最新的帖子

安装Docker,Docker-Compose,Portainer& Nginx on CentOS8

此帖子是总结新CentOS8的所有安装步骤,并安装Docker和Docker-Compose和Portainer。 Nginx也将安装和配置为具有CloudFlare管理的自定义域的Portainer的反向代理。 Cert-Bot将安装在Nginx上,为Portainer启用HTTPS's web interface. 

这些步骤与CentOS7和其他基于Debian的释放相同。



系统更新

检查系统公共IP:

[[电子邮件 protected] ~]# curl //ip.fabiandinkins.com/api
132.145.100.226
更新系统最新:

 [[电子邮件 protected] ~]# yum upgrade -y && yum update -y

安装NodeQuery Monitor Agent


将新服务器添加到NodeQuery帐户中,或选择重新安装以获取代理安装的代码。


[[电子邮件 protected] ~]# wget -N --no-check-certificate //raw.github.com/nodequery/nq-agent/master/nq-install.sh && bash nq-install.sh Zb8Ge0oBFXvx24SM6YgfpH


交换尺寸变化

基于您的VPS'■默认配置可能需要提高交换大小。它将大大增加您的服务'对于那些小记忆VPS的稳定能力(小于2GB)。



[[电子邮件 protected] ~]# free
              total        used        free      shared  buff/cache   available
Mem:         823684      258292      120892        1904      444500      553072
Swap:       8388604        8532     8380072


检查帖子"更改交换大小以提高低内存云VM可靠性 "如何更改交换大小。

基本命令:
wget //raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh

安装Docker和Docker Compose

Docker.:

curl -sSL //get.docker.com/ | sh 
systemctl start docker 
systemctl enable docker

Docker. compose:
重要的:检查最新版本的Docker-Compose//docs.docker.com/compose/release-notes/然后使用最新版本号修改以下命令。 (我有1.29.2的安装)


curl -L "//get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
检查版本:

[[电子邮件 protected] ~]# /usr/local/bin/docker-compose version
docker-compose version 1.29.2, build 5becea4c
docker-py version: 5.0.0
CPython version: 3.7.10
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

[[电子邮件 protected] ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.6
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        370c289
 Built:             Fri Apr  9 22:44:36 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.6
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8728dd2
  Built:            Fri Apr  9 22:43:02 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.4
  GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc:
  Version:          1.0.0-rc93
  GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdec
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
[[电子邮件 protected] ~]#




安装portainer.

请确保您的vps'S的防火墙端口80,443和9000已打开。我们以后可以在9000岁以下。

[[电子邮件 protected] ~]# docker volume create portainer_data
portainer_data
[[电子邮件 protected] ~]# docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Unable to find image 'portainer/portainer-ce:latest' locally
latest: Pulling from portainer/portainer-ce
94cfa856b2b1: Pull complete
49d59ee0881a: Pull complete
f220caeff793: Pull complete
Digest: sha256:67e3edef02ba465d18663cd273cc24ec2764b27686ea5afbe8f392317a70ed72
Status: Downloaded newer image for portainer/portainer-ce:latest
d0ff883b063156b5929a8999593d38837501e6c16ffcefcbefb221ebe0301a32
[[电子邮件 protected] ~]#

访问http://验证Portainer:9000.




使用portainer安装nginx


来自Portainer门户,单击“应用模板”菜单,然后选择NGINX模板进行部署:


确保将端口80和端口443映射放置如下所示:



现在,您应该从http://获取您的ngix页面




将nginx配置为反向代理


在本节中,nginx将被配置为反向代理,可将端口80和443上的Portainer1.51sec.eu.org重定向到代理Docker网站Portainer的所有流量。从portainer门户或命令连接到nginx控制台:Docker. Exec-it nginx bin / bash

[电子邮件 protected]:/# apt update -y && apt install nano -y
nano /etc/nginx/conf.d/portainer.conf.conf.conf.


server {
    listen       80;
    server_name  portainer1.51sec.eu.org;

location / {
    proxy_pass       http://172.31.23.170:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}



[电子邮件 protected]:/# apt update -y && apt install nano -y

Visit http://portainer1.51sec.eu.org through Google Incognito window to verify the access and configuration. 

为nginx启用https

从portainer门户或命令连接到nginx控制台:Docker. Exec-it nginx bin / bash


apt update
apt install certbot python-certbot-nginx
certbot --nginx


[电子邮件 protected]:/# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [电子邮件 protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
//letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
//acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: portainer1.51sec.eu.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for portainer1.51sec.eu.org
2021/05/24 19:49:48 [notice] 1330#1330: signal process started
Waiting for verification...
Cleaning up challenges
2021/05/24 19:49:53 [notice] 1332#1332: signal process started
Deploying Certificate to VirtualHost /etc/nginx/conf.d/portainer.conf
2021/05/24 19:49:56 [notice] 1334#1334: signal process started

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled //portainer1.51sec.eu.org

You should test your configuration at:
//www.ssllabs.com/ssltest/analyze.html?d=portainer1.51sec.eu.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/portainer1.51sec.eu.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/portainer1.51sec.eu.org/privkey.pem
   Your cert will expire on 2021-08-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   //letsencrypt.org/donate
   Donating to EFF:                    //eff.org/donate-le

[电子邮件 protected]:/# 

在此步骤之后,HTTP和HTTPS都应为您的Portainer站点工作。



自定义桥网络


创建一个新的桥接网络,将您的容器加入同一网络。通过这种方式,他们可以直接通过他们的名字访问它。





获取Docker容器加入新创建的桥接网络。

通过这种方式,我们可以直接使用容器'互相访问的名称。在此之后,我们可以关闭防火墙's port 9000. 




[电子邮件 protected]:/# ping portainer
PING portainer (172.20.20.3) 56(84) bytes of data.
64 bytes from portainer.mybridge (172.20.20.3): icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from portainer.mybridge (172.20.20.3): icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from portainer.mybridge (172.20.20.3): icmp_seq=3 ttl=64 time=0.081 ms
64 bytes from portainer.mybridge (172.20.20.3): icmp_seq=4 ttl=64 time=0.079 ms
^C
--- portainer ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 53ms
rtt min/avg/max/mdev = 0.079/0.086/0.104/0.010 ms
[电子邮件 protected]:/# 


nano /etc/nginx/conf.d/portainer.conf.conf.conf.

server {
    listen       80;
    server_name  portainer1.51sec.eu.org;

location / {
    proxy_pass       http://portainer:6080;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}


在容器中安装网络实用程序

大多数时候,Docker图像不包括以下网络实用程序,可以帮助您对网络连接进行故障排除,例如ping,ifconfig,tracert,telnet等您可能想要为自己安装它们。



[电子邮件 protected]:/# cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="//www.debian.org/"
SUPPORT_URL="//www.debian.org/support"
BUG_REPORT_URL="//bugs.debian.org/"
[电子邮件 protected]:/# 



[电子邮件 protected]:/#apt-get更新
[电子邮件 protected]:/#apt-get安装iputils-ping
[电子邮件 protected]:/#apt-get安装telnet
[电子邮件 protected]:/#apt-get安装traceroute
[电子邮件 protected]:/#apt-get安装net-tools

注意:Net-Tools将包括Ifconfig / netstat命令













暂无评论