无法使用 Dockerfile 写入目录

Question

我有以下 Dockerfile。我尝试使用 --build 参数从 docker-compose 重建图像。我看到它正在经历包括重新创建证书在内的步骤，但它没有将其写入目录。该目录由 root 拥有，并且 root 对其具有完全访问权限。我也以 root 身份运行 docker-compose。这是 /var/lib/docker/volumes 上的挂载目录。 /etc/apache2/certificate 目录存在。我错过了什么？

--DockerFile
    FROM php:7.4.3-apache
    RUN apt-get update -y && apt-get install -y apt-utils libhtml-template-pro-perl default-mysql-client libtemplate-perl openssl
    RUN docker-php-ext-install mysqli pdo pdo_mysql && docker-php-ext-enable pdo_mysql
    RUN a2enmod ssl
    RUN a2enmod rewrite
    WORKDIR /etc/apache2/certificate
    RUN touch testing_before.txt
    RUN openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out apache-certificate.crt -keyout apache.key -subj "/C=US/ST=GA/L=Atlanta/O=Companyabc/CN=`hostname -f`"
    RUN touch testing_after.txt
    RUN service apache2 restart

---Docker-compose
---
version: "3.7"
services:
  web:
    build: ./apache 
    container_name: apache
    restart: unless-stopped
    volumes:
      - web-data:/var/www/html
      - web-conf:/etc/apache2
    ports:
      - "80:80"
      - "443:443"
volumes:
  web-data:
  web-conf:

Answer 1

运行 openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out apache-certificate.crt -keyout apache.key -subj "/C=US/ST=GA/L=Atlanta/O=Companyabc/CN=hostname -f"

大多数时候在构建阶段使用主机名是没有意义的，通过在RUN 命令中设置主机名，类似于使用apt-get 安装软件包的方式，它发生在同一层容器。 Docker 稍后会覆盖主机名，因为 Docker 守护进程会在运行时动态设置主机名。

可能低于 sn-p 您可以在 Dockerfile 中使用

# base image
FROM php:7.4.3-apache

# your other packages & extensions goes here
# .....

# ports you expose here
EXPOSE 80
EXPOSE 443

# override your entrypoint with new script
ADD docker-entrypoint.sh /

# make it executable
RUN chmod a+x /docker-entrypoint.sh

# your new entry point override
ENTRYPOINT ["/docker-entrypoint.sh"]

# we're using original apache2-foreground script

CMD ["apache2-foreground"]

并创建docker-entrypoint.sh

#!/bin/sh
set -e

# if you have some more task put here
# example configuration customisation etc..

# certificate directory
mkdir -p /etc/apache2/certificate

if [ ! -f "/etc/apache2/certificate/apache-certificate.crt" ] || [ ! -f "/etc/apache2/certificate/apache.key" ]; then
  echo ">> generating self signed cert"
  openssl req -x509 -newkey rsa:4096 \
  -subj "/C=US/ST=GA/L=Atlanta/O=Companyabc/CN=`hostname -f`" \
  -keyout "/etc/apache2/certificate/apache.key" \
  -out "/etc/apache2/certificate/apache-certificate.crt" \
  -days 365 -nodes -sha256
 
fi

# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
    set -- apache2-foreground "$@"
fi

exec "$@"

You can refer original entrypoint here

您可以在 Web 服务容器中设置主机名

version: "3.7"
services:
  web:
    build: ./apache 
    container_name: apache
    hostname: web-server.mydomain.com
    restart: unless-stopped
    volumes:
      - web-data:/var/www/html
      - web-conf:/etc/apache2
    ports:
      - "80:80"
      - "443:443"
volumes:
  web-data:
  web-conf:

测试结果：

root@sys:/home/akshay/Documents/test# tree 
.
├── apache
│   ├── docker-entrypoint.sh
│   └── Dockerfile
└── docker-compose.yml

1 directory, 3 files
root@sys:/home/akshay/Documents/test# docker-compose up -d --build
Building web
Step 1/7 : FROM php:7.4.3-apache
 ---> d753d5b380a1
Step 2/7 : EXPOSE 80
 ---> Using cache
 ---> 66c155b818cc
Step 3/7 : EXPOSE 443
 ---> Using cache
 ---> 141789b7ce40
Step 4/7 : ADD docker-entrypoint.sh /
 ---> Using cache
 ---> 0fd8d03fb8ec
Step 5/7 : RUN chmod a+x /docker-entrypoint.sh
 ---> Using cache
 ---> 9a081cf61816
Step 6/7 : ENTRYPOINT ["/docker-entrypoint.sh"]
 ---> Using cache
 ---> 22b1851f7882
Step 7/7 : CMD ["apache2-foreground"]
 ---> Using cache
 ---> 46c5cf7c6630

Successfully built 46c5cf7c6630
Successfully tagged test_web:latest
apache is up-to-date

root@sys:/home/akshay/Documents/test# docker ps
CONTAINER ID   IMAGE      COMMAND                  CREATED          STATUS          PORTS                                                                      NAMES
20a2af0e0570   test_web   "/docker-entrypoint.…"   50 seconds ago   Up 48 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   apache

root@web-server:/var/www/html# ls /etc/apache2/certificate/ -1
apache-certificate.crt
apache.key

root@web-server:/var/www/html# openssl x509 -in /etc/apache2/certificate/apache-certificate.crt -text | head -15
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b9:28:da:06:53:12:64:c3:e5:1c:90:5d:9e:18:f5:f2:1f:2c:eb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = GA, L = Atlanta, O = Companyabc, CN = web-server.mydomain.com
        Validity
            Not Before: May 26 16:45:25 2021 GMT
            Not After : May 26 16:45:25 2022 GMT
        Subject: C = US, ST = GA, L = Atlanta, O = Companyabc, CN = web-server.mydomain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:

为了确保重新生成证书

root@sys:/home/akshay/Documents/test# docker-compose up -d  --force-recreate
Recreating apache ... done
root@sys:/home/akshay/Documents/test# docker exec -it apache bash
root@web-server:/var/www/html#  openssl x509 -in /etc/apache2/certificate/apache-certificate.crt -text | head -15
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:1a:6d:c1:af:bc:05:54:58:04:f7:d2:42:d7:92:5f:ef:dc:a6:20
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = GA, L = Atlanta, O = Companyabc, CN = web-server.mydomain.com
        Validity
            Not Before: May 26 16:53:34 2021 GMT
            Not After : May 26 16:53:34 2022 GMT
        Subject: C = US, ST = GA, L = Atlanta, O = Companyabc, CN = web-server.mydomain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus: