baseイメージがcentosのdockerコンテナにapacheとphpをinstallした話

参考文献

PHP + Apacheのインストール - Linux環境 - CentOS

Dockerfile

コード表示

[oracle@centos tmpp]$ cat D*
FROM centos:latest

RUN yum install -y httpd \
 yum install -y php \
 yum install -y iputils \
 yum install -y vim \
 yum install -y tree \
 yum install -y lsof \
 yum install -y net-tools \
 yum install -y psmisc \
 yum install -y bind-utils \
 yum install -y traceroute

RUN yum install -y sudo
RUN groupadd -g 1001 docker
RUN useradd -m -g docker -u 1000 php
RUN echo 'php_pwd' | passwd --stdin php
RUN echo 'root_pwd' | passwd --stdin root
RUN echo 'php ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

コンテナイメージ作成

コード表示

[oracle@centos tmpp]$ docker build -t centos_php .
[oracle@centos tmpp]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos_php          latest              f63aed230c0b        11 minutes ago      499MB
centos              latest              9f38484d220f        2 months ago        202MB

コンテナ起動

コード表示

[oracle@centos tmpp]$ docker run --privileged -p 8080:80 --name php -itd centos_php /sbin/init
9f0534a4c2661a84a0ab04bcc46aadf564d4e3a45e7d5f4979d6d99e6e2663f0
[oracle@centos tmpp]$ docker exec -it php /bin/bash
[root@9f0534a4c266 /]# whoami 
root
[root@9f0534a4c266 /]# id
uid=0(root) gid=0(root) groups=0(root)
[root@9f0534a4c266 /]# su php
[php@9f0534a4c266 /]$ whoami
php
[php@9f0534a4c266 /]$ id
uid=1000(php) gid=1001(docker) groups=1001(docker)
[php@9f0534a4c266 /]$ exit

サービス起動確認

コード表示

[root@9f0534a4c266 /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)
[root@9f0534a4c266 /]# systemctl start httpd
[root@9f0534a4c266 /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-05-21 13:11:15 UTC; 22s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2655 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /docker/9f0534a4c2661a84a0ab04bcc46aadf564d4e3a45e7d5f4979d6d99e6e2663f0/system.slice/httpd.service
           ├─2655 /usr/sbin/httpd -DFOREGROUND
           ├─2656 /usr/sbin/httpd -DFOREGROUND
           ├─2657 /usr/sbin/httpd -DFOREGROUND
           ├─2658 /usr/sbin/httpd -DFOREGROUND
           ├─2659 /usr/sbin/httpd -DFOREGROUND
           └─2660 /usr/sbin/httpd -DFOREGROUND
           ‣ 2655 /usr/sbin/httpd -DFOREGROUND

May 21 13:11:15 9f0534a4c266 systemd[1]: Starting The Apache HTTP Server...
May 21 13:11:15 9f0534a4c266 httpd[2655]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
May 21 13:11:15 9f0534a4c266 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@9f0534a4c266 /]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@9f0534a4c266 /]# systemctl list-unit-files  -t service | grep httpd
httpd.service                          enabled 

サービスポート確認

コード表示

[root@9f0534a4c266 /]# netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2655/httpd          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     418581536 1/init               /run/dbus/system_bus_socket
unix  3      [ ]         DGRAM                    418574907 1/init               /run/systemd/notify
unix  2      [ ]         DGRAM                    418574909 1/init               /run/systemd/cgroups-agent
unix  2      [ ACC ]     STREAM     LISTENING     418574911 1/init               /run/systemd/private
unix  2      [ ]         DGRAM                    418574933 1/init               /run/systemd/shutdownd
unix  2      [ ACC ]     STREAM     LISTENING     418574935 1/init               /run/systemd/journal/stdout
unix  5      [ ]         DGRAM                    418574938 1/init               /run/systemd/journal/socket
unix  3      [ ]         DGRAM                    418574940 1/init               /dev/log
unix  2      [ ACC ]     SEQPACKET  LISTENING     418574945 1/init               /run/udev/control
unix  2      [ ]         DGRAM                    418578316 945/systemd-logind   
unix  3      [ ]         STREAM     CONNECTED     418578273 840/dbus-daemon      
unix  3      [ ]         STREAM     CONNECTED     418581590 1/init               /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     418585610 945/systemd-logind   
unix  2      [ ]         DGRAM                    418779510 2662/login           
unix  3      [ ]         STREAM     CONNECTED     418578323 945/systemd-logind   
unix  3      [ ]         STREAM     CONNECTED     418539486 840/dbus-daemon      /run/dbus/system_bus_socket
unix  2      [ ]         DGRAM                    418579835 17/systemd-journald  
unix  3      [ ]         STREAM     CONNECTED     418578274 840/dbus-daemon      
unix  3      [ ]         STREAM     CONNECTED     418561423 1/init               /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     418581547 1/init               
unix  3      [ ]         STREAM     CONNECTED     418731316 1/init               /run/systemd/journal/stdout
unix  3      [ ]         DGRAM                    418573011 30/systemd-udevd     
unix  3      [ ]         STREAM     CONNECTED     418578275 840/dbus-daemon      /run/dbus/system_bus_socket
unix  3      [ ]         DGRAM                    418573010 30/systemd-udevd     
unix  3      [ ]         STREAM     CONNECTED     418574327 840/dbus-daemon      
unix  3      [ ]         STREAM     CONNECTED     418581552 1/init               /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     418722808 2655/httpd           
unix  2      [ ]         DGRAM                    418572958 30/systemd-udevd     
unix  2      [ ]         DGRAM                    418780208 1/init               
unix  3      [ ]         STREAM     CONNECTED     418573667 30/systemd-udevd     
[root@9f0534a4c266 /]# lsof -i
COMMAND  PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
httpd   2655   root    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
httpd   2656 apache    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
httpd   2657 apache    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
httpd   2658 apache    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
httpd   2659 apache    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
httpd   2660 apache    3u  IPv4 418727592      0t0  TCP *:http (LISTEN)
[root@9f0534a4c266 /]# pstree -p
systemd(1)-+-dbus-daemon(840)
           |-httpd(2655)-+-httpd(2656)
           |             |-httpd(2657)
           |             |-httpd(2658)
           |             |-httpd(2659)
           |             `-httpd(2660)
           |-login(2686)
           |-systemd-journal(17)
           |-systemd-logind(945)
           `-systemd-udevd(30)

http動作確認

localhost

コード表示

[root@9f0534a4c266 html]# curl localhost:80 | grep h1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4897  .jumbotron h1 {
100  4   	  <h1>Testing 123..</h1>
897    0     0  4073k      0 --:--:-- --:--:-- --:--:-- 4782k

ブラウザから。コマンドラインからは外部に公開していないポートなのでエラー。

コード表示

[root@9f0534a4c266 /]# curl http://localhost:8080/
curl: (7) Failed to connect to ::1: Network is unreachable

phpバージョン確認

いんすこはできていそう

コード表示

[root@9f0534a4c266 /]# php -v
PHP 5.4.16 (cli) (built: Oct 30 2018 19:30:51) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

phpファイルつくってみる

コード表示

[root@9f0534a4c266 /]# cd /var/www/html
[root@9f0534a4c266 html]# vi info.php
[root@9f0534a4c266 html]# cat info.php

[root@9f0534a4c266 html]# ll
total 4
-rw-r--r--. 1 root root 20 May 21 13:24 info.php
[root@9f0534a4c266 html]# curl http://localhost:8080/info.php
curl: (7) Failed to connect to ::1: Network is unreachable
[root@9f0534a4c266 html]# curl http://localhost:80/info.php | grep title
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0<title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head>
100 41766    0 41766    0     0  5159k      0 --:--:-- --:--:-- --:--:-- 5826k

formも簡単につくれるんだ

コード表示

[root@9f0534a4c266 html]# cat form.php
<html>
  <head>
  </head>
  <body>
    <form method="POST" action="show.php">
      <label>please input name</label>
      <input type="text" name="name"/><br/>
      <label>please input mailaddress</label>
      <input type="text" name="mail"/>
      <input type="submit" value="submit"/>
    </form>
  </body>
</html>
[root@9f0534a4c266 html]# vi form.php
[root@9f0534a4c266 html]# ll
total 8
-rw-r--r--. 1 root root 320 May 21 13:39 form.php
-rw-r--r--. 1 root root  20 May 21 13:24 info.php
[root@9f0534a4c266 html]# curl localhost:80/form.php
<html>
  <head>
  </head>
  <body>
    <form method="POST" action="show.php">
      <label>please input name</label>
      <input type="text" name="name"/><br/>
      <label>please input mailaddress</label>
      <input type="text" name="mail"/>
      <input type="submit" value="submit"/>
    </form>
  </body>
</html>
[root@9f0534a4c266 html]# curl localhost:8080/form.php
curl: (7) Failed to connect to ::1: Network is unreachable

フォーワーディングもできるんだな

コード表示

[root@9f0534a4c266 html]# cat show.php
<html>
  <head>
  </head>
  <body>
    <?php
      echo $_POST["name"] ."kuraine". $_POST["mail"] ."mujiku";
    ?>
  </body>
</html>


json.php

コード表示

[root@9f0534a4c266 html]# cat json.php
<?php
  $json_string = file_get_contents('php://input');
  echo $json_string;
  $obj = json_decode($json_string);
  var_dump($obj);
?>
[root@9f0534a4c266 html]# curl -H "Content-Type: application/json" -X POST http://localhost:80/json.php -d '{"name":"aine","mail":"nahato"}'
{"name":"aine","mail":"nahato"}object(stdClass)#1 (2) {
  ["name"]=>
  string(4) "aine"
  ["mail"]=>
  string(6) "nahato"
}
[root@9f0534a4c266 html]# curl -H "Content-Type: application/json" -X POST http://localhost:8080/json.php -d '{"name":"aine","mail":"nahato"}'
curl: (7) Failed to connect to ::1: Network is unreachable

ログとか

ブラウザからアクセスすると172.17.0.1なのか。curlだと127.0.0.1。

コード表示

[root@9f0534a4c266 httpd]# tail -f /var/log/httpd/access_log
172.17.0.1 - - [21/May/2019:21:57:11 +0000] "POST /show.php HTTP/1.1" 200 80 "http://localhost:8080/form.php" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
127.0.0.1 - - [21/May/2019:21:57:35 +0000] "POST /json.php HTTP/1.1" 200 124 "-" "curl/7.29.0"
[oracle@centos tmpp]$ ip a show docker0
3: docker0:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:35:00:60:61 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:35ff:fe00:6061/64 scope link 
       valid_lft forever preferred_lft forever

[oracle@centos tmpp]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
[sudo] oracle のパスワード:
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24