ubuntu - 安装docker、中间件
1、基本命令
# 切换管理员
sudo su
# 修改远程端口
vim /etc/ssh/sshd_config
service ssh restart
# ubuntu扩展使用整个剩余空间(如果是ext4文件系统,查看:df -T /)
lvextend -r -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
# 查看可挂载的磁盘
lsblk
# 查看目录下文件大小
du -sh /*
# 查看ubuntu版本
lsb_release -a
# 修改密码
passwd ubuntu
# 修改时区
timedatectl set-timezone Asia/Shanghai
# 模糊查找文件
find / -name xxx*
2、防火墙
sudo ufw status
sudo ufw enable
sudo ufw disable
#开通端口
sudo ufw allow 53306/tcp
#关闭端口
sudo ufw delete allow 53306/tcp
3、设置固定ip
# 查看当前网络
ip addr
# 修改配置文件
vim /etc/netplan/xxxx.yaml
network:
ethernets:
enp1s0:
dhcp4: no
addresses: [192.168.8.23/24]
routes:
- to: default
via: 192.168.8.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
version: 2
# 应用配置
sudo netplan apply
4、设置镜像源:
cp /etc/apt/sources.list /etc/apt/sources.list.bak
sh -c 'echo "" > /etc/apt/sources.list'
echo "deb http://mirrors.ustc.edu.cn/ubuntu-ports/ focal main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu-ports/ focal-updates main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu-ports/ focal-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
echo "deb http://mirrors.ustc.edu.cn/ubuntu-ports/ focal-security main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
apt update
# 基础软件安装
apt install iputils-ping -y
apt install net-tools -y
apt install vim -y
apt install ufw -y
apt install openjdk-11-jdk -y
apt install ffmpeg -y // FFmpeg 多媒体处理工具
5、安装docker
#1 更新系统
apt-get update
#2 安装依赖
apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
#3 添加 Docker 官方 GPG 密钥
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
#4 添加 Docker 源
echo \
"deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
# 5. 更新源并安装 Docker Engine
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
docker --version
# 6. 配置国内镜像:
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://y8yh50dy.mirror.aliyuncs.com",
"https://docker.m.daocloud.io"
],
"insecure-registries": [
"39.100.100.999:51001"
]
}
### 验证镜像是否可访问:curl -I https://docker.m.daocloud.io
### 重启docker:
sudo systemctl daemon-reload
sudo systemctl restart docker
### 测试hello-world,并进入容器
sudo docker run hello-world
docker exec -it 容器名称 bash
5、安装geoserver
#1 Dockerfile
# 使用官方最新 Tomcat 9 + JDK 11 版本镜像
FROM tomcat:9.0.87-jdk11
ENV GEOSERVER_VERSION=2.25.0
ENV GEOSERVER_URL=https://sourceforge.net/projects/geoserver/files/GeoServer/${GEOSERVER_VERSION}/geoserver-${GEOSERVER_VERSION}-war.zip
ENV GEOSERVER_DATA_DIR=/var/local/geoserver
# 安装 curl unzip,部署 GeoServer,删除临时工具和默认工作空间
RUN apt-get update && \
apt-get install -y curl unzip && \
mkdir -p $GEOSERVER_DATA_DIR && \
curl -L -o /tmp/geoserver.zip $GEOSERVER_URL && \
unzip /tmp/geoserver.zip -d /tmp && \
mv /tmp/geoserver.war /usr/local/tomcat/webapps/geoserver.war && \
rm -rf /tmp/*
# 清理不需要的工具
RUN apt-get remove -y unzip curl && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# 设置工作目录
WORKDIR /usr/local/tomcat
# 暴露 GeoServer 默认端口
EXPOSE 8080
# 启动 Tomcat
CMD ["catalina.sh", "run"]
#2 执行命令
#构建
docker build -t geoserver:2.25 .
#运行
docker run -d \
-p 53001:8080 --network my_network \
--name geoserver \
--restart=always \
-v /publish/geoserver/data:/var/local/geoserver \
geoserver:2.25
#3 设置可支持跨域访问(/usr/local/tomcat/webapps/geoserver/WEB-INF/web.xml,就在 <web-app ...> 标签后添加)
#从容器中拷贝文件到宿主机:docker cp geoserver:/usr/local/tomcat/webapps/geoserver/WEB-INF/web.xml web.xml
<filter>
<filter-name>CORS</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE,OPTIONS,HEAD</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Origin,Accept,X-Requested-With,Content-Type,Authorization</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
#4 查看tomcat版本
cat /.../tomcat/RELEASE-NOTES
5、安装nginx
sudo apt install nginx -y
sudo systemctl restart nginx
sudo systemctl status nginx
cp /etc/nginx/nginx.conf /etc/nginx/nginx_bak.conf
vim /etc/nginx/nginx.conf
6、安装mysql
sudo systemctl status mysql
sudo systemctl restart mysql
# 修改mysql默认端口,以及设置远程可连接
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
# port = 53306
# mysqlx = 0 // 禁用MySQL 8.0 中引入的新的X Protocol 端口
# bind-address = 0.0.0.0
sudo netstat -tulnp | grep mysql
# mysql设置向导
sudo mysql_secure_installation
# 设置msyql root@localhost密码
sudo mysql -u root -p
alter user 'root'@'localhost' IDENTIFIED BY 'Root@123';
flush privileges;
# 设置mysql在宿主机上也需要密码验证
select user,host,plugin from mysql.user;
update mysql.user set plugin = 'mysql_native_password' where user = 'root';
# 创建mysql数据库及用户
create database db_dianchi;
create user 'test'@'%' identified by '12345678';
alter user 'test'@'%' identified by '12345678';
grant all privileges on db_dianchi.* to 'test'@'%';
flush privileges;
7、安装OpenVPN
sudo apt update && sudo apt upgrade -y
sudo apt install openvpn easy-rsa -y
# 创建CA证书
make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
# 证书、密钥、Diffie-Hellman文件
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
# 创建用户证书
./easyrsa gen-req zhangsan nopass
./easyrsa sign-req client zhangsan
# 配置 - 进入到pki/父级目录
sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key pki/dh.pem /etc/openvpn/
sudo cp pki/issued/zhangsan.crt pki/private/zhangsan.key /etc/openvpn/
sudo vim /etc/openvpn/server.conf
----加入内容:
port 52001
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
# 允许用户使用用户名和密码进行认证
auth-user-pass-verify /etc/openvpn/check-user.sh via-env
verify-client-cert none
username-as-common-name
sudo vim /etc/openvpn/check-user.sh
----加入内容:
#!/bin/bash
USERNAME=$1
PASSWORD=$2
case "$USERNAME" in
zhangsan)
[[ "$PASSWORD" == "zhangsan123" ]] && exit 0 || exit 1
;;
lisi)
[[ "$PASSWORD" == "lisi123" ]] && exit 0 || exit 1
;;
*)
exit 1
;;
esac
sudo chmod +x /etc/openvpn/check-user.sh
# 启动服务
sudo ufw allow 52001/udp
sudo ufw enable
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
sudo systemctl status openvpn@server
# 查看错误日志
sudo cat /var/log/openvpn.log
# 客户端配置 zhangsan.ovpn
client
dev tun
proto udp
remote [your_server_ip] 52001
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth-user-pass
verb 3
<ca>
# 将ca.crt文件内容粘贴到此处
</ca>
<cert>
# 将zhangsan.crt文件内容粘贴到此处
</cert>
<key>
# 将zhangsan.key文件内容粘贴到此处
</key>
# 卸载
sudo systemctl stop openvpn@server
sudo systemctl disable openvpn@server
sudo apt remove --purge openvpn easy-rsa -y
sudo rm -rf /etc/openvpn
sudo rm -rf ~/easy-rsa
sudo rm -rf /root/easy-rsa # 如果在这里生成了文件
sudo apt autoremove -y
8、设置开机启动程序:
# 添加文件:/etc/systemd/system/cdp5-base.service [Unit] Description=Java Application: cdp5-base After=network.target [Service] User=ubuntu Group=root WorkingDirectory=/publish/ ExecStart=java -jar cdp5-base.jar Restart=always RestartSec=5s StandardOutput=append:/publish/cdp5-base.log StandardError=append:/publish/cdp5-base-error.log [Install] WantedBy=multi-user.target sudo systemctl daemon-reload sudo systemctl enable cdp5-base.service
sudo systemctl daemon-reload
sudo systemctl enable cdp5-base.service
浙公网安备 33010602011771号