最新动态 > 详情
windows IDEA开发工具连接linux服务器Docker,适用于Phpstorm配置,IntelliJ可作为参考。
发布时间:2022-09-21 14:09:19
目的:
PHP 想使用swoole框架hyperf ,但是hyperf的开发需要mac或者linux环境,所以在 windows下的使用连接docker的方案!
环境要求:
windows 已安装phpstorm
linux 系统已安装Docker(我这里是虚拟机,ip:192.168.2.252)
安装过程:
一、创建TLS加密认证脚本目录和证书存放目录
[root@localhost ~]# cd /docker/ [root@localhost docker]# ls dockerfile mysql prometheus redis test [root@localhost docker]# mkdir -p script cert
二、创建TLS加密认证脚本文件
[root@localhost docker]# touch script/cert.sh [root@localhost docker]# vim script/cert.sh
shell脚本内容:
- 用IP使用下面配置(本地环境),主要区别在subjectAltName的值
#!/bin/bash set -e if [ -z $1 ];then echo "请输入Docker服务器主机名" exit 0 fi HOST=$1 mkdir -p /docker/cert cd /docker/cert openssl genrsa -aes256 -out ca-key.pem 4096 openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem openssl genrsa -out server-key.pem 4096 openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr # 配置白名单,推荐配置0.0.0.0,允许所有IP连接但只有证书才可以连接成功 echo subjectAltName = IP:$HOST,IP:0.0.0.0 > extfile.cnf openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf openssl genrsa -out key.pem 4096 openssl req -subj '/CN=client' -new -key key.pem -out client.csr echo extendedKeyUsage = clientAuth > extfile.cnf openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf rm -v client.csr server.csr chmod -v 0400 ca-key.pem key.pem server-key.pem chmod -v 0444 ca.pem server-cert.pem cert.pem
- 用域名使用下面配置
#!/bin/bash set -e if [ -z $1 ];then echo "请输入Docker服务器主机名" exit 0 fi HOST=$1 mkdir -p /docker/cert cd /docker/cert openssl genrsa -aes256 -out ca-key.pem 4096 openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem openssl genrsa -out server-key.pem 4096 openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr # 配置白名单,推荐配置0.0.0.0,允许所有IP连接但只有证书才可以连接成功 echo subjectAltName = DNS:$HOST,IP:0.0.0.0 > extfile.cnf openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf openssl genrsa -out key.pem 4096 openssl req -subj '/CN=client' -new -key key.pem -out client.csr echo extendedKeyUsage = clientAuth > extfile.cnf openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf rm -v client.csr server.csr chmod -v 0400 ca-key.pem key.pem server-key.pem chmod -v 0444 ca.pem server-cert.pem cert.pem
三、执行shell脚本
密码均设置为forpastime 192.168.2.252为主机ip地址
[root@localhost script]# sh cert.sh 192.168.2.252 Generating RSA private key, 4096 bit long modulus ...............................................................................................................................................................++ .................................++ e is 65537 (0x10001) Enter pass phrase for ca-key.pem: Verifying - Enter pass phrase for ca-key.pem: Enter pass phrase for ca-key.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:zh State or Province Name (full name) []:sc Locality Name (eg, city) [Default City]:cd Organization Name (eg, company) [Default Company Ltd]:for Organizational Unit Name (eg, section) []:past Common Name (eg, your name or your server's hostname) []:time Email Address []:564179234@qq.com Generating RSA private key, 4096 bit long modulus ........................................................++ .................................................................................................................++ e is 65537 (0x10001) Signature ok subject=/CN=192.168.2.252 Getting CA Private Key Enter pass phrase for ca-key.pem: Generating RSA private key, 4096 bit long modulus ..................................................................................................++ .......................................................................................++ e is 65537 (0x10001) Signature ok subject=/CN=client Getting CA Private Key Enter pass phrase for ca-key.pem: 已删除"client.csr" 已删除"server.csr" mode of "ca-key.pem" changed from 0644 (rw-r--r--) to 0400 (r--------) mode of "key.pem" changed from 0644 (rw-r--r--) to 0400 (r--------) mode of "server-key.pem" changed from 0644 (rw-r--r--) to 0400 (r--------) mode of "ca.pem" changed from 0644 (rw-r--r--) to 0444 (r--r--r--) mode of "server-cert.pem" changed from 0644 (rw-r--r--) to 0444 (r--r--r--) mode of "cert.pem" changed from 0644 (rw-r--r--) to 0444 (r--r--r--) [root@localhost script]# cd ../cert/ [root@localhost cert]# ls ca-key.pem ca.pem ca.srl cert.pem extfile.cnf key.pem server-cert.pem server-key.peml
四、修改docker配置文件
原有的
“ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock”
前面加上“#”号注掉重写
以下是代码:
#自定义配置 -H代表指定docker的监听方式,这里是socket文件文件位置,也就是socket方式,2375就是tcp端口 ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --tlsverify --tlscacert=/docker/cert/ca.pem --tlscert=/docker/cert/server-cert.pem --tlskey=/docker/cert/server-key.pem
ExecStart=/usr/bin/dockerd \
-H unix:///var/run/docker.sock \
-H tcp://0.0.0.0:2375 \
--tlsverify --tlscacert=/docker/cert/ca.pem \
--tlscert=/docker/cert/server-cert.pem \
--tlskey=/docker/cert/server-key.pem \
五、重启docker查看docker状态和2375端口
[root@localhost docker]# systemctl daemon-reload [root@localhost docker]# systemctl restart docker [root@localhost docker]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be038170aa24 prom/prometheus "/bin/prometheus --c…" 17 hours ago Up 56 seconds 0.0.0.0:3001->3001/tcp, :::3001->3001/tcp, 9090/tcp prometheus 65365e02ee48 grafana/grafana "/run.sh" 17 hours ago Up 56 seconds 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp grafana [root@localhost docker]# ss -nltp | grep 2375 LISTEN 0 1024 [::]:2375 [::]:* users:(("dockerd",pid=27751,fd=10))
在windows电脑cmd窗口访问
telnet 192.168.2.252 2375,出现空白窗口即表示配置生效
使用证书访问 https://192.168.2.252:2375/info
[root@localhost script]# curl https://192.168.2.252:2375/info --cert /docker/cert/cert.pem --key /docker/cert/key.pem --cacert /docker/cert/ca.pem {"ID":"BDSM:MYI6:CDN4:G5WW:EVKK:O4OM:F5O5:CKRK:RCVM:KR5M:IY6M:CSSJ", "Containers":63,"ContainersRunning":2,"ContainersPaused":0, "ContainersStopped":61,"Images":29,"Driver":"overlay2", "DriverStatus":[["Backing Filesystem","xfs"],["Supports d_type","true"], ["Native Overlay Diff","true"],["userxattr","false"]],"Plugins":{"Volume":["local"], "Network":["bridge","host","ipvlan","macvlan","null","overlay"], "Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"KernelMemoryTCP":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":38,"OomKillDisable":true,"NGoroutines":43,"SystemTime":"2022-07-01T13:26:19.459215671+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","CgroupVersion":"1","NEventsListener":0,"KernelVersion":"3.10.0-1160.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSVersion":"7","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":["https://no15i93v.mirror.aliyuncs.com/"],"Secure":true,"Official":true}},"Mirrors":["https://no15i93v.mirror.aliyuncs.com/"]},"NCPU":4,"MemTotal":8201256960,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"localhost.localdomain","Labels":[],"ExperimentalBuild":false,"ServerVersion":"20.10.15","Runtimes":{"io.containerd.runc.v2":{"path":"runc"},"io.containerd.runtime.v1.linux":{"path":"runc"},"runc":{"path":"runc"}},"DefaultRuntime":"runc", "Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive", "ControlAvailable":false,"Error":"","RemoteManagers":null}, "LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init", "ContainerdCommit":{"ID":"212e8b6fa2f44b9c21b2798135fc6fb7c53efc16","Expected":"212e8b6fa2f44b9c21b2798135fc6fb7c53efc16"}, "RuncCommit":{"ID":"v1.1.1-0-g52de29d","Expected":"v1.1.1-0-g52de29d"}, "InitCommit":{"ID":"de40ad0","Expected":"de40ad0"}, "SecurityOptions":["name=seccomp,profile=default"],"Warnings":null}
记得暴露2375端口
iptables -I INPUT -p tcp --dport 2375 -j ACCEPT
我这是本地环境直接关闭防火墙
# 查看防火墙状态
firewall-cmd --state
#临时关闭防火墙
systemctl stop firewalld.service
# 永久关闭防火墙
systemctl disable firewalld
六、phpstorm配置
- 1.将上面生成的证书复制到本地电脑
我这里放在E盘
- 2.打开phpstorm设置
遇见的问题:
出现无法连接:
“com.github.dockerjava.api.exception.DockerClientException: Enabled TLS verif
'C:\Users\Administrator\.docker\machine\machines\default' doesn't exist.”
解决方法:打开本地电脑C:\Users\Administrator\.docker\machine\machines\
查看该目录下是否有没有default文件夹,没有就手动创建
- 3.创建后在左下角点击【Services】,再“docker”右键点击【connect】,连接成功!
上一篇: Hyperf rabbitmq 削峰平谷限流、死信队列配置方案
下一篇:phpstorm windows环境下开发php swoole框架Hyperf的项目,基于docker desktop容器环境。