简介:本部署适用:本地测试环境部署,存在本地服务器,内网开发,部署采用私有容器和本地打包自动上传的方式
云服务器建议直接使用jenkins自动化部署,可以一键式操作
后续打包只需要关注 后端 [推送项目并启动项目容器](#推送项目并启动项目容器) 步骤 123467 1.修改端口号为动态并maven打包 2.测试机拉取最新镜像 3.运行容器 4.重启nginx容器 前端 [前端项目部署](#前端项目部署) 1.解压前端项目到webapps,包名为dist
环境配置 系统
openssl: 生成自签名证书,用于测试环境,防止推送代码https请求失败 unzip: 解压各种软件包和zip文件 htpasswd: 基本认证文件,用于对文件添加用户认证 python3-pip3: 7版本用的pip可能有些无法下载(需要设置两者共存-软链接方式)
yum -y update 下载软件 yum install -y httpd
安装docker
删除旧版本–如果以前安装过
yum remove docker docker-common docker-selinux docker-engine
安装需要的包
yum install -y yum-utils device-mapper-persistent-data lvm2
设置yum源(后续版本可能失效,需要去相应的仓库获取id)
查看docker版本–现在使用的是docker-ce,docker已经未更新
yum list docker-ce –showduplicates | sort -r
安装最新版本或者选择一个版本
yum -y install docker-ce
yum -y install docker-ce-18.03.1.ce
启动docker设置开机自启
systemctl start docker
systemctl enable docker
搭建docker-registry–仅用于当前测试,后续移交harbor 前期准备 配置,阿里云镜像和信任私有仓库
# vim /etc/docker/daemon.json { "insecure-registries": ["192.168.9.154:2112"], # 私有仓库ip:端口 多个以,隔开 "registry-mirrors": [ # docker国内镜像 "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com" ] }
# 重新加载某个服务的配置文件 sudo systemctl daemon-reload # 重新启动 docker sudo systemctl restart docker
信任私有仓库并配置认证 私有镜像仓库是部署在本地,要确保私有仓库的安全性,需要一个安全认证证书,防止发生意想不到的事情。所有需要在搭建私有仓库的Docker主机上先生成自签名证书
mkdir -p /usr/local/registry/certs
openssl req:创建证书签名请求等功能; -newkey: 创建 CSR 证书签名文件和 RSA 私钥文件; rsa:2048:指定创建的 RSA 私钥长度为 2048; -nodes:对私钥不进行加密; -sha256:使用 SHA256 算法; -keyout:创建的私钥文件名称及位置; -x509:自签发证书格式; -days:证书有效期; -out:指定 CSR 输出文件名称及位置; 》》openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/registry/certs/domain.key -x509 -days 365 -out /usr/local/registry/certs/domain.crt Generating a 2048 bit RSA private key ..............+++ ............................+++ writing new private key to '/usr/local/registry/certs/domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:国家 State or Province Name (full name) []:SC 省 Locality Name (eg, city) [Default City]:CD 城市 Organization Name (eg, company) [Default Company Ltd]:机构名称 Organizational Unit Name (eg, section) []:组织单位名称 Common Name (eg, your name or your server's hostname) []:xx.96.104.xxx hostname域名(此处为主机ip) Email Address []:xxxxx@163.com
htpasswd 是 apache http 的基本认证文件,使用 htpasswd 命令可以生成用户及密码文件 # 创建存储鉴权密码文件目录 mkdir -p /usr/local/registry/auth # 如果没有 htpasswd 功能需要安装 httpd yum install -y httpd # 创建用户和密码 htpasswd -Bbn root 123456 > /usr/local/registry/auth/htpasswd
私有仓库创建与操作 创建 -d:后台运行容器; --name:为创建的容器命名; -p:表示端口映射,前者是宿主机端口,后者是容器内的映射端口。可以使用多个 -p 做多个端口映射; -v:将容器内 /var/lib/registry 目录下的数据挂载至宿主机 /mydata/docker_registry 目录下 docker run -di --name registry -p 2112:5000 -v /mydata/docker_registry:/var/lib/registry -v /usr/local/registry/certs:/certs -v /usr/local/registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry
操作 (需要登陆后才可以操作)
[root ~]# docker login xx.96.194.xx:2112 Username: root Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
推送镜像到私有仓库–有些基本环境如jdk8等需要提前准备
先给镜像设置标签 docker tag local-image:tagname new-repo:tagname docker tag jdk8:latest xx.96.194.xx:2112/hhyunerp_software/jdk8:latest 再将镜像推送至私有仓库 docker push xx.96.194.xx:2112/hhyunerp_software/jdk8:latest
查看私有仓库镜像(此处做了目录挂载,可以直接文件看,也可链接看)
文件:ll /mydata/docker_registry/docker/registry/v2/repositories/ 链接: https://192.168.9.154:2112/v2/_catalog
docker logout xx.96.194.xx
后端项目测试搭建(集群模式) 暂时以docker搭建,后续迁移到kubesphere,直接一键部署
redis配置 直接下载安装包进行安装,容器操作后续在kubesphere中进行
推送项目并启动项目容器 1.修改application.yml -- 将地址修改为动态 --启动容器时指定端口 port:8080 ----- port:${docker.port} 2.打包: 直接maven 中 clean package打包即可,采用jib直接推送到私有仓库中 3.查看私有仓库镜像是否增加一个新的以当前时间戳为准的tags https://192.168.9.154:2112/v2/hhyunerp_java/tags/list 4.docker拉取最新的镜像tags docker pull hhyunerp_java 5. 创建网桥--便于容器通信 docker network create —driver bridge nginx_bridge 6. 部署--分两次,端口号分别指定 8090 8091 配置乱码问题、日志映射本地等 docker run -di --name hhyunerp_java_8090 --network nginx_bridge -e "docker.port=8090" -e LANG=en_US.UTF-8 -e LANGUAGE=en_US:en -e LC_ALL=en_US.UTF-8 -p 8090:8090 -v /mydata/hhyunerp_java_logs/logs_1:/logs 192.168.9.154:2112/hhyunerp_java:latest docker run -di --name hhyunerp_java_8091 --network nginx_bridge -e "docker.port=8091" -e LANG=en_US.UTF-8 -e LANGUAGE=en_US:en -e LC_ALL=en_US.UTF-8 -p 8091:8091 -v /mydata/hhyunerp_java_logs/logs_2:/logs 192.168.9.154:2112/hhyunerp_java:latest 7. 查看是否成功部署 docker ps -a
nginx负载均衡 nginx下载与安装
docker 安装 nginx
docker pull nginx
在主机上创建nginx的配置文件
mkdir /mydata/nginx/conf cd /mydata/nginx/conf vi nginx.conf 注意:server需要与容器项目名一致
nginx.conf events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream dispense { server hhyunerp_java_8090:8090 weight=1; server hhyunerp_java_8091:8091 weight=2; } server { listen 8080; server_name localhost; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://dispense; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
运行docker:nginx镜像-并加载本地配置 docker run --name=hhyunerp_java_nginx -p 8080:8080 --network nginx_bridge --env hhyunerp_java_8090=hhyunerp_java_8090 --env hhyunerp_java_8091=hhyunerp_java_8091 -v /mydata/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -d nginx:latest
查看三个容器是否都成功启动 docker ps -a
使用请求 : 192.168.9.154:8080即可测试负载均衡是否成功
前端项目测试搭建(单体模式) 暂时以tomcat搭建,后续迁移到kubesphere,直接一键部署
安装tomcat
mkdir /mydata/tomcat ce /mydata/tomcat tar -zxvf apache-tomcat-8.5.84.gz
vi /conf/server.xml
Connector port="3000" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> Connector executor="tomcatThreadPool" port="3000" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Host name ="localhost" appBase ="webapps" unpackWARs ="true" autoDeploy ="true" > ;下面加这一行,后续前端项目放在/webapps/dist中 <Context path ="" docBase ="dist" > ;
前端项目部署 1.本地打包压缩后上传到服务器 1.1 修改asset/js/config.js vango.api_base = "http://192.168.9.154:8080/hhyunerp"; 1.2 修改login.js ajax其中一个的登陆接口 2.解压到/mydata/tomcat/apache-tomcat-8.5.84/webapps/dist/ index.html所在位置需时在dist文件夹下 unzip ~/dist.zip 3.重启tomcat systemctl restart tomcat.service
设置开机自启动 tomcat 1. 创建/usr/lib/systemd/system添加tomcat.service文件 [Unit] Description=Tomcat After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/mydata/tomcat/apache-tomcat-8.5.84/bin/startup.sh ExecStop=/mydata/tomcat/apache-tomcat-8.5.84/bin/shutdown.sh PrivateTmp=true [Install] WantedBy=multi-user.target 2.重新加载配置 systemctl daemon-reload 3.把tomcat加入开机自启动 systemctl enable tomcat.service 4.查看状态 systemctl status tomcat.service 5.启动和停止服务 systemctl start/stop tomcat.service
定期清理私有仓库 进入本地映射仓库,直接删除tags文件即可清理所有的上传打包文件,或者删除最老的几个文件即可 删除以前不用拉取下来的镜像 先停止与该镜像有关的服务,再进行删除 docker rmi 镜像ID
