2018-08-17 23:44:13    2019-07-02 11:10:15   

postfix postfixadmin dovecot TLS
`特别说明:阿里云、腾讯云等国内云主机和国外的vultr(禁止25端口)无法搭建,本测试使用的是搬瓦工的云主机.` 25端口封了能用465发信吗? https://www.yunrelay.com/news/mailnews/160485233926.html 搬瓦工网站(需翻墙): https://bandwagonhost.com/aff.php?aff=35573 购买优惠码: `BWH26FXH3HIQ` ### **软件版本** **`Centos`** `v6.9` **`postfix`** `v2.6.6` **`dovecot`** `v2.0.9` **`postfixadmin`** `v3.2` **`php`** `v5.5.38` **`mysql`** `v5.6.41-2.el6` **`apache`** `v2.2.15` &emsp; ### **0.检测主机是否可以搭建邮件服务器** `测试自己的服务器是否禁用了25端口` 服务器 ```bash $ telnet mx1.qq.com 25 #测试邮件服务器发送给其他域的邮件使用的端口是否禁封 $ yum install postfix -y #安装postfix $ grep ^inet_interfaces /etc/postfix/main.cf #查看监听地址 ``` ``` inet_interfaces = all ``` ```bash $ /etc/init.d/postfix restart #重启postfix $ netstat -tunlp |grep 25 #查看监听的地址和端口 ``` ``` tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8470/master ``` 本地电脑 ```bash > telnet 邮件服务器ip 25 #测试其他域的邮件转发到本邮件服务器的端口是否禁封 ``` &emsp; ### **1.准备工作** #### 1.1 配置MX记录 ``` @ MX mail.unotes.co mail A 95.163.201.189 ``` #### 1.2申请Let’s Encrypt HTTPS安全证书(推荐阿里云申请免费证书) `注意:需要在拥有上面解析的公网ip地址的机器上执行该操作` ```bash $ wget https://dl.eff.org/certbot-auto $ chmod a+x certbot-auto $ ./certbot-auto certonly --standalone --email admin@unotes.co -d mail.unotes.co $ cd /etc/letsencrypt/live/mail.unotes.co/ $ ls * cert.pem chain.pem fullchain.pem privkey.pem README ``` chain.pem 为根证书 fullchain.pem 包含根证书的站点证书 privkey.pem 站点私钥 #### 1.3 安装LAMP环境(php>5.3.3,mysql>=5.6) 1.3.1 安装php webtatic仓库 ```bash $ rpm -Uvh http://repo.webtatic.com/yum/el6/latest.rpm ``` 1.3.2 安装mysql社区版仓库 ```bash $ rpm -Uvh http://repo.mysql.com/mysql-community-release-el6.rpm ``` 1.3.3 安装apache ```bash $ yum install httpd ``` 1.3.4 安装php ```bash $ yum --enablerepo=epel install php55w php55w-cli php55w-common php55w-gd php55w-intl php55w-ldap php55w-mbstring php55w-mcrypt php55w-mysql php55w-pdo php55w-pear php55w-pecl-imagick php55w-process php55w-xml php55w-imap openssl mod_ssl -y ``` 1.3.5 安装mysql5.6 ```bash $ yum --enablerepo=epel install mysql-community-server -y ``` 1.3.6 设置开机启动 ```bash $ chkconfig httpd on $ chkconfig mysqld on ``` 1.3.7 测试 ```bash $ vim /var/www/html/index.php ``` ``` <?php phpinfo(); ?> ``` 1.3.8 重启apache ```bash $ /etc/init.d/httpd restart ``` 1.3.9 浏览器访问ip地址 ![](https://image.ynotes.cn/18-8-17/30180853.jpg) &emsp; ### **2.安装postfixadmin** 2.1 下载postfixadmin ```bash $ wget https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-3.2/postfixadmin-3.2.tar.gz/download $ tar xvf download -C /data/app $ mv postfixadmin-3.2 postfixadmin ``` 2.2 创建postfixadmin的数据库和用户 ```bash mysql>create database `postfix` CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> grant all on postfix.* to postfix@'localhost' identified by 'postfix'; mysql> flush privileges; ``` 2.3 修改postfixadmin配置文件 ```bash $ cat /data/app/postfixadmin/config.inc.php ``` ```ini $CONF['configured'] = true; $CONF['database_type'] = 'mysql'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfix'; $CONF['database_password'] = 'postfix'; $CONF['database_name'] = 'postfix'; $CONF['admin_email'] = 'postmaster@unotes.co'; $CONF['encrypt'] = 'dovecot:CRAM-MD5'; $CONF['dovecotpw'] = "/usr/bin/doveadm pw"; $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO'; $CONF['smtp_server'] = 'mail.unotes.co'; $CONF['aliases'] = '1000'; $CONF['mailboxes'] = '1000'; $CONF['maxquota'] = '1000'; $CONF['fetchmail'] = 'NO'; $CONF['quota'] = 'YES'; $CONF['used_quotas'] = 'YES'; $CONF['new_quota_table'] = 'YES'; ``` 2.4 建立软链接 ```bash $ ln -s /data/app/postfixadmin/public/ /var/www/html/postfixadmin ``` 2.5 创建配置文件config.local.php和模板目录 ```bash $ touch config.local.php $ mkdir /data/app/postfixadmin/templates_c $ chmod 777 /data/app/postfixadmin/templates_c ``` ```bash $/etc/init.d/httpd restart ``` 2.6 访问postfixadmin http://your_postfixadmin_server_ip/postfixadmin/setup.php ![](https://image.ynotes.cn/18-8-18/86249152.jpg) ![](https://image.ynotes.cn/18-8-18/77916099.jpg) 2.7 修改安装密码 ```bash $ cat config.inc.php |grep setup_password ``` ``` $CONF['setup_password'] = '4dc9c805b408dac8b90261be15665114:58f1d787dxxxxxxxxxxxxxxx'; ``` ![](https://image.ynotes.cn/18-8-18/98191945.jpg) ![](https://image.ynotes.cn/18-8-18/60690959.jpg) 2.8 解决上面提示不能使用dovecotpw加密的问题 ```bash $yum install -y dovecot dovecot-devel dovecot-mysql ``` http://your_postfixadmin_server_ip/postfixadmin/login.php ![](https://image.ynotes.cn/18-8-18/91981830.jpg) &emsp; ### **3.安装和配置Postfix** 3.1 yum安装postfix ```bash $ yum install postfix -y $ chkconfig postfix on ``` 3.2 创建一个vmail用户,用作管理虚拟邮箱的文件夹 ```bash $ useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail $ grep vmail/etc/passwd vmail::2000:2000::/var/vmail:/sbin/nologin ``` 3.3 配置Postfix #拷贝SSL证书到postfix对应目录 ```bash $ cp /etc/letsencrypt/live/mail.unotes.co/fullchian.pem /etc/postfix/ssl/mail.unotes.co.crt $ cp /etc/letsencrypt/live/mail.unotes.co/private.key /etc/postfix/ssl/mail.unotes.co.key $ cp /etc/letsencrypt/live/mail.unotes.co/chain.key /etc/postfix/ssl/ca.crt ``` 3.4 配置main.cf ```bash $cd /etc/postfix/ $ cat main.cf ``` ```ini #postfix目录和用户配置 queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix #配置hostname和域名 myhostname = mail.unotes.co mydomain = unotes.co myorigin = $mydomain #监控的接口(all表示所有)和协议 inet_interfaces = all inet_protocols = ipv4 #指定匹配邮件最终目的地的参数列表 mydestination = $myhostname, localhost.$mydomain, localhost #默认配置 unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES #开启smtp client连接其他SMTP服务器的SSL/TLS配置 smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_tls_CAfile = /etc/postfix/ssl/ca.crt smtp_use_tls = yes #配置虚拟邮箱和域名配置 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf #添加磁盘配置的支持 virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later. virtual_overquota_bounce = yes #指定邮件文件夹的所属用户和组 virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 #Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps #smtp server SSL/TLS配置 smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/mail.unotes.co.crt smtpd_tls_key_file = /etc/postfix/ssl/mail.unotes.co.key smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #SASL认证相关配置 #使用dovecot认证 smtpd_sasl_type = dovecot #Microsoft Outlook 2007之前的版本兼容 broken_sasl_auth_clients = yes #SASL 的UNIX socket路径 smtpd_sasl_path = private/auth #开启SASL认证 smtpd_sasl_auth_enable = yes #禁用匿名登录,关闭open relay smtpd_sasl_security_options = noanonymous #客户端连接后以HELO显示送信方主机名称在此限制 smtpd_delay_reject = yes #smtpd_helo_required = yes #smtpd_helo_restrictions = # permit_mynetworks, # permit_sasl_authenticated, # reject_non_fqdn_helo_hostname, # reject_invalid_helo_hostname, # permit #寄件人名称限制, reject_authenticated_sender_login_mismatch和smtpd_sender_login_maps配合防止登录用户伪造发件人地址 smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, smtpd_sender_login_maps = mysql:/etc/postfix/mysql_sender_login_maps.cf mysql:/etc/postfix/mysql_virtual_alias_maps.cf #收件人名称限制 smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, #check_policy_service unix:/var/spool/postfix/postgrey/socket reject_unauth_destination, permit #中继限制 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit smtpd_client_restrictions = permit_sasl_authenticated #限制程序的参数 default_process_limit = 100 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 30 queue_minfree = 20971520 header_size_limit = 51200 message_size_limit = 10485760 smtpd_recipient_limit = 100 #传输映射 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 ``` 3.4 检查配置文件是否有错误 ```bash $ postconf ``` 3.5 创建Mysql脚本 ```bash $ cat /etc/postfix/mysql_virtual_domains_maps.cf ``` ```ini user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' ``` 3.6 postfix使用的sql配置文件 ```bash $ cat /etc/postfix/mysql_virtual_alias_maps.cf ``` ```ini user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1' ``` ```bash $ cat /etc/postfix/mysql_virtual_mailbox_maps.cf ``` ```ini user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1' ``` ```bash $ cat /etc/postfix/mysql_virtual_mailbox_limit_maps.cf ``` ```ini user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' ``` ```bash $ cat /etc/postfix/mysql_sender_login_maps.cf ``` ```ini user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT username FROM mailbox WHERE username='%s' AND active = '1' ``` 3.8 配置master.cf ```bash $ cat /etc/postfix/master.cf ``` ```ini #增加下面的配置 submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} ``` &emsp; ### **4.安装和配置dovecot** 4.0 安装dovecot ```bash $ yum install -y dovecot dovecot-devel dovecot-mysql ``` 4.1 配置dovecot ```bash $ cat /etc/dovecot/dovecot.conf ``` ```ini protocols = imap pop3 listen = * dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } !include conf.d/*.conf ``` ```bash $ cat /etc/dovecot/conf.d/10-ssl.conf ``` ```ini ssl = yes ssl_cert = </etc/pki/dovecot/certs/mail.unotes.co.crt ssl_key = </etc/pki/dovecot/private/mail.unotes.co.key ``` 4.2 拷贝SSL证书到对应目录 ```bash $cp /etc/letsencrypt/live/mail.unotes.co/fullchian.pem /etc/pki/dovecot/certs/mail.unotes.co.crt $cp /etc/letsencrypt/live/mail.unotes.co/private.key /etc/pki/dovecot//etc/pki/dovecot/certs/mail.unotes.co.key ``` 4.3 配置认证 ```bash $ cat /etc/dovecot/conf.d/10-auth.conf ``` ```ini disable_plaintext_auth = yes auth_mechanisms = plain login cram-md5 !include auth-sql.conf.ext ``` 4.4 配置邮箱目录 ```bash $ cat /etc/dovecot/conf.d/10-mail.conf mail_location = maildir:%hMaildir mbox_write_locks = fcntl ``` 4.5 配置10-master.conf ```bash $ cat /etc/dovecot/conf.d/10-master.conf ``` ```ini service imap-login { inet_listener imap { } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service lmtp { unix_listener lmtp { } } service imap { } service pop3 { } service auth { unix_listener auth-userdb { mode = 0600 user = vmail group = vmail } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } service auth-worker { } service dict { unix_listener dict { mode = 0600 user = vmail group = vmail } } ``` 4.6 配置15-lda.conf ```bash $ cat /etc/dovecot/conf.d/15-lda.conf ``` ```ini protocol lda { mail_plugins = quota postmaster_address = postmaster@unotes.co } ``` 4.7 配置20-imap.conf ```bash $ cat /etc/dovecot/conf.d/20-imap.conf ``` ```ini protocol imap { mail_plugins = quota imap_quota } ``` 4.8 配置20-pop3.conf ```bash $ cat /etc/dovecot/conf.d/20-pop3.conf ``` ```ini protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = quota } ``` 4.9 配置90-quota.conf ```bash $ cat /etc/dovecot/conf.d/90-quota.conf ``` ```ini plugin { quota_rule = *:storage=1G } plugin { } plugin { quota = dict:User quota::proxy::quota } plugin { } ``` 4.10 配置dovecot-sql.conf.ext ```bash $ cat /etc/dovecot/dovecot-sql.conf.ext ``` ```ini driver = mysql connect = host=localhost dbname=postfix user=postfix password=postfix default_pass_scheme = CRAM-MD5 user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1' password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1' ``` 4.11 配置dovecot-dict-sql.conf.ext ```bash $ cat /etc/dovecot/dovecot-dict-sql.conf.ext ``` ```ini connect = host=localhost dbname=postfix user=postfix password=postfix map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } ``` 4.12 重启postfix ```bash $ /etc/init.d/postfix restart ``` 4.13 重启dovecot ```bash $ /etc/init.d/dovecot restart ``` 4.14 修改dovecot日志权限 ```bash $chmod 777 /var/log/dovecot.log ```    ### **5.Foxmail测试邮箱** ![](https://image.ynotes.cn/18-8-18/39545660.jpg) ![](https://image.ynotes.cn/18-8-18/60236610.jpg) &emsp; ### **6.Postfix日常维护命令** POSTFIX目录介绍 ```bash maildrop:本地邮件放置在maildrop中,同时也被拷贝到incoming中。 incoming:放置正在到达或队列管理进程尚未发现的邮件。 active:放置队列管理进程已经打开了并正准备投递的邮件,该队列有长度的限制。 deferred:放置不能被投递的邮件。 ``` POSTFIX日常维护常用命令 ```bash 启动postfix: postfix start 停止postfix: postfix stop 重新读取postfix配置文件: postfix reload 立即投递队列中所有邮件(慎用): postfix flush 查看队列邮件: postqueue -p mailq postqueue -p |tail ``` 删除队列邮件 ```bash 停用postfix,然后用mailq查id,最后用postsuper -d id号 如果要删除一类队列,如apache@domain.org,则要写一个脚本,举例如下: mailq | tail +2 | awk 'BEGIN { RS = "" } / apache@domain\.org$/ { print $1 }' | tr -d '*!' | postsuper -d - ``` 删除用户邮箱中的邮件 ```bash cd /var/vmail/域名/用户/Maildir/cur/ grep 邮件内容 * #查找需要删除的邮件 rm 邮件文件 ``` &emsp; ### **7.补充:** `问题1:portreserve占用993 110等端口,导致登录不了的问题(如下图)` ![](https://image.ynotes.cn/18-9-28/12073177.jpg) 解决方法: ```bash $ /etc/init.d/portreserve stop $ chkconfig portreserve off ``` `问题2:Recipient address rejected: User unknown in local recipient table` ```bash vim /etc/postfix/main.cf #添加下面的配置 ``` ```ini local_recipient_maps = ``` `问题3:搭建好邮件服务器后,/var/log/maillog报大量的lost connection after AUTH from unknown 分析:通过字面意思就可以知道,是由于客户端认证失败。`[`查询`](https://mxtoolbox.com/SuperTool.aspx)`这些ip基本都是邮件黑名单ip地址。` 解决方法: 1.修改客户端连接的连接比率,值为60s内连接的上限 ```bash $ /etc/postfix/main.cf ``` ```ini smtpd_client_connection_rate_limit = 300 ``` 2.增加恶意客户端检测脚本,并自动添加ip到防火墙(或者使用fail2ban) ```bash $ vim /root/check_blacklist.sh ``` ```bash LOG='/root/blacklist.log' tail -1000 /var/log/maillog|grep "lost connection after AUTH from"|awk '{ print $NF}'|sort|uniq -c|awk '{if($1>10){print $NF}}'|awk -F '[' '{print $2}'|sed s/.$//g|while read line;do /sbin/iptables -L -n |grep $line >/dev/null 2>&1 if [ $? -ne 0 ];then echo -e "`date ` 添加\033[31m ${line}\033[0m 到防火墙黑名单 [\033[32m OK \033[0m]" 2>&1 |tee -a $LOG /sbin/iptables -A INPUT -s $line -j DROP >>$LOG 2>&1 else echo -e "`date` \033[31m${line}\033[0m 已存在防火墙黑名单 [\033[31m Exist \033[0m]" fi done ``` 添加计划任务 ```bash $ crontab -e ``` ```bash * * * * * bash /root/check_blacklist.sh ``` 抓取的黑名单ip列表:https://files.ynotes.cn/ip_blacklist.txt
阅读 937 评论 5 收藏 0
阅读 937
评论 5
收藏 0

   2018-08-13 23:05:48    2018-08-13 23:05:48   

tomcat docker 容器 docker-compose 容器编排
#### **项目目录结构** ```bash competitionShare |-- docker-compose.yml #docker-compose编排文件 |-- fastdfs #fastdfs文件服务器目录 | |-- build #编译目录 | | `-- Dockerfile #编译文件 | |-- data #数据存放目录 | | |-- storage #文件数据存储目录 | | | |-- data | | | `-- logs | | `-- tracker #tracker日志和元数据目录 | | |-- data | | `-- logs | `-- nginx | `-- logs |-- mysql | |-- conf | | `-- mysqld.cnf #mysql配置文件 | |-- data #mysql数据存放目录 | |-- db_init_sql | | `-- competitionShare.sql #项目的表结构和初始化数据sql | `-- log |-- nginx | |-- conf | | |-- mysite.template #nginx模板文件 | | `-- nginx.conf #nginx配置文件 | |-- html | | `-- competitionShare_web #项目静态站点目录 | | |-- index.html | | `-- static | |-- log | `-- ssl #ssl证书目录 | |-- demo.xxxxx.org.cn | | |-- fullchain.pem | | `-- privkey.pem | `-- fastdfs.xxxxx.org.cn | |-- fullchain.pem | `-- privkey.pem `-- tomcat #tomcat目录 |-- conf | `-- server.xml #tomcat的server.xml文件 |-- log `-- webapps |-- competitionShare #项目API接口 `-- competitionShareBackstage #项目后台 ``` #### **创建fastdfs容器使用的目录** ```bash $ mkdir fastdfs/{build,data,nginx} -p ``` build:存放fastdfs构建目录 data:存放fastdfs数据的目录 nginx:存放nginx日志 #### **创建fastdfs/build/Dockerfile** ```bash FROM alpine:3.6 MAINTAINER ynotes <admin@ynotes.cn> #编译参数 ARG HOME=/root ARG FASTDFS_VERSION=5.11 ARG LIBFASTCOMMON_VERSION=1.0.38 ARG FASTDFS_NGINX_MODULE_VERSION=1.20 ARG NGINX_VERSION=1.12.1 ARG FDFS_NGX_PORT #添加FDFS_NGX_PORT参数 ARG TRACKER_PORT #环境变量 ENV FDFS_NGX_PORT "$FDFS_NGX_PORT" #读取docker-compose的变量FDFS_NGX_PORT ENV TRACKER_PORT "$TRACKER_PORT" #读取docker-compose的变量TRACKER_PORT #下载包 RUN cd ${HOME} \ && sed -i 's#http://[^/]*/\(.*\)$#http://mirrors.aliyun.com/\1#g' /etc/apk/repositories \ && apk update \ && apk add --no-cache --virtual .build-deps bash gcc libc-dev make openssl-dev pcre-dev zlib-dev linux-headers curl gnupg libxslt-dev gd-dev geoip-dev \ && curl -fLS https://github.com/happyfish100/fastdfs/archive/V${FASTDFS_VERSION}.tar.gz -o V${FASTDFS_VERSION}.tar.gz \ && curl -fLS https://github.com/happyfish100/libfastcommon/archive/V${LIBFASTCOMMON_VERSION}.tar.gz -o V${LIBFASTCOMMON_VERSION}.tar.gz \ && curl -fLS https://github.com/happyfish100/fastdfs-nginx-module/archive/V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz -o V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz \ && curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz \ && tar xf V${FASTDFS_VERSION}.tar.gz \ && tar xf V${LIBFASTCOMMON_VERSION}.tar.gz \ && tar xf V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz \ && tar zxf nginx-${NGINX_VERSION}.tar.gz #安装包 RUN cd ${HOME}/libfastcommon-${LIBFASTCOMMON_VERSION}/ \ && ./make.sh \ && ./make.sh install \ && cd ${HOME}/fastdfs-${FASTDFS_VERSION}/ \ && ./make.sh \ && ./make.sh install \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/tracker@g" /etc/fdfs/tracker.conf.sample > /etc/fdfs/tracker.conf \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/storage@g" /etc/fdfs/storage.conf.sample > /etc/fdfs/storage.conf \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/storage@g" /etc/fdfs/client.conf.sample > /etc/fdfs/client.conf \ && sed -i 's#CORE_INCS=.*#CORE_INCS="$CORE_INCS /usr/include/fastdfs /usr/include/fastcommon/"#g' ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && sed -i 's#ngx_module_incs=.*#ngx_module_incs="/usr/include/fastdfs /usr/include/fastcommon/"#g' ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && chmod u+x ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && cd ${HOME}/nginx-${NGINX_VERSION} \ && ./configure --add-module=${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src \ && make && make install #配置包 RUN cp ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/mod_fastdfs.conf /etc/fdfs/ \ && sed -i "s#^store_path0.*#store_path0 = /data/fastdfs/storage#g" /etc/fdfs/mod_fastdfs.conf \ && sed -i "s#^url_have_group_name.*#url_have_group_name = true#g" /etc/fdfs/mod_fastdfs.conf \ && cd ${HOME}/fastdfs-${FASTDFS_VERSION}/conf/ \ && cp http.conf mime.types /etc/fdfs/ \ && echo -e "worker_processes 2;\nevents { \nworker_connections 10240; \n}\nhttp { \ninclude mime.types;\ndefault_type application/octet-stream;\nsendfile on;\nkeepalive_timeout 65;\nserver {\nlisten $FDFS_NGX_PORT;\nserver_name localhost;\nlocation ~/group([0-9])/M00 {\nngx_fastdfs_module;\n}\n}\n}">/usr/local/nginx/conf/nginx.conf #清理包 RUN rm -rf ${HOME}/* \ && apk del .build-deps gcc libc-dev make openssl-dev linux-headers curl gnupg libxslt-dev gd-dev geoip-dev \ && apk add bash pcre-dev zlib-dev #安装脚本 RUN echo -e "mkdir -p /data/fastdfs/storage/data\nmkdir -p /data/fastdfs/tracker\nln -s /data/fastdfs/storage/data /data/fastdfs/storage/data/M00\nsed -i "s/^tracker_server=.*$/tracker_server=\$HOST_IP:$TRACKER_PORT/g" /etc/fdfs/storage.conf\nsed -i "s/^tracker_server=.*$/tracker_server=\$HOST_IP:$TRACKER_PORT/g" /etc/fdfs/mod_fastdfs.conf\n/etc/init.d/fdfs_trackerd start \n/etc/init.d/fdfs_storaged start\n/usr/local/nginx/sbin/nginx\ntail -f /usr/local/nginx/logs/access.log" >/start.sh \ && chmod +x /start.sh ENTRYPOINT ["/bin/bash","/start.sh"] ``` #### **创建mysql容器使用的目录** ```bash $ mkdir mysql/{conf,data,db_init_sql,log} -p $ chmod 777 mysql/log ``` conf:存放mysql配置文件 data:存放mysql数据的目录 log:存放mysql日志,修改权限为777   #### **编辑mysql配置文件mysql/conf/mysqld.cnf** ```bash [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid default-time-zone = '+08:00' character-set-server=utf8 character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci character-set-client-handshake = FALSE innodb_buffer_pool_size = 128M sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES [client] default-character-set = utf8mb4 [mysql] default-character-set = utf8mb4 ``` #### **创建nginx容器使用的目录** ```bash $ mkdir nginx/{conf,html,log,ssl} $ mkdir nginx/ssl/{demo.xxxxx.org.cn,fastdfs.xxxxx.org.cn} $ chmod 777 nginx/log ``` conf:存放nginx的配置文件 html: 静态站点存放目录 log:存放日志目录 ssl: ssl证书存放目录 #### **编辑nginx/conf/nginx.conf** ```nginx user nginx; worker_processes 2; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { use epoll; worker_connections 10240; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/demo.xxxxx.org.cn.conf; } ``` #### **编辑nginx/conf/mysite.template** ```nginx upstream my_tomcat{ server $TOMCAT:8080; } upstream my_fdfs{ server $FASTDFS:8888; } server { listen $NGINX_PORT; server_name $NGINX_HOST; charset utf-8; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen $NGINX_SSL_PORT ssl http2; server_name $NGINX_FASTDFS_HOST; add_header X-Frame-Options SAMEORIGIN; access_log /var/log/nginx/fastdfs.xxxxx.org.cn.access.log main; location ~ .*.(svn|Git|cvs) { deny all; } ssl_certificate "/etc/nginx/ssl/fastdfs.xxxxx.org.cn/fullchain.pem"; ssl_certificate_key "/etc/nginx/ssl/fastdfs.xxxxx.org.cn/privkey.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location ~ /group1/M00 { add_header Strict-Transport-Security max-age=86400; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://my_fdfs; } } server { listen $NGINX_SSL_PORT ssl http2 default_server; server_name $NGINX_HOST; add_header X-Frame-Options SAMEORIGIN; access_log /var/log/nginx/demo.xxxxx.org.cn.access.log main; location ~ .*.(svn|Git|cvs) { deny all; } location / { add_header Strict-Transport-Security max-age=86400; root /var/www/html/competitionShare_web; index index.html index.htm; try_files $uri $uri/ /index.html =404; } ssl_certificate "/etc/nginx/ssl/demo.xxxxx.org.cn/fullchain.pem"; ssl_certificate_key "/etc/nginx/ssl/demo.xxxxx.org.cn/privkey.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; # max upload size client_max_body_size 75M; # adjust to taste # Django media # Finally, send all non-media requests to the Django server. error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } location /competitionShare { add_header Strict-Transport-Security max-age=86400; proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_pass http://my_tomcat; } location ^~ /competitionShareBackstage { add_header Strict-Transport-Security max-age=86400; proxy_set_header Host $host:$server_port; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_pass http://my_tomcat; } } ``` #### **拷贝SSL证书到对应的nginx/ssl/{demo.xxxxx.org.cn,fastdfs.xxxxx.org.cn}目录** ```bash $ scp fullchain.pem root@docker-host:/root/docker_compose_demo/competitionShare/nginx/ssl/demo.xxxxx.org.cn $ scp privkey.pem root@docker-host:/root/docker_compose_demo/competitionShare/nginx/ssl/demo.xxxxx.org.cn $ scp fullchain.pem root@docker-host:/root/docker_compose_demo/competitionShare/nginx/ssl/fastdfs.xxxxx.org.cn $ scp privkey.pem root@docker-host:/root/docker_compose_demo/competitionShare/nginx/ssl/fastdfs.xxxxx.org.cn ``` #### **创建tomcat容器使用的目录** ```bash $ mkdir tomcat/{conf,log,webapps} ``` conf:tomcat配置存放目录 log:存放日志目录 webapps: 项目存放目录 #### **编辑tomcat/conf/server.xml** ```xml <?xml version='1.0' encoding='utf-8'?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" /> </Host> </Engine> </Service> </Server> ``` #### **拷贝项目到tomcat/webapps目录** ```bash $ scp competitionShare root@docker-host:/root/docker_compose_demo/competitionShare/tomcat/webapps $ scp competitionShareBackstage root@docker-host:/root/docker_compose_demo/competitionShare/tomcat/webapps ``` #### **替换tomcat项目中mysql和fastdfs配置** 数据库配置 ```bash env=${PROJECT_ENV} demo.jdbc_url=${DEMO_JDBC_URL} demo.jdbc_username=${DEMO_JDBC_USER} demo.jdbc_password=${DEMO_JDBC_PASS} ``` fastdfs配置 ```bash tracker_server = fastdfs:22122 ``` #### **编辑docker-compose.yml** ```xml version: '3' services: db: image: mysql:5.7 restart: always container_name: cs_web-db environment: MYSQL_ROOT_PASSWORD: abc123456 MYSQL_DATABASE: competitionShare MYSQL_USER: demo MYSQL_PASSWORD: abc123456 volumes: - ./mysql/conf/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf - ./mysql/db_init_sql:/docker-entrypoint-initdb.d - ./mysql/data:/var/lib/mysql - ./mysql/log:/var/log fastdfs: build: context: ./fastdfs/build/ dockerfile: Dockerfile args: TRACKER_PORT: 22122 FDFS_NGX_PORT: 8888 image: fastdfs-nginx:5.11 restart: always container_name: cs_web-fastdfs environment: TRACKER_PORT: 22122 FDFS_NGX_PORT: 8888 HOST_IP: fastdfs volumes: - ./fastdfs/data:/data/fastdfs - ./fastdfs/nginx/logs:/usr/local/nginx/logs/ nginx: image: nginx:stable restart: always container_name: cs_web-nginx environment: NGINX_HOST: demo.xxxxx.org.cn NGINX_FASTDFS_HOST: fastdfs.xxxxx.org.cn NGINX_PORT: 80 NGINX_SSL_PORT: 443 TOMCAT: cs_web-tomcat FASTDFS: cs_web-fastdfs ports: - 80:80 - 443:443 volumes: - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf - ./nginx/conf/mysite.template:/etc/nginx/conf.d/mysite.template - ./nginx/ssl/demo.xxxxx.org.cn/fullchain.pem:/etc/nginx/ssl/demo.xxxxx.org.cn/fullchain.pem - ./nginx/ssl/demo.xxxxx.org.cn/privkey.pem:/etc/nginx/ssl/demo.xxxxx.org.cn/privkey.pem - ./nginx/ssl/fastdfs.xxxxx.org.cn/fullchain.pem:/etc/nginx/ssl/fastdfs.xxxxx.org.cn/fullchain.pem - ./nginx/ssl/fastdfs.xxxxx.org.cn/privkey.pem:/etc/nginx/ssl/fastdfs.xxxxx.org.cn/privkey.pem - ./nginx/log/:/var/log/nginx/ - ./nginx/html/competitionShare_web/:/var/www/html/competitionShare_web/ command: /bin/bash -c "envsubst '$$NGINX_HOST $$NGINX_PORT $$NGINX_SSL_PORT $$TOMCAT $$FASTDFS $$NGINX_FASTDFS_HOST' < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/demo.xxxxx.org.cn.conf && nginx -g 'daemon off;'" tomcat: image: tomcat:8.0.53-jre8 restart: always depends_on: - db - fastdfs container_name: cs_web-tomcat environment: PROJECT_ENV: demo JAVA_OPTS: "-Dsupplements.host=supplements" CATALINA_OPTS: "-server -Xms256M -Xmx1024M -XX:MaxNewSize=256m" DEMO_JDBC_URL: jdbc:mysql://db:3306/competitionShare??characterEncoding=UTF-8 DEMO_JDBC_USER: demo DEMO_JDBC_PASS: abc123456 FDFS_URL: https://fastdfs.demo.org.cn/ volumes: - ./tomcat/webapps:/usr/local/tomcat/webapps - ./tomcat/conf/server.xml:/usr/local/tomcat/conf/server.xml - ./tomcat/log:/log ``` #### **启动** ```bash $ docker-compose up ``` ![](https://image.ynotes.cn/18-8-14/7776948.jpg) #### **浏览器访问** ![](https://image.ynotes.cn/18-8-14/75371827.jpg)
阅读 466 评论 1 收藏 0
阅读 466
评论 1
收藏 0

   2018-08-10 16:11:21    2018-08-10 16:11:21   

docker 容器 fastdfs Dockerfile fdfs
#### **环境:** 系统: **Centos7** Docker版本: **18.03.1-ce, build 9ee9f40** 容器网络: **桥接docker0** 容器网段: **10.10.0.0/24** #### **Dockerfile文件** ```bash FROM alpine:3.6 MAINTAINER ynotes.cn <admin@ynotes.cn> #环境变量 ENV NGINX_PORT 80 ENV FASTDFS_PORT 22122 #编译参数 ARG HOME=/root ARG FASTDFS_VERSION=5.11 ARG LIBFASTCOMMON_VERSION=1.0.38 ARG FASTDFS_NGINX_MODULE_VERSION=1.20 ARG NGINX_VERSION=1.12.1 #下载包 RUN cd ${HOME} \ && sed -i 's#http://[^/]*/\(.*\)$#http://mirrors.aliyun.com/\1#g' /etc/apk/repositories \ && apk update \ && apk add --no-cache --virtual .build-deps bash gcc libc-dev make openssl-dev pcre-dev zlib-dev linux-headers curl gnupg libxslt-dev gd-dev geoip-dev \ && curl -fLS https://github.com/happyfish100/fastdfs/archive/V${FASTDFS_VERSION}.tar.gz -o V${FASTDFS_VERSION}.tar.gz \ && curl -fLS https://github.com/happyfish100/libfastcommon/archive/V${LIBFASTCOMMON_VERSION}.tar.gz -o V${LIBFASTCOMMON_VERSION}.tar.gz \ && curl -fLS https://github.com/happyfish100/fastdfs-nginx-module/archive/V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz -o V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz \ && curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz \ && tar xf V${FASTDFS_VERSION}.tar.gz \ && tar xf V${LIBFASTCOMMON_VERSION}.tar.gz \ && tar xf V${FASTDFS_NGINX_MODULE_VERSION}.tar.gz \ && tar zxf nginx-${NGINX_VERSION}.tar.gz #安装包 RUN cd ${HOME}/libfastcommon-${LIBFASTCOMMON_VERSION}/ \ && ./make.sh \ && ./make.sh install \ && cd ${HOME}/fastdfs-${FASTDFS_VERSION}/ \ && ./make.sh \ && ./make.sh install \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/tracker@g" /etc/fdfs/tracker.conf.sample > /etc/fdfs/tracker.conf \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/storage@g" /etc/fdfs/storage.conf.sample > /etc/fdfs/storage.conf \ && sed "s@/home/yuqing/fastdfs@/data/fastdfs/storage@g" /etc/fdfs/client.conf.sample > /etc/fdfs/client.conf \ && sed -i 's#CORE_INCS=.*#CORE_INCS="$CORE_INCS /usr/include/fastdfs /usr/include/fastcommon/"#g' ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && sed -i 's#ngx_module_incs=.*#ngx_module_incs="/usr/include/fastdfs /usr/include/fastcommon/"#g' ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && chmod u+x ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/config \ && cd ${HOME}/nginx-${NGINX_VERSION} \ && ./configure --add-module=${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src \ && make && make install #配置包 RUN cp ${HOME}/fastdfs-nginx-module-${FASTDFS_NGINX_MODULE_VERSION}/src/mod_fastdfs.conf /etc/fdfs/ \ && sed -i "s#^store_path0.*#store_path0 = /data/fastdfs/storage#g" /etc/fdfs/mod_fastdfs.conf \ && sed -i "s#^url_have_group_name.*#url_have_group_name = true#g" /etc/fdfs/mod_fastdfs.conf \ && cd ${HOME}/fastdfs-${FASTDFS_VERSION}/conf/ \ && cp http.conf mime.types /etc/fdfs/ \ && echo -e "worker_processes 2;\nevents { \nworker_connections 10240; \n}\nhttp { \ninclude mime.types;\ndefault_type application/octet-stream;\nsendfile on;\nkeepalive_timeout 65;\nserver {\nlisten NGINX_PORT;\nserver_name localhost;\nlocation ~/group([0-9])/M00 {\nngx_fastdfs_module;\n}\n}\n}">/usr/local/nginx/conf/nginx.conf #清理包 RUN rm -rf ${HOME}/* \ && apk del .build-deps gcc libc-dev make openssl-dev linux-headers curl gnupg libxslt-dev gd-dev geoip-dev \ && apk add bash pcre-dev zlib-dev #安装脚本 RUN sed -i "s/NGINX_PORT/$NGINX_PORT/g" /usr/local/nginx/conf/nginx.conf \ && echo -e "mkdir -p /data/fastdfs/storage/data\nmkdir -p /data/fastdfs/tracker\nln -s /data/fastdfs/storage/data /data/fastdfs/storage/data/M00\nHOST_IP=\$(ip addr |grep 'scope global eth0'|awk '{ print \$2}'|awk -F/ '{ print \$1 }')\nsed -i "s/^tracker_server=.*$/tracker_server=\$HOST_IP:$FASTDFS_PORT/g" /etc/fdfs/storage.conf\nsed -i "s/^tracker_server=.*$/tracker_server=\$HOST_IP:$FASTDFS_PORT/g" /etc/fdfs/mod_fastdfs.conf\n/etc/init.d/fdfs_trackerd start \n/etc/init.d/fdfs_storaged start\n/usr/local/nginx/sbin/nginx\ntail -f /usr/local/nginx/logs/access.log" >/start.sh \ && chmod +x /start.sh EXPOSE 80 22122 23000 ENTRYPOINT ["/bin/bash","/start.sh"] ``` #### **编译镜像文件** ```bash $ docker build -t fastdfs-nginx:v5.11 . ``` #### **启动容器** ```bash $ docker run -p 80:80 -p 22122:22122 -p 23000:23000 -v /root/docker_demo/fastdfs/data:/data/fastdfs fastdfs-nginx:v5.11 ```      #### **测试机1(Centos7)** 添加路由 ```bash $ route add -net 10.10.0.0 netmask 255.255.255.0 gw 192.168.50.252 ``` 上传图片 ```bash $ fdfs_test /etc/fdfs/client.conf upload zzzz.jpg ``` ``` group_name=group1, remote_filename=M00/00/00/CgoAAVtxAhqAWpxyAAE7WHOlIPs425.jpg source ip address: 10.10.0.1 file timestamp=2018-08-13 11:59:22 file size=80728 file crc32=1940201723 example file url: http://10.10.0.1/group1/M00/00/00/CgoAAVtxAhqAWpxyAAE7WHOlIPs425.jpg storage_upload_slave_by_filename group_name=group1, remote_filename=M00/00/00/CgoAAVtxAhqAWpxyAAE7WHOlIPs425_big.jpg source ip address: 10.10.0.1 file timestamp=2018-08-13 11:59:22 file size=80728 file crc32=1940201723 example file url: http://10.10.0.1/group1/M00/00/00/CgoAAVtxAhqAWpxyAAE7WHOlIPs425_big.jpg ```    #### **测试机2(window7)** 添加路由 ```cmd > route add 10.10.0.0 mask 255.255.255.0 192.168.50.252 ``` 访问图片 ![](https://image.ynotes.cn/18-8-13/79351609.jpg)
阅读 450 评论 0 收藏 0
阅读 450
评论 0
收藏 0

   2018-08-09 15:07:32    2018-08-09 15:07:32   

nginx https X-Forwarded-Proto scheme
#### **nginx+tomcat** nginx配置: ```bash proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8181; ``` tomcat配置: ```xml <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> ```    #### **阿里云SLB+nginx+tomcat** 阿里云SLB配置: ![](https://image.ynotes.cn/18-8-9/93864542.jpg) nginx配置: ```bash proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; #http_x_forwarded_proto参数为SLB传过来的参数 proxy_pass http://127.0.0.1:8181; ``` tomcat配置: ```xml <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/> ``` #### 上面的配置,一般的访问没有问题,当页面发生302重定向会请求http的问题,出现 requested an insecure XMLHttpRequest nginx配置(nginx+tomcat) ```bash proxy_redirect http:// $scheme://; #302重定向请求的http协议转发到$scheme ``` nginx配置(阿里云SLB+nginx+tomcat) ```bash proxy_redirect http:// $http_x_forwarded_proto://; #302重定向请求的http协议转发到$http_x_forwarded_proto ```
阅读 340 评论 0 收藏 0
阅读 340
评论 0
收藏 0

   2018-08-04 18:14:23    2018-08-04 18:14:23   

分布式文件服务器 fastdfs
#### **介绍** **实验使用两台centos7机器搭建fastdfs,两台机器使用不同的group,使用阿里云SLB做负载均衡,nginx做反向代理,部署架构如下:**  ![](https://image.ynotes.cn/18-8-4/89007362.jpg) **配置两台ECS机器的host,能互相解析主机名** ```bash $ cat /etc/hosts ``` ``` 172.18.176.147 n2 n2.mytest.loc 172.18.176.146 n1 n1.mytest.loc ``` ### **[ 172.18.176.146 ]** #### 1.安装依赖库以及环境 ```bash $ yum install gcc gcc-c++ libevent libstdc++-devel pcre-devel zlib-devel make unzip ``` #### 2.安装配置libfastcommon ```bash $ wget https://github.com/happyfish100/libfastcommon/archive/V1.0.7.zip $ tar xvf V1.0.7.zip $ cd libfastcommon-1.0.7 $ ./make.sh && ./make.sh install ``` libfastcommon.so 安装到了/usr/lib64/libfastcommon.so,但是FastDFS主程序设置的lib目录是/usr/local/lib,所以需要创建软链接。 ```bash $ ln -s /usr/lib64/libfastcommon.so /usr/local/lib/libfastcommon.so $ ln -s /usr/lib64/libfastcommon.so /usr/lib/libfastcommon.so $ ln -s /usr/lib64/libfdfsclient.so /usr/local/lib/libfdfsclient.so $ ln -s /usr/lib64/libfdfsclient.so /usr/lib/libfdfsclient.so ``` #### 3.安装配置FastDFS 下载FastDFS ```bash $ wget https://github.com/happyfish100/fastdfs/archive/V5.05.zip $ tar xvf V5.05.tar.gz $ cd fastdfs-5.05 $ ./make.sh && ./make.sh install ``` #### 4.配置tracker ```bash $ cd /etc/fdfs $ cp tracker.conf.sample tracker.conf $ cat tracker.conf ``` ```bash disabled=false bind_addr= port=22122 #tracker端口号 connect_timeout=30 network_timeout=60 base_path=/data/fastdfs/tracker #tracker的日志和数据存储目录 max_connections=256 accept_threads=1 work_threads=4 store_lookup=2 store_server=0 store_path=0 download_server=0 reserved_storage_space = 10% log_level=info run_by_group= run_by_user= allow_hosts=* sync_log_buff_interval = 10 check_active_interval = 120 thread_stack_size = 64KB storage_ip_changed_auto_adjust = true storage_sync_file_max_delay = 86400 storage_sync_file_max_time = 300 use_trunk_file = false slot_min_size = 256 slot_max_size = 16MB trunk_file_size = 64MB trunk_create_file_advance = false trunk_create_file_time_base = 02:00 trunk_create_file_interval = 86400 trunk_create_file_space_threshold = 20G trunk_init_check_occupying = false trunk_init_reload_from_binlog = false trunk_compress_binlog_min_interval = 0 use_storage_id = false storage_ids_filename = storage_ids.conf id_type_in_filename = ip store_slave_file_use_link = false rotate_error_log = false error_log_rotate_time=00:00 rotate_error_log_size = 0 log_file_keep_days = 0 use_connection_pool = false connection_pool_max_idle_time = 3600 http.server_port=8080 http.check_alive_interval=30 http.check_alive_type=tcp http.check_alive_uri=/status.html ``` #### 5.配置storage ```bash $ cd /etc/fdfs $ cp storage.conf.sample storage.conf $ cat storage.conf ``` ```bash disabled=false group_name=group1 #配置group1卷组 bind_addr= client_bind=true port=23000 #storage端口号 connect_timeout=30 network_timeout=60 heart_beat_interval=30 stat_report_interval=60 base_path=/data/fastdfs/storage #storage日志路径 max_connections=256 buff_size = 256KB accept_threads=1 work_threads=4 disk_rw_separated = true disk_reader_threads = 1 disk_writer_threads = 1 sync_wait_msec=50 sync_interval=0 sync_start_time=00:00 sync_end_time=23:59 write_mark_file_freq=500 store_path_count=1 store_path0=/data/fastdfs/storage #storage文件存储路径 #store_path_count=2 #有几个存储路径,就写几个 #store_path1=/data/fastdfs/storage #storage文件存储路径 subdir_count_per_path=256 tracker_server=n1.mytest.loc:22122 #配置tracker tracker_server=n2.mytest.loc:22122 #配置tracker log_level=info run_by_group= run_by_user= allow_hosts=* file_distribute_path_mode=0 file_distribute_rotate_count=100 fsync_after_written_bytes=0 sync_log_buff_interval=10 sync_binlog_buff_interval=10 sync_stat_file_interval=300 thread_stack_size=512KB upload_priority=10 if_alias_prefix= check_file_duplicate=0 file_signature_method=hash key_namespace=FastDFS keep_alive=0 use_access_log = false rotate_access_log = false access_log_rotate_time=00:00 rotate_error_log = false error_log_rotate_time=00:00 rotate_access_log_size = 0 rotate_error_log_size = 0 log_file_keep_days = 0 file_sync_skip_invalid_record=false use_connection_pool = false connection_pool_max_idle_time = 3600 http.domain_name= http.server_port=80 ``` #### 6.启动tracker ```bash $ /usr/local/bin/fdfs_trackerd /etc/fdfs/tracker.conf ``` #### 7.启动storage ```bash $ /usr/local/bin/fdfs_storaged /etc/fdfs/storage.conf ``` #### 8.安装nginx及fastdfs-nginx-module模块(下载源码nginx编译nginx-fastdfs模块,然后替换yum安装的nginx二进制文件,你也可以直接使用源码编译的nginx) 8.1安装nginx ```bash $ yum install -y nginx $ nginx -v ``` 8.2查看安装的nginx文件的参数 ```bash $ nginx -V ``` ``` nginx version: nginx/1.12.2 (CentOS) built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --build=CentOS --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic ``` 8.3 下载fastdfs-nginx-module模块 ```bash $ wget https://github.com/happyfish100/fastdfs-nginx-module/archive/master.zip $ unzip master.zip ``` 8.4 下载源码nginx-1.12.2.tar.gz ```bash $ wget http://nginx.org/download/nginx-1.12.2.tar.gz $ tar xvr http://nginx.org/download/nginx-1.12.2.tar.gz $ cd nginx-1.12.2 ``` 8.5 源码编译nginx ```bash $ ./configure --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib64/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --user=nginx \ --group=nginx \ --build=CentOS \ --with-select_module \ --with-poll_module \ --with-threads \ --with-file-aio \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/var/cache/nginx/client_temp \ --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ --with-stream=dynamic \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module=dynamic \ --add-module=../fastdfs-nginx-module-master/src #添加fastdfs-nginx-module-master模块 $ make #编译nginx ``` 8.6 替换yum安装的nginx ```bash $ cp /usr/sbin/nginx /usr/sbin/nginx_old #备份原来的nginx $ cp objs/nginx /usr/sbin/nginx #替换yum安装的nginx ``` #### 9.配置fastdfs-nginx-module模块和nginx ```bash $ cd /etc/fdfs/ $ cp /root/fastdfs-nginx-module/src/mod_fastdfs.conf . $ cat mod_fastdfs.conf ``` ```bash connect_timeout=2 network_timeout=30 base_path=/tmp load_fdfs_parameters_from_tracker=true storage_sync_file_max_delay = 86400 use_storage_id = false storage_ids_filename = storage_ids.conf tracker_server=n1.mytest.loc:22122 tracker_server=n2.mytest.loc:22122 storage_server_port=23000 group_name=group1 url_have_group_name = true store_path_count=1 store_path0=/data/fastdfs/storage log_level=info log_filename= response_mode=proxy if_alias_prefix= flv_support = true flv_extension = flv group_count = 1 [group1] group_name=group1 storage_server_port=23000 store_path_count=1 store_path0=/data/fastdfs/storage ``` 9.1拷贝http.conf,mime.types文件(nginx的fastdfs-nginx-module模块需要用到) ```bash $ cp /root/fastdfs/conf/http.conf /root/fastdfs/conf/mime.types /etc/fdfs/ ``` 9.2配置nginx ```bash $ cat fastdfs.mytest.cn.conf ``` ``` upstream fdfs_group1{ server n1.mytest.loc:18080 weight=1 max_fails=2 fail_timeout=30s; } upstream fdfs_group2{ server n2.mytest.loc:18080 weight=1 max_fails=2 fail_timeout=30s; } server { listen 80; server_name fastdfs.mytest.cn; access_log /var/log/nginx/fastdfs.mytest.cn.access.log main; location ~ /group1/M00 { add_header Strict-Transport-Security max-age=86400; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://fdfs_group1; } location ~ /group2/M00 { add_header Strict-Transport-Security max-age=86400; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://fdfs_group2; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html/; } } #本机器ngx_fastdfs_module模块只会处理group1的读写请求 server { listen 18080; server_name 172.18.176.146; location ~ /group1/M00 { #add_header Strict-Transport-Security max-age=86400; alias /data/fastdfs/storage/data; ngx_fastdfs_module; } } ``` #### 10.启动nginx ```bash $ systemctl start nginx ``` #### 11.测试fastdfs文件服务器 11.1配置fdfs客户端文件 ```bash $ cat /etc/fdfs/client.conf ``` ```bash connect_timeout=30 network_timeout=60 base_path=/data/fastdfs/client tracker_server=n1.mytest.loc:22122 tracker_server=n2.mytest.loc:22122 log_level=info use_connection_pool = false connection_pool_max_idle_time = 3600 load_fdfs_parameters_from_tracker=false use_storage_id = false storage_ids_filename = storage_ids.conf http.tracker_server_port=80 ``` 11.2增加测试文件test.html ```bash $ cat test.html hello,fastdfs! ``` 11.3上传文件 ```bash $ fdfs_upload_file /etc/fdfs/client.conf test.html group1/M00/00/00/rBKwk1tmpJaAbf3CAAAADxawCsc58.html ``` 11.4下载文件 ```bash $ fdfs_download_file /etc/fdfs/client.conf group1/M00/00/00/rBKwk1tmpJaAbf3CAAAADxawCsc58.html test2.html ``` 11.5监控monitor ```bash $ fdfs_monitor /etc/fdfs/client.conf ``` ### **[ 172.18.176.147 ]** #### **安装libfastcommon,FastDFS,nginx,fastdfs-nginx-module模块的步骤与172.18.176.146一样,storage.conf和nginx的配置有差异** #### 12.storage的配置 ```bash $ cat /etc/fdfs/storage.conf ``` ```bash disabled=false group_name=group2 #配置group2卷组 bind_addr= client_bind=true port=23000 #storage端口号 connect_timeout=30 network_timeout=60 heart_beat_interval=30 stat_report_interval=60 base_path=/data/fastdfs/storage #storage日志路径 max_connections=256 buff_size = 256KB accept_threads=1 work_threads=4 disk_rw_separated = true disk_reader_threads = 1 disk_writer_threads = 1 sync_wait_msec=50 sync_interval=0 sync_start_time=00:00 sync_end_time=23:59 write_mark_file_freq=500 store_path_count=1 store_path0=/data/fastdfs/storage #storage文件存储路径 #store_path_count=2 #有几个存储路径,就写几个 #store_path1=/data/fastdfs/storage #storage文件存储路径 subdir_count_per_path=256 tracker_server=n1.mytest.loc:22122 #配置tracker tracker_server=n2.mytest.loc:22122 #配置tracker log_level=info run_by_group= run_by_user= allow_hosts=* file_distribute_path_mode=0 file_distribute_rotate_count=100 fsync_after_written_bytes=0 sync_log_buff_interval=10 sync_binlog_buff_interval=10 sync_stat_file_interval=300 thread_stack_size=512KB upload_priority=10 if_alias_prefix= check_file_duplicate=0 file_signature_method=hash key_namespace=FastDFS keep_alive=0 use_access_log = false rotate_access_log = false access_log_rotate_time=00:00 rotate_error_log = false error_log_rotate_time=00:00 rotate_access_log_size = 0 rotate_error_log_size = 0 log_file_keep_days = 0 file_sync_skip_invalid_record=false use_connection_pool = false connection_pool_max_idle_time = 3600 http.domain_name= http.server_port=80 ``` #### 13.nginx的配置 ```bash $ cat /etc/nginx/conf.d/fastdfs.mytest.cn.conf ``` ``` upstream fdfs_group1{ server n1.mytest.loc:18080 weight=1 max_fails=2 fail_timeout=30s; } upstream fdfs_group2{ server n2.mytest.loc:18080 weight=1 max_fails=2 fail_timeout=30s; } server { listen 80; server_name fastdfs.mytest.cn; #charset koi8-r; access_log /var/log/nginx/fastdfs.mytest.cn.access.log main; location ~ /group1/M00 { add_header Strict-Transport-Security max-age=86400; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://fdfs_group1; } location ~ /group2/M00 { add_header Strict-Transport-Security max-age=86400; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://fdfs_group2; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html/; } } #本机器ngx_fastdfs_module模块只会处理group2的读写请求 server { listen 18080; server_name 172.18.176.147; location ~ /group2/M00 { alias /data/fastdfs/storage/data; ngx_fastdfs_module; } } ``` #### 14.启动tracker ```bash $ /usr/local/bin/fdfs_trackerd /etc/fdfs/tracker.conf ``` #### 15.启动storage ```bash $ /usr/local/bin/fdfs_storaged /etc/fdfs/storage.conf ``` #### 16.启动nginx ```bash $ systemctl start nginx ``` #### 17. 测试fastdfs文件服务器 17.1上传文件 ```bash $ fdfs_upload_file /etc/fdfs/client.conf test.jpg group2/M00/00/00/rBKwk1tmrBCAXY8gAAFMEccTGrw633.jpg ``` 17.2下载文件 ```bash $ fdfs_download_file /etc/fdfs/client.conf group2/M00/00/00/rBKwk1tmrBCAXY8gAAFMEccTGrw633.jpg test2.jpg ``` 17.3监控monitor ```bash $ fdfs_monitor /etc/fdfs/client.conf ``` #### 18.配置阿里云SLB ![](https://image.ynotes.cn/18-8-5/9281487.jpg) #### 19.浏览器访问 ![](https://image.ynotes.cn/18-8-5/32712486.jpg)
阅读 64 评论 0 收藏 0
阅读 64
评论 0
收藏 0

   2018-07-25 22:23:58    2018-07-25 22:23:58   

docker 容器 容器编排 swarm 阿里云
#### **开通阿里云的容器服务** #### **创建专有网络** ![](https://image.ynotes.cn/18-7-25/43311644.jpg) #### **创建交换机** ![](https://image.ynotes.cn/18-7-25/43311644.jpg) #### **创建swarm集群** ![](https://image.ynotes.cn/18-7-25/85719142.jpg) ![](https://image.ynotes.cn/18-7-25/91643015.jpg) ![](https://image.ynotes.cn/18-7-25/99693706.jpg) ![](https://image.ynotes.cn/18-7-25/5548867.jpg) ![](https://image.ynotes.cn/18-7-25/76142867.jpg) ![](https://image.ynotes.cn/18-7-25/36572329.jpg) #### **创建编排模板** ```yaml version: '2' services: db: image: mysql:5.7 restart: always container_name: blog-db environment: MYSQL_ROOT_PASSWORD: 123456 MYSQL_DATABASE: blog MYSQL_USER: blog MYSQL_PASSWORD: 123456 volumes: - /root/blog/mysql/conf/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf - /root/blog/mysql/db_init_sql:/docker-entrypoint-initdb.d - /root/blog/mysql/data:/var/lib/mysql - /root/blog/mysql/log:/var/log networks: default: aliases: - db uwsgi-django: image: 'registry.cn-shenzhen.aliyuncs.com/sys/uwsgi-django:1.9.5' restart: always depends_on: - db container_name: blog-uwsgi-django environment: DB_NAME: blog DB_USER: blog DB_PASS: 123456 DB_PORT: 3306 WEB_URL: www.ynotes.cn volumes: - /root/blog/uwsgi-django/my_project:/usr/src/app/my_project - /root/blog/uwsgi-django/conf:/usr/src/app/uwsgi/conf command: uwsgi /usr/src/app/uwsgi/conf/config.ini networks: default: aliases: - uwsgi-django nginx: image: nginx:stable restart: always depends_on: - uwsgi-django container_name: blog-nginx environment: NGINX_HOST: www.ynotes.cn NGINX_PORT: 80 NGINX_SSL_PORT: 443 UWSGI_PORT: 8888 ports: - 8080:80 volumes: - /root/blog/nginx/conf/nginx.conf:/etc/nginx/nginx.conf - /root/blog/nginx/conf/mysite.template:/etc/nginx/conf.d/mysite.template - /root/blog/nginx/ssl/fullchain.pem:/etc/nginx/ssl/blog.itisme.co/fullchain.pem - /root/blog/nginx/ssl/privkey.pem:/etc/nginx/ssl/blog.itisme.co/privkey.pem - /root/blog/uwsgi-django/my_project/my_project/upload:/data/app/my_project/my_project/upload - /root/blog/uwsgi-django/my_project/my_project/static_all:/data/app/my_project/my_project/static_all - /root/blog/uwsgi-django/my_project/my_project/uwsgi_params:/data/app/my_project/my_project/uwsgi_params - /root/blog/nginx/log/:/var/log/nginx/ command: /bin/bash -c "envsubst < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/blog.itisme.co.conf && nginx -g 'daemon off;'" networks: default: driver: overlay ``` #### **配置安全组规则,增加22端口(方便远程拷贝项目)** ![](https://image.ynotes.cn/18-7-25/52826166.jpg) #### **上传blog项目到容器主机/root目录** ```bash $ tar xvf blog.tar.gz ``` #### **创建应用** ![](https://image.ynotes.cn/18-7-25/35869228.jpg) ![](https://image.ynotes.cn/18-7-25/31022136.jpg) #### **查看启动的服务** ![](https://image.ynotes.cn/18-7-26/43336011.jpg) #### **配置SLB负载均衡证书(把申请的证书和私钥粘贴到下面的服务器证书相对应的文本框中)** ![](https://image.ynotes.cn/18-7-26/34424767.jpg) #### **配置SLB负载端口映射(443->8080)** ![](https://image.ynotes.cn/18-7-26/11656277.jpg) ![](https://image.ynotes.cn/18-7-26/92529607.jpg) ![](https://image.ynotes.cn/18-7-26/27217610.jpg) #### **配置dns解析 `www.ynotes.cn` 到slb** #### **访问`https://www.ynotes.cn`** ![](https://image.ynotes.cn/18-7-26/68765124.jpg)
阅读 192 评论 0 收藏 0
阅读 192
评论 0
收藏 0

   2018-07-23 18:26:17    2018-07-23 18:26:17   

docker docker-compose 个人网盘 nextcloud
![](https://image.ynotes.cn/18-7-23/70377481.jpg) #### **项目目录结构** ```bash nextcloud/ ├── db.env ├── docker-compose.yml ├── mysql │   ├── conf │   │   └── mysqld.cnf │   ├── data │   └── log ├── nextcloud └── nginx ├── conf │   ├── conf.d │   │   ├── certs │   │   │   └── pan.itisme.co │   │   │   ├── fullchain1.pem │   │   │   └── privkey1.pem │   │   └── pan.itisme.co.conf │   └── nginx.conf └── log ``` #### **新建docker项目数据配置存放目录** ```bash $ mkdir /data/docker_project/nextcloud -p $ cd /data/docker_project/nextcloud ``` #### **创建mysql容器使用的目录** ```bash $ mkdir mysql/{conf,data,log} -p $ chmod 777 mysql/log ``` conf:存放mysql配置文件 data:存放mysql数据的目录 log:存放mysql日志,修改权限为777   #### **编辑mysql配置文件mysql/conf/mysqld.cnf** ```bash [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid default-time-zone = '+08:00' character-set-server=utf8 character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci character-set-client-handshake = FALSE innodb_buffer_pool_size = 128M sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES [client] default-character-set = utf8mb4 [mysql] default-character-set = utf8mb4 ``` #### **下载nextcloud-13.0.4** ```bash $ cd /data/docker_project/nextcloud $ wget https://download.nextcloud.com/server/releases/nextcloud-13.0.4.zip $ unzip nextcloud-13.0.4.zip #解压到项目的nextcloud目录 $ mkdir nextcloud/data #nextcloud数据目录 $ chmod 33.root nextcloud/{apps,config,data} -p #修改目录所属id,docker运行时生成的文件默认为uid 33,根据实际情况修改 $ chmod 0700 nextcloud/data #修改目录的权限为0700,nextcloud代码会检验是否为该权限 ``` #### **创建nginx容器使用的目录** ```bash $ mkdir nginx/conf/conf.d/certs/pan.itisme.co -p #证书存放目录 $ mkdir nginx/log $ chmod 777 nginx/log ``` conf:存放nginx的配置文件 log:存放日志目录 #### **编辑nginx/conf/nginx.conf** ```nginx user nginx; worker_processes 1; pid /var/run/nginx.pid; error_log /var/log/nginx.error.log warn; events { use epoll; worker_connections 10240; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log /dev/null; access_log /var/log/nginx/nginx.access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; } ``` #### **编辑nginx/conf/conf.d/pan.itisme.co.conf** ```nginx upstream php-handler { server app:9000; } server { listen 80; server_name pan.itisme.co; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name pan.itisme.co; ssl_certificate /etc/nginx/conf.d/certs/pan.itisme.co/fullchain1.pem; ssl_certificate_key /etc/nginx/conf.d/certs/pan.itisme.co/privkey1.pem; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; root /var/www/html; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } } ``` #### **拷贝证书到nginx/conf/conf.d/certs/pan.itisme.co目录** ```bash $ scp fullchain.pem root@docker-host:/data/docker_project/nextcloud/nginx/conf/conf.d/certs/pan.itisme.co $ scp privkey.pem root@docker-host:/data/docker_project/nextcloud/nginx/conf/conf.d/certs/pan.itisme.co ``` #### **编辑docker-compose.yml (客户端->nginx->php->db)** ```bash $ vim docker-compose.yml ``` ```yaml version: '3' services: db: image: mysql:5.7 ports: - "3306:3306" volumes: - ./mysql/conf/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf - ./mysql/data:/var/lib/mysql/:rw - ./mysql/log:/var/log/ env_file: - db.env app: image: nextcloud:fpm depends_on: - db volumes: - ./nextcloud:/var/www/html restart: always web: image: nginx ports: - 80:80 - 443:443 depends_on: - app volumes: - ./nextcloud:/var/www/html - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/conf/conf.d:/etc/nginx/conf.d/:ro - ./nginx/log/:/var/log/nginx/:rw restart: always ``` #### **增加db.env文件,数据库的环境变量** ```bash MYSQL_PASSWORD=123456 MYSQL_DATABASE=nextcloud MYSQL_USER=nextcloud MYSQL_ROOT_PASSWORD=123456 ``` #### **启动项目** ```bash $ docker-compose up ``` #### **启动项目后台运行** ```bash $ docker-compose up -d ``` #### **查看docker进程** ```bash $ docker-compose ps ``` ``` Name Command State Ports ------------------------------------------------------------------------------------------------ nextcloud_app_1 /entrypoint.sh php-fpm Up 9000/tcp nextcloud_db_1 docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp nextcloud_web_1 nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp ``` #### **浏览器访问https://pan.itisme.co/** ![](https://image.ynotes.cn/18-7-25/23443164.jpg)
阅读 360 评论 0 收藏 0
阅读 360
评论 0
收藏 0

   2018-07-17 20:19:54    2018-07-17 20:19:54   

docker 容器 docker-compose pycharm
![](https://image.ynotes.cn/18-7-23/70377481.jpg) #### 一、环境: ```bash windows7: Pycharm professional 2018.1 Docker Compose 0.14.0 Centos7(192.168.50.252): docker 18.03.1-ce ``` #### 二、开发部署流程: ```bash github拉取代码->pycharm pycharm修改代码 pycharm同步代码到docker主机(自动同步) pycharm通过docker-compose远程调用docker主机启动项目 push代码到github(测试通过) ``` #### 三、pycharm配置docker ##### 3.1.配置pycharm调用远程docker参数 a.远程docker开启TCP监听的配置(centos7,IP:192.168.50.252) ```bash $ vim /etc/systemd/system/docker.service.d/override.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock $ systemctl daemon-reload $ systemctl restart docker ``` b.pycharm 配置docker API ``` File->settings->Build,Execution,Deployment->Docker->TCP socket Engine API URL:tcp://192.168.50.252:2376 ``` ##### 3.2.配置pycharm的docker-compose和docker-machine路径 pycharm所在机器为windows7,安装Docker Toolbox,文档参考https://docs.docker.com/toolbox/toolbox_install_windows/ ``` File->settings->Build,Execution,Deployment->Docker->Tools-> Docker Machine executable:C:\Program Files\Docker Toolbox\docker-machine.exe Docker Compose executable:C:\Program Files\Docker Toolbox\docker-compose.exe ``` ##### 3.3.代码deployment配置 ``` Tools->Deployment->Configuration->Connection Type:SFTP SFTP host:192.168.50.252 Port:22 Root path:/ User name:root Password: ******* Tools->Deployment->Configuration->Mappings Local path:C:\Users\Administrator.GZLX-20180416SV\PycharmProjects\blog Deployment path on Server '192.168.50.252':/c/Users/Administrator.GZLX-20180416SV/PycharmProjects/blog ``` #### 四、pycharm拉取github上的blog代码 ``` pycharm打开的时候选择Check out from Version Control->Git ``` #### 五、pycharm通过deployment同步blog代码到远程docker主机上 ``` project->右击项目->deployment->upload to 192.168.50.252 ``` #### 六、修改同步到docker主机部分目录的可写权限(可选项,结合自己的项目) ```bash $ chmod 777 /c/Users/Administrator.GZLX-20180416SV/PycharmProjects/blog/blog/uwsgi-django/my_project/my_project/upload $ chmod 777 /c/Users/Administrator.GZLX-20180416SV/PycharmProjects/blog/blog/uwsgi-django/my_project/my_project/upload/profile_images $ chmod 777 /c/Users/Administrator.GZLX-20180416SV/PycharmProjects/blog/blog/mysql/log ``` #### 七、pycharm运行项目的docker-compose ``` 右击项目的docker-compose.yml文件,选择运行 Run 'blog/docker-compose.yml' ``` #### 八、访问部署成功的项目web页面 https://blog.itisme.co/
阅读 488 评论 0 收藏 0
阅读 488
评论 0
收藏 0

第 3 页 / 共 4 页
 
第 3 页 / 共 4 页