From 1db571318303886df9cabf9790583d796189b312 Mon Sep 17 00:00:00 2001 From: TsMask <340112800@qq.com> Date: Fri, 1 Nov 2024 20:53:37 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0=E4=B8=BAubuntu22.04?= =?UTF-8?q?=E7=89=88=E6=9C=AC=E5=AE=B9=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker/Dockerfile | 53 +++++++++------ docker/README.md | 4 +- docker/omc/machine.ini | 1 + docker/omc/nginx/nginx.conf | 129 ++++++++++++++---------------------- docker/omc/omc.yaml | 2 +- 5 files changed, 86 insertions(+), 103 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 27cfd9a..062f52d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -23,20 +23,29 @@ COPY ./omc_api/docker/omc /docker ## 第二阶段 ====> Go打包编译输出后端程序 -FROM golang:1.22-alpine AS build-golang +FROM ubuntu:22.04 AS build-golang # 从上个阶段复制过来的文件 COPY --from=build-node /web/dist /frontend COPY --from=build-node /api /backend COPY --from=build-node /docker /docker -ARG VERSION +# 安装 Go 和其他依赖 +RUN apt-get update && \ + apt-get install -y build-essential libpcap-dev curl \ + && curl -OL https://dl.google.com/go/go1.22.5.linux-amd64.tar.gz \ + && tar -C /usr/local -xzf go1.22.5.linux-amd64.tar.gz \ + && rm go1.22.5.linux-amd64.tar.gz \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# 设置 Go 环境变量 +ENV PATH="/usr/local/go/bin:${PATH}" ENV CGO_ENABLED 1 ENV GOOS linux ENV GOPROXY https://goproxy.cn,direct -## 安装打包必要依赖 -RUN apk add gcc musl-dev libpcap-dev +ARG VERSION RUN cd /backend && go mod download RUN cd /backend/restagent && go build -o omc -v -ldflags "-s -w \ -X 'be.ems/lib/global.Version=${VERSION}' \ @@ -44,18 +53,23 @@ RUN cd /backend/restagent && go build -o omc -v -ldflags "-s -w \ -X 'be.ems/lib/global.GoVer=`go version`'" ## 第三阶段 ====> 构建前后端融合镜像 -FROM alpine:3.20 +FROM ubuntu:22.04 -## 安装时区工具 -RUN apk add --no-cache tzdata nginx libpcap-dev openssh && \ - ssh-keygen -A && \ - adduser -D omcuser && \ - echo 'omcuser:password' | chpasswd && \ - mkdir -p /home/omcuser/.ssh && \ - chmod 700 /home/omcuser/.ssh && \ - touch /home/omcuser/.ssh/authorized_keys && \ - chmod 600 /home/omcuser/.ssh/authorized_keys && \ - chown -R omcuser:omcuser /home/omcuser/.ssh +# 安装必要的软件包 +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata \ + iputils-ping libpcap-dev \ + nginx openssh-server \ + && ssh-keygen -A \ + && adduser --disabled-password --gecos "" omcuser \ + && echo 'omcuser:password' | chpasswd \ + && mkdir -p /home/omcuser/.ssh \ + && chmod 700 /home/omcuser/.ssh \ + && touch /home/omcuser/.ssh/authorized_keys \ + && chmod 600 /home/omcuser/.ssh/authorized_keys \ + && chown -R omcuser:omcuser /home/omcuser/.ssh \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* # 设置时区和语言环境 ENV TZ="Asia/Shanghai" @@ -63,9 +77,9 @@ ENV LANG="en_US.UTF-8" ENV APPENV="prod" WORKDIR /usr/local/etc/omc -COPY --from=build-golang /frontend ./frontend +COPY --from=build-golang /frontend /usr/local/bin/web COPY --from=build-golang /backend/restagent/omc /usr/local/bin/omc -COPY --from=build-golang /docker/etc/omc.yaml ./omc.yaml +COPY --from=build-golang /docker/omc.yaml ./omc.yaml COPY --from=build-golang /docker/static ./static COPY --from=build-golang /docker/logs /var/log/omc COPY --from=build-golang /docker/nginx/cert /etc/nginx/cert @@ -73,10 +87,9 @@ COPY --from=build-golang /docker/nginx/nginx.conf /etc/nginx/nginx.conf EXPOSE 33030 33033 33040 33060 80 22 -CMD ["/usr/sbin/sshd -D &", ";", "nginx", ";", "/usr/local/bin/omc", "--env", "${APPENV}", "-c", "/usr/local/etc/omc/omc.yaml"] -# CMD ["/usr/sbin/sshd", "-D", "&", ";", "nginx", ";", "/usr/local/bin/omc", "--env", "${APPENV}", "-c", "/usr/local/etc/omc/omc.yaml"] +CMD ["/bin/sh", "-c", "service ssh start && service nginx start && /usr/local/bin/omc --env ${APPENV} -c /usr/local/etc/omc/omc.yaml"] # 构建 # docker build --build-arg VERSION=241101 -t omc:2.241101 . # docker run -it omc:2.241101 sh -# /usr/sbin/sshd -D & ; nginx ; /usr/local/bin/omc --env prod -c /usr/local/etc/omc/omc.yaml +# service ssh start && service nginx start && /usr/local/bin/omc --env prod -c /usr/local/etc/omc/omc.yaml diff --git a/docker/README.md b/docker/README.md index 3840b6f..ea0bda5 100644 --- a/docker/README.md +++ b/docker/README.md @@ -56,7 +56,7 @@ docker run -d \ -v /home/manager/probject/omc_api/docker/omc/nginx/cert:/etc/nginx/cert \ -v /home/manager/probject/omc_api/docker/omc/nginx/nginx.conf:/etc/nginx/nginx.conf \ -e TZ="Asia/Shanghai" \ --e APPENV="local" \ +-e APPENV="prod" \ -m 512M \ --name omc2.241101 \ omc:2.241101 @@ -79,6 +79,6 @@ docker run -it omc:xxx sh docker exec -it omc:xxx sh -/usr/sbin/sshd -D && nginx -c /etc/nginx/nginx.conf && /usr/local/bin/omc --env prod -c /usr/local/etc/omc/omc.yaml +service ssh start && service nginx start && /usr/local/bin/omc --env prod -c /usr/local/etc/omc/omc.yaml ``` diff --git a/docker/omc/machine.ini b/docker/omc/machine.ini index e69de29..5a42b1e 100644 --- a/docker/omc/machine.ini +++ b/docker/omc/machine.ini @@ -0,0 +1 @@ +aNHIGgEM8peJlhuQr1jjoTww/bap9p8cdnEpbPlX0LvvYDLw1X6tqNxeN0QyGdSQHRkpiS7jw2eFiuWsB7sPewohAq2nZgqyYcbg88pjViM72CkCrv0mQ+Ia0ir/FN5zjG0KCy7Dju6Rr7uENqdNVA== \ No newline at end of file diff --git a/docker/omc/nginx/nginx.conf b/docker/omc/nginx/nginx.conf index a95dca8..6061310 100644 --- a/docker/omc/nginx/nginx.conf +++ b/docker/omc/nginx/nginx.conf @@ -1,95 +1,64 @@ -# /etc/nginx/nginx.conf - -user nginx; -pid /var/run/nginx.pid; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /var/log/omc/nginx/error.log warn; +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} + worker_connections 1024; + # multi_accept on; +} http { - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; + ## + # Basic Settings + ## - # Don't tell nginx version to the clients. Default is 'on'. + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; server_tokens off; - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. Default is '1m'. - client_max_body_size 1024m; + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). Default is off. - sendfile on; + include /etc/nginx/mime.types; + default_type application/octet-stream; - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. Default is 'off'. - tcp_nopush on; + ## + # SSL Settings + ## - # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. - # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/cert/dhparams.pem; - # Specifies that our cipher suits should be preferred over client ciphers. - # Default is 'off'. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 8000 sessions. - # Default is 'none'. - ssl_session_cache shared:SSL:2m; - - # Specifies a time during which a client may reuse the session parameters. - # Default is '5m'. - ssl_session_timeout 1h; - - # Disable TLS session tickets (they are insecure). Default is 'on'. - ssl_session_tickets off; - - # Helper variable for proxying websockets. - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - # Specifies the main log format. + ## + # Logging Settings + ## log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Sets the path, format, and configuration for a buffered log write. - access_log /var/log/omc/nginx/access.log main; + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log; - keepalive_timeout 65; + ## + # Gzip Settings + ## - # Enable gzipping of responses. gzip on; - gzip_static on; - gzip_buffers 4 16k; - gzip_http_version 1.1; - gzip_comp_level 5; - gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; - # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + keepalive_timeout 65; + client_max_body_size 1024m; server { listen 80; @@ -103,18 +72,19 @@ http { #access_log /var/log/nginx/host.access.log main; - # ssl_certificate /usr/share/nginx/cert/www.x.cn_chain.crt; - # ssl_certificate_key /usr/share/nginx/cert/www.x.cn.key; + # ssl_certificate /etc/nginx/cert/www.x.cn_chain.crt; + # ssl_certificate_key /etc/nginx/cert/www.x.cn.key; # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # ssl_session_timeout 5m; # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # ssl_prefer_server_ciphers on; - # ssl_dhparam /usr/share/nginx/cert/dhparams.pem; + # ssl_dhparam /etc/nginx/cert/dhparams.pem; # OMC location / { - root /usr/local/etc/omc/frontend; + root /usr/local/bin/web; + #root /usr/local/etc/omc/frontend; try_files $uri $uri/ /index.html; index index.html index.htm; @@ -163,5 +133,4 @@ http { root /usr/local/etc/omc/frontend; } } - } diff --git a/docker/omc/omc.yaml b/docker/omc/omc.yaml index e780eba..22b3b85 100644 --- a/docker/omc/omc.yaml +++ b/docker/omc/omc.yaml @@ -3,7 +3,7 @@ # duration: rotation time with xx hours, example: 1/12/24 hours # count: rotation count of log, default is 30 rotation logger: - file: "/var/log/omc/restagent.log" + file: "/var/log/restagent.log" level: debug duration: 24 count: 2