chore: update docker-compose.yml
This commit is contained in:
16
.env.example
Normal file
16
.env.example
Normal file
@@ -0,0 +1,16 @@
|
||||
# 数据库连接配置
|
||||
DB_HOST=host.docker.internal
|
||||
DB_PORT=3306
|
||||
DB_USER=your_database_username
|
||||
DB_PASSWORD=your_database_password
|
||||
DB_NAME=your_database_name
|
||||
|
||||
# API配置
|
||||
ADMIN_API_KEY=sk-admin-xxxxxxxxxxxxxxxx
|
||||
PORT=8080
|
||||
|
||||
# 注意:
|
||||
# 1. 生产环境中请替换所有占位符为实际值
|
||||
# 2. DB_HOST使用host.docker.internal可以让Docker容器连接到宿主机的MySQL
|
||||
# 3. 确保MySQL用户权限允许从Docker容器访问
|
||||
# 4. 敏感信息请勿提交到版本控制系统
|
||||
95
DOCKER_MYSQL_CONNECTION.md
Normal file
95
DOCKER_MYSQL_CONNECTION.md
Normal file
@@ -0,0 +1,95 @@
|
||||
# Docker容器连接宿主机MySQL数据库配置
|
||||
|
||||
## 问题描述
|
||||
当Docker容器需要连接到宿主机上的MySQL数据库,而MySQL的用户账号只允许`@localhost`访问时,需要进行特殊配置。
|
||||
|
||||
## 解决方案
|
||||
|
||||
### 1. 修改Docker Compose配置
|
||||
|
||||
在`docker-compose.yml`文件中,将数据库主机地址修改为`host.docker.internal`,这是Docker提供的特殊DNS名称,可以解析到宿主机的IP地址。
|
||||
|
||||
```yaml
|
||||
environment:
|
||||
DB_HOST: host.docker.internal
|
||||
DB_PORT: 3306
|
||||
DB_USER: shop_mallnew
|
||||
DB_PASSWORD: shop_mallnew
|
||||
DB_NAME: huawei_shop_mallnew
|
||||
```
|
||||
|
||||
### 2. 处理MySQL用户权限
|
||||
|
||||
由于MySQL用户账号默认只允许`@localhost`访问,需要修改用户权限以允许Docker容器访问。
|
||||
|
||||
#### 解决方案1:修改现有用户的host权限(推荐用于测试环境)
|
||||
|
||||
```sql
|
||||
-- 登录到宿主机的MySQL
|
||||
mysql -u root -p
|
||||
|
||||
-- 执行以下SQL语句
|
||||
UPDATE mysql.user SET Host = '%' WHERE User = 'shop_mallnew' AND Host = 'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
```
|
||||
|
||||
#### 解决方案2:创建新用户,允许从任何IP连接
|
||||
|
||||
```sql
|
||||
-- 登录到宿主机的MySQL
|
||||
mysql -u root -p
|
||||
|
||||
-- 执行以下SQL语句
|
||||
CREATE USER 'shop_mallnew'@'%' IDENTIFIED BY 'shop_mallnew';
|
||||
GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'%';
|
||||
FLUSH PRIVILEGES;
|
||||
```
|
||||
|
||||
#### 解决方案3:创建新用户,仅允许从Docker容器IP范围连接(推荐用于生产环境)
|
||||
|
||||
```sql
|
||||
-- 登录到宿主机的MySQL
|
||||
mysql -u root -p
|
||||
|
||||
-- 执行以下SQL语句(假设Docker容器IP范围为172.17.0.0/16)
|
||||
CREATE USER 'shop_mallnew'@'172.17.0.0/255.255.0.0' IDENTIFIED BY 'shop_mallnew';
|
||||
GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'172.17.0.0/255.255.0.0';
|
||||
FLUSH PRIVILEGES;
|
||||
```
|
||||
|
||||
### 3. 启动Docker容器
|
||||
|
||||
```bash
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
## 注意事项
|
||||
|
||||
1. **安全性考虑**:使用`%`作为host会允许从任何IP连接,在生产环境中应限制为Docker容器的IP范围。
|
||||
2. **端口映射**:确保宿主机的MySQL服务监听在0.0.0.0,而不仅仅是localhost,以便外部连接。
|
||||
3. **防火墙设置**:确保宿主机的防火墙允许Docker容器访问MySQL端口(默认3306)。
|
||||
4. **MySQL版本兼容性**:不同版本的MySQL可能有不同的权限管理方式,请根据实际版本调整SQL语句。
|
||||
5. **Windows系统**:在Windows系统上,`host.docker.internal`可能需要Docker Desktop 18.03+版本才能正常工作。
|
||||
6. **Linux系统**:在Linux系统上,可能需要使用`--add-host=host.docker.internal:host-gateway`参数或修改`/etc/hosts`文件。
|
||||
|
||||
## 故障排查
|
||||
|
||||
1. **无法连接到数据库**:
|
||||
- 检查宿主机MySQL服务是否正在运行
|
||||
- 检查MySQL配置是否允许远程连接
|
||||
- 检查防火墙设置
|
||||
- 检查用户权限是否正确配置
|
||||
|
||||
2. **连接被拒绝**:
|
||||
- 检查MySQL用户的host权限是否包含Docker容器的IP
|
||||
- 检查MySQL服务是否监听在0.0.0.0
|
||||
|
||||
3. **权限错误**:
|
||||
- 检查用户是否有足够的权限访问指定的数据库
|
||||
- 检查`FLUSH PRIVILEGES`是否已执行
|
||||
|
||||
## 相关文件
|
||||
|
||||
- `docker-compose.yml`:Docker容器配置文件
|
||||
- `update_mysql_user.sql`:MySQL用户权限修改脚本
|
||||
- `.env`:本地开发环境配置文件
|
||||
@@ -2,44 +2,16 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
# mysql:
|
||||
# image: mysql:8.0
|
||||
# container_name: saas-mysql
|
||||
# restart: always
|
||||
# environment:
|
||||
# MYSQL_ROOT_PASSWORD: root_secure_password
|
||||
# MYSQL_DATABASE: lucky_sass
|
||||
# MYSQL_USER: saas_admin
|
||||
# MYSQL_PASSWORD: saas_secure_password
|
||||
# ports:
|
||||
# - "3306:3306"
|
||||
# volumes:
|
||||
# - ./init_v2.0.sql:/docker-entrypoint-initdb.d/init.sql:ro
|
||||
# - mysql_data:/var/lib/mysql
|
||||
# command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
|
||||
|
||||
saas-admin-api:
|
||||
build: .
|
||||
container_name: saas-admin-api
|
||||
restart: always
|
||||
ports:
|
||||
- "8080:8080"
|
||||
environment:
|
||||
DB_HOST: mysql
|
||||
DB_PORT: 3306
|
||||
DB_USER: saas_admin
|
||||
DB_PASSWORD: saas_secure_password
|
||||
DB_NAME: lucky_sass
|
||||
ADMIN_API_KEY: sk-admin-xxxxxxxxxxxxxxxx
|
||||
PORT: 8080
|
||||
depends_on:
|
||||
# - mysql
|
||||
# 等待 MySQL 就绪(可选:使用 wait-for-it.sh 更健壮)
|
||||
env_file:
|
||||
- .env
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
volumes:
|
||||
mysql_data:
|
||||
15
update_mysql_user.sql
Normal file
15
update_mysql_user.sql
Normal file
@@ -0,0 +1,15 @@
|
||||
-- 解决方案1:修改现有用户的host权限,允许从任何IP连接
|
||||
-- 注意:这会允许从任何IP连接,安全性较低,建议仅在测试环境使用
|
||||
UPDATE mysql.user SET Host = '%' WHERE User = 'shop_mallnew' AND Host = 'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
|
||||
-- 或者解决方案2:创建一个新用户,允许从任何IP连接
|
||||
-- CREATE USER 'shop_mallnew'@'%' IDENTIFIED BY 'shop_mallnew';
|
||||
-- GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'%';
|
||||
-- FLUSH PRIVILEGES;
|
||||
|
||||
-- 或者解决方案3:创建一个新用户,仅允许从Docker容器的IP范围连接
|
||||
-- 假设Docker容器的IP范围是172.17.0.0/16
|
||||
-- CREATE USER 'shop_mallnew'@'172.17.0.0/255.255.0.0' IDENTIFIED BY 'shop_mallnew';
|
||||
-- GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'172.17.0.0/255.255.0.0';
|
||||
-- FLUSH PRIVILEGES;
|
||||
Reference in New Issue
Block a user