cby 发布的文章 - 小陈运维

登录 / 注册

chenby

累计撰写 211 篇文章
累计收到 124 条评论

搜索到 211 篇与 cby 的结果

2022-04-15
Let's Encrypt 泛域名证书申请泛域名泛域名证书又名通配符证书是SSL证书中的其中一种形式，一般会以通配符的形式(如：*.domain.com)来指定证书所要保护的域名。OV证书和DV证书都会有通配符的域名形式提供，而EV证书一般没有通配符的证书形式。1.配置灵活方便由于采用了通配符的形式对域名进行配置，那么对于拥有多个二级域名的网站是一件非常便利的事情。只要申请一张通配符证书，就能用于所有的二级域名网站中。而且如果以后需要继续增加二级域名，也不需要再去申请购买证书，只需继续使用原有的证书就可以，对于网站管理者来说确实是非常的方便。2.性价比高一般而言，通配符证书是会比单域名证书会贵上不少，但是假如按每个二级域名的证书价格摊分下来，那其实证书单价是及其的低。当然这要看你的二级域名数量总数有多少而定。但如今互联网时代，很多公司企业他们都会用户多个二级域名。对于这些企业而言，通配符证书无疑是一种高性价比的SSL证书。安装所需环境root@cby:~# apt-get install socat -y root@cby:~# curl https://get.acme.sh | sh -s email=cby@chenby.cn % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 937 0 937 0 0 788 0 --:--:-- 0:00:01 --:--:-- 789 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 210k 100 210k 0 0 131k 0 0:00:01 0:00:01 --:--:-- 131k [Fri 15 Apr 2022 11:54:09 AM CST] Installing from online archive. [Fri 15 Apr 2022 11:54:09 AM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Fri 15 Apr 2022 11:54:11 AM CST] Extracting master.tar.gz [Fri 15 Apr 2022 11:54:11 AM CST] Installing to /root/.acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installed to /root/.acme.sh/acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installing alias to '/root/.bashrc' [Fri 15 Apr 2022 11:54:11 AM CST] OK, Close and reopen your terminal to start using acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installing cron job 49 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [Fri 15 Apr 2022 11:54:11 AM CST] Good, bash is found, so change the shebang to use bash as preferred. [Fri 15 Apr 2022 11:54:12 AM CST] OK [Fri 15 Apr 2022 11:54:12 AM CST] Install success! root@cby:~# 进入导入环境变量并提出申请root@cby:~# cd .acme.sh/ root@cby:~/.acme.sh# export DP_Id="abcd" root@cby:~/.acme.sh# export DP_Key="xxxxxxxxxx" root@cby:~/.acme.sh# ./acme.sh --issue --dns dns_dp -d *.oiox.cn -d oiox.cn [Fri 15 Apr 2022 12:05:13 PM CST] Using CA: https://acme.zerossl.com/v2/DV90 [Fri 15 Apr 2022 12:05:13 PM CST] Multi domain='DNS:*.oiox.cn,DNS:oiox.cn' [Fri 15 Apr 2022 12:05:13 PM CST] Getting domain auth token for each domain [Fri 15 Apr 2022 12:05:38 PM CST] Getting webroot for domain='*.oiox.cn' [Fri 15 Apr 2022 12:05:38 PM CST] Getting webroot for domain='oiox.cn' [Fri 15 Apr 2022 12:05:39 PM CST] Adding txt value: DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6E for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:05:39 PM CST] Adding record [Fri 15 Apr 2022 12:05:39 PM CST] The txt record is added: Success. [Fri 15 Apr 2022 12:05:40 PM CST] Adding txt value: 43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5I for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:05:40 PM CST] Adding record [Fri 15 Apr 2022 12:05:40 PM CST] The txt record is added: Success. [Fri 15 Apr 2022 12:05:40 PM CST] Let's check each DNS record now. Sleep 20 seconds first. [Fri 15 Apr 2022 12:06:01 PM CST] You can use '--dnssleep' to disable public dns checks. [Fri 15 Apr 2022 12:06:01 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Fri 15 Apr 2022 12:06:02 PM CST] Checking oiox.cn for _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:04 PM CST] Domain oiox.cn '_acme-challenge.oiox.cn' success. [Fri 15 Apr 2022 12:06:04 PM CST] Checking oiox.cn for _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:05 PM CST] Domain oiox.cn '_acme-challenge.oiox.cn' success. [Fri 15 Apr 2022 12:06:05 PM CST] All success, let's return [Fri 15 Apr 2022 12:06:05 PM CST] Verifying: *.oiox.cn [Fri 15 Apr 2022 12:06:17 PM CST] Processing, The CA is processing your order, please just wait. (1/30) [Fri 15 Apr 2022 12:06:24 PM CST] Success [Fri 15 Apr 2022 12:06:24 PM CST] Verifying: oiox.cn [Fri 15 Apr 2022 12:06:31 PM CST] Processing, The CA is processing your order, please just wait. (1/30) [Fri 15 Apr 2022 12:06:34 PM CST] Success [Fri 15 Apr 2022 12:06:34 PM CST] Removing DNS records. [Fri 15 Apr 2022 12:06:34 PM CST] Removing txt: DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6E for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:35 PM CST] Removed: Success [Fri 15 Apr 2022 12:06:35 PM CST] Removing txt: 43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5I for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:36 PM CST] Removed: Success [Fri 15 Apr 2022 12:06:36 PM CST] Verify finished, start to sign. [Fri 15 Apr 2022 12:06:36 PM CST] Lets finalize the order. [Fri 15 Apr 2022 12:06:36 PM CST] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA/finalize' [Fri 15 Apr 2022 12:06:44 PM CST] Order status is processing, lets sleep and retry. [Fri 15 Apr 2022 12:06:44 PM CST] Retry after: 15 [Fri 15 Apr 2022 12:07:00 PM CST] Polling order status: https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA [Fri 15 Apr 2022 12:07:03 PM CST] Downloading cert. [Fri 15 Apr 2022 12:07:03 PM CST] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/r4l-4WevkiEwiZA3U340ig' [Fri 15 Apr 2022 12:07:10 PM CST] Cert success. -----BEGIN CERTIFICATE----- MIIGaDCCBFCgAwIBAgIRAPw9soTBNxRGIVE6ANgMifAwDQYJKoZIhvcNAQEMBQAw SzELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9T U0wgUlNBIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMjA0MTUwMDAwMDBaFw0y MjA3MTQyMzU5NTlaMBQxEjAQBgNVBAMMCSoub2lveC5jbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALj8qi39uAgrhdwzQ6zP+ADRZgO2qGAVN4Qmu/ul tANIVXuM/B3lbD6RM+Msb1Df5FKXJoga+hBjBQI9iX+k4M3uf2isIeZBJix1dj2N 6o2NpcbCXEyPclOFSWHuOuMgCXKofThz9Vlgb1sZsuBv7+6mF/qGEmX2nsjIYlPh /x7NqB1+WF+ouKPWOvWTg/O+NaJd/8EkIhtqwYRH19JtIMxZAnVcnk/vlUirHFdl K0C21mCn4SZpG/k0tfLkUAJ/dokWAYKiAV5kCr1cpS/mEKGWKbgR0+e436ZlAXR8 pPJLHvV19U+D4+YrjvEGrxh0p3sQmVLAQiKvX8H/2e6/lJUCAwEAAaOCAnwwggJ4 MB8GA1UdIwQYMBaAFMjZeGii2Rlo1T1y3l8KPty1hoamMB0GA1UdDgQWBBQNQ6Tg Wc9VXEb7JBebpnqg07n6lDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE AbIxAQICTjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI BgZngQwBAgEwgYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3pl cm9zc2wuY3J0LnNlY3RpZ28uY29tL1plcm9TU0xSU0FEb21haW5TZWN1cmVTaXRl Q0EuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28u Y29tMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUARqVV63X6kSAwtaKJafTzfREs QXS+/Um4havy/HD+bUcAAAGAK2cJxgAABAMARjBEAiBqAyCsE36I+qUvZaEuWqNf XuLAgdaNl6Xi/XrtpEIQhAIgRxOZNoDnqjgxGxfuG4kaGvLzlJezgbzss49CK/pH g+MAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYArZwmVAAAE AwBGMEQCIE4CJqmMWMJBpSMumrxsK4hBV2aVoG6zke9vqjvUD6mQAiBaCjPj2NJC ULsSB39TVW9maHtX9oQ8Wl9vLAD4dKirkDAdBgNVHREEFjAUggkqLm9pb3guY26C B29pb3guY24wDQYJKoZIhvcNAQEMBQADggIBAGdRf30QaQQ764Qe7e/+qFX6gcQ2 nee8w4jKTLgcXL0un5Fb9lJi/cJtdsMDxvYyrFEhYIl3XosP2Kzl0DAwxYV2QcN0 g0EulOfU46v/rueWuLo/AwzSVdSwxPTLa+QI69cPgQk/skqRigv17zjdbRRVY7jm /+a9wGc8st0CNUtCgH4N03HcexIqbo7wquNUE19rvhFOTPMewID7P8NviitM76vS K3C7SNqnyeIAZ3ydOFamZ4ye68mEQCJ0LGaSlDme8tY3eA3vliziKeouv6itGbRS X2Ze8Twk/8PADC0sxIjPjrh47ngE+DNpEEDr6PH89hnvjEl3V0ZFV9dW1McAoq2Q RW4LyXeSXasYPKQU1ncTjDsymquX5r7OJ1SCnXUCuEFohoGWkZTWUFQBy3C8Xwuz AHzYxzsSPyKV19sJEUkSaFIEQH5dbMqGSnk60gE+bqDfRTZ2PL9WGp+by60HSbzo 3ehnUoyRkggmoD+SX8AAJLPuxkHFB/L68CL7knwWXzYcBYfj0yv+0T5HPhOofHud Fwv/h5loRN/1jeVwIblo9B+3KnNNDAxd5NTf1l80oZJgKqS6zoFJwKbE0X11Ved7 m35ZEcj4UwrgSFLE7Y9+to66In2N/QpvFPFclE9Xfwdd03YAmxS/biIul2xrkzBf E9Q19NWLnTA2YU52 -----END CERTIFICATE----- [Fri 15 Apr 2022 12:07:10 PM CST] Your cert is in: /root/.acme.sh/*.oiox.cn/*.oiox.cn.cer [Fri 15 Apr 2022 12:07:10 PM CST] Your cert key is in: /root/.acme.sh/*.oiox.cn/*.oiox.cn.key [Fri 15 Apr 2022 12:07:10 PM CST] The intermediate CA cert is in: /root/.acme.sh/*.oiox.cn/ca.cer [Fri 15 Apr 2022 12:07:10 PM CST] And the full chain certs is there: /root/.acme.sh/*.oiox.cn/fullchain.cer 查看已申请出来证书root@cby:~/.acme.sh# cd \*.oiox.cn root@cby:~/.acme.sh/*.oiox.cn# ll total 44 drwxr-xr-x 2 root root 4096 Jul 27 10:31 ./ drwx------ 7 root root 4096 Jul 27 10:28 ../ -rw-r--r-- 1 root root 4399 Jul 27 10:31 ca.cer -rw-r--r-- 1 root root 6684 Jul 27 10:31 fullchain.cer -rw-r--r-- 1 root root 2285 Jul 27 10:31 '*.oiox.cn.cer' -rw-r--r-- 1 root root 556 Jul 27 10:31 '*.oiox.cn.conf' -rw-r--r-- 1 root root 956 Jul 27 10:28 '*.oiox.cn.csr' -rw-r--r-- 1 root root 156 Jul 27 10:28 '*.oiox.cn.csr.conf' -rw------- 1 root root 1679 Jul 27 10:28 '*.oiox.cn.key' root@cby:~/.acme.sh/*.oiox.cn#Nginx部署证书示例： server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443; ssl_certificate /ssl/cert.pem; ssl_certificate_key /ssl/cert.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; server_name dns.oiox.cn; root /var/www/dns; index index.html; location / { try_files $uri $uri/ =404; } } # 转化证书 acme.sh --install-cert -d *.oiox.cn --key-file /ssl/cert.key --fullchain-file /ssl/cert.pem --reloadcmd "service nginx force-reload" [Wed 27 Jul 2022 10:34:41 AM CST] Installing key to: /ssl/cert.key [Wed 27 Jul 2022 10:34:41 AM CST] Installing full chain to: /ssl/cert.pem [Wed 27 Jul 2022 10:34:41 AM CST] Run reload cmd: service nginx force-reload [Wed 27 Jul 2022 10:34:41 AM CST] Reload success 证书更新目前通过 acme.sh 生成的证书会在60天过期安装 acme.sh 时会自动创建一个 cronjob，每天定期检查所有证书，如果证书需要更新会自动更新证书。# 1.手动更新 acme.sh --renew -d example.com --force # 2.自动更新 crontab -l 12 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null # 3.主程序自动更新 acme.sh --upgrade --auto-upgrade附录上面使用DNSPOD进行动态解析申请证书阿里云DNS申请 export Ali_Key="abcd" export Ali_Secret="xxxxxxxxxx" # RSA 证书 acme.sh --issue --dns dns_ali -d blog.exsvc.cn -d *.exsvc.cn # ECC 证书 acme.sh --issue --dns dns_ali -d blog.exsvc.cn -d *.exsvc.cn --keylength ec-256 腾讯云DNS申请 export DP_Id="abcd" export DP_Key="xxxxxxxxxx" ./acme.sh --issue --dns dns_dp -d *.oiox.cn -d oiox.cn CloudFlare申请 export CF_Key="763eac4f1bcebd8b5c95e9fc50d010b4" export CF_Email="alice@example.com" ./acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' 更多申请方式见：https://github.com/acmesh-official/acme.sh/wiki/dnsapi 关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
- 2022年04月15日
- 592 阅读
- 1 评论
- 0 点赞
2022-04-12
docker方式实现postgres数据持久化离线安装保存镜像root@hello:~# docker pull postgres Using default tag: latest latest: Pulling from library/postgres a2abf6c4d29d: Already exists e1769f49f910: Pull complete 33a59cfee47c: Pull complete 461b2090c345: Pull complete 8ed8ab6290ac: Pull complete 495e42c822a0: Pull complete 18e858c71c58: Pull complete 594792c80d5f: Pull complete 794976979956: Pull complete eb5e1a73c3ca: Pull complete 6d6360292cba: Pull complete 131e916e1a28: Pull complete 757a73507e2e: Pull complete Digest: sha256:f329d076a8806c0ce014ce5e554ca70f4ae9407a16bb03baa7fef287ee6371f1 Status: Downloaded newer image for postgres:latest docker.io/library/postgres:latest root@hello:~# root@hello:~# docker save > postgres.tar postgres:latest root@hello:~# ll postgres.tar -rw-r--r-- 1 root root 381950976 Mar 30 08:04 postgres.tar root@hello:~# 导入镜像root@hello:~# docker load -i postgres.tar 7ab4f6ae3ff7: Loading layer [==================================================>] 10.18MB/10.18MB db8b35906c8d: Loading layer [==================================================>] 340kB/340kB f9f2c722c092: Loading layer [==================================================>] 4.19MB/4.19MB 75be6af37d28: Loading layer [==================================================>] 25.7MB/25.7MB 15dd9dd29d12: Loading layer [==================================================>] 1.682MB/1.682MB 1d5d2439ed88: Loading layer [==================================================>] 2.048kB/2.048kB 920ba1e03a88: Loading layer [==================================================>] 6.656kB/6.656kB eb96dca5c689: Loading layer [==================================================>] 255.8MB/255.8MB 3acb2bfab7b0: Loading layer [==================================================>] 66.56kB/66.56kB 140aef27609a: Loading layer [==================================================>] 2.048kB/2.048kB c06253083edb: Loading layer [==================================================>] 3.584kB/3.584kB e7b07b473569: Loading layer [==================================================>] 15.36kB/15.36kB Loaded image: postgres:latest 启动容器root@hello:~# mkdir /data/postgres -p root@hello:~# docker run --name postgres -e POSTGRES_PASSWORD=thinker -p 5432:5432 -v /data/postgres:/var/lib/postgresql/data -d postgres ae30b561a607210d4cbb42f5cc344898341124feeb1a2e5fe68031ec1a46b5b4 root@hello:~# docker ps | grep postgres ae30b561a607 postgres "docker-entrypoint.s…" About a minute ago Up About a minute 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp postgres 访问测试root@hello:~# docker exec -it ae30b561a607 bash root@ae30b561a607:/# su postgres postgres@ae30b561a607:/$ psql psql (14.1 (Debian 14.1-1.pgdg110+1)) Type "help" for help. postgres-# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+------------+------------+----------------------- postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + | | | | | postgres=CTc/postgres (3 rows) postgres-# https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月12日
- 684 阅读
- 0 评论
- 0 点赞
2022-04-08
docker方式实现minio数据持久化离线安装保存镜像root@hello:~# docker pull minio/minio Using default tag: latest latest: Pulling from minio/minio d46336f50433: Pull complete be961ec68663: Pull complete 44173c602141: Pull complete a9809a6a679b: Pull complete df29d4a76971: Pull complete 2b5a8853d302: Pull complete 84f01ee8dfc1: Pull complete Digest: sha256:d786220feef7d8fe0239d41b5d74501dc824f6e7dd0e5a05749c502fff225bf3 Status: Downloaded newer image for minio/minio:latest docker.io/minio/minio:latest root@hello:~# root@hello:~# docker save > minio.tar minio/minio root@hello:~# ll minio.tar -rw-r--r-- 1 root root 415240704 Mar 30 07:03 minio.tar root@hello:~#导入镜像root@hello:~# docker load -i minio.tar 744c86b54390: Loading layer [==================================================>] 104.1MB/104.1MB 1323ffbff4dd: Loading layer [==================================================>] 20.48kB/20.48kB 9a5123a464dc: Loading layer [==================================================>] 3.584kB/3.584kB 9e9eecfbe95d: Loading layer [==================================================>] 3.584kB/3.584kB 6088fcbd6a76: Loading layer [==================================================>] 1.724MB/1.724MB 678ce496e457: Loading layer [==================================================>] 36.86kB/36.86kB 50f383b04a07: Loading layer [==================================================>] 309.3MB/309.3MB Loaded image: minio/minio:latest root@hello:~#创建目录root@hello:~# mkdir /data/config -p root@hello:~# mkdir /data/data -p root@hello:~#启动容器root@hello:~# docker run -itd -p 9000:9000 --name minio -p 9001:9001 -e "MINIO_ACCESS_KEY=minio" -e "MINIO_SECRET_KEY=minio@123" -v /data/data:/data -v /data/config:/root/.minio minio/minio server /data --address '0.0.0.0:9000' --console-address '0.0.0.0:9001' 5c69e875ce561ac311a85708594072eca8c1b4740773d83045f256d316efc06c root@hello:~# docker ps | grep minio 5c69e875ce56 minio/minio "/usr/bin/docker-ent…" 9 seconds ago Up 8 seconds 0.0.0.0:9000-9001->9000-9001/tcp, :::9000-9001->9000-9001/tcp minio root@hello:~#访问账号密码url：http://ip:9001/loginuser：miniopassword：minio@123https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月08日
- 529 阅读
- 1 评论
- 0 点赞
2022-04-06
docker方式实现redis数据持久化离线安装保存镜像root@hello:~# docker pull redis:latest latest: Pulling from library/redis a2abf6c4d29d: Already exists c7a4e4382001: Pull complete 4044b9ba67c9: Pull complete c8388a79482f: Pull complete 413c8bb60be2: Pull complete 1abfd3011519: Pull complete Digest: sha256:db485f2e245b5b3329fdc7eff4eb00f913e09d8feb9ca720788059fdc2ed8339 Status: Downloaded newer image for redis:latest docker.io/library/redis:latest root@hello:~# root@hello:~# docker save > redis.tar redis:latest root@hello:~# root@hello:~# ll redis.tar -rw-r--r-- 1 root root 116304384 Mar 30 07:30 redis.tar root@hello:~#导入镜像root@hello:~# docker load -i redis.tar 2edcec3590a4: Loading layer [==================================================>] 83.86MB/83.86MB 9b24afeb7c2f: Loading layer [==================================================>] 338.4kB/338.4kB 4b8e2801e0f9: Loading layer [==================================================>] 4.274MB/4.274MB 529cdb636f61: Loading layer [==================================================>] 27.8MB/27.8MB 9975392591f2: Loading layer [==================================================>] 2.048kB/2.048kB 8e5669d83291: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: redis:latest创建目录，修改配置root@hello:~# mkdir /data/redis -p root@hello:~# mkdir /data/redis/data -p root@hello:~# cp -p redis.conf /data/redis/ root@hello:~# vim /data/redis/redis.conf修改redis.conf配置文件：主要配置的如下： bind 127.0.0.1 #注释掉这部分，使redis可以外部访问 daemonize no#用守护线程的方式启动 requirepass thinekr #给redis设置密码 appendonly yes #redis持久化　　默认是no tcp-keepalive 300 #防止出现远程主机强迫关闭了一个现有的连接的错误默认是300 启动容器 root@hello:~# docker run -p 6379:6379 --name redis -v /data/redis/redis.conf:/etc/redis/redis.conf -v /data/redis/data:/data -d redis redis-server /etc/redis/redis.conf --appendonly yes a59d3137a3ade6ec05588e0895d2265aff0e81746ec1847553fef6bd4df59348 root@hello:~#测试root@hello:~# sudo docker logs redis 1:C 30 Mar 2022 07:36:59.712 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 1:C 30 Mar 2022 07:36:59.712 # Redis version=6.2.6, bits=64, commit=00000000, modified=0, pid=1, just started 1:C 30 Mar 2022 07:36:59.712 # Configuration loaded 1:M 30 Mar 2022 07:36:59.713 * monotonic clock: POSIX clock_gettime _._ _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 6.2.6 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | https://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' 1:M 30 Mar 2022 07:36:59.714 # Server initialized 1:M 30 Mar 2022 07:36:59.714 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1:M 30 Mar 2022 07:36:59.715 * Ready to accept connections root@hello:~# root@hello:~# redis-cli -h 3.7.191.194 -p 6379 3.7.191.194:6379> auth thinker OK 3.7.191.194:6379> ping PONG 3.7.191.194:6379>https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月06日
- 313 阅读
- 0 评论
- 1 点赞
2022-04-04
自编写二进制安装kubernetes脚本v2.0版本一键安装二进制安装Kubernetes（k8s） v2.0手动安装：https://github.com/cby-chen/Kubernetes脚本安装：https://github.com/cby-chen/Binary_installation_of_Kubernetes使用说明：该脚本示例需要十一台服务器，在十一台服务器中有一台是用于执行该脚本的，另外有八台k8s服务器，其他俩台作为lb负载均衡服务器。将其中服务器配置好静态IP，修改如下变量中的IP即可。同时查看服务器中的网卡名，并将其修改。执行脚本可使用bash -x 即可显示执行中详细信息。该脚本已适配centos7和centos8。脚本中hosts有俩处，记得修改。2022-03更新：现已支持centos7 和centos8 自动适配同时支持自定义k8s node节点结构.在变量中需要几台节点就写几台节点即可注意的是，新增节点，要在脚本中的hosts中也要修改不建议乱改。2022-04更新：更新kubernetes自主版本选择优化执行结构适配多版本修复BUG脚本中是需要在GitHub上下载软件包手动提前下载好 wget https://github.com/cby-chen/Kubernetes/releases/download/cby/Kubernetes.tar wget https://github.com/cby-chen/Kubernetes/releases/download/v1.23.4/kubernetes-v1.23.4.tar wget https://github.com/cby-chen/Kubernetes/releases/download/v1.23.5/kubernetes-v1.23.5.tar 下载脚本 wget https://www.oiox.cn/Binary_installation_of_Kubernetes.sh 修改参数 vim Binary_installation_of_Kubernetes.sh 如下： #每个节点的IP，以及vip export k8s_master01="192.168.1.61" export k8s_master02="192.168.1.61" export k8s_master03="192.168.1.63" export k8s_node01="192.168.1.64" export k8s_node02="192.168.1.65" export k8s_node03="192.168.1.66" export k8s_node04="192.168.1.67" export k8s_node05="192.168.1.68" export lb_01="192.168.1.57" export lb_02="192.168.1.58" export lb_vip="192.168.1.59" #物理网络ip地址段，注意反斜杠转译 export ip_segment="192.168.1.0\/24" #k8s自定义域名 export domain="x.oiox.cn" #服务器网卡名 export eth="ens18" 修改hosts（有俩处） cat > /etc/hosts <<EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 $k8s_master01 k8s-master01 $k8s_master02 k8s-master02 $k8s_master03 k8s-master03 $k8s_node01 k8s-node01 $k8s_node02 k8s-node02 $k8s_node03 k8s-node03 $k8s_node04 k8s-node04 $k8s_node05 k8s-node05 $lb_01 lb01 $lb_02 lb02 $lb_vip lb-vip EOF 执行脚本 bash -x Binary_installation_of_Kubernetes.sh dashboard 查看端口号 kubectl get svc kubernetes-dashboard -n kubernetes-dashboard 查看token kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月04日
- 347 阅读
- 0 评论
- 0 点赞