From 24d3dcf8356de36138032a14903e3aceb65ee509 Mon Sep 17 00:00:00 2001 From: Dennis Mo Date: Sun, 26 Apr 2020 14:39:13 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=A1=B9=E7=9B=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Deployments.sln | 21 +++++ Gitea/Gitea.projitems | 22 +++++ Gitea/Gitea.shproj | 13 +++ Gitea/README.md | 50 +++++++++++ Gitea/conf.d/gitwoyue.conf | 35 ++++++++ Gitea/gitea/docker-compose.yml | 44 ++++++++++ Gitea/gitea/grant-permissions.sh | 3 + Gitea/gitea/mysql/config/my.cnf | 13 +++ Gitea/gitea/mysql/init/init.sql | 1 + .../NginxAndLetsencrypt.projitems | 20 +++++ .../NginxAndLetsencrypt.shproj | 13 +++ NginxAndLetsencrypt/README.md | 40 +++++++++ NginxAndLetsencrypt/docker-compose.yml | 24 +++++ NginxAndLetsencrypt/init-letsencrypt.sh | 80 +++++++++++++++++ .../sampleApp/docker-compose.yml | 42 +++++++++ .../server/nginx/conf/conf.d/sample.conf | 41 +++++++++ .../server/nginx/conf/nginx.conf | 40 +++++++++ NginxAndLetsencrypt/经验汇集.md | 87 +++++++++++++++++++ 18 files changed, 589 insertions(+) create mode 100644 Deployments.sln create mode 100644 Gitea/Gitea.projitems create mode 100644 Gitea/Gitea.shproj create mode 100644 Gitea/README.md create mode 100644 Gitea/conf.d/gitwoyue.conf create mode 100644 Gitea/gitea/docker-compose.yml create mode 100644 Gitea/gitea/grant-permissions.sh create mode 100644 Gitea/gitea/mysql/config/my.cnf create mode 100644 Gitea/gitea/mysql/init/init.sql create mode 100644 NginxAndLetsencrypt/NginxAndLetsencrypt.projitems create mode 100644 NginxAndLetsencrypt/NginxAndLetsencrypt.shproj create mode 100644 NginxAndLetsencrypt/README.md create mode 100644 NginxAndLetsencrypt/docker-compose.yml create mode 100644 NginxAndLetsencrypt/init-letsencrypt.sh create mode 100644 NginxAndLetsencrypt/sampleApp/docker-compose.yml create mode 100644 NginxAndLetsencrypt/server/nginx/conf/conf.d/sample.conf create mode 100644 NginxAndLetsencrypt/server/nginx/conf/nginx.conf create mode 100644 NginxAndLetsencrypt/经验汇集.md diff --git a/Deployments.sln b/Deployments.sln new file mode 100644 index 0000000..bf13f81 --- /dev/null +++ b/Deployments.sln @@ -0,0 +1,21 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.30011.22 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{D954291E-2A0B-460D-934E-DC6B0785DB48}") = "Gitea", "Gitea\Gitea.shproj", "{816BEA29-9CDB-439D-BC36-D2DD6C52BC69}" +EndProject +Project("{D954291E-2A0B-460D-934E-DC6B0785DB48}") = "NginxAndLetsencrypt", "NginxAndLetsencrypt\NginxAndLetsencrypt.shproj", "{57D7CB76-1A45-4A68-A84F-7E5034096F19}" +EndProject +Global + GlobalSection(SharedMSBuildProjectFiles) = preSolution + NginxAndLetsencrypt\NginxAndLetsencrypt.projitems*{57d7cb76-1a45-4a68-a84f-7e5034096f19}*SharedItemsImports = 13 + Gitea\Gitea.projitems*{816bea29-9cdb-439d-bc36-d2dd6c52bc69}*SharedItemsImports = 13 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {E0FBFB33-8BFD-4A87-A8EB-56A3D383EEC7} + EndGlobalSection +EndGlobal diff --git a/Gitea/Gitea.projitems b/Gitea/Gitea.projitems new file mode 100644 index 0000000..81f9b21 --- /dev/null +++ b/Gitea/Gitea.projitems @@ -0,0 +1,22 @@ + + + + $(MSBuildAllProjects);$(MSBuildThisFileFullPath) + true + 816bea29-9cdb-439d-bc36-d2dd6c52bc69 + + + Gitea + + + + + + + + + + + + + \ No newline at end of file diff --git a/Gitea/Gitea.shproj b/Gitea/Gitea.shproj new file mode 100644 index 0000000..80e2475 --- /dev/null +++ b/Gitea/Gitea.shproj @@ -0,0 +1,13 @@ + + + + 816bea29-9cdb-439d-bc36-d2dd6c52bc69 + 14.0 + + + + + + + + diff --git a/Gitea/README.md b/Gitea/README.md new file mode 100644 index 0000000..6457563 --- /dev/null +++ b/Gitea/README.md @@ -0,0 +1,50 @@ +# Gitea + +## 官网 + +https://gitea.io/en-us/ + +## 用途 + +低配置要求的Gitlab替代。 + +## 文件说明 + +* `docker-compose.yml`:服务配置; + +## 安装说明 + +1. 解析域名到你的服务器; + +2. 安装docker-compose,参考: CENTOS安装Docker Compose; + +3. 完成NginxAndLetsencrypt的部署; + + ​ 参见相关说明。(包含把sample.conf改名为gitea.conf或其他名字) + +4. 在/srv下,复制gitea目录。cd进gitea + +5. 在/srv/gitea下,chmod +x ./grant-permissions.sh + +6. 执行该sh脚本。注意,可以通过tail -2 /etc/passwd和tail -2 /etc/group 查看新注册用户的uid和gid。如和docker-compose.yml中的不符合则应修改yml文件。 + +7. 参照NginxAndLetsencrypt的sample.conf中的注释说明和sampleApp中的compose文件修改docker-compose.yml的网络设置。 + +8. 启动服务 + +9. ``` + docker-compose up -d + ``` + +10. 参照NginxAndLetsencrypt的sample.conf中的注释说明,获取新创建的container的ip,并返回到gitea.conf中将ip填入。 + +11. 重启nginx的docker容器。 +## 使用说明 + +配置文件在:/srv/gitea/gitea/gitea/conf下的app.ini + +邮件smtp服务器要带端口号(通常是25) + +## 测试环境 + +* CentOS Linux release 7.3.1611 (Core) \ No newline at end of file diff --git a/Gitea/conf.d/gitwoyue.conf b/Gitea/conf.d/gitwoyue.conf new file mode 100644 index 0000000..08bf5fb --- /dev/null +++ b/Gitea/conf.d/gitwoyue.conf @@ -0,0 +1,35 @@ +server { + listen 80; + server_name git.woyue.org; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name git.woyue.org; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location / { + #ip address below should changed accordingly. + proxy_pass http://192.168.16.5:3000; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + } +} diff --git a/Gitea/gitea/docker-compose.yml b/Gitea/gitea/docker-compose.yml new file mode 100644 index 0000000..9fce031 --- /dev/null +++ b/Gitea/gitea/docker-compose.yml @@ -0,0 +1,44 @@ + +version: "3.4" + +networks: + gitea: + external: + name: nginxdocker_default + +services: + server: + image: "gitea/gitea:latest" + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=mysql + - DB_HOST=db:3306 + - DB_NAME=gitea + - DB_USER=gitea + - DB_PASSWD=Whynotfight? + restart: always + networks: + - gitea + volumes: + - ./gitea:/data + ports: + - "3000:3000" + - "222:22" + depends_on: + - db + + db: + image: "mysql/mysql-server" + restart: always + environment: + - MYSQL_ROOT_PASSWORD=Nowaytohide... + - MYSQL_USER=gitea + - MYSQL_PASSWORD=Whynotfight? + - MYSQL_DATABASE=gitea + networks: + - gitea + volumes: + - ./mysql/config/my.cnf:/etc/my.cnf + - ./mysql/data:/var/lib/mysql + - ./mysql/init:/docker-entrypoint-initdb.d \ No newline at end of file diff --git a/Gitea/gitea/grant-permissions.sh b/Gitea/gitea/grant-permissions.sh new file mode 100644 index 0000000..ba76a6d --- /dev/null +++ b/Gitea/gitea/grant-permissions.sh @@ -0,0 +1,3 @@ +#!/bin/bash +useradd -M -s /sbin/nologin git +chown -R git:git ../gitea \ No newline at end of file diff --git a/Gitea/gitea/mysql/config/my.cnf b/Gitea/gitea/mysql/config/my.cnf new file mode 100644 index 0000000..b733846 --- /dev/null +++ b/Gitea/gitea/mysql/config/my.cnf @@ -0,0 +1,13 @@ +[mysqld] +user=gitea +default-authentication-plugin=mysql_native_password +skip-name-resolve +character-set-client-handshake=0 +character-set-server=utf8mb4 +collation-server=utf8mb4_unicode_ci +default-time-zone='+8:00' +lower_case_table_names=1 +[client] +default-character-set=utf8mb4 +[mysql] +default-character-set=utf8mb4 diff --git a/Gitea/gitea/mysql/init/init.sql b/Gitea/gitea/mysql/init/init.sql new file mode 100644 index 0000000..a04a468 --- /dev/null +++ b/Gitea/gitea/mysql/init/init.sql @@ -0,0 +1 @@ +GRANT ALL PRIVILEGES ON *.* TO 'gitea'@'%' WITH GRANT OPTION; diff --git a/NginxAndLetsencrypt/NginxAndLetsencrypt.projitems b/NginxAndLetsencrypt/NginxAndLetsencrypt.projitems new file mode 100644 index 0000000..4f97203 --- /dev/null +++ b/NginxAndLetsencrypt/NginxAndLetsencrypt.projitems @@ -0,0 +1,20 @@ + + + + $(MSBuildAllProjects);$(MSBuildThisFileFullPath) + true + 57d7cb76-1a45-4a68-a84f-7e5034096f19 + + + NginxAndLetsencrypt + + + + + + + + + + + \ No newline at end of file diff --git a/NginxAndLetsencrypt/NginxAndLetsencrypt.shproj b/NginxAndLetsencrypt/NginxAndLetsencrypt.shproj new file mode 100644 index 0000000..1a60b03 --- /dev/null +++ b/NginxAndLetsencrypt/NginxAndLetsencrypt.shproj @@ -0,0 +1,13 @@ + + + + 57d7cb76-1a45-4a68-a84f-7e5034096f19 + 14.0 + + + + + + + + diff --git a/NginxAndLetsencrypt/README.md b/NginxAndLetsencrypt/README.md new file mode 100644 index 0000000..6719926 --- /dev/null +++ b/NginxAndLetsencrypt/README.md @@ -0,0 +1,40 @@ +# A repository fork from [https://github.com/wmnnd/nginx-certbot](nginx-certbot) + +## 用途 + +使用`docker-compose`配置nginx并申请certbot证书。 + +## 文件说明 + +* `init-letsencrypt.sh`:获取Let's Encrypt证书; +* `data/nginx`:nginx配置文件目录; +* `docker-compose.yml`:服务配置; + +## 使用说明 + +1.解析域名到你的服务器; + +2.安装docker-compose,参考: CENTOS安装Docker Compose; + +3.修改配置; + +* 修改`init-letsencrypt.sh`文件中的域名及邮箱; +* 修改`server/nginx`中的配置文件里的域名;如有必要,把sample.conf改成实际的文件名。但如果不做修改,只要其中的域名正确,不影响证书申请。 + +4.申请证书 + +``` +chmod +x ./init-letsencrypt.sh + +sudo ./init-letsencrypt.sh +``` + +5.启动服务 + +``` + docker-compose up -d +``` + +## 测试环境 + +* CentOS Linux release 7.3.1611 (Core) diff --git a/NginxAndLetsencrypt/docker-compose.yml b/NginxAndLetsencrypt/docker-compose.yml new file mode 100644 index 0000000..e35c9a1 --- /dev/null +++ b/NginxAndLetsencrypt/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3' + +services: + nginx: + image: nginx:latest + restart: unless-stopped + volumes: + - ./server/nginx/conf/conf.d:/etc/nginx/conf.d + - ./server/nginx/conf/nginx.conf:/etc/nginx/nginx.conf + - ./server/nginx/html:/usr/share/nginx/html + - ./server/nginx/logs:/var/log/nginx + - ./server/certbot/conf:/etc/letsencrypt + - ./server/certbot/www:/var/www/certbot + ports: + - "80:80" + - "443:443" + command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" + certbot: + image: certbot/certbot + restart: unless-stopped + volumes: + - ./server/certbot/conf:/etc/letsencrypt + - ./server/certbot/www:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" diff --git a/NginxAndLetsencrypt/init-letsencrypt.sh b/NginxAndLetsencrypt/init-letsencrypt.sh new file mode 100644 index 0000000..5c6caf4 --- /dev/null +++ b/NginxAndLetsencrypt/init-letsencrypt.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +if ! [ -x "$(command -v docker-compose)" ]; then + echo 'Error: docker-compose is not installed.' >&2 + exit 1 +fi + +domains=(git.woyue.org) +rsa_key_size=4096 +data_path="./server/certbot" +email="staywithmo@163.com" # Adding a valid address is strongly recommended +staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits + +if [ -d "$data_path" ]; then + read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision + if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then + exit + fi +fi + + +if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then + echo "### Downloading recommended TLS parameters ..." + mkdir -p "$data_path/conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" + echo +fi + +echo "### Creating dummy certificate for $domains ..." +path="/etc/letsencrypt/live/$domains" +mkdir -p "$data_path/conf/live/$domains" +docker-compose run --rm --entrypoint "\ + openssl req -x509 -nodes -newkey rsa:1024 -days 1\ + -keyout '$path/privkey.pem' \ + -out '$path/fullchain.pem' \ + -subj '/CN=localhost'" certbot +echo + + +echo "### Starting nginx ..." +docker-compose up --force-recreate -d nginx +echo + +echo "### Deleting dummy certificate for $domains ..." +docker-compose run --rm --entrypoint "\ + rm -Rf /etc/letsencrypt/live/$domains && \ + rm -Rf /etc/letsencrypt/archive/$domains && \ + rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot +echo + + +echo "### Requesting Let's Encrypt certificate for $domains ..." +#Join $domains to -d args +domain_args="" +for domain in "${domains[@]}"; do + domain_args="$domain_args -d $domain" +done + +# Select appropriate email arg +case "$email" in + "") email_arg="--register-unsafely-without-email" ;; + *) email_arg="--email $email" ;; +esac + +# Enable staging mode if needed +if [ $staging != "0" ]; then staging_arg="--staging"; fi + +docker-compose run --rm --entrypoint "\ + certbot certonly --webroot -w /var/www/certbot \ + $staging_arg \ + $email_arg \ + $domain_args \ + --rsa-key-size $rsa_key_size \ + --agree-tos \ + --force-renewal" certbot +echo + +echo "### Reloading nginx ..." +docker-compose exec nginx nginx -s reload diff --git a/NginxAndLetsencrypt/sampleApp/docker-compose.yml b/NginxAndLetsencrypt/sampleApp/docker-compose.yml new file mode 100644 index 0000000..ea49ad3 --- /dev/null +++ b/NginxAndLetsencrypt/sampleApp/docker-compose.yml @@ -0,0 +1,42 @@ +version: "3.4" + +# setting networks. important when connecting other containers. +networks: + gitea: + external: + name: nginxdocker_default + +services: + server: + image: "gitea/gitea:latest" + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=mysql + - DB_HOST=db:3306 + - DB_NAME=gitea + - DB_USER=gitea + - DB_PASSWD=pwd + restart: always + networks: + - gitea + volumes: + - ./gitea:/data + ports: + - "3000:3000" + - "222:22" + depends_on: + - db + + db: + image: "mysql:5.7.27" + restart: always + environment: + - MYSQL_ROOT_PASSWORD=rootpwd + - MYSQL_USER=gitea + - MYSQL_PASSWORD=pwd + - MYSQL_DATABASE=gitea + networks: + - gitea + volumes: + - ./mysql:/var/lib/mysql diff --git a/NginxAndLetsencrypt/server/nginx/conf/conf.d/sample.conf b/NginxAndLetsencrypt/server/nginx/conf/conf.d/sample.conf new file mode 100644 index 0000000..1862c69 --- /dev/null +++ b/NginxAndLetsencrypt/server/nginx/conf/conf.d/sample.conf @@ -0,0 +1,41 @@ +server { + listen 80; + server_name git.woyue.org; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name git.woyue.org; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location / { + #˴IPDocker ContainerIPע⣺ + #1Ҫcompose nginxletsencryptĽ׶ξú + #2ɺִ docker inspect nginxdocker_nginx_1 ȷơ磺 + #"Networks": { + # "nginxdocker_default": { + #3ڽҪеӦõdocker-composeļָⲿΪơμsampleAppʾ + #4docker inspectȷӦõcontainerIP·ɡ + proxy_pass http://172.17.0.1:17000; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + } +} diff --git a/NginxAndLetsencrypt/server/nginx/conf/nginx.conf b/NginxAndLetsencrypt/server/nginx/conf/nginx.conf new file mode 100644 index 0000000..c990bfb --- /dev/null +++ b/NginxAndLetsencrypt/server/nginx/conf/nginx.conf @@ -0,0 +1,40 @@ +user root; +worker_processes 1; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + autoindex on; + gzip on; + gzip_min_length 1k; + gzip_buffers 4 16k; + #gzip_http_version 1.0; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; + gzip_vary off; + gzip_disable "MSIE [1-6]\."; + + client_max_body_size 100M; + client_header_buffer_size 128k; + large_client_header_buffers 4 128k; + + + include /etc/nginx/conf.d/*.conf; + +} \ No newline at end of file diff --git a/NginxAndLetsencrypt/经验汇集.md b/NginxAndLetsencrypt/经验汇集.md new file mode 100644 index 0000000..8125b5a --- /dev/null +++ b/NginxAndLetsencrypt/经验汇集.md @@ -0,0 +1,87 @@ +# 经验汇集 + +## 常用指令 + +* Docker相关 +``` +docker network ls +docker network rm 【网络名称】 +docker inspect 【容器id/名称】 +docker logs -f -t --since="2017-05-31" --tail=10 【容器名称】 #动态查看容器日志 +``` +* Linux +``` +history #查看历史执行命令 +tail -n 20 【文件名】#查看文件的后20行 +du -sh * #查看目录下的磁盘占用情况 +``` +* Vim +``` +history #查看历史执行命令 +tail -n 20 【文件名】#查看文件的后20行 +``` + +## 坑记 + +### 未分类 + +#### 域名解析 + +域名解析做完整。如果要给ycmusic.cn配证书,不要忘记相应添加域名解析。可以参考: + +如何解析设置域名添加www和不添加www都能够访问 + +*来自 <*[*https://jingyan.baidu.com/article/6d704a130c6d0d28db51ca3c.html*](https://jingyan.baidu.com/article/6d704a130c6d0d28db51ca3c.html)*>* + +#### 文本格式导致的脚本执行错误问题 + +注意在windows下编辑的文本格式是dos格式,需要改成unix格式才能作为sh脚本在linux下执行。否则,会出现诸如: + +bin/bash^M: bad interpreter: No such file or directory + +参考[*https://blog.csdn.net/helloxiaozhe/article/details/90347064解决*](https://blog.csdn.net/helloxiaozhe/article/details/90347064) + +另外,可以采用vs的编码保存,其中指定行尾设置 + +#### Let's Encrypt可以添加--dry-run参数来验证运行 + +例如: + +docker-compose run --rm --entrypoint "\ + + certbot certonly **--dry-run** --webroot -w /var/www/certbot \ + + $staging_arg \ + + $email_arg \ + + $domain_args \ + + --rsa-key-size $rsa_key_size \ + + --agree-tos \ + + --force-renewal" certbot + +echo + +#### Nginx开启gzip + +参考:https://blog.csdn.net/bigtree_3721/article/details/79849503 + +#### docker-compose中的特殊字符 + +如有特殊字符,用""将包含特殊字符的字符串包裹起来。如果有$,哪怕在引号内,也需要输入两个$$以作转义。 + +例如: + + db: + image: "mysql:5.7.27" + restart: always + environment: + + - MYSQL_ROOT_PASSWORD="mima$$woshimima" +不过,上面的又有引号又有$的设置是否正确并不确定,因为初次这么设置发现无法登录(通过docker exec -it 进入执行mysql -uroot -p)。 +#### docker-compose中mysql的密码设置 + +第一次运行后,只要/var/lib/mysql中的数据没有改变(这通常是因为已经mount到主机的特定目录),那么后续的密码更改是无效的,哪怕把container删了再重建也一样。所以这个时候,要不然用原来密码登录,要不然就是清空data目录。(data目录需要有,不然docker-compose up会失败) \ No newline at end of file