记一次生产项目的实施部署

<谨供参考>

架构图

0001机器

docker安装

  • 更新yum
    yum update
  • 安装 yum-utils,它提供了 yum-config-manager,可用来管理yum源
    sudo yum install -y yum-utils
  • yum添加软件源
    sudo yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
  • 然后刷新缓存
    sudo yum makecache fast
  • 然后安装docker-ce
    sudo yum install docker-ce
  • 启动 docker
    sudo systemctl start docker
  • 验证是否安装成功
    sudo docker info
  • 开机启动
    sudo systemctl enable docker

docker-compose安装

1
将docker-compose文件上传到 /usr/local/bin/ 文件夹下,修改此文件的权限,增加可执行:chmod +x /usr/local/bin/docker-compose

nginx

  1. 添加源

到 cd /etc/yum.repos.d/ 目录下,新建 vim nginx.repo 文件,输入以下信息

1
2
3
4
5
6
7
8
9
10
11
12
13
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
  1. 安装Nginx

  • 看是否已经添加源成功。如果成功则执行下列命令安装nginx。
    yum search nginx

  • 安装nginx。
    yum install nginx

  • 安装完后, 查看
    rpm -qa | grep nginx

  • 启动nginx:
    systemctl start nginx

  • 加入开机启动:
    systemctl enable nginx

  • 查看nginx的状态:
    systemctl status nginx

  1. 修改nginx配置文件内容如下(见附件)
  2. 重启nginx
  • 检测
    nginx -t
  • 平滑重启
    nginx -s reload

other

keycloak

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
services:
  keycloak:
      image: ivanfranchin/keycloak-clustered:12.0.4
      command: "-Djboss.node.name=0001 -Djboss.bind.address.management=0.0.0.0 -Djboss.bind.address.private=0.0.0.0 -Djboss.bind.address=0.0.0.0"
      volumes:
        - /etc/localtime:/etc/localtime:ro
      privileged: true
      environment:
        - CACHE_OWNERS=2
        - DB_VENDOR=xxx
        - DB_ADDR=xxx
        - DB_PORT=xxx
        - DB_DATABASE=xxx
        - DB_USER=xxx
        - DB_PASSWORD=xxx
        - KEYCLOAK_USER=xxx
        - KEYCLOAK_PASSWORD=xxx
        - JGROUPS_DISCOVERY_EXTERNAL_IP=本地ip
        - JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING
        - JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=java:jboss/datasources/KeycloakDS
        - PROXY_ADDRESS_FORWARDING=true
      ports:
        - 8081:8080
        - 8443:8443
        - 7600:7600
  • [去掉ssl要求] - keycloak 用私有地址可以不使用ssl登录方式,如果用公网就需要用ssl登录方式。去掉ssl要求方式 - 站内搜索keycloak

rabbitmq

  • [Docker搭建RabbitMQ双节点集群] - 搜索: Docker搭建RabbitMQ双节点集群
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
version: '3'
services:
  rabbitmq:
      image: rabbitmq:3.8.14-management
      privileged: true
      container_name: rabbitmq01
      hostname: rabbitmq01
      volumes:
        - /opt/rabbitmq/data:/var/lib/rabbitmq
        - /opt/rabbitmq/log:/var/log/rabbitmq
        - /etc/localtime:/etc/localtime:ro
      environment:
          RABBITMQ_ERLANG_COOKIE: rabbitmqCookie
      extra_hosts:
        - "rabbitmq01:xxx"
        - "rabbitmq02:xxx"
      ports:
        - 5671:5671
        - 5672:5672
        - 15672:15672
        - 4369:4369
        - 25672:25672

server(服务)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
ARG JAVA_PACKAGE=java-11-openjdk-headless
ARG RUN_JAVA_VERSION=1.3.8
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
# Install java and the run-java script
# Also set up permissions for user `1001`
RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \
    && microdnf update \
    && microdnf clean all \
    && mkdir /deployments \
    && chown 1001 /deployments \
    && chmod "g+rwX" /deployments \
    && chown 1001:root /deployments \
    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
    && chown 1001 /deployments/run-java.sh \
    && chmod 540 /deployments/run-java.sh \
    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
# Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
COPY lib/* /deployments/lib/
COPY *-runner.jar /deployments/app.jar
EXPOSE 8088
USER 1001
ENTRYPOINT [ "/deployments/run-java.sh" ]
  • docker-compose
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
version: '3'
services:
  xxx:
    image: xxx
    build:
      context: .
    container_name: xxx
    hostname: xxx
    restart: always
    volumes:
      - /opt/xxx/config:/deployments/config
      - /opt/xxx/logs:/deployments/logs
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 8088:8088

nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
upstream keycloak {
    server xxx:8081;
    server xxx:8081;
}
upstream server {
    server xxx:8088;
    server xxx:8088;
}
# front
location / {
    root  /opt/xxx/front;
    index  index.html index.htm;
}
# server
location /server {
    proxy_redirect off;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size 300m;
    proxy_pass http://server;
}
# keycloak
location /auth/ {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://keycloak;
}
# 与http模块同级
stream {
    upstream rabbitmq {
        server xxx:5672;
        server xxx:5672;
    }
    server {
      listen xxx;
      proxy_pass rabbitmq;
    }
}

0002机器

同1