hmo/Deployments
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加项目文件。

Browse Source
This commit is contained in:
Dennis Mo
2020-04-26 14:39:13 +08:00
parent 80bd79f00e
commit 24d3dcf835
18 changed files with 589 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Deployments.sln Normal file
View File

@@ -0,0 +1,21 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30011.22
MinimumVisualStudioVersion = 10.0.40219.1
Project("{D954291E-2A0B-460D-934E-DC6B0785DB48}") = "Gitea", "Gitea\Gitea.shproj", "{816BEA29-9CDB-439D-BC36-D2DD6C52BC69}"
EndProject
Project("{D954291E-2A0B-460D-934E-DC6B0785DB48}") = "NginxAndLetsencrypt", "NginxAndLetsencrypt\NginxAndLetsencrypt.shproj", "{57D7CB76-1A45-4A68-A84F-7E5034096F19}"
EndProject
Global
GlobalSection(SharedMSBuildProjectFiles) = preSolution
NginxAndLetsencrypt\NginxAndLetsencrypt.projitems*{57d7cb76-1a45-4a68-a84f-7e5034096f19}*SharedItemsImports = 13
Gitea\Gitea.projitems*{816bea29-9cdb-439d-bc36-d2dd6c52bc69}*SharedItemsImports = 13
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {E0FBFB33-8BFD-4A87-A8EB-56A3D383EEC7}
EndGlobalSection
EndGlobal

22
Gitea/Gitea.projitems Normal file
View File

@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="utf-8"?>
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
<HasSharedItems>true</HasSharedItems>
<SharedGUID>816bea29-9cdb-439d-bc36-d2dd6c52bc69</SharedGUID>
</PropertyGroup>
<PropertyGroup Label="Configuration">
<Import_RootNamespace>Gitea</Import_RootNamespace>
</PropertyGroup>
<ItemGroup>
<None Include="$(MSBuildThisFileDirectory)conf.d\gitwoyue.conf" />
<None Include="$(MSBuildThisFileDirectory)gitea\docker-compose.yml" />
<None Include="$(MSBuildThisFileDirectory)gitea\mysql\config\my.cnf" />
<None Include="$(MSBuildThisFileDirectory)gitea\mysql\init\init.sql" />
<None Include="$(MSBuildThisFileDirectory)gitea\grant-permissions.sh" />
<None Include="$(MSBuildThisFileDirectory)README.md" />
</ItemGroup>
<ItemGroup>
<Folder Include="$(MSBuildThisFileDirectory)gitea\mysql\data\" />
</ItemGroup>
</Project>

13
Gitea/Gitea.shproj Normal file
View File

@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Label="Globals">
<ProjectGuid>816bea29-9cdb-439d-bc36-d2dd6c52bc69</ProjectGuid>
<MinimumVisualStudioVersion>14.0</MinimumVisualStudioVersion>
</PropertyGroup>
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.Default.props" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.props" />
<PropertyGroup />
<Import Project="Gitea.projitems" Label="Shared" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.CSharp.targets" />
</Project>

50
Gitea/README.md Normal file
View File

@@ -0,0 +1,50 @@
# Gitea
## 官网
https://gitea.io/en-us/
## 用途
低配置要求的Gitlab替代。
## 文件说明
* `docker-compose.yml`:服务配置;
## 安装说明
1. 解析域名到你的服务器;
2. 安装docker-compose参考 <a href="https://www.4spaces.org/centos-install-docker-compose/" target="_blank">CENTOS安装Docker Compose</a>
3. 完成NginxAndLetsencrypt的部署
参见相关说明。包含把sample.conf改名为gitea.conf或其他名字
4. 在/srv下复制gitea目录。cd进gitea
5. 在/srv/gitea下chmod +x ./grant-permissions.sh
6. 执行该sh脚本。注意可以通过tail -2 /etc/passwd和tail -2 /etc/group 查看新注册用户的uid和gid。如和docker-compose.yml中的不符合则应修改yml文件。
7. 参照NginxAndLetsencrypt的sample.conf中的注释说明和sampleApp中的compose文件修改docker-compose.yml的网络设置。
8. 启动服务
9. ```
docker-compose up -d
```
10. 参照NginxAndLetsencrypt的sample.conf中的注释说明获取新创建的container的ip并返回到gitea.conf中将ip填入。
11. 重启nginx的docker容器。
## 使用说明
配置文件在:/srv/gitea/gitea/gitea/conf下的app.ini
邮件smtp服务器要带端口号通常是25
## 测试环境
* CentOS Linux release 7.3.1611 (Core)

35
Gitea/conf.d/gitwoyue.conf Normal file
View File

@@ -0,0 +1,35 @@
server {
listen 80;
server_name git.woyue.org;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name git.woyue.org;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
#ip address below should changed accordingly.
proxy_pass http://192.168.16.5:3000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}

44
Gitea/gitea/docker-compose.yml Normal file
View File

@@ -0,0 +1,44 @@
version: "3.4"
networks:
gitea:
external:
name: nginxdocker_default
services:
server:
image: "gitea/gitea:latest"
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=mysql
- DB_HOST=db:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=Whynotfight?
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
ports:
- "3000:3000"
- "222:22"
depends_on:
- db
db:
image: "mysql/mysql-server"
restart: always
environment:
- MYSQL_ROOT_PASSWORD=Nowaytohide...
- MYSQL_USER=gitea
- MYSQL_PASSWORD=Whynotfight?
- MYSQL_DATABASE=gitea
networks:
- gitea
volumes:
- ./mysql/config/my.cnf:/etc/my.cnf
- ./mysql/data:/var/lib/mysql
- ./mysql/init:/docker-entrypoint-initdb.d

3
Gitea/gitea/grant-permissions.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
useradd -M -s /sbin/nologin git
chown -R git:git ../gitea

13
Gitea/gitea/mysql/config/my.cnf Normal file
View File

@@ -0,0 +1,13 @@
[mysqld]
user=gitea
default-authentication-plugin=mysql_native_password
skip-name-resolve
character-set-client-handshake=0
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
default-time-zone='+8:00'
lower_case_table_names=1
[client]
default-character-set=utf8mb4
[mysql]
default-character-set=utf8mb4

1
Gitea/gitea/mysql/init/init.sql Normal file
View File

@@ -0,0 +1 @@
GRANT ALL PRIVILEGES ON *.* TO 'gitea'@'%' WITH GRANT OPTION;

20
NginxAndLetsencrypt/NginxAndLetsencrypt.projitems Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?>
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
<HasSharedItems>true</HasSharedItems>
<SharedGUID>57d7cb76-1a45-4a68-a84f-7e5034096f19</SharedGUID>
</PropertyGroup>
<PropertyGroup Label="Configuration">
<Import_RootNamespace>NginxAndLetsencrypt</Import_RootNamespace>
</PropertyGroup>
<ItemGroup>
<None Include="$(MSBuildThisFileDirectory)docker-compose.yml" />
<None Include="$(MSBuildThisFileDirectory)init-letsencrypt.sh" />
<None Include="$(MSBuildThisFileDirectory)经验汇集.md" />
<None Include="$(MSBuildThisFileDirectory)README.md" />
<None Include="$(MSBuildThisFileDirectory)sampleApp\docker-compose.yml" />
<None Include="$(MSBuildThisFileDirectory)server\nginx\conf\conf.d\sample.conf" />
<None Include="$(MSBuildThisFileDirectory)server\nginx\conf\nginx.conf" />
</ItemGroup>
</Project>

13
NginxAndLetsencrypt/NginxAndLetsencrypt.shproj Normal file
View File

@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Label="Globals">
<ProjectGuid>57d7cb76-1a45-4a68-a84f-7e5034096f19</ProjectGuid>
<MinimumVisualStudioVersion>14.0</MinimumVisualStudioVersion>
</PropertyGroup>
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.Default.props" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.props" />
<PropertyGroup />
<Import Project="NginxAndLetsencrypt.projitems" Label="Shared" />
<Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.CSharp.targets" />
</Project>

40
NginxAndLetsencrypt/README.md Normal file
View File

@@ -0,0 +1,40 @@
# A repository fork from [https://github.com/wmnnd/nginx-certbot](nginx-certbot)
## 用途
使用`docker-compose`配置nginx并申请certbot证书。
## 文件说明
* `init-letsencrypt.sh`获取Let's Encrypt证书
* `data/nginx`nginx配置文件目录
* `docker-compose.yml`:服务配置;
## 使用说明
1.解析域名到你的服务器;
2.安装docker-compose参考 <a href="https://www.4spaces.org/centos-install-docker-compose/" target="_blank">CENTOS安装Docker Compose</a>
3.修改配置;
* 修改`init-letsencrypt.sh`文件中的域名及邮箱;
* 修改`server/nginx`中的配置文件里的域名如有必要把sample.conf改成实际的文件名。但如果不做修改只要其中的域名正确不影响证书申请。
4.申请证书
```
chmod +x ./init-letsencrypt.sh
sudo ./init-letsencrypt.sh
```
5.启动服务
```
docker-compose up -d
```
## 测试环境
* CentOS Linux release 7.3.1611 (Core)

24
NginxAndLetsencrypt/docker-compose.yml Normal file
View File

@@ -0,0 +1,24 @@
version: '3'
services:
nginx:
image: nginx:latest
restart: unless-stopped
volumes:
- ./server/nginx/conf/conf.d:/etc/nginx/conf.d
- ./server/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
- ./server/nginx/html:/usr/share/nginx/html
- ./server/nginx/logs:/var/log/nginx
- ./server/certbot/conf:/etc/letsencrypt
- ./server/certbot/www:/var/www/certbot
ports:
- "80:80"
- "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./server/certbot/conf:/etc/letsencrypt
- ./server/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

80
NginxAndLetsencrypt/init-letsencrypt.sh Normal file
View File

@@ -0,0 +1,80 @@
#!/bin/bash
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
domains=(git.woyue.org)
rsa_key_size=4096
data_path="./server/certbot"
email="staywithmo@163.com" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload

42
NginxAndLetsencrypt/sampleApp/docker-compose.yml Normal file
View File

@@ -0,0 +1,42 @@
version: "3.4"
# setting networks. important when connecting other containers.
networks:
gitea:
external:
name: nginxdocker_default
services:
server:
image: "gitea/gitea:latest"
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=mysql
- DB_HOST=db:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=pwd
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
ports:
- "3000:3000"
- "222:22"
depends_on:
- db
db:
image: "mysql:5.7.27"
restart: always
environment:
- MYSQL_ROOT_PASSWORD=rootpwd
- MYSQL_USER=gitea
- MYSQL_PASSWORD=pwd
- MYSQL_DATABASE=gitea
networks:
- gitea
volumes:
- ./mysql:/var/lib/mysql

41
NginxAndLetsencrypt/server/nginx/conf/conf.d/sample.conf Normal file
View File

@@ -0,0 +1,41 @@
server {
listen 80;
server_name git.woyue.org;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name git.woyue.org;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
#此处的IP是其他Docker Container的IP。注意
#1不需要在compose nginx和letsencrypt的阶段就配置好下面的内容
#2配置完成后执行 docker inspect nginxdocker_nginx_1 来确定所在网络名称。如:
#"Networks": {
# "nginxdocker_default": {
#3在接下来要运行的应用的docker-compose文件中指定外部网络名称为上述名称。参见sampleApp示例。
#4用docker inspect命令确定应用的container的IP填入下方即可。
proxy_pass http://172.17.0.1:17000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}

40
NginxAndLetsencrypt/server/nginx/conf/nginx.conf Normal file
View File

@@ -0,0 +1,40 @@
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
autoindex on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
#gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
include /etc/nginx/conf.d/*.conf;
}

87
NginxAndLetsencrypt/经验汇集.md Normal file
View File

@@ -0,0 +1,87 @@
# 经验汇集
## 常用指令
* Docker相关
```
docker network ls
docker network rm 【网络名称】
docker inspect 【容器id/名称】
docker logs -f -t --since="2017-05-31" --tail=10 【容器名称】 #动态查看容器日志
```
* Linux
```
history #查看历史执行命令
tail -n 20 【文件名】#查看文件的后20行
du -sh * #查看目录下的磁盘占用情况
```
* Vim
```
history #查看历史执行命令
tail -n 20 【文件名】#查看文件的后20行
```
## 坑记
### 未分类
#### 域名解析
域名解析做完整。如果要给ycmusic.cn配证书不要忘记相应添加域名解析。可以参考
如何解析设置域名添加www和不添加www都能够访问
*来自 <*[*https://jingyan.baidu.com/article/6d704a130c6d0d28db51ca3c.html*](https://jingyan.baidu.com/article/6d704a130c6d0d28db51ca3c.html)*>*
#### 文本格式导致的脚本执行错误问题
注意在windows下编辑的文本格式是dos格式需要改成unix格式才能作为sh脚本在linux下执行。否则会出现诸如
bin/bash^M: bad interpreter: No such file or directory
参考[*https://blog.csdn.net/helloxiaozhe/article/details/90347064解决*](https://blog.csdn.net/helloxiaozhe/article/details/90347064)
另外,可以采用vs的编码保存,其中指定行尾设置
#### Let's Encrypt可以添加--dry-run参数来验证运行
例如:
docker-compose run --rm --entrypoint "\
certbot certonly **--dry-run** --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
#### Nginx开启gzip
参考:https://blog.csdn.net/bigtree_3721/article/details/79849503
#### docker-compose中的特殊字符
如有特殊字符,用""将包含特殊字符的字符串包裹起来。如果有$,哪怕在引号内,也需要输入两个$$以作转义。
例如:
db:
image: "mysql:5.7.27"
restart: always
environment:
- MYSQL_ROOT_PASSWORD="mima$$woshimima"
不过,上面的又有引号又有$的设置是否正确并不确定因为初次这么设置发现无法登录通过docker exec -it 进入执行mysql -uroot -p
#### docker-compose中mysql的密码设置
第一次运行后,只要/var/lib/mysql中的数据没有改变这通常是因为已经mount到主机的特定目录那么后续的密码更改是无效的哪怕把container删了再重建也一样。所以这个时候要不然用原来密码登录要不然就是清空data目录。data目录需要有不然docker-compose up会失败