feat 环境
This commit is contained in:
@@ -43,6 +43,7 @@ sudo chown -R 1000:1000 jenkins/
|
||||
sudo chown -R 472:472 grafana/
|
||||
sudo chown -R 65534:65534 prometheus/
|
||||
sudo chown -R 1000:1000 gitea/
|
||||
sudo chown -R 1000:1000 kafka/
|
||||
|
||||
nginx auth:
|
||||
nginx验证:printf "admin:$(openssl passwd -crypt uF8uY4eM0nS9dA4iZ1bV4hE6)\n" >>./prometheus_passwd
|
||||
@@ -58,11 +59,55 @@ ssh -L 2379:localhost:2379 root@47.108.184.184 yT1vU8fH5mP0rQ6h
|
||||
|
||||
生成ssh
|
||||
ssh-keygen -t rsa -b 4096 -C "jenkins-to-aliyun" -f ~/.ssh/jenkins -N ""
|
||||
ssh-copy-id root@47.108.184.184
|
||||
|
||||
生成mock代码
|
||||
mockgen -source ./proto/ss/grpc_pb/service_user_grpc.pb.go -destination ./proto/ss/grpc_pb/mocks/service_user_grpc.pb.go -package mocks
|
||||
mockgen -source ./proto/rs/grpc_pb/service_user_grpc.pb.go -destination ./proto/rs/grpc_pb/mocks/service_user_grpc.pb.go -package mocks
|
||||
|
||||
交叉编译:
|
||||
sudo docker run --rm --privileged tonistiigi/binfmt --install all
|
||||
sudo docker buildx create --name multi-arch-builder --use --bootstrap
|
||||
sudo docker buildx inspect
|
||||
查看构建器列表:sudo docker buildx ls
|
||||
让构建器重新扫描QUEM文件:sudo docker buildx inspect --bootstrap
|
||||
|
||||
|
||||
客户端VPN设置
|
||||
iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o eth0 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o peer1 -j MASQUERADE
|
||||
iptables -A FORWARD -i eth0 -o peer1 -j ACCEPT
|
||||
iptables -A FORWARD -i peer1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
docker exec wireguard-client /bin/bash -c '
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
HOST_IP=$(ip route | awk "/default/ {print \$3}")
|
||||
iptables -t nat -A PREROUTING -d 192.168.30.2 -j DNAT --to-destination $HOST_IP
|
||||
iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.2
|
||||
iptables -P FORWARD ACCEPT
|
||||
'
|
||||
|
||||
PostUp = sysctl -w net.ipv4.ip_forward=1
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
PostUp = iptables -A INPUT -i wg0 -j ACCEPT
|
||||
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
PostDown = iptables -D INPUT -i wg0 -j ACCEPT
|
||||
|
||||
服务端VPN设置
|
||||
iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o eth0 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o wg0 -j MASQUERADE
|
||||
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
docker exec wireguard-service /bin/bash -c '
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
HOST_IP=$(ip route | awk "/default/ {print \$3}")
|
||||
iptables -t nat -A PREROUTING -d 192.168.30.1 -j DNAT --to-destination $HOST_IP
|
||||
iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.1
|
||||
iptables -P FORWARD ACCEPT
|
||||
'
|
||||
|
||||
sudo ip route add 192.168.30.0/24 via 10.255.12.6
|
||||
Reference in New Issue
Block a user