springboot+docker离线部署

简介：本部署适用：本地测试环境部署，存在本地服务器，内网开发，部署采用私有容器和本地打包自动上传的方式

云服务器建议直接使用jenkins自动化部署，可以一键式操作

后续打包只需要关注

后端 [推送项目并启动项目容器](#推送项目并启动项目容器) 步骤 123467
1.修改端口号为动态并maven打包
2.测试机拉取最新镜像
3.运行容器
4.重启nginx容器
前端 [前端项目部署](#前端项目部署)
后端 [推送项目并启动项目容器](#推送项目并启动项目容器) 步骤 123467
1.修改端口号为动态并maven打包
2.测试机拉取最新镜像
3.运行容器
4.重启nginx容器
前端 [前端项目部署](#前端项目部署)
1.解压前端项目到webapps,包名为dist

环境配置

系统

• 操作系统：centos7
• 操作所需基本软件：

openssl: 生成自签名证书，用于测试环境，防止推送代码https请求失败
unzip: 解压各种软件包和zip文件
htpasswd: 基本认证文件，用于对文件添加用户认证 
python3-pip3: 7版本用的pip可能有些无法下载（需要设置两者共存-软链接方式）

• 更新

yum -y update
下载软件
yum install -y httpd

安装docker

1. 删除旧版本—如果以前安装过

• yum remove docker docker-common docker-selinux docker-engine

1. 安装需要的包

• yum install -y yum-utils device-mapper-persistent-data lvm2

1. 设置yum源(后续版本可能失效，需要去相应的仓库获取id)

• （中央仓库）
  yum-config-manager —add-repo http://download.docker.com/linux/centos/docker-ce.repo
• （阿里仓库）
  yum-config-manager —add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1. 查看docker版本—现在使用的是docker-ce，docker已经未更新

• yum list docker-ce —showduplicates | sort -r

1. 安装最新版本或者选择一个版本

• yum -y install docker-ce
• yum -y install docker-ce-18.03.1.ce

1. 启动docker设置开机自启

• systemctl start docker
• systemctl enable docker

搭建docker-registry—仅用于当前测试，后续移交harbor

前期准备

配置，阿里云镜像和信任私有仓库

• 阿里云镜像配置

# vim /etc/docker/daemon.json 
{
    "insecure-registries": ["192.168.9.154:2112"],  # 私有仓库ip:端口  多个以,隔开
    "registry-mirrors": [  # docker国内镜像
        "http://hub-mirror.c.163.com",
        "https://docker.mirrors.ustc.edu.cn",
        # vim /etc/docker/daemon.json 
{
    "insecure-registries": ["192.168.9.154:2112"],  # 私有仓库ip:端口  多个以,隔开
    "registry-mirrors": [  # docker国内镜像
        "http://hub-mirror.c.163.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://registry.docker-cn.com"
    ]
}

• 拉取registry

docker pull registry

• docker重新加载配置信息并重启

    # 重新加载某个服务的配置文件
sudo systemctl daemon-reload
    # 重新启动 docker
sudo systemctl restart docker

信任私有仓库并配置认证

私有镜像仓库是部署在本地，要确保私有仓库的安全性，需要一个安全认证证书，防止发生意想不到的事情。所有需要在搭建私有仓库的Docker主机上先生成自签名证书

• 创建自签名证书存储目录

mkdir -p /usr/local/registry/certs

• 生成自签名证书命令

openssl req：创建证书签名请求等功能；
-newkey： 创建 CSR 证书签名文件和 RSA 私钥文件；
rsa:2048：指定创建的 RSA 私钥长度为 2048；
-nodes：对私钥不进行加密；
-sha256：使用 SHA256 算法；
-keyout：创建的私钥文件名称及位置；
-x509：自签发证书格式；
-days：证书有效期；
-out：指定 CSR 输出文件名称及位置；

》》openssl req -newkey rsa:2048 -nodes -sha256 -keyout /usr/local/registry/certs/domain.key -x509 -days 365 -out /usr/local/registry/certs/domain.crt
Generating a 2048 bit RSA private key
..............+++
............................+++
writing new private key to '/usr/local/registry/certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:国家
State or Province Name (full name) []:SC 省
Locality Name (eg, city) [Default City]:CD 城市 
Organization Name (eg, company) [Default Company Ltd]:机构名称
Organizational Unit Name (eg, section) []:组织单位名称
Common Name (eg, your name or your server's hostname) []:xx.96.104.xxx  hostname域名（此处为主机ip）
Email Address []:xxxxx@163.com

• 生成鉴权密码文件

htpasswd 是 apache http 的基本认证文件，使用 htpasswd 命令可以生成用户及密码文件

# 创建存储鉴权密码文件目录
mkdir -p /usr/local/registry/auth
# 如果没有 htpasswd 功能需要安装 httpd
yum install -y httpd
# 创建用户和密码
htpasswd -Bbn root 123456 > /usr/local/registry/auth/htpasswd

私有仓库创建与操作

创建

-d：后台运行容器；
--name：为创建的容器命名；
-p：表示端口映射，前者是宿主机端口，后者是容器内的映射端口。可以使用多个 -p 做多个端口映射；
-v：将容器内 /var/lib/registry 目录下的数据挂载至宿主机 /mydata/docker_registry 目录下

docker run -di --name registry -p 2112:5000 -v /mydata/docker_registry:/var/lib/registry  -v /usr/local/registry/certs:/certs  -v /usr/local/registry/auth:/auth  -e "REGISTRY_AUTH=htpasswd"  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry

操作 （需要登陆后才可以操作）

• 登陆

[root ~]# docker login xx.96.194.xx:2112
Username: root
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

• 推送镜像到私有仓库—有些基本环境如jdk8等需要提前准备

先给镜像设置标签 docker tag local-image:tagname new-repo:tagname
docker tag jdk8:latest xx.96.194.xx:2112/hhyunerp_software/jdk8:latest
再将镜像推送至私有仓库 docker push xx.96.194.xx:先给镜像设置标签 docker tag local-image:tagname new-repo:tagname
docker tag jdk8:latest xx.96.194.xx:2112/hhyunerp_software/jdk8:latest
再将镜像推送至私有仓库 docker push xx.96.194.xx:2112/hhyunerp_software/jdk8:latest

• 查看私有仓库镜像（此处做了目录挂载，可以直接文件看，也可链接看）

文件：ll /mydata/docker_registry/docker/registry/v2/repositories/
链接： https://192.168.9.154:2112文件：ll /mydata/docker_registry/docker/registry/v2/repositories/
链接： https://192.168.9.154:2112/v2/_catalog

• 推出账号

docker logout xx.96.docker logout xx.96.194.xx

后端项目测试搭建(集群模式)

暂时以docker搭建，后续迁移到kubesphere,直接一键部署

redis配置

直接下载安装包进行安装，容器操作后续在kubesphere中进行

推送项目并启动项目容器

1.修改application.yml -- 将地址修改为动态 --启动容器时指定端口
port:8080  -----  port:${docker.port}
2.打包： 直接maven 中 clean package打包即可，采用jib直接推送到私有仓库中
3.查看私有仓库镜像是否增加一个新的以当前时间戳为准的tags
https://192.168.9.154:2112/v2/hhyunerp_java/tags/list
4.docker拉取最新的镜像tags
docker pull hhyunerp_java
5. 创建网桥--便于容器通信
docker network create —driver bridge nginx_bridge
6. 部署--分两次，端口号分别指定 8090 8091  配置乱码问题、日志映射本地等

docker run -di --name hhyunerp_java_8090 --network nginx_bridge -e "docker.port=8090" -e LANG=en_US.UTF-8 -e LANGUAGE=en_US:en -e LC_ALL=en_US.UTF-8 -p 8090:8090 -v /mydata/hhyunerp_java_logs/logs_1:/logs 192.168.9.154:2112/hhyunerp_java:latest
docker run -di --name hhyunerp_java_8091 --network nginx_bridge -e "docker.port=8091" -e LANG=en_US.UTF-8 -e LANGUAGE=en_US:en -e LC_ALL=en_US.UTF-8 -p 8091:8091 -v /mydata/hhyunerp_java_logs/logs_2:/logs 192.168.9.154:2112/hhyunerp_java:latest

7. 查看是否成功部署
docker ps -a

nginx负载均衡

nginx下载与安装

1. docker 安装 nginx

docker pull nginx

1. 在主机上创建nginx的配置文件

    mkdir /mydata/nginx/conf
    cd /mydata/nginx/conf
    vi nginx.    mkdir /mydata/nginx/conf
    cd /mydata/nginx/conf
    vi nginx.conf
注意：server需要与容器项目名一致

nginx.conf

events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    upstream dispense {
        server hhyunerp_java_8090:8090 weight=1;
        server hhyunerp_java_8091:8091 weight=2;
    }
    server {
        listen       8080;
        server_name  localhost;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
            proxy_pass   http://dispense;
            index  index.html index.htm;   
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    upstream dispense {
        server hhyunerp_java_8090:8090 weight=1;
        server hhyunerp_java_8091:8091 weight=2;
    }
    server {
        listen       8080;
        server_name  localhost;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
            proxy_pass   http://dispense;
            index  index.html index.htm;   
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

运行docker:nginx镜像-并加载本地配置

docker run --name=hhyunerp_java_nginx  -p 8080:8080 --network nginx_bridge --env hhyunerp_java_8090=hhyunerp_java_8090 --env docker run --name=hhyunerp_java_nginx  -p 8080:8080 --network nginx_bridge --env hhyunerp_java_8090=hhyunerp_java_8090 --env hhyunerp_java_8091=hhyunerp_java_8091 -v /mydata/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -d nginx:latest

查看三个容器是否都成功启动

docker ps -a

使用请求 : 192.168.9.154:8080即可测试负载均衡是否成功

前端项目测试搭建(单体模式)

暂时以tomcat搭建，后续迁移到kubesphere,直接一键部署

安装tomcat

• 下载tomcat8正式版本并解压安装

mkdir /mydata/tomcat
ce /mydata/tomcat
tar -zxvf apache-tomcat-8.5.mkdir /mydata/tomcat
ce /mydata/tomcat
tar -zxvf apache-tomcat-8.5.84.gz  

• 进入解压后文件夹进行配置访问端口和路径

vi /conf/server.xml

• 修改访问端口

Connector port="3000" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
Connector executor="tomcatThreadPool"
               port="3000" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort=Connector port="3000" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
Connector executor="tomcatThreadPool"
               port="3000" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

• 修改webapps项目路径

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">;
下面加这一行，后续前端项目放在/webapps/dist中
<Context path="" docBase=<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">;
下面加这一行，后续前端项目放在/webapps/dist中
<Context path="" docBase="dist">;

前端项目部署

1.本地打包压缩后上传到服务器
    1.1 修改asset/js/config.js vango.api_base = "http://192.168.9.154:8080/hhyunerp";
    1.2 修改login.js ajax其中一个的登陆接口
2.解压到/mydata/tomcat/apache-tomcat-8.5.84/webapps/dist/  index.html所在位置需时在dist文件夹下
unzip ~/dist.zip
3.重启tomcat
systemctl restart tomcat.service

设置开机自启动

tomcat

1. 创建/usr/lib/systemd/system添加tomcat.service文件

[Unit]
Description=Tomcat
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/mydata/tomcat/apache-tomcat-8.5.84/bin/startup.sh
ExecStop=/mydata/tomcat/apache-tomcat-8.5.84/bin/shutdown.sh
PrivateTmp=true

[Install]
WantedBy=multi-user.target


2.重新加载配置
systemctl daemon-reload

3.把tomcat加入开机自启动
systemctl enable tomcat.service

4.查看状态
systemctl status tomcat.service

5.启动和停止服务
systemctl start/stop tomcat.service

定期清理私有仓库

进入本地映射仓库，直接删除tags文件即可清理所有的上传打包文件，或者删除最老的几个文件即可
删除以前不用拉取下来的镜像
先停止与该镜像有关的服务，再进行删除
docker rmi 镜像ID