var/run/docker.sock --net host -e TZ="Asia/Shanghai" niliaerith/akile_monitor_client
+```
+
+## Docker Compose 部署
+
+```compose.yml
+cat <<EOF > client-compose.yml
+services:
+  akile_monitor_client:
+    image: niliaerith/akile_monitor_client
+    container_name: akile_monitor_client
+    hostname: akile_monitor_client
+    restart: always
+    network_mode: host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      TZ: "Asia/Shanghai"
+      AUTH_SECRET: "auth_secret" 
+      URL: "ws://localhost:3000/monitor" 
+      NET_NAME: "eth0" 
+      NAME: "HK-Akile"
+EOF
+docker compose -f client-compose.yml up -d
+```
+
+# Github Actions 自动构建镜像
+
+- Fork项目
+- Settings > Secrets and variables > Actions > New repository secret 添加 `DOCKER_USERNAME` (你的 Docker Hub 用户名) 和 `DOCKER_PASSWORD` (你的 Docker Hub 密码) 两个变量
+- Actions 中手动开始工作流 或者 主页Star 或者 修改任意README文档后push触发
+
+# Docker Build 本地构建镜像
+
+```
+git clone https://github.com/akile-network/akile_monitor
+cd akile_monitor
+docker build --target server --tag akile_monitor_server .
+docker build --target fe --tag akile_monitor_fe .
+docker build --target client --tag akile_monitor_client .
+```
+
+# 已知问题
+
+> *因为被控客户端在Docker alpine容器内，所以虚拟化始终显示为`docker`*。
+- 解决方法1: 被控客户端采用 二进制部署，详见 [被控端](./README.md)
+- 解决方法2: 忽略虚拟化显示内容
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,109 @@
+FROM golang:alpine AS gobuild
+WORKDIR /build
+COPY . /build
+RUN go mod download && \
+go mod tidy && \
+go mod verify && \
+go build
+RUN cd client && \
+go mod download && \
+go mod tidy && \
+go mod verify && \
+go build
+
+FROM node:lts-alpine AS nodebuild
+WORKDIR /build
+RUN apk add git && \
+git clone https://github.com/akile-network/akile_monitor_fe.git amf && \
+cd amf && \
+npm install && \
+npm run build && \
+rm -rf dist/config.json
+
+FROM alpine AS server
+WORKDIR /app
+
+ENV AUTH_SECRET=${AUTH_SECRET:-auth_secret}
+ENV LISTEN=${LISTEN:-:3000}
+ENV ENABLE_TG=${ENABLE_TG:-false}
+ENV TG_TOKEN=${TG_TOKEN:-your_telegram_bot_token}
+ENV HOOK_URI=${HOOK_URI:-/hook}
+ENV UPDATE_URI=${UPDATE_URI:-/monitor}
+ENV WEB_URI=${WEB_URI:-/ws}
+ENV HOOK_TOKEN=${HOOK_TOKEN:-hook_token}
+ENV TG_CHAT_ID=${TG_CHAT_ID:-0}
+
+COPY --from=gobuild /build/akile_monitor /app/ak_monitor
+
+RUN cat <<'EOF' > entrypoint.sh
+#!/bin/sh
+if [ ! -f "config.json" ]; then
+    echo "{
+  \"auth_secret\": \"${AUTH_SECRET}\",
+  \"listen\": \"${LISTEN}\",
+  \"enable_tg\": ${ENABLE_TG},
+  \"tg_token\": \"${TG_TOKEN}\",
+  \"hook_uri\": \"${HOOK_URI}\",
+  \"update_uri\": \"${UPDATE_URI}\",
+  \"web_uri\": \"${WEB_URI}\",
+  \"hook_token\": \"${HOOK_TOKEN}\",
+  \"tg_chat_id\": ${TG_CHAT_ID}
+}"> config.json
+fi
+/app/ak_monitor
+EOF
+
+EXPOSE 3000
+
+RUN chmod +x ak_monitor entrypoint.sh
+CMD ["./entrypoint.sh"]
+
+FROM caddy:latest AS fe
+WORKDIR /app
+
+ENV SOCKET=${SOCKET:-ws://192.168.31.64:3000/ws}
+ENV APIURL=${APIURL:-http://192.168.31.64:3000}
+
+COPY --from=nodebuild /build/amf/dist /usr/share/caddy
+
+RUN cat <<'EOF' > entrypoint.sh
+#!/bin/sh
+if [ ! -f "/usr/share/caddy/config.json" ]; then
+    echo "{
+  \"socket\": \"${SOCKET}\",
+  \"apiURL\": \"${APIURL}\"
+}"> /usr/share/caddy/config.json
+fi
+caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
+EOF
+
+EXPOSE 80
+
+RUN chmod +x entrypoint.sh
+CMD ["./entrypoint.sh"]
+
+FROM alpine AS client
+WORKDIR /app
+
+ENV AUTH_SECRET=${AUTH_SECRET:-auth_secret}
+ENV URL=${URL:-ws://localhost:3000/monitor}
+ENV NET_NAME=${NET_NAME:-eth0}
+ENV NAME=${NAME:-HK-Akile}
+
+COPY --from=gobuild /build/client/client /app/ak_client
+
+RUN cat <<'EOF' > entrypoint.sh
+#!/bin/sh
+if [ ! -f "client.json" ]; then
+    echo "{
+  \"auth_secret\": \"${AUTH_SECRET}\",
+  \"url\": \"${URL}\",
+  \"net_name\": \"${NET_NAME}\",
+  \"name\": \"${NAME}\"
+}"> client.json
+fi
+/app/ak_client
+EOF
+
+RUN chmod +x ak_client entrypoint.sh
+CMD ["./entrypoint.sh"]