Docker容器化WordPress企业级部署方案(基于Docker 24.0.7验证)
环境预检
docker --version && docker-compose --version # 验证Docker引擎版本≥20.10.14
systemctl is-active firewalld && sudo ufw allow 80/tcp # 放行防火墙端口
硬件要求:
- 内存≥2GB(推荐4GB)
- 存储空间≥1GB(镜像+持久化数据)
直达服务器选购网址:www.tsyvps.com
直达服务器选购网址:www.tsyvps.com
直达服务器选购网址:www.tsyvps.com
编排文件优化
创建 docker-compose.yml:
version: '3.8'
services:
wordpress:
image: wordpress:6.1.1-php8.2-apache # 指定稳定版本
container_name: wp-web
ports:
- "8080:80" # 避免与系统服务端口冲突
env_file: .env # 敏感信息隔离
volumes:
- wp_data:/var/www/html/wp-content # 使用命名卷提高可维护性
networks:
- wp_network
depends_on:
db:
condition: service_healthy
db:
image: mysql:5.7-debian # 官方推荐兼容版本
container_name: wp-db
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PWD}
MYSQL_DATABASE: ${DB_NAME}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PWD}
volumes:
- db_data:/var/lib/mysql # 数据库持久化存储
networks:
- wp_network
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 5s
timeout: 10s
retries: 5
volumes:
wp_data:
db_data:
networks:
wp_network:
driver: bridge
安全配置
创建 .env文件:
echo "DB_ROOT_PWD=$(openssl rand -base64 16)" >> .env
echo "DB_NAME=wp_$(date +%s | sha256sum | base64 | head -c 8)" >> .env
echo "DB_USER=user_$(openssl rand -hex 4)" >> .env
echo "DB_PWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)" >> .env
chmod 600 .env # 设置严格权限
部署执行
mkdir -p {wp_data,db_data} && chmod 755 wp_data # 创建数据目录
docker-compose pull # 预拉取镜像(可选)
docker-compose up -d --build # 后台启动容器
watch docker-compose logs -f # 实时监控日志
验证部署
curl -I http://localhost:8080 # 检查HTTP响应状态
docker exec wp-db mysql -u${DB_USER} -p${DB_PWD} -e "SHOW DATABASES;" # 验证数据库连接
docker volume inspect wp_data # 确认数据卷挂载
运维管理
- 备份数据库:
docker exec wp-db sh -c 'exec mysqldump --all-databases -u${MYSQL_USER} -p${MYSQL_PASSWORD}' > wp_backup_$(date +%F).sql
- 更新容器:
docker-compose pull && docker-compose up -d --force-recreate
- 故障排查:
docker stats # 监控资源占用
docker inspect wp-web | jq '.[].NetworkSettings.Networks' # 检查网络配置
性能优化建议:
- 增加 WP_MAX_MEMORY=256M环境变量
- 配置Redis对象缓存:
services:
redis:
image: redis:7-alpine
networks:
- wp_network
volumes:
- redis_data:/data
wordpress:
environment:
WORDPRESS_REDIS_HOST: redis
扩展配置
- HTTPS支持:
mkdir certs && cp /path/to/{cert.pem,privkey.pem} certs/
修改 docker-compose.yml:
ports:
- "443:443"
volumes:
- ./certs:/etc/ssl/certs
environment:
WORDPRESS_CONFIG_EXTRA: |
define('FORCE_SSL_ADMIN', true);
通过此方案部署的WordPress实例具备生产级可靠性,建议配合 watchtower实现自动更新,并定期执行 docker system prune清理无效数据层。对于高流量场景,可扩展 docker-compose scale wordpress=3实现负载均衡。