hj_aws服务器docker操作记录2023-7-17
0 注册账号,登录控制台 以下操作都是区域在法兰克福
单机版 就一台ec2
1 创建VPC https://eu-central-1.console.aws.amazon.com/vpc/home?region=eu-central-1#vpcs:
2 配置安全组, 需要选择对应的vpc,配置入站规则; https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#SecurityGroups:
3 创建一个密钥对 https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#KeyPairs:v=3 rsa pem
3 购买一台实例 https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#LaunchInstances: 选择对应系统,密钥对,vpc,安全组
4 创建一个弹性IP https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Addresses: 指向ec2;
finallshell登录操作如下: (有个坑: 使用2023的AMI无法使用 FinalShell登录(密钥方式))
首先: 选择公钥登录, 用户名: ec2-user 私钥就是开始创建的密钥对保存下来的pem文件
然后: 操作如下: 给root账户设置密码,修改配置文件允许root账号密码登录
[ec2-user@ip-10-0-13-1 ~]$ sudo passwd root 更改用户 root 的密码 。 新的 密码: 重新输入新的 密码: passwd:所有的身份验证令牌已经成功更新。 [ec2-user@ip-10-0-13-1 ~]$ vi /etc/ssh/sshd_config [ec2-user@ip-10-0-13-1 ~]$ # 这个会没有权限修改,所以要切root用户再修改
su root
vi /etc/ssh/sshd_config
修改如下:
PermitRootLogin yes #原来是注释掉的
PasswordAuthentication yes # 原来默认是 no
[root@ip-10-0-13-1 ec2-user]# vi /etc/ssh/sshd_config
[root@ip-10-0-13-1 ec2-user]# sudo service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[root@ip-10-0-13-1 ec2-user]#
然后就可以密码登录了 然后安装个docker吧~
[root@ip-10-0-13-1 ~]# yum install docker y
[root@ip-10-0-13-1 ~]# systemctl restart docker
[root@ip-10-0-13-1 ~]# systemctl status docker.service
● docker.service - Docker Application Container Engine
...
然后就该干嘛干嘛吧~ 后面再记录集群版(负载均衡,网关,防火墙等操作流程)
集群版
1 创建VPC https://eu-central-1.console.aws.amazon.com/vpc/home?region=eu-central-1#CreateVpc:createMode=vpcWithResource
创建VPC前,选择对应的区域,这个是在法兰克福区域下.选择了VPC等 然后配置了公有子网2 私有子网4 下面还可以再自定义一个标签
2 配置安全组, 需要选择对应的vpc,配置入站规则; https://eu-central-1.console.aws.amazon.com/vpc/home?region=eu-central-1#CreateSecurityGroup:
3 创建一个密钥对 https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#CreateKeyPair: rsa pem
3 购买3台实例(1台mqtt与前端,2台后端服务配置负载均衡) https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#LaunchInstances:
系统选择的 Amazon Linux-->Amazon Linux 2023 AMI (截图版,aws的人说这个不如下面那个稳定,所以选择 Amazon Linux 2 AMI (HVM)-5.10,SSD Volume Type这个版)
架构64位(x86), 实例类型选择的r6i.large 2c16g的,服务吃内存,选择密钥对,VPC,子网,自动分配IP(启用),安全组,卷类型选择gp3,高级详细信息暂没配置.启动即可4 创建三个弹性IP https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Addresses: 指向ec2;
tip:弹性IP默认只有5个,超出的提工单申请(参考文档 http://knowledge.yunqiao20.com/share/ccd28e5c-187a-4561-bd41-ab70f262259f)
ec2连接还是得先用密钥,进去后按单机版写的做些配置即可root账户访问
5 购买 mysql服务 https://eu-central-1.console.aws.amazon.com/rds/home?region=eu-central-1#launch-dbinstance:gdb=false;s3-import=false
创建子网组 https://eu-central-1.console.aws.amazon.com/rds/home?region=eu-central-1#create-db-subnet-group:
创建参数组 https://eu-central-1.console.aws.amazon.com/rds/home?region=eu-central-1#create-parameter-group:
创建选项组 https://eu-central-1.console.aws.amazon.com/rds/home?region=eu-central-1#create-option-group:
tip: 数据备份,密码自动生成可能更好一点 参数组那贴图有误(参数组系列那选项要对应上mysql5.7)
6 购买redis服务 https://eu-central-1.console.aws.amazon.com/elasticache/home?region=eu-central-1#/redis/create?wizardOption=easyCreate
创建参数组,用默认也是一样的 https://eu-central-1.console.aws.amazon.com/elasticache/home?region=eu-central-1#/parameter-groups/create
创建子网组 https://eu-central-1.console.aws.amazon.com/elasticache/home?region=eu-central-1#/subnet-groups/create
选择配置redis服务,这个是单机非集群版
7 创建 s3存储桶 https://s3.console.aws.amazon.com/s3/bucket/create?region=eu-central-1
继续给S3配置 cdn加速 https://us-east-1.console.aws.amazon.com/cloudfront/v3/home?region=eu-central-1#/distributions/create
8 配置负载均衡 https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#SelectCreateELBWizard:
创建目标组 https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#CreateTargetGroup:
tip 目标组,注册的实例目标(包含如下处理事项)需要点进去.上面截图.alb模式应该选择 面向互联网.俩子网要选择public的,ga加速是可以不用选择的
9 配置waf防火墙 https://us-east-1.console.aws.amazon.com/wafv2/homev2/web-acls/new?region=eu-central-1
tip log日志是后面配置的,可以用s3存储(前缀必须是 aws-waf-logs-).防火对象这选的是alb
创建cdn后,可能经常需要清理cdn缓存.在失效那 /* 创建失效
cdn如果需要做到只允许https访问,行为那选择http重定向到https, 源还是选择仅http
