记一次生产项目的实施部署

<谨供参考>

架构图

0001机器

docker安装

• 更新yum
  yum update
• 安装 yum-utils，它提供了 yum-config-manager，可用来管理yum源
  sudo yum install -y yum-utils
• yum添加软件源
  sudo yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
• 然后刷新缓存
  sudo yum makecache fast
• 然后安装docker-ce
  sudo yum install docker-ce
• 启动 docker
  sudo systemctl start docker
• 验证是否安装成功
  sudo docker info
• 开机启动
  sudo systemctl enable docker

docker-compose安装

1

将docker-compose文件上传到 /usr/local/bin/ 文件夹下，修改此文件的权限，增加可执行：chmod +x /usr/local/bin/docker-compose

nginx

1. 添加源

到 cd /etc/yum.repos.d/ 目录下,新建 vim nginx.repo 文件,输入以下信息

1
2
3
4
5
6
7
8
9
10
11
12
13

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

2. 安装Nginx

• 看是否已经添加源成功。如果成功则执行下列命令安装nginx。
  yum search nginx

• 安装nginx。
  yum install nginx

• 安装完后， 查看
  rpm -qa | grep nginx

• 启动nginx：
  systemctl start nginx

• 加入开机启动：
  systemctl enable nginx

• 查看nginx的状态：
  systemctl status nginx

3. 修改nginx配置文件内容如下(见附件)
4. 重启nginx

• 检测
  nginx -t
• 平滑重启
  nginx -s reload

other

keycloak

• https://github.com/ivangfr/keycloak-clustered.git
• https://www.keycloak.org/2019/05/keycloak-cluster-setup.html

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  services: keycloak: image: ivanfranchin/keycloak-clustered:12.0.4 command: "-Djboss.node.name=0001 -Djboss.bind.address.management=0.0.0.0 -Djboss.bind.address.private=0.0.0.0 -Djboss.bind.address=0.0.0.0" volumes: - /etc/localtime:/etc/localtime:ro privileged: true environment: - CACHE_OWNERS=2 - DB_VENDOR=xxx - DB_ADDR=xxx - DB_PORT=xxx - DB_DATABASE=xxx - DB_USER=xxx - DB_PASSWORD=xxx - KEYCLOAK_USER=xxx - KEYCLOAK_PASSWORD=xxx - JGROUPS_DISCOVERY_EXTERNAL_IP=本地ip - JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING - JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=java:jboss/datasources/KeycloakDS - PROXY_ADDRESS_FORWARDING=true ports: - 8081:8080 - 8443:8443 - 7600:7600

• [去掉ssl要求] - keycloak 用私有地址可以不使用ssl登录方式，如果用公网就需要用ssl登录方式。去掉ssl要求方式 - 站内搜索keycloak

rabbitmq

• [Docker搭建RabbitMQ双节点集群] - 搜索: Docker搭建RabbitMQ双节点集群

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  version: '3' services: rabbitmq: image: rabbitmq:3.8.14-management privileged: true container_name: rabbitmq01 hostname: rabbitmq01 volumes: - /opt/rabbitmq/data:/var/lib/rabbitmq - /opt/rabbitmq/log:/var/log/rabbitmq - /etc/localtime:/etc/localtime:ro environment: RABBITMQ_ERLANG_COOKIE: rabbitmqCookie extra_hosts: - "rabbitmq01:xxx" - "rabbitmq02:xxx" ports: - 5671:5671 - 5672:5672 - 15672:15672 - 4369:4369 - 25672:25672

server(服务)

• Quarkus

• Dockerfile

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3 ARG JAVA_PACKAGE=java-11-openjdk-headless ARG RUN_JAVA_VERSION=1.3.8 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' # Install java and the run-java script # Also set up permissions for user `1001` RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \ && microdnf update \ && microdnf clean all \ && mkdir /deployments \ && chown 1001 /deployments \ && chmod "g+rwX" /deployments \ && chown 1001:root /deployments \ && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \ && chown 1001 /deployments/run-java.sh \ && chmod 540 /deployments/run-java.sh \ && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size. ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" COPY lib/* /deployments/lib/ COPY *-runner.jar /deployments/app.jar EXPOSE 8088 USER 1001 ENTRYPOINT [ "/deployments/run-java.sh" ]

• docker-compose

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  version: '3' services: xxx: image: xxx build: context: . container_name: xxx hostname: xxx restart: always volumes: - /opt/xxx/config:/deployments/config - /opt/xxx/logs:/deployments/logs - /etc/localtime:/etc/localtime:ro ports: - 8088:8088

nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

upstream keycloak {
    server xxx:8081;
    server xxx:8081;
}
upstream server {
    server xxx:8088;
    server xxx:8088;
}
# front
location / {
    root  /opt/xxx/front;
    index  index.html index.htm;
}
# server
location /server {
    proxy_redirect off;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size 300m;
    proxy_pass http://server;
}
# keycloak
location /auth/ {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://keycloak;
}
# 与http模块同级
stream {
    upstream rabbitmq {
        server xxx:5672;
        server xxx:5672;
    }
    server {
      listen xxx;
      proxy_pass rabbitmq;
    }
}

0002机器

同1