49.1. Spring boot with Docker

49.1.1. 通过 Docker 命令构建镜像


在项目根目录创建 Dockerfile 文件

% cat Dockerfile 
FROM openjdk
COPY target/*.jar app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]		


mvn package
docker build -t netkiller/docker .
% docker images | grep netkiller
netkiller/docker                           latest              ed359b6ffcad        16 seconds ago      105MB 

% docker run -ti --entrypoint /bin/sh netkiller/docker
sh-4.2# ls
app.jar  bin  boot  dev  etc  home  lib  lib64	media  mnt  opt  proc  root  run  sbin	srv  sys  tmp  usr  var


docker run -p 8080:8080 netkiller/docker

neo@MacBook-Pro ~ % curl http://localhost:8080
Hello Docker World
Dockerfile 放在 src/main/docker/Dockerfile 下
% cat src/main/docker/Dockerfile 
FROM openjdk
COPY target/*.jar app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
mvn package
docker rmi netkiller/docker -f
docker build -t netkiller/docker -f src/main/docker/Dockerfile .
docker run -p 8080:8080 netkiller/docker
neo@MacBook-Pro ~ % curl http://localhost:8080
Hello Docker World
通过参数指定 Springboot 文件
% cat src/main/docker/Dockerfile 
FROM openjdk:8-jdk-alpine
COPY ${JAR_FILE} app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]

mvn package
docker rmi netkiller/docker -f
docker build --build-arg JAR_FILE=target/*.jar -t netkiller/docker -f src/main/docker/Dockerfile .
docker run -p 8080:8080 netkiller/docker
% docker run -e "SPRING_PROFILES_ACTIVE=prod" -p 8080:8080 netkiller/docker
neo@MacBook-Pro ~ % docker push netkiller/docker
The push refers to repository [docker.io/netkiller/docker]
100ff47f36fe: Pushed 
a7aafc769de1: Mounted from library/openjdk 
2666aafcfdd9: Mounted from library/openjdk 
c4a7cf6a6169: Mounted from library/openjdk 

latest: digest: sha256:3078fea95c633f007be33b829efae0ff8e9d78ad463925af7d07752c95eb43a3 size: 1165

49.1.2. 通过 Maven 构建 Docker 镜像

Maven + Dockerfile 方案一

项目地址 https://github.com/spotify/dockerfile-maven



neo@MacBook-Pro ~/git/springcloud/docker % mvn dockerfile:build
[INFO] Scanning for projects...
[INFO] ------------------------< cn.netkiller:docker >-------------------------
[INFO] Building docker 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] --- dockerfile-maven-plugin:1.4.10:build (default-cli) @ docker ---
[INFO] dockerfile: /Users/neo/git/springcloud/docker/src/main/docker/Dockerfile
[INFO] contextDirectory: /Users/neo/git/springcloud/docker
[INFO] Building Docker context /Users/neo/git/springcloud/docker
[INFO] Path(dockerfile): /Users/neo/git/springcloud/docker/src/main/docker/Dockerfile
[INFO] Path(contextDirectory): /Users/neo/git/springcloud/docker
[INFO] Image will be built as netkiller/docker:0.0.1-SNAPSHOT
[INFO] Step 1/7 : FROM openjdk
[INFO] Pulling from library/openjdk
[INFO] Digest: sha256:38ec2c78a60ec4d5773c93534e433237be154ff5afa476965a68837b43ef2f19
[INFO] Status: Image is up to date for openjdk:latest
[INFO]  ---> b697a97ee8e1
[INFO] Step 2/7 : MAINTAINER Netkiller <netkiller@msn.com>
[INFO]  ---> Using cache
[INFO]  ---> e6fd68ec1ce8
[INFO] Step 3/7 : VOLUME /tmp
[INFO]  ---> Using cache
[INFO]  ---> 78b146e1a8a0
[INFO] Step 4/7 : ARG JAR_FILE
[INFO]  ---> Using cache
[INFO]  ---> 2c60b65d49dc
[INFO] Step 5/7 : COPY ${JAR_FILE} app.jar
[INFO]  ---> Using cache
[INFO]  ---> 3186f0425f1d
[INFO] Step 6/7 : CMD ["java", "-version"]
[INFO]  ---> Using cache
[INFO]  ---> d14b8d6360fe
[INFO] Step 7/7 : ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
[INFO]  ---> Using cache
[INFO]  ---> 68e424cf5eab
[INFO] Successfully built 68e424cf5eab
[INFO] Successfully tagged netkiller/docker:0.0.1-SNAPSHOT
[INFO] Detected build of image with id 68e424cf5eab
[INFO] Building jar: /Users/neo/git/springcloud/docker/target/docker-0.0.1-SNAPSHOT-docker-info.jar
[INFO] Successfully built netkiller/docker:0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  9.413 s
[INFO] Finished at: 2019-04-13T05:39:07+08:00
[INFO] ------------------------------------------------------------------------

Maven + Dockerfile 方案二
      <version>VERSION GOES HERE</version>
Maven 不使用 Dockerfile 文件

项目地址 https://github.com/spotify/docker-maven-plugin

					<cmd>["java", "-version"]</cmd>
					<entryPoint>["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/${project.build.finalName}.jar"]</entryPoint>
					<!-- copy the service's jar file from target into the root directory of the image -->

构建镜像 mvn clean package docker:build

neo@MacBook-Pro ~/git/springcloud/webflux % mvn docker:build         
[INFO] Scanning for projects...
[INFO] ------------------------< cn.netkiller:webflux >------------------------
[INFO] Building webflux 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] --- docker-maven-plugin:1.2.0:build (default-cli) @ webflux ---
[INFO] Using authentication suppliers: [ConfigFileRegistryAuthSupplier]
[INFO] Copying /Users/neo/git/springcloud/webflux/target/webflux-0.0.1-SNAPSHOT.jar -> /Users/neo/git/springcloud/webflux/target/docker/webflux-0.0.1-SNAPSHOT.jar
[INFO] Building image netkiller/webflux
Step 1/7 : FROM openjdk

 ---> b697a97ee8e1
Step 2/7 : MAINTAINER netkiller

 ---> Using cache
 ---> c275f5dc2815
Step 3/7 : WORKDIR /

 ---> Using cache
 ---> 27815e0b4455
Step 4/7 : ADD /webflux-0.0.1-SNAPSHOT.jar //

 ---> Using cache
 ---> 78b0fe2a827d
Step 5/7 : ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/webflux-0.0.1-SNAPSHOT.jar"]

 ---> Using cache
 ---> 66d5499c8ba3
Step 6/7 : CMD ["java", "-version"]

 ---> Using cache
 ---> 080a1468d88b
Step 7/7 : VOLUME /tmp

 ---> Using cache
 ---> 60debfac7b7c
ProgressMessage{id=null, status=null, stream=null, error=null, progress=null, progressDetail=null}
Successfully built 60debfac7b7c
Successfully tagged netkiller/webflux:latest
[INFO] Built netkiller/webflux
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  4.485 s
[INFO] Finished at: 2019-04-13T05:41:41+08:00
[INFO] ------------------------------------------------------------------------
neo@MacBook-Pro ~ % vim /usr/local/Cellar/maven/3.6.0/libexec/conf/settings.xml
  <!-- servers
   | This is a list of authentication profiles, keyed by the server-id used within the system.
   | Authentication profiles can be used whenever maven must make a connection to a remote server.
    <!-- server
     | Specifies the authentication information to use when connecting to a particular server, identified by
     | a unique name within the system (referred to by the 'id' attribute below).
     | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
     |       used together.

    <!-- Another sample, using keys to authenticate.
      <passphrase>optional; leave empty if not used.</passphrase>

****** 修改为你的密码

查看 Docker Registry 地址

neo@MacBook-Pro ~ % docker info | grep Registry
Registry: https://index.docker.io/v1/			

maven docker 插件配置

					<cmd>["java", "-version"]</cmd>
					<entryPoint>["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/srv/${project.build.finalName}.jar"]</entryPoint>
					<!-- copy the service's jar file from target into the root directory of the image -->
docker:build -DpushImage or docker:push			


neo@MacBook-Pro ~ % mvn --encrypt-master-password 
Master password: 
vim /usr/local/Cellar/maven/3.6.0/libexec/conf/settings.xml

vim ~/.m2/settings-security.xml


49.1.3. [ERROR] No plugin found for prefix 'dockerfile' in the current project and in the plugin groups [org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (/Users/neo/.m2/repository), central (https://repo.maven.apache.org/maven2)] -> [Help 1]


neo@MacBook-Pro ~ % mvn -version
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-25T02:41:47+08:00)
Maven home: /usr/local/Cellar/maven/3.6.0/libexec
Java version: 12, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk-12.jdk/Contents/Home
Default locale: en_CN, platform encoding: UTF-8
OS name: "mac os x", version: "10.14.5", arch: "x86_64", family: "mac"

vim /usr/local/Cellar/maven/3.6.0/libexec/conf/settings.xml


49.1.4. curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8888

iMac:config neo$ curl -k -i -H HOST:sss https://config:s3cr3t@localhost:8888/netkiller-dev.json
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8888		

检查发现 8888 端口已经启动,SSL证书读不到

iMac:config neo$ openssl s_client -connect localhost:8888 
140735970464712:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.3/libressl/ssl/s23_lib.c:124:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 318 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated


keytool -genkey -alias *.netkiller.cn -storetype PKCS12 -keyalg RSA -keysize 2048 -storepass passw0rd -keystore allhost.p12 -dname "CN=*.netkiller.cn, OU=netkiller, O=netkiller.cn, L=Guangdong, ST=Shenzhen, C=CN"
keytool -selfcert -alias *.netkiller.cn -storepass passw0rd -keystore allhost.p12		


经过曲折的排查发现绑定了地址,在本地启动是正常的,一旦放入 Docker 容器就无法工作。






去掉 server.address=localhost 即可,在 build docker 镜像,然后启动容器。可以正常获取证书

iMac:config neo$ openssl s_client -connect localhost:8888 
depth=0 C = CN, ST = Shenzhen, L = Guangdong, O = netkiller.cn, OU = netkiller, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN, ST = Shenzhen, L = Guangdong, O = netkiller.cn, OU = netkiller, CN = localhost
verify return:1
Certificate chain
 0 s:/C=CN/ST=Shenzhen/L=Guangdong/O=netkiller.cn/OU=netkiller/CN=localhost
Server certificate
No client certificate CA names sent
SSL handshake has read 2631 bytes and written 512 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 856BA1E0CFE8AC65AEC838C0A4DA0503C7A05F0BA803B127D3B1EBBB8FF1A344
    Master-Key: 2DCA2747330C8008958B1A4F3EF340044FE69455EA730DA0E30DF97A13E6EB7BCABDFDF5CA0FA5B278701EA25D694CAB
    TLS session ticket lifetime hint: 86400 (seconds)
    Start Time: 1600656460
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)


iMac:config neo$ curl -k -i https://config:s3cr3t@
HTTP/2 200 
set-cookie: JSESSIONID=75D0C2900D87C789DF596220FA77012D; Path=/; Secure; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
content-type: application/json
content-length: 100
date: Mon, 21 Sep 2020 02:51:11 GMT
