Linux 环境安装 Node、nginx、docker、vsftpd、gitlab
Linux 环境安装
centos7
# 更新yum
yum update -y
0. 防火墙 firewalld
新入的JD云服务器,发现防火墙默认是关闭的。
# 查看防火墙状态
systemctl status firewalld
# 启动
systemctl start firewalld
# 停止
systemctl disable firewalld
# 禁用
systemctl stop firewalld
# 开机时启用
systemctl enable firewalld.service
# 开机时禁用
systemctl disable firewalld.service
# 查看所有打开的端口
firewall-cmd --zone=public --list-ports
# 放开一个端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
# 关闭一个端口
firewall-cmd --zone= public --remove-port=80/tcp --permanent
# 重载规则
firewall-cmd --reload
1. 使用 nvm 安装 Node
wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash
# 激活nvm
source ~/.nvm/nvm.sh
# 安装node
nvm install node
# 切换到该版本
nvm use node
使用 nvm 管理 node 版本
# 安装某版本 比如 4.2.2
nvm install 4.2.2
# 列出远程服务器上所有可用版本
nvm ls-remote
# 在不同版本间切换
nvm use 4.2.2
#安装最新版 Node
nvm install node
#切换到最新版
nvm use node
#列出已安装实例
nvm ls
#安装最新不稳定版本
nvm install unstable
2. 安装 nginx
# 新环境需要gcc gcc-c++
yum install -y gcc gcc-c++ make
# 下载 openssl 以支持 ssl 功能
# http://www.openssl.org/
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
# 下载 zlib 支持 gzip
# http://www.zlib.net/
wget http://www.zlib.net/zlib-1.2.11.tar.gz
# 下载 pcre 支持 rewrite
# http://www.pcre.org/
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz
# 下载 nginx
# http://nginx.org/en/download.html
wget http://nginx.org/download/nginx-1.16.0.tar.gz
# 解压
tar zxvf openssl-1.1.1.tar.gz
tar zxvf zlib-1.2.11.tar.gz
tar zxvf pcre-8.43.tar.gz
tar zxvf nginx-1.16.0.tar.gz
# 安装PCRE库
cd /usr/local/pcre-8.43
./configure
make && make install
# 安装SSL库
cd /usr/local/openssl-1.1.1
./config
make && make install
# 安装zlib库
cd /usr/local/zlib-1.2.11
./configure
make && make install
# 将nginx目录重命名
mv nginx-1.16.0 nginx; cd nginx/
# 安装nginx
./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module --with-http_sub_module --with-http_ssl_module --with-pcre=/usr/local/pcre-8.43 --with-zlib=/usr/local/zlib-1.2.11 --with-openssl=/usr/local/openssl-1.1.1
make && make install
# 配置开机启动
cd /lib/systemd/system
vim nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx reload
ExecStop=/usr/local/nginx/sbin/nginx quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# 保存退出
systemctl enable nginx.service
# 常用命令
systemctl start nginx.service # 启动,也可以使用sbin/nginx启动
systemctl stop nginx.service # 结束nginx
systemctl restart nginx.service # 重启,可使用sbin/nginx -s reload
# 配置文件
vim /usr/local/nginx/conf/nginx.conf
# 启动服务
# 启动
/usr/local/nginx/sbin/nginx
# 重启
/usr/local/nginx/sbin/nginx -s reload
# 停止
/usr/local/nginx/sbin/nginx -s quit
/usr/local/nginx/sbin/nginx -s stop
# 查看运行状态
ps -ef|grep nginx
修改配置文件
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
# 开启gzip
gzip on;
gzip_buffers 32 4k;
gzip_comp_level 4;
gzip_min_length 400;
gzip_types text/plain application/xml application/javascript;
gzip_vary on;
server {
listen 80;
server_name www.abc.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/www/civ;
index index.html index.htm;
try_files $uri $uri/ /index.html?$query_string;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# ssl
server {
listen 443;
server_name test.abc.com;
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /home/www/test;
index index.html;
}
}
# 80 sub site
server {
listen 80;
server_name sub.abc.com;
location / {
root /home/www/sub;
index index.html;
try_files $uri $uri/ /index.html?$query_string;
}
}
# proxy go-service
server {
listen 80;
server_name api.abc.com;
charset utf-8;
access_log /home/www/go/src/api.abc.com.access.log;
location /(css|js|fonts|img)/ {
access_log off;
expires 1d;
root "/home/www/go/src/static";
try_files $uri @backend;
}
location / {
try_files /_not_exists_ @backend;
}
location @backend {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8080;
}
}
}
报错:
# 1. 如果启动遇到下面的错误
[root@JD nginx]# /usr/local/nginx/sbin/nginx
nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (2: No such file or directory)
2019/07/30 16:00:41 [emerg] 8243#0: open() "/usr/local/nginx/logs/access.log" failed (2: No such file or directory)
# 可能是没有logs目录导致
# 在nginx目录下新建一个logs文件夹就可以了
mkdir logs
3. Docker环境安装
yum install docker
# 启动 Docker 的守护进程
service docker start
# 系统启动时运行
chkconfig docker on
# 查看当前正在运行的容器
docker ps -a
# 创建容器
docker create
# 创建容器并启动
docker run
# 退出容器
ctrl+d
# 启动容器
docker start
# 停止容器
docker stop
4. 安装 vsftpd
4.1 常规配置 ftp 服务
# 安装 vsftpd 和 ftp
yum install -y vsftpd
yum install ftp # 为了在服务器测试ftp连接
# 启动ftp
service vsftpd start
# 设置开机启动
systemctl enable vsftpd.service
# 查看vsftpd服务是否已开启
ps -e|grep vsftpd
# 查看vsftpd监听端口
netstat -ntpl | grep vsftpd
# 开启防火墙
# 可以通过服务器安全组设置入站规则开启21端口
# 放开21端口
firewall-cmd --zone=public --add-port=21/tcp --permanent
# 永久开放 ftp 服務
firewall-cmd --add-service=ftp --permanent
# 关闭ftp服务
firewall-cmd --remove-service=ftp --permanent
# 重启ftp服务
service vsftpd restart
# 或者
systemctl restart vsftpd
# vsftpd 的配置目录为 /etc/vsftpd
vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO # 禁止匿名登陆
pam_service_name=vsftpd
userlist_enable=NO
allow_writeable_chroot=YES
# 创建用户
useradd -s /sbin/nologin -d /usr/local/web jehorn
passwd jehorn
# 给文件夹增加读写权限
chmod o+w /usr/local/web/
# 或者
chmod 775 /usr/local/web/
chmod 777 /usr/local/web/
# 如果需要重新设置用户主目录
usermod -d /usr/local/web/ jehorn
# 删除用户
userdel -rf jehorn
# 变更用户属性
usermod -s /sbin/nologin jehorn (/bin/bash:可以登录shell,/bin/false:禁止登录shell )
# 本地测试ftp服务
ftp localhost
# 输入用户名 密码
# 如果出现以下提示表示配置成功
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp客户端连接:
这里使用xftp6示例:
注意这里不使用被动模式,被动模式需要配置随机端口,这里不再赘述。
4.2 docker 配置 vsftpd
# 拉取镜像
docker pull fauria/vsftpd
# 创建vsftpd的container
docker run -d -p 21:21 -p 20:20 -p 21100-21110:21100-21110 -v /usr/local/web:/home/vsftpd -e FTP_USER=root -e FTP_PASS=123456-e PASV_ADDRESS=123.456.789.0 -e PASV_MIN_PORT=21100 -e PASV_MAX_PORT=21110 --name vsftpd --restart=always fauria/vsftpd
# -p进行端口绑定映射
# -v进行文件目录的映射 FTP_UESR 和FTP_PASS如果设定了会在container里面的
# /etc/vsftpd/virtual_users.txt
# PASV_MIN_PORT和PASV_MAX_PORT映射的是被动模式下端口使用范围
# PASV_ADDRESS指的的宿主机地址
# 添加用户
# 进入当前实例
docker exec -i -t vsftpd bash
# 新建用户文件夹
mkdir /home/vsftpd/jehorn
# 可能会存在没有权限问题
chown -R ftp:ftp /home/vsftpd
# 编辑配置文件写入用户跟密码
vi /etc/vsftpd/virtual_users.txt
# 把登录的验证信息写入数据库
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db
# 重启
docker restart vsftpd
5. 安装gitlab
5.1 传统安装方式
# 以下命令还将在系统防火墙中打开HTTP和SSH访问。
sudo yum install -y curl policycoreutils-python openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
sudo firewall-cmd --permanent --add-service=http
sudo systemctl reload firewalld
# 安装Postfix以发送通知电子邮件
sudo yum install postfix
sudo systemctl enable postfix
sudo systemctl start postfix
# 添加GitLab包存储库
# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash
# 安装GitLab包。将https://gitlab.example.com更改为您要访问GitLab实例的URL。
# sudo EXTERNAL_URL="https://gitlab.example.com" yum install -y gitlab-ee
# 由于官方给出的下载地址实在太慢
# 使用 https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/ 下载
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-12.1.3-ce.0.el7.x86_64.rpm
rpm -ivh gitlab-ce-12.1.3-ce.0.el7.x86_64.rpm
# 修改配置
vim /etc/gitlab/gitlab.rb
# 修改url
external_url 'http://gitlab.example.com/'
# :1015
# nginx['redirect_http_to_https'] =true
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/server.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/server.key"
# 由于服务器通常已经开启了单独了nginx服务
# 所以需要禁用gitlab内置nginx
# 禁用内置NG
nginx['enable'] = false
# 指定NG的用户名
web_server['external_users'] = ['nginx']
# 添加NG地址到信任列表,我这里就是本机地址
gitlab_rails['trusted_proxies'] = ['127.0.0.1']
# 配置监听网络:tcp
gitlab_workhorse['listen_network'] = "tcp"
# 配置GitLab的地址和端口
gitlab_workhorse['listen_addr'] = "127.0.0.1:8020"
# 到这里执行 gitlab-ctl reconfigure 可能会抛出错误,提示 用户nginx不存在
# There was an error running gitlab-ctl reconfigure:
# account[Webserver user and group] (gitlab::web-server line 27) had an error: Mixlib::ShellOut::ShellCommandFailed: group[Webserver user and group] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/resources/account.rb line 38) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '3'
# ---- Begin output of ["gpasswd", "-a", "nginx", "gitlab-www"] ----
# STDOUT:
# STDERR: gpasswd: user 'nginx' does not exist
# ---- End output of ["gpasswd", "-a", "nginx", "gitlab-www"] ----
# Ran ["gpasswd", "-a", "nginx", "gitlab-www"] returned 3
# 可以新增一个用户
adduser nginx
# 然后将nginx.conf的user改为nginx后重启服务即可
# 应用配置
gitlab-ctl reconfigure
# 修改外部nginx配置
server {
listen 443;
server_name gitlab.example.com;
ssl on;
ssl_certificate /etc/ssl/gitlab-cert19080152759628cbb70f4f.crt;
ssl_certificate_key /etc/ssl/gitlab-cert19080152759628cbb70f4f.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8020;
}
}
# 重启nginx服务
/usr/local/nginx/sbin/nginx -s reload
然后从浏览器打开 https://gitlab.example.com/,会提示你输入密码,输入完成后使用root+刚才输入的密码登录即可。
gitlab常用命令:
gitlab-ctl start # 启动所有 gitlab 组件;
gitlab-ctl stop # 停止所有 gitlab 组件;
gitlab-ctl restart # 重启所有 gitlab 组件;
gitlab-ctl status # 查看服务状态;
gitlab-ctl reconfigure # 启动服务;
vim /etc/gitlab/gitlab.rb # 修改默认的配置文件;
gitlab-rake gitlab:check SANITIZE=true --trace # 检查gitlab;
gitlab-ctl tail # 查看日志;
配置 gitlab 邮箱 postfix:
查看各种邮箱配置可以参考 https://docs.gitlab.com/omnibus/settings/smtp.html#example-configurations
# 查看 postfix 状态
systemctl status postfix
# 这是设置outlook邮箱的示例
vim /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.office365.com"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "root@outlook.com"
gitlab_rails['smtp_password'] = "12345six"
gitlab_rails['smtp_domain'] = "outlook.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['gitlab_email_from'] = 'jehornguu@outlook.com'
gitlab_rails['gitlab_email_display_name'] = 'Jehorn Git'
gitlab_rails['gitlab_email_reply_to'] = 'jehornguu@outlook.com'
# 重启配置
gitlab-ctl reconfigure
# 测试邮件服务
gitlab-rails console
Notify.test_email('example@163.com', '邮件标题_test', '邮件正文_test').deliver_now
# 出现以下表示成功
# irb(main):002:0> Notify.test_email('example@163.com', '_test', '_test').deliver_now
Notify#test_email: processed outbound mail in 0.7ms
Sent mail to example@163.com (1263.8ms)
Date: Thu, 01 Aug 2019 16:30:12 +0800
From: Jehorn Git <example@outlook.com>
Reply-To: Jehorn Git <example@outlook.com>
To: example@163.com
Message-ID: <5d42a31478d32_30e3ff7990cf9b011813@JD.mail>
Subject: _test
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>_test</p></body></html>
=> #<Mail::Message:70332342294800, Multipart: false, Headers: <Date: Thu, 01 Aug 2019 16:30:12 +0800>, <From: Jehorn Git <example@outlook.com>>, <Reply-To: Jehorn Git <example@outlook.com>>, <To: example@163.com>, <Message-ID: <5d42a31478d32_30e3ff7990cf9b011813@JD.mail>>, <Subject: _test>, <Mime-Version: 1.0>, <Content-Type: text/html; charset=UTF-8>, <Content-Transfer-Encoding: 7bit>, <Auto-Submitted: auto-generated>, <X-Auto-Response-Suppress: All>>
*如果邮件发送失败,看一下是不是邮箱没有开启POP、smtp服务。
*遇到了登录422的问题,且尚无解决办法。
5.2 docker安装方式
# 查询gitlab镜像
docker search gitlab
# 我们选择稳定版
docker pull gitlab/gitlab-ce
# 运行镜像
docker run -d -p 8020:443 -p 8021:80 -p 222:22 -p 587:587 --name gitlab --restart always -v /home/gitlab/config:/etc/gitlab -v /home/gitlab/logs:/var/log/gitlab -v /home/gitlab/data:/var/opt/gitlab gitlab/gitlab-ce
# -d:后台运行
# -p:将容器内部端口向外映射
# --name:命名容器名称
# -v:将容器内数据文件夹或者日志、配置等文件夹挂载到宿主机指定目录
# gitlab.rb文件内容默认全是注释
vim /home/gitlab/config/gitlab.rb
# 配置http协议所使用的访问地址,不加端口号默认为80
external_url 'https://git.example.com'
# 配置ssh协议所使用的访问地址和端口
gitlab_rails['gitlab_ssh_host'] = 'https://git.example.com'
gitlab_rails['gitlab_shell_ssh_port'] = 222 # 此端口是run时22端口映射的222端口:wq #保存配置文件并退出
# 重启gitlab
docker restart gitlab
# 由于我是统一一个nginx管理
# 所以在nginx配置代理
server {
listen 443;
server_name gitlab.example.com;
ssl on;
ssl_certificate /etc/ssl/gitlab-cert19080152759628cbb70f4f.crt;
ssl_certificate_key /etc/ssl/gitlab-cert19080152759628cbb70f4f.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8021;
}
}
# 重启nginx服务
/usr/local/nginx/sbin/nginx -s reload
# 配置邮箱参见5.1
# 配置邮箱后需要进入bash应用配置
docker exec -it gitlab bash
gitlab-ctl reconfigure
gitlab-rails console # console调试
# 注意配置完成后重启docker gitlab
exit
docker restart gitlab
如果出现以下错误:
Error response from daemon: Cannot restart container gitlab: driver failed programming external connectivity on endpoint gitlab (5b2b1b646aea89819e84926057431d119eabd25a0bfe49247b468bde14103367): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8021 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
基本可以通过重启docker解决.
systemctl restart docker
查看日志:
docker logs -f -t --tail=10 f41c6a557eb6
*跑起来以后内存大概常驻40%(8G物理内存)。
未完待续
最后更新 2019-8-4 03:41:37
