feat 环境
This commit is contained in:
@@ -43,6 +43,7 @@ sudo chown -R 1000:1000 jenkins/
|
||||
sudo chown -R 472:472 grafana/
|
||||
sudo chown -R 65534:65534 prometheus/
|
||||
sudo chown -R 1000:1000 gitea/
|
||||
sudo chown -R 1000:1000 kafka/
|
||||
|
||||
nginx auth:
|
||||
nginx验证:printf "admin:$(openssl passwd -crypt uF8uY4eM0nS9dA4iZ1bV4hE6)\n" >>./prometheus_passwd
|
||||
@@ -58,11 +59,55 @@ ssh -L 2379:localhost:2379 root@47.108.184.184 yT1vU8fH5mP0rQ6h
|
||||
|
||||
生成ssh
|
||||
ssh-keygen -t rsa -b 4096 -C "jenkins-to-aliyun" -f ~/.ssh/jenkins -N ""
|
||||
ssh-copy-id root@47.108.184.184
|
||||
|
||||
生成mock代码
|
||||
mockgen -source ./proto/ss/grpc_pb/service_user_grpc.pb.go -destination ./proto/ss/grpc_pb/mocks/service_user_grpc.pb.go -package mocks
|
||||
mockgen -source ./proto/rs/grpc_pb/service_user_grpc.pb.go -destination ./proto/rs/grpc_pb/mocks/service_user_grpc.pb.go -package mocks
|
||||
|
||||
交叉编译:
|
||||
sudo docker run --rm --privileged tonistiigi/binfmt --install all
|
||||
sudo docker buildx create --name multi-arch-builder --use --bootstrap
|
||||
sudo docker buildx inspect
|
||||
查看构建器列表:sudo docker buildx ls
|
||||
让构建器重新扫描QUEM文件:sudo docker buildx inspect --bootstrap
|
||||
|
||||
|
||||
客户端VPN设置
|
||||
iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o eth0 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o peer1 -j MASQUERADE
|
||||
iptables -A FORWARD -i eth0 -o peer1 -j ACCEPT
|
||||
iptables -A FORWARD -i peer1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
docker exec wireguard-client /bin/bash -c '
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
HOST_IP=$(ip route | awk "/default/ {print \$3}")
|
||||
iptables -t nat -A PREROUTING -d 192.168.30.2 -j DNAT --to-destination $HOST_IP
|
||||
iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.2
|
||||
iptables -P FORWARD ACCEPT
|
||||
'
|
||||
|
||||
PostUp = sysctl -w net.ipv4.ip_forward=1
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
PostUp = iptables -A INPUT -i wg0 -j ACCEPT
|
||||
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
PostDown = iptables -D INPUT -i wg0 -j ACCEPT
|
||||
|
||||
服务端VPN设置
|
||||
iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o eth0 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o wg0 -j MASQUERADE
|
||||
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
docker exec wireguard-service /bin/bash -c '
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
HOST_IP=$(ip route | awk "/default/ {print \$3}")
|
||||
iptables -t nat -A PREROUTING -d 192.168.30.1 -j DNAT --to-destination $HOST_IP
|
||||
iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.1
|
||||
iptables -P FORWARD ACCEPT
|
||||
'
|
||||
|
||||
sudo ip route add 192.168.30.0/24 via 10.255.12.6
|
||||
11
Publish/docker-compose-clash.yml
Normal file
11
Publish/docker-compose-clash.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
services:
|
||||
# yacd.haishan.me
|
||||
mihomo:
|
||||
image: metacubex/mihomo:v1.19.19
|
||||
container_name: mihomo
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "7890:7890"
|
||||
- "9094:9090"
|
||||
volumes:
|
||||
- ./clash:/root/.config/mihomo
|
||||
9
Publish/docker-compose-jaeger.yml
Normal file
9
Publish/docker-compose-jaeger.yml
Normal file
@@ -0,0 +1,9 @@
|
||||
services:
|
||||
jaeger:
|
||||
image: jaegertracing/all-in-one:1.76.0
|
||||
container_name: jaeger
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "16686:16686"
|
||||
- "4317:4317"
|
||||
- "5778:5778"
|
||||
33
Publish/docker-compose-kafka.yml
Normal file
33
Publish/docker-compose-kafka.yml
Normal file
@@ -0,0 +1,33 @@
|
||||
services:
|
||||
kafka:
|
||||
image: confluentinc/cp-kafka:7.7.7
|
||||
container_name: kafka
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '9092:9092'
|
||||
- '9095:9095'
|
||||
environment:
|
||||
CLUSTER_ID: "NB2XQ2LBN5UGK2I="
|
||||
KAFKA_NODE_ID: 1
|
||||
KAFKA_PROCESS_ROLES: "controller,broker"
|
||||
KAFKA_CONTROLLER_QUORUM_VOTERS: "1@kafka:9093"
|
||||
KAFKA_CONTROLLER_LISTENER_NAMES: "CONTROLLER"
|
||||
KAFKA_LISTENERS: "PLAINTEXT://:9092,CONTROLLER://:9093,LOCAL://:9095"
|
||||
KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://localhost:9092,LOCAL://192.168.31.10:9095"
|
||||
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,LOCAL:PLAINTEXT"
|
||||
KAFKA_CONTROLLER_LOG_DIRS: "/var/lib/kafka/data/controller-logs"
|
||||
KAFKA_LOG_DIRS: "/var/lib/kafka/data/logs"
|
||||
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
|
||||
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
|
||||
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
|
||||
volumes:
|
||||
- './kafka:/var/lib/kafka/data'
|
||||
|
||||
kafka-ui:
|
||||
image: provectuslabs/kafka-ui:v0.7.2
|
||||
container_name: kafka-ui
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '8082:8080'
|
||||
environment:
|
||||
DYNAMIC_CONFIG_ENABLED: 'true'
|
||||
@@ -16,6 +16,7 @@ services:
|
||||
container_name: node_exporter
|
||||
command:
|
||||
- '--path.rootfs=/host'
|
||||
- '--web.listen-address=:9101'
|
||||
network_mode: host
|
||||
pid: host
|
||||
restart: unless-stopped
|
||||
|
||||
46
Publish/docker-compose-vpn.yml
Normal file
46
Publish/docker-compose-vpn.yml
Normal file
@@ -0,0 +1,46 @@
|
||||
services:
|
||||
wireguard-service:
|
||||
image: linuxserver/wireguard:1.0.20250521
|
||||
container_name: wireguard-service
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: "Etc/UTC"
|
||||
SERVERURL: "www.hlsq.asia"
|
||||
SERVERPORT: "51820"
|
||||
PEERS: 2
|
||||
PEERDNS: "auto"
|
||||
INTERNAL_SUBNET: "192.168.30.0"
|
||||
ALLOWEDIPS: "0.0.0.0/0"
|
||||
volumes:
|
||||
- ./wireguard-service:/config
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- "51820:51820/udp"
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
|
||||
wireguard-client:
|
||||
image: linuxserver/wireguard:1.0.20250521
|
||||
container_name: wireguard-client
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
TZ: "Etc/UTC"
|
||||
CLIENT: 1
|
||||
CONFIG_FILE: "/config/wg_confs/peer1.conf"
|
||||
volumes:
|
||||
- ./wireguard-client:/config
|
||||
- /lib/modules:/lib/modules:ro
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
34
Publish/prometheus-service.json
Normal file
34
Publish/prometheus-service.json
Normal file
@@ -0,0 +1,34 @@
|
||||
[
|
||||
{
|
||||
"targets": [
|
||||
"192.168.31.10:18504"
|
||||
],
|
||||
"labels": {
|
||||
"job": "server-gateway"
|
||||
}
|
||||
},
|
||||
{
|
||||
"targets": [
|
||||
"192.168.31.10:18801"
|
||||
],
|
||||
"labels": {
|
||||
"job": "server-user"
|
||||
}
|
||||
},
|
||||
{
|
||||
"targets": [
|
||||
"192.168.31.10:18701"
|
||||
],
|
||||
"labels": {
|
||||
"job": "server-scene"
|
||||
}
|
||||
},
|
||||
{
|
||||
"targets": [
|
||||
"192.168.31.10:18601"
|
||||
],
|
||||
"labels": {
|
||||
"job": "server-qgdzs"
|
||||
}
|
||||
}
|
||||
]
|
||||
12
Publish/tunnel.ps1
Normal file
12
Publish/tunnel.ps1
Normal file
@@ -0,0 +1,12 @@
|
||||
Write-Host "tunnel success..."
|
||||
ssh -N `
|
||||
-L 3001:localhost:3001 `
|
||||
-L 4317:localhost:4317 `
|
||||
-L 6379:localhost:6379 `
|
||||
-L 2379:localhost:2379 `
|
||||
-L 3306:localhost:3306 `
|
||||
-L 9093:localhost:9093 `
|
||||
-L 9094:localhost:9094 `
|
||||
-L 9092:localhost:9092 `
|
||||
-L 8082:localhost:8082 `
|
||||
root@47.108.184.184
|
||||
Reference in New Issue
Block a user