海阔视界道长仓库搭建说明.md 4.9 KB

ubuntu1804快速装机指令(阿里云)
首先更换阿里源
rm /etc/apt/sources.list
vi /etc/apt/sources.list
 
把下面这些粘贴进去:
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
 
:wq保存后更新以下
 
sudo apt-get update
sudo apt-get upgrade
 

然后安docker
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
docker -v
 
 
镜像换源加速
/etc/docker/daemon.json
 
{"registry-mirrors":["https://registry.docker-cn.com","https://gfgiph4d.mirror.aliyuncs.com"]}
 
重启docker
 
sudo systemctl daemon-reload
sudo systemctl restart docker
 
安装portainer
 
docker volume create portainer_data
docker run -d --name portainer -p 9000:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data 6053537/portainer-ce

登录道长的dockerhub的账号密码
docker login
登录成功后
sudo docker run -idt -p 3325:22 -p 8025:8069 -p 5435:5432 --name hiker --restart always --privileged=true hjdhnx/odoo:20220106

安装nginx
apt-get install nginx
nginx -v
service nginx start
cd /etc/nginx/conf.d
vi hiker.conf
nginx -t
nginx -s reload

从主机复制到容器 sudo docker cp host_path containerID:container_path
从容器复制到主机 sudo docker cp containerID:container_path host_path

nginx配置海阔视界道长仓库

# nginx.conf
client_max_body_size 1024M; 上传文件大小限制
 
sendfile on; 设置为on表示启动高效传输文件的模式
 
keepalive_timeout 650;保持连接的时间,默认65s

#hiker.conf
server{
	if ($request_method ~ ^(HEAD)$ ) {
		return 403 "403 forbidden";
	}
}


limit_req_zone $binary_remote_addr zone=allips:10m rate=100r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
#limit_req_zone $binary_remote_addr zone=allips:10m rate=60r/m;
#limit_conn_zone $binary_remote_addr zone=addr:10m;

server{
    listen 80;
    server_name nokia.press;
    location / {
        limit_req zone=allips burst=5 nodelay;
        limit_conn addr 20;
        limit_rate 500k;
        #....
        proxy_pass http://localhost:8069;
    }
    ##### other directive
}

upstream odoo {
    server 127.0.0.1:8025 weight=1 fail_timeout=0;
}

upstream odoo-im {
    server 127.0.0.1:8069 weight=1 fail_timeout=0;
}

server{
    listen 80;
    server_name hiker.nokia.press;
    location / {
        #....
      #  proxy_pass http://localhost:8025;
       proxy_pass http://odoo;
         proxy_next_upstream error timeout invalid_header http_503;
        proxy_redirect off;
    proxy_read_timeout 300000;
       limit_req zone=allips burst=5 nodelay;
        limit_conn addr 200;
        limit_rate 5000k;
        # set headers
	proxy_buffer_size  128k;
       proxy_buffers   4 256k;
       proxy_busy_buffers_size 256k;

        proxy_set_header    Host            $host;
       proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header    X-Forwarded-Proto https;
    }

    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }
    ##### other directive
}

server{
    listen 8031;
    server_name hiker.nokia.press;
    location / {
        #....
        proxy_pass http://odoo;
         proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
    proxy_read_timeout 300000;
       limit_req zone=allips burst=5 nodelay;
        limit_conn addr 20;
        limit_rate 500k;
        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }
    ##### other directive
}

设置封Ip和仓库重启策略

cd /etc/nginx/conf.d
chmod +x ./banips.sh
ln -s /etc/nginx/conf.d/banips.sh /usr/local/bin/banips
banips run

crontab -e

#5分钟执行一次封ip
*/2 * * * * banips run >> /etc/nginx/conf.d/banips.log  2>&1