运维环境搭建
注意事项
- docker-compose的端口 建议加上单引号,例如:
- '8080:80' - docker 镜像下载不了的建议在
portainer可视化管理工具上下载 - 注意 docker 镜像版本的问题,比如
gogs最新版的则会运行出错,建议使用0.12.1版本的(跟官网宣传的二进制版本一致) - docerk 项目启动的时候可能因为没有创建或修改文件的权限,注意给映射文件分配权限
chmod 777 /usr/etc/data/gogs - 所有重要数据一定要映射出来,不然容器删除就丢失了
https://blog.csdn.net/u012731379/article/details/67639448
httpd-tools 工具
安装:
yum install -y httpd-tools
生成nginx账号密码:
htpasswd /etc/nginx/httpdwd nginx_user
jdk
# jdk运行环境
yum install java-1.8.0-openjdk
# jdk开发环境
yum install java-1.8.0-openjdk-devel.x86_64
默认安装目录:/usr/lib/jvm/
配置环境变量:执行vi /etc/profile并配置以下内容,执行source /etc/profile刷新配置
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64
JRE_HOME=$JAVA_HOME/jre
CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
export JAVA_HOME JRE_HOME CLASS_PATH PATH
其他
git
yum -y install git
默认安装目录:/usr/libexec/git-core
配置环境变量:执行vi /etc/profile并配置以下内容,执行source /etc/profile刷新配置
export PATH=$PATH:/usr/libexec/git-core
其他
maven
wget http://mirror.bit.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
tar -xvf apache-maven-3.6.3-bin.tar.gz
rm apache-maven-3.6.3-bin.tar.gz
配置环境变量:执行vi /etc/profile并配置以下内容,执行source /etc/profile刷新配置
M2_HOME=/usr/lib/maven/apache-maven-3.6.3
PATH=$PATH:${M2_HOME}/bin
export M2_HOME PATH
其他
nodejs
wget https://nodejs.org/dist/v12.18.4/node-v12.18.4-linux-x64.tar.xz
tar -xvf node-v12.18.4-linux-x64.tar.xz
rm node-v12.18.4-linux-x64.tar.xz
配置环境变量:执行vi /etc/profile并配置以下内容,执行source /etc/profile刷新配置
NODE_HOME=/usr/lib/nodejs/node-v12.18.4-linux-x64
PATH=$PATH:$NODE_HOME/bin
NODE_PATH=$NODE_HOME/lib/node_modules
export NODE_HOME NODE_PATH PATH
安装yarn
npm install -g yarn
其他
mysql数据库
#####1. 下载镜像
docker pull mysql:5.7
#####2. 配置docker-compose文件
version: '3.7'
services:
# mysql
mysql:
image: mysql:5.7
container_name: mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=123456
- TZ=Asia/Shanghai
volumes:
- /usr/etc/data/mysql:/var/lib/mysql
- /usr/etc/data/mysql_config/conf.d:/etc/mysql/conf.d
ports:
- 3306:3306
networks:
default:
driver: bridge
在/usr/etc/data/mysql_config/conf.d目录下新建文件mysqld.conf,填写内容如下:
# Default Homebrew MySQL server config
[mysqld]
# Only allow connections from localhost
skip_ssl
# 设置查询语句中group by字段不一样的问题
sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
portainer (docker可视化管理工具)
#####1. 下载镜像
docker pull portainer/portainer
#####2. 配置docker-compose文件
version: '3.7'
services:
# docker 可视化管理工具
portainer:
image: portainer/portainer
container_name: portainer
restart: always
volumes:
# 管理本地docker则需要映射该文件
- /var/run/docker.sock:/var/run/docker.sock
# 映射数据
- /usr/etc/data/portainer:/data
ports:
- 9000:9000
networks:
default:
driver: bridge
#####3. 访问{ip}/9000进行初始化,输入账号、密码、确认密码即可 #####4. 配置管理的是本地的docker(选择local即可)
其他
- 汉化(https://www.quchao.net/Portainer-CN.html)
- 使用(https://www.cnblogs.com/sanduzxcvbnm/p/13186532.html)
nexus (maven仓库管理工具)
#####1. 下载镜像
docker pull sonatype/nexus3
#####2. 配置docker-compose文件
version: '3.7'
services:
# nexus maven仓库管理工具
nexus:
image: sonatype/nexus3
container_name: nexus
restart: always
volumes:
# 映射数据,初始化密码会在数据目录下的admin.password文件中
- /usr/etc/data/nexus:/nexus-data
ports:
- 9081:8081 # 仓库访问地址
- 9082:8082 # docker(hosted)私有仓库,可以pull和push
- 9083:8083 # docker(proxy)代理远程仓库,只能pull
- 9084:8084 # docker(group)私有仓库和代理的组,只能pull
networks:
default:
driver: bridge
#####3. 访问{ip}/9081进行登录,输入初始化密码并修改密码,设置不可匿名访问
其他
Jenkins (发版管理工具)
#####1. 下载镜像
docker pull jenkins/jenkins
#####2. 配置docker-compose文件
version: '3.7'
services:
# jenkins
jenkins:
image: jenkins/jenkins
container_name: jenkins
restart: always
volumes:
- /usr/etc/data/jenkins:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /usr/lib/x86_64-linux-gnu/libltdl.so.7:/usr/lib/x86_64-linux-gnu/libltdl.so.7
ports:
- 9071:8080
- 9072:50000
networks:
default:
driver: bridge
#####3. 访问{ip}/9071进行登录,输入初始化密码并修改密码(根据提示找到linux中的密码文件)
其他
- 使用(https://blog.csdn.net/weixin_39128265/article/details/105582697)
- https://blog.51cto.com/lizhenliang/2159817
- https://www.cnblogs.com/ming-blogs/p/10903408.html
gogs(代码管理工具)
#####1. 下载镜像
目前gogs/gogs:0.12.1比较稳定
docker pull gogs/gogs:0.12.1
#####2. 配置docker-compose文件
version: '3.7'
services:
# gogs
gogs:
image: gogs/gogs:0.12.1
container_name: gogs
restart: always
environment:
- TZ=Asia/Shanghai
volumes:
- /usr/etc/data/gogs:/data
ports:
- '9041:3000'
- '9042:22'
networks:
default:
driver: bridge
#####3. 访问{ip}/9041进行初始化操作
- 填写数据库连接相关信息
- 填写配置
- 填写管理员账号
禅道zentao (项目需求管理)
#####1. 下载镜像
docker pull easysoft/zentao
#####2. 配置docker-compose文件
version: '3.7'
services:
# zentao
zentao:
image: easysoft/zentao
container_name: zentao
restart: always
environment:
- TZ=Asia/Shanghai
- MYSQL_ROOT_PASSWORD=123456
volumes:
- /usr/etc/data/zentao/pms:/www/zentaopms
- /usr/etc/data/zentao/mysql:/var/lib/mysql
ports:
- '9030:80'
- '9036:3306'
networks:
default:
driver: bridge
#####3. 访问{ip}/9030进行初始化操作
- 填写数据库连接相关信息
- 填写管理员账号
#####4. 如果需要访问数据库,则需要进入到容器里进行操作一下,添加个用户并授权运行外部访问
CREATE user 'newyetai'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON *.* TO 'newyetai'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
FLUSH PRIVILEGES;
- 1 检查配置文件是否有限制
/etc/mysql/mariadb.conf.d/50-server.cnf - 2 修改
bind-address = 127.0.0.1为bind-address = 0.0.0.0 - 3 关闭相关的防火墙或者将端口加入的白名单中
注意:
/var/lib/mysql为禅道数据库,定期备份/etc/mysql为数据库的配置
其他
vault (密码安全相关的管理工具)
#####1. 下载镜像
docker pull osixia/openldap
#####2. 配置docker-compose文件
version: '3.7'
services:
# openldap
openldap:
image: osixia/openldap
container_name: openldap
restart: always
environment:
- TZ=Asia/Shanghai
- LDAP_ORGANISATION=
- LDAP_DOMAIN=
- LDAP_ADMIN_PASSWORD=
- LDAP_CONFIG_PASSWORD=
volumes:
- /usr/etc/data/openldap/database:/var/lib/ldap
- /usr/etc/data/openldap/config:/etc/ldap/slapd.d
ports:
- '9020:389'
networks:
default:
driver: bridge
OpenLdap (统一的用户管理)
#####1. 下载镜像
docker pull osixia/openldap
#####2. 配置docker-compose文件
version: '3.7'
services:
# openldap
openldap:
image: osixia/openldap
container_name: openldap
restart: always
environment:
- TZ=Asia/Shanghai
- LDAP_ORGANISATION=newyetai
- LDAP_DOMAIN=newyetai.com
- LDAP_ADMIN_PASSWORD=123456
- LDAP_CONFIG_PASSWORD=123456
volumes:
- /usr/etc/data/openldap/database:/var/lib/ldap
- /usr/etc/data/openldap/config:/etc/ldap/slapd.d
ports:
- '389:389'
- '636:636'
networks:
default:
driver: bridge
phpldapadmin (OpenLdap 管理界面)
#####1. 下载镜像
docker pull osixia/phpldapadmin
#####2. 配置docker-compose文件
version: '3.7'
services:
# phpldapadmin
phpldapadmin:
image: osixia/phpldapadmin
container_name: phpldapadmin
restart: always
environment:
- TZ=Asia/Shanghai
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_LDAP_HOSTS=47.102.148.43
volumes:
- /usr/etc/data/phpldapadmin:/var/www/phpldapadmin
ports:
- '9021:80'
networks:
default:
driver: bridge
访问 {ip}:9021 输入以下内容进行登录
Loing DN: cn=admin,dc=newyetai,dc=com Password: Nuyatax20@)
teleport (堡垒机/跳板机)
#####1. 下载镜像
docker pull osixia/openldap
#####2. 配置docker-compose文件
version: '3.7'
services:
# openldap
openldap:
image: osixia/openldap
container_name: openldap
restart: always
environment:
- TZ=Asia/Shanghai
- LDAP_ORGANISATION=
- LDAP_DOMAIN=
- LDAP_ADMIN_PASSWORD=
- LDAP_CONFIG_PASSWORD=
volumes:
- /usr/etc/data/openldap/database:/var/lib/ldap
- /usr/etc/data/openldap/config:/etc/ldap/slapd.d
ports:
- '9020:389'
networks:
default:
driver: bridge
redis
#####1. 下载镜像
docker pull redis
#####2. 配置docker-compose文件
version: '3.7'
services:
#redis
redis:
image: redis
container_name: redis
restart: always
command: redis-server /usr/local/etc/redis/redis.conf
environment:
- TZ=Asia/Shanghai
volumes:
- /usr/etc/data/redis/data:/data
- /usr/etc/data/redis/redis.conf:/usr/local/etc/redis/redis.conf
ports:
- 6379:6379
networks:
default:
driver: bridge
mongodb
#####1. 下载镜像
docker pull mongo:4.2
#####2. 配置docker-compose文件
version: '3.7'
services:
#mongodb
mongo:
image: mongo:4.2
container_name: mongo
restart: always
environment:
- TZ=Asia/Shanghai
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=ey10s0OcruEskA2D
volumes:
- /usr/etc/data/mongodb/data/db:/data/db
ports:
- 27017:27017
networks:
default:
driver: bridge
rabbitmq
#####1. 下载镜像
docker pull rabbitmq:3-management
注意
rabbitmq:3-management是带后台管理界面的rabbitmq是不带后台管理界面的
#####2. 配置docker-compose文件
version: '3.7'
services:
#rabbitmq
rabbitmq:
image: rabbitmq:3-management
container_name: rabbitmq
restart: always
environment:
- TZ=Asia/Shanghai
- RABBITMQ_DEFAULT_USER=root
- RABBITMQ_DEFAULT_PASS=ey10s0OcruEskA2D
volumes:
- /usr/etc/data/rabbitmq:/var/lib/rabbitmq
ports:
- 5672:5672
- 15672:15672
networks:
default:
driver: bridge
nacos
#####1. 下载镜像
docker pull nacos/nacos-server:1.1.2
#####2. 配置docker-compose文件
version: '3.7'
services:
# nacos
nacos:
image: nacos/nacos-server:1.3.2
container_name: nacos
restart: always
environment:
- TZ=Asia/Shanghai
- PREFER_HOST_MODE=hostname
- MODE=standalone
- NACOS_AUTH_ENABLE=true
volumes:
- /usr/etc/data/nacos/logs:/home/nacos/logs
ports:
- "8848:8848"
networks:
default:
driver: bridge
参考资料:
- https://nacos.io/zh-cn/docs/quick-start-docker.html
- https://github.com/nacos-group/nacos-docker/blob/master/README_ZH.md
邮箱漏洞
SPF# https://service.exmail.qq.com/cgi-bin/help?subtype=1&id=20012&no=1000580
nginx 配置
#默认请求类型
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 最大请求体
client_max_body_size 200m;
# gzip
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_static on;
# 引入的其他配置
include /etc/nginx/conf.d/*.conf;