diff --git a/Gitea/Gitea.projitems b/Gitea/Gitea.projitems
index 81f9b21..73bd25c 100644
--- a/Gitea/Gitea.projitems
+++ b/Gitea/Gitea.projitems
@@ -14,7 +14,10 @@
+
+
+
diff --git a/Gitea/README.md b/Gitea/README.md
index e5b9386..26f29c3 100644
--- a/Gitea/README.md
+++ b/Gitea/README.md
@@ -18,7 +18,7 @@ https://gitea.io/en-us/
2. 安装docker-compose,参考: CENTOS安装Docker Compose;
-3. 完成NginxAndLetsencrypt的部署;
+3. 完成NginxAndLetsencrypt的部署(或acme,参看acme项目的实例研究1);
参见相关说明。(包含把sample.conf改名为gitea.conf或其他名字)
@@ -28,14 +28,19 @@ https://gitea.io/en-us/
6. 执行该sh脚本。注意,可以通过tail -2 /etc/passwd和tail -2 /etc/group 查看新注册用户的uid和gid。如和docker-compose.yml中的不符合则应修改yml文件。
-7. 执行 docker inspect nginxdocker_nginx_1 来确定nginx所在网络名称:
+7. 执行docker ps来查看当前的docker实例,找到其中的nginx实例:
+
+ ......
+ 84e4e7a719e8 nginx:latest "/bin/sh -c 'while :…" 17 months ago Up 5 weeks 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp **nginx_nginx_1**
+
+8. 执行 docker inspect nginx_nginx_1来确定nginx所在网络名称:
```
"Networks": {
- "nginxdocker_default": {
+ "nginx_firstnet": {
```
-8. 执行 docker network inspect nginxdocker_default 来确定一些网络信息:
+9. 执行 docker network inspect nginx_firstnet 来确定一些网络信息:
```
"IPAM": {
@@ -43,24 +48,64 @@ https://gitea.io/en-us/
"Options": null,
"Config": [
{
- "Subnet": "192.168.16.0/20",
- "Gateway": "192.168.16.1"
+ "Subnet": "172.20.0.0/16"
}
]
},
+ ......
+ "Containers": {
+ "84e4e7a719e8a904255ebcb522ce73ff8d0f2340a42d12969cead432ecdf4b77": {
+ "Name": "nginx_nginx_1",
+ "EndpointID": "f7a35255526ed39931e018ad27c2bcc448840f77f4de9666baa4416c396c03a7",
+ "MacAddress": "02:42:ac:14:00:02",
+ "IPv4Address": "172.20.0.2/16",
+ "IPv6Address": ""
+ },
+ "e390b8cbe5075efed7fb834acd74fe7ae84cc685249362b4802abb1e626fc909": {
+ "Name": "frps_server_1",
+ "EndpointID": "04f759a5e894e9286720946763b123f805c76d869697113e83f53e516ed75c4b",
+ "MacAddress": "02:42:ac:14:00:03",
+ "IPv4Address": "172.20.0.3/16",
+ "IPv6Address": ""
+ }
+ },
+
```
-9. 根据上述两点网络相关的信息修改gitea的docker-compose文件中的对应部分,并指定固定IP。
+ 可以看到,现有的网段和网络中已有实例的IP。我们可以据此规划gitea实例的IP。
-9. 将需要nginx代理的应用设置的固定IP填入之前的gitea.conf。
+10. 根据上述两点网络相关的信息修改gitea的docker-compose文件中的对应部分,并指定固定IP。
-11. 重启nginx的docker容器。
+11. 将需要nginx代理的应用设置的固定IP填入之前的gitea.conf。
-12. 启动gitea的docker-compose
+12. 重启nginx的docker容器。
-13. ```
- docker-compose up -d
- ```
+ 问题发现:重启失败。查看nginx的日志
+
+ - 首先是错误:unknown directive "server"
+
+ [root@ngork logs]# tail -20 error.log
+ 2021/10/29 14:01:25 [emerg] 7#7: unknown directive "?server" in /etc/nginx/conf.d/gitwoyue.conf:1
+
+ 在开发环境(windows),编码保存为简体中文936解决。原为utf-8。其实,这很奇怪,与一般的认知是相反的。
+
+ - 然后是open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/gitwoyue.conf:22
+
+ 注释掉即可。
+
+13. 启动gitea的docker-compose
+
+ `docker-compose up -d`
+
+14. 访问网站。初始化
+
+ 例如,git.woyue.org。
+
+ 这里,注意参考用到的compose文件,确认用户名是否需要修改(默认git)
+
+ 另外,需要创建一个空的数据库。默认名是gitea。
+
+
## 使用说明
- 配置文件在:/srv/gitea/gitea/gitea/conf下的app.ini
@@ -71,7 +116,8 @@ https://gitea.io/en-us/
## 测试环境
* CentOS Linux release 7.3.1611 (Core)
-
+
```
- ```
\ No newline at end of file
+ ```
+
diff --git a/Gitea/conf.d/gitwoyue.conf b/Gitea/conf.d/gitwoyue.conf
index 08bf5fb..2eb0ef1 100644
--- a/Gitea/conf.d/gitwoyue.conf
+++ b/Gitea/conf.d/gitwoyue.conf
@@ -1,4 +1,4 @@
-server {
+server {
listen 80;
server_name git.woyue.org;
server_tokens off;
@@ -19,12 +19,12 @@ server {
ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem;
- include /etc/letsencrypt/options-ssl-nginx.conf;
+ #include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
#ip address below should changed accordingly.
- proxy_pass http://192.168.16.5:3000;
+ proxy_pass http://172.20.0.15:3000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/Gitea/gitea/docker-compose.yml b/Gitea/gitea/docker-compose.yml
index c1ad877..3c83f52 100644
--- a/Gitea/gitea/docker-compose.yml
+++ b/Gitea/gitea/docker-compose.yml
@@ -4,10 +4,10 @@ version: "3.4"
networks:
gitea:
external:
- name: nginxdocker_default
+ name: nginx_firstnet
ipam:
config:
- - subnet: 192.168.16.0/20
+ - subnet: 172.20.0.0/16
services:
server:
@@ -23,7 +23,7 @@ services:
restart: always
networks:
gitea:
- ipv4_address: 192.168.16.15
+ ipv4_address: 172.20.0.15
volumes:
- ./gitea:/data
ports:
@@ -42,8 +42,9 @@ services:
- MYSQL_DATABASE=gitea
networks:
gitea:
- ipv4_address: 192.168.16.14
+ ipv4_address: 172.20.0.14
volumes:
- ./mysql/config/my.cnf:/etc/my.cnf
- ./mysql/data:/var/lib/mysql
- - ./mysql/init:/docker-entrypoint-initdb.d
\ No newline at end of file
+ - ./mysql/init:/docker-entrypoint-initdb.d
+ - /etc/passwd:/etc/passwd #οhttps://blog.csdn.net/qq_23953717/article/details/106668048
diff --git a/Gitea/gitea_nodb/docker-compose.yml b/Gitea/gitea_nodb/docker-compose.yml
new file mode 100644
index 0000000..ed557c0
--- /dev/null
+++ b/Gitea/gitea_nodb/docker-compose.yml
@@ -0,0 +1,31 @@
+
+version: "3.4"
+
+networks:
+ gitea:
+ external:
+ name: nginx_firstnet
+ ipam:
+ config:
+ - subnet: 172.20.0.0/16
+
+services:
+ server:
+ image: "gitea/gitea:latest"
+ environment:
+ - USER_UID=1000
+ - USER_GID=1000
+ - DB_TYPE=mysql
+ - DB_HOST=172.18.184.137:3306
+ - DB_NAME=gitea
+ - DB_USER=nrs
+ - DB_PASSWD=Whynotfight
+ restart: always
+ networks:
+ gitea:
+ ipv4_address: 172.20.0.15
+ volumes:
+ - ./gitea:/data
+ ports:
+ - "3000:3000"
+ - "222:22"
\ No newline at end of file
diff --git a/Gitea/gitea_nodb/grant-permissions.sh b/Gitea/gitea_nodb/grant-permissions.sh
new file mode 100644
index 0000000..ba76a6d
--- /dev/null
+++ b/Gitea/gitea_nodb/grant-permissions.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+useradd -M -s /sbin/nologin git
+chown -R git:git ../gitea
\ No newline at end of file
diff --git a/Gitea/阿里云跨账号ECS互联.docx b/Gitea/阿里云跨账号ECS互联.docx
new file mode 100644
index 0000000..db7aa51
Binary files /dev/null and b/Gitea/阿里云跨账号ECS互联.docx differ
diff --git a/acme/README.md b/acme/README.md
index 84031ea..f5a59cf 100644
--- a/acme/README.md
+++ b/acme/README.md
@@ -94,6 +94,8 @@ acme.sh --force --debug --issue --dns dns_ali -d nr.woyue.org -d *.nr.woyue.org
--fullchain-file /srv/certbot/conf/live/nr.woyue.org/fullchain.pem \
--reloadcmd "docker restart nginx_server"
+【2021/10/12】前期就已经重新更新失败。经查,依旧是访问某网址时超时的问题。为此,保持windows服务器的小飞机开启再强制重新更新成功。因此,先持续保留,以观察是否能续签成功。
+
(2)frps服务器上的acme更新与证书刷新
记录时间:2021/7/20
diff --git a/acme/acme.projitems b/acme/acme.projitems
index 120f180..2c041ce 100644
--- a/acme/acme.projitems
+++ b/acme/acme.projitems
@@ -9,6 +9,7 @@
acme
+
diff --git a/acme/实例研究1.md b/acme/实例研究1.md
new file mode 100644
index 0000000..46d6c36
--- /dev/null
+++ b/acme/实例研究1.md
@@ -0,0 +1,117 @@
+## 背景说明
+
+a. 研究frps服务器的acme部署情况。
+
+ 时隔久远,重新确认frps服务器的证书安装途径和现状。
+
+b. 将gitea部署到现在frps的服务器上。
+
+## 确认acme的状态
+
+1. 确认当前证书
+
+ `acme.sh --list`
+
+ [root@ngork ~]# acme.sh --list
+ Main_Domain KeyLength SAN_Domains CA Created Renew
+ dev.woyue.org "" *.dev.woyue.org ZeroSSL.com Sat Sep 18 16:42:15 UTC 2021 Wed Nov 17 16:42:15 UTC 2021
+
+2. 确认自动更新
+
+ `crontab -e`
+
+ o1 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
+
+3. 查找acme.sh文件
+
+ `find / -name acme.sh`
+
+ 可以定位到当前服务器,这个文件位于:
+
+ /root/.acme.sh/acme.sh
+
+ 这里要注意,ls是显示不出来.acme.sh的,可以直接cd .acme.sh
+
+4. 查看.acme.sh目录下的内容
+
+ [root@ngork .acme.sh]# ls -l
+ total 240
+ -rw-r--r-- 1 root root 315 Sep 19 00:42 account.conf
+ -rwxr-xr-x 1 root root 205958 Jul 20 11:50 acme.sh
+ -rw-r--r-- 1 root root 78 May 17 2020 acme.sh.csh
+ -rw-r--r-- 1 root root 78 May 17 2020 acme.sh.env
+ drwxr-xr-x 4 root root 4096 Jul 20 11:50 ca
+ drwxr-xr-x 2 root root 4096 Jul 20 11:50 deploy
+ drwxr-xr-x 3 root root 4096 May 19 2020 dev.woyue.org
+ drwxr-xr-x 2 root root 4096 Jul 20 11:50 dnsapi
+ -rw-r--r-- 1 root root 252 Oct 27 00:41 http.header
+ drwxr-xr-x 2 root root 4096 Jul 20 11:50 notify
+
+ 其中,account.conf中有阿里云的具有DNS操作权限的账户的key和secret。
+
+## 添加证书
+
+1. 申请安装证书。加--debug参数可以显示更多细节
+
+ `acme.sh --debug --issue --dns dns_ali -d git.woyue.org`
+
+2. 安装完毕后,检验是否配置自动任务
+
+ `crontab -e`
+
+3. 确认当前证书
+
+ `acme.sh --list`
+
+## 安装证书
+
+1. 复制证书:
+
+ `mkdir -p /srv/certbot/conf/live/git.woyue.org`
+
+ `acme.sh --installcert -d git.woyue.org \
+ --key-file /srv/certbot/conf/live/git.woyue.org/privkey.pem \
+ --fullchain-file /srv/certbot/conf/live/git.woyue.org/fullchain.pem \
+ --reloadcmd "docker restart nginx_nginx_1"`
+
+ 注意,最后的nginx_nginx_1或nginx_server为nginx容器的名称。请根据实际情况修改。**或不加此参数,手动重启nginx**。
+
+2. 生成:dhparams文件
+
+ `openssl dhparam -out /srv/certbot/conf/ssl-dhparams.pem 2048`
+
+## 使用证书
+
+例如,要使用上述证书,则nginx的docker对应etc/letsencrypt的目录就是/srv/certbot/conf。比如说,conf文件里引用的密钥文件路径为:
+
+ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem
+
+那么,docker mount的路径就应该是:-v /srv/certbot/conf:/etc/letsencrypt
+
+为此,检查一下当前的nginx的volume:
+
+`docker inspect nginx_nginx_1`
+
+能看到:
+
+......
+
+ "Mounts": [
+ ......
+ {
+ "Type": "bind",
+ "Source": "/srv/certbot/conf",
+ "Destination": "/etc/letsencrypt",
+ "Mode": "rw",
+ "RW": true,
+ "Propagation": "rprivate"
+ },
+
+......
+
+可见,当前的nginx docker实例配置已经满足要求。
+
+## 后续
+
+参看Gitea项目的Readme。
+