apt update
apt upgrade
设置虚拟内存( 块64M x 512 = 32G )
sudo mkdir -v /var/cache/swap
cd /var/cache/swap
sudo dd if=/dev/zero of=swapfile bs=64M count=512
sudo mkswap swapfile
sudo chmod 600 swapfile
sudo swapon swapfile
swapon -s
top -bn1 | grep -i swap
echo "/var/cache/swap/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
sudo swapon -va
echo "vm.swappiness = 50" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
安装docker
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# apt-cache madison docker-ce
# docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.1~ce-0~ubuntu-xenial)
# sudo apt-get -y install docker-ce=[VERSION]
创建docker网络
docker network create app-network
安装letsencrypt
docker run --rm neilpang/acme.sh
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --set-default-ca --server letsencrypt
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --register-account -m [email protected]
# 移除
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --remove -d *.onforyou.com
获取证书 ,使用DNS API(阿里云)的方式进行获取证书可以在 n 天以后会自动更新
方法一:
docker run -e Ali_Key='阿里云key' -e Ali_Secret='阿里云秘钥' --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang
/acme.sh --issue --test --dns dns_ali -d *.onforyou.cn
方法二(推荐):
export Ali_Key="阿里云key"
export Ali_Secret="阿里云秘钥"
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --issue --test --dns dns_ali -d *.onforyou.com 测试环境申请证书,浏览器不可信证书
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --issue --dns dns_ali -d *.onforyou.com 正式环境申请证书,浏览器可信证书
如果不成功,vi /data/letsencrypt/account.conf ,添加下面2行,再申请证书
Ali_Key="阿里云key"
Ali_Secret="阿里云秘钥"
定时任务
创建 /data/crontab/crontab-renewCert-restart-nginx.sh 文件, 内容:
docker run --rm -it -v /data/letsencrypt/:/acme.sh --net=host neilpang/acme.sh --renew-all && docker restart nginx
定时更新证书(证书90天过期前更新)
crontab -e
# 每月15日4点10分执行
10 4 15 * * /data/crontab/crontab-renewCert-restart-nginx.sh
安装nginx
mkdir /data/nginx
mkdir /data/nginx/conf
mkdir /data/nginx/logs
mkdir /data/nginx/www
docker run --name nginx -p 80:80 -p 443:443 --network app-network -v /data/nginx/www/:/usr/share/nginx/html/ -v /data/nginx/logs/:/var/log/nginx/ -v /data/nginx/conf/:/etc/nginx/conf.d/ -v /data/letsencrypt/:/etc/SSL/certs/ -d nginx
安装ping命令
docker exec -it nginx /bin/bash
apt-get update && apt-get install -y iputils-ping
----------------------------------------------------------------
server {
listen 80;
listen [::]:80;
server_name test.onforyou.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name test.onforyou.com;
ssl_certificate /etc/SSL/certs/*.onforyou.com_ecc/fullchain.cer;
ssl_certificate_key /etc/SSL/certs/*.onforyou.com_ecc/*.onforyou.com.key;
ssl_trusted_certificate /etc/SSL/certs/*.onforyou.com_ecc/ca.cer;
location / {
proxy_pass http://docker_demo:8080;
proxy_set_header Host $host;#保留代理之前的host
proxy_set_header X-Real-IP $remote_addr;#在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_redirect default;#指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# for websocket 60 auto disconnect
proxy_read_timeout 7200s;
}
}
---------------------------------------------------------------
server {
listen 80;
listen [::]:80;
server_name blog.onforyou.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name blog.onforyou.com;
ssl_certificate /etc/SSL/certs/*.onforyou.com_ecc/fullchain.cer;
ssl_certificate_key /etc/SSL/certs/*.onforyou.com_ecc/*.onforyou.com.key;
ssl_trusted_certificate /etc/SSL/certs/*.onforyou.com_ecc/ca.cer;
location / {
proxy_pass http://mblog:2222;
proxy_set_header Host $host;#保留代理之前的host
proxy_set_header X-Real-IP $remote_addr;#在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_redirect default;#指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# for websocket 60 auto disconnect
proxy_read_timeout 7200s;
}
}
安装redis
创建目录
创建redis.conf文件
chmod -R 777 /data/redis
# echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf
#
docker run -it -d \
-p 6379:6379 \
-v /data/redis/data:/data/redis/data \
-v /data/redis/conf/redis.conf:/etc/redis/redis.conf \
-v /data/redis/logs:/var/log/redis \
--name redis \
--network=app-network \
redis redis-server /etc/redis/redis.conf
内网连接:
docker exec -it redis redis-cli -h localhost -p 6379 -a 密码
# 需要开启外网访问
docker exec -it redis redis-cli -h 外网ip -p 6379 -a 密码
---------------------------- redis.conf --------------------------------
bind 0.0.0.0 ::
port 6379
timeout 0
# docker应用 不需要用守护进程
daemonize no
#pidfile /var/run/redis_6379.pid
databases 16
requirepass 密码
loglevel notice
logfile /var/log/redis/redis.log
# 持久化
appendonly yes
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
# 快照
rdbchecksum yes
rdbcompression yes
dbfilename dump.rdb
dir /data/redis/data/
save 900 1
save 300 10
save 60 10000
安装mysql
mkdir /data/mysql
mkdir /data/mysql/data
mkdir /data/mysql/conf
mkdir /data/mysql/logs
docker run -it -d \
--name mysql \
-p 3306:3306 \
-v /data/mysql/data:/var/lib/mysql \
-v /data/mysql/conf:/etc/mysql/conf.d \
-v /data/mysql/logs:/var/log/mysql \
-e MYSQL_ROOT_PASSWORD=密码 \
-e MYSQL_ROOT_HOST=% \
--network=app-network \
mysql:8.0.35
# 登录数据库
docker exec -it mysql /bin/bash
mysql -uroot -p --default-character-set=utf8mb4
输入密码
# 创建新的超级管理员用户
CREATE USER 'username'@'%' IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%';
FLUSH PRIVILEGES;
# 禁止用户名为“root”的用户进行远程访问
delete from mysql.user WHERE User='root' AND Host='%';
FLUSH PRIVILEGES;
----------------------------- my.cnf ----------------------------------
[mysqld]
server-id=1
character-set-server=utf8
default_authentication_plugin=mysql_native_password
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
max_connections=300
max_allowed_packet=64M
log-error=/var/log/mysql/mysql_error.log
general_log=ON
general_log_file=/var/log/mysql/mysql_general.log
log-bin=mysql-bin
binlog-format=mixed
binlog_expire_logs_seconds=2592000
max_binlog_size=100M
slow_query_log=ON
slow_query_log_file=/var/log/mysql/mysql_slow_query.log
long_query_time=5
[client]
default-character-set=utf8
[mysql]
注意:本文归作者所有,未经作者允许,不得转载