TypeScript
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# tree -L 3
.
├── Dockerfile.php
├── laravel.conf
├── nginx.conf
├── php-fpm
│   ├── php-fpm.conf
│   └── pool.d
│       └── www.conf
├── src(php源码)
├── supervisord.conf （服务管理）

SQL
+---------+     +------------------+     +----------------------------------+
|  用户   | --> |  Nginx (入口) | --> |   / Docker             Container     |
+---------+     +------------------+     |                                  |
                                        |  +-----------------------------+  |
                                        |  | Nginx (Web Server)          |  |
                                        |  +-----------------------------+  |
                                        |             |                    |
                                        |  +-----------------------------+  |
                                        |  | PHP-FPM (Application)       |  |
                                        |  +-----------------------------+  |
                                        |             |                    |
                                        |  +-----------------------------+  |
                                        |  | 可选：日志落盘                |  |
                                        |  | (access.log, error.log)     |  |
                                        |  +-----------------------------+  |
                                        +------------------+---------------+
                                                           |
                                       +-------------------+------------------+
                                       |                   |                  |
                                +-------------+   +-----------------+   +------------------+
                                |  MySQL /    |   | Redis /         |   | Kafka /          |
                                | PostgreSQL  |   | 消息中间件        |   | RabbitMQ         |
                                | (数据库)     |   | (缓存)           |   | (消息队列)        |
                                +-------------+   +-----------------+   +------------------+

Markdown
cat Dockerfile.php
FROM swr.cn-east-3.myhuaweicloud.com/bocheng-test/ubuntu22.04:v1

# -------------------------------
# 系统设置：创建 www-data 用户
# -------------------------------
RUN groupadd -g 82 www-data && \
    useradd -r -u 82 -g www-data www-data || true

# -------------------------------
# 创建运行目录
# -------------------------------
RUN mkdir -p /run/php && \
    chown www-data:www-data /run/php && \
    chmod 755 /run/php

RUN mkdir -p /var/log/php-fpm && \
    chown -R www-data:www-data /var/log/php-fpm

# -------------------------------
# PHP-FPM 配置（全部从本地 COPY）
# -------------------------------
COPY php-fpm/php-fpm.conf /etc/php/8.0/fpm/php-fpm.conf
COPY php-fpm/pool.d/www.conf /etc/php/8.0/fpm/pool.d/www.conf

RUN mkdir -p /var/log/php-fpm && \
    chown -R www-data:www-data /var/log/php-fpm && \
    chmod -R 755 /var/log/php-fpm

# -------------------------------
# Nginx 配置
# -------------------------------
COPY nginx.conf /etc/nginx/nginx.conf
COPY laravel.conf /etc/nginx/conf.d/laravel.conf

RUN mkdir -p /var/log/nginx && \
    touch /var/log/nginx/access.log /var/log/nginx/error.log && \
    chown -R www-data:www-data /var/log/nginx && chmod -R 755 /var/log/nginx

# -------------------------------
# Supervisor
# -------------------------------
RUN mkdir -p /var/log/supervisor
COPY supervisord.conf /etc/supervisor/supervisord.conf

# -------------------------------
# 应用代码
# -------------------------------
WORKDIR /var/www/html

# 复制源码
COPY src/ .

# �� 删除 Laravel 缓存（防止旧配置污染）
RUN rm -f bootstrap/cache/config.php && \
    rm -f bootstrap/cache/services.php && \
    rm -rf storage/framework/cache/* && \
    rm -rf storage/framework/views/* && \
    rm -rf storage/framework/sessions/* && \
    rm -f storage/logs/*.log

# -------------------------------
# 安装 Composer 依赖
# -------------------------------
RUN composer install \
    --optimize-autoloader \
    --no-dev \
    --no-interaction \
    --ignore-platform-req=ext-gd \
    --no-scripts \
    --no-plugins

# -------------------------------
# 确保 storage 目录结构存在
# -------------------------------
RUN mkdir -p storage/logs storage/framework/cache storage/framework/sessions storage/framework/views

RUN chown -R www-data:www-data /var/www/html/storage /var/www/html/bootstrap/cache
RUN chmod -R 775 /var/www/html/storage /var/www/html/bootstrap/cache

# -------------------------------
# 运行 Artisan 命令
# -------------------------------
USER root
RUN php artisan config:cache && \
    php artisan route:cache && \
    php artisan view:cache && \
    php artisan event:cache

# -------------------------------
# 暴露端口 & 启动
# -------------------------------
EXPOSE 80 9000

USER root
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

Markdown
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# cat laravel.conf
# /etc/nginx/conf.d/default.conf

server {
    listen 80;
    root /var/www/html/public;
    index index.php index.html;

    # 错误日志写入文件（便于排查）
    error_log /var/log/nginx/laravel_error.log warn;
    access_log off;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

        # 安全头
        fastcgi_param HTTPS off;
    }

    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self';" always;

    # 禁止访问 .htaccess
    location ~ /\.ht {
        deny all;
    }

    # 如果你不用 Let's Encrypt，可删除
    # location ~ /\.well-known/acme-challenge {
    #    allow all;
    # }
}

Bash
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# cat nginx.conf
# /etc/nginx/nginx.conf

user root;
worker_processes auto;

error_log /var/log/nginx/error.log warn;

# ✅ 删除 pid 配置
# pid /tmp/nginx.pid;

events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log off;
    log_not_found off;
    log_subrequest off;

    client_body_temp_path /tmp/client_body;
    proxy_temp_path /tmp/proxy_temp;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    # ✅ 改为加载 sites-enabled
    include /etc/nginx/conf.d/*.conf;
}

Bash
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# cat  php-fpm/php-fpm.conf
include=/etc/php/8.0/fpm/pool.d/*.conf

[global]
pid = /run/php/php8.0-fpm.pid
error_log = /var/log/php-fpm/php8.0-fpm.log
log_level = notice

TypeScript
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# cat  php-fpm/pool.d/www.conf
[www]
listen = 0.0.0.0:9000
listen.backlog = 8192

user = www-data
group = www-data

pm = static
pm.max_children = 200
pm.start_servers = 15
pm.min_spare_servers = 15
pm.max_spare_servers = 50

pm.status_path = /phpfpm_80_status

request_terminate_timeout = 30
request_slowlog_timeout = 30
slowlog = /var/log/php-fpm/slow.log
php_admin_value[open_basedir] = /var/www/html:/tmp:/run

TypeScript
root@bocheng-System-Product-Name:/data/service/k8s-php-migrate/services/dbb-live-api# cat  supervisord.conf
; /etc/supervisor/supervisord.conf
[supervisord]
nodaemon=true
user=root
logfile=/var/log/supervisor/supervisord.log
pidfile=/tmp/supervisord.pid
childlogdir=/var/log/supervisor
logfile_maxbytes=50MB
logfile_backups=5
logworkerfiles=false           ; 关闭内部 worker 日志，除非调试
logworkersize=10MB

; ------------------------------
; PHP-FPM 程序
; ------------------------------
[program:php-fpm]
command=php-fpm8.0 -F          ; 明确版本 + 前台运行
autostart=true
autorestart=true
user=root                ; 安全：不要用 root
stdout_logfile=/var/log/supervisor/php-fpm-access.log
stderr_logfile=/var/log/supervisor/php-fpm-error.log
stdout_logfile_maxbytes=10MB
stderr_logfile_maxbytes=10MB
stdout_logfile_chmod=644
stderr_logfile_chmod=644

; ------------------------------
; Nginx 程序
; ------------------------------
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"  ; 明确路径
autostart=true
autorestart=true
user=root                            ; 可选：也可用 root，但 www-data 更一致
stdout_logfile=/var/log/supervisor/nginx-access.log
stderr_logfile=/var/log/supervisor/nginx-error.log
stdout_logfile_maxbytes=10MB
stderr_logfile_maxbytes=10MB
stdout_logfile_chmod=644
stderr_logfile_chmod=644

Bash
root@bc_live-php_test01-172.24.207.190-hw ~ 17:28:03# cat /www/server/panel/vhost/nginx/liveapi1.ethnicity.cn.conf
server {
    listen 80;
    listen 443 ssl http2;
    server_name testliveapi1.ethnicity.cn;
    index index.php index.html index.htm;

    # ✅ SSL 配置（保持不变）
    ssl_certificate    /www/server/panel/vhost/cert/liveapi.ethnicity.cn/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/liveapi.ethnicity.cn/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497 https://$host$request_uri;

    # ✅ 所有请求反向代理到容器的 Nginx 服务
    location / {
        proxy_pass http://172.24.193.134:8080;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        client_max_body_size 100M;
    }

    # ✅ Let's Encrypt 验证（必须本地响应）
    location ^~ /.well-known/acme-challenge/ {
        root /www/wwwroot/testliveapi1.ethnicity.cn;
        allow all;
        default_type "text/plain";
        try_files $uri =404;
    }

    # ✅ 日志（使用你的 main 格式）
    access_log  /www/wwwlogs/liveapi1.ethnicity.cn.log main;
    error_log   /www/wwwlogs/liveapi1.ethnicity.cn.error.log;
}

事项

附加

基础镜像

ubuntu:22.04

安装的php版本(在基础镜像内)

php8.0和php现有环境一致

安装文档参考 https://ethnicity.blog.csdn.net/article/details/151402759?spm=1011.2415.3001.5331

composer版本

2.0.14和现有环境一致

curl -sS https://getcomposer.org/installer | php8.0 -- --version=2.0.14

mv composer.phar /usr/local/bin/composer

基础镜像

直接run -itd ubuntu:22.04基础上安装软件

程序修改

src/app/Providers/AppServiceProvider.php

注释：

        // 开发环境注册Telescope

        //if ($this->app->environment(['local', 'develop'])) {
        //    $this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);

        //    $this->app->register(TelescopeServiceProvider::class);

        //}

启动命令

在真实环境

docker run -d --name live-api -p 8080:80 swr.cn-east-3.myhuaweicloud.com/bocheng-test/dbb-live-api:test_v1