hkdev香港服务器配置
hkdev香港服务器配置
本文档介绍 hkdev香港服务器配置 的相关内容。
邮箱:https://poste.io/ https://www.faber.cc/2019/10/14/cicd/ https://nickfan.github.io/2018/01/05/caddy-hugo-acme/ https://blog.ckyol.moe/2018/06/04/caddyHexo/ https://fedoryx.github.io/%E5%88%A9%E7%94%A8-GitHub-Hexo-Docker-%E5%BF%AB%E9%80%9F%E6%9E%84%E5%BB%BA%E7%8B%AC%E7%AB%8B%E5%8D%9A%E5%AE%A2-MAC%E7%AF%87/ https://thief.one/2017/03/03/Hexo%E6%90%AD%E5%BB%BA%E5%8D%9A%E5%AE%A2%E6%95%99%E7%A8%8B/ https://www.designevo.com/cn/logo-maker/ git:git:gitea.io
https://blog.marryto.me/drone-ci-build/
博客系统: https://solo.b3log.org/#docs https://hacpai.com/sponsor https://sym.b3log.org/customers.html
https://github.com/ppoffice/hexo-theme-icarus 博客
翻墙服务
博客
临时下载 git token
https://your.email@example.com/xxx 卸载阿里云盾监控 wget http://update.aegis.aliyun.com/download/uninstall.sh chmod +x uninstall.sh ./uninstall.sh wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh chmod +x quartz_uninstall.sh ./quartz_uninstall.sh 删除残留 pkill aliyun-service rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service rm -rf /usr/local/aegis* 屏蔽云盾 IP iptables -I INPUT -s 1.2.3.4/28 -j DROP iptables -I INPUT -s 1.2.3.4/29 -j DROP iptables -I INPUT -s 1.2.3.4/28 -j DROP iptables -I INPUT -s 1.2.3.4/29 -j DROP iptables -I INPUT -s 1.2.3.4/30 -j DROP iptables -I INPUT -s 1.2.3.4/29 -j DROP iptables -I INPUT -s 1.2.3.4/32 -j DROP iptables -I INPUT -s 1.2.3.4/32 -j DROP iptables -I INPUT -s 1.2.3.4/32 -j DROP iptables -I INPUT -s 1.2.3.4/32 -j DROP iptables -I INPUT -s 1.2.3.4/32 -j DROP nginx
已安装服务 harbor docker镜像仓库 reg.jeffok.com admin Wangke0912 Imgurl pro your.email@example.com 购买 img.jeffok.com jeff Wangke.0912 gitea git.jeffok.com jeff Wangke.0912 solo blog.jeffok.com hellojeff Wangke.0912 安装基础服务
安装docker
- 配置yum源
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo - 安装docker-ce
yum -y install docker-ce - 配置docker服务模式
mkdir -p /etc/systemd/system/docker.service.d tee /etc/systemd/system/docker.service.d/hkdev.conf <<-'EOF' [Service] MountFlags=shared EOF - 配置docker内部地址
mkdir /etc/docker/ cat /etc/docker/daemon.json {"bip": "10.100.11.1/24"} - 更新docker服务并启动
systemctl daemon-reload && systemctl start docker && systemctl enable docker && systemctl status docker 安装nginx
- 配置yum源
yum install yum-utils -y yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo - 然后就可以像下面这样安装软件包,比如 openresty:
yum install openresty -y # 如果你想安装命令行工具 resty,那么可以像下面这样安装 openresty-resty 包: yum install openresty-resty -y # 命令行工具 opm 在 openresty-opm 包里,而 restydoc 工具在 openresty-doc 包里头。 # 列出所有 openresty 仓库里头的软件包: yum --disablerepo="*" --enablerepo="openresty" list available - 配置nginx
主nginx配置文件
user root; worker_processes auto; # worker_cpu_affinity 00000001 00000010 00000100 00001000 00000001 00000010 00000100 00001000; # error_log logs/error.log; # error_log logs/error.log notice; # error_log logs/error.log info; # pid logs/nginx.pid; # google_perftools_profiles /tmp/tcmalloc; worker_rlimit_nofile 102400; events { use epoll; worker_connections 102400; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$request_time" "$host" ' '"$upstream_status" "$upstream_addr" "$upstream_response_time"' ; # BEGIN ANSIBLE MANAGED BLOCK insertion 1 log_format log_json escape=json '{ "time_local": "$time_local", ' '"remote_addr": "$remote_addr", ' '"remote_port": $remote_port, ' '"remote_user": "$remote_user", ' '"referer": "$http_referer", ' '"scheme": "$scheme", ' '"server_addr": "$server_addr", ' '"server_port": $server_port, ' '"domain": "$host", ' '"protocol": "$server_protocol", ' '"method": "$request_method", ' '"uri": "$uri", ' '"query": "$query_string", ' '"status": $status, ' '"response_bytes": $body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"request_length": $request_length, ' '"request_time": $request_time, ' '"ssl_protocol": "$ssl_protocol", ' '"ssl_cipher": "$ssl_cipher", ' '"upstream_connect_time": "$upstream_connect_time",' '"upstream_addr": "$upstream_addr", ' '"upstream_status": "$upstream_status", ' '"upstream_response_time": "$upstream_response_time"' # END ANSIBLE MANAGED BLOCK insertion 1 access_log logs/access.log main; access_log logs/access_json.log log_json; map $http_upgrade $connection_upgrade { default upgrade; '' close; } sendfile on; tcp_nopush on; server_tokens off; keepalive_timeout 65; tcp_nodelay on; client_body_buffer_size 8m; client_max_body_size 300M; client_header_buffer_size 16k; large_client_header_buffers 4 16k; server_names_hash_bucket_size 512; open_file_cache max=102400 inactive=20s; open_file_cache_min_uses 1; open_file_cache_valid 30s; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml application/json application/javascript; gzip_vary on; fastcgi_buffer_size 64k; fastcgi_buffers 64 32k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; proxy_connect_timeout 8; proxy_read_timeout 120; proxy_send_timeout 120; proxy_buffer_size 1024k; proxy_buffers 4 1024k; proxy_busy_buffers_size 2048k; proxy_temp_file_write_size 2048k; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400; include vhosts_*.conf; ########################end################################# server { listen 80 default_server; server_name _; return 444; } } stream { # BEGIN ANSIBLE MANAGED BLOCK insertion 2 log_format stream_log_json escape=json '{ "time_local": "$time_local", ' '"remote_addr": "$remote_addr", ' '"protocol": "$protocol", ' '"status": $status, ' '"server_addr": "$server_addr", ' '"server_port": $server_port, ' '"bytes_sent": $bytes_sent, ' '"bytes_received": $bytes_received, ' '"session_time": "$session_time", ' '"upstream_bytes_sent": "$upstream_bytes_sent", ' '"upstream_bytes_received": "$upstream_bytes_received", ' '"upstream_connect_time": "$upstream_connect_time",' '"upstream_addr": "$upstream_addr"' '}'; # END ANSIBLE MANAGED BLOCK insertion 2 log_format tcp_proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_first_byte_time" $upstream_session_time'; include stream_*.conf; # include vhosts_stunnel_proxy.conf; } https配置文件
与nginx.conf在一起
# http_ssl.conf ssl_protocols SSLv2 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; ssl_session_cache shared:STATJGWW:64m; ssl_session_timeout 30m; 其它域名配置文件
# vhosts_jeffok.com.conf upstream kongadmin-titan { server 172.19.104.183:8001 max_fails=3 fail_timeout=10s; server 172.19.104.181:8001 max_fails=3 fail_timeout=10s; } server { listen 80; server_name kongadmin.titan.example.com; charset utf-8; access_log logs/kongadmin_titan_example.com_access.log main; access_log logs/kongadmin_titan_example.com_access_json.log log_json; error_log logs/kongadmin_titan_example.com_error.log; location / { proxy_pass http://kongadmin-titan; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } upstream bj_traefik { server 172.19.69.67 max_fails=3 fail_timeout=10s; server 172.19.69.88 max_fails=3 fail_timeout=10s; } server { #listen 80; listen 443 ssl http2; server_name bj-traefik.example.com; ssl_certificate /usr/local/nginx/conf/ssl/example.com.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key; include http_ssl.conf; charset utf-8; access_log logs/bj_traefik_example.com_access.log main; access_log logs/bj_traefik_example.com_access_json.log log_json; error_log logs/bj_traefik_example.com_error.log; location / { proxy_pass https://bj_traefik; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } tcp转发配置
# stream_jeffok.com.conf # tcp server { listen 6070; proxy_pass 172.19.130.250:6070; } # ssh pstream gitlab_ssh { server 172.19.132.137:10022; server 172.19.132.138:10022; server 172.19.132.161:10022; } server { listen 10022; access_log logs/gitlab_ssh_access.log tcp_proxy; access_log logs/gitlab_ssh_access_json.log stream_log_json; error_log logs/gitlab_ssh_error.log; proxy_pass gitlab_ssh; } # wafconfig.sec.example.com upstream waf_redis { server 172.19.104.170:16380 backup; server 172.19.104.175:16380; } server { listen 16384; proxy_pass waf_redis; } 安装配置gitea
- docker-compose文件
version: "3" networks: gitea: external: false services: server: hostname: gitea_server image: gitea/gitea:latest environment: USER_UID=1000 USER_GID=1000 DB_TYPE=postgres DB_HOST=db:5432 DB_NAME=gitea DB_USER=gitea DB_PASSWD=YOUR_PASSWORD restart: always networks: gitea volumes: ./gitea:/data /etc/timezone:/etc/timezone:ro /etc/localtime:/etc/localtime:ro ports: "10.100.11.1:3000:3000" "10.100.11.1:22:22" depends_on: db db: hostname: gitea_db image: postgres:9.6 restart: always environment: POSTGRES_USER=gitea POSTGRES_PASSWORD=YOUR_PASSWORD POSTGRES_DB=gitea networks: gitea volumes: ./postgres:/var/lib/postgresql/data 说明:数据存储在/data/gitea目录中,docker-compose需要在/data/gitea下,并使用docker-compose启动,对外端口为3000及22。
- 启动gitea
# 在/data/gitea下执行 docker-compose up -d # 在其它目录中下执行 docker-compose -f /data/gitea/docker-compose.yml up -d - 配置gitea开机启动
echo "/usr/local/bin/docker-compose -f /data/gitea/docker-compose.yml up -d" >> /etc/rc.d/rc.local - 配置使用nginx前端代理
########git.jeffok.com######## upstream gitea { server 10.100.11.1:3000 max_fails=3 fail_timeout=10s; } server { #listen 80; listen 443 ssl http2; server_name git.jeffok.com; ssl_certificate ssl/git.jeffok.com.pem; ssl_certificate_key ssl/git.jeffok.com.key; include http_ssl.conf; charset utf-8; access_log logs/git_jeffok_com_access.log main; access_log logs/git_jeffok_com_access_json.log log_json; error_log logs/git_jeffok_com_error.log; location / { proxy_pass http://gitea; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 本文由作者按照 CC BY 4.0 进行授权