.Net Core部署在Linux服务器:Nginx反向代理+Supervisor进程守护

前言:.Net Core 程序(网站)可以部署在windows IIS ,也可以部署在Linux系统(更加推荐)


本文部署,基于.net core 2.1,服务器CentOS 7, 需要安装的服务有2个:Nginx,SuperVisor(进程守护)

示意图

 

命令预览:

Linux: 重启:reboot

Nginx: 强杀: killall -9 nginx
    测试配置是否正确: nginx -t
    启动: nginx

SuperVisor:停止:supervisorctl shutdown
          启动: supervisord
View Code

 

描述:(以下,我以开发一个在线记事本 BookkeepingWeb 为例 )

一。在本地做好项目

开发好Web,并配置好程序监听的端口(不配置,默认5000端口,如果服务器部署多个web的话,这里应该更改端口),VS里面,或者cmd进入到项目进行发布,发布项目下的\bin\Debug\netcoreapp2.1\publish 后,

在cmd 进入到该项目运行 :dotnet 程序名称.dll ,浏览器打cmd提示的访问地址,保证正常访问。

 

找到程序的路径:D:\study\consoleTest\Bruke.Bookkeeping\Bruke.Bookkeeping.Core.Web\bin\Debug\netcoreapp2.1\publish

程序的启动入口:Bruke.Bookkeeping.Core.Web.dll

 

 运行起来:打开cmd 进入程序路径  执行: dotnet 程序入口名称

执行:dotnet Bruke.Bookkeeping.Core.Web.dll

 

浏览器查看是否可以访问:http://localhost:5000  ,如图正常。

 

 

当cmd关闭或 程序shut down(Ctrl+C) 时, 网站就是访问不了,说明,由cmd单线程监听端口,并执行和返回的。比如浏览器访问了本地5000端口,就会给这个单线程的cmd捕获到,并执行你的代码后返回到浏览器。

至此,本地程序是没问题的,那么就可以把publish拷贝到Linux服务器上了,下面是服务器如何设置监听端口,并转发请求的。

附(设置端口)的博文,可以先忽略该文:https://www.cnblogs.com/1175429393wljblog/p/8267772.html

 

二.服务器操作

1.接下来就是把publish 拷贝到Linux服务器上去即可,推荐使用 SecureCRSecureFXPortable,可以上传文件,命令运行。

链接: https://pan.baidu.com/s/15kDCQn3xSg4PyZO5R4gPLw 提取码: punw 

在服务器 /root 添加文件夹 BookkeepingWeb,把publish的东西拷贝上来。

 

2.服务上安装.Net Core SDK (基于你的项目版本去安装,我的服务器,安装了.net core 3.0.1,和.net core 2.1,以下为core 2.1为例)

  微软官网:https://dotnet.microsoft.com/download/linux-package-manager/rhel/sdk-current

(这个是官网的推荐的sdk 默认3.0版本)

 

 

寻找对应2.1的版本:https://dotnet.microsoft.com/download/dotnet-core 

https://dotnet.microsoft.com/download/dotnet-core/2.1

执行:sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm

执行:sudo yum install dotnet-sdk-2.1

安装.net core运行环境完毕。

 

3.服务上安装Nginx:

(可以参考:https://www.jianshu.com/p/e1b5ee442a70

命令:

  curl -o nginx.rpm http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
  rpm -ivh nginx.rpm
  yum install nginx

至此,安装完毕,外网访问服务器,访问80端口,如图说明,Ngnix部署成功,并完成了监听端口(80)。

打开服务器的目录 /etc/nginx

 

 

 把配置文件拷贝下来到本地编辑后上传,或者直接在服务器上编辑(不推荐),在本地编辑时,注意使用编码是:utf-8 无bom的格式。

a.    nginx.conf  

 

如果nginx.conf和图上没什么区别,就不用管,如果是不同,参考或复制下面的

worker_processes  1; 这个表示nginx运行处理的线程数,推荐使用cpu核数的2倍(https://www.cnblogs.com/aaron-agu/p/8003831.html

#user  nginx;
worker_processes  1;

#error_log  /var/log/nginx/error.log warn;
#pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    
    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
View Code

b.    default.conf

 

 

 多个Web,可以使用多个server{}来设置转发

listen 80;Nginx对外表示监听了80端口,有人访问,IP:80就会使用该配置。

server_name jz.test.com www.test.com;绑定域名(多个域名绑定到同一个web时 ,使用空格隔开即可)

proxy_pass  这个是设置该请求转发的到服务器本地的端口(比如我们的这个项目是5000端口,那么转发过去给它处理就好)

server {
     listen 80;
     location / {
        proxy_pass http://localhost:5000;
    }
}
View Code

至此,配置完成,把本地的这2个配置,替换到服务器上对于的位置即可。

接下来让Nginx重新加载配置即可(nginx不会自动加载配置的)

使用命令:nginx -t 查看nginx 配置是否配置的对。不正常的话,检查一下配置。

推荐使用:killall -9 nginx 杀死所以nginx 进程。

然后启动命令:nginx

至此,nginx在外网的访问下(80端口),会进行转发到端口5000。

Nginx配置完毕。

 

4.服务上运行咱们的应用程序:

方法和我们本地上很像啦。

无非就是CD到我们发布的那个目录,执行  dotnet 程序名称.dll

无报错就是启动完成了。这时候,可以用外网浏览器服务IP:80。即可访问到我们的网站了

(原理是,启动网站后,该网站会一直监听我们的端口5000,外网访问的80端口会给Nginx转发到5000,那么我们的网站就可以捕获到并处理返回)。

至此,web部署完毕。

不好意思,还有后续,什么?你忘了我们本地的CMD窗口了吗?只要关闭,或者shut down 就GG。

所以你web虽然部署好了,但是你这个是单线程窗口,只能在里面,退不出来,断开服务器命名窗口,也一样,对不起,GG。

哦,是的,web启动了,和我们的本地的那个cmd太像了,那么我们就需要把我们的网站搞成另一个进程程来执行它,并不退出(俗称进程守护)。

 

5.安装supervisor进程守护:

【安装Supervisor】

yum install python-setuptools
easy_install supervisor

【配置Supervisor】

mkdir /etc/supervisor
新增一个文件:(这一句不是命令) /etc/supervisor/supervisord.conf

【修改supervisord.conf文件,将文件尾部的配置】

;[include]
;files = relative/directory/*.ini

改成

[include]
files = conf.d/*.conf

注意:conf.d是没有自动创建的,自己手动创建一个,还有就是参考下面的图片,如果没有的,都要自己创建文件夹或文件,配置也贴下面了

 

supervisord.conf 的代码:

; Sample supervisor config file.
;
; For more information on the config file, please see:
; http://supervisord.org/configuration.html
;
; Notes:
;  - Shell expansion ("~" or "$HOME") is not supported.  Environment
;    variables can be expanded using this syntax: "%(ENV_HOME)s".
;  - Quotes around values are not supported, except in the case of
;    the environment= options as shown below.
;  - Comments must have a leading space: "a=b ;comment" not "a=b;comment".
;  - Command will be truncated if it looks like a config file comment, e.g.
;    "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ".
;
; Warning:
;  Paths throughout this example file use /tmp because it is available on most
;  systems.  You will likely need to change these to locations more appropriate
;  for your system.  Some systems periodically delete older files in /tmp.
;  Notably, if the socket file defined in the [unix_http_server] section below
;  is deleted, supervisorctl will be unable to connect to supervisord.

[unix_http_server]
file=/tmp/supervisor.sock   ; the path to the socket file
;chmod=0700                 ; socket file mode (default 0700)
;chown=nobody:nogroup       ; socket file uid:gid owner
;username=user              ; default is no username (open server)
;password=123               ; default is no password (open server)

; Security Warning:
;  The inet HTTP server is not enabled by default.  The inet HTTP server is
;  enabled by uncommenting the [inet_http_server] section below.  The inet
;  HTTP server is intended for use within a trusted environment only.  It
;  should only be bound to localhost or only accessible from within an
;  isolated, trusted network.  The inet HTTP server does not support any
;  form of encryption.  The inet HTTP server does not use authentication
;  by default (see the username= and password= options to add authentication).
;  Never expose the inet HTTP server to the public internet.

;[inet_http_server]         ; inet (TCP) server disabled by default
;port=127.0.0.1:9001        ; ip_address:port specifier, *:port for all iface
;username=user              ; default is no username (open server)
;password=123               ; default is no password (open server)

[supervisord]
logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log
logfile_maxbytes=50MB        ; max main logfile bytes b4 rotation; default 50MB
logfile_backups=10           ; # of main logfile backups; 0 means none, default 10
loglevel=info                ; log level; default info; others: debug,warn,trace
pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid
nodaemon=false               ; start in foreground if true; default false
minfds=1024                  ; min. avail startup file descriptors; default 1024
minprocs=200                 ; min. avail process descriptors;default 200
;umask=022                   ; process file creation umask; default 022
;user=supervisord            ; setuid to this UNIX account at startup; recommended if root
;identifier=supervisor       ; supervisord identifier, default is 'supervisor'
;directory=/tmp              ; default is not to cd during start
;nocleanup=true              ; don't clean up tempfiles at start; default false
;childlogdir=/tmp            ; 'AUTO' child log dir, default $TEMP
;environment=KEY="value"     ; key value pairs to add to environment
;strip_ansi=false            ; strip ansi escape codes in logs; def. false

; The rpcinterface:supervisor section must remain in the config file for
; RPC (supervisorctl/web interface) to work.  Additional interfaces may be
; added by defining them in separate [rpcinterface:x] sections.

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

; The supervisorctl section configures how supervisorctl will connect to
; supervisord.  configure it match the settings in either the unix_http_server
; or inet_http_server section.

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris              ; should be same as in [*_http_server] if set
;password=123                ; should be same as in [*_http_server] if set
;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history  ; use readline history if available

; The sample program section below shows all possible program subsection values.
; Create one or more 'real' program: sections to be able to control them under
; supervisor.

;[program:theprogramname]
;command=/bin/cat              ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=999                  ; the relative start priority (default 999)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; when to restart if exited after running (def: unexpected)
;exitcodes=0                   ; 'expected' exit codes used with autorestart (default 0)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (0 means none, default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stdout_syslog=false           ; send stdout to syslog with process name (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (0 means none, default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;stderr_syslog=false           ; send stderr to syslog with process name (default false)
;environment=A="1",B="2"       ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

; The sample eventlistener section below shows all possible eventlistener
; subsection values.  Create one or more 'real' eventlistener: sections to be
; able to handle event notifications sent by supervisord.

;[eventlistener:theeventlistenername]
;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;events=EVENT                  ; event notif. types to subscribe to (req'd)
;buffer_size=10                ; event buffer queue size (default 10)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=-1                   ; the relative start priority (default -1)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; autorestart if exited after running (def: unexpected)
;exitcodes=0                   ; 'expected' exit codes used with autorestart (default 0)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=false         ; redirect_stderr=true is not allowed for eventlisteners
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (0 means none, default 10)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stdout_syslog=false           ; send stdout to syslog with process name (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (0 means none, default 10)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;stderr_syslog=false           ; send stderr to syslog with process name (default false)
;environment=A="1",B="2"       ; process environment additions
;serverurl=AUTO                ; override serverurl computation (childutils)

; The sample group section below shows all possible group values.  Create one
; or more 'real' group: sections to create "heterogeneous" process groups.

;[group:thegroupname]
;programs=progname1,progname2  ; each refers to 'x' in [program:x] definitions
;priority=999                  ; the relative start priority (default 999)

; The [include] section can just contain the "files" setting.  This
; setting can list multiple files (separated by whitespace or
; newlines).  It can also contain wildcards.  The filenames are
; interpreted as relative to this file.  Included files *cannot*
; include files themselves.

[include]
files = conf.d/*.conf
supervisord.conf

 

 这些便是要执行的配置。

 

 如图,该好对应的配置,比如守护名称,命令,命令执行的目录,执行人权限啊。

相当于这配置,就是把我们的手动启动web的工作,交个这个文件,由守护进程去执行即可

DotNetCoreWeb.conf的代码:

[program:DotNetCoreWeb]
command=dotnet Bruke.VideoOnline.Web.dll ;
directory=/root/Bruke.VideoOnline.Web/ ;
autorestart=true ;
stderr_logfile=/var/log/DotNetCoreWeb.err.log ;
stdout_logfile=/var/log/DotNetCoreWeb.out.log ;
environment=ASPNETCORE_ENVIRONMENT=Production ;
user=root ;
stopsignal=INT
View Code

参考图中的备注:

 

最后启动  运行,查看是否生效

命令:supervisord

 

下面是执行配置,并守护到后台去。

supervisord -c /etc/supervisor/supervisord.conf

ps -ef | grep DotNetCoreWeb

 

至此。如果没报错,使用外网即可访问。

 

CentOS7 配置Supervisor开机启动

这里做一下记录

1. 在自己桌面新建一个supervisord.service文件

内容为: 

[Unit]
Description=Supervisor daemon

[Service]
Type=forking
ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
ExecStop=/usr/bin/supervisorctl shutdown
ExecReload=/usr/bin/supervisorctl reload
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

 

2. 将此文件拷贝到/usr/lib/systemd/system文件夹下

 

3. 执行命令:

systemctl enable supervisord

 

4. 执行命令测试是否为开机启动

systemctl is-enabled supervisord

 

 

 

----------------------------------------------------------------------------------------------------------------------------------------

一些笔记:

注意:

1.supervisord.conf配置的一些坑(不能远程访问IP:9001)

使用下面的命令可以看看是否开启了supervisor远程web可视化:

 

netstat -antp
netstat -an|grep 9001

 如下图,分号表示注释(我也是第一次了解,这里使用了;作为注释的。)

 

 

如果没问题,即可访问IP:9001 如下图,可以远程查看守护,和一些动作:开启,停止等等。

 

 

posted @ 2019-10-04 12:22  CaptainBruke  阅读(617)  评论(1编辑  收藏  举报