1. docker + nginx

docker pull nginx
docker run --name nginx --rm -p 80:80 -d nginx
docker stop nginx
docker exec nginx whereis nginx
docker exec nginx ls /etc/nginx
docker cp nginx:/etc/nginx/nginx.conf ~/nginx
yum install -y tree
docker exec nginx ls /etc/nginx/conf.d
docker cp nginx:/etc/nginx/conf.d ~/nginx/conf.d
docker run --name nginx -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx
docker stop nginx
docker run --name nginx --rm -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    nginx
curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo
yum install -y certbot
pip install --upgrade --force-reinstall 'requests==2.6.0' urllib3
certbot certonly -d *.snowdreams1006.cn -d snowdreams1006.cn --manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory
Please deploy a DNS TXT record under the name
_acme-challenge.snowdreams1006.cn with the following value:

2_F8ljNNjU_P6_fUVpaaB0A3QprSIiA4ODWvd77HFnQ

Before continuing, verify the record is deployed.
Please deploy a DNS TXT record under the name
_acme-challenge.snowdreams1006.cn with the following value:

Lwb2Ef3Fch7YFyG7iWDTRanoP3AyuUiYYgIIckCzGcQ

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
find / -type f -name ".certbot.lock" -exec rm {} \;
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem
   Your cert will expire on 2020-02-27. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
[root@snowdreams1006 nginx]# tree /etc/letsencrypt
/etc/letsencrypt
├── accounts
│   └── acme-v02.api.letsencrypt.org
│       └── directory
│           └── 4a7ed3e412c035edcf077438d642b1e7
│               ├── meta.json
│               ├── private_key.json
│               └── regr.json
├── archive
│   └── snowdreams1006.cn
│       ├── cert1.pem
│       ├── chain1.pem
│       ├── fullchain1.pem
│       └── privkey1.pem
├── csr
│   ├── 0000_csr-certbot.pem
│   └── 0001_csr-certbot.pem
├── keys
│   ├── 0000_key-certbot.pem
│   └── 0001_key-certbot.pem
├── live
│   ├── README
│   └── snowdreams1006.cn
│       ├── cert.pem -> ../../archive/snowdreams1006.cn/cert1.pem
│       ├── chain.pem -> ../../archive/snowdreams1006.cn/chain1.pem
│       ├── fullchain.pem -> ../../archive/snowdreams1006.cn/fullchain1.pem
│       ├── privkey.pem -> ../../archive/snowdreams1006.cn/privkey1.pem
│       └── README
├── renewal
│   └── snowdreams1006.cn.conf
└── renewal-hooks
    ├── deploy
    ├── post
    └── pre

15 directories, 18 files
crontab -e
00 01 01 * * sudo /usr/bin/certbot renew --quiet && sudo docker restart nginx
server {
    listen       80;
    server_name  snowdreams1006.cn www.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  snowdreams1006.cn www.snowdreams1006.cn;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
docker run --name nginx --rm -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx

1.1. bark

docker run --name bark -dt -p 8888:8080 --restart=always \
    -v ~/bark/data:/data \
    finab/bark-server
curl http://0.0.0.0:8888/ping
server {
    listen       80;
    server_name  bark.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  bark.snowdreams1006.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  location / {
      proxy_pass http://172.16.166.99:8888;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}
docker restart nginx
curl https://bark.snowdreams1006.cn/ping

1.2. webhook

docker pull hongkongkiwi/webhook
docker run -d -p 9000:9000 --name=webhook --restart=always \
    -v ~/webhook:/etc/webhook \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/bin/docker:/usr/bin/docker \
  hongkongkiwi/webhook -verbose -hooks=/etc/webhook/hooks.json -hotreload
[
  {
    "id": "query",
    "execute-command": "/etc/webhook/query.sh",
    "command-working-directory": "/etc/webhook",
    "response-message": "webhook.snowdreams1006.cn received successfully!"
  }
]

hooks.json

#! /bin/sh

curl -i -X GET \
 "https://sc.ftqq.com/SCU67099T95840f46f3bad01fae1c893c968be0e25dd94acd8217a.send?text=%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8F%88%E5%8F%91%E6%9D%A5%E6%96%B0%E6%B6%88%E6%81%AF%E5%95%A6!&desp=%E6%AC%A2%E8%BF%8E%E8%AE%BF%E9%97%AE%5B%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99%5D(https%3A%2F%2Fblob.snowdreams1006.cn%3FtokenId%3D$(uuidgen))%2C%E8%AF%B7%E5%85%B3%E6%B3%A8%E5%BE%AE%E4%BF%A1%E5%85%AC%E4%BC%97%E5%8F%B7%3A%E3%80%8C+%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99+%E3%80%8D+!%5Bwechat%3Asnowdreams1006%5D(https%3A%2F%2Fsnowdreams1006.github.io%2Fsnowdreams1006-wechat-public.jpeg)"

query.sh

chmod +x query.sh
curl http://0.0.0.0:9000/hooks/query
curl https://webhook.snowdreams1006.cn/hooks/query
server {
    listen       80;
    server_name  webhook.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  webhook.snowdreams1006.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  location / {
      proxy_pass http://172.16.166.99:9000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}
docker restart nginx
curl https://webhook.snowdreams1006.cn/hooks/query

1.3. blog

docker exec nginx whereis nginx
docker exec nginx ls /usr/share/nginx/html
docker cp nginx:/usr/share/nginx/html/index.html ~/blog
docker run --name blog -d -p 4000:80 --restart=always -v ~/blog:/usr/share/nginx/html nginx
server {
    listen       80;
    server_name  blog.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  blog.snowdreams1006.cn;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location / {
      proxy_pass http://172.16.166.99:4000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
}
docker restart nginx
curl https://blog.snowdreams1006.cn
name: blog

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - uses: actions/setup-node@v1
      with:
        node-version: "12.x"
    - name: Build blog
      run: |
        npm install -g gitbook-cli
        gitbook install
        gitbook build 
    - name: Upload blog
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        KEY: ${{ secrets.KEY }}
      with:
        source: _book/*
        target: ~/blog
        rm: true
        strip_components: 1
    - name: Deploy blog
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        script: |
          docker restart blog
curl https://blog.snowdreams1006.cn
server {
    listen       80;
    server_name  snowdreams1006.cn www.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  snowdreams1006.cn www.snowdreams1006.cn;

    location / {
      proxy_pass http://172.16.166.99:4000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
docker stop nginx
docker run --name nginx -d -p 80:80 -p 443:443 --restart=always \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx
curl https://snowdreams1006.cn
curl https://www.snowdreams1006.cn
curl https://blog.snowdreams1006.cn

1.4. resume

docker exec nginx whereis nginx
docker exec nginx ls /usr/share/nginx/html
docker cp nginx:/usr/share/nginx/html/index.html ~/resume
docker run --name resume -d -p 1006:80 --restart=always -v ~/resume:/usr/share/nginx/html nginx
server {
    listen       80;
    server_name  resume.snowdreams1006.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  resume.snowdreams1006.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/snowdreams1006.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/snowdreams1006.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  location / {
      proxy_pass http://172.16.166.99:1006;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}
docker restart nginx
curl https://resume.snowdreams1006.cn
name: resume.snowdreams1006.cn

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Upload resume
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        KEY: ${{ secrets.KEY }}
      with:
        source: static,index.html,README.md,LICENSE
        target: /root/resume
        rm: true
    - name: Deploy resume
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        script: |
          docker restart resume
curl https://resume.snowdreams1006.cn
作者: 雪之梦
链接: https://snowdreams1006.github.io/devops/docker-nginx.html
来源: 雪之梦
本文原创发布于「雪之梦」,转载请注明出处,谢谢合作!

https://snowdreams1006.github.io/snowdreams1006-wechat-open.png

results matching ""

    No results matching ""