RK3568 主路由 + NAS + Docker 完整配置文档 (最终版)
一、硬件配置
| 组件 | 规格 |
|---|---|
| 设备 | RK3568 开发板 |
| CPU | 4核 Cortex-A55 |
| 内存 | 8GB |
| 存储 | eMMC: 229GB(系统盘) |
| NVMe: 14GB Intel Optane(Docker 存储) | |
| 网络 | 5个千兆网口(4LAN + 1WAN) |
二、系统架构
外网(PPPoE) → WAN口 → OpenWrt容器(LXC) → 宿主机网桥(br-mgmt) → LAN1-4口
↓
Docker 容器
↓
Web环境 (Nginx/PHP/MySQL)三、宿主机系统安装
3.1 刷机基础
# 将镜像传入 tmp 目录
cd /tmp
# 上传 op.img 到 /tmp
# 刷写 eMMC(OP 固件)
dd if=/tmp/op.img of=/dev/mmcblk0 bs=1M status=progress
sync
echo "刷写完成,等待2分钟后断电重启"3.2 基础工具安装
# 更新系统
apt update && apt upgrade -y
# 安装必要工具
apt install -y lxc bridge-utils ethtool net-tools dnsutils curl wget git htop \
bash-completion sudo vim四、宿主机网络配置(关键步骤)
4.1 安装传统网络管理
# 安装 ifupdown(替代 NetworkManager)
apt update
apt install -y ifupdown
# 禁用 NetworkManager,启用 networking
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl enable networking4.2 配置网络接口
# 编辑 /etc/network/interfaces
cat > /etc/network/interfaces <<'EOF'
# 本地回环
auto lo
iface lo inet loopback
# 管理网桥 - 4个LAN口
auto br-mgmt
iface br-mgmt inet static
address 192.168.2.2/24
bridge_ports lan1 lan2 lan3 lan4
bridge_stp off
bridge_fd 0
up ip route add default via 192.168.2.1 dev br-mgmt || true
down ip route del default via 192.168.2.1 dev br-mgmt || true
# WAN口 - 直通给容器
auto wan
iface wan inet manual
pre-up ip link set wan nomaster || true
up ip link set wan up
EOF
# 重启网络
systemctl restart networking
# 验证
ip addr show br-mgmt # 应显示 192.168.2.2
brctl show # 应显示 lan1-4 在 br-mgmt 中4.3 DNS 持久化
# 配置 systemd-resolved
mkdir -p /etc/systemd/resolved.conf.d
cat > /etc/systemd/resolved.conf.d/dns.conf <<EOF
[Resolve]
DNS=192.168.2.1 8.8.8.8
Domains=~.
EOF
systemctl restart systemd-resolved五、系统核心优化(解决根本问题!)
5.1 内核网络参数优化
# 添加网络优化参数到 sysctl.conf
cat >> /etc/sysctl.conf <<EOF
# 网络优化参数(适用于高速网络和容器环境)
net.core.rmem_max = 67108864 # 接收缓冲区最大 64MB
net.core.wmem_max = 67108864 # 发送缓冲区最大 64MB
net.core.rmem_default = 131072 # 默认接收缓冲区 128KB
net.core.wmem_default = 131072 # 默认发送缓冲区 128KB
net.ipv4.tcp_rmem = 4096 87380 67108864 # TCP接收缓冲区
net.ipv4.tcp_wmem = 4096 65536 67108864 # TCP发送缓冲区
net.core.netdev_max_backlog = 10000 # 网卡队列大小
net.ipv4.tcp_window_scaling = 1 # 启用TCP窗口缩放
EOF
# 立即生效
sysctl -p
# 验证
sysctl net.core.rmem_max net.core.wmem_max
# 应显示 67108864 671088645.2 开机启动优化(硬件 offload)
# 修复 rc.local 语法并添加硬件优化
cat > /etc/rc.local <<'EOF'
#!/bin/sh -e
#
# rc.local - 开机启动脚本
#
# 开启硬件 offload(网卡硬件加速)
/usr/sbin/ethtool -K eth0 tx on rx on tso on gso on gro on > /var/log/ethtool.log 2>&1
/usr/sbin/ethtool -K eth0 tx-udp-segmentation on >> /var/log/ethtool.log 2>&1
/usr/sbin/ethtool -G eth0 rx 1024 tx 1024 >> /var/log/ethtool.log 2>&1
exit 0
EOF
# 赋予执行权限
chmod +x /etc/rc.local
# 测试执行
/etc/rc.local六、OpenWrt LXC 容器配置
6.1 下载 OpenWrt rootfs
cd /tmp
wget https://downloads.immortalwrt.org/releases/24.10.0/targets/armsr/armv8/immortalwrt-24.10.0-armsr-armv8-rootfs.tar.gz6.2 创建容器并解压
mkdir -p /var/lib/lxc/openwrt/rootfs
tar -xzf immortalwrt-*.tar.gz -C /var/lib/lxc/openwrt/rootfs/6.3 容器配置文件
cat > /var/lib/lxc/openwrt/config <<'EOF'
# 容器基本配置
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = arm64
lxc.uts.name = openwrt
lxc.tty.max = 2
lxc.start.auto = 1
lxc.start.delay = 5
# rootfs路径
lxc.rootfs.path = dir:/var/lib/lxc/openwrt/rootfs
# WAN口 - 物理直通
lxc.net.0.type = phys
lxc.net.0.name = eth0
lxc.net.0.flags = up
lxc.net.0.link = wan
# LAN口 - 连接宿主机网桥
lxc.net.1.type = veth
lxc.net.1.name = eth1
lxc.net.1.flags = up
lxc.net.1.link = br-mgmt
lxc.net.1.hwaddr = 00:16:3e:01:02:03
# PPP 设备授权(PPPoE必须)
lxc.cgroup2.devices.allow = c 108:0 rwm
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file
# 基础设备挂载
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
EOF6.4 启动并配置 OpenWrt
# 启动容器
lxc-start -n openwrt
lxc-ls -f # 确认状态为 RUNNING
# 进入容器
lxc-attach -n openwrt6.5 OpenWrt 内部网络配置
# 编辑 /etc/config/network
cat > /etc/config/network <<'EOF'
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option device 'eth0'
option proto 'pppoe'
option username '你的宽带账号'
option password '你的宽带密码'
option ipv6 '1'
option delegate '1'
option reqprefix 'auto'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'wan6'
option proto 'dhcpv6'
option device '@wan'
option reqaddress 'try'
option reqprefix 'auto'
EOF6.6 OpenWrt DHCP 配置
# 编辑 /etc/config/dhcp
cat > /etc/config/dhcp <<'EOF'
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option leasefile '/tmp/dhcp.leases'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'disabled'
option dhcpv6 'disabled'
option dhcpv4 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config host
option name 'armbian'
list mac '5E:B4:EC:05:2F:29'
option ip '192.168.2.150'
option leasetime 'infinite'
EOF
# 重启服务并退出
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
exit七、Docker 环境配置
7.1 安装 Docker
# 添加 Docker 官方 GPG 密钥
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 添加 Docker 阿里云源
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装 Docker
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 验证
docker version
docker compose version7.2 配置 Docker 镜像加速
# 创建 Docker 配置(华为云 + 网易镜像源)
cat > /etc/docker/daemon.json <<EOF
{
"storage-driver": "overlay2",
"data-root": "/var/lib/docker",
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"registry-mirrors": [
"https://05f073ad3c0010ea0f4bc00b7105ec20.mirror.swr.myhuaweicloud.com",
"https://hub-mirror.c.163.com"
]
}
EOF
# 重启 Docker
systemctl restart docker
docker info | grep -A 2 "Registry Mirrors"7.3 迁移 Docker 到傲腾(保留数据)
# 查看傲腾设备
lsblk -f | grep nvme0n1
# 创建挂载点并挂载
mkdir -p /mnt/optane
mount /dev/nvme0n1 /mnt/optane
# 验证数据(应看到 overlay2, containers 等目录)
ls -la /mnt/optane/
# 添加到 fstab 实现开机自动挂载
cp /etc/fstab /etc/fstab.bak
echo "UUID=$(blkid -s UUID -o value /dev/nvme0n1) /mnt/optane ext4 defaults,noatime 0 2" >> /etc/fstab
# 停止 Docker 并迁移数据
systemctl stop docker
[ -d /var/lib/docker.bak ] && rm -rf /var/lib/docker.bak
mv /var/lib/docker /var/lib/docker.bak
ln -s /mnt/optane /var/lib/docker
chown -R root:root /var/lib/docker
# 启动 Docker
systemctl start docker
# 验证
docker info | grep "Docker Root Dir" # 应显示 /var/lib/docker
docker ps -a # 应该能看到原来的容器
df -h /var/lib/docker # 应显示傲腾的空间八、Web 环境部署 (Docker Compose)
8.1 创建项目目录
# 在傲腾上创建网站目录
mkdir -p /mnt/optane/webstack
cd /mnt/optane/webstack
# 创建子目录
mkdir -p mysql/{data,conf} www php/conf.d nginx/conf.d8.2 创建 docker-compose.yml(ARM64 优化版)
cat > docker-compose.yml <<'EOF'
name: webstack
services:
mysql:
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/biarms/mysql:5.7.30-linux-arm64v8-linuxarm64
container_name: web-mysql
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: root123456
MYSQL_DATABASE: appdb
MYSQL_USER: appuser
MYSQL_PASSWORD: app123456
volumes:
- ./mysql/data:/var/lib/mysql
- ./mysql/conf:/etc/mysql/conf.d
ports:
- "3306:3306"
networks:
- webnet
php:
image: php:8.3-fpm-alpine
container_name: web-php
restart: unless-stopped
depends_on:
- mysql
volumes:
- ./www:/var/www/html
- ./php/conf.d:/usr/local/etc/php/conf.d
environment:
- TZ=Asia/Shanghai
networks:
- webnet
command: >
sh -c "
apk add --no-cache php83-mysqli php83-pdo_mysql php83-gd php83-zip php83-opcache php83-ctype php83-dom php83-iconv php83-xml php83-xmlreader php83-xmlwriter pcre2 libzip &&
php-fpm
"
nginx:
image: nginx:alpine
container_name: web-nginx
restart: unless-stopped
depends_on:
- php
ports:
- "80:80"
volumes:
- ./www:/var/www/html
- ./nginx/conf.d:/etc/nginx/conf.d
networks:
- webnet
adminer:
image: adminer:latest
container_name: web-adminer
restart: unless-stopped
ports:
- "8080:8080"
networks:
- webnet
networks:
webnet:
driver: bridge
EOF8.3 MySQL 优化配置
cat > /mnt/optane/webstack/mysql/conf/my.cnf <<'EOF'
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
# InnoDB
innodb_buffer_pool_size = 512M
innodb_log_file_size = 48M
innodb_flush_log_at_trx_commit = 2
innodb_file_per_table = 1
innodb_flush_method = O_DIRECT
# Query Cache
query_cache_type = 1
query_cache_size = 24M
query_cache_limit = 1M
# Connections
max_connections = 50
max_user_connections = 30
thread_cache_size = 8
thread_stack = 192K
# Temp Tables
tmp_table_size = 64M
max_heap_table_size = 64M
table_open_cache = 1600
# MyISAM
key_buffer_size = 16M
myisam-recover-options = BACKUP
# Packet
max_allowed_packet = 16M
# Slow Log
slow_query_log = 1
slow_query_log_file = /var/lib/mysql/slow.log
long_query_time = 2
log_queries_not_using_indexes = 1
log_slow_admin_statements = 1
log_slow_slave_statements = 1
# Error Log
log_error = /var/lib/mysql/error.log
log_warnings = 2
# Binary Log
skip-log-bin
# Timeouts
wait_timeout = 300
interactive_timeout = 600
# Performance
expire_logs_days = 10
max_binlog_size = 100M
performance_schema = OFF
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
EOF8.4 Nginx 站点配置
cat > /mnt/optane/webstack/nginx/conf.d/default.conf <<'EOF'
server {
listen 80;
listen [::]:80;
server_name localhost;
root /var/www/html;
index index.php index.html;
access_log off;
error_log /dev/null crit;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location /uploads {
alias /var/www/html/uploads;
client_max_body_size 100M;
autoindex off;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "
upload_max_filesize = 100M
post_max_size = 100M
max_execution_time = 300
max_input_time = 300
memory_limit = 256M
log_errors = Off
display_errors = On
";
include fastcgi_params;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf|svg|eot)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
access_log off;
}
}
EOF8.5 启动服务
cd /mnt/optane/webstack
docker compose up -d
docker compose ps九、多站点配置
# 创建站点目录
cd /mnt/optane/webstack
mkdir -p www/site1 www/site2 www/site3
# 创建测试页面
echo "<h1>Site 1 - 主站点</h1>" > www/site1/index.html
echo "<h1>Site 2 - 第二个站点</h1>" > www/site2/index.html
echo "<h1>Site 3 - 第三个站点</h1>" > www/site3/index.html
# 创建 Nginx 多站点配置
cat > /mnt/optane/webstack/nginx/conf.d/sites.conf <<'EOF'
server {
listen 80;
server_name site1.local;
root /var/www/html/site1;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name site2.local;
root /var/www/html/site2;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name site3.local;
root /var/www/html/site3;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
# 重启 Nginx
docker compose restart nginx十、系统检查脚本
cat > /root/check-system.sh <<'EOF'
#!/bin/bash
echo "══════════════════════════════════════════════"
echo "【1. 系统负载】"
uptime
free -h
echo ""
echo "【2. 网络状态】"
ip addr show br-mgmt | grep "inet "
bridge link show | grep -E "lan|veth"
ip route show default
echo ""
echo "【3. 容器状态】"
lxc-ls -f
echo ""
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
echo ""
echo "【4. 存储使用】"
df -h | grep -E "(/dev/mmc|nvme|Filesystem|/mnt/optane)"
echo ""
echo "【5. CPU 温度】"
cat /sys/class/thermal/thermal_zone*/temp 2>/dev/null | awk '{print $1/1000 "°C"}' || echo "N/A"
echo ""
echo "【6. 内核优化参数】"
sysctl net.core.rmem_max net.core.wmem_max 2>/dev/null || echo "N/A"
echo "══════════════════════════════════════════════"
EOF
chmod +x /root/check-system.sh十一、常用命令速查
| 用途 | 命令 |
|---|---|
| 启动 OpenWrt | lxc-start -n openwrt |
| 进入 OpenWrt | lxc-attach -n openwrt |
| 重启网络 | systemctl restart networking |
| 应用内核优化 | sysctl -p |
| 启动 Web 环境 | cd /mnt/optane/webstack && docker compose up -d |
| 查看 Docker 容器 | docker ps |
| 重启 Nginx | docker restart web-nginx |
| 重启 MySQL | docker restart web-mysql |
| 查看 MySQL 日志 | docker logs web-mysql --tail 50 |
| 系统检查 | /root/check-system.sh |
| 速度测试 | time curl -o /dev/null -s -w "%{time_total}s\n" http://localhost/ |
十二、最终验证
# 1. 运行检查脚本
/root/check-system.sh
# 2. 测试网络
ping -c 3 baidu.com
ping -c 3 8.8.8.8
# 3. 测试 OpenWrt
lxc-ls -f
ping -c 3 192.168.2.1
# 4. 测试 Web 服务
time curl -o /dev/null -s -w "首页速度: %{time_total}s\n" http://localhost/
time curl -o /dev/null -s -w "PHP速度: %{time_total}s\n" http://localhost/test.php
curl -I http://localhost:8080 2>/dev/null | head -n 1 # Adminer
# 5. 验证内核优化
sysctl net.core.rmem_max net.core.wmem_max
# 应显示 67108864 67108864十三、客户端访问配置
如需在电脑上测试多站点,修改 hosts 文件:
Windows: C:\Windows\System32\drivers\etc\hosts
Linux/Mac: /etc/hosts
添加以下行:
192.168.2.2 site1.local site2.local site3.local十四、系统资源统计
| 组件 | 规格 | 已用 | 用途 |
|---|---|---|---|
| eMMC | 229GB | ~2.1GB | 系统 |
| 傲腾 | 14GB | ~3.3GB | Docker 数据 |
| 内存 | 8GB | 充足 | 运行服务 |
运行中的服务:
- ✅ OpenWrt 容器 - 主路由 (PPPoE + DHCP)
- ✅ MySQL - 数据库
- ✅ PHP-FPM - 动态页面
- ✅ Nginx - Web 服务器
- ✅ Adminer - 数据库管理
十五、故障排查
如果首页慢,但 test.php 快
# 检查 WordPress 插件
ls -la /mnt/optane/webstack/www/wp-content/plugins/ | wc -l
# 查看慢查询
docker exec web-mysql cat /var/lib/mysql/slow.log | tail -20如果 OpenWrt 慢
lxc-attach -n openwrt -- top
lxc-attach -n openwrt -- logread | tail -20如果网络不通
# 检查路由
ip route show
# 检查网桥
brctl show十六、结语
恭喜!您的 RK3568 已经成为一台功能强大的:
✅ 主路由器(OpenWrt + PPPoE + DHCP) ✅ Docker 容器平台(傲腾加速) ✅ Web 服务器(Nginx + PHP + MySQL) ✅ 多站点支持(3个虚拟主机) ✅ 数据库管理(Adminer)
核心优化已生效:
net.core.rmem_max = 64MB- 大流量不丢包net.core.wmem_max = 64MB- 发送数据更顺畅rc.local硬件 offload - 网卡硬件加速
总计占用: 系统盘仅用 2.1GB,傲腾用 3.3GB,剩余 226GB 可用于 NAS 存储!