服务器配置要求:
8核16GB,带宽建议动态带宽按量收费。峰值设置50M。
OSS:阿里云,腾讯云 二选一
端口开放:
| 服务名称 | 版本 | 开放端口 |
|---|---|---|
| mall-gateway.jar | 服务端口:8201 | |
| mall-auth.jar | 服务端口:8401 | |
| mall-account.jar | 服务端口:8088 | |
| mall-admin.jar | 服务端口:8080 | |
| mall-shop.jar | 服务端口:8089 | |
| mall-sns.jar | 服务端口:8085 | |
| mall-pay.jar | 服务端口:8086 | |
| mall-edu.jar | 服务端口:8082 | |
| mall-im.jar | 服务端口:8099 | |
| mall-cms.jar | 服务端口:8087 | |
| mall-search.jar | 服务端口:8081 | |
| nacos | 2.0.0 | 服务端口:8848 |
| Seata | 1.3.0 | 服务端口:8091 |
| Nginx | 最新 | 服务端口:80,443 |
| MySQL | 5.6.51 | 服务端口:3306 |
| Redis | 5.0 | 服务端口:6379 |
| elasticsearch | 7.17.3 | 服务端口:9200, 9300 |
| Logstash | 7.17.3 | 服务端口:4560, 4561,4562,4563 |
| Kibana | 7.17.3 | 服务端口:5601 |
| RabbitMQ | 3.7.4 | 服务端口:5672 15672 |
| Sentinel | 最新 | 服务端口:8718 |
| Portainer | 服务端口:9000 |
MySQL安装
下载MySQL5.6.51的docker镜像:
docker pull mysql:5.6.51使用如下命令启动MySQL服务:
docker run -p 3306:3306 --name mysql \ -v /data/mysql/log:/var/log/mysql \ -v /data/mysql/data:/var/lib/mysql \ -v /data/mysql/conf:/etc/mysql \ -v /etc/localtime:/etc/localtime \ -e MYSQL_ROOT_PASSWORD=root \ --restart=always \ -d mysql:5.6.51参数说明
- -p 3306:3306:将容器的3306端口映射到主机的3306端口
- -v /data/mysql/conf:/etc/mysql:将配置文件夹挂在到主机
- -v /data/mysql/log:/var/log/mysql:将日志文件夹挂载到主机
- -v /data/mysql/data:/var/lib/mysql/:将数据文件夹挂载到主机
- -e MYSQL_ROOT_PASSWORD=root:初始化root用户的密码
进入运行MySQL的docker容器:
docker exec -it mysql /bin/bash使用MySQL命令打开客户端:
mysql -uroot -proot --default-character-set=utf8mb4创建mall数据库:
create database mall character set utf8mb4;先将 store_dev.sql 上传到/data/,将
store_dev.sql文件拷贝到mysql容器的/目录下:docker cp /data/store_dev.sql mysql:/将sql文件导入到数据库:
use mall; source /store_dev.sql;创建一个reader:123456帐号并修改权限,使得任何ip都能访问:
注意:此处请自定义自己的账号密码,这里只是示例。grant all privileges on *.* to 'mall' @'%' identified by '123456';备份数据库脚本
mysqlback.sh#!/bin/bash # 备份文件保存的目录 backup_dir="/data/mysqlbak/" # 获取当前日期和时间作为时间戳 timestamp=$(date +"%Y%m%d_%H%M%S") # 备份MySQL数据库到带有时间戳的文件名中 docker exec mysql sh -c 'exec mysqldump dataname -uuser -p"password"' > "${backup_dir}db_backup_${timestamp}.sql" # 列出备份目录下的所有备份文件,并按时间戳降序排序 backup_files=($(ls -t "${backup_dir}"*.sql)) # 计算备份文件数量 num_backup_files=${#backup_files[@]} # 如果备份文件数量超过50份,则删除较旧的备份文件 if [ $num_backup_files -gt 50 ]; then # 计算要删除的备份文件数量 num_to_delete=$((num_backup_files - 50)) # 循环删除较旧的备份文件 for ((i = 0; i < $num_to_delete; i++)); do rm "${backup_files[$i]}" done fi # 将最新的备份文件打包成压缩包 tar -czvf "${backup_dir}backup_${timestamp}.tar.gz" "${backup_dir}db_backup_${timestamp}.sql" # 删除原始的备份文件(可选,如果需要节省磁盘空间) rm "${backup_dir}db_backup_${timestamp}.sql"添加计划任务:
打开终端。
输入以下命令来编辑你的cron表(计划任务表):crontab -e如果是第一次编辑cron表,系统会要求你选择一个文本编辑器。你可以选择自己熟悉的编辑器,比如
nano或vim。
在打开的cron表中,添加以下行来每三十分钟执行一次任务:*/30 * * * * your_command_here将
your_command_here替换为你想要定期执行的命令或脚本路径。
- */30:表示每隔30分钟执行一次。
- *:表示任意的取值,这里代表每小时的任意分钟。
- *:表示任意的取值,这里代表任意一天的日期。
- *:表示任意的取值,这里代表任意一个月份。
- *:表示任意的取值,这里代表任意一周的星期几。
编辑完成后,保存并退出编辑器。
系统会自动保存你的cron表,并开始按照你的设置定期执行任务。
Redis安装
下载Redis5.0的docker镜像:
docker pull redis:5使用如下命令启动Redis服务:
docker run -p 6379:6379 --name redis \ -v /etc/localtime:/etc/localtime \ -v /data/redis/data:/data \ --restart=always \ -d redis:5 redis-server --appendonly yes --requirepass "pwd_123"进入Redis容器使用
redis-cli命令进行连接,验证是否启动成功:docker exec -it redis redis-cli
Nacos 安装
下载Nacos的docker镜像:
docker pull nacos/nacos-server:2.0.0启动nacos容器 从容器中复制配置文件和日志文件:
docker run -p 8848:8848 --name nacos -d nacos/nacos-server:2.0.0创建挂载目录 方便修改配置 查看日志:
#配置文件复制 docker cp nacos:/home/nacos /data/nacos停止用来复制日志和配置文件的nacos 容器
#停止容器 docker stop nacos #删除容器 docker rm nacos重新启动容器 并挂载目录 启动命令
docker run -d \ -e MODE=standalone \ -v /etc/localtime:/etc/localtime \ -v /data/nacos/logs:/home/nacos/logs \ -v /data/nacos/conf:/home/nacos/conf \ -v /data/nacos/data:/home/nacos/data \ -p 8848:8848 \ --name nacos \ --restart=always \ nacos/nacos-server:2.0.0
Seata 安装
下载Seata的docker镜像:
docker pull seataio/seata-server:1.3.0启动nacos容器 获取配置文件:
docker run --name seata-server -p 8091:8091 -d seataio/seata-server:1.3.0创建挂载目录 方便修改配置:
docker cp seata-server:/seata-server /data/seata停止用来复制配置文件的Seata容器
#停止容器 docker stop seata-server #删除容器 docker rm seata-server修改配置文件,进入目录/data/seata/resources中修改file.conf和registry.conf中的内容
修改文件 file.conf
## transaction log store, only used in seata-server store { ## store mode: file、db、redis mode = "db" ## file store property file { ## store location dir dir = "sessionStore" # branch session size , if exceeded first try compress lockkey, still exceeded throws exceptions maxBranchSessionSize = 16384 # globe session size , if exceeded throws exceptions maxGlobalSessionSize = 512 # file buffer size , if exceeded allocate new buffer fileWriteBufferCacheSize = 16384 # when recover batch read size sessionReloadReadSize = 100 # async, sync flushDiskMode = async } ## database store property db { ## the implement of javax.sql.DataSource, such as DruidDataSource(druid)/BasicDataSource(dbcp)/HikariDataSource(hikari) etc. datasource = "druid" ## mysql/oracle/postgresql/h2/oceanbase etc. dbType = "mysql" driverClassName = "com.mysql.jdbc.Driver" url = "jdbc:mysql://127.0.0.1:3306/mallsuite?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&&zeroDateTimeBehavior=convertToNull" user = "mall" password = "mall" minConn = 5 maxConn = 30 globalTable = "global_table" branchTable = "branch_table" lockTable = "lock_table" queryLimit = 100 maxWait = 5000 } ## redis store property redis { host = "127.0.0.1" port = "6379" password = "pwd_123" database = "0" minConn = 1 maxConn = 10 queryLimit = 100 } }修改文件 registry.conf,参考一下配置。
(nacos服务对应的ip地址假设为:127.0.0.1;nacos服务的用户名密码假设都为:nacos):registry { # file 、nacos 、eureka、redis、zk、consul、etcd3、sofa type = "nacos" nacos { application = "seata-server" serverAddr = "127.0.0.1:8848" group = "SEATA_GROUP" namespace = "" cluster = "default" username = "nacos" password = "nacos" } redis { serverAddr = "localhost:6379" db = 0 password = "pwd_123" cluster = "default" timeout = 0 } file { name = "file.conf" } } config { # file、nacos 、apollo、zk、consul、etcd3 type = "file" nacos { serverAddr = "127.0.0.1:8848" namespace = "" group = "SEATA_GROUP" username = "nacos" password = "nacos" } file { name = "file.conf" } }准备 config.txt 文件 放入 /data/seata/文件夹中,内容参考以下配置(主要注意数据库连接串和用户名密码的修改):
transport.type=TCP transport.server=NIO transport.heartbeat=true transport.enableClientBatchSendRequest=true transport.threadFactory.bossThreadPrefix=NettyBoss transport.threadFactory.workerThreadPrefix=NettyServerNIOWorker transport.threadFactory.serverExecutorThreadPrefix=NettyServerBizHandler transport.threadFactory.shareBossWorker=false transport.threadFactory.clientSelectorThreadPrefix=NettyClientSelector transport.threadFactory.clientSelectorThreadSize=1 transport.threadFactory.clientWorkerThreadPrefix=NettyClientWorkerThread transport.threadFactory.bossThreadSize=1 transport.threadFactory.workerThreadSize=default transport.shutdown.wait=3 service.vgroupMapping.my_test_tx_group=default service.default.grouplist=127.0.0.1:8091 service.enableDegrade=false service.disableGlobalTransaction=false client.rm.asyncCommitBufferLimit=10000 client.rm.lock.retryInterval=10 client.rm.lock.retryTimes=30 client.rm.lock.retryPolicyBranchRollbackOnConflict=true client.rm.reportRetryCount=5 client.rm.tableMetaCheckEnable=false client.rm.tableMetaCheckerInterval=60000 client.rm.sqlParserType=druid client.rm.reportSuccessEnable=false client.rm.sagaBranchRegisterEnable=false client.rm.sagaJsonParser=fastjson client.rm.tccActionInterceptorOrder=-2147482648 client.tm.commitRetryCount=5 client.tm.rollbackRetryCount=5 client.tm.defaultGlobalTransactionTimeout=60000 client.tm.degradeCheck=false client.tm.degradeCheckAllowTimes=10 client.tm.degradeCheckPeriod=2000 client.tm.interceptorOrder=-2147482648 store.mode=db store.lock.mode=file store.session.mode=file store.publicKey= store.file.dir=file_store/data store.file.maxBranchSessionSize=16384 store.file.maxGlobalSessionSize=512 store.file.fileWriteBufferCacheSize=16384 store.file.flushDiskMode=async store.file.sessionReloadReadSize=100 store.db.datasource=druid store.db.dbType=mysql store.db.driverClassName=com.mysql.jdbc.Driver store.db.url=jdbc:mysql://127.0.0.1:3306/mallsuite?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai&&zeroDateTimeBehavior=convertToNull store.db.user=root #数据库用户名 store.db.password=root #数据库密码 store.db.minConn=5 store.db.maxConn=30 store.db.globalTable=global_table store.db.branchTable=branch_table store.db.distributedLockTable=distributed_lock store.db.queryLimit=100 store.db.lockTable=lock_table store.db.maxWait=5000 server.recovery.committingRetryPeriod=1000 server.recovery.asynCommittingRetryPeriod=1000 server.recovery.rollbackingRetryPeriod=1000 server.recovery.timeoutRetryPeriod=1000 server.maxCommitRetryTimeout=-1 server.maxRollbackRetryTimeout=-1 server.rollbackRetryTimeoutUnlockEnable=false server.distributedLockExpireTime=10000 client.undo.dataValidation=true client.undo.logSerialization=jackson client.undo.onlyCareUpdateColumns=true server.undo.logSaveDays=7 server.undo.logDeletePeriod=86400000 client.undo.logTable=undo_log client.undo.compress.enable=true client.undo.compress.type=zip client.undo.compress.threshold=64k log.exceptionRate=100 transport.serialization=seata transport.compressor=none metrics.enabled=false metrics.registryType=compact metrics.exporterList=prometheus metrics.exporterPrometheusPort=9898 tcc.fence.logTableName=tcc_fence_log tcc.fence.cleanPeriod=1h新建 nacos-config.sh 放入 /data/seata/resources文件夹中;参考配置如下:
#!/bin/sh # Copyright 1999-2019 Seata.io Group. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at、 # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. while getopts ":h:p:g:t:u:w:" opt do case $opt in h) host=$OPTARG ;; p) port=$OPTARG ;; g) group=$OPTARG ;; t) tenant=$OPTARG ;; u) username=$OPTARG ;; w) password=$OPTARG ;; ?) echo " USAGE OPTION: $0 [-h host] [-p port] [-g group] [-t tenant] [-u username] [-w password] " exit 1 ;; esac done if [ -z ${host} ]; then host=localhost fi if [ -z ${port} ]; then port=8848 fi if [ -z ${group} ]; then group="SEATA_GROUP" fi if [ -z ${tenant} ]; then tenant="" fi if [ -z ${username} ]; then username="" fi if [ -z ${password} ]; then password="" fi nacosAddr=$host:$port contentType="content-type:application/json;charset=UTF-8" echo "set nacosAddr=$nacosAddr" echo "set group=$group" urlencode() { length="${#1}" i=0 while [ $length -gt $i ]; do char="${1:$i:1}" case $char in [a-zA-Z0-9.~_-]) printf $char ;; *) printf '%%%02X' "'$char" ;; esac i=`expr $i + 1` done } failCount=0 tempLog=$(mktemp -u) function addConfig() { dataId=`urlencode $1` content=`urlencode $2` curl -X POST -H "${contentType}" "http://$nacosAddr/nacos/v1/cs/configs?dataId=$dataId&group=$group&content=$content&tenant=$tenant&username=$username&password=$password" >"${tempLog}" 2>/dev/null if [ -z $(cat "${tempLog}") ]; then echo " Please check the cluster status. " exit 1 fi if [ "$(cat "${tempLog}")" == "true" ]; then echo "Set $1=$2 successfully " else echo "Set $1=$2 failure " failCount=`expr $failCount + 1` fi } count=0 for line in $(cat $(dirname "$PWD")/config.txt | sed s/[[:space:]]//g); do count=`expr $count + 1` key=${line%%=*} value=${line#*=} addConfig "${key}" "${value}" done echo "=========================================================================" echo " Complete initialization parameters, total-count:$count , failure-count:$failCount " echo "=========================================================================" if [ ${failCount} -eq 0 ]; then echo " Init nacos config finished, please start seata-server. " else echo " init nacos config fail. " fi准备好以上4步骤的文件后:
#进入/data/seata/resources cd /data/seata/resources # 导入配置(注意替换nacos的用户名密码) sh nacos-config.sh -h 127.0.0.1 -p 8848 -g SEATA_GROUP -u nacos -w nacos重新启动seata:
注意:这里启动的时候检查一下挂载的配置文件目录,/data/seata根据实际目录配置。有的环境可能是/data/seata/seata-server
docker run -d --restart always \
--name seata-server \
-v /etc/localtime:/etc/localtime \
-p 8091:8091 -v /data/seata:/seata-server \
seataio/seata-server:1.3.0- 确认是否注册成功,如图是成功的内容。
Elasticsearch安装
- 下载Elasticsearch
7.17.3的docker镜像docker pull elasticsearch:7.17.3 - 修改虚拟内存区域大小,否则会因为过小而无法启动:
sysctl -w vm.max_map_count=262144 - 创建Elasticsearch 相关挂载目录
mkdir -p /data/elasticsearch/config mkdir -p /data/elasticsearch/data mkdir -p /data/elasticsearch/plugins - 创建文件
vi /data/elasticsearch/config/elasticsearch.yml - elasticsearch.yml如下内容:
http.host: 0.0.0.0 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true - 设置目录权限,否则会报错
cd /data/elasticsearch/ chmod +x config/elasticsearch.yml - 使用如下命令启动Elasticsearch服务,内存小的服务器可以通过
ES_JAVA_OPTS来设置占用内存大小:docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \ -e "discovery.type=single-node" \ -e "cluster.name=elasticsearch" \ -e "ES_JAVA_OPTS=-Xms512m -Xmx1024m" \ -v /etc/localtime:/etc/localtime \ -v /data/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /data/elasticsearch/plugins:/usr/share/elasticsearch/plugins \ -v /data/elasticsearch/data:/usr/share/elasticsearch/data \ --restart=always \ -d elasticsearch:7.17.3 - 启动时如果发现/usr/share/elasticsearch/data目录没有访问权限,只需要修改/data/elasticsearch/data目录的权限,再重新启动即可;
chmod 777 /data/elasticsearch/data/ - 安装中文分词器IKAnalyzer,注意下载与Elasticsearch对应的版本,下载地址:https://github.com/medcl/elasticsearch-analysis-ik/releases
- 创建存放目录:
cd /data/elasticsearch/plugins mkdir elasticsearch-analysis-ik - 下载完成后解压到Elasticsearch的/data/elasticsearch/plugins/elasticsearch-analysis-ik目录下;
- 重新启动服务:
docker restart elasticsearch - 进入运行elasticsearch的docker容器:
docker exec -it elasticsearch /bin/bash - 配置访问es密码步骤
./bin/elasticsearch-setup-passwords interactive - 开启防火墙:
firewall-cmd --zone=public --add-port=9200/tcp --permanent firewall-cmd --reload
Logstash安装
下载Logstash7.17.3的docker镜像:
docker pull logstash:7.17.3创建Logstash 相关挂载目录:
mkdir /data/logstash创建Logstash的配置文件logstash.conf
cd /data/logstash touch logstash.conf vim logstash.conf放入一下内容:配置文件logstash.conf中output节点下的Elasticsearch连接地址为es:9200
input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines type => "debug" } tcp { mode => "server" host => "0.0.0.0" port => 4561 codec => json_lines type => "error" } tcp { mode => "server" host => "0.0.0.0" port => 4562 codec => json_lines type => "business" } tcp { mode => "server" host => "0.0.0.0" port => 4563 codec => json_lines type => "record" } } filter{ if [type] == "record" { mutate { remove_field => "port" remove_field => "host" remove_field => "@version" } json { source => "message" remove_field => ["message"] } } } output { elasticsearch { hosts => "es:9200" index => "%{project}-%{service}" user => "elastic" password => "**********" } }创建创建Logstash的配置文件logstash.yml.
cd /data/logstash touch logstash.yml vim logstash.ymllogstash.yml文件内容:
http.host: "0.0.0.0" xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: elastic xpack.monitoring.elasticsearch.password: ***** xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]在logstash.yml中配置用户名和密码
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: *
账号密码为es初始化中设置的密码启动logstash :
docker run --name logstash -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 \ --link elasticsearch:es \ -v /etc/localtime:/etc/localtime \ -v /data/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml \ -v /data/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \ --restart=always \ -d logstash:7.17.3进入容器内部,安装
json_lines插件。docker exec -it logstash /bin/bash logstash-plugin install logstash-codec-json_lines
Kibana安装
- 下载
Kibana7.17.3的docker镜像:docker pull kibana:7.17.3 - 创建kibana挂载的相关目录:
mkdir -p /data/kibana - 创建kibana的配置文件kibana.yml
cd /data/kibana touch kibana.yml vim kibana.yml - kibana.yml文件内容:
server.host: "0.0.0.0" server.shutdownTimeout: "5s" elasticsearch.hosts: [ "http://elasticsearch:9200" ] elasticsearch.username: "elastic" elasticsearch.password: "*****" i18n.locale: "zh-CN"
elasticsearch.username: “elastic”
elasticsearch.password: “*“
账号密码为es初始化中设置的密码
重启kibana
输入http://ip:5601打开登录页面,使用elastic账号登录.
使用如下命令启动Kibana服务:
docker run --name kibana -p 5601:5601 \ --link elasticsearch:es \ -e "elasticsearch.hosts=http://es:9200" \ -v /etc/localtime:/etc/localtime \ -v /data/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml \ --restart=always \ -d kibana:7.17.3开启防火墙:
firewall-cmd --zone=public --add-port=5601/tcp --permanent firewall-cmd --reload访问地址进行测试:http://ip:5601
Analytics–>Discover–>mall-suite*
RabbitMQ
- 拉取 RabbitMQ 镜像
docker pull rabbitmq:3.7.4 - 创建 RabbitMQ 容器
docker run --name rabbitmq -v /etc/localtime:/etc/localtime -p 5672:5672 -p 15672:15672 --restart=always -d rabbitmq:3.7.4 - 访问 RabbitMQ 管理界面
在浏览器中访问 http://localhost:15672,你将看到 RabbitMQ 的管理界面。
使用默认的用户名和密码 guest/guest 登录。
Sentinel
- 拉取 Sentinel 镜像
docker pull bladex/sentinel-dashboard - 创建 Sentinel 容器
docker run -d -p 8718:8080 --name sentinel-dashboard bladex/sentinel-dashboard
商城服务端
(这种方式非必须,最终会使用docker部署,详看《搭建docker私有化镜像仓库》和《使用jenkins实现自动化部署》)
- 上传服务包jra包。
#创建目录 mkdir -p /data/wwwnohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-account.jar >/data/logs/mall-account.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-admin.jar >/data/logs/mall-admin.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-auth.jar >/data/logs/mall-auth.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-cms.jar >/data/logs/mall-cms.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-gateway.jar >/data/logs/mall-gateway.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-im.jar >/data/logs/mall-im.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-pay.jar >/data/logs/mall-pay.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-shop.jar >/data/logs/mall-shop.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-sns.jar >/data/logs/mall-sns.log 2>&1 & nohup java -jar -Xms128m -Xmx256m -XX:PermSize=64M -XX:MaxPermSize=128M mall-search.jar >/data/logs/mall-sns.log 2>&1 &
Nginx安装
- 下载Nginx的docker镜像:
docker pull nginx - 先运行一次容器(为了拷贝配置文件):
docker run -p 80:80 --name nginx \ -v /data/nginx/html:/usr/share/nginx/html \ -v /data/nginx/logs:/var/log/nginx \ -v /etc/localtime:/etc/localtime \ -d nginx:latest - 将容器内的配置文件拷贝到指定目录:
docker container cp nginx:/etc/nginx /data/nginx/ - 修改文件名称:
# 进入/data/nginx/ cd /data/nginx/ # 修改文件名 mv nginx conf - 终止并删除容器:
docker stop nginx docker rm nginx - 修改nginx配置,设置最大上传文件:client_max_body_size,这里不修改移动端装修会保存失败。
vim /data/nginx/conf/nginx.conf client_max_body_size 50m;
上传ssl证书:
#进入/data/nginx cd /data/nginx #创建ssl文件存放证书 mkdir ssl上传代码包:
#创建目录 mkdir -p /data/nginx/www/mallsuite cd /data/nginx/www/mallsuite
配置站点域名:
#进入存放配置文件目录 cd /data/nginx/conf/conf.d #创建文件 touch mallsuite.conf #编辑文件 vim mallsuite.conf放入以下内容:注意修改接口请求地址,这里127.0.0.1为示例。
upstream nacos { server 127.0.0.1:8848 weight=1; } upstream backend { server 127.0.0.1:8099; } server { listen 80; server_name yourdomain; #需要将yourdomain替换成证书绑定的域名。 rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。 location / { index index.html index.htm; } } server { #listen 80; listen 443 ssl ; server_name yourdomain; index index.php index.html index.htm default.php default.htm default.html; root /www/mallsuite/; #启动nginx镜像挂载目录 #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则 #error_page 404/404.html; ssl_certificate /etc/nginx/ssl/7959472.com.pem;#修改为自己ssl证书 ssl_certificate_key /etc/nginx/ssl/7959472.com.key;#修改为自己ssl证书 ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri; #SSL-END #ERROR-PAGE-START 错误页配置,可以注释、删除或修改 #error_page 404 /404.html; #error_page 502 /502.html; #ERROR-PAGE-END #PHP-INFO-START PHP引用配置,可以注释或修改 #include enable-php-00.conf; #PHP-INFO-END #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效 #include /www/server/panel/vhost/rewrite/101.133.142.46.conf; #REWRITE-END #禁止访问的文件或目录 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } #一键申请SSL证书验证目录相关设置 location ~ \.well-known{ allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log /dev/null; } location ~ .*\.(js|css)?$ { expires 12h; error_log /dev/null; access_log /dev/null; } location ~* \.(eot|ttf|woff|woff2|svg)$ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; } location ^~ /im/ { root /www/mallsuite/admin/; #保持一致,在root /www/mallsuite/ 加admin #启动nginx镜像已挂载目录 } location ^~ /api/shop/static/ { proxy_pass http://127.0.0.1:8201/shop/static/; } location ^~ /api/admin/static/ { proxy_pass http://127.0.0.1:8201/admin/static/; } location ^~ /api/doc.html { proxy_pass http://127.0.0.1:8201/doc.html; } location ^~ /api/webjars/ { proxy_pass http://127.0.0.1:8201/webjars/; } location /h5/ { try_files $uri $uri/ @router; index index.html index.htm; } location @router { rewrite ^.*$ /h5/index.html last; } location /admin/ { try_files $uri $uri/ @routeradmin; index index.html index.htm; } location @routeradmin { rewrite ^.*$ /admin/index.html last; } location /mobile/ { proxy_pass http://127.0.0.1:8201/mobile/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } location /api/ { proxy_pass http://127.0.0.1:8201/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } location /mallsuiteImSocketServer { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } #图片本地存储上传的静态文件访问路径 location ^~ /admin/oss/upload/ { proxy_pass http://localhost:8201/admin/oss/upload/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; } #上传的静态文件访问路径 location ^~ /static/ { root /opt/apps/mall/public/; } access_log /wwwlogs/access.log; error_log /wwwlogs/error.log; }使用如下命令启动Nginx服务:
docker run -p 80:80 -p 443:443 --name nginx \ -v /etc/localtime:/etc/localtime \ -v /data/nginx/html:/usr/share/nginx/html \ -v /data/nginx/www:/www \ -v /data/nginx/wwwlogs:/wwwlogs \ -v /data/nginx/logs:/var/log/nginx \ -v /data/nginx/conf:/etc/nginx \ -v /data/nginx/ssl:/etc/nginx/ssl/ \ -v /data/nginx/www:/opt/apps/mall/public/static \ --restart=always \ -d nginx:latest
可视化管理工具
Portainer 是一款轻量级的应用,它提供了图形化界面,用于方便的管理Docker环境,包括单机环境和集群环境,下面我们将用Portainer来管理Docker容器中的应用。
获取Docker镜像文件:
docker pull portainer/portainer使用docker容器运行Portainer:
docker run -p 9000:9000 -p 8000:8000 --name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/localtime:/etc/localtime \
-v /data/portainer/data:/data \
-d portainer/portainer查看Portainer的DashBoard信息,访问地址:http://192.168.3.101:9000
文档更新时间: 2024-02-29 12:04 作者:随商信息技术(上海)有限公司
