最近在搭建JupyterHub 的时候遇到只支持python3,为了满足在大数据平台需要python2的问题,只能选择搭建Jupyter,但是Jupyter不支持ldap权限认证,只能使用Nginx 对jupyter端口镜像权限认证。本文主要分析怎么制作和部署centos7 docker images,在docker里面编译部署nginx 并包含ldap模块,然后再分析怎么配置jupyter。

1、下载包

nginx:http://nginx.org/download/nginx-1.12.0.tar.gz
ldap模块:https://codeload.github.com/kvspb/nginx-auth-ldap/zip/master
环境依赖pcre:https://sourceforge.net/projects/pcre/files/pcre/8.39/

最后的包结构如下:
[root@213128086 nginx]# tree
.
├── Dockerfile
├── nginx-1.12.0.zip
├── nginx-auth-ldap.zip
├── nginx.conf
├── pcre-8.39.zip
└── start.sh

0 directories, 6 files

2、dockerfile

FROM   docker.io/centos:centos7.2.1511
MAINTAINER  "https://github.com/ouyangshourui"
RUN yum -y install net-tools
RUN yum -y install openssh-server
RUN yum -y install openssh-clients
RUN yum -y  install krb5-workstation krb5-libs krb5-auth-dialog 1.3
RUN yum -y install nss-pam-ldapd
RUN yum -y install authconfig
RUN yum -y install initscripts
RUN echo "root:123456" | chpasswd
RUN systemctl enable sshd
RUN yum -y install unzip
RUN yum -y install  gcc-c++ gcc 
RUN yum -y install zlib-devel
RUN yum -y install openldap-devel
RUN yum -y install openssl*
ADD pcre-8.39.zip  /opt/
ADD nginx-1.12.0.zip /opt
ADD nginx-auth-ldap.zip /opt
WORKDIR /opt/
RUN unzip pcre-8.39.zip
RUN unzip nginx-1.12.0.zip
RUN unzip nginx-auth-ldap.zip
WORKDIR /opt/pcre-8.39
RUN    /opt/pcre-8.39/configure && make && make install
WORKDIR /opt/nginx-1.12.0
RUN /opt/nginx-1.12.0/configure  --add-module=../nginx-auth-ldap  && make && make install
ADD nginx.conf /opt
RUN \cp /opt/nginx.conf /usr/local/nginx/conf/nginx.conf
# nginx start command : /usr/local/sbin/nginx
# change nginx command :vim /usr/local/nginx/conf/nginx.conf  && /usr/local/sbin/nginx -s reload
ADD start.sh /opt
RUN chmod 755 /opt/start.sh
ENTRYPOINT ["/opt/start.sh"]

3、nginx.conf配置


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

#    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                      '$status $body_bytes_sent "$http_referer" '
#                      '"$http_user_agent" "$http_x_forwarded_for"';

#    access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    auth_ldap_cache_enabled on;
    auth_ldap_cache_expiration_time 10000;
    auth_ldap_cache_size 1000;

    ldap_server LDAP_IDC {
        url "ldap://10.10.128.11:389/ou=People,dc=idc,dc=wanda-group,dc=net?uid?sub?(objectClass=*)";
        #binddn "cn=Manager,dc=idc,dc=wanda-group,dc=net";
        binddn "uid=jupyter,ou=People,dc=idc,dc=wanda-group,dc=net";
        binddn_passwd "123456";
        group_attribute member;
        group_attribute_is_dn on;
        satisfy any;
        require user "uid=ourui,ou=People,dc=idc,dc=wanda-group,dc=net";
    }

# jupyter idc_analysis_user

    server {
       listen           11012;
       server_name      _;

       location / {
           #Login message that the user will see when entering your website:
           auth_ldap "Please enter your ldap user";
           auth_ldap_servers LDAP_IDC;
           proxy_pass http://10.10.128.52:10051/;
           proxy_set_header Referer http://10.10.128.52:10051/;
      }

       location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
           proxy_pass http://10.10.128.52:10051;
           proxy_set_header Referer http://10.10.128.52:10051;
           # websocket support
           proxy_http_version    1.1;
           proxy_set_header Upgrade "websocket";
           proxy_set_header Connection "Upgrade";
      }

   }


}

3、start.sh配置

#!/bin/sh
/usr/local/nginx/sbin/nginx
tail -f /dev/null

4、docker启动

docker run  --name nginx_test_ourui  --net=host -v /etc/hosts:/etc/hosts     -v /etc/localtime:/etc/localtime:ro -d    centos:nginxtestourui /sbin/init

[root@213128086 nginx]# docker -exec -it nginx_test_ourui bash
flag provided but not defined: -exec
See ‘/usr/bin/docker-current –help’.
[root@213128086 nginx]# docker exec -it nginx_test_ourui bash
bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_MESSAGES: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_NUMERIC: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_TIME: cannot change locale (en_US.UTF-8): No such file or directory
[root@CDNDC-213128086 nginx-1.12.0]# ps -ef|grep nginx
root 9 1 0 08:16 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 10 9 0 08:16 ? 00:00:00 nginx: worker process
root 47 30 0 08:21 ? 00:00:00 grep –color=auto nginx
[root@213128086 nginx-1.12.0]# ss -pan|grep 11012
tcp LISTEN 0 511 :11012 :* users:((“nginx”,pid=9,fd=6))

4、登录jupyter

11012 为转发端口,http://10.10.128.52:10051 为jupyter地址。
这里写图片描述

这里写图片描述

# centos # nginx # jupyter # docker
Logo
向您推荐>>Eolink开发者社区

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐

ELK实现containerd的容器日志采集展示【基于logging的全栈监测】

企业级ELK Stack构建介绍

avatar 云原生

深入理解 Mocha 测试框架:从零实现一个 Mocha

前言什么是自动化测试自动化测试在很多团队中都是Devops环节中很难执行起来的一个环节,主要原因在于测试代码的编写工作很难抽象,99%的场景都需要和业务强绑定,而且写测试代码的编写工作量往往比编写实际业务代码的工作量更多。在一些很多业务场景中投入产出比很低,适合写自动化测试的应该是那些中长期业务以及一些诸如组件一样的基础库。自动化测试是个比较大的概念,其中分类也比较多,比如单元测试,端对端测试,集

avatar 云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题,创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置,需要在docker-compose.yml中增加tty:true ,有时候这样也不行,需要再增加一个command:/bin/bash,命令不一定是这个,需要是一个不会退出的命令,然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

avatar 云原生