记一次生产项目的实施部署

<谨供参考>

架构图

0001机器

docker安装

  • 更新yum
    yum update
  • 安装 yum-utils,它提供了 yum-config-manager,可用来管理yum源
    sudo yum install -y yum-utils
  • yum添加软件源
    sudo yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
  • 然后刷新缓存
    sudo yum makecache fast
  • 然后安装docker-ce
    sudo yum install docker-ce
  • 启动 docker
    sudo systemctl start docker
  • 验证是否安装成功
    sudo docker info
  • 开机启动
    sudo systemctl enable docker

docker-compose安装

1
将docker-compose文件上传到 /usr/local/bin/ 文件夹下,修改此文件的权限,增加可执行:chmod +x /usr/local/bin/docker-compose

nginx

  1. 添加源

到 cd /etc/yum.repos.d/ 目录下,新建 vim nginx.repo 文件,输入以下信息

1
2
3
4
5
6
7
8
9
10
11
12
13
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
  1. 安装Nginx
  • 看是否已经添加源成功。如果成功则执行下列命令安装nginx。
    yum search nginx

  • 安装nginx。
    yum install nginx

  • 安装完后, 查看
    rpm -qa | grep nginx

  • 启动nginx:
    systemctl start nginx

  • 加入开机启动:
    systemctl enable nginx

  • 查看nginx的状态:
    systemctl status nginx

  1. 修改nginx配置文件内容如下(见附件)
  2. 重启nginx
  • 检测
    nginx -t
  • 平滑重启
    nginx -s reload

other

keycloak

  • https://github.com/ivangfr/keycloak-clustered.git
  • https://www.keycloak.org/2019/05/keycloak-cluster-setup.html
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    services:
    keycloak:
    image: ivanfranchin/keycloak-clustered:12.0.4
    command: "-Djboss.node.name=0001 -Djboss.bind.address.management=0.0.0.0 -Djboss.bind.address.private=0.0.0.0 -Djboss.bind.address=0.0.0.0"
    volumes:
    - /etc/localtime:/etc/localtime:ro
    privileged: true
    environment:
    - CACHE_OWNERS=2
    - DB_VENDOR=xxx
    - DB_ADDR=xxx
    - DB_PORT=xxx
    - DB_DATABASE=xxx
    - DB_USER=xxx
    - DB_PASSWORD=xxx
    - KEYCLOAK_USER=xxx
    - KEYCLOAK_PASSWORD=xxx
    - JGROUPS_DISCOVERY_EXTERNAL_IP=本地ip
    - JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING
    - JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=java:jboss/datasources/KeycloakDS
    - PROXY_ADDRESS_FORWARDING=true
    ports:
    - 8081:8080
    - 8443:8443
    - 7600:7600
  • [去掉ssl要求] - keycloak 用私有地址可以不使用ssl登录方式,如果用公网就需要用ssl登录方式。去掉ssl要求方式 - 站内搜索keycloak

rabbitmq

  • [Docker搭建RabbitMQ双节点集群] - 搜索: Docker搭建RabbitMQ双节点集群
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    version: '3'
    services:
    rabbitmq:
    image: rabbitmq:3.8.14-management
    privileged: true
    container_name: rabbitmq01
    hostname: rabbitmq01
    volumes:
    - /opt/rabbitmq/data:/var/lib/rabbitmq
    - /opt/rabbitmq/log:/var/log/rabbitmq
    - /etc/localtime:/etc/localtime:ro
    environment:
    RABBITMQ_ERLANG_COOKIE: rabbitmqCookie
    extra_hosts:
    - "rabbitmq01:xxx"
    - "rabbitmq02:xxx"
    ports:
    - 5671:5671
    - 5672:5672
    - 15672:15672
    - 4369:4369
    - 25672:25672

server(服务)

  • Quarkus

  • Dockerfile

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
    ARG JAVA_PACKAGE=java-11-openjdk-headless
    ARG RUN_JAVA_VERSION=1.3.8
    ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
    # Install java and the run-java script
    # Also set up permissions for user `1001`
    RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \
    && microdnf update \
    && microdnf clean all \
    && mkdir /deployments \
    && chown 1001 /deployments \
    && chmod "g+rwX" /deployments \
    && chown 1001:root /deployments \
    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
    && chown 1001 /deployments/run-java.sh \
    && chmod 540 /deployments/run-java.sh \
    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
    # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
    ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
    COPY lib/* /deployments/lib/
    COPY *-runner.jar /deployments/app.jar
    EXPOSE 8088
    USER 1001
    ENTRYPOINT [ "/deployments/run-java.sh" ]
  • docker-compose

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    version: '3'
    services:
    xxx:
    image: xxx
    build:
    context: .
    container_name: xxx
    hostname: xxx
    restart: always
    volumes:
    - /opt/xxx/config:/deployments/config
    - /opt/xxx/logs:/deployments/logs
    - /etc/localtime:/etc/localtime:ro
    ports:
    - 8088:8088

nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
upstream keycloak {
server xxx:8081;
server xxx:8081;
}
upstream server {
server xxx:8088;
server xxx:8088;
}
# front
location / {
root /opt/xxx/front;
index index.html index.htm;
}
# server
location /server {
proxy_redirect off;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 300m;
proxy_pass http://server;
}
# keycloak
location /auth/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://keycloak;
}
# 与http模块同级
stream {
upstream rabbitmq {
server xxx:5672;
server xxx:5672;
}
server {
listen xxx;
proxy_pass rabbitmq;
}
}

0002机器

同1