From 9e0c7e45b3ba05842d38d707da41cf5579688f19 Mon Sep 17 00:00:00 2001 From: zhouyonggao <1971162852@qq.com> Date: Sat, 20 Dec 2025 15:23:44 +0800 Subject: [PATCH] =?UTF-8?q?chore(docker):=20=E6=9B=B4=E6=96=B0=20Dockerfil?= =?UTF-8?q?e=20=E5=92=8C=E9=83=A8=E7=BD=B2=E8=84=9A=E6=9C=AC=E4=BB=A5?= =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=9D=83=E9=99=90=E7=AE=A1=E7=90=86=E5=92=8C?= =?UTF-8?q?=E7=9B=AE=E5=BD=95=E7=BB=93=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在 Dockerfile 中设置文件所有者和执行权限,确保二进制文件的安全性。 - 创建必要的目录并设置相应的权限,提升容器的可用性。 - 更新部署脚本,调整挂载路径以分离存储和日志目录,增强容器的管理性。 --- Dockerfile | 10 ++++++---- log/server-20251220.log | 10 ++++++++++ scripts/deploy_docker.sh | 5 ++++- 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 log/server-20251220.log diff --git a/Dockerfile b/Dockerfile index a1062d4..0359e97 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,9 +69,11 @@ RUN apk add --no-cache ca-certificates tzdata && \ rm -rf /var/cache/apk/* WORKDIR /app COPY --from=builder /out/server /app/server -# 确保二进制文件有执行权限 -RUN chmod +x /app/server && ls -la /app/server +# 设置文件所有者和执行权限(在切换用户之前) +RUN chown appuser:appuser /app/server && chmod +x /app/server +# 创建必要的目录 +RUN mkdir -p /app/storage/export /app/log && \ + chown -R appuser:appuser /app/storage /app/log EXPOSE 8077 -# 暂时使用 root 用户运行,排查权限问题 -# USER appuser:appuser +USER appuser:appuser ENTRYPOINT ["/app/server"] diff --git a/log/server-20251220.log b/log/server-20251220.log new file mode 100644 index 0000000..0c4efff --- /dev/null +++ b/log/server-20251220.log @@ -0,0 +1,10 @@ +connecting YMT MySQL: lsxd-read.rwlb.rds.aliyuncs.com:3306 db merketing user merketing +connecting Marketing MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db market user market_root +connecting Meta MySQL (templates/jobs): 47.97.27.195:3306 db merketing user root +connecting Marketing Authorization MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db authorization +connecting Marketing Reseller MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db reseller +gRPC server address: 121.41.108.37:30900 +gRPC user client connected to 121.41.108.37:30900 +[服务启动] 开始恢复未完成的导出任务... +server listening on :8077 +[任务恢复] 没有需要恢复的任务 diff --git a/scripts/deploy_docker.sh b/scripts/deploy_docker.sh index 37e0099..c9b7409 100755 --- a/scripts/deploy_docker.sh +++ b/scripts/deploy_docker.sh @@ -57,7 +57,10 @@ docker run -d \ --name "$CID_NAME" \ --restart unless-stopped \ -p "$PORT:8077" \ - -v "$ROOT_DIR:/app" \ + -v "$ROOT_DIR/storage:/app/storage" \ + -v "$ROOT_DIR/log:/app/log" \ + -v "$ROOT_DIR/server/config.yaml:/app/config.yaml:ro" \ + -e CONFIG_PATH=/app/config.yaml \ "$USE_IMAGE" echo "container: $CID_NAME image: $USE_IMAGE port: $PORT"