hmo/Deployments
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

在frps服务器上重建gitea服务器。数据库连到centos1上的mysql。

Browse Source
This commit is contained in:
Dennis Mo
2021-10-31 17:11:36 +08:00
parent 97d8ffa02d
commit 7d23a4c38f
10 changed files with 227 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Gitea/Gitea.projitems
View File

@@ -14,7 +14,10 @@
<None Include="$(MSBuildThisFileDirectory)gitea\mysql\config\my.cnf" /> <None Include="$(MSBuildThisFileDirectory)gitea\mysql\config\my.cnf" />
<None Include="$(MSBuildThisFileDirectory)gitea\mysql\init\init.sql" /> <None Include="$(MSBuildThisFileDirectory)gitea\mysql\init\init.sql" />
<None Include="$(MSBuildThisFileDirectory)gitea\grant-permissions.sh" /> <None Include="$(MSBuildThisFileDirectory)gitea\grant-permissions.sh" />
<None Include="$(MSBuildThisFileDirectory)gitea_nodb\docker-compose.yml" />
<None Include="$(MSBuildThisFileDirectory)gitea_nodb\grant-permissions.sh" />
<None Include="$(MSBuildThisFileDirectory)README.md" /> <None Include="$(MSBuildThisFileDirectory)README.md" />
<None Include="$(MSBuildThisFileDirectory)阿里云跨账号ECS互联.docx" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Folder Include="$(MSBuildThisFileDirectory)gitea\mysql\data\" /> <Folder Include="$(MSBuildThisFileDirectory)gitea\mysql\data\" />

72
Gitea/README.md
View File

@@ -18,7 +18,7 @@ https://gitea.io/en-us/
2. 安装docker-compose参考 <a href="https://www.4spaces.org/centos-install-docker-compose/" target="_blank">CENTOS安装Docker Compose</a> 2. 安装docker-compose参考 <a href="https://www.4spaces.org/centos-install-docker-compose/" target="_blank">CENTOS安装Docker Compose</a>
3. 完成NginxAndLetsencrypt的部署 3. 完成NginxAndLetsencrypt的部署或acme参看acme项目的实例研究1
参见相关说明。包含把sample.conf改名为gitea.conf或其他名字 参见相关说明。包含把sample.conf改名为gitea.conf或其他名字
@@ -28,14 +28,19 @@ https://gitea.io/en-us/
6. 执行该sh脚本。注意可以通过tail -2 /etc/passwd和tail -2 /etc/group 查看新注册用户的uid和gid。如和docker-compose.yml中的不符合则应修改yml文件。 6. 执行该sh脚本。注意可以通过tail -2 /etc/passwd和tail -2 /etc/group 查看新注册用户的uid和gid。如和docker-compose.yml中的不符合则应修改yml文件。
7. 执行 docker inspect nginxdocker_nginx_1 来确定nginx所在网络名称 7. 执行docker ps来查看当前的docker实例找到其中的nginx实例
......
84e4e7a719e8 nginx:latest "/bin/sh -c 'while :…" 17 months ago Up 5 weeks 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp **<u>nginx_nginx_1</u>**
8. 执行 docker inspect nginx_nginx_1来确定nginx所在网络名称
``` ```
"Networks": { "Networks": {
"nginxdocker_default": { "nginx_firstnet": {
``` ```
8. 执行 docker network inspect nginxdocker_default 来确定一些网络信息: 9. 执行 docker network inspect nginx_firstnet 来确定一些网络信息:
``` ```
"IPAM": { "IPAM": {
@@ -43,24 +48,64 @@ https://gitea.io/en-us/
"Options": null, "Options": null,
"Config": [ "Config": [
{ {
"Subnet": "192.168.16.0/20", "Subnet": "172.20.0.0/16"
"Gateway": "192.168.16.1"
} }
] ]
}, },
......
"Containers": {
"84e4e7a719e8a904255ebcb522ce73ff8d0f2340a42d12969cead432ecdf4b77": {
"Name": "nginx_nginx_1",
"EndpointID": "f7a35255526ed39931e018ad27c2bcc448840f77f4de9666baa4416c396c03a7",
"MacAddress": "02:42:ac:14:00:02",
"IPv4Address": "172.20.0.2/16",
"IPv6Address": ""
},
"e390b8cbe5075efed7fb834acd74fe7ae84cc685249362b4802abb1e626fc909": {
"Name": "frps_server_1",
"EndpointID": "04f759a5e894e9286720946763b123f805c76d869697113e83f53e516ed75c4b",
"MacAddress": "02:42:ac:14:00:03",
"IPv4Address": "172.20.0.3/16",
"IPv6Address": ""
}
},
``` ```
9. 根据上述两点网络相关的信息修改gitea的docker-compose文件中的对应部分并指定固定IP。 可以看到现有的网段和网络中已有实例的IP。我们可以据此规划gitea实例的IP。
9. 将需要nginx代理的应用设置的固定IP填入之前的gitea.conf 10. 根据上述两点网络相关的信息修改gitea的docker-compose文件中的对应部分并指定固定IP
11. 重启nginx的docker容器 11. 将需要nginx代理的应用设置的固定IP填入之前的gitea.conf
12. 重启nginx的docker容器。
问题发现重启失败。查看nginx的日志
- 首先是错误unknown directive "server"
[root@ngork logs]# tail -20 error.log
2021/10/29 14:01:25 [emerg] 7#7: unknown directive "?server" in /etc/nginx/conf.d/gitwoyue.conf:1
在开发环境(windows)编码保存为简体中文936解决。原为utf-8。其实这很奇怪与一般的认知是相反的。
- 然后是open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/gitwoyue.conf:22
注释掉即可。
13. 启动gitea的docker-compose
`docker-compose up -d`
14. 访问网站。初始化
例如git.woyue.org。
这里注意参考用到的compose文件确认用户名是否需要修改默认git
另外需要创建一个空的数据库。默认名是gitea。
12. 启动gitea的docker-compose
13. ```
docker-compose up -d
```
## 使用说明 ## 使用说明
- 配置文件在:/srv/gitea/gitea/gitea/conf下的app.ini - 配置文件在:/srv/gitea/gitea/gitea/conf下的app.ini
@@ -75,3 +120,4 @@ https://gitea.io/en-us/
``` ```
``` ```

6
Gitea/conf.d/gitwoyue.conf
View File

@@ -1,4 +1,4 @@
server { server {
listen 80; listen 80;
server_name git.woyue.org; server_name git.woyue.org;
server_tokens off; server_tokens off;
@@ -19,12 +19,12 @@ server {
ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem; ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/git.woyue.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; #include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / { location / {
#ip address below should changed accordingly. #ip address below should changed accordingly.
proxy_pass http://192.168.16.5:3000; proxy_pass http://172.20.0.15:3000;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

9
Gitea/gitea/docker-compose.yml
View File

@@ -4,10 +4,10 @@ version: "3.4"
networks: networks:
gitea: gitea:
external: external:
name: nginxdocker_default name: nginx_firstnet
ipam: ipam:
config: config:
- subnet: 192.168.16.0/20 - subnet: 172.20.0.0/16
services: services:
server: server:
@@ -23,7 +23,7 @@ services:
restart: always restart: always
networks: networks:
gitea: gitea:
ipv4_address: 192.168.16.15 ipv4_address: 172.20.0.15
volumes: volumes:
- ./gitea:/data - ./gitea:/data
ports: ports:
@@ -42,8 +42,9 @@ services:
- MYSQL_DATABASE=gitea - MYSQL_DATABASE=gitea
networks: networks:
gitea: gitea:
ipv4_address: 192.168.16.14 ipv4_address: 172.20.0.14
volumes: volumes:
- ./mysql/config/my.cnf:/etc/my.cnf - ./mysql/config/my.cnf:/etc/my.cnf
- ./mysql/data:/var/lib/mysql - ./mysql/data:/var/lib/mysql
- ./mysql/init:/docker-entrypoint-initdb.d - ./mysql/init:/docker-entrypoint-initdb.d
- /etc/passwd:/etc/passwd #²Î¿¼£ºhttps://blog.csdn.net/qq_23953717/article/details/106668048

31
Gitea/gitea_nodb/docker-compose.yml Normal file
View File

@@ -0,0 +1,31 @@
version: "3.4"
networks:
gitea:
external:
name: nginx_firstnet
ipam:
config:
- subnet: 172.20.0.0/16
services:
server:
image: "gitea/gitea:latest"
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=mysql
- DB_HOST=172.18.184.137:3306
- DB_NAME=gitea
- DB_USER=nrs
- DB_PASSWD=Whynotfight
restart: always
networks:
gitea:
ipv4_address: 172.20.0.15
volumes:
- ./gitea:/data
ports:
- "3000:3000"
- "222:22"

3
Gitea/gitea_nodb/grant-permissions.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
useradd -M -s /sbin/nologin git
chown -R git:git ../gitea

BIN
Gitea/阿里云跨账号ECS互联.docx Normal file
View File

Binary file not shown.

2
acme/README.md
View File

@@ -94,6 +94,8 @@ acme.sh --force --debug --issue --dns dns_ali -d nr.woyue.org -d *.nr.woyue.org
--fullchain-file /srv/certbot/conf/live/nr.woyue.org/fullchain.pem \ --fullchain-file /srv/certbot/conf/live/nr.woyue.org/fullchain.pem \
--reloadcmd "docker restart nginx_server" --reloadcmd "docker restart nginx_server"
【2021/10/12】前期就已经重新更新失败。经查依旧是访问某网址时超时的问题。为此保持windows服务器的小飞机开启再强制重新更新成功。因此先持续保留以观察是否能续签成功。
2frps服务器上的acme更新与证书刷新 2frps服务器上的acme更新与证书刷新
记录时间2021/7/20 记录时间2021/7/20

1
acme/acme.projitems
View File

@@ -9,6 +9,7 @@
<Import_RootNamespace>acme</Import_RootNamespace> <Import_RootNamespace>acme</Import_RootNamespace>
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<None Include="$(MSBuildThisFileDirectory)实例研究1.md" />
<None Include="$(MSBuildThisFileDirectory)README.md" /> <None Include="$(MSBuildThisFileDirectory)README.md" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

117
acme/实例研究1.md Normal file
View File

@@ -0,0 +1,117 @@
## 背景说明
a. 研究frps服务器的acme部署情况。
时隔久远重新确认frps服务器的证书安装途径和现状。
b. 将gitea部署到现在frps的服务器上。
## 确认acme的状态
1. 确认当前证书
`acme.sh --list`
[root@ngork ~]# acme.sh --list
Main_Domain KeyLength SAN_Domains CA Created Renew
dev.woyue.org "" *.dev.woyue.org ZeroSSL.com Sat Sep 18 16:42:15 UTC 2021 Wed Nov 17 16:42:15 UTC 2021
2. 确认自动更新
`crontab -e`
o1 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
3. 查找acme.sh文件
`find / -name acme.sh`
可以定位到当前服务器,这个文件位于:
/root/.acme.sh/acme.sh
这里要注意ls是显示不出来.acme.sh的可以直接cd .acme.sh
4. 查看.acme.sh目录下的内容
[root@ngork .acme.sh]# ls -l
total 240
-rw-r--r-- 1 root root 315 Sep 19 00:42 account.conf
-rwxr-xr-x 1 root root 205958 Jul 20 11:50 acme.sh
-rw-r--r-- 1 root root 78 May 17 2020 acme.sh.csh
-rw-r--r-- 1 root root 78 May 17 2020 acme.sh.env
drwxr-xr-x 4 root root 4096 Jul 20 11:50 ca
drwxr-xr-x 2 root root 4096 Jul 20 11:50 deploy
drwxr-xr-x 3 root root 4096 May 19 2020 dev.woyue.org
drwxr-xr-x 2 root root 4096 Jul 20 11:50 dnsapi
-rw-r--r-- 1 root root 252 Oct 27 00:41 http.header
drwxr-xr-x 2 root root 4096 Jul 20 11:50 notify
其中account.conf中有阿里云的具有DNS操作权限的账户的key和secret。
## 添加证书
1. 申请安装证书。加--debug参数可以显示更多细节
`acme.sh --debug --issue --dns dns_ali -d git.woyue.org`
2. 安装完毕后,检验是否配置自动任务
`crontab -e`
3. 确认当前证书
`acme.sh --list`
## 安装证书
1. 复制证书:
`mkdir -p /srv/certbot/conf/live/git.woyue.org`
`acme.sh --installcert -d git.woyue.org \
--key-file /srv/certbot/conf/live/git.woyue.org/privkey.pem \
--fullchain-file /srv/certbot/conf/live/git.woyue.org/fullchain.pem \
--reloadcmd "docker restart nginx_nginx_1"`
注意最后的nginx_nginx_1或nginx_server为nginx容器的名称。请根据实际情况修改。**或不加此参数手动重启nginx**。
2. 生成dhparams文件
`openssl dhparam -out /srv/certbot/conf/ssl-dhparams.pem 2048`
## 使用证书
例如要使用上述证书则nginx的docker对应etc/letsencrypt的目录就是/srv/certbot/conf。比如说conf文件里引用的密钥文件路径为
ssl_certificate /etc/letsencrypt/live/git.woyue.org/fullchain.pem
那么docker mount的路径就应该是-v /srv/certbot/conf:/etc/letsencrypt
为此检查一下当前的nginx的volume:
`docker inspect nginx_nginx_1`
能看到:
......
"Mounts": [
......
{
"Type": "bind",
"Source": "/srv/certbot/conf",
"Destination": "/etc/letsencrypt",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
......
可见当前的nginx docker实例配置已经满足要求。
## 后续
参看Gitea项目的Readme。