RK3568 主路由 + NAS 一体机 - 完整配置文档
RK3568 主路由 + NAS + Docker 完整配置文档
一、硬件配置
设备: RK3568 开发板
CPU: 4核 Cortex-A55
内存: 8GB
存储:
- eMMC: 229GB(系统盘)
- NVMe: 14GB Intel Optane(Docker 存储)
网络: 5个千兆网口(4LAN + 1WAN)二、系统架构
外网(PPPoE) → WAN口 → OpenWrt容器(LXC) → 宿主机网桥(br-mgmt) → LAN1-4口
↓
Docker 容器
↓
Web环境 (Nginx/PHP/MySQL)三、宿主机系统安装
1. 刷机基础
# 将镜像传入 tmp 目录
cd /tmp
# 上传 op.img 到 /tmp
# 刷写 eMMC(OP 固件)
dd if=/tmp/op.img of=/dev/mmcblk0 bs=1M
# 等待 2 分钟,断电重启2. 基础配置
# 更新系统
apt update && apt upgrade -y
# 安装必要工具
apt install -y lxc bridge-utils ethtool net-tools dnsutils curl wget git htop四、宿主机网络配置
配置文件 /etc/network/interfaces
cat > /etc/network/interfaces <<'EOF'
# 本地回环
auto lo
iface lo inet loopback
# 管理网桥 - 4个LAN口
auto br-mgmt
iface br-mgmt inet static
address 192.168.2.2/24
bridge_ports lan1 lan2 lan3 lan4
bridge_stp off
bridge_fd 0
up ip route add default via 192.168.2.1 dev br-mgmt || true
down ip route del default via 192.168.2.1 dev br-mgmt || true
# WAN口 - 直通给容器
auto wan
iface wan inet manual
pre-up ip link set wan nomaster || true
up ip link set wan up
EOF
# 重启网络
systemctl restart networkingDNS 持久化
# 配置 systemd-resolved
mkdir -p /etc/systemd/resolved.conf.d
cat > /etc/systemd/resolved.conf.d/dns.conf <<EOF
[Resolve]
DNS=192.168.2.1 8.8.8.8
Domains=~.
EOF
systemctl restart systemd-resolved五、OpenWrt LXC 容器配置
1. 下载 OpenWrt rootfs
cd /tmp
wget https://downloads.immortalwrt.org/releases/24.10.0/targets/armsr/armv8/immortalwrt-24.10.0-armsr-armv8-rootfs.tar.gz2. 创建容器
mkdir -p /var/lib/lxc/openwrt/rootfs
tar -xzf immortalwrt-*.tar.gz -C /var/lib/lxc/openwrt/rootfs/3. 容器配置 /var/lib/lxc/openwrt/config
cat > /var/lib/lxc/openwrt/config <<'EOF'
# 容器基本配置
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = arm64
lxc.uts.name = openwrt
lxc.tty.max = 2
lxc.start.auto = 1
lxc.start.delay = 5
# rootfs路径
lxc.rootfs.path = dir:/var/lib/lxc/openwrt/rootfs
# WAN口 - 物理直通
lxc.net.0.type = phys
lxc.net.0.name = eth0
lxc.net.0.flags = up
lxc.net.0.link = wan
# LAN口 - 连接宿主机网桥
lxc.net.1.type = veth
lxc.net.1.name = eth1
lxc.net.1.flags = up
lxc.net.1.link = br-mgmt
# PPP 设备授权(PPPoE必须)
lxc.cgroup2.devices.allow = c 108:0 rwm
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file
# 基础设备挂载
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
EOF4. 启动容器
lxc-start -n openwrt
lxc-attach -n openwrt5. OpenWrt 内部配置
# 网络配置 /etc/config/network
cat > /etc/config/network <<'EOF'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option ifname 'eth0'
option proto 'pppoe'
option username '你的宽带账号'
option password '你的宽带密码'
config interface 'lan'
option type 'bridge'
option ifname 'eth1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
EOF
# DHCP 配置 /etc/config/dhcp
cat > /etc/config/dhcp <<'EOF'
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option leasefile '/tmp/dhcp.leases'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option dhcpv6 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
EOF
# 重启服务
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
exit六、Docker 环境配置
1. 安装 Docker
# 添加 Docker 官方 GPG 密钥
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 添加 Docker 阿里云源
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装 Docker
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 验证
docker version
docker compose version2. 配置华为云镜像加速
# 创建 Docker 配置
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://05f073ad3c0010ea0f4bc00b7105ec20.mirror.swr.myhuaweicloud.com"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
EOF
# 重启 Docker
systemctl restart docker3. 迁移 Docker 到傲腾
# 格式化傲腾
mkfs.ext4 /dev/nvme0n1
# 挂载到 /mnt/optane
mkdir -p /mnt/optane
mount /dev/nvme0n1 /mnt/optane
# 添加到 fstab
echo "UUID=$(blkid -s UUID -o value /dev/nvme0n1) /mnt/optane ext4 defaults 0 0" >> /etc/fstab
# 迁移 Docker 目录
systemctl stop docker
mv /var/lib/docker /var/lib/docker.bak
ln -s /mnt/optane /var/lib/docker
cp -a /var/lib/docker.bak/* /mnt/optane/ 2>/dev/null
systemctl start docker
# 验证
docker info | grep "Docker Root Dir"七、Web 环境部署
1. 创建项目目录
# 在傲腾上创建网站目录
mkdir -p /mnt/optane/webstack
cd /mnt/optane/webstack
# 创建子目录
mkdir -p mysql/{data,conf} www php/conf.d nginx/conf.d2. 创建 docker-compose.yml
cat > docker-compose.yml <<'EOF'
name: webstack
services:
mysql:
image: mysql:5.7
container_name: web-mysql
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: root123456
MYSQL_DATABASE: appdb
MYSQL_USER: appuser
MYSQL_PASSWORD: app123456
volumes:
- ./mysql/data:/var/lib/mysql
- ./mysql/conf:/etc/mysql/conf.d
ports:
- "3306:3306"
networks:
- webnet
web:
image: php:8.3-fpm-alpine
container_name: web-php
restart: unless-stopped
depends_on:
- mysql
volumes:
- ./www:/var/www/html
- ./php/conf.d:/usr/local/etc/php/conf.d
environment:
- TZ=Asia/Shanghai
networks:
- webnet
command: >
sh -c "
docker-php-ext-install mysqli pdo_mysql &&
php-fpm
"
nginx:
image: nginx:alpine
container_name: web-nginx
restart: unless-stopped
depends_on:
- web
ports:
- "80:80"
volumes:
- ./www:/var/www/html
- ./nginx/conf.d:/etc/nginx/conf.d
networks:
- webnet
adminer:
image: adminer:latest
container_name: web-adminer
restart: unless-stopped
ports:
- "8080:8080"
networks:
- webnet
networks:
webnet:
driver: bridge
EOF3. 启动服务
docker compose up -d4. 配置多站点
# 创建站点目录
cd /mnt/optane/webstack
mkdir -p www/site1 www/site2 www/site3
# 创建测试页面
echo "<h1>Site 1 - 主站点</h1>" > www/site1/index.html
echo "<h1>Site 2 - 第二个站点</h1>" > www/site2/index.html
echo "<h1>Site 3 - 第三个站点</h1>" > www/site3/index.html
# 创建 Nginx 站点配置
cat > nginx/conf.d/sites.conf <<'EOF'
server {
listen 80;
server_name site1.local;
root /var/www/html/site1;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass web-php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name site2.local;
root /var/www/html/site2;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass web-php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name site3.local;
root /var/www/html/site3;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass web-php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
# 重启 Nginx
docker compose restart nginx八、内存优化(保护 eMMC)
# OpenWrt 内存优化脚本
cat > /root/optimize-openwrt.sh <<'EOF'
#!/bin/bash
lxc-attach -n openwrt -- ash -c '
mkdir -p /var/log /var/tmp /var/cache /var/run /var/lock
cat >> /etc/fstab << "EOFT"
tmpfs /var/log tmpfs defaults,noatime,size=20M 0 0
tmpfs /var/tmp tmpfs defaults,noatime,size=50M 0 0
tmpfs /var/cache tmpfs defaults,noatime,size=30M 0 0
tmpfs /var/run tmpfs defaults,noatime,size=10M 0 0
tmpfs /var/lock tmpfs defaults,noatime,size=5M 0 0
EOFT
mount -a
'
EOF
chmod +x /root/optimize-openwrt.sh
./optimize-openwrt.sh九、系统检查脚本
cat > /root/check-system.sh <<'EOF'
#!/bin/bash
echo "══════════════════════════════════════════════"
echo "【1. 系统负载】"
uptime
free -h
echo ""
echo "【2. 网络状态】"
ip addr show br-mgmt | grep "inet "
bridge link show | grep -E "lan|veth"
ip route show default
echo ""
echo "【3. 容器状态】"
lxc-ls -f
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
echo ""
echo "【4. 存储使用】"
df -h | grep -E "/dev/mmc|nvme|Filesystem"
echo ""
echo "【5. CPU 温度】"
cat /sys/class/thermal/thermal_zone*/temp 2>/dev/null | awk '{print $1/1000 "°C"}'
echo "══════════════════════════════════════════════"
EOF
chmod +x /root/check-system.sh十、常用命令速查
| 用途 | 命令 |
|---|---|
| 启动 OpenWrt | lxc-start -n openwrt |
| 进入 OpenWrt | lxc-attach -n openwrt |
| 启动 Web 环境 | cd /mnt/optane/webstack && docker compose up -d |
| 查看 Docker 容器 | docker ps |
| 查看 Docker 日志 | docker compose logs -f |
| 重启 Nginx | docker compose restart nginx |
| 系统检查 | /root/check-system.sh |
| 内存优化 | /root/optimize-openwrt.sh |
十一、最终验证
# 运行检查脚本
/root/check-system.sh
# 测试网络
ping baidu.com
ping 8.8.8.8
# 测试 Web 服务
curl http://localhost
curl http://localhost:8080 # adminer
# 测试多站点(需配置 hosts)
# http://site1.local
# http://site2.local
# http://site3.local十二、系统资源统计
存储使用:
├─ eMMC: 229GB (已用 2.4GB,仅 1%)
├─ 傲腾: 14GB (已用 728MB,容器专用)
└─ 内存: 8GB (可用充足)
服务运行:
├─ OpenWrt (LXC) - 主路由
├─ MySQL - 数据库
├─ PHP-FPM - 动态页面
├─ Nginx - Web 服务器
└─ Adminer - 数据库管理
总计占用: 不到 3GB 磁盘空间,跑完整套网络服务!恭喜!你的 RK3568 已经成为一台功能强大的:
- ✅ 主路由器(OpenWrt + PPPoE)
- ✅ NAS 服务器(宿主机共享)
- ✅ Web 服务器(Nginx + PHP + MySQL)
- ✅ Docker 容器平台(傲腾加速)
- ✅ 开发环境(多站点支持)
全部只用了不到 3GB 空间,还有 226GB 剩余!