这是部署文档,记录部署需要做哪些东西 frps、frpc: git - https://github.com/fatedier/frp frps启动命令(没有做成服务):nohup ./frps -c ./frps.toml & frpc设置成服务,开机自启: 1. 配置文件:/etc/systemd/system/frpc.service [Unit] Description=FRP Client After=network.target [Service] ExecStart=/home/pi/Desktop/frp_0.65.0_linux_arm64/frpc -c /home/pi/Desktop/frp_0.65.0_linux_arm64/frpc.toml Restart=always [Install] WantedBy=multi-user.target 2. 启动命令: sudo systemctl daemon-reload sudo systemctl enable frpc # 开机自启 sudo systemctl start frpc # 立即启动 3. 查看日志 sudo journalctl -u frpc 安装Docker curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh Docker代理(Docker不管全局代理,必须在这里设置): 1. 配置文件:/etc/systemd/system/docker.service.d/proxy.conf [Service] Environment="HTTP_PROXY=http://192.168.31.150:7890" Environment="HTTPS_PROXY=http://192.168.31.150:7890" Environment="NO_PROXY=localhost,127.0.0.1,.local,192.168.0.0/16" 2. 启动命令: sudo systemctl daemon-reload sudo systemctl restart docker 以下服务需要给存档权限 sudo chown -R 1000:1000 jenkins/ sudo chown -R 472:472 grafana/ sudo chown -R 65534:65534 prometheus/ sudo chown -R 1000:1000 gitea/ sudo chown -R 1000:1000 kafka/ nginx auth: nginx验证:printf "admin:$(openssl passwd -crypt uF8uY4eM0nS9dA4iZ1bV4hE6)\n" >>./prometheus_passwd registry验证:htpasswd -Bbn admin pD4hC1jY1bB0pY4kF4tC > ./registry_passwd ↑没有工具安装这个:sudo yum install -y httpd-tools Jenkins账密:admin 4f848ffe54ef45eda56eebd62bc90ea0 Grafana账密:admin pT1rA0yL0mK3iA8tJ4kE etcd通道 ssh -L 2379:localhost:2379 root@47.108.184.184 yT1vU8fH5mP0rQ6h 生成ssh ssh-keygen -t rsa -b 4096 -C "jenkins-to-aliyun" -f ~/.ssh/jenkins -N "" ssh-copy-id root@47.108.184.184 生成mock代码 mockgen -source ./proto/rs/grpc_pb/service_user_grpc.pb.go -destination ./proto/rs/grpc_pb/mocks/service_user_grpc.pb.go -package mocks 交叉编译: sudo docker run --rm --privileged tonistiigi/binfmt --install all sudo docker buildx create --name multi-arch-builder --use --bootstrap 查看构建器列表:sudo docker buildx ls 让构建器重新扫描QUEM文件:sudo docker buildx inspect --bootstrap 客户端VPN设置 iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o peer1 -j MASQUERADE iptables -A FORWARD -i eth0 -o peer1 -j ACCEPT iptables -A FORWARD -i peer1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT docker exec wireguard-client /bin/bash -c ' echo 1 > /proc/sys/net/ipv4/ip_forward HOST_IP=$(ip route | awk "/default/ {print \$3}") iptables -t nat -A PREROUTING -d 192.168.30.2 -j DNAT --to-destination $HOST_IP iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.2 iptables -P FORWARD ACCEPT ' PostUp = sysctl -w net.ipv4.ip_forward=1 PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT PostUp = iptables -A INPUT -i wg0 -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT PostDown = iptables -D INPUT -i wg0 -j ACCEPT 服务端VPN设置 iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.255.12.0/24 -o wg0 -j MASQUERADE iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT docker exec wireguard-service /bin/bash -c ' echo 1 > /proc/sys/net/ipv4/ip_forward HOST_IP=$(ip route | awk "/default/ {print \$3}") iptables -t nat -A PREROUTING -d 192.168.30.1 -j DNAT --to-destination $HOST_IP iptables -t nat -A POSTROUTING -s $HOST_IP -j SNAT --to-source 192.168.30.1 iptables -P FORWARD ACCEPT ' sudo ip route add 192.168.30.0/24 via 10.255.12.6