search.xml

<?xml version="1.0" encoding="utf-8"?>
<search>
  <entry>
    <title>Prometheus+node_exporter+Grafana部署系统监控</title>
    <url>/posts/2047dd97/</url>
    <content><![CDATA[<p>摘要：Prometheus+Grafana部署系统监控</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
<tr>
<td align="center">2023-05-22</td>
<td align="center">新增node_exporter在centos6中开机自启配置</td>
</tr>
</tbody></table>
<h1 id="prometheus-简单介绍"><a href="#prometheus-简单介绍" class="headerlink" title="prometheus 简单介绍"></a>prometheus 简单介绍</h1><ul>
<li>官网: <a href="https://prometheus.io/">prometheus.io</a></li>
</ul>
<h2 id="架构"><a href="#架构" class="headerlink" title="架构"></a>架构</h2><p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204191419769.png" alt="普罗米修斯架构"></p>
<p><strong>Prometheus Server：</strong> 用于收集和存储时间序列化数据</p>
<p><strong>Exporters：</strong>将监控数据采集的端点通过HTTP服务的形式暴露给Prometheus Server，Prometheus Server通过访问该Exporter提供的Endpoint端点，即可以获取到需要采集的监控数据</p>
<p><strong>Pushgateway：</strong>主要是实现接收由 Client push 过来的指标数据，在指定的时间间隔，由主程序来抓取。由于 Prometheus 数据采集基于 Pull 模型进行设计，因此在网络环境的配置上必须要让 Prometheus Server 能够直接与 Exporter 进行通信。当这种网络需求无法直接满足时，就可以利用 PushGateway 来进行中转。可以通过 PushGateway 将内部网络的监控数据主动 Push 到 Gateway 当中。而 Prometheus Server 则可以采用同样 Pull 的方式从 PushGateway 中获取到监控数据</p>
<p><strong>Altermanager：</strong> 在Prometheus Server中支持基于Prom QL创建告警规则，如果满足Prom QL定义的规则，则会产生一条告警。当AlertManager从 Prometheus server 端接收到 alerts后，会进行去重，分组，并路由到相应的接收方，发出报警。</p>
<span id="more"></span>

<h2 id="工作流程"><a href="#工作流程" class="headerlink" title="工作流程"></a>工作流程</h2><ol>
<li>Prometheus server 定期从配置好的 jobs 或者 exporters 中拉取 metrics，或者从Pushgateway 拉取metrics，或者从其他的 Prometheus server 中拉 metrics。</li>
<li>Prometheus server 在本地存储收集到的 metrics，并运行已定义好的 alert.rules，通过一定规则进行清理和整理数据，并把得到的结果存储到新的时间序列中。记录新的时间序列或者向 Alertmanager 推送警报。</li>
<li>Prometheus通过PromQL和其他API可视化地展示收集的数据。Prometheus支持很多方式的图表可视化，例如Grafana、自带的Promdash以及自身提供的模版引擎等等。Prometheus还提供HTTP API的查询方式，自定义所需要的输出。</li>
</ol>
<h1 id="prometheus-安装部署"><a href="#prometheus-安装部署" class="headerlink" title="prometheus 安装部署"></a>prometheus 安装部署</h1><h2 id="二进制包方式安装Prometheus"><a href="#二进制包方式安装Prometheus" class="headerlink" title="二进制包方式安装Prometheus"></a>二进制包方式安装Prometheus</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 创建Prometheus组和用户</span></span><br><span class="line">sudo groupadd -r prometheus </span><br><span class="line">sudo useradd -r -g prometheus -s /sbin/nologin -M -c &quot;prometheus Daemons&quot; prometheus</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 下载prometheus</span></span><br><span class="line">wget https://github.com/prometheus/prometheus/releases/download/v2.35.0-rc0/prometheus-2.35.0-rc0.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. 解压</span></span><br><span class="line">tar -zxvf prometheus-2.35.0-rc0.linux-amd64.tar.gz</span><br><span class="line">mkdir -p /data/app/prometheus &amp;&amp; mv prometheus-2.35.0-rc0.linux-amd64 /data/app/prometheus</span><br><span class="line">chown prometheus.prometheus -R /data/app/prometheus</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 使用systemctl管理进程</span></span><br><span class="line">vim /usr/lib/systemd/system/prometheus.service</span><br><span class="line"><span class="meta">#</span><span class="language-bash">添加以下内容 执行路径根据实际情况填写</span></span><br><span class="line">[Unit]</span><br><span class="line">Description=Prometheus</span><br><span class="line">Documentation=https://prometheus.io/</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">Type=simple</span><br><span class="line">Environment=&quot;GOMAXPROCS=4&quot;</span><br><span class="line">User=prometheus</span><br><span class="line">Group=prometheus</span><br><span class="line">ExecReload=/bin/kill -HUP $MAINPID</span><br><span class="line">ExecStart=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/prometheus \</span><br><span class="line">  --config.file=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/prometheus.yml \</span><br><span class="line">  --storage.tsdb.path=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/data \</span><br><span class="line">  --storage.tsdb.retention=30d \</span><br><span class="line">  --web.console.libraries=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/console_libraries \</span><br><span class="line">  --web.console.templates=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/consoles \</span><br><span class="line">  --web.listen-address=0.0.0.0:8905 \</span><br><span class="line">  --web.read-timeout=5m \</span><br><span class="line">  --web.max-connections=30 \</span><br><span class="line">  --query.max-concurrency=50 \</span><br><span class="line">  --query.timeout=2m \</span><br><span class="line">  --web.enable-lifecycle  </span><br><span class="line">  </span><br><span class="line">PrivateTmp=true</span><br><span class="line">PrivateDevices=true</span><br><span class="line">ProtectHome=true</span><br><span class="line">NoNewPrivileges=true</span><br><span class="line">LimitNOFILE=infinity</span><br><span class="line">ReadWriteDirectories=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64</span><br><span class="line">ProtectSystem=full</span><br><span class="line"></span><br><span class="line">SyslogIdentifier=prometheus</span><br><span class="line">Restart=always</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">prometheus配置更改后可以进行热加载  curl -X POST  http://localhost:9090/-/reload</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5. 启动</span></span><br><span class="line">systemctl daemon-reload</span><br><span class="line">systemctl start|reload||stop prometheus</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">6.可通过web访问</span></span><br><span class="line">http://ip:port</span><br></pre></td></tr></table></figure>

<h2 id="配置密码"><a href="#配置密码" class="headerlink" title="配置密码"></a>配置密码</h2><ul>
<li>默认情况下是可以直接访问prometheus的web UI的，这样是很不安全的，是可以配置TLS+密码验证的，这里只配置密码验证了。</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash"> 1.安装httpd-tools</span></span><br><span class="line">yum install -y httpd-tools</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash"> 2.生成密码</span></span><br><span class="line">htpasswd -nBC 10 &quot;&quot; | tr -d &#x27;:\n&#x27;   # 回车后输入密码  例如输入6个1</span><br><span class="line"><span class="meta">$</span><span class="language-bash">2y$10<span class="variable">$SpFQBSWkvNboPXm</span>/YaxwZOUo1WDi86QGSpf1ZfXJHyZmrK9RVWXX6</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.node_exporter安装目录下编辑web-config.yml文件</span></span><br><span class="line">basic_auth_users:</span><br><span class="line"><span class="meta">  # </span><span class="language-bash">用户名: 密码-上面加密生产的字符串</span> </span><br><span class="line">  mynode: $2y$10$SpFQBSWkvNboPXm/YaxwZOUo1WDi86QGSpf1ZfXJHyZmrK9RVWXX6</span><br><span class="line"><span class="meta"># </span><span class="language-bash">启动node_exporter中加上以下配置 /usr/lib/systemd/system/prometheus.service</span></span><br><span class="line">--web.config.file=/data/app/prometheus/prometheus-2.35.0-rc0.linux-amd64/web-config.yml</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. reload</span></span><br><span class="line">systemctl daemon-reload &amp;&amp; systemctl restart prometheus</span><br></pre></td></tr></table></figure>

<h2 id="配置prometheus-yml"><a href="#配置prometheus-yml" class="headerlink" title="配置prometheus.yml"></a>配置prometheus.yml</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">在prometheus安装目录中，配置prometheus.yml,增加basic_auth项</span></span><br><span class="line">scrape_configs:</span><br><span class="line">  - job_name: &quot;prometheus&quot;</span><br><span class="line">    basic_auth:</span><br><span class="line">      username: xxx</span><br><span class="line">      password: xxx</span><br><span class="line">    static_configs:</span><br><span class="line">      - targets: [&quot;localhost:8905&quot;]</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">reload prometheus</span></span><br><span class="line">systemctl reload prometheus</span><br></pre></td></tr></table></figure>

<h1 id="node-exporter安装配置"><a href="#node-exporter安装配置" class="headerlink" title="node_exporter安装配置"></a>node_exporter安装配置</h1><h2 id="二进制包方式安装node-exporter"><a href="#二进制包方式安装node-exporter" class="headerlink" title="二进制包方式安装node_exporter"></a>二进制包方式安装node_exporter</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载，解压</span></span><br><span class="line">wget https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz</span><br><span class="line">tar -zxvf  node_exporter-1.3.1.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 修改默认端口，在启动参数中加以下配置</span></span><br><span class="line">--web.listen-address=:8009</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. 启动方式</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="comment"># 前台启动</span></span></span><br><span class="line">node_exporter </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="comment"># 后台启动方式1</span></span></span><br><span class="line">node_exporter &amp;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="comment"># 后台启动方式2</span></span></span><br><span class="line">nohup node_exporter &amp;&gt; /var/log/node_exporter.log &amp;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="comment"># 带参数后台启动</span></span></span><br><span class="line">nohup node_exporter  --web.listen-address=0.0.0.0:8009  --web.telemetry-path=/metrics \ </span><br><span class="line">&amp;&gt; /var/log/node_exporter/node_exporter.log &amp;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.使用systemctl管理 新建node_exporter.service</span></span><br><span class="line">vim  /usr/lib/systemd/system/node_exporter.service</span><br><span class="line"><span class="meta"># </span><span class="language-bash">添加以下内容 路径和端口根据实际情况配置</span></span><br><span class="line">[Unit]</span><br><span class="line">Description=Node_exporter</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">User=prometheus</span><br><span class="line">Group=prometheus</span><br><span class="line">ExecStart=/data/app/prometheus/node_exporter-1.3.1.linux-amd64/node_exporter \</span><br><span class="line">  --web.listen-address=0.0.0.0:8009 \</span><br><span class="line">  --web.telemetry-path=/metrics \</span><br><span class="line">  --web.config=/data/app/prometheus/node_exporter-1.3.1.linux-amd64/web-config.yml \</span><br><span class="line">  --log.level=info \</span><br><span class="line">  --log.format=logfmt</span><br><span class="line">ExecReload=/bin/kill -HUP $MAINPID</span><br><span class="line">ExecStop=/bin/kill -KILL $MAINPID</span><br><span class="line">Type=simple</span><br><span class="line">KillMode=control-group</span><br><span class="line">Restart=always</span><br><span class="line">RestartSec=15s</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5.启动</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">重载配置文件</span></span><br><span class="line">systemctl daemon-reload</span><br><span class="line"><span class="meta">#</span><span class="language-bash">启动node_exporter</span></span><br><span class="line">systemctl start node_exporter</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">6.在web中可以直接看到Metrics数据</span></span><br><span class="line">http://ip:port</span><br></pre></td></tr></table></figure>

<h2 id="在centos6中配置开机自启动"><a href="#在centos6中配置开机自启动" class="headerlink" title="在centos6中配置开机自启动"></a>在centos6中配置开机自启动</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 编辑/etc/init.d/node_exporter</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">!/bin/bash</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">  /etc/rc.d/init.d/node_exporter</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">chkconfig: 2345 80 80</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"></span></span><br><span class="line"><span class="language-bash"><span class="comment"># config: /etc/prometheus/node_exporter.conf</span></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">pidfile: /var/run/prometheus/node_exporter.pid</span></span><br><span class="line"><span class="meta"> </span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">Source <span class="keyword">function</span> library.</span></span><br><span class="line">. /etc/init.d/functions</span><br><span class="line"> </span><br><span class="line">RETVAL=0</span><br><span class="line">PROG=&quot;node_exporter&quot;</span><br><span class="line">DAEMON_SYSCONFIG=/etc/sysconfig/$&#123;PROG&#125;</span><br><span class="line">DAEMON=/usr/bin/$&#123;PROG&#125; #要把安装目录下/opt/node_exporter/node_exporter可执行文件拷贝到/usr/bin目录下</span><br><span class="line">PID_FILE=/var/run/$&#123;PROG&#125;.pid</span><br><span class="line">LOCK_FILE=/var/lock/subsys/$&#123;PROG&#125;</span><br><span class="line">LOG_FILE=/singlee/prometheus/node_exporter-1.5.0.linux-amd64/node_exporter.log</span><br><span class="line">DAEMON_USER=&quot;prometheus&quot;</span><br><span class="line">FQDN=$(hostname)</span><br><span class="line">GOMAXPROCS=$(grep -c ^processor /proc/cpuinfo)</span><br><span class="line"> </span><br><span class="line">. $&#123;DAEMON_SYSCONFIG&#125;</span><br><span class="line"> </span><br><span class="line">start() &#123;</span><br><span class="line">  if check_status &gt; /dev/null; then</span><br><span class="line">    echo &quot;node_exporter is already running&quot;</span><br><span class="line">    exit 0</span><br><span class="line">  fi</span><br><span class="line"> </span><br><span class="line">  echo -n $&quot;Starting node_exporter: &quot;</span><br><span class="line">  daemonize -u $&#123;DAEMON_USER&#125; -p $&#123;PID_FILE&#125; -l $&#123;LOCK_FILE&#125; -a -e $&#123;LOG_FILE&#125; -o $&#123;LOG_FILE&#125; $&#123;DAEMON&#125; $&#123;ARGS&#125;</span><br><span class="line">  RETVAL=$?</span><br><span class="line">  echo &quot;&quot;</span><br><span class="line">  return $RETVAL</span><br><span class="line">&#125;</span><br><span class="line"> </span><br><span class="line">stop() &#123;</span><br><span class="line">    echo -n $&quot;Stopping node_exporter: &quot;</span><br><span class="line">    killproc -p $&#123;PID_FILE&#125; -d 10 $&#123;DAEMON&#125;</span><br><span class="line">    RETVAL=$?</span><br><span class="line">    echo</span><br><span class="line">    [ $RETVAL = 0 ] &amp;&amp; rm -f $&#123;LOCK_FILE&#125; $&#123;PID_FILE&#125;</span><br><span class="line">    return $RETVAL</span><br><span class="line">&#125;</span><br><span class="line"> </span><br><span class="line">check_status() &#123;</span><br><span class="line">    status -p $&#123;PID_FILE&#125; $&#123;DAEMON&#125;</span><br><span class="line">    RETVAL=$?</span><br><span class="line">    return $RETVAL</span><br><span class="line">&#125;</span><br><span class="line"> </span><br><span class="line">case &quot;$1&quot; in</span><br><span class="line">    start)</span><br><span class="line">        start</span><br><span class="line">        ;;</span><br><span class="line">    stop)</span><br><span class="line">        stop</span><br><span class="line">        ;;</span><br><span class="line">    status)</span><br><span class="line">    check_status</span><br><span class="line">        ;;</span><br><span class="line">    reload|force-reload)</span><br><span class="line">        reload</span><br><span class="line">        ;;</span><br><span class="line">    restart)</span><br><span class="line">        stop</span><br><span class="line">        start</span><br><span class="line">        ;;</span><br><span class="line">    *)</span><br><span class="line">        N=/etc/init.d/$&#123;NAME&#125;</span><br><span class="line">        echo &quot;Usage: $N &#123;start|stop|status|restart|force-reload&#125;&quot; &gt;&amp;2</span><br><span class="line">        RETVAL=2</span><br><span class="line">        ;;</span><br><span class="line">esac</span><br><span class="line"> </span><br><span class="line">exit $&#123;RETVAL&#125;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 给脚本赋权</span></span><br><span class="line">chmod +x /etc/init.d/node_exporter</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. 配置args,在/etc/sysconfig/node_exporter</span></span><br><span class="line">args=&quot;--web.listen-address=0.0.0.0:8009 --web.telemetry-path=/metrics --log.level=info --log.format=logfmt&quot;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 创建软连接,这里方便node_exporter命令执行</span></span><br><span class="line">ln -s /opt/node_exporter-1.3.1.linux-amd64/node_exporter /usr/bin/node_exporter</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5. 测试</span></span><br><span class="line">/etc/init.d/node_exporter start|stop</span><br><span class="line">service node_exporter start|stop</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">6. 配置自启动</span></span><br><span class="line">chkconfig node_exporter on</span><br></pre></td></tr></table></figure>



<h2 id="配置密码-1"><a href="#配置密码-1" class="headerlink" title="配置密码"></a>配置密码</h2><ul>
<li><p>由于node_exporter是prometheus server 通过pull方式拉取数据，这就导致端口是对外开放的，考虑安全性，需要加上密码验证</p>
</li>
<li><p><a href="https://github.com/prometheus/exporter-toolkit/blob/v0.1.0/https/README.md">参考</a></p>
</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.生成密码</span></span><br><span class="line">htpasswd -nBC 10 &quot;&quot; | tr -d &#x27;:\n&#x27;   # 回车后输入密码  例如输入6个1</span><br><span class="line"><span class="meta">$</span><span class="language-bash">2y$10<span class="variable">$97LYmcoS4nyeIkctGv4PyeqxeiNC2XsYWAhKgvlv</span>.dYIOkKEKUK5C</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.node_exporter安装目录下编辑web-config.yml文件</span></span><br><span class="line">basic_auth_users:</span><br><span class="line"><span class="meta">  # </span><span class="language-bash">用户名: 密码-上面加密生产的字符串</span> </span><br><span class="line">  shizu: $2y$10$97LYmcoS4nyeIkctGv4PyeqxeiNC2XsYWAhKgvlv.dYIOkKEKUK5C</span><br><span class="line"><span class="meta"># </span><span class="language-bash">启动node_exporter中加上以下配置 /usr/lib/systemd/system/node_exporter.service</span></span><br><span class="line">--web.config=/data/app/prometheus/node_exporter-1.3.1.linux-amd64/web-config.yml </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. reload</span></span><br><span class="line">systemctl daemon-reload &amp;&amp; systemctl restart node_exporter</span><br></pre></td></tr></table></figure>

<h2 id="配置prometheus-yml-1"><a href="#配置prometheus-yml-1" class="headerlink" title="配置prometheus.yml"></a>配置prometheus.yml</h2><figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 在prometheus安装目录中，配置prometheus.yml中下面增加如下配置</span></span><br><span class="line"><span class="bullet">-</span> <span class="attr">job_name:</span> <span class="string">&#x27;nodes&#x27;</span></span><br><span class="line">    <span class="attr">basic_auth:</span> <span class="comment">#如果node_exporter中配置的用户密码增加此选项</span></span><br><span class="line">      <span class="attr">username:</span> <span class="string">xxx</span></span><br><span class="line">      <span class="attr">password:</span> <span class="string">xxx</span></span><br><span class="line">    <span class="attr">static_configs:</span></span><br><span class="line">    <span class="bullet">-</span> <span class="attr">targets:</span> [<span class="string">&#x27;127.0.0.1:8906&#x27;</span>,<span class="string">&#x27;127.0.0.1:8009&#x27;</span>]</span><br><span class="line"></span><br><span class="line"><span class="comment"># reload prometheus</span></span><br><span class="line"><span class="string">systemctl</span> <span class="string">reload</span> <span class="string">prometheus</span></span><br></pre></td></tr></table></figure>

<h1 id="安装Grafana，配置promrtheus数据源"><a href="#安装Grafana，配置promrtheus数据源" class="headerlink" title="安装Grafana，配置promrtheus数据源"></a>安装Grafana，配置promrtheus数据源</h1><ul>
<li>官网：<a href="https://grafana.com/grafana/download">Grafana</a></li>
<li>模板:   <a href="https://grafana.com/grafana/dashboards">dashboards</a></li>
</ul>
<h2 id="下载安装Grafana"><a href="#下载安装Grafana" class="headerlink" title="下载安装Grafana"></a>下载安装Grafana</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载安装grafana</span></span><br><span class="line">wget https://dl.grafana.com/enterprise/release/grafana-enterprise-8.4.6-1.x86_64.rpm</span><br><span class="line">sudo yum install grafana-enterprise-8.4.6-1.x86_64.rpm</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 启动grafana</span></span><br><span class="line">systemctl start grafana-server</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.grafana默认端口是3000，如果需要修改默认端口，进入grafana配置文件路径，修改配置文件</span></span><br><span class="line">vim /etc/grafana/grafana.ini</span><br><span class="line"><span class="meta"># </span><span class="language-bash">修改http_port端口</span></span><br><span class="line">http_port = 8907</span><br><span class="line"><span class="meta"># </span><span class="language-bash">reload或restart grafana-server</span></span><br><span class="line">systemctl restart grafana-server</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">docker</span></span><br><span class="line">docker run -d -p 3000:3000 grafana/grafana-enterprise</span><br><span class="line"><span class="meta"># </span><span class="language-bash">配置文件修改</span></span><br><span class="line">docker exec -it grafana bash</span><br><span class="line">find / -type f -name &quot;grafana.ini&quot;</span><br></pre></td></tr></table></figure>

<h2 id="配置prometheus源"><a href="#配置prometheus源" class="headerlink" title="配置prometheus源"></a>配置prometheus源</h2><ul>
<li>配置数据源Data sources-&gt;Add data source -&gt; Prometheus，输入prometheus数据源的信息，主要是输入name和url</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204191750576.png" alt="image-20220419174959969"></p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204201334202.png" alt="image-20220420110248029" style="zoom:50%;" />

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204201101813.png" alt="image-20220419175114474" style="zoom:50%;" />

<ul>
<li>参考连接</li>
<li><a href="https://zhuanlan.zhihu.com/p/434353542">https://zhuanlan.zhihu.com/p/434353542</a></li>
<li><a href="https://blog.51cto.com/u_12082223/3241875">https://blog.51cto.com/u_12082223/3241875</a></li>
<li><a href="http://www.yunweipai.com/34713.html">http://www.yunweipai.com/34713.html</a></li>
<li><a href="https://www.modb.pro/db/45956">https://www.modb.pro/db/45956</a></li>
<li><a href="https://blog.51cto.com/u_15072918/3625574#219-alertmanager_config">https://blog.51cto.com/u_15072918/3625574#219-alertmanager_config</a></li>
<li><a href="https://www.prometheus.wang/">https://www.prometheus.wang/</a></li>
</ul>
]]></content>
      <categories>
        <category>Prometheus</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>Prometheus</tag>
        <tag>Grafana</tag>
        <tag>node_exporter</tag>
      </tags>
  </entry>
  <entry>
    <title>Docker学习笔记</title>
    <url>/posts/4a3d459a/</url>
    <content><![CDATA[<h3 id="摘要：Docker在linux下的安装和基本使用，docker-compos的安装和使用，自我搭建docker仓库（官方register，企业级Harbor），容器编排rancher搭建"><a href="#摘要：Docker在linux下的安装和基本使用，docker-compos的安装和使用，自我搭建docker仓库（官方register，企业级Harbor），容器编排rancher搭建" class="headerlink" title="摘要：Docker在linux下的安装和基本使用，docker-compos的安装和使用，自我搭建docker仓库（官方register，企业级Harbor），容器编排rancher搭建"></a>摘要：Docker在linux下的安装和基本使用，docker-compos的安装和使用，自我搭建docker仓库（官方register，企业级Harbor），容器编排rancher搭建</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="Docker安装-centos7"><a href="#Docker安装-centos7" class="headerlink" title="Docker安装(centos7)"></a>Docker安装(centos7)</h1><h2 id="自动化脚本安装"><a href="#自动化脚本安装" class="headerlink" title="自动化脚本安装"></a>自动化脚本安装</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">curl -sSL https://get.daocloud.io/docker | sh</span><br></pre></td></tr></table></figure>

<h2 id="手动安装"><a href="#手动安装" class="headerlink" title="手动安装"></a>手动安装</h2><h3 id="如果先前安装过就先卸载旧版本"><a href="#如果先前安装过就先卸载旧版本" class="headerlink" title="如果先前安装过就先卸载旧版本"></a>如果先前安装过就先卸载旧版本</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum remove docker \</span><br><span class="line">                  docker-client \</span><br><span class="line">                  docker-client-latest \</span><br><span class="line">                  docker-common \</span><br><span class="line">                  docker-latest \</span><br><span class="line">                  docker-latest-logrotate \</span><br><span class="line">                  docker-logrotate \</span><br><span class="line">                  docker-engine</span><br></pre></td></tr></table></figure>

<h3 id="使用Docker仓库安装（国内阿里镜像源）"><a href="#使用Docker仓库安装（国内阿里镜像源）" class="headerlink" title="使用Docker仓库安装（国内阿里镜像源）"></a>使用Docker仓库安装（国内阿里镜像源）</h3><ol>
<li><p>安装必要的软件包</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">yum-utils 提供了 yum-config-manager ，device mapper 存储驱动程序需要 device-mapper-persistent-data 和 lvm2</span></span><br><span class="line">yum install -y yum-utils device-mapper-persistent-data lvm2</span><br></pre></td></tr></table></figure></li>
<li><p>设置仓库(阿里云)</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum-config-manager  --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span><br></pre></td></tr></table></figure></li>
<li><p>安装 Docker Engine-Community</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">安装最新版</span></span><br><span class="line">yum install -y docker-ce docker-ce-cli containerd.io</span><br></pre></td></tr></table></figure>

<ul>
<li><p>如果安装指定版本</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.先列出Docker-ce的版本</span></span><br><span class="line">yum list docker-ce  --showduplicates | sort -r</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.指定版本安装</span></span><br><span class="line">yum install docker-ce-&lt;VERSION_STRING&gt; docker-ce-cli-&lt;VERSION_STRING&gt; containerd.io</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ol>
<h3 id="Docker镜像加速"><a href="#Docker镜像加速" class="headerlink" title="Docker镜像加速"></a>Docker镜像加速</h3><ul>
<li><p>配置阿里云镜像,获取地址：<a href="https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors">https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors</a></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">通过修改daemon配置文件/etc/docker/daemon.json来使用加速器</span></span><br><span class="line"></span><br><span class="line">mkdir -p /etc/docker</span><br><span class="line"></span><br><span class="line">tee /etc/docker/daemon.json &lt;&lt;-&#x27;EOF&#x27;</span><br><span class="line">&#123;</span><br><span class="line">  &quot;registry-mirrors&quot;: [&quot;https://1z5vg1ea.mirror.aliyuncs.com&quot;]</span><br><span class="line">&#125;</span><br><span class="line">EOF</span><br><span class="line"></span><br><span class="line">systemctl daemon-reload</span><br><span class="line">systemctl restart docker</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="启动Docker"><a href="#启动Docker" class="headerlink" title="启动Docker"></a>启动Docker</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">启动 | 停止 | 状态检查</span></span><br><span class="line">systemctl start | stop | status docker</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">开机自启|关闭</span></span><br><span class="line">systemctl enable | disable docker</span><br></pre></td></tr></table></figure>

<h1 id="Docker-使用"><a href="#Docker-使用" class="headerlink" title="Docker 使用"></a>Docker 使用</h1><h2 id="容器使用"><a href="#容器使用" class="headerlink" title="容器使用"></a>容器使用</h2><ul>
<li><p>先获取一个镜像</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull centos</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="启动容器"><a href="#启动容器" class="headerlink" title="启动容器"></a>启动容器</h3><ol>
<li>交互式</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -it centos /bin/bash</span><br><span class="line"><span class="meta"># </span><span class="language-bash">-i 交互式操作</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">-t 终端打开</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">centos centos镜像</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">/bin/bash  交互式shell操作</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">如果要退出终端  直接使用<span class="built_in">exit</span></span></span><br></pre></td></tr></table></figure>

<ol start="2">
<li>后台运行</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">如果需要后台运行则可以使用 -d 命令</span></span><br><span class="line">docker run -itd --name centos-test centos /bin/bash</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">-d 后台运行</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">--name 给运行的容器定义一个名字</span></span><br></pre></td></tr></table></figure>

<ol start="3">
<li><p>查看所有的容器</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker ps -a</span><br></pre></td></tr></table></figure></li>
<li><p>在使用-d参数，容器进入后台运行后，如果想要进入容器，可以使用以下指令进入</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 使用attach</span></span><br><span class="line">docker attach &lt;container id/name&gt;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.使用<span class="built_in">exec</span></span></span><br><span class="line">docker exec -it &lt;container id/name&gt; /bin/bash</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">注：使用attach在使用<span class="built_in">exit</span>退出容器终端时，会导致容器停止，而<span class="built_in">exec</span>不会</span></span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="停止-重启-容器"><a href="#停止-重启-容器" class="headerlink" title="停止 | 重启  容器"></a>停止 | 重启  容器</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker stop | restart &lt;container id/name&gt; </span><br><span class="line"><span class="meta">#</span><span class="language-bash">或 停止所有容器</span></span><br><span class="line">docker stop $(docker ps -qa)</span><br></pre></td></tr></table></figure>

<h3 id="导入、导出容器"><a href="#导入、导出容器" class="headerlink" title="导入、导出容器"></a>导入、导出容器</h3><ul>
<li>export-import    save-load</li>
<li>区别：<ol>
<li>export命令导出的tar文件小于save导出的</li>
<li>export命令是从container中导出tar文件，而save是从images中导出，镜像导入是复制的过程，容器导入是将当前容器变成一个新的镜像</li>
<li>export导出的文件再import回去时，无法保留镜像每一层layer信息，不能进行回滚操作；而save是依据镜像来的，所以导入时可以完整保留下每一层layer信息。</li>
</ol>
</li>
<li>建议：<ol>
<li>若是只想备份images，使用save、load即可，保存镜像所有的信息包含历史</li>
<li>若是在启动容器后，容器内容有变化，需要备份，则使用export、import，只导出当前信息</li>
</ol>
</li>
</ul>
<ol>
<li><p>导出容器</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker <span class="built_in">export</span> &lt;container <span class="built_in">id</span>/name&gt; &gt; test.tar</span><br><span class="line"><span class="comment"># 会将容器快照导出到本地文件</span></span><br><span class="line"><span class="comment"># 或</span></span><br><span class="line">docker save -o 导出路径 &lt;container <span class="built_in">id</span>/name&gt;</span><br></pre></td></tr></table></figure></li>
<li><p>导入容器快照</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker import test.tar test/centos:v1 #或</span><br><span class="line">cat test.tar | docker import - test/centos:v1</span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="built_in">test</span>/centos repository名  v1 tag</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">可以通过制定URL docker import http://example.com/exampleimage.tgz example/imagerepo</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">或</span></span><br><span class="line">docker load -i &lt;container id/name&gt;</span><br><span class="line"><span class="meta">#</span><span class="language-bash">此时load后镜像名和标签都是空的 此时可以使用</span></span><br><span class="line">docker tag &lt;container id&gt;  newname：tag</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="删除容器"><a href="#删除容器" class="headerlink" title="删除容器"></a>删除容器</h3><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 删除指定容器，需要先停止容器 -f 强制</span></span><br><span class="line">docker <span class="built_in">rm</span> -f &lt;container <span class="built_in">id</span>/name&gt;</span><br><span class="line"></span><br><span class="line"><span class="comment"># 删除所有处于终止状态的容器</span></span><br><span class="line">docker container prune</span><br><span class="line"></span><br><span class="line"><span class="comment">#删除全部容器</span></span><br><span class="line">docker <span class="built_in">rm</span> $(docker ps -qa)</span><br></pre></td></tr></table></figure>

<h3 id="复制文件到容器"><a href="#复制文件到容器" class="headerlink" title="复制文件到容器"></a>复制文件到容器</h3><blockquote>
<p>将宿主机的文件复制到容器内部的指定目录</p>
</blockquote>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker <span class="built_in">cp</span> filename &lt;container <span class="built_in">id</span>/name&gt;:&lt;inner container path&gt;</span><br></pre></td></tr></table></figure>

<h3 id="数据卷"><a href="#数据卷" class="headerlink" title="数据卷"></a>数据卷</h3><blockquote>
<p>数据卷：将宿主机的一个目录映射到容器的一个目录中可以在宿主机中操作目录中的内容，那么容器内部映射的文件，也会跟着一起改变</p>
</blockquote>
<ol>
<li>创建数据卷</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker volume create 数据卷名称</span><br><span class="line"><span class="meta"># </span><span class="language-bash">创建数据卷之后，默认会存放在 /var/lib/docker/volumes/数据卷名称/_data</span></span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p>查看数据卷的信息信息</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker volume inspect 数据卷名称</span><br></pre></td></tr></table></figure></li>
<li><p>查看全部数据卷</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker volume ls</span><br></pre></td></tr></table></figure></li>
<li><p>删除数据卷</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker volume rm 数据卷名称</span><br></pre></td></tr></table></figure></li>
<li><p>应用数据卷</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">当你映射数据卷时，如果数据卷不存在。Docker会帮你自动创建，会将容器内部自带的文件，存储在默认的存放路径中。</span> </span><br><span class="line">docker run -v 数据卷名称∶容器内部的路径 镜像id</span><br><span class="line"><span class="meta"># </span><span class="language-bash">直接指定一个路径作为数据卷的存放位置。这个路径下是空的。</span> </span><br><span class="line">docker run -v 路径∶容器内部的路径 镜像id</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="使用容器启动一个web应用（端口映射）"><a href="#使用容器启动一个web应用（端口映射）" class="headerlink" title="使用容器启动一个web应用（端口映射）"></a>使用容器启动一个web应用（端口映射）</h3><ol>
<li><p>运行一个web应用</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">载入镜像</span></span><br><span class="line">docker pull training/webapp </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">后台运行</span></span><br><span class="line">docker run -d -P training/webapp python app.py</span><br><span class="line"><span class="meta"># </span><span class="language-bash">-P 将容器内部使用的网络端口随机映射到主机上</span></span><br></pre></td></tr></table></figure></li>
<li><p>查看web应用容器</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker ps -a #可以看到端口信息</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">或者使用docker port &lt;container <span class="built_in">id</span>/name&gt;</span></span><br></pre></td></tr></table></figure></li>
<li><p>使用指定主机端口</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -d -p 3000:5000 training/webapp python app.py</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">-p 参数  将内部的5000端口映射到主机的3000端口上</span></span><br></pre></td></tr></table></figure></li>
<li><p>查看web应用程序日志</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker logs -f &lt;container id/name&gt;</span><br><span class="line"><span class="meta"># </span><span class="language-bash">-f 可以像使用<span class="built_in">tail</span> -f 一样来输出容器内部的标准输出</span></span><br></pre></td></tr></table></figure></li>
<li><p>查看应用程序容器的进程</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker top &lt;container id/name&gt;</span><br></pre></td></tr></table></figure></li>
<li><p>查看Docker 容器的配置和状态信息</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker inspect &lt;container id/name&gt;</span><br><span class="line"><span class="meta"># </span><span class="language-bash">返回一个JSON文件</span></span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="docker容器自启动"><a href="#docker容器自启动" class="headerlink" title="docker容器自启动"></a>docker容器自启动</h3><h4 id="docker容器运行时自启动"><a href="#docker容器运行时自启动" class="headerlink" title="docker容器运行时自启动"></a>docker容器运行时自启动</h4><ul>
<li>建议在运行容器时就设置容器自启动，使用 run –restart=always 命令</li>
</ul>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker run --restart=always 容器名称或容器ID</span><br></pre></td></tr></table></figure>

<h4 id="docker容器运行后设置自启动"><a href="#docker容器运行后设置自启动" class="headerlink" title="docker容器运行后设置自启动"></a>docker容器运行后设置自启动</h4><ul>
<li> update –restart=always 命令</li>
</ul>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">docker update --restart=always 容器名称或容器ID</span><br></pre></td></tr></table></figure>

<h2 id="镜像使用"><a href="#镜像使用" class="headerlink" title="镜像使用"></a>镜像使用</h2><ul>
<li>当运行容器时，使用的镜像如果在本地不存在，就默认自动从Docker Hub公共镜像源下载 </li>
</ul>
<h3 id="列出镜像列表"><a href="#列出镜像列表" class="headerlink" title="列出镜像列表"></a>列出镜像列表</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker images</span><br><span class="line"><span class="meta"># </span><span class="language-bash">同一个仓库源可以有多个TAG，代表不同版本</span></span><br></pre></td></tr></table></figure>

<h3 id="获取新镜像"><a href="#获取新镜像" class="headerlink" title="获取新镜像"></a>获取新镜像</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull ubuntu:13.10</span><br></pre></td></tr></table></figure>

<h3 id="查找镜像"><a href="#查找镜像" class="headerlink" title="查找镜像"></a>查找镜像</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker search httpd</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">NAME: 镜像仓库源的名称</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">DESCRIPTION: 镜像的描述</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">OFFICIAL: 是否 docker 官方发布</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">stars: 类似 Github 里面的 star，</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">AUTOMATED: 自动构建。</span></span><br></pre></td></tr></table></figure>

<h3 id="删除镜像"><a href="#删除镜像" class="headerlink" title="删除镜像"></a>删除镜像</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker rmi container-name/ID</span><br></pre></td></tr></table></figure>

<h3 id="创建镜像"><a href="#创建镜像" class="headerlink" title="创建镜像"></a>创建镜像</h3><ul>
<li>当我们从 docker 镜像仓库中下载的镜像不能满足我们的需求时，我们可以通过以下两种方式对镜像进行更改。<ul>
<li>1、从已经创建的容器中更新镜像，并且提交这个镜像</li>
<li>2、使用 Dockerfile 指令来创建一个新的镜像</li>
</ul>
</li>
</ul>
<h4 id="从已有容器中更新镜像，并提交"><a href="#从已有容器中更新镜像，并提交" class="headerlink" title="从已有容器中更新镜像，并提交"></a>从已有容器中更新镜像，并提交</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.先创建一个容器</span></span><br><span class="line">docker run -it centos /bin/bash</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.在容器中按我们的需求更改容器,比如update</span></span><br><span class="line">yum -y update</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.使用docker commit提交</span></span><br><span class="line">docker commit -m=&quot;has update&quot; -a=&quot;runoob&quot; e218edb10161 runoob/ubuntu:v2</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-m: 提交的描述信息</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">-a: 指定镜像作者</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">e218edb10161：容器 ID</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">runoob/ubuntu:v2: 指定要创建的目标镜像名</span></span><br></pre></td></tr></table></figure>

<h4 id="使用Dockerfile构建镜像"><a href="#使用Dockerfile构建镜像" class="headerlink" title="使用Dockerfile构建镜像"></a>使用Dockerfile构建镜像</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.创建一个Dockerfile,每一个指令都会在镜像上创建一个新的层，每一个指令的前缀都必须是大写的</span></span><br><span class="line">vim Dockerfile</span><br><span class="line"></span><br><span class="line">FROM    centos:6.7</span><br><span class="line">MAINTAINER      Fisher &quot;fisher@sudops.com&quot;</span><br><span class="line"></span><br><span class="line">RUN     /bin/echo &#x27;root:123456&#x27; |chpasswd</span><br><span class="line">RUN     useradd runoob</span><br><span class="line">RUN     /bin/echo &#x27;runoob:123456&#x27; |chpasswd</span><br><span class="line">RUN     /bin/echo -e &quot;LANG=\&quot;en_US.UTF-8\&quot;&quot; &gt;/etc/default/local</span><br><span class="line">EXPOSE  22</span><br><span class="line">EXPOSE  80</span><br><span class="line">CMD     /usr/sbin/sshd -D</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.使用docker build来构建一个镜像</span></span><br><span class="line">docker build -t  runoob/centos:6.7 .</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-t ：指定要创建的目标镜像名</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">. ：Dockerfile 文件所在上下文目录，指定Dockerfile 的绝对路径，里面最好就放Dockerfile文件</span></span><br></pre></td></tr></table></figure>

<h3 id="设置镜像标签"><a href="#设置镜像标签" class="headerlink" title="设置镜像标签"></a>设置镜像标签</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker tag 860c279d2fec runoob/centos:dev</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">860c279d2fec 镜像ID</span> </span><br><span class="line"><span class="meta">#</span><span class="language-bash">runoob/centos:dev 用户名/镜像名称:tag名</span></span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="code"><pre><span class="line">curl -L &quot;https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)&quot; -o /usr/local/bin/docker-compose</span><br></pre></td></tr></table></figure>

<h2 id="容器连接"><a href="#容器连接" class="headerlink" title="容器连接"></a>容器连接</h2><h3 id="网络端口映射"><a href="#网络端口映射" class="headerlink" title="网络端口映射"></a>网络端口映射</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. -P  随机端口映射</span></span><br><span class="line">docker run -d -P training/webapp python app.py</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. -p 指定端口绑定</span></span><br><span class="line">docker run -d -p 5000:5000 training/webapp python app.py</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.指定容器绑定网络地址</span></span><br><span class="line">docker run -d -p 127.0.0.1:5001:5000 training/webapp python app.py</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 绑定UDP端口，默认都是绑定tcp端口</span></span><br><span class="line">docker run -d -p 127.0.0.1:5000:5000/udp training/webapp python app.py</span><br></pre></td></tr></table></figure>

<h3 id="容器互联"><a href="#容器互联" class="headerlink" title="容器互联"></a>容器互联</h3><ul>
<li><p>查看容器网络</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker network ls</span><br></pre></td></tr></table></figure></li>
</ul>
<ol>
<li><p>新建网络</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker network create -d bridge test-net</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">-d 参数指定Docker网络类型，有bridge overlay（overlay 网络类型用于 Swarm mode）</span></span><br></pre></td></tr></table></figure></li>
<li><p>连接容器</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 运行一个容器并连接到新建的test-net网络</span></span><br><span class="line">docker run -itd --name test1 --network test-net ubuntu /bin/bash</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 再运行一个容器加入到test-net网络</span></span><br><span class="line">docker run -itd --name test2 --network test-net ubuntu /bin/bash</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">可以使用ping来验证test1和test2是否建立了互联关系</span></span><br><span class="line"><span class="meta">$ </span><span class="language-bash">docker <span class="built_in">exec</span> -it test1 /bin/bash</span></span><br><span class="line"><span class="meta">$ </span><span class="language-bash">ping test2</span></span><br></pre></td></tr></table></figure></li>
<li><p>全局DNS配置</p>
<ul>
<li>可在宿主机的/etc/docker/daemon.json文件中增加以下内容设置全部容器的DNS：</li>
</ul>
<figure class="highlight json"><table><tr><td class="code"><pre><span class="line"><span class="punctuation">&#123;</span></span><br><span class="line">	<span class="attr">&quot;dns&quot;</span> <span class="punctuation">:</span> <span class="punctuation">[</span></span><br><span class="line">		<span class="string">&quot;114.114.114.114&quot;</span><span class="punctuation">,</span></span><br><span class="line">		<span class="string">&quot;8.8.8.8&quot;</span></span><br><span class="line">	<span class="punctuation">]</span></span><br><span class="line"><span class="punctuation">&#125;</span></span><br></pre></td></tr></table></figure>

<ul>
<li><p>需要重启docker才能生效,可以进入容器查看DNS信息</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -it --rm ubuntu cat /etc/resolve.conf</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>手动指定容器配置</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -it --rm -h host_ubuntu  --dns=114.114.114.114 --dns-search=test.com ubuntu</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--<span class="built_in">rm</span>：容器退出时自动清理容器内部的文件系统</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">-h HOSTNAME 或者 --hostname=HOSTNAME： 设定容器的主机名，它会被写到容器内的 /etc/hostname 和 /etc/hosts</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--dns=IP_ADDRESS： 添加 DNS 服务器到容器的 /etc/resolv.conf 中，让容器用这个服务器来解析所有不在 /etc/hosts 中的主机名</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--dns-search=DOMAIN： 设定容器的搜索域，当设定搜索域为 .example.com 时，在搜索一个名为 host 的主机时，DNS 不仅搜索 host，还会搜索 host.example.com。</span></span><br></pre></td></tr></table></figure></li>
</ol>
<h2 id="仓库管理"><a href="#仓库管理" class="headerlink" title="仓库管理"></a>仓库管理</h2><h3 id="注册"><a href="#注册" class="headerlink" title="注册"></a>注册</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">https://hub.docker.com </span><br></pre></td></tr></table></figure>

<h3 id="登录-退出"><a href="#登录-退出" class="headerlink" title="登录/退出"></a>登录/退出</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker login/logout</span><br></pre></td></tr></table></figure>

<h3 id="拉取-推送镜像"><a href="#拉取-推送镜像" class="headerlink" title="拉取/推送镜像"></a>拉取/推送镜像</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">搜索所需的镜像源</span></span><br><span class="line">docker search  image-name:tag</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">pull 所需的镜像源</span></span><br><span class="line">docker pull image-name:tag</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">push 镜像源到自己的hub上，先打一个tag</span></span><br><span class="line">docker tag image-name:tag  username/image-name:tag</span><br><span class="line"><span class="meta">#</span><span class="language-bash">push</span></span><br><span class="line">docker push username/image-name:tag</span><br></pre></td></tr></table></figure>

<h3 id="搭建私服-docker官方的registry-—不推荐"><a href="#搭建私服-docker官方的registry-—不推荐" class="headerlink" title="搭建私服 (docker官方的registry)—不推荐"></a>搭建私服 (docker官方的registry)—不推荐</h3><h4 id="registry"><a href="#registry" class="headerlink" title="registry"></a>registry</h4><ol>
<li>pull  registry镜像</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull registry:2</span><br><span class="line"><span class="meta">#</span><span class="language-bash">最高版本就是2</span></span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p>run registry</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker run -d \</span><br><span class="line"> -p 5000:5000 \</span><br><span class="line"> -v /usr/local/registry:/var/lib/registry \</span><br><span class="line"> --restart=always \</span><br><span class="line"> --name registry-srv \</span><br><span class="line">registry:2</span><br></pre></td></tr></table></figure></li>
<li><p>尝试pull/push</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull busybox 	</span><br><span class="line">docker tag busybox localhost:5000/busybox:v1.0</span><br><span class="line">docker push localhost:5000/busybox:v1.0</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">之后再使用busybox镜像，可以直接从本地拉取</span></span><br><span class="line">docker pull localhost:5000/busybox:v1.0</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">查看私服镜像</span></span><br><span class="line">curl http://localhost:5000/v2/_catalog</span><br></pre></td></tr></table></figure></li>
</ol>
<h4 id="基于SSL证书改造"><a href="#基于SSL证书改造" class="headerlink" title="基于SSL证书改造"></a>基于SSL证书改造</h4><ul>
<li><p>使用nginx代理</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">server &#123;</span><br><span class="line">                #监听443端口。443为知名端口号，主要用于HTTPS协议</span><br><span class="line">                listen       443 ssl;</span><br><span class="line"></span><br><span class="line">                #定义使用www.xx.com访问</span><br><span class="line">                server_name  registry.example.cn;</span><br><span class="line"></span><br><span class="line">        		keepalive_timeout 100;</span><br><span class="line"></span><br><span class="line">                #ssl证书文件位置(常见证书文件格式为：crt/pem)</span><br><span class="line">                ssl_certificate      /data/nginx/nginx/registry_keyfile/fullchain.cer;</span><br><span class="line">                #ssl证书key位置</span><br><span class="line">                ssl_certificate_key  /data/nginx/nginx/registry_keyfile/registry.example.cn.key;</span><br><span class="line"></span><br><span class="line">                ssl_session_cache    shared:SSL:10m;</span><br><span class="line">                ssl_session_timeout  30m;</span><br><span class="line">                #启用指定协议</span><br><span class="line">                ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;</span><br><span class="line"></span><br><span class="line">                ssl_protocols  TLSv1.1 TLSv1.2 TLSv1.3;</span><br><span class="line">                ssl_prefer_server_ciphers off;</span><br><span class="line"></span><br><span class="line">                add_header Strict-Transport-Security &quot;max-age=31536000&quot;;</span><br><span class="line"></span><br><span class="line">                index index.html index.htm;</span><br><span class="line">                location / &#123;</span><br><span class="line">                proxy_pass_header Server;</span><br><span class="line">			   proxy_set_header Host $http_host;</span><br><span class="line">			   proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line">			   proxy_set_header X-Scheme $scheme;</span><br><span class="line">                proxy_pass http://localhost:5000;</span><br><span class="line">                &#125;</span><br><span class="line"></span><br><span class="line">        		error_page   500 502 503 504  /50x.html;</span><br><span class="line">        		location = /50x.html &#123;</span><br><span class="line">           		root   html;</span><br><span class="line">        		&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li><p>重启registry</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">我在指定证书位置时，启动一直处于restart，直接nginx代理https也是可以的</span></span><br><span class="line">docker run -d \</span><br><span class="line">  -p 5000:5000 \</span><br><span class="line">  -v /usr/local/registry:/var/lib/registry \</span><br><span class="line"><span class="meta">  #</span><span class="language-bash">-v /usr/local/certs:/certs \</span></span><br><span class="line"><span class="language-bash">  <span class="comment">#-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \</span></span></span><br><span class="line"><span class="language-bash">  <span class="comment">#-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \</span></span></span><br><span class="line"><span class="language-bash">  --restart=always \</span></span><br><span class="line"><span class="language-bash">  --name registry \</span></span><br><span class="line"><span class="language-bash">  registry:2</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>可以直接使用</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull busybox 	</span><br><span class="line">docker tag busybox registry.example.cn/busybox:v1.0</span><br><span class="line">docker push registry.wangzw.cn/busybox:v1.0</span><br></pre></td></tr></table></figure></li>
</ul>
<h4 id="Authentication加持"><a href="#Authentication加持" class="headerlink" title="Authentication加持"></a>Authentication加持</h4><ol>
<li><p>使用httpd-tools在/usr/local/auth/passwd文件中生成用户名和密码</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">htpasswd -Bbn admin 123456 &gt; /usr/local/auth/passwd</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果没有httpd-tools，yum直接下载</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">yum install httpd-tools</span> </span><br><span class="line"><span class="meta"># </span><span class="language-bash">或者使用registry镜像内置的httpd</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">docker run --entrypoint htpasswd registry:2 -Bbn admin 123456 &gt; /usr/local/auth/passwd</span></span><br></pre></td></tr></table></figure></li>
<li><p>启动容器</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -d \</span><br><span class="line">  -p 5000:5000 \</span><br><span class="line">  --restart=always \</span><br><span class="line">  --name registry \</span><br><span class="line">  -v /root/auth:/auth \</span><br><span class="line">  -e REGISTRY_AUTH=htpasswd \</span><br><span class="line">  -e REGISTRY_AUTH_HTPASSWD_REALM=Registry_Realm \</span><br><span class="line">  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/passwd \</span><br><span class="line">  -e REGISTRY_STORAGE_DELETE_ENABLED=true \</span><br><span class="line">  -v /root/conf:/certs \</span><br><span class="line">  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/auth.cert \</span><br><span class="line">  -e REGISTRY_HTTP_TLS_KEY=/certs/auth.key \</span><br><span class="line">  registry:2</span><br></pre></td></tr></table></figure></li>
<li><p>login | logout</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker login | logout https://registry.example.vip</span><br></pre></td></tr></table></figure></li>
</ol>
<h4 id="docker-registry-web"><a href="#docker-registry-web" class="headerlink" title="docker-registry-web"></a>docker-registry-web</h4><blockquote>
<p>github地址：<a href="https://github.com/mkuchin/docker-registry-web">https://github.com/mkuchin/docker-registry-web</a></p>
<p>本教程是基于身份验证的</p>
</blockquote>
<ol>
<li><p>快速拉取</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker pull hyper/docker-registry-web</span><br></pre></td></tr></table></figure></li>
<li><p>生成私钥和证书</p>
<ul>
<li>令牌身份验证需要使用PEM格式的RSA私钥，并需要与此密钥匹配的证书。</li>
</ul>
</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="built_in">mkdir</span> conf</span><br><span class="line">openssl req -new -newkey rsa:4096 -days 365 -subj <span class="string">&quot;/CN=localhost&quot;</span> \</span><br><span class="line">        -nodes -x509 -keyout conf/auth.key -out conf/auth.cert</span><br></pre></td></tr></table></figure>

<ol start="3">
<li>创建注册表配置<code>conf/registry-srv.yml</code></li>
</ol>
<figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="attr">version:</span> <span class="number">0.1</span>    </span><br><span class="line"></span><br><span class="line"><span class="attr">storage:</span></span><br><span class="line">  <span class="attr">filesystem:</span></span><br><span class="line">    <span class="attr">rootdirectory:</span> <span class="string">/var/lib/registry</span></span><br><span class="line">  <span class="attr">delete:</span> </span><br><span class="line">    <span class="attr">enable:</span> <span class="literal">true</span></span><br><span class="line">    </span><br><span class="line"><span class="attr">http:</span></span><br><span class="line">  <span class="attr">addr:</span> <span class="number">0.0</span><span class="number">.0</span><span class="number">.0</span><span class="string">:5000</span>   </span><br><span class="line">    </span><br><span class="line"><span class="attr">auth:</span></span><br><span class="line">  <span class="attr">token:</span></span><br><span class="line">    <span class="comment"># external url to docker-web authentication endpoint</span></span><br><span class="line">    <span class="attr">realm:</span> <span class="string">http://localhost:8080/api/auth</span></span><br><span class="line">    <span class="comment"># should be same as registry.name of registry-web</span></span><br><span class="line">    <span class="attr">service:</span> <span class="string">localhost:5000</span></span><br><span class="line">    <span class="comment"># should be same as registry.auth.issuer of registry-web</span></span><br><span class="line">    <span class="attr">issuer:</span> <span class="string">&#x27;my issuer&#x27;</span></span><br><span class="line">    <span class="comment"># path to auth certificate</span></span><br><span class="line">    <span class="attr">rootcertbundle:</span> <span class="string">/etc/docker/registry/auth.cert</span></span><br></pre></td></tr></table></figure>

<ol start="4">
<li>启动docker registry</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker run -v $(<span class="built_in">pwd</span>)/conf/registry-srv.yml:/etc/docker/registry/config.yml:ro \</span><br><span class="line">            -v $(<span class="built_in">pwd</span>)/conf/auth.cert:/etc/docker/registry/auth.cert:ro -p 5000:5000  --name registry-srv -d registry:2    </span><br></pre></td></tr></table></figure>

<ol start="5">
<li>创建配置文件<code>conf/registry-web.yml</code></li>
</ol>
<figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="attr">registry:</span></span><br><span class="line">  <span class="comment"># Docker registry url</span></span><br><span class="line">  <span class="attr">url:</span> <span class="string">http://registry-srv:5000/v2</span></span><br><span class="line">  <span class="comment"># Docker registry fqdn</span></span><br><span class="line">  <span class="attr">name:</span> <span class="string">localhost:5000</span></span><br><span class="line">  <span class="comment"># To allow image delete, should be false</span></span><br><span class="line">  <span class="attr">readonly:</span> <span class="literal">false</span></span><br><span class="line">  <span class="attr">auth:</span></span><br><span class="line">    <span class="comment"># Enable authentication</span></span><br><span class="line">    <span class="attr">enabled:</span> <span class="literal">true</span></span><br><span class="line">    <span class="comment"># Token issuer</span></span><br><span class="line">    <span class="comment"># should equals to auth.token.issuer of docker registry</span></span><br><span class="line">    <span class="attr">issuer:</span> <span class="string">&#x27;my issuer&#x27;</span></span><br><span class="line">    <span class="comment"># Private key for token signing</span></span><br><span class="line">    <span class="comment"># certificate used on auth.token.rootcertbundle should signed by this key</span></span><br><span class="line">    <span class="attr">key:</span> <span class="string">/conf/auth.key</span></span><br></pre></td></tr></table></figure>

<ol start="6">
<li>启动docker-registry-web</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">docker run -d -v $(<span class="built_in">pwd</span>)/conf/registry-web.yml:/conf/config.yml:ro \</span><br><span class="line">           -v $(<span class="built_in">pwd</span>)/conf/auth.key:/conf/auth.key -v $(<span class="built_in">pwd</span>)/db:/data \</span><br><span class="line">           -p 8080:8080 --<span class="built_in">link</span> registry-srv --name registry-web hyper/docker-registry-web</span><br><span class="line"><span class="comment">#   </span></span><br><span class="line"><span class="comment"># docker run -it \</span></span><br><span class="line"><span class="comment"># -p 8080:8080 \</span></span><br><span class="line"><span class="comment"># --name registry-web \</span></span><br><span class="line"><span class="comment"># --link registry \</span></span><br><span class="line"><span class="comment"># -e REGISTRY_URL=https://registry:5000/v2 \</span></span><br><span class="line"><span class="comment"># -e REGISTRY_TRUST_ANY_SSL=true \</span></span><br><span class="line"><span class="comment"># -e REGISTRY_BASIC_AUTH=&quot;YWRtaW46MTIzNDU2&quot; \</span></span><br><span class="line"><span class="comment"># -e REGISTRY_NAME=registry \</span></span><br><span class="line"><span class="comment"># -e REGISTRY_READONLY=false \</span></span><br><span class="line"><span class="comment">#hyper/docker-registry-web</span></span><br></pre></td></tr></table></figure>

<ol start="7">
<li>Web用户界面将在<code>http://localhost:8080</code>默认管理用户/密码<code>admin/admin</code>.</li>
</ol>
<h3 id="Harbor（企业级registry-–推荐）"><a href="#Harbor（企业级registry-–推荐）" class="headerlink" title="Harbor（企业级registry –推荐）"></a>Harbor（企业级registry –推荐）</h3><blockquote>
<p>Harbor是由VMware公司开源的企业级的Docker Registry管理项目，它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。</p>
</blockquote>
<h4 id="先安装好docker、docker-compose"><a href="#先安装好docker、docker-compose" class="headerlink" title="先安装好docker、docker-compose"></a>先安装好docker、docker-compose</h4><h4 id="使用acme-sh-进行证书申请"><a href="#使用acme-sh-进行证书申请" class="headerlink" title="使用acme.sh 进行证书申请"></a>使用acme.sh 进行证书申请</h4><h4 id="harbor下载配置安装"><a href="#harbor下载配置安装" class="headerlink" title="harbor下载配置安装"></a>harbor下载配置安装</h4><blockquote>
<p>github地址:<a href="https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-online-installer-v2.1.3.tgz">https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-online-installer-v2.1.3.tgz</a></p>
<p>目前最新版2.1.3</p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">wget https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-online-installer-v2.1.3.tgz</span><br><span class="line">tar -zxvf harbor-online-installer-v2.1.3.tgz</span><br></pre></td></tr></table></figure>

<ol>
<li>配置harbor</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd harbor</span><br><span class="line"><span class="meta"># </span><span class="language-bash">默认提供了一个配置模板，复制一份</span></span><br><span class="line">cp harbor.yml.tmpl harbor.yml</span><br><span class="line">vim harbor.yml</span><br></pre></td></tr></table></figure>

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#更改以下内容，harbor自带nginx，我们只需在这里配置好映射到宿主机的端口就可以了</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#填写域名</span></span><br><span class="line"><span class="attr">hostname</span>: <span class="string">example.com</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># http related config</span></span><br><span class="line"><span class="attr">http</span>:<span class="string"></span></span><br><span class="line"><span class="comment">  # port for http, default is 80. If https enabled, this port will redirect to https port</span></span><br><span class="line">  <span class="attr">port</span>: <span class="string">8080</span></span><br><span class="line"><span class="comment"># https related config</span></span><br><span class="line"><span class="attr">https</span>:<span class="string"></span></span><br><span class="line"><span class="comment">  # https port for harbor, default is 443</span></span><br><span class="line">  <span class="attr">port</span>: <span class="string">8443</span></span><br><span class="line"><span class="comment">  # The path of cert and key files for nginx</span></span><br><span class="line">  <span class="attr">certificate</span>: <span class="string">/data/nginx/nginx/registry_keyfile/fullchain.cer</span></span><br><span class="line">  <span class="attr">private_key</span>: <span class="string">/data/nginx/nginx/registry_keyfile/example.key</span></span><br></pre></td></tr></table></figure>

<ol start="2">
<li>使用脚本开始构建容器</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">./install.sh </span><br></pre></td></tr></table></figure>

<ol start="3">
<li>直接web管理台登录</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">https://example.com:8443</span><br><span class="line"><span class="meta">#</span><span class="language-bash">账户：admin</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">密码默认是：Harbor12345</span></span><br></pre></td></tr></table></figure>

<h2 id="Dockerfile"><a href="#Dockerfile" class="headerlink" title="Dockerfile"></a>Dockerfile</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 创建一个Dockerfile文件，并且指定自定义镜像信息。</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">Dockerfile文件中常用的内容</span> </span><br><span class="line">from∶ 指定当前自定义镜像依赖的环境</span><br><span class="line">copy∶ 将相对路径下的内容复制到自定义镜像中</span><br><span class="line">workdir∶ 声明镜像的默认工作目录</span><br><span class="line">cmd∶需要执行的命令（在workdir下执行的，cmd可以写多的，只以最后一个为准）</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">举个例子，自定义一个tomcat镜像，并且将ssmmanager.war部署到tomcat中</span> </span><br><span class="line">from daocloud.io/library/tomcat:8.5.15-jre8 </span><br><span class="line">copy ssmmanager.war /usr/local/tomcat/webapps</span><br><span class="line"></span><br><span class="line">docker build -t tomcat-ssm:v1 .</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011659639.png" alt="img"></p>
<h1 id="Docker-Compose"><a href="#Docker-Compose" class="headerlink" title="Docker Compose"></a>Docker Compose</h1><blockquote>
<p>之前运行一个镜像，需要添加大量的参数。可以通过Docker-Compose编写这些参数。Docker-Compose可以帮助我们批量的管理容器。只需要通过一个docker-compose.yml文件去维护即可。</p>
</blockquote>
<h2 id="下载并安装Docker-Compose"><a href="#下载并安装Docker-Compose" class="headerlink" title="下载并安装Docker-Compose"></a>下载并安装Docker-Compose</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 可以直接到github上下载然后上传（版本可替换）</span></span><br><span class="line">https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 下载后的为一个二进制文件,需要重命名并赋权</span></span><br><span class="line">mv docker-compose-Linux-x86_64 docker-compose</span><br><span class="line">chmod 777 docker-compose</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.为方便操作，将此可执行文件移动到/usr/local/bin 并创建软连接到/usr/bin下</span></span><br><span class="line">mv docker-compose /usr/local/bin</span><br><span class="line">ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.查看安装是否成功</span></span><br><span class="line">docker-compose -v</span><br></pre></td></tr></table></figure>

<h2 id="Docker-Compose-管理mysql和tomcat容器"><a href="#Docker-Compose-管理mysql和tomcat容器" class="headerlink" title="Docker-Compose 管理mysql和tomcat容器"></a>Docker-Compose 管理mysql和tomcat容器</h2><blockquote>
<p>yml文件以key∶ value方式来指定配置信息，多个配置信息以换行+缩进的方式来区分，在docker-compose.yml文件中，不要使用制表符</p>
</blockquote>
<figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="attr">version:</span> <span class="string">&#x27;3.1&#x27;</span>   <span class="comment"># 指定本yml依从的compose哪个版本定制的</span></span><br><span class="line"><span class="attr">services:</span></span><br><span class="line">  <span class="attr">mysql:</span>                     <span class="comment">#服务的名称</span></span><br><span class="line">    <span class="attr">restart:</span> <span class="string">always</span>          <span class="comment"># 只要Docker启动，那么这个容器就一起启动</span></span><br><span class="line">    <span class="attr">image:</span> <span class="string">daocloud.io/library/mysql:5.7.4</span>  <span class="comment">#指定镜像路径</span></span><br><span class="line">    <span class="attr">container_name:</span> <span class="string">mysql</span> <span class="comment">#指定容器名称</span></span><br><span class="line">    <span class="attr">ports:</span></span><br><span class="line">      <span class="bullet">-</span> <span class="number">3306</span><span class="string">:3306</span>  <span class="comment">#指定端口号映射</span></span><br><span class="line">    <span class="attr">environment:</span></span><br><span class="line">      <span class="attr">MYSQL_ROOT_PASSWORD:</span> <span class="string">root</span> <span class="comment">#指定mysql的root用户密码</span></span><br><span class="line">      <span class="attr">TZ:</span> <span class="string">Asia/Shanghai</span>         <span class="comment">#指定时区</span></span><br><span class="line">    <span class="attr">volumes:</span></span><br><span class="line">      <span class="bullet">-</span> <span class="string">/opt/docker_mysql-tomcat/mysql_data:/var/lib/mysql</span> <span class="comment">#映射数据卷</span></span><br><span class="line">  <span class="attr">tomcat:</span></span><br><span class="line">    <span class="attr">restart:</span> <span class="string">always</span></span><br><span class="line">    <span class="attr">image:</span> <span class="string">daocloud.io/library/tomcat:8.5.15-jre8</span></span><br><span class="line">    <span class="attr">container_name:</span> <span class="string">tomcat</span></span><br><span class="line">    <span class="attr">ports:</span></span><br><span class="line">      <span class="bullet">-</span> <span class="number">8080</span><span class="string">:8080</span></span><br><span class="line">    <span class="attr">environment:</span></span><br><span class="line">      <span class="attr">MYSQL_ROOT_PASSWORD:</span> <span class="string">root</span></span><br><span class="line">      <span class="attr">TZ:</span> <span class="string">Asia/Shanghai</span></span><br><span class="line">    <span class="attr">volumes:</span></span><br><span class="line">      <span class="bullet">-</span> <span class="string">/opt/docker_mysql_tomcat/tomcat_webapps:/usr/local/tomcat/webapps</span></span><br><span class="line">      <span class="bullet">-</span> <span class="string">/opt/docker_mysql_tomcat/tomcat_logs:/usr/local/tomcat/logs</span></span><br></pre></td></tr></table></figure>

<h2 id="使用Docker-compose命令管理容器"><a href="#使用Docker-compose命令管理容器" class="headerlink" title="使用Docker-compose命令管理容器"></a>使用Docker-compose命令管理容器</h2><blockquote>
<p>在使用docker-compose的命令时，默认会在当前目录下找docker-composeyml文件</p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 基于docker-compose.yml 启动管理的容器</span></span><br><span class="line">docker-compose up -d</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.关闭并删除容器</span></span><br><span class="line">docker-compose down</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.开启 | 关闭 | 重启 已存在的有docker-compose维护的容器</span></span><br><span class="line">docker-compose start | stop | restart</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.查看docker-compose管理的容器</span></span><br><span class="line">docker-compose ps</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5.查看日志</span></span><br><span class="line">docker-compose logs -f</span><br></pre></td></tr></table></figure>

<h2 id="docker-compose配合Dockerfile使用"><a href="#docker-compose配合Dockerfile使用" class="headerlink" title="docker-compose配合Dockerfile使用"></a>docker-compose配合Dockerfile使用</h2><blockquote>
<p> 使用docker-compose.yml文件以及Dockerfile文件在生成自定义镜像的同时启动当前镜像，并且由docker-compose去管理容器</p>
</blockquote>
<figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="comment">#docker-compose.yml</span></span><br><span class="line"><span class="attr">version:</span> <span class="string">&#x27;3.1&#x27;</span></span><br><span class="line"><span class="attr">services:</span></span><br><span class="line">  <span class="attr">ssm:</span></span><br><span class="line">    <span class="attr">restart:</span> <span class="string">always</span></span><br><span class="line">    <span class="attr">build:</span>                    <span class="comment">#构建自定义镜像</span></span><br><span class="line">      <span class="attr">context:</span> <span class="string">../</span>            <span class="comment">#指定Dockerfile文件所在路径</span></span><br><span class="line">      <span class="attr">dockerfile:</span> <span class="string">Dockerfile</span>  <span class="comment">#指定Dockerfile文件名称</span></span><br><span class="line">    <span class="attr">image:</span> <span class="string">ssm:1.0.1</span>          <span class="comment">#指定通过Dockerfile构建出来的镜像名称</span></span><br><span class="line">    <span class="attr">container_name:</span> <span class="string">ssm</span>       <span class="comment">#指定启动容器的名称 </span></span><br><span class="line">    <span class="attr">ports:</span></span><br><span class="line">      <span class="bullet">-</span> <span class="number">8081</span><span class="string">:8080</span></span><br><span class="line">    <span class="attr">environment:</span></span><br><span class="line">      <span class="attr">TZ:</span> <span class="string">Asia/Shanghai</span></span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">Dockerfile</span></span><br><span class="line">from daocloud.io/library/tomcat:8.5.15-jre8</span><br><span class="line">copy ssmmanager.war /usr/local/tomcat/webapps</span><br></pre></td></tr></table></figure>

<blockquote>
<p>测试</p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker-compose up -d</span><br><span class="line"><span class="meta"># </span><span class="language-bash">启动后会提示以下内容</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">WARNING: Image <span class="keyword">for</span> service ssm was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果自定义镜像不存在，会帮助构建出自定义镜像，如果自定义镜像已存在，会直接运行此镜像</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如需重新构建自定义镜像</span></span><br><span class="line">docker-compose build</span><br><span class="line"><span class="meta">#</span><span class="language-bash">运行并重新构建</span></span><br><span class="line">docker-compose up -d --build</span><br></pre></td></tr></table></figure>

<h1 id="可视化管理容器"><a href="#可视化管理容器" class="headerlink" title="可视化管理容器"></a>可视化管理容器</h1><h2 id="rancher"><a href="#rancher" class="headerlink" title="rancher"></a>rancher</h2><blockquote>
<p> 使用Rancher可视化管理容器</p>
<p> 中文文档：<a href="https://docs.rancher.cn/rancher1/">https://docs.rancher.cn/rancher1/</a></p>
</blockquote>
<ol>
<li><p>拉取部署容器</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">docker run -d --restart=unless-stopped -p 8002:8080 rancher/server</span><br></pre></td></tr></table></figure></li>
<li><p>这里我们启用SSL</p>
<blockquote>
<p>这里可以用docker启动一个nginx容器做代理，如果宿主机已经有了nginx，则直接添加规则即可</p>
</blockquote>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">map</span> <span class="string">$http_upgrade $connection_upgrade &#123;</span></span><br><span class="line">    <span class="attr">default</span> <span class="string">Upgrade;</span></span><br><span class="line">    <span class="attr">&#x27;&#x27;</span>      <span class="string">close;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">    <span class="attr">listen</span> <span class="string">8682 ssl ;</span></span><br><span class="line">    <span class="attr">server_name</span> <span class="string">example.cn;</span></span><br><span class="line">    <span class="attr">ssl_certificate</span> <span class="string">/data/nginx/nginx/keyfile/fullchain.cer;</span></span><br><span class="line">    <span class="attr">ssl_certificate_key</span> <span class="string">/data/nginx/nginx/keyfile/vip.wangzw.cn.key;</span></span><br><span class="line"></span><br><span class="line">    <span class="attr">location</span> <span class="string">/ &#123;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">Host $host;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">X-Forwarded-Proto $scheme;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">X-Forwarded-Port $server_port;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">X-Forwarded-For $proxy_add_x_forwarded_for;</span></span><br><span class="line">        <span class="attr">proxy_pass</span> <span class="string">http://localhost:8002;</span></span><br><span class="line">        <span class="attr">proxy_http_version</span> <span class="string">1.1;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">Upgrade $http_upgrade;</span></span><br><span class="line">        <span class="attr">proxy_set_header</span> <span class="string">Connection $connection_upgrade;</span></span><br><span class="line">        </span><br><span class="line">        <span class="attr">proxy_read_timeout</span> <span class="string">900s;</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">    <span class="attr">listen</span> <span class="string">80;</span></span><br><span class="line">    <span class="attr">server_name</span> <span class="string">&lt;server&gt;;</span></span><br><span class="line">    <span class="attr">return</span> <span class="string">301 https://$server_name$request_uri;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<ul>
<li><p>记得检查配置，并reload nginx</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">nginx -t</span><br><span class="line"></span><br><span class="line">systemctl reload nginx</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>配置好nginx后，可直接web登录</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">http://example.cn:port</span><br></pre></td></tr></table></figure></li>
<li><p>此时会提示添加主机，选择自定义</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011659582.png" alt="image-20210126154927486"></p>
</li>
<li><p>根据提示，在主机中运行脚本</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sudo docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.11 https://example.cn:8684/v1/scripts/BCD3D38F5335851D33AC:1609372800000:kMOyuoBBiBNc2KD731u1lJY5wXw</span><br></pre></td></tr></table></figure></li>
<li><p>等待一会即可看到主机已经添加成功</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011700455.png" alt="image-20210126155200898" style="zoom:67%;" /></li>
</ol>
]]></content>
      <categories>
        <category>docker</category>
      </categories>
      <tags>
        <tag>docker</tag>
        <tag>Harbor</tag>
        <tag>register</tag>
        <tag>rancher</tag>
        <tag>linux</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之Alertmanager</title>
    <url>/posts/be093ac/</url>
    <content><![CDATA[<p>摘要：Prometheus之Alertmanager安装配置</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="Alertmanager"><a href="#Alertmanager" class="headerlink" title="Alertmanager"></a>Alertmanager</h1><ul>
<li>Alertmanager 处理由 Prometheus 服务器等客户端应用程序发送的警报。 它负责对它们进行重复数据删除、分组并将它们路由到正确的接收器集成，例如电子邮件、PagerDuty 或 OpsGenie。 它还负责警报的<code>silencing</code> 和<code>inhibition</code>.</li>
</ul>
<h1 id="二进制方式下载安装alertmanager"><a href="#二进制方式下载安装alertmanager" class="headerlink" title="二进制方式下载安装alertmanager"></a>二进制方式下载安装alertmanager</h1><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载解压</span></span><br><span class="line">wget https://github.com/prometheus/alertmanager/releases/download/v0.24.0/alertmanager-0.24.0.linux-amd64.tar.gz</span><br><span class="line">tar -zxvf alertmanager-0.24.0.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 配置web ui用户验证</span></span><br><span class="line">htpasswd -nBC 10 &quot;&quot; | tr -d &#x27;:\n&#x27;   # 回车后输入密码</span><br><span class="line"><span class="meta">$</span><span class="language-bash">2y$10<span class="variable">$SpFQBSWkvNboPXm</span>/YaxwZOUo1WDi86QGSpf1ZfXJHyZmrK9RVWXX6</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.安装目录下编辑web-config.yml文件</span></span><br><span class="line">basic_auth_users:</span><br><span class="line"><span class="meta">  # </span><span class="language-bash">用户名: 密码-上面加密生产的字符串</span> </span><br><span class="line">  mynode: $2y$10$SpFQBSWkvNboPXm/YaxwZOUo1WDi86QGSpf1ZfXJHyZmrK9RVWXX6</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 配置系统管理 vim /usr/lib/systemd/system/alertmanager.service</span></span><br><span class="line">[Unit]</span><br><span class="line">Description=alertmanager</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">User=root</span><br><span class="line">ExecStart=/data/app/prometheus/alertmanager-0.24.0.linux-amd64/alertmanager  \</span><br><span class="line">  --web.listen-address=:8908 \</span><br><span class="line">  --config.file=/data/app/prometheus/alertmanager-0.24.0.linux-amd64/alertmanager.yml  \</span><br><span class="line">  --web.config.file=/data/app/prometheus/alertmanager-0.24.0.linux-amd64/web-config.yml \</span><br><span class="line">  --cluster.listen-address=  # 这里是关闭了集群模式</span><br><span class="line">ExecReload=/bin/kill -HUP $MAINPID  #reload不好用</span><br><span class="line">ExecStop=/bin/kill -KILL $MAINPID</span><br><span class="line">Type=simple</span><br><span class="line">KillMode=control-group</span><br><span class="line">Restart=on-failure</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5.启动并设置自动启动</span></span><br><span class="line">systemctl start alertmanager &amp;&amp; systemctl enable alertmanager</span><br></pre></td></tr></table></figure>

<h1 id="配置钉钉机器人通知"><a href="#配置钉钉机器人通知" class="headerlink" title="配置钉钉机器人通知"></a>配置钉钉机器人通知</h1><h2 id="下载安装prometheus-webhook-dingtalk"><a href="#下载安装prometheus-webhook-dingtalk" class="headerlink" title="下载安装prometheus-webhook-dingtalk"></a>下载安装prometheus-webhook-dingtalk</h2><ul>
<li><a href="https://github.com/timonwong/prometheus-webhook-dingtalk">https://github.com/timonwong/prometheus-webhook-dingtalk</a></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载解压</span></span><br><span class="line">wget https://github.com/timonwong/prometheus-webhook-dingtalk/releases/download/v2.1.0/prometheus-webhook-dingtalk-2.1.0.linux-amd64.tar.gz</span><br><span class="line">tar -zxvf prometheus-webhook-dingtalk-2.1.0.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 配置webhook，将安装目录的config.template.yml 复制或重命名为config.yml</span></span><br><span class="line">targets:</span><br><span class="line">  webhook1: #钉钉需要的webhook和secret怎么获取这里就不写了</span><br><span class="line">    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx</span><br><span class="line">    # secret for signature</span><br><span class="line">    secret: SEC000000000000000000000</span><br><span class="line">  webhook2:</span><br><span class="line">    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx</span><br><span class="line">  webhook_legacy:</span><br><span class="line">    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx</span><br><span class="line">    # Customize template content</span><br><span class="line">    message:</span><br><span class="line">      # Use legacy template</span><br><span class="line">      title: &#x27;&#123;&#123; template &quot;legacy.title&quot; . &#125;&#125;&#x27;</span><br><span class="line">      text: &#x27;&#123;&#123; template &quot;legacy.content&quot; . &#125;&#125;&#x27;</span><br><span class="line">  webhook_mention_all:</span><br><span class="line">    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx</span><br><span class="line">    mention:</span><br><span class="line">      all: true</span><br><span class="line">  webhook_mention_users:</span><br><span class="line">    url: https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxxxxxx</span><br><span class="line">    mention:</span><br><span class="line">      mobiles: [&#x27;156xxxx8827&#x27;, &#x27;189xxxx8325&#x27;]</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.配置系统管理  vim /usr/lib/systemd/system/prometheus-webhook-dingtalk.service</span></span><br><span class="line">[Unit]</span><br><span class="line">Description=prometheus-webhook-dingtalk</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">User=prometheus</span><br><span class="line">Group=prometheus</span><br><span class="line">ExecStart=/data/app/prometheus/prometheus-webhook-dingtalk-2.0.0.linux-amd64/prometheus-webhook-dingtalk \</span><br><span class="line">  --config.file=/data/app/prometheus/prometheus-webhook-dingtalk-2.0.0.linux-amd64/config.yml \</span><br><span class="line">  --web.listen-address=:8909 \</span><br><span class="line">  --web.enable-lifecycle \</span><br><span class="line">  --log.level=info \</span><br><span class="line">  --log.format=logfmt</span><br><span class="line">ExecReload=/bin/kill -HUP $MAINPID</span><br><span class="line">ExecStop=/bin/kill -KILL $MAINPID</span><br><span class="line">Type=simple</span><br><span class="line">KillMode=control-group</span><br><span class="line">Restart=always</span><br><span class="line">RestartSec=15s</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5.启动并设置自动启动</span></span><br><span class="line">systemctl start prometheus-webhook-dingtalk &amp;&amp; systemctl enable prometheus-webhook-dingtalk</span><br></pre></td></tr></table></figure>

<h2 id="配置alertmanager-yml"><a href="#配置alertmanager-yml" class="headerlink" title="配置alertmanager.yml"></a>配置alertmanager.yml</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 配置alertmanager，增加web.hook配置</span></span><br><span class="line">global:</span><br><span class="line">  resolve_timeout: 5m</span><br><span class="line">route:</span><br><span class="line">  group_by: [&#x27;alertname&#x27;]</span><br><span class="line">  group_wait: 5s</span><br><span class="line">  group_interval: 5s</span><br><span class="line">  repeat_interval: 5m</span><br><span class="line">  receiver: &#x27;web.hook&#x27;</span><br><span class="line">receivers:</span><br><span class="line">- name: &#x27;web.hook&#x27;</span><br><span class="line">  webhook_configs:</span><br><span class="line">  - url: &#x27;http://localhost:8060/dingtalk/webhook1/send&#x27; #这里就比较坑了 一定要加后缀路由</span><br><span class="line">    send_resolved: true</span><br><span class="line">inhibit_rules:</span><br><span class="line">  - source_match:</span><br><span class="line">      severity: &#x27;critical&#x27;</span><br><span class="line">    target_match:</span><br><span class="line">      severity: &#x27;warning&#x27;</span><br><span class="line">    equal: [&#x27;alertname&#x27;, &#x27;dev&#x27;, &#x27;instance&#x27;]</span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 配置后重启alertmanager</span></span><br><span class="line">systemctl restart alertmanager</span><br></pre></td></tr></table></figure>

<h2 id="配置prometheus-yml"><a href="#配置prometheus-yml" class="headerlink" title="配置prometheus.yml"></a>配置prometheus.yml</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">在prometheus中配置告警规则</span></span><br><span class="line">alerting:</span><br><span class="line">  alertmanagers:</span><br><span class="line">    - scheme: http</span><br><span class="line">      basic_auth:</span><br><span class="line">        username: xxx</span><br><span class="line">        password: &#x27;#&#123;Singlee8848.&#125;#&#x27;</span><br><span class="line">    static_configs:</span><br><span class="line">      - targets:</span><br><span class="line">        - &#x27;127.0.0.1:8908&#x27;</span><br><span class="line">        </span><br><span class="line">rule_files:</span><br><span class="line">  - &quot;job/first_rules.yml&quot;</span><br></pre></td></tr></table></figure>

<h1 id="通知测试"><a href="#通知测试" class="headerlink" title="通知测试"></a>通知测试</h1><h3 id="CPU测试"><a href="#CPU测试" class="headerlink" title="CPU测试"></a><strong>CPU测试</strong></h3><p>说明：下载stress软件，如果你Linux系统总的CPU线程有1个，那么设置测试的CPU一定要超过这个值。一般设置为2-3倍。</p>
<p>命令： stress –cpu 3 –timeout 6000</p>
<h3 id="内存测试"><a href="#内存测试" class="headerlink" title="内存测试"></a>内存测试</h3><p>说明：下载memtester软件，根据你实际的内存量设置合适的内存测试值，如你的主机有10G，那么按照设置告警的规则为90才告警，你可以设置测试内存为9.5G。测试单位有B K M G自选。</p>
<p>命令：memtester 900M</p>
<h3 id="磁盘测试"><a href="#磁盘测试" class="headerlink" title="磁盘测试"></a>磁盘测试</h3><p>说明：实验新挂一张小盘，使用dd命令创建一个大文件，文件一定要占用新盘的95%以上的存储空间。</p>
<p>命令：dd if=/dev/zero of=/tester/test11 bs=1024K count=1900</p>
<h3 id="主机up-down测试"><a href="#主机up-down测试" class="headerlink" title="主机up/down测试"></a>主机up/down测试</h3><p>说明：直接对一个监控节点进行关机操作，但是有一个问题prometheus监控是通过客户端的9100端口监控数据，一旦9100端口不通也会触发节点down告警。</p>
<p>命令：halt -p</p>
<ul>
<li>参考连接</li>
<li><a href="https://www.modb.pro/db/45956">https://www.modb.pro/db/45956</a></li>
<li><a href="https://blog.51cto.com/mageedu/2568334">https://blog.51cto.com/mageedu/2568334</a></li>
<li><a href="https://blog.51cto.com/u_15111052/3101859">https://blog.51cto.com/u_15111052/3101859</a></li>
</ul>
]]></content>
      <categories>
        <category>Prometheus</category>
      </categories>
      <tags>
        <tag>Prometheus</tag>
        <tag>Alertmanager</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之pushgateway</title>
    <url>/posts/9ec87397/</url>
    <content><![CDATA[]]></content>
  </entry>
  <entry>
    <title>Prometheus之nginx-exporter</title>
    <url>/posts/390e0286/</url>
    <content><![CDATA[<p>摘要：Prometheus之nginx-vts-exporter安装配置</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="为nginx添加nginx-module-vts模块"><a href="#为nginx添加nginx-module-vts模块" class="headerlink" title="为nginx添加nginx-module-vts模块"></a>为nginx添加nginx-module-vts模块</h1><ul>
<li><a href="https://github.com/vozlt/nginx-module-vts">官方地址</a></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载nginx-module-vts，需要增加此模块到nginx中</span></span><br><span class="line">wget https://github.com/hnlq715/nginx-vts-exporter/releases/download/v0.10.3/nginx-vts-exporter-0.10.3.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 解压模块 并重新编译nginx</span></span><br><span class="line">tar -zxvf nginx-vts-exporter-0.10.3.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"># </span><span class="language-bash">先获取nginx之前的安装模块命令  nginx -V  然后后面增加--add-module=/data/nginx/nginx-module-vts-0.1.18，在nginx源码包中执行</span></span><br><span class="line">./configure \</span><br><span class="line">…… \</span><br><span class="line">--add-module=/data/nginx/nginx-module-vts-0.1.18 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">编译</span></span><br><span class="line">make</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. 备份原来nginx的可执行文件，替换新的nginx可执行文件</span></span><br><span class="line">cp /data/nginx/nginx/sbin/nginx /data/nginx/nginx/sbin/nginx.bak</span><br><span class="line">mv /data/nginx/nginx-1.18.0/objs/nginx /data/nginx/nginx/sbin/</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. nginx -V 检查模块是否增加好，reload nginx</span></span><br><span class="line">nginx -s reload</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5. 配置nginx配置文件</span> </span><br><span class="line">http &#123;</span><br><span class="line">    vhost_traffic_status_zone;</span><br><span class="line"></span><br><span class="line">    ...</span><br><span class="line"></span><br><span class="line">    server &#123;</span><br><span class="line"></span><br><span class="line">        ...</span><br><span class="line"></span><br><span class="line">        location /status &#123;</span><br><span class="line">            vhost_traffic_status_display;</span><br><span class="line">            vhost_traffic_status_display_format html;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">6. reload nginx 并访问web</span></span><br><span class="line">nginx -s reload</span><br><span class="line">http://ip:port</span><br></pre></td></tr></table></figure>

<h1 id="安装部署nginx-vts-exporter"><a href="#安装部署nginx-vts-exporter" class="headerlink" title="安装部署nginx-vts-exporter"></a>安装部署nginx-vts-exporter</h1><ul>
<li><a href="https://github.com/hnlq715/nginx-vts-exporter">官方地址</a></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载二进制包并解压</span></span><br><span class="line">wget https://github.com/hnlq715/nginx-vts-exporter/releases/download/v0.10.3/nginx-vts-exporter-0.10.3.linux-amd64.tar.gz</span><br><span class="line">tar -zxvf nginx-vts-exporter-0.10.3.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 配置系统启动</span></span><br><span class="line">vim /usr/lib/systemd/system/nginx_exporter.service</span><br><span class="line"></span><br><span class="line">[Unit]</span><br><span class="line">Description=nginx_exporter</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">ExecStart=/data/wangzw/prometheus/nginx-vts-exporter-0.10.3.linux-amd64/nginx-vts-exporter \</span><br><span class="line">  -nginx.scrape_uri http://localhost/status/format/json \</span><br><span class="line">  -telemetry.address=:18010</span><br><span class="line"></span><br><span class="line">ExecStop=/bin/kill -KILL $MAINPID</span><br><span class="line">Type=simple</span><br><span class="line">KillMode=control-group</span><br><span class="line">Restart=always</span><br><span class="line">RestartSec=15s</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.启动并配置自动启动</span></span><br><span class="line">systemctl start nginx_exporter &amp;&amp; systemctl enable nginx_exporter</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.基于nginx的auth_basic给nginx-vts-exporte的web增加身份验证</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">使用以下命令生成秘钥文件</span></span><br><span class="line">htpasswd -bc /data/nginx/nginx/conf/conf.d/auth_passwd username password</span><br><span class="line"><span class="meta"># </span><span class="language-bash">配置一个nginx规则</span> </span><br><span class="line">server &#123;</span><br><span class="line"></span><br><span class="line">        listen 8010;</span><br><span class="line">        server_name _;</span><br><span class="line"></span><br><span class="line">        location / &#123;</span><br><span class="line">        auth_basic &quot;authentication&quot;;</span><br><span class="line">        auth_basic_user_file /data/nginx/nginx/conf/conf.d/auth_passwd;</span><br><span class="line">        proxy_pass http://localhost:18010;</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"><span class="meta"># </span><span class="language-bash">检查并reload</span></span><br><span class="line">nginx -t</span><br><span class="line">nginx -s reload</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5.配置prometheus.yml</span></span><br><span class="line">- job_name: &#x27;nginx_exporter&#x27;</span><br><span class="line">  basic_auth:   #这里加了身份认证，是基于nginx的auth_basic</span><br><span class="line">    username: xxx</span><br><span class="line">    password: xxx</span><br><span class="line">  static_configs:</span><br><span class="line">  - targets: [&#x27;ip:port&#x27;]</span><br><span class="line">  relabel_configs:</span><br><span class="line">   - source_labels: [__address__]</span><br><span class="line">     regex: &#x27;.*&#x27;</span><br><span class="line">     target_label: instance</span><br><span class="line">     replacement: &#x27;ip:port&#x27;</span><br><span class="line">    </span><br><span class="line"><span class="meta"># </span><span class="language-bash">5. 配置grafana模板，这里使用官方推荐2949</span></span><br></pre></td></tr></table></figure>
]]></content>
      <categories>
        <category>prometheus</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>prometheus</tag>
        <tag>nginx-vts-exporter</tag>
      </tags>
  </entry>
  <entry>
    <title>Oracle11g数据库安装指南(centos)</title>
    <url>/posts/4569b114/</url>
    <content><![CDATA[<h3 id="摘要：oracle11g-在centos下的安装方法，三种方式（图形化，静默安装，远程图形化安装）"><a href="#摘要：oracle11g-在centos下的安装方法，三种方式（图形化，静默安装，远程图形化安装）" class="headerlink" title="摘要：oracle11g 在centos下的安装方法，三种方式（图形化，静默安装，远程图形化安装）"></a>摘要：oracle11g 在centos下的安装方法，三种方式（图形化，静默安装，远程图形化安装）</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h2 id="1-Oracle11g数据库预安装任务"><a href="#1-Oracle11g数据库预安装任务" class="headerlink" title="1.Oracle11g数据库预安装任务"></a>1.Oracle11g数据库预安装任务</h2><figure class="highlight txt"><table><tr><td class="code"><pre><span class="line">本文档参考oracle官网教程:</span><br><span class="line">https://docs.oracle.com/cd/E11882_01/install.112/e47689/pre_install.htm#LADBI1085</span><br></pre></td></tr></table></figure>

<h3 id="1-1硬件要求"><a href="#1-1硬件要求" class="headerlink" title="1.1硬件要求"></a>1.1硬件要求</h3><ul>
<li>本文档使用centOS7（4GBRAM+30GB硬盘+50G硬盘）64位操作系统</li>
</ul>
<figure class="highlight txt"><table><tr><td class="code"><pre><span class="line">镜像下载地址：</span><br><span class="line">http://mirrors.aliyun.com/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-2003.iso</span><br></pre></td></tr></table></figure>

<h4 id="1-1-1内存要求"><a href="#1-1-1内存要求" class="headerlink" title="1.1.1内存要求"></a>1.1.1内存要求</h4><ul>
<li><p>​    最小：1GB RAM</p>
</li>
<li><p>​    推荐：2GB RAM或者更多</p>
</li>
<li><p>​    硬盘：20G（企业版安装所需4.29G和1.7G数据文件） </p>
</li>
<li><p>确定RAM大小，请输入：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cat /proc/meminfo</span><br></pre></td></tr></table></figure></li>
</ul>
<h4 id="1-1-2设置交换分区SWAP"><a href="#1-1-2设置交换分区SWAP" class="headerlink" title="1.1.2设置交换分区SWAP"></a>1.1.2设置交换分区SWAP</h4><ul>
<li><p>下表描述了已安装的RAM与配置的交换空间SWAP建议之间的关系： </p>
<table>
<thead>
<tr>
<th>内存</th>
<th>交换空间</th>
</tr>
</thead>
<tbody><tr>
<td>在1GB和2GB之间</td>
<td>RAM大小的1.5倍</td>
</tr>
<tr>
<td>2GB至16GB之间</td>
<td>与RAM大小相等</td>
</tr>
<tr>
<td>超过16GB</td>
<td>16GB</td>
</tr>
</tbody></table>
</li>
<li><p>目前云服务器（如阿里云）没有开启swap交换分区，可通过<code>free -m</code>查看是否设置交换分区，安装oracle比较占用内存，如果物理内存不够则可能会安装失败，此时可以设置交换分区。 </p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">1.#创建一个文件用于swap分区，下面命令可以创建一个4G的文件，时间会稍长，耐心等待一下</span><br><span class="line">	dd if=/dev/zero of=/var/swap bs=1M count=16384</span><br><span class="line">2.#将文件设置为swap分区</span><br><span class="line">	mkswap /var/swap</span><br><span class="line">3.#启用swap分区</span><br><span class="line">	swapon /var/swap</span><br><span class="line">4.#添加到指令到fstab文件中这样系统引导时会自动启动</span><br><span class="line">	echo &quot;/var/swap/swap swap swap defaults    0  0&quot; &gt;&gt; /etc/fstab</span><br><span class="line">5.#查看是否生效可用</span><br><span class="line">	free -m</span><br></pre></td></tr></table></figure></li>
</ul>
<h4 id="1-1-3-磁盘挂载"><a href="#1-1-3-磁盘挂载" class="headerlink" title="1.1.3 磁盘挂载"></a>1.1.3 磁盘挂载</h4><ul>
<li><p><strong>如果服务器新加硬盘，我们需要对此数据卷进行挂载 （此教程需要将oracle安装在此硬盘中）</strong></p>
<ol>
<li><p>使用以下命令查看未挂载的硬盘</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">fdisk -l</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011719151.png"></p>
</li>
<li><p>使用以下命令进行磁盘分区,此处只分了一个区</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">fdisk /dev/sdb</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">确认命令：m——&gt; n ——&gt;p ——&gt;回车 ——&gt;回车 ——&gt;回车 ——&gt;w</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">n:添加一个分区</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">P:主分区</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">回车:只有一个分区</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">回车：开始扇区大小</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">回车：结束扇区大小</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">w:写入磁盘</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">项目中该硬盘主要用于软件安装和存储数据用，所以全部用来做主分区。</span></span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011702693.png"></p>
</li>
<li><p>格式化磁盘并写入文件系统</p>
<ul>
<li>可以使用以下命令，查看分区情况</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">lsblk</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011702596.png"></p>
<ul>
<li><p>使用以下命令格式化分区</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkfs.ext4 /dev/sdb1  #格式化为ext4格式</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>创建文件夹并挂载</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkdir /data</span><br><span class="line"></span><br><span class="line">mount /dev/sdb1 /data #挂载文件夹命令</span><br><span class="line"></span><br><span class="line">df -h #查看文件是否挂载成功</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598755204749.png"></p>
</li>
<li><p>设置开机自动挂载</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">echo &quot;/dev/vdb /data ext4 defaults 	0  0&quot; &gt;&gt; /etc/fstab</span><br></pre></td></tr></table></figure></li>
<li><p>检查 fstab是否有误，如果这个文件有错误可能造成系统不能正常启动，修改完成后务必使用mount命令测试是否有误.</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mount -a  #控制台没有报错，即为成功。</span><br></pre></td></tr></table></figure></li>
</ol>
</li>
</ul>
<h3 id="1-2软件要求"><a href="#1-2软件要求" class="headerlink" title="1.2软件要求"></a>1.2软件要求</h3><ul>
<li><p>安装依赖包,必须安装Oracle Database 11 <em>g</em>第2版（11.2）所需的软件包（64位）：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum -y install binutils compat-libcap1 compat-libstdc++-33 compat-libstdc++-33*i686 elfutils-libelf-devel compat-libstdc++-33*.devel gcc gcc-c++ glibc glibc*.i686 glibc-devel glibc-devel*.i686  libaio libaio*.i686 libaio-devel libaio-devel*.i686 libgcc libgcc*.i686 libstdc++ libstdc++*.i686 libstdc++-devel libstdc++-devel*.i686 libXi libXi*.i686 libXtst libXtst*.i686 make sysstat unixODBC unixODBC*.i686 unixODBC-devel unixODBC-devel*.i686</span><br></pre></td></tr></table></figure></li>
<li><p>如服务器使用的是centos6，在yum安装时会出问题,centos6官方已经停止支持，需要更换源</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">wget -O /etc/yum.repos.d/CentOS-Base.repo http://file.kangle.odata.cc/repo/Centos-6.repo</span><br><span class="line"></span><br><span class="line">wget -O /etc/yum.repos.d/epel.repo http://file.kangle.odata.cc/repo/epel-6.repo</span><br><span class="line"></span><br><span class="line">yum makecache</span><br></pre></td></tr></table></figure></li>
<li><p>由于centOS7中yum无法安装此包，只能单独下载此包，手动安装。</p>
</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">下载pdksh包</span></span><br><span class="line">wget http://vault.centos.org/5.10/os/x86_64/CentOS/pdksh-5.2.14-37.el5_8.1.x86_64.rpm</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果提示wget未找到命令，可运行下面命令安装wget</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">yum install -y wget</span>  </span><br><span class="line">rpm -ivh pdksh-5.2.14-37.el5_8.1.x86_64.rpm</span><br></pre></td></tr></table></figure>

<h3 id="1-3在-etc-hosts文件中增加主机名"><a href="#1-3在-etc-hosts文件中增加主机名" class="headerlink" title="1.3在/etc/hosts文件中增加主机名"></a>1.3在/etc/hosts文件中增加主机名</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">可通过hostname查看主机名</span></span><br><span class="line">vi /etc/hosts 在host文件尾部添加如下信息：</span><br><span class="line"></span><br><span class="line">192.168.85.106    xx xx   #根据实际情况更改，查看主机名输入 hostname</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果想修改主机名，编辑/etc/hostname</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">vi /etc/hostname</span></span><br></pre></td></tr></table></figure>

<h3 id="1-4修改内核参数"><a href="#1-4修改内核参数" class="headerlink" title="1.4修改内核参数"></a>1.4修改内核参数</h3><ul>
<li>vi  /etc/sysctl.conf 底部添加以下的内容 </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">指系统允许的最大的异步IO请求大小，默认即可</span></span><br><span class="line">fs.aio-max-nr = 1048576 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指系统能够打开最大的文件句柄数，默认即可</span></span><br><span class="line">fs.file-max = 6815744 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指表示系统任意时刻可以分配的所有共享内存段的总和的最大值,以页为单位，其值应不小于shmmax/page_size，缺省值就是2097152，如果服务器上运行的所有实例的SGA总和不超过8GB(通常系统可分配的共享内存的和最大值为8GB),通常不需要修改,如需更改，设置的一般规律</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">kernel.shmall =8G/4k= 2097152 ---内存8G</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">kernel.shmall = 16G/4k=16777216k/4k=4194304 ---内存16G</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">kernel.shmall = 32G/4k=33554432k/4k=8388608 ---内存32G</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">CentOs中页大小为4096即4K，实际环境以<span class="string">&quot;getconf PAGE_SIZE&quot;</span>结果为准）</span></span><br><span class="line">kernel.shmall = 2097152</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">表示单个共享内存的最大尺寸，以字节为单位，最低：536870912</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">32位Linux系统</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">最大值：小于4 GB的1个字节或4294967295的值</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">推荐：物理内存的一半以上</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">64位Linux系统</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">最大值：比物理内存少1个字节的值</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">推荐：物理内存的一半以上</span></span><br><span class="line">kernel.shmmax = 4294967295</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指系统共享内存段的最大数量，默认即可</span></span><br><span class="line">kernel.shmmni = 4096 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">kernel.sem是指 semmsl，semmns，semopm，semmni这4个参数</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">semmsl 指每个线号集的最大信号数，Oracle建议是设置为oracle的最大进程数+10</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">semmns 指整个系统的信号总数，也就是semmni*semmsl的结果</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">semopm 指每个semop系统调用可以执行的信号操作的最大数量</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">semmni 指整个系统的信号集的最大数量</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">例：我们的wxPaySvr需要设置最大的连接数为500，即在oracle ora.init文件参数中设置PROCESSES参数为500</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">则semmsl=510,semmns=semmsl* semmni=65280，semmni=128</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">另外semopm建议设置等于semmsl值即510</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">那么kernel.sem=510 65280 510 128</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">kernel.sem = 250 32000 100 128</span></span><br><span class="line">kernel.sem=510 65280 510 128</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指本地的允许打开随机端口范围，默认即可</span></span><br><span class="line">net.ipv4.ip_local_port_range = 9000 65500 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指网络套接字的默认接收缓冲区的大小，默认即可</span></span><br><span class="line">net.core.rmem_default = 262144 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指网络套接字的最大接收缓冲区的大小，默认即可</span></span><br><span class="line">net.core.rmem_max = 4194304 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指网络套接字默认发送缓冲区的大小，默认即可</span></span><br><span class="line">net.core.wmem_default = 262144 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指网络套接字的最大发送缓冲区的大小，默认即可</span></span><br><span class="line">net.core.wmem_max = 1048576</span><br></pre></td></tr></table></figure>

<ul>
<li>   添加完成后执行命令sysctl使其自检并生效  </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sysctl -p </span><br></pre></td></tr></table></figure>

<h3 id="1-5添加oracle用户和用户组"><a href="#1-5添加oracle用户和用户组" class="headerlink" title="1.5添加oracle用户和用户组"></a>1.5添加oracle用户和用户组</h3><ul>
<li><u><em><strong>实际生产环境中，oracle用户密码设置一定要遵循实施规范</strong></em></u></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">groupadd oinstall</span><br><span class="line">groupadd dba</span><br><span class="line">useradd -g oinstall -G dba oracle 　　#-g 用户组 -G 用户附属组</span><br><span class="line">passwd oracle  #此处在实际生产环境中，密码设置一定要遵循实施规范</span><br></pre></td></tr></table></figure>

<h3 id="1-6修改用户限制文件"><a href="#1-6修改用户限制文件" class="headerlink" title="1.6修改用户限制文件"></a>1.6修改用户限制文件</h3><h4 id="1-6-1修改系统资源限制"><a href="#1-6-1修改系统资源限制" class="headerlink" title="1.6.1修改系统资源限制"></a>1.6.1修改系统资源限制</h4><ul>
<li><code>vi /etc/security/limits.conf</code>  在文件底部添加以下的内容:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">oracle soft nproc 2047</span><br><span class="line">oracle hard nproc 16384</span><br><span class="line">oracle soft nofile 1024</span><br><span class="line">oracle hard nofile 65536</span><br><span class="line"><span class="meta">#</span><span class="language-bash">第1行是设置进程数软限制；第2行是设置进程数硬限制；第3行是设置文件数软限制；第4行是设置文件数硬限制</span></span><br></pre></td></tr></table></figure>

<h4 id="1-6-2修改用户验证选项"><a href="#1-6-2修改用户验证选项" class="headerlink" title="1.6.2修改用户验证选项"></a>1.6.2修改用户验证选项</h4><ul>
<li><code>vi /etc/pam.d/login</code>    在文件底部添加以下的内容:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">session  required  /lib64/security/pam_limits.so   #64位操作系统</span><br><span class="line">session  required pam_limits.so</span><br></pre></td></tr></table></figure>

<h4 id="1-6-3修改系统环境参数"><a href="#1-6-3修改系统环境参数" class="headerlink" title="1.6.3修改系统环境参数"></a>1.6.3修改系统环境参数</h4><ul>
<li><code>vi /etc/profile</code> 底部添加以下内容：</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">if [ $USER = &quot;oracle&quot; ]; then </span><br><span class="line">	if [$SHELL = &quot;/bin/ksh&quot; ]; then </span><br><span class="line">		ulimit -p 16384 </span><br><span class="line">		ulimit -n 65536 </span><br><span class="line">	else </span><br><span class="line">		ulimit -u 16384 -n 65536 </span><br><span class="line">	fi </span><br><span class="line">fi       </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">添加完成后,刷新配置</span></span><br><span class="line">source /etc/profile</span><br></pre></td></tr></table></figure>

<h4 id="1-6-4创建安装目录和设置目录权限"><a href="#1-6-4创建安装目录和设置目录权限" class="headerlink" title="1.6.4创建安装目录和设置目录权限"></a>1.6.4创建安装目录和设置目录权限</h4><ul>
<li>oracle是数据库系统安装目录，oradata是数据库数据安装目录，oradata_back是数据备份目录,oraInventory是清单目录  </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkdir -p /data/app/oracle11g/oracle</span><br><span class="line">mkdir -p /data/app/oracle11g/oradata</span><br><span class="line">mkdir -p /data/app/oracle11g/oradata_back</span><br><span class="line">mkdir -p /data/app/oracle11g/oraInventory</span><br><span class="line"></span><br><span class="line">chown -R oracle:oinstall   /data/app/oracle11g</span><br><span class="line">chmod -R 775               /data/app/oracle11g </span><br></pre></td></tr></table></figure>

<h4 id="1-6-5配置oracle用户环境变量"><a href="#1-6-5配置oracle用户环境变量" class="headerlink" title="1.6.5配置oracle用户环境变量"></a>1.6.5配置oracle用户环境变量</h4><ul>
<li>用oracle用户，<code>vi  ~/.bash_profile</code>  注释掉最后两行，在文件底部追加以下内容:</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">export ORACLE_BASE=/data/app/oracle11g/oracle</span><br><span class="line">export ORACLE_HOME=$ORACLE_BASE/product/11.2.0/db_1</span><br><span class="line">export ORACLE_SID=wxPaySvr    #注意此处应按创建的实际实例名称填写 用于微信小程序&amp;公众号wxPaySvr  Upay前置的UpaySvr</span><br><span class="line">export PATH=$PATH:$ORACLE_HOME/bin:$HOME/bin</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598756528862.png"></p>
<ul>
<li><p>刷新配置</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">source  ~/.bash_profile</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="1-7关闭Selinux"><a href="#1-7关闭Selinux" class="headerlink" title="1.7关闭Selinux"></a>1.7关闭Selinux</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">sed -i &quot;s/SELINUX=enforcing/SELINUX=disabled/&quot; /etc/selinux/config </span><br><span class="line"></span><br><span class="line">setenforce 0</span><br></pre></td></tr></table></figure>

<hr>
<h2 id="2-安装oracle"><a href="#2-安装oracle" class="headerlink" title="2.安装oracle"></a>2.安装oracle</h2><ul>
<li><p><strong>根据oracle官网的的认证信息，centOS7与oracle11.2.0.4最适配，本文档涵盖oracle11.2.0.1和oracle11.2.0.4安装过程</strong></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1599212792186.png"></p>
</li>
</ul>
<h3 id="2-1下载Oracle11g"><a href="#2-1下载Oracle11g" class="headerlink" title="2.1下载Oracle11g"></a>2.1下载Oracle11g</h3><figure class="highlight txt"><table><tr><td class="code"><pre><span class="line">oracle11.2.0.1：https://www.oracle.com/database/technologies/oracle-database-software-downloads.html</span><br><span class="line">oracle11.2.0.4：官网中没有免费下载，可通过其它渠道获取，目前生产中使用此版本</span><br></pre></td></tr></table></figure>

<h4 id="2-1-1上传并解压"><a href="#2-1-1上传并解压" class="headerlink" title="2.1.1上传并解压"></a>2.1.1上传并解压</h4><ul>
<li> 使用远程工具上传安装包至/home/oracle下</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /home/oracle </span><br><span class="line"><span class="meta">#</span><span class="language-bash">安装oracle11.2.0.1时解压下面两个包</span></span><br><span class="line">unzip linux.x64_11gR2_database_1of2.zip</span><br><span class="line">unzip linux.x64_11gR2_database_2of2.zip</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">安装oracle11.2.0.4时解压下面两个包</span></span><br><span class="line">unzip p13390677_112040_Linux-x86-64_1of7.zip</span><br><span class="line">unzip p13390677_112040_Linux-x86-64_2of7.zip</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果你如法使用unzip命令解压.zip文件，可能是你没有安装unzip软件，下面是安装方法</span></span><br><span class="line">命令： yum list | grep zip/unzip      #获取安装列表</span><br><span class="line">安装命令：yum install -y zip              #提示输入时</span><br><span class="line">安装命令：yum install -y unzip          #提示输入时</span><br></pre></td></tr></table></figure>

<h3 id="2-2安装的三种方式"><a href="#2-2安装的三种方式" class="headerlink" title="2.2安装的三种方式"></a>2.2安装的三种方式</h3><h4 id="2-2-1方式一：静默安装-编辑静默安装响应文件"><a href="#2-2-1方式一：静默安装-编辑静默安装响应文件" class="headerlink" title="2.2.1方式一：静默安装(编辑静默安装响应文件)"></a>2.2.1方式一：静默安装(编辑静默安装响应文件)</h4><ul>
<li> 此模式适用于在没有GUI界面的服务器上安装软件</li>
</ul>
<h5 id="2-2-1-1复制一份模板-该文件在解压的安装包里"><a href="#2-2-1-1复制一份模板-该文件在解压的安装包里" class="headerlink" title="2.2.1.1复制一份模板 ,该文件在解压的安装包里"></a>2.2.1.1复制一份模板 ,该文件在解压的安装包里</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cp -R /home/oracle/database/response/ /data/app/oracle11g/oracle</span><br></pre></td></tr></table></figure>

<h5 id="2-2-1-2修改安装所需的所有响应文件的所属组及权限"><a href="#2-2-1-2修改安装所需的所有响应文件的所属组及权限" class="headerlink" title="2.2.1.2修改安装所需的所有响应文件的所属组及权限"></a>2.2.1.2修改安装所需的所有响应文件的所属组及权限</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd  /data/app/oracle11g/oracle/response</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">使用root用户执行以下命令</span></span><br><span class="line">chown oracle:oinstall /data/app/oracle11g/oracle/response/*.rsp</span><br><span class="line">chmod 755 /data/app/oracle11g/oracle/response/*.rsp</span><br></pre></td></tr></table></figure>

<h5 id="2-2-1-3配置db-install-rsp文件"><a href="#2-2-1-3配置db-install-rsp文件" class="headerlink" title="2.2.1.3配置db_install.rsp文件"></a>2.2.1.3配置db_install.rsp文件</h5><ul>
<li> <code>vi  /data/app/oracle11g/oracle/response/db_install.rsp </code>    更改以下内容：</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">安装类型,只装数据库软件</span></span><br><span class="line">oracle.install.option=INSTALL_DB_SWONLY   </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">主机名称（命令hostname查询）</span></span><br><span class="line">ORACLE_HOSTNAME=xx       </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指定oracleinventory目录的所有者</span></span><br><span class="line">UNIX_GROUP_NAME=oinstall </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">INVENTORY目录（不填就是默认值,本例此处需修改,因个人创建安装目录而定）</span> 　 </span><br><span class="line">INVENTORY_LOCATION=/data/app/oracle11g/oraInventory  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">选择语言</span></span><br><span class="line">SELECTED_LANGUAGES=en,zh_CN     </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">设置ORALCE_HOME的路径， 路径根据实际情况修改</span></span><br><span class="line">ORACLE_HOME=/data/app/oracle11g/oracle/product/11.2.0/db_1  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">设置ORALCE_BASE的路径</span></span><br><span class="line">ORACLE_BASE=/data/app/oracle11g/oracle    </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">选择Oracle安装数据库软件的版本 EE为企业版</span></span><br><span class="line">oracle.install.db.InstallEdition=EE                                           </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">dba用户组</span> </span><br><span class="line">oracle.install.db.DBA_GROUP=dba    </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">OSOPER权限的用户组</span></span><br><span class="line">oracle.install.db.OPER_GROUP=oinstall                                  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">是否需要安全更新</span></span><br><span class="line">DECLINE_SECURITY_UPDATES=true		</span><br></pre></td></tr></table></figure>

<h5 id="2-2-1-4根据响应文件安装oracle"><a href="#2-2-1-4根据响应文件安装oracle" class="headerlink" title="2.2.1.4根据响应文件安装oracle"></a>2.2.1.4根据响应文件安装oracle</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /home/oracle/database/</span><br><span class="line"></span><br><span class="line">su  oracle  #切换Oracle用户</span><br><span class="line"></span><br><span class="line">./runInstaller -silent -force -responseFile  /data/app/oracle11g/oracle/response/db_install.rsp </span><br><span class="line">           </span><br><span class="line"><span class="meta">#</span><span class="language-bash">参数说明:</span> </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">/home/oracle/database/是安装包解压后的路径</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">runInstaller 是主要安装脚本</span> 　　</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-silent 静默模式</span> 　　</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-force 强制安装</span> 　　</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-ignorePrereq忽略warning直接安装。</span> 　　</span><br><span class="line"><span class="meta">#</span><span class="language-bash">-responseFile读取安装应答文件。</span></span><br></pre></td></tr></table></figure>

<ul>
<li>安装需要一会儿，如果想看安装进度，可以再打开一个窗口，输出会话日志</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">tail -f 日志文件路径</span><br></pre></td></tr></table></figure>

<ul>
<li><p>对于静默安装，日志中会报下面这个错误，但是静默安装中会自动跳过，这个地方对于em有影响，可以选择安装完成后去处理。</p>
<figure class="highlight verilog"><table><tr><td class="code"><pre><span class="line">silentInstall2020-<span class="number">09</span>-<span class="number">08_01</span>-<span class="number">05</span>-<span class="number">44</span>PM<span class="variable">.log</span></span><br><span class="line">调用 makefile &#x27;/data/app/oracle11g/oracle/product/<span class="number">11</span><span class="variable">.2</span><span class="variable">.0</span>/db_1/sysman/lib/ins_emagent<span class="variable">.mk</span>&#x27; 的目标 &#x27;agent nmhs&#x27; 时出错。有关详细信息, 请参阅 &#x27;/data/app/oracle11g/oraInventory/logs/installActions2020-<span class="number">09</span>-<span class="number">08_01</span>-<span class="number">05</span>-<span class="number">44</span>PM<span class="variable">.log</span>&#x27;。</span><br><span class="line">Oracle Database <span class="number">11</span>g 的 安装 已成功。</span><br></pre></td></tr></table></figure></li>
<li><p>解决办法：手动指定库</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">使用oracle用户，修改<span class="variable">$ORACLE_HOME</span>/sysman/lib/ins_emagent.mk</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">建议修改前备份原始文件</span></span><br><span class="line">cd $ORACLE_HOME/sysman/lib</span><br><span class="line">cp ins_emagent.mk ins_emagent.mk.bak</span><br><span class="line"></span><br><span class="line">vi $ORACLE_HOME/sysman/lib/ins_emagent.mk</span><br><span class="line"><span class="meta">#</span><span class="language-bash">进入vi编辑器后 命令模式输入/NMECTL 进行查找，快速定位要修改的行</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">在后面追加参数-lnnz11 第一个是字母l 后面两个是数字1</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">在176行位置，将$(MK_EMAGENT_NMECTL)修改为:</span></span><br><span class="line"><span class="meta">$</span><span class="language-bash">(MK_EMAGENT_NMECTL) -lnnz11</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">然后手动进行编译</span></span><br><span class="line">make -f /data/app/oracle11g/oracle/product/11.2.0/db_1/sysman/lib/ins_emagent.mk relink_exe EXENAME=emdctl</span><br></pre></td></tr></table></figure></li>
<li><p>当出现 Successfully Setup Software. 证明已经安装成功，然后根据提示以 root 用户执行脚本</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598775511559.png"></p>
</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.执行./orainstRoot.sh</span></span><br><span class="line">cd /data/app/oracle11g/oraInventory/</span><br><span class="line">./orainstRoot.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.执行./root.sh</span></span><br><span class="line">cd /data/app/oracle11g/oracle/product/11.2.0/db_1</span><br><span class="line">./root.sh</span><br></pre></td></tr></table></figure>

<h5 id="2-2-1-5配置监听"><a href="#2-2-1-5配置监听" class="headerlink" title="2.2.1.5配置监听"></a>2.2.1.5配置监听</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">netca /silent /responseFile /data/app/oracle11g/oracle/response/netca.rsp</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1599446056100.png"></p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">lsnrctl status  #查看监听状态 </span><br><span class="line"></span><br><span class="line">netstat -tlnp   #通过此命令可以看到orcl的1521端口已经启动</span><br></pre></td></tr></table></figure>

<h5 id="2-2-1-6静默建库"><a href="#2-2-1-6静默建库" class="headerlink" title="2.2.1.6静默建库"></a>2.2.1.6静默建库</h5><ul>
<li>  编辑静默响应文件,把dbca.rsp复制一份，改名为dbca_实例名.rsp </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd  /data/app/oracle11g/oracle/response</span><br><span class="line">cp  dbca.rsp  dbca_wxPaySvr.rsp</span><br></pre></td></tr></table></figure>

<ul>
<li><p><code>vi /data/app/oracle11g/oracle/response/dbca_wxPaySvr.rsp</code>     更改以下配置:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">全局数据库的名字，根据实际需求---微信小程序&amp;公众号wxPaySvr  Upay前置的UpaySvr</span></span><br><span class="line">GDBNAME=&quot;Svr&quot;                     </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">SID对应的实例名字，根据实际需求---微信小程序&amp;公众号wxPaySvr  Upay前置的UpaySvr</span></span><br><span class="line">SID=&quot;Svr&quot;                  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">SYS管理员密码  实际生产环境中，数据库用户密码设置一定要遵循实施规范</span></span><br><span class="line">SYSPASSWORD=&quot;123456&quot;    </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">SYSTEM管理员密码  实际生产环境中，数据库用户密码设置一定要遵循实施规范</span></span><br><span class="line">SYSTEMPASSWORD=&quot;123456&quot;             </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">数据文件存放目录</span></span><br><span class="line">DATAFILEDESTINATION=/data/app/oracle11g/oradata     </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">恢复数据存放目录</span></span><br><span class="line">RECOVERYAREADESTINATION=/data/app/oracle11g/oradata_back  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">指定要创建的数据库的存储类型，有文件系统和自动存储管理</span></span><br><span class="line">STORAGETYPE=FS</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">字符集设置，根据实际需求---微信小程序&amp;公众号=AL32UTF8  Upay前置的UpaySvr=ZHS16GBK</span></span><br><span class="line">CHARACTERSET=&quot;AL32UTF8&quot;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">数据库类型，多用途|数据仓库|一般事务型</span></span><br><span class="line">DATABASETYPE = &quot;OLTP&quot;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">是否启用自动内存管理</span></span><br><span class="line">AUTOMATICMEMORYMANAGEMENT = &quot;TRUE&quot;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">oracle内存3482MB，建议为物理内存70%~85%</span></span><br><span class="line">TOTALMEMORY= &quot;3482&quot;               </span><br></pre></td></tr></table></figure></li>
<li><p>配置最大连接数</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">此处需要修改数据库模板General_Purpose.dbc</span> </span><br><span class="line">cd  /data/app/oracle11g/oracle/product/11.2.0/db_1/assistants/dbca/templates</span><br><span class="line">vi ./General_Purpose.dbc</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">修改第34行将&lt;initParam name=<span class="string">&quot;processes&quot;</span> value=<span class="string">&quot;150&quot;</span>/&gt;改为</span></span><br><span class="line">&lt;initParam name=&quot;processes&quot; value=&quot;500&quot;/&gt;    #根据实际项目要求更改</span><br></pre></td></tr></table></figure></li>
<li><p>静默建库命令</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">su  oracle    #切换Oracle用户</span><br><span class="line"></span><br><span class="line">dbca -silent -responseFile /data/app/oracle11g/oracle/response/dbca_UPaySvr.rsp</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">可以选择查看安装日志</span></span><br><span class="line">cat  /data/app/oracle11g/oracle/cfgtoollogs/dbca/wxPaySvr/wxPaySvr.log</span><br></pre></td></tr></table></figure></li>
</ul>
<ul>
<li><p>静默建库后，查看监听</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">lsnrctl status   #查看是否监听到实例</span><br></pre></td></tr></table></figure></li>
</ul>
<h4 id="2-2-2-方式二：使用Oracle-Universal-Installer提供的图形用户界面（GUI）来安装Oracle数据库-，服务器需安装X-Window-System"><a href="#2-2-2-方式二：使用Oracle-Universal-Installer提供的图形用户界面（GUI）来安装Oracle数据库-，服务器需安装X-Window-System" class="headerlink" title="2.2.2  方式二：使用Oracle Universal Installer提供的图形用户界面（GUI）来安装Oracle数据库 ，服务器需安装X Window System"></a>2.2.2  方式二：使用Oracle Universal Installer提供的图形用户界面（GUI）来安装Oracle数据库 ，服务器需安装X Window System</h4><ul>
<li><strong>此方法较静默方式安装简便快捷</strong></li>
</ul>
<h5 id="2-2-2-1安装X-Window-System"><a href="#2-2-2-1安装X-Window-System" class="headerlink" title="2.2.2.1安装X Window System"></a>2.2.2.1安装X Window System</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum groupinstall -y &quot;X Window System&quot;   #仅为 GUI 环境构建提供了基本的框架，在屏幕上绘图和移动窗口</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">yum groupinstall  <span class="string">&quot;GNOMEDesktop&quot;</span>  -y  <span class="comment">#安装GNOME桌面，这一步可选择不安装。</span></span></span><br></pre></td></tr></table></figure>

<h5 id="2-2-2-2-使用Xmanager的xstart远程服务器"><a href="#2-2-2-2-使用Xmanager的xstart远程服务器" class="headerlink" title="2.2.2.2 使用Xmanager的xstart远程服务器"></a>2.2.2.2 使用Xmanager的xstart远程服务器</h5><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">服务器中需要安装xterm，xTerm是一个X Window System上的终端模拟器</span></span><br><span class="line">yum install -y xterm</span><br></pre></td></tr></table></figure>

<p>xstart配置：点击运行即可</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598605889016.png"></p>
<h5 id="2-2-2-3-oracle软件安装过程"><a href="#2-2-2-3-oracle软件安装过程" class="headerlink" title="2.2.2.3 oracle软件安装过程"></a>2.2.2.3 oracle软件安装过程</h5><ul>
<li><p>输入以下命令，进入安装界面</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd  database/ #进入到oracle安装目录中</span><br><span class="line">./runInstaller</span><br></pre></td></tr></table></figure></li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598606095951.png"></p>
<ul>
<li><p>如果在xstart执行./runInstaller之后，弹出来的oracle安装界面乱码，是由于系统字符集不统一造成的，我们可以在安装oracle的时候临时设置一下字符集</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">在每次调用图形界面以前，我们使用<span class="built_in">export</span>临时设置LANG(ORACLE 用户)</span></span><br><span class="line">export LANG=en_US.UTF-8</span><br></pre></td></tr></table></figure></li>
</ul>
<ol>
<li><p>邮箱可以不用填写，取消下面的“我希望通过My Oracle Support接受安全更新(W)”。 如图： </p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598263192400.png"></p>
</li>
<li><p>在oracle11.2.0.4安装过程中有此选项。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1599211406486.png"></p>
</li>
<li><p>选择仅安装oracle软件： </p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598606147254.png"></p>
</li>
<li><p>选择单实例数据库安装</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1599447993195.png"></p>
</li>
<li><p>选择语言</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598422051351.png"></p>
</li>
<li><p>选择企业级</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598422067269.png"></p>
</li>
<li><p>安装目录，检查是否正确</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598606321237.png"></p>
</li>
<li><p>指定安装文件目录 安装oracle软件或者使用dbca创建数据库时，所有的日志都会放在oraInventory这个目录下。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598606404071.png"></p>
</li>
<li><p>指定用户组</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598606666130.png"></p>
</li>
<li><p>执行先决条件检查，可忽略，此处是由于下载的依赖包版本过高造成的，在***<u>oracle11.2.0.4不会出现此问题</u>***</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598923080712.png"></p>
</li>
<li><p>是否保存响应文件，保不保存都可以</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598607147730.png"></p>
</li>
<li><p>开始安装</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598607230273.png"></p>
<ul>
<li><strong>注：安装过程中（大约%86左右）可能会弹出两个错误 ，处理方法如下：</strong></li>
</ul>
<ol>
<li><p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598607433242.png"></p>
<ul>
<li><p>解决方案：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">先查看 /usr/lib64/libc.a是否存在：</span></span><br><span class="line">ls /usr/lib64 | grep libc.a</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果查找不到先安装：glibc-static，如果有则略过此步</span></span><br><span class="line">yum -y install glibc-static</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">使用oracle用户，修改oracle安装目录下 <span class="variable">$ORACLE_HOME</span>/ctx/lib/ins_ctx.mk</span></span><br><span class="line">vi $ORACLE_HOME/ctx/lib/ins_ctx.mk</span><br><span class="line"><span class="meta">   #</span><span class="language-bash">将</span>  </span><br><span class="line">   	#ctxhx: $(CTXHXOBJ)</span><br><span class="line">        #$(LINK_CTXHX) $(CTXHXOBJ) $(INSO_LINK)</span><br><span class="line"><span class="meta">   #</span><span class="language-bash">修改为：</span>     </span><br><span class="line">      ctxhx: $(CTXHXOBJ)</span><br><span class="line">         -static $(LINK_CTXHX) $(CTXHXOBJ) $(INSO_LINK) /usr/lib64/libc.a</span><br><span class="line"><span class="meta">  #</span><span class="language-bash">改完后在oracle安装界面点Retry就可以了。</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598607604995.png"></p>
<ul>
<li><p>解决方式：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">使用oracle用户，修改<span class="variable">$ORACLE_HOME</span>/sysman/lib/ins_emagent.mk</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">建议修改前备份原始文件</span></span><br><span class="line">cd $ORACLE_HOME/sysman/lib</span><br><span class="line">cp ins_emagent.mk ins_emagent.mk.bak</span><br><span class="line"></span><br><span class="line">vi $ORACLE_HOME/sysman/lib/ins_emagent.mk</span><br><span class="line"><span class="meta">#</span><span class="language-bash">进入vi编辑器后 命令模式输入/NMECTL 进行查找，快速定位要修改的行</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">在后面追加参数-lnnz11 第一个是字母l 后面两个是数字1</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">在176行位置，将$(MK_EMAGENT_NMECTL)修改为:</span></span><br><span class="line"><span class="meta">$</span><span class="language-bash">(MK_EMAGENT_NMECTL) -lnnz11</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">改完后在oracle安装界面点Retry就可以了。</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ol>
</li>
<li><p>用root用户执行提示中的两个脚本，然后点击”OK”</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598608596167.png"></p>
<ul>
<li><p>执行./orainstRoot.sh</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598609223915.png"></p>
</li>
<li><p>执行./root.sh</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598609262045.png"></p>
</li>
</ul>
</li>
<li><p>至此软件安装完成</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598609291311.png"></p>
</li>
</ol>
<h5 id="2-2-2-4-创建oracle实例"><a href="#2-2-2-4-创建oracle实例" class="headerlink" title="2.2.2.4  创建oracle实例"></a>2.2.2.4  创建oracle实例</h5><ol>
<li><p>运行<code>dbca</code></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598676142942.png"></p>
</li>
<li><p>选择创建一个实例</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598676203217.png"></p>
</li>
<li><p>选择一般用途或事物处理</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598925320580.png"></p>
</li>
<li><p>输入实例名和SID</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598676304407.png"></p>
</li>
<li><p>取消配置企业管理</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598676413852.png"></p>
</li>
<li><p>可以为每个账户设置不同的口令，也可以为所有账户设置一个相同的口令，这里选择的第二项：所有账户使用同一管理口令 </p>
<ul>
<li><em><strong><u>实际生产环境中，数据库用户密码设置一定要遵循实施规范</u></strong></em></li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598676516835.png"></p>
</li>
<li><p>指定数据库文件的存储类型和位置</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598677318245.png"></p>
</li>
<li><p>配置恢复选择</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598677409100.png"></p>
</li>
<li><p>是否要将示例方案添加到数据库中，next即可</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598925702937.png"></p>
</li>
<li><p>设置SGA PGA、 Processes 、数据库编码格式</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598677563712.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598677623272.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598677676169.png"></p>
</li>
<li><p>出现“数据库存储”窗口 ，直接下一步即可</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598926263374.png"></p>
</li>
<li><p>创建数据库</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598678587667.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598678694652.png"></p>
</li>
<li><p>至此实例创建完成，如果需要解锁其它用户，点击Password Management配置即可。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598683619304.png"></p>
</li>
</ol>
<h5 id="2-2-2-5-配置监听（默认为动态注册）"><a href="#2-2-2-5-配置监听（默认为动态注册）" class="headerlink" title="2.2.2.5 配置监听（默认为动态注册）"></a>2.2.2.5 配置监听（默认为动态注册）</h5><ol>
<li><p>运行 <code>netca</code></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598683782437.png"></p>
</li>
<li><p>一直下一步即可</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598683877580.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598683895805.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598684312055.png"></p>
</li>
<li><p>如需不使用默认1521端口，请在此处配置</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598683971875.png"></p>
</li>
<li><p>是否配置另一个监听</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598684153669.png"></p>
</li>
<li><p>配置完成，finish</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598684371952.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1598684387312.png"></p>
</li>
</ol>
<h3 id="2-3-方式三：服务器带GUI界面"><a href="#2-3-方式三：服务器带GUI界面" class="headerlink" title="2.3  方式三：服务器带GUI界面"></a>2.3  方式三：服务器带GUI界面</h3><ul>
<li>适用于拿到一台物理机，安装操作系统的时候选择带GNOME的服务器，上传oracle安装包，直接本地安装</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /data/app/oracle11g/database     #放置安装包的目录</span><br><span class="line"></span><br><span class="line">./runInstaller 						</span><br></pre></td></tr></table></figure>

<ul>
<li><strong>在完成预安装之后，按照2.2.2.3  2.2.2.4  2.2.2.5中的步骤继续安装即可</strong></li>
</ul>
<h2 id="3-配置快速启动-关闭数据库实例，配置监听-取消数据库密码期限限制-关闭审计功能"><a href="#3-配置快速启动-关闭数据库实例，配置监听-取消数据库密码期限限制-关闭审计功能" class="headerlink" title="3. 配置快速启动/关闭数据库实例，配置监听, 取消数据库密码期限限制, 关闭审计功能"></a>3. 配置快速启动/关闭数据库实例，配置监听, 取消数据库密码期限限制, 关闭审计功能</h2><h3 id="3-1配置dbstart-dbshut-主要用于开机自启"><a href="#3-1配置dbstart-dbshut-主要用于开机自启" class="headerlink" title="3.1配置dbstart/dbshut  主要用于开机自启"></a>3.1配置dbstart/dbshut  主要用于开机自启</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.查看SID是否正确wxPaySvr, 将N改为Y</span></span><br><span class="line">vi /etc/oratab 		 	 </span><br><span class="line">wxPaySvr:/data/app/oracle11g/oracle/product/11.2.0/db_1:Y  #Y（必须大写）</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.更改dbstart脚本</span></span><br><span class="line">vi $ORACLE_HOME/bin/dbstart  </span><br><span class="line"><span class="meta"># </span><span class="language-bash">第80行 将ORACLE_HOME_LISTNER=<span class="variable">$1</span>  更改为</span></span><br><span class="line">ORACLE_HOME_LISTNER=$ORACLE_HOME</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">3.更改dbshut脚本</span></span><br><span class="line">vi $ORACLE_HOME/bin/dbshut</span><br><span class="line"><span class="meta"># </span><span class="language-bash">第50行 将ORACLE_HOME_LISTNER=<span class="variable">$1</span>  更改为</span></span><br><span class="line">ORACLE_HOME_LISTNER=$ORACLE_HOME</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">开启实例/关闭实例</span></span><br><span class="line">dbstart/dbshut</span><br></pre></td></tr></table></figure>

<h3 id="3-2配置监听（设置静态注册）"><a href="#3-2配置监听（设置静态注册）" class="headerlink" title="3.2配置监听（设置静态注册）"></a>3.2配置监听（设置静态注册）</h3><ul>
<li><p>Listener有两种注册模式 ：动态注册(默认方式) 与 静态注册 。两者差异参考如下： </p>
<table>
<thead>
<tr>
<th>动态注册</th>
<th>静态注册</th>
</tr>
</thead>
<tbody><tr>
<td>状态=READY  ，listener实时的都知道实例的状态，数据库在关闭的时候会动态的从listener中注销</td>
<td>状态=UNKNOWN，不知道实例的状态</td>
</tr>
<tr>
<td>不需要修改配置文件</td>
<td>需要配置listener.ora</td>
</tr>
<tr>
<td>PMON每60秒将服务（service_names和instance_name）注册到监听中</td>
<td>是将服务（global_name/sid_name）写入到listener.ora文件中</td>
</tr>
<tr>
<td>修改不需要重启</td>
<td>每次修改都要重启监听</td>
</tr>
<tr>
<td>重启不能马上注册服务</td>
<td>重启马上注册服务</td>
</tr>
</tbody></table>
<figure class="highlight txt"><table><tr><td class="code"><pre><span class="line">Oracle数据库实例的动态监听注册细节。有如下这样一个规律：</span><br><span class="line">1.如果是先启动监听，后启动数据库实例，则动态监听会自动识别到启动的数据库实例；</span><br><span class="line">2.在数据库实例正常运行的情况下重启监听，则数据库实例会等很长时间才能在动态监听中注册成功，大约需要1分钟的等待时间；</span><br><span class="line">3. 如果是先启动数据库实例，后启动监听，效果和2一样；</span><br><span class="line">4.如果不希望长时间等待动态监听注册的过程，可以使用“alter system register;”</span><br><span class="line">5.动态注册默认只注册到默认的监听器上(名称是LISTENER、端口是1521、协议是TCP)，如果需要向非默认监听注册，则需要配置local_listener参数，此处不做讨论。</span><br></pre></td></tr></table></figure>

<ul>
<li><p>本教程使用静态+动态，原因：</p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="comment">--如果监听器不是早于oracle实例启动或者监听器重启，则需要等待PMON自动注册（事件大约1分钟），如若此时不希望因为等待造成无法使用则：</span></span><br><span class="line"><span class="comment">--动态注册：需要使用以下命令快速注册，</span></span><br><span class="line">sqlplus <span class="operator">/</span> <span class="keyword">as</span> sysdba</span><br><span class="line"><span class="keyword">alter</span> <span class="keyword">system</span> register;</span><br><span class="line"><span class="comment">--静态+动态的模式则无需做任何操作，即可连接。</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ul>
<h4 id="3-2-1-静态注册配置listener-ora"><a href="#3-2-1-静态注册配置listener-ora" class="headerlink" title="3.2.1 静态注册配置listener.ora"></a>3.2.1 静态注册配置listener.ora</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">进入到listener.ora增加以下内容</span></span><br><span class="line"></span><br><span class="line">vi $ORACLE_HOME/network/admin/listener.ora</span><br><span class="line"></span><br><span class="line">SID_LIST_LISTENER =</span><br><span class="line">  (SID_LIST =</span><br><span class="line">    (SID_DESC =</span><br><span class="line">      (SID_NAME = wxPaySvr)</span><br><span class="line">      (ORACLE_HOME = /data/app/oracle11g/oracle/product/11.2.0/db_1)</span><br><span class="line">      (GLOBAL_DBNAME = wxPaySvr)</span><br><span class="line">    )</span><br><span class="line">  )</span><br><span class="line">  </span><br><span class="line"><span class="meta"> #</span><span class="language-bash">保存后需重启监听 lsnrctl reload</span></span><br></pre></td></tr></table></figure>

<h3 id="3-3-取消密码期限限制"><a href="#3-3-取消密码期限限制" class="headerlink" title="3.3 取消密码期限限制"></a>3.3 取消密码期限限制</h3><ul>
<li>默认的180天，这里我们修改为无限制</li>
</ul>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="comment">--1.以 DBA 的身份登陆SQL plus</span></span><br><span class="line">  sqlplus <span class="operator">/</span> <span class="keyword">as</span> sysdba;</span><br><span class="line">  </span><br><span class="line"><span class="comment">--2.查看用户的proifle是哪个，一般是default：</span></span><br><span class="line">  <span class="keyword">SELECT</span> username,PROFILE <span class="keyword">FROM</span> dba_users;</span><br><span class="line">  </span><br><span class="line"><span class="comment">--3.查看指定概要文件（如default）的密码有效期设置：</span></span><br><span class="line">  <span class="keyword">SELECT</span> <span class="operator">*</span> <span class="keyword">FROM</span> dba_profiles s <span class="keyword">WHERE</span> s.profile<span class="operator">=</span><span class="string">&#x27;DEFAULT&#x27;</span> <span class="keyword">AND</span> resource_name<span class="operator">=</span><span class="string">&#x27;PASSWORD_LIFE_TIME&#x27;</span>;</span><br><span class="line">  </span><br><span class="line"><span class="comment">--4.将密码有效期由默认的180天修改成“无限制”：</span></span><br><span class="line">  <span class="keyword">ALTER</span> PROFILE <span class="keyword">DEFAULT</span> LIMIT PASSWORD_LIFE_TIME UNLIMITED;</span><br><span class="line"><span class="comment">--修改之后不需要重启动数据库，会立即生效。 </span></span><br></pre></td></tr></table></figure>

<h3 id="3-4-关闭审计功能"><a href="#3-4-关闭审计功能" class="headerlink" title="3.4 关闭审计功能"></a>3.4 关闭审计功能</h3><ul>
<li> Oracle 11g 安装后会默认开启数据库审计功能，并且日志保存在 SYSTEM 表空间中。导致SYSTEM 空间越来越大。当表空间已满时，会导致无法连接数据库。 </li>
</ul>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="comment">--查看审计是否开启，如果为DB就是代表为开启状态。</span></span><br><span class="line"><span class="keyword">SQL</span><span class="operator">&gt;</span> <span class="keyword">show</span> <span class="keyword">parameter</span> audit_trail;</span><br><span class="line"></span><br><span class="line">NAME                     TYPE     <span class="keyword">VALUE</span></span><br><span class="line"><span class="comment">------------------------------------ ----------- ------------------------------</span></span><br><span class="line">audit_trail                 string     DB</span><br><span class="line"></span><br><span class="line"><span class="comment">--修改审计为关闭状态。</span></span><br><span class="line"><span class="keyword">SQL</span><span class="operator">&gt;</span> <span class="keyword">alter</span> <span class="keyword">system</span> <span class="keyword">set</span> audit_trail<span class="operator">=</span><span class="literal">FALSE</span> <span class="keyword">scope</span><span class="operator">=</span>spfile;</span><br><span class="line"></span><br><span class="line"><span class="keyword">System</span> altered.</span><br><span class="line"></span><br><span class="line"><span class="comment">--关闭数据库</span></span><br><span class="line"><span class="keyword">SQL</span><span class="operator">&gt;</span> shutdown immediate;</span><br><span class="line">Database closed.</span><br><span class="line">Database dismounted.</span><br><span class="line">ORACLE instance shut down.</span><br><span class="line"></span><br><span class="line"><span class="comment">--重启数据库</span></span><br><span class="line"><span class="keyword">SQL</span><span class="operator">&gt;</span> startup;</span><br><span class="line">ORACLE instance started.</span><br><span class="line"></span><br><span class="line">Total <span class="keyword">System</span> <span class="keyword">Global</span> Area <span class="number">2137886720</span> bytes</span><br><span class="line">Fixed Size            <span class="number">2230072</span> bytes</span><br><span class="line">Variable Size         <span class="number">1325402312</span> bytes</span><br><span class="line">Database Buffers      <span class="number">805306368</span> bytes</span><br><span class="line">Redo Buffers            <span class="number">4947968</span> bytes</span><br><span class="line">Database mounted.</span><br><span class="line">Database opened.</span><br><span class="line"></span><br><span class="line"><span class="comment">--查看审计是否关闭</span></span><br><span class="line"><span class="keyword">SQL</span><span class="operator">&gt;</span> <span class="keyword">show</span> <span class="keyword">parameter</span> audit_trail;</span><br><span class="line"></span><br><span class="line">NAME                     TYPE     <span class="keyword">VALUE</span></span><br><span class="line"><span class="comment">------------------------------------ ----------- ------------------------------</span></span><br><span class="line">audit_trail                 string     <span class="literal">FALSE</span></span><br></pre></td></tr></table></figure>

<h2 id="4-开放端口，设置开机自启"><a href="#4-开放端口，设置开机自启" class="headerlink" title="4.开放端口，设置开机自启"></a>4.开放端口，设置开机自启</h2><h3 id="4-1开放1521端口"><a href="#4-1开放1521端口" class="headerlink" title="4.1开放1521端口"></a>4.1开放1521端口</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">firewall-cmd --query-port=1521/tcp  #查看端口是否开放</span><br><span class="line"></span><br><span class="line">firewall-cmd --permanent --zone=public --add-port=1521/tcp  #永久开放1521端口号</span><br><span class="line"></span><br><span class="line">systemctl restart firewalld.service    #重启防火墙</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">systemctl status firewalld.service    #查看防火墙状态</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"> </span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">备注：启动 | 关闭 | 重启 防火墙</span></span><br><span class="line">systemctl [start | stop | restart] firewalld.service</span><br></pre></td></tr></table></figure>

<h3 id="4-2设置开机自启（两种方式）"><a href="#4-2设置开机自启（两种方式）" class="headerlink" title="4.2设置开机自启（两种方式）"></a>4.2设置开机自启（两种方式）</h3><ol>
<li>在rc.local文件中添加oracle自启脚本</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vi /etc/rc.local 		# 编辑，在文件末尾增加如下内容</span><br><span class="line">su - oracle -c &#x27;lsnrctl start&#x27;</span><br><span class="line">su - oracle -c &#x27;dbstart&#x27;</span><br><span class="line"><span class="meta">#</span><span class="language-bash">保存并退出</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">配置文件权限  /etc/rc.local的开机自动启动的权限默认是关闭的。Centos为了兼容性,设置了这个,但是并不默认启动。执行以下代码赋予该文件执行权限后才能启用：</span></span><br><span class="line">chmod +x /etc/rc.local </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">开机自动以 oracle 用户执行上面两个命令啦</span></span><br></pre></td></tr></table></figure>

<ul>
<li>如果此方式不生效，或造成服务器出现其它问题，可使用下面第2种方式。</li>
</ul>
<ol start="2">
<li>通过将oracle注册为服务的形式</li>
</ol>
<ul>
<li><p>在<code> /etc/rc.d/init.d/</code>中建立自启脚本</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">vim /etc/rc.d/init.d/oracle</span><br><span class="line"><span class="meta"># </span><span class="language-bash">添加以下内容</span></span><br></pre></td></tr></table></figure></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">!/bin/bash</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">oracle: Start/Stop Oracle Database 11g R2</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">chkconfig: 345 90 10</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">description: The Oracle Database is an Object-Relational Database Management System.</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"></span></span><br><span class="line"><span class="language-bash"><span class="comment">#./etc/rc.d/init.d/functions</span></span></span><br><span class="line">LOCKFILE=/var/lock/subsys/oracle</span><br><span class="line">ORACLE_HOME=/data/app/oracle11g/oracle/product/11.2.0/db_1</span><br><span class="line">ORACLE_USER=oracle</span><br><span class="line">case &quot;$1&quot; in</span><br><span class="line">&#x27;start&#x27;)</span><br><span class="line">if [ -f $LOCKFILE ]; then</span><br><span class="line">      echo $0 already running.</span><br><span class="line">      exit 1</span><br><span class="line">   fi</span><br><span class="line">   echo -n $&quot;Starting Oracle Database:&quot;</span><br><span class="line">   su - $ORACLE_USER -c &quot;$ORACLE_HOME/bin/lsnrctl start&quot;</span><br><span class="line">   su - $ORACLE_USER -c &quot;$ORACLE_HOME/bin/dbstart&quot;</span><br><span class="line">   touch $LOCKFILE</span><br><span class="line">   ;;</span><br><span class="line">&#x27;stop&#x27;)</span><br><span class="line">   if [ ! -f $LOCKFILE ]; then</span><br><span class="line">      echo $0 already stopping.</span><br><span class="line">      exit 1</span><br><span class="line">   fi</span><br><span class="line">   echo -n $&quot;Stopping Oracle Database:&quot;</span><br><span class="line">   su - $ORACLE_USER -c &quot;$ORACLE_HOME/bin/lsnrctl stop&quot;</span><br><span class="line">   su - $ORACLE_USER -c &quot;$ORACLE_HOME/bin/dbshut&quot;</span><br><span class="line">   rm -f $LOCKFILE</span><br><span class="line">   ;;</span><br><span class="line">&#x27;restart&#x27;)</span><br><span class="line"><span class="meta">   $</span><span class="language-bash">0 stop</span></span><br><span class="line"><span class="meta">   $</span><span class="language-bash">0 start</span></span><br><span class="line">   ;;</span><br><span class="line">&#x27;status&#x27;)</span><br><span class="line">   if [ -f $LOCKFILE ]; then</span><br><span class="line">      echo $0 started.</span><br><span class="line">      else</span><br><span class="line">      echo $0 stopped.</span><br><span class="line">   fi</span><br><span class="line">   ;;</span><br><span class="line">*)</span><br><span class="line">   echo &quot;Usage: $0 [start|stop|status]&quot;</span><br><span class="line">   exit 1</span><br><span class="line">esac</span><br><span class="line">exit 0 </span><br></pre></td></tr></table></figure>

<ul>
<li>修改/etc/rc.d/init.d/oracle服务文件执行权限</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">chmod 755 /etc/rc.d/init.d/oracle</span><br></pre></td></tr></table></figure>

<ul>
<li>设置为开机启动</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">chkconfig oracle on</span><br></pre></td></tr></table></figure>

<ul>
<li>start/stop/status </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">start:</span> </span><br><span class="line">service oracle start </span><br><span class="line"><span class="meta">#</span><span class="language-bash">stop:</span> </span><br><span class="line">service oracle stop </span><br><span class="line"><span class="meta">#</span><span class="language-bash">restart:</span> </span><br><span class="line">service oracle restart</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果使用新指令systemctl</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">先使用以下命令，重新加载服务的配置文件</span></span><br><span class="line">systemctl daemon-reload</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">备注：启动 | 关闭 | 重启 | 状态 oracle</span></span><br><span class="line">systemctl [start | stop | restart | status] oracle.service</span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>oracle</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>linux</tag>
        <tag>oracle</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之mysqld_exporter</title>
    <url>/posts/60592cec/</url>
    <content><![CDATA[<p>摘要：Prometheus之mysqld_exporter安装配置</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载解压</span></span><br><span class="line">wget https://github.com/prometheus/mysqld_exporter/releases/download/v0.14.0/mysqld_exporter-0.14.0.linux-amd64.tar.gz</span><br><span class="line">tar -zxvf mysqld_exporter-0.14.0.linux-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 创建数据库用户，用来获取指标数据</span></span><br><span class="line">CREATE USER &#x27;mysqld_exporter&#x27;@&#x27;localhost&#x27; IDENTIFIED BY &#x27;11234&#x27; WITH MAX_USER_CONNECTIONS 3;</span><br><span class="line">GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO &#x27;mysqld_exporter&#x27;@&#x27;localhost&#x27;;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.配置数据库信息</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.1 可以配置用户环境变量中</span></span><br><span class="line">export DATA_SOURCE_NAME=&#x27;user:password@(hostname:3306)/&#x27;</span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.2 创建.my.cnf配置文件，默认是~/.my.cnf,也可以指定--config.my-cnf，这里我们在配置目录下创建.my.cnf</span></span><br><span class="line">[client]</span><br><span class="line">host=localhost</span><br><span class="line">port=3306</span><br><span class="line">user=mysqld_exporter</span><br><span class="line">password=11234</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 为mysqld_exporter web ui配置用户认证</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.1使用以下命令生成密码</span></span><br><span class="line">htpasswd -nBC 10 &quot;&quot; | tr -d &#x27;:\n&#x27;</span><br><span class="line"><span class="meta"># </span><span class="language-bash">4.2 创建web-config.yml</span></span><br><span class="line">basic_auth_users:</span><br><span class="line">  alice: $2y$10$ap7hRpj5scT94qeUsRqQzOW35xoZPM6ylyBtAa9..QvffZ1zZWv6e</span><br><span class="line"><span class="meta">  </span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">5. 配置系统启动</span></span><br><span class="line">vim /usr/lib/systemd/system/mysqld_exporter.service</span><br><span class="line"></span><br><span class="line">[Unit]</span><br><span class="line">Description=mysqld_exporter</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">ExecStart=/data/app/prometheus/mysqld_exporter-0.14.0.linux-amd64/mysqld_exporter \</span><br><span class="line">  --config.my-cnf=/data/app/prometheus/mysqld_exporter-0.14.0.linux-amd64/.my.cnf \</span><br><span class="line">  --web.config.file=/data/app/prometheus/mysqld_exporter-0.14.0.linux-amd64/web-config.yml \</span><br><span class="line">  --web.listen-address=:8911 \</span><br><span class="line">  --collect.auto_increment.columns \</span><br><span class="line">  --collect.binlog_size \</span><br><span class="line">  --collect.engine_innodb_status \</span><br><span class="line">  --collect.info_schema.tablestats \</span><br><span class="line">  --collect.info_schema.processlist \</span><br><span class="line">  --collect.info_schema.query_response_time \</span><br><span class="line">  --collect.info_schema.tables.databases=&quot;*&quot; \</span><br><span class="line">  --collect.info_schema.innodb_tablespaces</span><br><span class="line">ExecStop=/bin/kill -KILL $MAINPID</span><br><span class="line">Type=simple</span><br><span class="line">KillMode=control-group</span><br><span class="line">Restart=always</span><br><span class="line">RestartSec=15s</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">6.启动并配置自动启动</span></span><br><span class="line">systemctl start mysqld_exporter &amp;&amp; systemctl enable mysqld_exporter</span><br></pre></td></tr></table></figure>

<h1 id="配置mysqld-exporter到prometheus"><a href="#配置mysqld-exporter到prometheus" class="headerlink" title="配置mysqld_exporter到prometheus"></a>配置mysqld_exporter到prometheus</h1><figure class="highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1.在prometheus.yml下增加mysql</span></span><br><span class="line"><span class="bullet">-</span> <span class="attr">job_name:</span> <span class="string">&#x27;mysqld_exporter&#x27;</span></span><br><span class="line">    <span class="attr">basic_auth:</span></span><br><span class="line">      <span class="attr">username:</span> <span class="string">xxx</span></span><br><span class="line">      <span class="attr">password:</span> <span class="string">xxx</span></span><br><span class="line">    <span class="attr">static_configs:</span></span><br><span class="line">    <span class="bullet">-</span> <span class="attr">targets:</span> [<span class="string">&#x27;127.0.0.1:8911&#x27;</span>]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.重启prometheus</span></span><br><span class="line"><span class="string">systemctl</span> <span class="string">restart</span> <span class="string">prometheus</span></span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>prometheus</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>prometheus</tag>
        <tag>mysqld_exporter</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之oracle_exporter</title>
    <url>/posts/5c5dad5c/</url>
    <content><![CDATA[<p>摘要：Prometheus之oracledb_exporter安装配置</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.下载解压</span></span><br><span class="line">wget https://github.com/iamseth/oracledb_exporter/releases/download/0.3.0rc1/oracledb_exporter.0.3.0rc1-ora18.5.linux-amd64.tar.gz</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">docker run -d --name oracledb_exporter --restart=always -p 8913:9161 -e DATA_SOURCE_NAME=system/8ZqoL0peW37iV9TG@124.70.166.157:1521/UPaySvr iamseth/oracledb_exporter</span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>prometheus</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>prometheus</tag>
        <tag>oracledb_exporter</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之redis-exporter</title>
    <url>/posts/5a61f516/</url>
    <content><![CDATA[]]></content>
  </entry>
  <entry>
    <title>mariadb安装指南</title>
    <url>/posts/475a898c/</url>
    <content><![CDATA[<h3 id="摘要：mariadb10-5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）"><a href="#摘要：mariadb10-5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）" class="headerlink" title="摘要：mariadb10.5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）"></a>摘要：mariadb10.5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="1-MariaDB10-5安装步骤（centos7）"><a href="#1-MariaDB10-5安装步骤（centos7）" class="headerlink" title="1. MariaDB10.5安装步骤（centos7）"></a>1. MariaDB10.5安装步骤（centos7）</h1><ul>
<li>目前MariaDB最新稳定版是10.5.9，可在官网查看</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">URL:  https://downloads.mariadb.org/mariadb/repositories</span><br><span class="line"><span class="meta"># </span><span class="language-bash">由于使用国外源非常慢，在本文档的后面我们将使用清华镜像源</span></span><br></pre></td></tr></table></figure>

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011700138.png" alt="image-20210110175629773" style="zoom: 67%;" />

<h2 id="1-1-配置MariaDB存储库"><a href="#1-1-配置MariaDB存储库" class="headerlink" title="1.1 配置MariaDB存储库"></a>1.1 配置MariaDB存储库</h2><ul>
<li>此处使用清华镜像源</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.创建一个名为MariaDB.repo的存储库文件</span></span><br><span class="line">touch /etc/yum.repos.d/MariaDB.repo</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.编辑存储库文件</span></span><br><span class="line">vi /etc/yum.repos.d/MariaDB.repo</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">默认官方源  比较慢可使用别的源下载</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">MariaDB 10.5 CentOS repository list - created 2021-06-10 01:58 UTC</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">http://downloads.mariadb.org/mariadb/repositories/</span></span><br><span class="line">[mariadb]</span><br><span class="line">name = MariaDB</span><br><span class="line">baseurl = http://yum.mariadb.org/10.5/centos7-amd64</span><br><span class="line">gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB</span><br><span class="line">gpgcheck=1</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">使用清华源，添加以下内容</span></span><br><span class="line">[mariadb]</span><br><span class="line">name = MariaDB</span><br><span class="line">baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/10.5/centos7-amd64/</span><br><span class="line">gpgkey=https://mirrors.tuna.tsinghua.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB</span><br><span class="line">gpgcheck=1</span><br></pre></td></tr></table></figure>

<h2 id="1-2-安装MariaDB"><a href="#1-2-安装MariaDB" class="headerlink" title="1.2 安装MariaDB"></a>1.2 安装MariaDB</h2><ul>
<li>使用yum直接安装MariaDB服务器和客户端软件包</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum install -y MariaDB-server MariaDB-client</span><br></pre></td></tr></table></figure>

<h2 id="1-3-配置MariaDB"><a href="#1-3-配置MariaDB" class="headerlink" title="1.3 配置MariaDB"></a>1.3 配置MariaDB</h2><h3 id="1-3-1-设置MariaDB字符集为utf8mb4"><a href="#1-3-1-设置MariaDB字符集为utf8mb4" class="headerlink" title="1.3.1 设置MariaDB字符集为utf8mb4"></a>1.3.1 设置MariaDB字符集为utf8mb4</h3><blockquote>
<p>默认是latin1，我们修改为utf8mb4</p>
</blockquote>
<h4 id="1-3-1-1-修改server-cnf配置文件"><a href="#1-3-1-1-修改server-cnf配置文件" class="headerlink" title="1.3.1.1 修改server.cnf配置文件"></a>1.3.1.1 修改server.cnf配置文件</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.编辑/etc/my.cnf</span></span><br><span class="line">vi /etc/my.cnf.d/server.cnf</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.在[mysqld]标签下添加以下内容</span></span><br><span class="line">init_connect=&#x27;SET collation_connection = utf8mb4_unicode_ci&#x27;</span><br><span class="line">init_connect=&#x27;SET NAMES utf8&#x27;</span><br><span class="line">character-set-server=utf8mb4</span><br><span class="line">collation-server=utf8mb4_unicode_ci</span><br><span class="line">skip-character-set-client-handshake=true</span><br></pre></td></tr></table></figure>

<h4 id="1-3-1-2-修改mysql-clients-cnf配置文件"><a href="#1-3-1-2-修改mysql-clients-cnf配置文件" class="headerlink" title="1.3.1.2 修改mysql-clients.cnf配置文件"></a>1.3.1.2 修改mysql-clients.cnf配置文件</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.编辑/etc/my.cnf.d/mysql-clients.cnf</span></span><br><span class="line">vi /etc/my.cnf.d/mysql-clients.cnf</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.在[mysql]标签下添加以下内容</span></span><br><span class="line">default-character-set=utf8mb4</span><br></pre></td></tr></table></figure>

<h3 id="1-3-2-设置大小写不敏感"><a href="#1-3-2-设置大小写不敏感" class="headerlink" title="1.3.2 设置大小写不敏感"></a>1.3.2 设置大小写不敏感</h3><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1.编辑/etc/my.cnf.d/server.cnf</span></span><br><span class="line">vi /etc/my.cnf.d/server.cnf</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.在[mysqld]下添加以下配置</span></span><br><span class="line">lower_case_table_names=1</span><br></pre></td></tr></table></figure>

<h3 id="1-3-3-设置数据库存储路径"><a href="#1-3-3-设置数据库存储路径" class="headerlink" title="1.3.3 设置数据库存储路径"></a>1.3.3 设置数据库存储路径</h3><blockquote>
<p>如果使用云服务器，需要将数据库存储路径指定为数据盘</p>
</blockquote>
<h4 id="1-3-3-1-手动创建数据库的存储路径"><a href="#1-3-3-1-手动创建数据库的存储路径" class="headerlink" title="1.3.3.1 手动创建数据库的存储路径"></a>1.3.3.1 手动创建数据库的存储路径</h4><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1.假如数据卷挂载目录为/data,具体根据实际情况创建</span></span><br><span class="line"><span class="built_in">mkdir</span> -p /data/mysql/data/</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.修改路径权限</span></span><br><span class="line"><span class="built_in">chown</span> mysql:mysql -R /data/mysql/</span><br><span class="line"></span><br><span class="line"><span class="comment"># 3.将默认路径下的内容cp到新路径</span></span><br><span class="line"><span class="built_in">cp</span> -a /var/lib/mysql/* /data/mysql/data/</span><br></pre></td></tr></table></figure>

<h4 id="1-3-3-2-修改server-cnf配置文件"><a href="#1-3-3-2-修改server-cnf配置文件" class="headerlink" title="1.3.3.2 修改server.cnf配置文件"></a>1.3.3.2 修改server.cnf配置文件</h4><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1.编辑/etc/my.cnf.d/server.cnf</span></span><br><span class="line">vi /etc/my.cnf.d/server.cnf</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.在[mysql]标签下添加以下内容  </span></span><br><span class="line">datadir=/data/mysql/data/</span><br></pre></td></tr></table></figure>

<h3 id="1-3-4-启动MariaDB并设置为开机自启"><a href="#1-3-4-启动MariaDB并设置为开机自启" class="headerlink" title="1.3.4 启动MariaDB并设置为开机自启"></a>1.3.4 启动MariaDB并设置为开机自启</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.开启服务</span></span><br><span class="line">systemctl start mariadb  </span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.设置为开机自启动服务</span></span><br><span class="line">systemctl enable mariadb </span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.检查状态</span></span><br><span class="line">systemctl status mariadb</span><br></pre></td></tr></table></figure>

<h3 id="1-3-5-运行mysql-secure-installation脚本进行数据库的配置"><a href="#1-3-5-运行mysql-secure-installation脚本进行数据库的配置" class="headerlink" title="1.3.5  运行mysql_secure_installation脚本进行数据库的配置"></a>1.3.5  运行<code>mysql_secure_installation</code>脚本进行数据库的配置</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mysql_secure_installation</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">Enter current password for root (enter for none):  #输入root(mysql)的密码。默认没有，直接回车</span><br><span class="line"></span><br><span class="line">Switch to unix_socket authentication [Y/n] n 	  #是否切换到unix套接字身份验证[Y/n]</span><br><span class="line"></span><br><span class="line">Change the root password? [Y/n] y   			 #是否设置root密码</span><br><span class="line"><span class="meta">#</span><span class="language-bash">就输入2次密码</span></span><br><span class="line">New password:</span><br><span class="line">Re-enter new password:</span><br><span class="line"></span><br><span class="line">Remove anonymous users? [Y/n]  y   				 #是否删除匿名用户?</span><br><span class="line"></span><br><span class="line">Disallow root login remotely? [Y/n] n			 #是否不允许远程root登录</span><br><span class="line"></span><br><span class="line">Remove test database and access to it? [Y/n] n 	  #是否删除test数据库</span><br><span class="line"></span><br><span class="line">Reload privilege tables now? [Y/n] y			 #是否加载权限使之生效</span><br></pre></td></tr></table></figure>

<h3 id="1-3-6-开启远程访问控制"><a href="#1-3-6-开启远程访问控制" class="headerlink" title="1.3.6 开启远程访问控制"></a>1.3.6 开启远程访问控制</h3><figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="comment">-- 1.登录mariadb</span></span><br><span class="line">mysql <span class="operator">-</span>u root</span><br><span class="line"><span class="comment">-- 2.修改权限  使用实际配置的root用户密码</span></span><br><span class="line"><span class="keyword">GRANT</span> <span class="keyword">ALL</span> PRIVILEGES <span class="keyword">ON</span> uidsvr_db.<span class="operator">*</span> <span class="keyword">TO</span> <span class="string">&#x27;svr_db&#x27;</span>@<span class="string">&#x27;%&#x27;</span> IDENTIFIED <span class="keyword">BY</span> <span class="string">&#x27;123456&#x27;</span> <span class="keyword">WITH</span> <span class="keyword">GRANT</span> OPTION;</span><br><span class="line"><span class="comment">-- 3.刷新权限</span></span><br><span class="line">flush privileges;</span><br></pre></td></tr></table></figure>

<h3 id="1-3-7-修改数据库连接数"><a href="#1-3-7-修改数据库连接数" class="headerlink" title="1.3.7 修改数据库连接数"></a>1.3.7 修改数据库连接数</h3><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 默认数据库连接为151</span></span><br><span class="line">show variables like <span class="string">&#x27;max_connections&#x27;</span>;</span><br><span class="line"></span><br><span class="line"><span class="comment"># 1.修改server.cnf 在[mysqld]下增加</span></span><br><span class="line">max_connections=500</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.由于mariadb有默认打开文件数限制，所以修改/usr/lib/systemd/system/mariadb.service</span></span><br><span class="line"><span class="comment">#取消[Service]前的#号，</span></span><br><span class="line"><span class="comment">#[Service]新添加两行如下参数：</span></span><br><span class="line">LimitNOFILE=10000</span><br><span class="line">LimitNPROC=10000</span><br><span class="line"></span><br><span class="line"><span class="comment"># 3.重新加载系统服务，并重启mariadb服务</span></span><br><span class="line">systemctl --system daemon-reload</span><br><span class="line">systemctl restart mariadb.service</span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>mariadb</category>
      </categories>
      <tags>
        <tag>linux</tag>
        <tag>mariadb</tag>
      </tags>
  </entry>
  <entry>
    <title>centos中使用odbc配置mysql或mariadb</title>
    <url>/posts/81ac0233/</url>
    <content><![CDATA[<p>摘要：centos中使用odbc配置mysql或mariadb</p>
<p>更新内容</p>
<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="下载安装ODBC"><a href="#下载安装ODBC" class="headerlink" title="下载安装ODBC"></a>下载安装ODBC</h1><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">yum install unixODBC unixODBC-devel -y</span><br></pre></td></tr></table></figure>

<h1 id="下载安装connector-odbc-mysql或mariadb"><a href="#下载安装connector-odbc-mysql或mariadb" class="headerlink" title="下载安装connector-odbc(mysql或mariadb)"></a>下载安装connector-odbc(mysql或mariadb)</h1><ul>
<li><a href="https://downloads.mysql.com/archives/c-odbc/">mysql官网</a></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.下载安装mysql包</span></span><br><span class="line">wget https://downloads.mysql.com/archives/get/p/10/file/mysql-connector-odbc-5.3.13-1.el7.x86_64.rpm</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. rpm安装</span></span><br><span class="line">rpm -ivh mysql-connector-odbc-5.3.13-1.el7.x86_64.rpm</span><br></pre></td></tr></table></figure>

<ul>
<li><a href="https://mariadb.com/downloads/connectors/connectors-data-access/odbc-connector">mariadb官网</a></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 下载mariadb包</span></span><br><span class="line">wget https://dlm.mariadb.com/1936470/Connectors/odbc/connector-odbc-3.1.15/mariadb-connector-odbc-3.1.15-centos7-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 解压</span></span><br><span class="line">tar -zxvf mariadb-connector-odbc-3.1.15-centos7-amd64.tar.gz</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. 接入解压包</span></span><br><span class="line">cd  mariadb-connector-odbc-*</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 安装库</span></span><br><span class="line">install lib64/mariadb/libmaodbc.so /usr/lib/</span><br><span class="line">install -d /usr/lib/mariadb/</span><br><span class="line">install -d /usr/lib/mariadb/plugin/</span><br><span class="line">install lib/mariadb/plugin/* /usr/lib/mariadb/plugin/</span><br></pre></td></tr></table></figure>

<h1 id="配置数据源"><a href="#配置数据源" class="headerlink" title="配置数据源"></a>配置数据源</h1><ol>
<li>通过以下指令可以验证系统能否找到驱动</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">odbcinst -q -d</span><br><span class="line"></span><br><span class="line">[PostgreSQL]</span><br><span class="line">[MySQL]</span><br><span class="line">[MySQL ODBC 5.3 Unicode Driver]</span><br><span class="line">[MySQL ODBC 5.3 ANSI Driver]</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>如果没有需要进行配置</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 配置/etc/odbcinst.ini,如添加mariadb的驱动</span></span><br><span class="line">[MariaDB ODBC 3.1 Driver]</span><br><span class="line">Description=MariaDB Connector/ODBC v.3.1</span><br><span class="line">Driver=/usr/lib64/libmaodbc.so</span><br><span class="line">UsageCount=4</span><br></pre></td></tr></table></figure>

<ol start="3">
<li>配置完成后，执行以下命令安装驱动程序</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">odbcinst -i -d -f /etc/odbcinst.ini</span><br></pre></td></tr></table></figure>

<ol start="4">
<li>配置数据源参数, <code>/etc/odbc.ini</code></li>
</ol>
<figure class="highlight ini"><table><tr><td class="code"><pre><span class="line"><span class="section">[My-Test-Server]</span></span><br><span class="line"><span class="attr">Description</span> = Describe your database setup here</span><br><span class="line"><span class="attr">Driver</span>      = MariaDB ODBC <span class="number">3.1</span> Driver</span><br><span class="line"><span class="attr">Trace</span>       = <span class="literal">Yes</span></span><br><span class="line"><span class="attr">TraceFile</span>   = /tmp/trace.log</span><br><span class="line"><span class="attr">SERVER</span>      = localhost</span><br><span class="line"><span class="attr">SOCKET</span>      = /var/run/mysqld/mysqld.sock</span><br><span class="line"><span class="attr">USER</span>        = db_user</span><br><span class="line"><span class="attr">PASSWORD</span>    = db_user_password</span><br><span class="line"><span class="attr">DATABASE</span>    = tes</span><br></pre></td></tr></table></figure>

<ol start="5">
<li>安装odbc数据源文件</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">odbcinst -i -s -h -f /etc/odbc.ini</span><br></pre></td></tr></table></figure>

<ol start="6">
<li>测试连接</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">isql My-Test-Server</span><br><span class="line"><span class="meta">#</span><span class="language-bash">看是否可以连接成功</span></span><br></pre></td></tr></table></figure>

<ul>
<li>参考连接</li>
<li><a href="https://mariadb.com/docs/clients/mariadb-connectors/connector-odbc/connect/">mariadb官方文档</a></li>
</ul>
]]></content>
      <categories>
        <category>odbc</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>mariadb</tag>
        <tag>mysql</tag>
        <tag>odbc</tag>
      </tags>
  </entry>
  <entry>
    <title>mariadb修改数据目录后无法启动</title>
    <url>/posts/35bbfaaa/</url>
    <content><![CDATA[<h3 id="摘要：mariadb10-5在centos7-9中因修改数据目录到-home目录中，导致无法启动的问题"><a href="#摘要：mariadb10-5在centos7-9中因修改数据目录到-home目录中，导致无法启动的问题" class="headerlink" title="摘要：mariadb10.5在centos7.9中因修改数据目录到/home目录中，导致无法启动的问题"></a>摘要：mariadb10.5在centos7.9中因修改数据目录到/home目录中，导致无法启动的问题</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-03-31</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<h1 id="Can’t-create-test-file-home-mysql-data-localhost-lower-test"><a href="#Can’t-create-test-file-home-mysql-data-localhost-lower-test" class="headerlink" title="Can’t create test file /home/mysql_data/localhost.lower-test"></a>Can’t create test file /home/mysql_data/localhost.lower-test</h1><ul>
<li>问题描述: 因为服务器的数据盘分区全部分在的/home上，所以必须进行数据库数据目录的修改，我安装的是mariadb10.5，操作系统是centos7.9, 当我<code>修改server.cnf</code>里<code>datadir=/home/mysql_data/</code>之后，无论怎么修改数据目录权限，都无法正常启动，status或<code>journalctl -xe</code>都提示我Can’t create test file /home/mysql_data/localhost.lower-test，百度了半天都说是selinux或者appammor（也不知道是啥，centos里压根就没有）。崩溃……</li>
</ul>
<span id="more"></span>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011639796.png" alt="image-20220331113054331"></p>
<ul>
<li><p>解决办法</p>
<ul>
<li><p>最终还是决定去大世界看看，Google一下，果然百度的一堆都是坑，原因在于mariadb.service中<code> Prevent accessing /home, /root and /run/user</code>，看到这里恍然大明白… 于是</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1. 编辑mariadb.service</span></span><br><span class="line">vim /usr/lib/systemd/system/mariadb.service</span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. 将改选项修改为<span class="literal">false</span></span></span><br><span class="line">ProtectHome=false</span><br><span class="line"><span class="meta"># </span><span class="language-bash">3. reload systemctl</span></span><br><span class="line">systemctl daemon-reload</span><br><span class="line"><span class="meta"># </span><span class="language-bash">4. 启动</span></span><br><span class="line">systemctl start mariadb</span><br></pre></td></tr></table></figure></li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011645477.png" alt="image-20220331113853198"></p>
</li>
<li><p>完美</p>
</li>
<li><p>引用：<a href="https://www.e-learn.cn/content/wangluowenzhang/683730">https://www.e-learn.cn/content/wangluowenzhang/683730</a></p>
</li>
</ul>
]]></content>
      <categories>
        <category>mariadb</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>mariadb</tag>
      </tags>
  </entry>
  <entry>
    <title>mariadb主从复制</title>
    <url>/posts/9451060a/</url>
    <content><![CDATA[<h3 id="摘要：mariadb10-5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）"><a href="#摘要：mariadb10-5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）" class="headerlink" title="摘要：mariadb10.5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）"></a>摘要：mariadb10.5在linux下的安装部署和基本配置（修改字符集，设置大小写不敏感，修改数据库连接数）</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="主从"><a href="#主从" class="headerlink" title="主从"></a>主从</h1><blockquote>
<p>MySQL之间数据复制的基础是以二进制日志文件（binary log file）来实现的，一台MySQL数据库一旦启用二进制日志后，其作为master，它数据库中所有操作都会以“事件”的方式记录在二进制日志中，其他数据库作为slave通过一个I/O线程与主服务器保持通信，并监控master的二进制日志文件的变化，如果发现master二进制日志文件发生变化，则会把变化复制到自己的中继日志中，然后slave的一个SQL线程会把相关的“事件”执行到自己的数据库中，以此实现从数据库和主数据库的一致性，也就实现了主从复制。</p>
</blockquote>
<h2 id="准备"><a href="#准备" class="headerlink" title="准备"></a>准备</h2><blockquote>
<p>主从复制配置要求：</p>
<p>主服务器：  1、开启数据库二进制日志功能；</p>
<p>​                    2、配置数据库认证唯一服务id；</p>
<p>​                    3、获得主库的二进制日志文件名及位置；</p>
<p>​                    4、在主库上面创建一个用于主库和从库通信的用户账号，安全管理。</p>
<p>从服务器： 1、在从库中配置唯一服务id；</p>
<p>​                    2、使用主库创建分配的用户账号读取主库的二进制日志；</p>
<p>​                    3、启用slave功能，用于主从通信。</p>
</blockquote>
<ol>
<li><p>主从数据库版本最好一致；</p>
</li>
<li><p>主从数据库内数据保持一致；</p>
</li>
</ol>
<blockquote>
<p>主数据库（master）：192.168.85.106   MariaDB10.5.10  CentOS7.9</p>
<p>从数据库（ slave ） ：192.168.85.115  MariaDB10.5.10  CentOS7.9</p>
</blockquote>
<h2 id="MariaDB安装"><a href="#MariaDB安装" class="headerlink" title="MariaDB安装"></a>MariaDB安装</h2><ul>
<li>参考MariaDB安装指南</li>
</ul>
<h2 id="主要配置"><a href="#主要配置" class="headerlink" title="主要配置"></a>主要配置</h2><h3 id="主库配置"><a href="#主库配置" class="headerlink" title="主库配置"></a>主库配置</h3><ol>
<li><p>在主库创建一个帐号用来主从连接</p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"><span class="keyword">CREATE</span> <span class="keyword">USER</span> <span class="string">&#x27;master&#x27;</span>@<span class="string">&#x27;%&#x27;</span> IDENTIFIED <span class="keyword">WITH</span> mysql_native_password <span class="keyword">BY</span> <span class="string">&#x27;master&#x27;</span>;#创建用户 </span><br><span class="line"><span class="keyword">GRANT</span> REPLICATION SLAVE <span class="keyword">ON</span> <span class="operator">*</span>.<span class="operator">*</span> <span class="keyword">TO</span> <span class="string">&#x27;master&#x27;</span>@<span class="string">&#x27;%&#x27;</span>;#分配权限</span><br><span class="line">flush privileges;    #刷新权限</span><br></pre></td></tr></table></figure></li>
<li><p>配置<code>/etc/my.cnf.d/server.cnf</code></p>
</li>
</ol>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#指定唯一的ID，1至32，必须的</span></span><br><span class="line"><span class="attr">server_id</span>=<span class="string">1</span></span><br><span class="line"><span class="comment">#指定二进制日志存放路径，必须的，查看是否开启binlog show variables like &#x27;%log_bin%&#x27;;</span></span><br><span class="line"><span class="attr">log_bin</span>=<span class="string">mysql-bin</span></span><br></pre></td></tr></table></figure>

<ul>
<li><p>重启mariadb</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">systemctl restart mariadb</span><br></pre></td></tr></table></figure></li>
</ul>
<ol start="3">
<li><p>查看master状态，记录二进制文件名(mysql-bin.000001)和位置(599)</p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line">MariaDB [(<span class="keyword">none</span>)]<span class="operator">&gt;</span> <span class="keyword">show</span> master status;</span><br><span class="line"><span class="operator">+</span><span class="comment">------------------+----------+--------------+------------------+</span></span><br><span class="line"><span class="operator">|</span> File             <span class="operator">|</span> Position <span class="operator">|</span> Binlog_Do_DB <span class="operator">|</span> Binlog_Ignore_DB <span class="operator">|</span></span><br><span class="line"><span class="operator">+</span><span class="comment">------------------+----------+--------------+------------------+</span></span><br><span class="line"><span class="operator">|</span> mysql<span class="operator">-</span>bin<span class="number">.000001</span> <span class="operator">|</span>      <span class="number">599</span> <span class="operator">|</span>              <span class="operator">|</span>                  <span class="operator">|</span></span><br><span class="line"><span class="operator">+</span><span class="comment">------------------+----------+--------------+------------------+</span></span><br><span class="line"><span class="number">1</span> <span class="type">row</span> <span class="keyword">in</span> <span class="keyword">set</span> (<span class="number">0.000</span> sec)</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="从库配置"><a href="#从库配置" class="headerlink" title="从库配置"></a>从库配置</h3><ol>
<li><p>配置<code>/etc/my.cnf.d/server.cnf</code></p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line">#指定唯一的ID，<span class="number">1</span>至<span class="number">32</span>，必须的</span><br><span class="line">server_id<span class="operator">=</span><span class="number">2</span></span><br><span class="line"></span><br><span class="line">#开启relaylog</span><br><span class="line">relay<span class="operator">-</span>log<span class="operator">=</span>mariadb<span class="operator">-</span>relay<span class="operator">-</span>bin</span><br></pre></td></tr></table></figure></li>
<li><p>建立主从连接</p>
</li>
</ol>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"># <span class="number">1.</span> 登录从库 </span><br><span class="line">mysql <span class="operator">-</span>u root <span class="operator">-</span>p </span><br><span class="line"></span><br><span class="line"># <span class="number">2.</span> 建立主从连接 此时用到主库中记录的日志名和偏移量位置</span><br><span class="line">CHANGE MASTER <span class="keyword">TO</span></span><br><span class="line">     MASTER_HOST<span class="operator">=</span><span class="string">&#x27;192.168.85.106&#x27;</span>,</span><br><span class="line">     MASTER_USER<span class="operator">=</span><span class="string">&#x27;master&#x27;</span>,</span><br><span class="line">     MASTER_PASSWORD<span class="operator">=</span><span class="string">&#x27;master&#x27;</span>,</span><br><span class="line">     MASTER_LOG_FILE<span class="operator">=</span><span class="string">&#x27;mysql-bin.000015&#x27;</span>,</span><br><span class="line">     MASTER_LOG_POS<span class="operator">=</span><span class="number">599</span>;</span><br></pre></td></tr></table></figure>

<ul>
<li><p>重启mariadb</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">systemctl restart mariadb</span><br></pre></td></tr></table></figure></li>
</ul>
<ol start="3">
<li><p>启动slave同步进程，并查看slave状态</p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"># <span class="number">1.</span> 启动slave同步进程</span><br><span class="line"><span class="keyword">start</span> slave;</span><br><span class="line"></span><br><span class="line"># <span class="number">2.</span> 查看状态</span><br><span class="line">MariaDB [test01]<span class="operator">&gt;</span> <span class="keyword">show</span> slave status \G;</span><br><span class="line"><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span> <span class="number">1.</span> <span class="type">row</span> <span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span><span class="operator">*</span></span><br><span class="line">                Slave_IO_State: Waiting <span class="keyword">for</span> master <span class="keyword">to</span> send event</span><br><span class="line">                   Master_Host: <span class="number">192.168</span><span class="number">.85</span><span class="number">.106</span></span><br><span class="line">                   Master_User: master</span><br><span class="line">                   Master_Port: <span class="number">3306</span></span><br><span class="line">                 Connect_Retry: <span class="number">60</span></span><br><span class="line">               Master_Log_File: mysql<span class="operator">-</span>bin<span class="number">.000001</span></span><br><span class="line">           Read_Master_Log_Pos: <span class="number">599</span></span><br><span class="line">                Relay_Log_File: singlee<span class="operator">-</span>relay<span class="operator">-</span>bin<span class="number">.000003</span></span><br><span class="line">                 Relay_Log_Pos: <span class="number">555</span></span><br><span class="line">         Relay_Master_Log_File: mysql<span class="operator">-</span>bin<span class="number">.000001</span></span><br><span class="line">              Slave_IO_Running: Yes</span><br><span class="line">             Slave_SQL_Running: Yes</span><br><span class="line">               Replicate_Do_DB: </span><br><span class="line">           Replicate_Ignore_DB: </span><br><span class="line">            Replicate_Do_Table: </span><br><span class="line">        Replicate_Ignore_Table: </span><br><span class="line">       Replicate_Wild_Do_Table: </span><br><span class="line">   Replicate_Wild_Ignore_Table: </span><br><span class="line">                    Last_Errno: <span class="number">0</span></span><br><span class="line">                    Last_Error: </span><br><span class="line">                  Skip_Counter: <span class="number">0</span></span><br><span class="line">           Exec_Master_Log_Pos: <span class="number">599</span></span><br><span class="line">               Relay_Log_Space: <span class="number">1436</span></span><br><span class="line">               Until_Condition: <span class="keyword">None</span></span><br><span class="line">                Until_Log_File: </span><br><span class="line">                 Until_Log_Pos: <span class="number">0</span></span><br><span class="line">            Master_SSL_Allowed: <span class="keyword">No</span></span><br><span class="line">            Master_SSL_CA_File: </span><br><span class="line">            Master_SSL_CA_Path: </span><br><span class="line">               Master_SSL_Cert: </span><br><span class="line">             Master_SSL_Cipher: </span><br><span class="line">                Master_SSL_Key: </span><br><span class="line">         Seconds_Behind_Master: <span class="number">0</span></span><br><span class="line"> Master_SSL_Verify_Server_Cert: <span class="keyword">No</span></span><br><span class="line">                 Last_IO_Errno: <span class="number">0</span></span><br><span class="line">                 Last_IO_Error: </span><br><span class="line">                Last_SQL_Errno: <span class="number">0</span></span><br><span class="line">                Last_SQL_Error: </span><br><span class="line">   Replicate_Ignore_Server_Ids: </span><br><span class="line">              Master_Server_Id: <span class="number">1</span></span><br><span class="line">                Master_SSL_Crl: </span><br><span class="line">            Master_SSL_Crlpath: </span><br><span class="line">                    Using_Gtid: <span class="keyword">No</span></span><br><span class="line">                   Gtid_IO_Pos: </span><br><span class="line">       Replicate_Do_Domain_Ids: </span><br><span class="line">   Replicate_Ignore_Domain_Ids: </span><br><span class="line">                 Parallel_Mode: optimistic</span><br><span class="line">                     SQL_Delay: <span class="number">0</span></span><br><span class="line">           SQL_Remaining_Delay: <span class="keyword">NULL</span></span><br><span class="line">       Slave_SQL_Running_State: Slave has read <span class="keyword">all</span> relay log; waiting <span class="keyword">for</span> more updates</span><br><span class="line">              Slave_DDL_Groups: <span class="number">2</span></span><br><span class="line">Slave_Non_Transactional_Groups: <span class="number">0</span></span><br><span class="line">    Slave_Transactional_Groups: <span class="number">0</span></span><br><span class="line">    </span><br><span class="line">    # 当Slave_IO_Running和Slave_SQL_Running都为YES的时候就表示主从同步设置成功</span><br></pre></td></tr></table></figure></li>
</ol>
<h2 id="测试"><a href="#测试" class="headerlink" title="测试"></a>测试</h2><ul>
<li>在主库中创建一个数据库，创建一张表，并插入一条数据，然后在从库中查看是否同步过来了。</li>
</ul>
<h2 id="优化配置"><a href="#优化配置" class="headerlink" title="优化配置"></a>优化配置</h2><ul>
<li><p>在master<code>/etc/my.cnf.d/server.cnf </code>的[mysqld]下配置</p>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. master开启二进制日志后默认记录所有库所有表的操作，可以通过配置来指定只记录指定的数据库甚至指定的表的操作</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 不同步哪些数据库</span></span><br><span class="line"><span class="comment">#binlog-ignore-db = mysql   </span></span><br><span class="line"><span class="comment">#binlog-ignore-db = test   </span></span><br><span class="line"><span class="comment">#binlog-ignore-db = information_schema   </span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment"># 只同步哪些数据库，除此之外，其他不同步  </span></span><br><span class="line"><span class="attr">binlog-do-db</span> = <span class="string">test01</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment">#2. binlog过期时间</span></span><br><span class="line"><span class="comment"># 日志保留时间 单位天  默认是0，不自动清理，每次进行 LOG flush 的时会自动删除过期的日志。什么时间才能触发log flush，1). 重启； 2). BINLOG文件大小达到参数max_binlog_size限制；3). 手工执行命令flush logs;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#将bin.000055之前的binlog清掉: </span></span><br><span class="line"><span class="comment">#mysql&gt;purge binary logs to &#x27;bin.000055&#x27;;</span></span><br><span class="line"><span class="comment">#将指定时间之前的binlog清掉: </span></span><br><span class="line"><span class="comment">#mysql&gt;purge binary logs before &#x27;2017-05-01 13:09:51&#x27;;</span></span><br><span class="line"><span class="attr">expire_logs_days</span> = <span class="string">10</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#3.如果二进制日志写入的内容超出给定值，日志就会发生滚动。你不能将该变量设置为大于1GB或小于4096字节。 默认值是1GB,如果mysql正在处理大事务时会出现binlog日志大于max值</span></span><br><span class="line"><span class="attr">max_binlog_size</span> = <span class="string">200M </span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment"># 4.控制binlog的写入频率。每执行多少次事务写入一次，影响到了mysql吞吐量和主从同步延迟</span></span><br><span class="line"><span class="comment"># 系统默认的设置是sync_binlog=0，也就是不做任何强制性的磁盘刷新指令，这时候的性能是最好的，但是风险也是最大的。因为一旦系统Crash，在binlog_cache中的所有binlog信息都会被丢失。而当设置为“1”的时候，是最安全但是性能损耗最大的设置。因为当设置为1的时候，即使系统Crash，也最多丢失binlog_cache中未完成的一个事务，对实际数据没有任何实质性影响，但对于高并发事务的系统来说设置为1，系统写入性能极差</span></span><br><span class="line"><span class="attr">sync_binlog</span> = <span class="string">1000</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment"># 5.日志格式，建议mixed，mysql默认采用statement</span></span><br><span class="line"><span class="comment"># statement 保存SQL语句</span></span><br><span class="line"><span class="comment"># row 保存影响记录数据</span></span><br><span class="line"><span class="comment"># mixed 前面两种的结合</span></span><br><span class="line"><span class="attr">binlog_format</span> = <span class="string">mixed</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 7.当二进制日志启用后，这个变量就会启用。它控制是否可以信任存储函数创建者，不会创建写入二进制日志引起不安全事件的存储函数。如果设置为0（默认值），用户不得创建或修改存储函数，除非它们具有除CREATE ROUTINE或ALTER ROUTINE特权之外的SUPER权限。 设置为0还强制使用DETERMINISTIC特性或READS SQL DATA或NO SQL特性声明函数的限制。 如果变量设置为1，MySQL不会对创建存储函数实施这些限制。 此变量也适用于触发器的创建，当开启二进制日志后，如果变量log_bin_trust_function_creators为OFF，那么创建或修改存储函数就会报“ERROR 1418 (HY000): This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)”这样的错误</span></span><br><span class="line"><span class="attr">log_bin_trust_function_creators</span>=<span class="string">1</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#8.单个packet可以允许的最大值，当传输的packet大于max_allowed_packet时，触发错误EN_NET_PACKET_TOO_LARGE,并且关闭Connection。在有的客户端中也会显示信息Lost connection to MySQL server during query，max_allowed_packet默认16M</span></span><br><span class="line"><span class="attr">max_allowed_packet</span>=<span class="string">20971520</span></span><br></pre></td></tr></table></figure></li>
<li><p>在slave中可设置重新连接超时时间</p>
<figure class="highlight sql"><table><tr><td class="code"><pre><span class="line"># 停止主从同步</span><br><span class="line">stop slave;</span><br><span class="line"> </span><br><span class="line"># 连接断开时，重新连接超时时间</span><br><span class="line">change master <span class="keyword">to</span> master_connect_retry<span class="operator">=</span><span class="number">50</span>;</span><br><span class="line"> </span><br><span class="line"># 开启主从同步</span><br><span class="line"><span class="keyword">start</span> slave;</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="性能优化之innodb-buffer"><a href="#性能优化之innodb-buffer" class="headerlink" title="性能优化之innodb_buffer"></a>性能优化之innodb_buffer</h3><figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment"># (adjust value here, 50%-70% of total RAM)数据缓存InnoDB数据页面，索引缓存，索引数据，缓冲数据，脏页（在内存中修改尚未刷新(写入)到磁盘的数据），内部结构如自适应哈希索引，行锁等。</span></span><br><span class="line"><span class="comment">#增大或减小缓冲池大小时，将以chunk的形式执行操作。chunk大小由innodb_buffer_pool_chunk_size配置选项定义，默认值为128 MB。</span></span><br><span class="line"><span class="comment">#缓冲池大小必须始终等于或者是innodb_buffer_pool_chunk_size * innodb_buffer_pool_instances的倍数</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#show variables like &#x27;innodb_buffer_pool%&#x27;; </span></span><br><span class="line"><span class="attr">innodb_buffer_pool_size</span> = <span class="string">4G</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_size = 4G 此处设置为8  MariaDB 10.5中被禁用，在MariaDB 10.6中被删除</span></span><br><span class="line"><span class="attr">innodb_buffer_pool_instances</span> = <span class="string">8</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#MySQL的InnoDB 存储引擎使用一个指定大小的Redo log空间（一个环形的数据结构）。Redo log的空间通过innodb_log_file_size和innodb_log_files_in_group（默认2）参数来调节。将这俩参数相乘即可得到总的可用Redo log 空间</span></span><br><span class="line"><span class="comment">#此参数决定mysql事务日志文件（ib_logfile0）的大小； 128M – 2G (不需要大于 buffer pool)</span></span><br><span class="line"><span class="attr">innodb_log_file_size</span> = <span class="string">512M</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#may change to 2 or 0 </span></span><br><span class="line"><span class="comment">#0: 由mysql的main_thread每秒将存储引擎log buffer中的redo日志写入到log file，并调用文件系统的sync操作，将日志刷新到磁盘。</span></span><br><span class="line"><span class="comment">#1：每次事务提交时，将存储引擎log buffer中的redo日志写入到log file，并调用文件系统的sync操作，将日志刷新到磁盘。(默认值)</span></span><br><span class="line"><span class="comment">#2：每次事务提交时，将存储引擎log buffer中的redo日志写入到log file，并由存储引擎的main_thread 每秒将日志刷新到磁盘。</span></span><br><span class="line"><span class="attr">innodb_flush_log_at_trx_commit</span> = <span class="string">1</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#避免双缓冲技术</span></span><br><span class="line"><span class="comment">#控制innodb数据文件和redo log的打开、刷写模式。有三个值：fdatasync(默认)，O_DSYNC，O_DIRECT。</span></span><br><span class="line"><span class="comment">#fdatasync模式：写数据时，write这一步并不需要真正写到磁盘才算完成（可能写入到操作系统buffer中就会返回完成），真正完成是flush操作，buffer交给操作系统去flush,并且文件的元数据信息也都需要更新到磁盘。s</span></span><br><span class="line"><span class="comment">#O_DSYNC模式：写日志操作是在write这步完成，而数据文件的写入是在flush这步通过fsync完成。</span></span><br><span class="line"><span class="comment">#O_DIRECT模式：数据文件的写入操作是直接从mysql innodb buffer到磁盘的，并不用通过操作系统的缓冲，而真正的完成也是在flush这步,日志还是要经过OS缓冲。</span></span><br><span class="line"><span class="attr">innodb_flush_method</span> = <span class="string">O_DIRECT</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#将innodb_support_xa设为1来，确保二进制日志和InnoDB存储引擎数据文件的同步。即保持binlog与redo log之间数据一致性</span></span><br><span class="line"><span class="comment">#从MariaDB 10.3版本开始，则不再支持Innodb_Support_xa标志</span></span><br><span class="line"><span class="comment">#mysql 8起 此参数也被删除</span></span><br><span class="line"><span class="attr">innodb_support_xa</span>=<span class="string">1</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#注：redo log 和 binlog的层次，作用：</span></span><br><span class="line"><span class="comment">#redo log是innodb独立使用的，记录的是数据页的更改的物理情况</span></span><br><span class="line"><span class="comment">#binlog是mysql的整个写入操作，记录的是mysql逻辑写操作</span></span><br><span class="line"><span class="comment">#sync_binlog，innodb_flush_log_at_trx_commit，innodb_support_xa。三者都设置为1(TRUE)，数据才能真正安全。sync_binlog非1，可能导致binlog丢失(OS挂掉)，从而与innodb层面的数据不一致。innodb_flush_log_at_trx_commit非1，可能会导致innodb层面的数据丢失(OS挂掉)，从而与binlog不一致。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb事务日志redo,binlog逻辑过程如下: 1.事务写入redo log buffer中； 2.将log buffer刷新到redo log中，不过会先写一个TX PREPARE标记； 3.写binlog 4.在redo log中写入TX COMMIT标记； 5.将写binlog成功的标记写入redo log。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_support_xa=1 时调用会刷redolog和binlog，那会势必会影响写入的性能。那么这个可以控制刷盘的速度吗？可以。</span></span><br><span class="line"><span class="comment">#redolog的控制参数是innodb_flush_log_at_trx_commit</span></span><br><span class="line"><span class="comment">#binlog的控制参数是sync_binlog</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#下面的情况可以关闭innodb_support_xa,即innodb_support_xa=false:</span></span><br><span class="line"><span class="comment">#可以接受在服务器上只有一个线程修改数据，对于InnoDB表为了提高性能可以关闭这个选项</span></span><br><span class="line"><span class="comment">#当只有一个SQL线程修改数据的时候，可以在slave上关闭innodb_support_xa</span></span><br><span class="line"><span class="comment">#不需要保证binlog或者主备复制的数据安全，不需要一个外部的XA事务管理者时，你可以关闭这个选项</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 配置MYSQL的IO线程与CPU核数一致（默认都为4） show variables like &#x27;%_io_threads&#x27;;</span></span><br><span class="line"><span class="comment">#cat /proc/cpuinfo |grep &quot;processor&quot;|wc -l （cpu核数）</span></span><br><span class="line"><span class="comment">#cat /proc/cpuinfo | grep &#x27;physical id&#x27; | sort | uniq | wc -l（cpu个数）</span></span><br><span class="line"><span class="attr">innodb_read_io_threads</span> = <span class="string">16</span></span><br><span class="line"><span class="attr">innodb_write_io_threads</span> = <span class="string">16</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#磁盘io参数调节 </span></span><br><span class="line"><span class="comment">#默认InnoDB存储引擎最大只会每秒只会刷新100个脏页到磁盘、合并20个插入缓冲，  取值为innodb_io_capacity_max的一半，在频繁写操作的时候才有意义（它不适用于读操作）</span></span><br><span class="line"><span class="comment">#了解系统可以支持多大的 IOPS，可使用 fio -filename=/dev/sdb -direct=1 -iodepth 1 -thread -rw=randrw -rwmixread=70 -ioengine=psync -bs=16k -size=2G -numjobs=30 -runtime=120 -group_reporting -name=mytest  （只关注read iops）</span></span><br><span class="line"><span class="attr">innodb_io_capacity</span> = <span class="string">1000</span></span><br><span class="line"><span class="attr">innodb_io_capacity_max</span> = <span class="string">2000</span></span><br></pre></td></tr></table></figure>

<ul>
<li><h2 id="配置的innodb-buffer-pool-size是否合适"><a href="#配置的innodb-buffer-pool-size是否合适" class="headerlink" title="配置的innodb_buffer_pool_size是否合适"></a>配置的innodb_buffer_pool_size是否合适</h2></li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#使用以下公式计算InnoDB缓冲池性能：</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Performance = innodb_buffer_pool_reads / innodb_buffer_pool_read_requests * 100</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_reads：表示InnoDB缓冲池无法满足的请求数。需要从磁盘中读取。</span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_read_requests：表示从内存中读取逻辑的请求数。</span></span><br><span class="line"></span><br><span class="line"><span class="attr">show</span> <span class="string">status like &#x27;innodb_buffer_pool_read%&#x27;;</span></span><br><span class="line"><span class="comment">#Performance = 91661 / 4029033624 * 100 = 0.0022750120389663</span></span><br><span class="line"><span class="comment">#意味着InnoDB可以满足缓冲池本身的大部分请求。从磁盘完成读取的百分比非常小。因此无需增加innodb_buffer_pool_size值</span></span><br></pre></td></tr></table></figure>

<ul>
<li><h2 id="InnoDB缓冲池状态变量有哪些"><a href="#InnoDB缓冲池状态变量有哪些" class="headerlink" title="InnoDB缓冲池状态变量有哪些"></a>InnoDB缓冲池状态变量有哪些</h2><figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">show</span> <span class="string">global status like &#x27;%innodb_buffer_pool_pages%&#x27;;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_data</span></span><br><span class="line"><span class="comment">#InnoDB缓冲池中包含数据的页数。 该数字包括脏页面和干净页面。 使用压缩表时，报告的Innodb_buffer_pool_pages_data值可能大于Innodb_buffer_pool_pages_total（Bug＃59550）。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_dirty</span></span><br><span class="line"><span class="comment">#显示在内存中修改但尚未写入数据文件的InnoDB缓冲池数据页的数量（脏页刷新）。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_flushed</span></span><br><span class="line"><span class="comment">#表示从InnoDB缓冲池中刷新脏页的请求数。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_free</span></span><br><span class="line"><span class="comment">#显示InnoDB缓冲池中的空闲页面</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_misc</span></span><br><span class="line"><span class="comment">#InnoDB缓冲池中的页面数量很多，因为它们已被分配用于管理开销，例如行锁或自适应哈希索引。此值也可以计算为Innodb_buffer_pool_pages_total - Innodb_buffer_pool_pages_free - Innodb_buffer_pool_pages_data。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#Innodb_buffer_pool_pages_total</span></span><br><span class="line"><span class="comment">#InnoDB缓冲池的总大小，以page为单位。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_reads</span></span><br><span class="line"><span class="comment">#表示InnoDB缓冲池无法满足的请求数。需要从磁盘中读取。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_read_requests</span></span><br><span class="line"><span class="comment">#它表示从内存中逻辑读取的请求数。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_wait_free</span></span><br><span class="line"><span class="comment">#通常，对InnoDB缓冲池的写入发生在后台。 当InnoDB需要读取或创建页面并且没有可用的干净页面时，InnoDB首先刷新一些脏页并等待该操作完成。 此计数器计算这些等待的实例。 如果已正确设置innodb_buffer_pool_size，则此值应该很小。如果大于0，则表示InnoDb缓冲池太小。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#innodb_buffer_pool_write_request</span></span><br><span class="line"><span class="comment">#表示对缓冲池执行的写入次数。</span></span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="mysql性能测试-mysqltuner"><a href="#mysql性能测试-mysqltuner" class="headerlink" title="mysql性能测试-mysqltuner"></a>mysql性能测试-mysqltuner</h3><blockquote>
<p>Github地址：<a href="https://github.com/major/MySQLTuner-perl/">https://github.com/major/MySQLTuner-perl/</a></p>
<p><a href="https://github.com/mysql/mysql-sys">https://github.com/mysql/mysql-sys</a> for MySQL安装系统架构。<br><a href="https://github.com/FromDual/mariadb-sys">https://github.com/FromDual/mariadb-sys</a> for MariaDB安装系统架构</p>
</blockquote>
<p>压测语句：<br>sysbench –test=/root/sysbench-0.5/sysbench/tests/db/oltp.lua –oltp-table-size=1000000 –oltp-read-only=off –init-rng=on –num-threads=16 –max-requests=0 –oltp-dist-type=uniform –max-time=180 –mysql-user=root –mysql-socket=/tmp/mysqld.sock –mysql-password=’’ –db-driver=mysql –mysql-table-engine=innodb –oltp-test-mode=complex run</p>
]]></content>
      <categories>
        <category>mariadb</category>
      </categories>
      <tags>
        <tag>linux</tag>
        <tag>mariadb</tag>
      </tags>
  </entry>
  <entry>
    <title>nginx安装指南</title>
    <url>/posts/31ae148b/</url>
    <content><![CDATA[<h3 id="摘要：nginx-在linux（centos），windows下的安装步骤"><a href="#摘要：nginx-在linux（centos），windows下的安装步骤" class="headerlink" title="摘要：nginx 在linux（centos），windows下的安装步骤"></a>摘要：nginx 在linux（centos），windows下的安装步骤</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
<tr>
<td align="center">2022-04-20</td>
<td align="center">增加centos下nginx yum的安装方式</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="1-windows下nginx安装"><a href="#1-windows下nginx安装" class="headerlink" title="1.windows下nginx安装"></a>1.windows下nginx安装</h1><h2 id="1-1-下载解压nginx"><a href="#1-1-下载解压nginx" class="headerlink" title="1.1 下载解压nginx"></a>1.1 下载解压nginx</h2><h3 id="1-1-1-下载nginx"><a href="#1-1-1-下载nginx" class="headerlink" title="1.1.1 下载nginx"></a>1.1.1 下载nginx</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">下载网址：http://nginx.org/en/download.html</span><br></pre></td></tr></table></figure>

<ul>
<li>我们选择稳定版-windows</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600410999826-1600735342651.png"></p>
<h3 id="1-1-2-解压"><a href="#1-1-2-解压" class="headerlink" title="1.1.2 解压"></a>1.1.2 解压</h3><ul>
<li>注：解压目录不要包含中文</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600411261861-1600735359255.png" alt="1600411261861"></p>
<h2 id="1-2-nginx的基本使用"><a href="#1-2-nginx的基本使用" class="headerlink" title="1.2 nginx的基本使用"></a>1.2 nginx的基本使用</h2><h3 id="1-2-1-启动nginx"><a href="#1-2-1-启动nginx" class="headerlink" title="1.2.1 启动nginx"></a>1.2.1 启动nginx</h3><ul>
<li>主要通过以下两种方式</li>
</ul>
<ol>
<li><p>直接双击<code>nginx.exe</code> ,双击之后一个黑色弹窗一闪而过，此时其实是已经成功启动了。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600414658476-1600735363684.png" alt="1600414658476"></p>
</li>
<li><p>打开cmd窗口，切换到nginx所在目录，输入<code>start nginx</code> 或<code>nginx.exe</code></p>
</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600413076606-1600735366294.png" alt="1600413076606"></p>
<h3 id="1-2-2-检查nginx是否启动成功"><a href="#1-2-2-检查nginx是否启动成功" class="headerlink" title="1.2.2 检查nginx是否启动成功"></a>1.2.2 检查nginx是否启动成功</h3><ul>
<li><p>以下三种方法</p>
<ol>
<li><p>在cmd窗口下输入以下命令，当出现下图所示则启动成功。</p>
<figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line">tasklist /fi <span class="string">&quot;imagename eq nginx.exe&quot;</span></span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600413108154-1600735368812.png" alt="1600413108154"></p>
</li>
<li><p>直接在浏览器地址栏输入<code> http://localhost:80</code> ,出现以下页面说明启动成功</p>
</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600412703912-1600735370883.png" alt="1600412703912"></p>
<ol start="3">
<li><p>打开任务管理器</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600415150731-1600735372812.png" alt="1600415150731" style="zoom:67%;" /></li>
</ol>
</li>
</ul>
<h3 id="1-2-3-关闭nginx"><a href="#1-2-3-关闭nginx" class="headerlink" title="1.2.3 关闭nginx"></a>1.2.3 关闭nginx</h3><h4 id="1-2-3-1-我们通过在cmd窗口，输入相关命令来关闭nginx，具体有以下三种方式"><a href="#1-2-3-1-我们通过在cmd窗口，输入相关命令来关闭nginx，具体有以下三种方式" class="headerlink" title="1.2.3.1 我们通过在cmd窗口，输入相关命令来关闭nginx，具体有以下三种方式"></a>1.2.3.1 我们通过在cmd窗口，输入相关命令来关闭nginx，具体有以下三种方式</h4><ol>
<li><p>快速关闭nginx：<code>nginx -s stop</code></p>
<ul>
<li>注：使用此命令关闭nginx时，会同时删除logs中的nginx.pid文件</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600413048039-1600735376948.png" alt="1600413048039"></p>
</li>
<li><p>完整有序的关闭nginx：<code>nginx -s quit</code></p>
<ul>
<li>注：使用此命令关闭nginx时，也会同时删除logs中的nginx.pid文件</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600413253753-1600735380204.png" alt="1600413253753"></p>
</li>
<li><p>使用taskkill关闭nginx：<code>taskkill /f /t /im nginx.exe</code></p>
<ul>
<li>注：使用此命令关闭nginx时，不会删除logs中的nginx.pid文件</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600413424020-1600735382868.png" alt="1600413424020"></p>
</li>
<li><p>注意一个问题</p>
<ul>
<li>如果不小心多次执行了启动nginx的操作，那么在关闭nginx时，必须使用taskkill对开启的nginx进行关闭。</li>
</ul>
<figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line">taskkill /f /t /im nginx.exe</span><br></pre></td></tr></table></figure>

<ul>
<li><p>例：先执行了三次启动nginx的操作，并且通过查询可以看到当前所启动的nginx为三个。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600414091313-1600735385747.png" alt="1600414091313"></p>
<p>接下来，我们对所启动的nginx进行关闭，首先，我们先执行一次nginx -s stop操作，操作成功，通过再次查询我们可以看到成功关闭了一个nginx。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600414169317-1600735389763.png" alt="1600414169317"></p>
<p>但当我们再次执行<code>nginx -s stop</code>操作时，就会提示错误。</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600414194313-1600735392492.png" alt="1600414194313"></p>
</li>
</ul>
</li>
</ol>
<ul>
<li> 原因：当执行启动nginx操作时，无论是启动了一次还是启动了多次，其所对应的logs文件中只会生成一个nginx.pid文件 ， 但是当执行过一次<code>nginx -s stop</code> 或<code> nginx -s quit</code>时，它在将一个nginx关闭后，同时，也会将logs中的nginx.pid 文件删除掉，所以当你再次执行<code>nginx -s stop</code> 关闭操作时，就会报错，所报错误为找不到nginx.pid文件。 </li>
</ul>
<h4 id="1-2-3-2-关闭异常的解决办法"><a href="#1-2-3-2-关闭异常的解决办法" class="headerlink" title="1.2.3.2 关闭异常的解决办法"></a>1.2.3.2 关闭异常的解决办法</h4><ol>
<li>在启动nginx后，关闭nginx时,出现pid找不到的解决方案</li>
</ol>
<figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line"><span class="comment">#首先，在logs下新建一个nginx.pid文件</span></span><br><span class="line"></span><br><span class="line"><span class="comment">#然后，在cmd命令行输入命令：</span></span><br><span class="line">nginx <span class="literal">-c</span> conf/nginx.conf</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>在启动nginx后，关闭nginx时，出现pid非法的解决方案</li>
</ol>
<figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line"><span class="comment">#在cmd命令行输入命令：</span></span><br><span class="line">nginx <span class="literal">-c</span> conf/nginx.conf</span><br></pre></td></tr></table></figure>

<h3 id="1-2-4-Nginx命令总结"><a href="#1-2-4-Nginx命令总结" class="headerlink" title="1.2.4 Nginx命令总结"></a>1.2.4 Nginx命令总结</h3><figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line"><span class="built_in">start</span> nginx    <span class="comment">#启动</span></span><br><span class="line">nginx <span class="literal">-s</span> stop  <span class="comment">#快速关闭</span></span><br><span class="line">nginx <span class="literal">-s</span> quit  <span class="comment">#优雅的关闭</span></span><br><span class="line">nginx <span class="literal">-s</span> reload <span class="comment">#重新加载配置文件</span></span><br><span class="line">nginx <span class="literal">-t</span> <span class="literal">-c</span> conf/nginx.conf  <span class="comment">#检查配置文件语法是否有错</span></span><br></pre></td></tr></table></figure>

<h2 id="1-3设置开机自启"><a href="#1-3设置开机自启" class="headerlink" title="1.3设置开机自启"></a>1.3设置开机自启</h2><ol>
<li>使用win+R键，输入shell:startup</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600996599326.png" alt="1600996599326"></p>
<ol start="2">
<li><p>将nginx.exe拖入即可</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600996672803.png" alt="1600996672803"></p>
</li>
</ol>
<h1 id="2-linux下nginx安装（编译安装）"><a href="#2-linux下nginx安装（编译安装）" class="headerlink" title="2.linux下nginx安装（编译安装）"></a>2.linux下nginx安装（编译安装）</h1><ul>
<li>注：nginx在linux下的安装有许多种方式，此处我们选择源码编译安装，可以定制各目录安装的位置，方便操作。</li>
</ul>
<h2 id="2-1-创建nginx用户"><a href="#2-1-创建nginx用户" class="headerlink" title="2.1 创建nginx用户"></a>2.1 创建nginx用户</h2><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">创建nginx用户组</span></span><br><span class="line">groupadd nginx</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">创建nginx用户，指定用户家目录和用户所属组</span></span><br><span class="line">useradd -d /data/nginx -g nginx -m nginx</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">配置密码</span></span><br><span class="line">passwd nginx</span><br></pre></td></tr></table></figure>

<h2 id="2-2-安装相关依赖"><a href="#2-2-安装相关依赖" class="headerlink" title="2.2 安装相关依赖"></a>2.2 安装相关依赖</h2><ol>
<li>安装 nginx 需要先将官网下载的源码进行编译，编译依赖 gcc 环境。检查gcc</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">检查gcc</span></span><br><span class="line">rpm -qa | grep gcc-c++</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果没有 gcc 环境，则需要安装：</span></span><br><span class="line">yum install -y gcc-c++</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>PCRE(Perl Compatible Regular Expressions) 是一个Perl库，包括 perl 兼容的正则表达式库。nginx 的 http 模块使用 pcre 来解析正则表达式，所以需要在 linux 上安装 pcre 库，pcre-devel 是使用 pcre 开发的一个二次开发库。nginx也需要此库。</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">检查pcre</span></span><br><span class="line">rpm -qa | grep pcre || pcre-devel</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果没有，则需要安装</span></span><br><span class="line">yum install -y pcre pcre-devel</span><br></pre></td></tr></table></figure>

<ol start="3">
<li>zlib 库提供了很多种压缩和解压缩的方式， nginx 使用 zlib 对 http 包的内容进行 gzip ，所以需要在 Centos 上安装 zlib 库。</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">检查zlib</span></span><br><span class="line">rpm -qa | grep zlib || zlib-devel</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果没有，则需要安装</span></span><br><span class="line">yum install -y zlib zlib-devel</span><br></pre></td></tr></table></figure>

<ol start="4">
<li>OpenSSL 是一个强大的安全套接字层密码库，囊括主要的密码算法、常用的密钥和证书封装管理功能及 SSL 协议，并提供丰富的应用程序供测试或其它目的使用。nginx 不仅支持 http 协议，还支持 https（即在ssl协议上传输http），所以需要在 Centos 安装 OpenSSL 库。</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">检查openssl</span></span><br><span class="line">rpm -qa | grep openssl || openssl-devel</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果没有，则需要安装</span></span><br><span class="line">yum install -y openssl openssl-devel</span><br></pre></td></tr></table></figure>

<h2 id="2-3-下载nginx"><a href="#2-3-下载nginx" class="headerlink" title="2.3 下载nginx"></a>2.3 下载nginx</h2><h3 id="2-3-1-直接下载，手动上传（使用nginx用户）"><a href="#2-3-1-直接下载，手动上传（使用nginx用户）" class="headerlink" title="2.3.1 直接下载，手动上传（使用nginx用户）"></a>2.3.1 直接下载，手动上传（使用nginx用户）</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">下载网址：http://nginx.org/en/download.html</span></span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600660497377.png" alt="1600660497377"></p>
<h3 id="2-3-2-使用wget下载"><a href="#2-3-2-使用wget下载" class="headerlink" title="2.3.2 使用wget下载"></a>2.3.2 使用wget下载</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">nginx用户</span></span><br><span class="line">wget http://nginx.org/download/nginx-1.18.0.tar.gz</span><br><span class="line"><span class="meta">#</span><span class="language-bash">注：如果显示没有wget命令请使用yum下载此命令</span></span><br><span class="line">yum install -y wget		</span><br></pre></td></tr></table></figure>

<h2 id="2-4-编译安装nginx"><a href="#2-4-编译安装nginx" class="headerlink" title="2.4 编译安装nginx"></a>2.4 编译安装nginx</h2><h3 id="2-4-1解压"><a href="#2-4-1解压" class="headerlink" title="2.4.1解压"></a>2.4.1解压</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">tar -zxvf nginx-1.18.0.tar.gz</span><br></pre></td></tr></table></figure>

<h3 id="2-4-2-编译安装"><a href="#2-4-2-编译安装" class="headerlink" title="2.4.2 编译安装"></a>2.4.2 编译安装</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.切换到安装包目录</span></span><br><span class="line">cd /data/nginx/nginx-1.18.0</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.配置</span></span><br><span class="line">./configure \</span><br><span class="line">--with-http_ssl_module \</span><br><span class="line">--with-http_flv_module \</span><br><span class="line">--with-http_gzip_static_module \</span><br><span class="line">--with-stream \</span><br><span class="line">--with-stream_ssl_module \</span><br><span class="line">--prefix=/data/nginx/nginx \</span><br><span class="line">--sbin-path=/data/nginx/nginx/sbin/nginx \</span><br><span class="line">--modules-path=/data/nginx/nginx/nginx.modules \</span><br><span class="line">--conf-path=/data/nginx/nginx/conf/nginx.conf \</span><br><span class="line">--error-log-path=/data/nginx/nginx/logs/error.log \</span><br><span class="line">--http-log-path=/data/nginx/nginx/logs/access.log \</span><br><span class="line">--pid-path=/data/nginx/nginx/logs/nginx.pid \</span><br><span class="line">--lock-path=/data/nginx/nginx/logs/nginx.lock \</span><br><span class="line">--user=nginx \</span><br><span class="line">--group=nginx</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">配置说明</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--prefix = 指向安装目录</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--sbinpath = 指向执行程序文件</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--modules-path = 指定第三方模块的存放路径</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--conf-path = 指定配置文件存放位置</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--error-log-path = 指定错误日志存放位置</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--http-log-path = 设定access.log路径</span> </span><br><span class="line"><span class="meta">#</span><span class="language-bash">--pid-path = 指定pid文件存放位置</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--lock-path = 指定lock文件存放位置</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--user = 指定程序运行时的非特权用户</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--group = 指定程序运行时的非特权用户组</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--with-http_ssl_module = 启用ngx_http_ssl_module支持（使支持https请求.)</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--with-http_flv_module = 启用ngx_http_flv_module支持（提供寻求内存使用基于时间的偏移量文件）</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--with-http_gzip_static_module =启用ngx_http_gzip_static_module支持，支持在线实时压缩输出数据流。</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--with-stream = 添加stream模块</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--with-stream_ssl_module = 为流代理服务器使用SSL/TLS协议提供了必要的支持</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">3.编译和安装</span></span><br><span class="line">make &amp;&amp; make install</span><br></pre></td></tr></table></figure>

<h2 id="2-5-设置开机自启"><a href="#2-5-设置开机自启" class="headerlink" title="2.5 设置开机自启"></a>2.5 设置开机自启</h2><ul>
<li> <strong>进入到/lib/systemd/system/目录</strong> ， <strong>创建nginx.service文件，并添加以下内容</strong> </li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">[Unit]</span><br><span class="line">Description=nginx service</span><br><span class="line">After=network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">Type=forking</span><br><span class="line">ExecStart=/data/nginx/nginx/sbin/nginx</span><br><span class="line">ExecReload=/data/nginx/nginx/sbin/nginx -s reload</span><br><span class="line">ExecStop=/data/nginx/nginx/sbin/nginx -s quit</span><br><span class="line">PrivateTmp=true</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy=multi-user.target</span><br></pre></td></tr></table></figure>

<ul>
<li><p>配置文件内容</p>
<figure class="highlight txt"><table><tr><td class="code"><pre><span class="line">[Unit]: 服务的说明</span><br><span class="line"></span><br><span class="line">Description:描述服务</span><br><span class="line">After:描述服务类别</span><br><span class="line">[Service]服务运行参数的设置</span><br><span class="line">Type=forking是后台运行的形式</span><br><span class="line">ExecStart为服务的具体运行命令</span><br><span class="line">ExecReload为重启命令</span><br><span class="line">ExecStop为停止命令</span><br><span class="line">PrivateTmp=True表示给服务分配独立的临时空间</span><br><span class="line">注意：[Service]的启动、重启、停止命令全部要求使用绝对路径</span><br><span class="line">[Install]运行级别下服务安装的相关设置，可设置为多用户，即系统运行级别为3</span><br></pre></td></tr></table></figure></li>
<li><p>开机自启/禁止开机自启</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">加入开机自启动</span></span><br><span class="line">systemctl enable nginx</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">关闭开机启动</span></span><br><span class="line">systemctl disable nginx</span><br></pre></td></tr></table></figure></li>
<li><p>服务的启动/停止/刷新配置文件/查看状态</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">systemctl start nginx.service　         #启动nginx服务</span><br><span class="line">systemctl stop nginx.service　          #停止服务</span><br><span class="line">systemctl restart nginx.service　       #重新启动服务</span><br><span class="line">systemctl force-reload nginx.service    #强制reload</span><br><span class="line">systemctl list-units --type=service     #查看所有已启动的服务</span><br><span class="line">systemctl status nginx.service          #查看服务当前状态</span><br><span class="line">systemctl enable nginx.service          #设置开机自启动</span><br><span class="line">systemctl disable nginx.service         #停止开机自启动</span><br></pre></td></tr></table></figure></li>
<li><h2 id="一个常见的错误"><a href="#一个常见的错误" class="headerlink" title="一个常见的错误"></a><strong>一个常见的错误</strong></h2><h3 id="Warning-nginx-service-changed-on-disk-Run-‘systemctl-daemon-reload’-to-reload-units"><a href="#Warning-nginx-service-changed-on-disk-Run-‘systemctl-daemon-reload’-to-reload-units" class="headerlink" title="Warning: nginx.service changed on disk. Run ‘systemctl daemon-reload’ to reload units."></a>Warning: nginx.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.</h3><p> 直接按照提示执行命令systemctl daemon-reload 即可。</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">systemctl daemon-reload</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="2-6-nginx的基本使用"><a href="#2-6-nginx的基本使用" class="headerlink" title="2.6 nginx的基本使用"></a>2.6 nginx的基本使用</h2><h3 id="2-6-1-基本命令"><a href="#2-6-1-基本命令" class="headerlink" title="2.6.1 基本命令"></a>2.6.1 基本命令</h3><ol>
<li><p>启动nginx</p>
<ul>
<li>注：当我们nginx监听的端口小于1024时，用nginx用户是无法启动服务的，需要使用root用户，关闭也应使用root</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /data/nginx/nginx/sbin</span><br><span class="line">./nginx  </span><br></pre></td></tr></table></figure></li>
<li><p>关闭nginx</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /data/nginx/nginx/sbin</span><br><span class="line">./nginx -s stop  #强制关闭</span><br><span class="line">./nginx -s quit  #完整有序的关闭，会在处理完当前任务之后关闭</span><br></pre></td></tr></table></figure></li>
<li><p>重新加载配置文件</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">./nginx -s reload</span><br></pre></td></tr></table></figure></li>
<li><p>检查配置文件语法</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cd /data/nginx/nginx/sbin</span><br><span class="line">./nginx -t -c ../conf/nginx.conf   #当出现successful表示配置文件无误</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="2-6-2-检查nginx是否启动"><a href="#2-6-2-检查nginx是否启动" class="headerlink" title="2.6.2 检查nginx是否启动"></a>2.6.2 检查nginx是否启动</h3><ol>
<li><p>查看nginx的监听端口,默认是80</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">netstat -tlnp | grep 80</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600678037893.png" alt="1600678037893"></p>
</li>
<li><p>查看nginx进程</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">ps -ef | grep nginx</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600678101792.png" alt="1600678101792"></p>
<h3 id="2-6-3-启动-关闭异常解决办法"><a href="#2-6-3-启动-关闭异常解决办法" class="headerlink" title="2.6.3 启动/关闭异常解决办法"></a>2.6.3 启动/关闭异常解决办法</h3><h4 id="2-6-3-1端口被占用"><a href="#2-6-3-1端口被占用" class="headerlink" title="2.6.3.1端口被占用"></a>2.6.3.1端口被占用</h4><p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600678935393.png" alt="1600678935393"></p>
<ul>
<li><p>解决：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">更改nginx.conf的监听端口</span></span><br><span class="line">vi /data/nginx/nginx/conf/nginx.conf</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">更改server里面listen</span></span><br><span class="line">listen= 监听端口号</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">更改之后，检查配置文件，重新启动</span></span><br><span class="line">cd /data/nginx/nginx/sbin</span><br><span class="line">./nginx -tc /data/nginx/nginx/conf/nginx.conf</span><br><span class="line">./nginx</span><br></pre></td></tr></table></figure></li>
</ul>
<h4 id="2-6-3-2显示权限不够"><a href="#2-6-3-2显示权限不够" class="headerlink" title="2.6.3.2显示权限不够"></a>2.6.3.2显示权限不够</h4><ol>
<li>当我们nginx监听端口小于1024时，使用nginx用户启动进程会报如下错误：</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600679508151.png" alt="1600679508151"></p>
<ul>
<li>原因：linux中使用端口小于1024，需要使用root权限</li>
<li>解决：使用root用户启动即可正常启动，此时关闭时也需要使用root用户，因为启动时生成的<code>nginx.pid</code>文件所属用户为root，nginx用户没有权限删除</li>
</ul>
<ol start="2">
<li><p>当我们在nginx配置文件中配置了user为nginx时，如果此时使用nginx用户启动nginx进程会报一个警告：</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600679815229.png"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600679867844.png" alt="1600679867844"></p>
</li>
</ol>
<ul>
<li>原因：nginx启动进程可以在conf里指定user（user  nginx;）但是这个只有在用root启动的情况有意义，如果是用其他用户启动的nginx master是没有意义的，nginx会忽略这个配置</li>
<li>分析：</li>
</ul>
<ol>
<li>在非root账户下启动时，nignx的master和worker进程的owner都将是这个账户</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600680207223.png" alt="1600680207223"></p>
<ol start="2">
<li><p>在root账户下启动时 nignx的master进程是的owner是root，worker的owner在conf已配置用户（此处为nginx）的情况下，owner是配置的用户，否则将是nobody，而且也可能导致nginx的一些文件的owner也是nobody</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600680265369.png" alt="1600680265369"></p>
</li>
</ol>
<h2 id="2-7-nginx动态添加模块"><a href="#2-7-nginx动态添加模块" class="headerlink" title="2.7 nginx动态添加模块"></a>2.7 nginx动态添加模块</h2><ul>
<li><p>例：增加用于监控nginx当前连接数信息的控制模块  <code>http_stub_status_module</code>  ，我们使用<code>./nginx -V</code>查看已安装的模块是否有<code>--with-http_stub_status_module</code></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600681518248.png" alt="1600681518248"></p>
</li>
<li><p>没有，我们就开始安装，此模块属于nginx自带模块，我们重新编译安装即可</p>
</li>
</ul>
<h3 id="2-7-1-重新配置"><a href="#2-7-1-重新配置" class="headerlink" title="2.7.1  重新配置"></a>2.7.1  重新配置</h3><ul>
<li>如果忘记之前安装过什么模块,请使用<code>nginx -V</code>查看，直接拷贝出来，在末尾加上我们需要增加的模块</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.进入到源码包，路径按实际源码包存放的位置</span></span><br><span class="line">cd /data/nginx/nginx-1.18.0 </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2.重新配置，运行以下命令，如果忘记之前安装过什么模块使用nginx -V查看，直接拷贝出来，在末尾加上我们需要增加的模块</span></span><br><span class="line">./configure \</span><br><span class="line">--with-http_ssl_module \</span><br><span class="line">--with-http_flv_module \</span><br><span class="line">--with-http_gzip_static_module \</span><br><span class="line">--with-stream \</span><br><span class="line">--with-stream_ssl_module \</span><br><span class="line">--prefix=/data/nginx/nginx \</span><br><span class="line">--sbin-path=/data/nginx/nginx/sbin/nginx \</span><br><span class="line">--modules-path=/data/nginx/nginx/nginx.modules \</span><br><span class="line">--conf-path=/data/nginx/nginx/conf/nginx.conf \</span><br><span class="line">--error-log-path=/data/nginx/nginx/logs/nginx-error.log \</span><br><span class="line">--http-log-path=/data/nginx/nginx/logs/access.log \</span><br><span class="line">--pid-path=/data/nginx/nginx/logs/nginx.pid \</span><br><span class="line">--lock-path=/data/nginx/nginx/logs/nginx.lock \</span><br><span class="line">--user=nginx \</span><br><span class="line">--group=nginx \</span><br><span class="line">--with-http_stub_status_module  #此处为需要增加的http_stub_status_module</span><br></pre></td></tr></table></figure>

<h3 id="2-7-2-编译Nginx"><a href="#2-7-2-编译Nginx" class="headerlink" title="2.7.2 编译Nginx"></a>2.7.2 编译Nginx</h3><ul>
<li>切记不要运行<code>make install</code>,不然直接覆盖掉了</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1. 运行make</span></span><br><span class="line">make</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.替换nginx二进制文件</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">先备份原nginx</span></span><br><span class="line">cp  /data/nginx/nginx/sbin/nginx /data/nginx/nginx/sbin/nginx_bak</span><br><span class="line"><span class="meta">#</span><span class="language-bash">替换</span></span><br><span class="line">mv /data/nginx/nginx-1.18.0/objs/nginx /data/nginx/nginx/sbin/nginx</span><br></pre></td></tr></table></figure>

<h3 id="2-7-3-查看是否添加成功，测试使用"><a href="#2-7-3-查看是否添加成功，测试使用" class="headerlink" title="2.7.3 查看是否添加成功，测试使用"></a>2.7.3 查看是否添加成功，测试使用</h3><ol>
<li>使用<code>nginx -V</code>查看</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600740300184.png"></p>
<ol start="2">
<li><p>配置nginx.conf</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600740442145.png" alt="1600740442145"></p>
</li>
</ol>
<ul>
<li><p>配置完成之后，检查配合文件语法是否有误</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">./nginx -t -c /data/nginx/nginx/conf/nginx.conf  </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果此时nginx已处于运行状态，运行reload即可</span></span><br><span class="line">./nginx -s reload</span><br></pre></td></tr></table></figure></li>
</ul>
<ol start="3">
<li><p>使用web查看</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/image-20220218164305758.png" alt="image-20220218164305758"></p>
</li>
</ol>
<h1 id="3-linux下nginx安装（yum安装）"><a href="#3-linux下nginx安装（yum安装）" class="headerlink" title="3. linux下nginx安装（yum安装）"></a>3. linux下nginx安装（yum安装）</h1><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">1.配置yum源</span></span><br><span class="line">vim /etc/yum.repos.d/nginx.repo</span><br><span class="line"><span class="meta"># </span><span class="language-bash">添加以下内容，默认会安装最新的稳定版本</span></span><br><span class="line">[nginx-stable]</span><br><span class="line">name=nginx stable repo</span><br><span class="line">baseurl=http://nginx.org/packages/centos/$releasever/$basearch/</span><br><span class="line">gpgcheck=1</span><br><span class="line">enabled=1</span><br><span class="line">gpgkey=https://nginx.org/keys/nginx_signing.key</span><br><span class="line">module_hotfixes=true</span><br><span class="line"></span><br><span class="line">[nginx-mainline]</span><br><span class="line">name=nginx mainline repo</span><br><span class="line">baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/</span><br><span class="line">gpgcheck=1</span><br><span class="line">enabled=0</span><br><span class="line">gpgkey=https://nginx.org/keys/nginx_signing.key</span><br><span class="line">module_hotfixes=true</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">2. yum安装</span></span><br><span class="line">yum install -y nginx</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">3.配置自动启动和启动nginx</span></span><br><span class="line">systemctl enable nginx &amp;&amp; systemctl start nginx</span><br></pre></td></tr></table></figure>



]]></content>
      <categories>
        <category>nginx</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>nginx</tag>
        <tag>windows</tag>
      </tags>
  </entry>
  <entry>
    <title>nginx配置指南</title>
    <url>/posts/e3c0704d/</url>
    <content><![CDATA[<h3 id="摘要：nginx-常规配置及场景（反向代理，正向代理）；SSL证书申请（acme-sh-certbot-snap-）"><a href="#摘要：nginx-常规配置及场景（反向代理，正向代理）；SSL证书申请（acme-sh-certbot-snap-）" class="headerlink" title="摘要：nginx 常规配置及场景（反向代理，正向代理）；SSL证书申请（acme.sh,certbot-snap ）"></a>摘要：nginx 常规配置及场景（反向代理，正向代理）；SSL证书申请（acme.sh,certbot-snap ）</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="1-nginx配置文件介绍"><a href="#1-nginx配置文件介绍" class="headerlink" title="1.nginx配置文件介绍"></a>1.nginx配置文件介绍</h1><h2 id="1-1-nginx-conf-文件结构"><a href="#1-1-nginx-conf-文件结构" class="headerlink" title="1.1 nginx.conf 文件结构"></a>1.1 nginx.conf 文件结构</h2><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600742020517.png" alt="1600742020517" style="zoom: 67%;" />

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">...</span>              <span class="string">#全局块</span></span><br><span class="line"><span class="comment">#1、全局块：配置影响nginx全局的指令。一般有运行nginx服务器的用户组，nginx进程pid存放路径，日志存放路径，配置文件引入，允许生成worker process数等。</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#例如：</span></span><br><span class="line"><span class="comment">#user 设置nginx服务的系统使用用户</span></span><br><span class="line"><span class="comment">#worker_processes　　工作进程数---跟nginx多worker有关，增大连接数的并发处理，如8核cpu设置为8</span></span><br><span class="line"><span class="comment">#error_log　　nginx的错误日志存放位置</span></span><br><span class="line"><span class="comment">#pid　　nginx服务启动时候的pid 把pid记入一个文件，方便系统管理</span></span><br><span class="line"></span><br><span class="line"><span class="attr">events</span> <span class="string">&#123;         #events块</span></span><br><span class="line">   <span class="attr">...</span></span><br><span class="line"><span class="comment">#2、events块：配置影响nginx服务器或与用户的网络连接。有每个进程的最大连接数，选取哪种事件驱动模型处理连接请求，是否允许同时接受多个网路连接，开启多个网络连接序列化等</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#例如：</span></span><br><span class="line"><span class="comment">#可以指定使用哪个内核模型 select poll epoll，如 use epoll;</span></span><br><span class="line"><span class="comment">#worker_connections 每个进程最大连接数 ---系统优化时用得上</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">http</span>      <span class="string">#http块</span></span><br><span class="line"><span class="attr">&#123;</span></span><br><span class="line">    <span class="attr">...</span>   <span class="string">#http全局块</span></span><br><span class="line"><span class="comment">#3、http块：可以嵌套多个server，配置代理，缓存，日志定义等绝大多数功能和第三方模块的配置。如文件引入，mime-type定义，日志自定义，是否使用sendfile传输文件，连接超时时间，单连接请求数等。</span></span><br><span class="line">    </span><br><span class="line">    <span class="attr">server</span>        <span class="string">#server块</span></span><br><span class="line"><span class="comment">#4、server块：配置虚拟主机的相关参数，一个http中可以有多个server。</span></span><br><span class="line">    <span class="attr">&#123;</span> <span class="string"></span></span><br><span class="line">        <span class="attr">...</span>       <span class="string">#server全局块</span></span><br><span class="line"><span class="comment"># server全局块配置监听端口，服务名称，错误页面的配置等</span></span><br><span class="line">        </span><br><span class="line">        <span class="attr">location</span> <span class="string">[PATTERN]   #location块</span></span><br><span class="line">        <span class="attr">&#123;</span></span><br><span class="line">            <span class="attr">...</span></span><br><span class="line"><span class="comment">#5、location块：配置请求的路由，以及各种页面的处理情况。</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line">        <span class="attr">location</span> <span class="string">[PATTERN] </span></span><br><span class="line">        <span class="attr">&#123;</span></span><br><span class="line">            <span class="attr">...</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">server</span></span><br><span class="line">    <span class="attr">&#123;</span></span><br><span class="line">      <span class="attr">...</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">...</span>     <span class="string">#http全局块</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h2 id="1-2-通用配置文件"><a href="#1-2-通用配置文件" class="headerlink" title="1.2 通用配置文件"></a>1.2 通用配置文件</h2><ul>
<li><strong>注：配置文件以linux为主，windows环境下配置这里不再详述，主要注意配置文件中的<em>路径</em>。</strong></li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">修改nginx.conf配置文件，替换为以下内容</span></span><br><span class="line">vi /data/nginx/nginx/conf/nginx.conf</span><br></pre></td></tr></table></figure>

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#配置运行用户</span></span><br><span class="line"><span class="attr">user</span>  <span class="string">nginx;</span></span><br><span class="line"><span class="comment">#nginx进程，一般设置为和cpu核数一样,此处设置auto，根据需求自动调整</span></span><br><span class="line"><span class="attr">worker_processes</span>  <span class="string">auto;</span></span><br><span class="line"><span class="comment">#cpu亲和力，不同worker使用不同cpu</span></span><br><span class="line"><span class="attr">worker_cpu_affinity</span> <span class="string">auto;</span></span><br><span class="line"><span class="comment">#配置全局错误日志类型和位置，全局错误日志定义类型：[ debug | info | notice | warn | error | crit ]</span></span><br><span class="line"><span class="attr">error_log</span>  <span class="string">/data/nginx/nginx/logs/error.log warn;</span></span><br><span class="line"><span class="comment">#进程pid存放位置</span></span><br><span class="line"><span class="attr">pid</span>        <span class="string">/data/nginx/nginx/logs/nginx.pid;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#最大文件打开数（连接数），可设置为系统优化后的ulimit -HSn一样的结果</span></span><br><span class="line"><span class="attr">worker_rlimit_nofile</span> <span class="string">35535;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">events</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">	#使用epoll内核模型，多路复用IO(I/O Multiplexing)中的一种方式,但是仅用于linux2.6以上		内核,可以大大提高nginx的性能</span></span><br><span class="line">    <span class="attr">use</span> <span class="string">epoll;</span></span><br><span class="line"><span class="comment">    #单个后台worker process进程的最大并发链接数</span></span><br><span class="line">    <span class="attr">worker_connections</span>  <span class="string">10240;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#include 指令用于包含拆分的配置文件，我们需要手动创建modules文件夹,用于tcp的反向代理</span></span><br><span class="line"><span class="attr">include</span> <span class="string">/data/nginx/nginx/conf/modules/*.conf;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">http</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">	# 文件拓展名与类型映射表</span></span><br><span class="line">    <span class="attr">include</span>       <span class="string">/data/nginx/nginx/conf/mime.types;</span></span><br><span class="line"><span class="comment">    # 默认文件类型，默认设置为二进制流</span></span><br><span class="line">    <span class="attr">default_type</span>  <span class="string">application/octet-stream;</span></span><br><span class="line"><span class="comment">	#设置日志格式，一般默认即可</span></span><br><span class="line">    <span class="attr">log_format</span>  <span class="string">main  &#x27;$remote_addr - $remote_user [$time_local] &quot;$request&quot; &#x27;</span></span><br><span class="line">                      <span class="attr">&#x27;$status</span> <span class="string">$body_bytes_sent &quot;$http_referer&quot; &#x27;</span></span><br><span class="line">                      <span class="attr">&#x27;&quot;$http_user_agent&quot;</span> <span class="string">&quot;$http_x_forwarded_for&quot; &quot;$request_uri&quot;&#x27;;</span></span><br><span class="line"><span class="comment">	#设置日志名称，以天记录，日志存放路径</span></span><br><span class="line">	<span class="attr">map</span> <span class="string">$time_iso8601 $logdate &#123;</span></span><br><span class="line">      <span class="attr">&#x27;~^(?&lt;ymd&gt;\d&#123;4&#125;-\d&#123;2&#125;-\d&#123;2&#125;)&#x27;</span> <span class="string">$ymd;</span></span><br><span class="line">      <span class="attr">default</span>           <span class="string">&#x27;date-not-found&#x27;;</span></span><br><span class="line">   <span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">access_log</span> <span class="string">/data/nginx/nginx/logs/access-$logdate.log main;</span></span><br><span class="line"><span class="comment">    </span></span><br><span class="line"><span class="comment">    #开启高效文件传输模式</span></span><br><span class="line">    <span class="attr">sendfile</span>        <span class="string">on;</span></span><br><span class="line"><span class="comment">    </span></span><br><span class="line"><span class="comment">    #需要提高网络的传输效率，应该减少小包的传输，使用TCP_CORK来做汇总传输，再利用sendfile来提高效率</span></span><br><span class="line"><span class="comment">    #tcp_nopush     on;</span></span><br><span class="line"><span class="comment">    </span></span><br><span class="line"><span class="comment">    #在发送应立即发出的短消息之前设置TCP_NODELAY,立即发送，不计网络资源消耗</span></span><br><span class="line">    <span class="attr">tcp_nodelay</span>     <span class="string">on;</span></span><br><span class="line"><span class="comment">    </span></span><br><span class="line"><span class="comment">    #长连接超时时间，单位是秒</span></span><br><span class="line">    <span class="attr">keepalive_timeout</span>  <span class="string">30;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">    #include 指令用于包含拆分的配置文件，我们需要手动创建conf.d文件夹</span></span><br><span class="line">    <span class="attr">include</span> <span class="string">/data/nginx/nginx/conf/conf.d/*.conf;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="2-反向代理"><a href="#2-反向代理" class="headerlink" title="2.反向代理"></a>2.反向代理</h1><h2 id="2-1-http反向代理"><a href="#2-1-http反向代理" class="headerlink" title="2.1 http反向代理"></a>2.1 http反向代理</h2><ul>
<li><p><strong>实例：</strong><br>Nginx默认端口是80，假定现在要通过nginx来反向代理后端的端口为8682的Web服务，http_reproxy.conf配置如下 ：</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.创建conf.d文件夹</span></span><br><span class="line">mkdir /data/nginx/nginx/conf/conf.d</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.在conf.d中创建并配置http_reproxy.conf</span></span><br><span class="line">vi http_reproxy.conf</span><br><span class="line"><span class="meta">#</span><span class="language-bash">在配置文件中加入以下内容</span></span><br></pre></td></tr></table></figure>

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#在server中进行如下配置，主要是location中：</span></span><br><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">        <span class="attr">listen</span>       <span class="string">80;</span></span><br><span class="line">        <span class="attr">server_name</span>  <span class="string">localhost;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">        #charset koi8-r;</span></span><br><span class="line"><span class="comment">        #access_log  logs/host.access.log  main;</span></span><br><span class="line"></span><br><span class="line">        <span class="attr">location</span> <span class="string">/ &#123;</span></span><br><span class="line">            <span class="attr">root</span>   <span class="string">html;</span></span><br><span class="line">            <span class="attr">index</span>  <span class="string">index.html index.htm;</span></span><br><span class="line">            <span class="attr">proxy_redirect</span>          <span class="string">off;  </span></span><br><span class="line">            <span class="attr">proxy_set_header</span>        <span class="string">Host            $host;  </span></span><br><span class="line">            <span class="attr">proxy_set_header</span>        <span class="string">X-Real-IP       $remote_addr;  </span></span><br><span class="line">            <span class="attr">proxy_set_header</span>        <span class="string">X-Forwarded-For $proxy_add_x_forwarded_for;  </span></span><br><span class="line">            <span class="attr">proxy_set_header</span>        <span class="string">X-Forwarded-Proto  $scheme;  </span></span><br><span class="line">            <span class="attr">proxy_pass</span> <span class="string">http://192.168.85.107:8682;       </span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">        #error_page  404              /404.html;</span></span><br><span class="line"><span class="comment">        # redirect server error pages to the static page /50x.html</span></span><br><span class="line">        </span><br><span class="line">        <span class="attr">error_page</span>   <span class="string">500 502 503 504  /50x.html;</span></span><br><span class="line">        <span class="attr">location</span> = <span class="string">/50x.html &#123;</span></span><br><span class="line">            <span class="attr">root</span>   <span class="string">html;</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line"><span class="comment">    </span></span><br><span class="line"><span class="comment">#location配置说明： </span></span><br><span class="line"><span class="comment">#Host包含客户端真实的域名和端口号 </span></span><br><span class="line"><span class="comment">#X-Real-IP 客户端真实的ip地址 </span></span><br><span class="line"><span class="comment">#X-Forwarded-For 记录客户端真实ip和中间经历的多层代理的ip集 </span></span><br><span class="line"><span class="comment">#X-Forwarded-Proto表示客户端真实的协议（http还是https） </span></span><br><span class="line"><span class="comment">#proxy_pass 代理的Web服务的地址（ip+端口或者域名）</span></span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="2-2-https反向代理"><a href="#2-2-https反向代理" class="headerlink" title="2.2 https反向代理"></a>2.2 https反向代理</h2><ul>
<li>使用自签证书，Nginx代理https默认端口是443，假定现在要通过nginx来反向代理后端的端口为8682的Web服务</li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#直接生成自签证书</span></span><br><span class="line"><span class="attr">openssl</span> <span class="string">req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout example.key -out example.crt</span></span><br></pre></td></tr></table></figure>

<ul>
<li><p>https_reproxy.conf配置如下:</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">在conf.d中创建并配置https_reproxy.conf</span></span><br><span class="line">vi https_reproxy.conf</span><br><span class="line"><span class="meta">#</span><span class="language-bash">在配置文件中加入以下内容</span></span><br></pre></td></tr></table></figure></li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">		#监听443端口。443为知名端口号，主要用于HTTPS协议</span></span><br><span class="line">		<span class="attr">listen</span>       <span class="string">443 ssl;</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment">		#定义使用www.xx.com访问</span></span><br><span class="line">		<span class="attr">server_name</span>  <span class="string">192.168.85.107 example.com;</span></span><br><span class="line"></span><br><span class="line">         <span class="attr">keepalive_timeout</span> <span class="string">100;</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment">		#ssl证书文件位置(常见证书文件格式为：crt/pem)</span></span><br><span class="line">		<span class="attr">ssl_certificate</span>      <span class="string">/data/nginx/CA/example.crt;</span></span><br><span class="line"><span class="comment">		#ssl证书key位置</span></span><br><span class="line">		<span class="attr">ssl_certificate_key</span>  <span class="string">/data/nginx/CA/example.key;</span></span><br><span class="line"> </span><br><span class="line">		<span class="attr">ssl_session_cache</span>    <span class="string">shared:SSL:10m;</span></span><br><span class="line">		<span class="attr">ssl_session_timeout</span>  <span class="string">30m;</span></span><br><span class="line"> </span><br><span class="line">        <span class="attr">index</span> <span class="string">index.html index.htm;</span></span><br><span class="line">		<span class="attr">location</span> <span class="string">/ &#123;</span></span><br><span class="line">          <span class="attr">proxy_pass</span> <span class="string">http://192.168.85.107:8682;</span></span><br><span class="line">		<span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line">        <span class="attr">error_page</span>   <span class="string">500 502 503 504  /50x.html;</span></span><br><span class="line">        <span class="attr">location</span> = <span class="string">/50x.html &#123;</span></span><br><span class="line">           <span class="attr">root</span>   <span class="string">html;</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#配置说明</span></span><br><span class="line"><span class="comment">#ssl_session_cache    shared:SSL:10m; 设置存储session参数的缓存在所有工作进程之间共享</span></span><br><span class="line"><span class="comment">#ssl_session_timeout  30m; 指定客户端可以重用会话参数的时间</span></span><br></pre></td></tr></table></figure>



<h2 id="2-3-tcp反向代理"><a href="#2-3-tcp反向代理" class="headerlink" title="2.3 tcp反向代理"></a>2.3 tcp反向代理</h2><ol>
<li>TCP反向代理需要使用 <code>ngx_stream_core_module</code>这个模块,我们使用<code>nginx -V</code> 检查是否有<code>--with-stream</code>参数。</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600652880673.png" alt="1600652880673"></p>
<ol start="2">
<li><strong>实例:</strong></li>
</ol>
<p>​    现在要通过nginx来反向代理linux后端的端口为8682的Web服务，tcp_reproxy.conf配置如下</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.创建modules文件夹</span></span><br><span class="line">mkdir /data/nginx/nginx/conf/modules</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.在modules中创建并配置tcp_reproxy.conf</span></span><br><span class="line">vi tcp_reproxy.conf</span><br><span class="line"><span class="meta">#</span><span class="language-bash">在配置文件中加入以下内容</span></span><br></pre></td></tr></table></figure>

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">stream&#123;</span></span><br><span class="line"></span><br><span class="line">	<span class="attr">upstream</span> <span class="string">feedback &#123;</span></span><br><span class="line">		<span class="attr">hash</span> <span class="string">$remote_addr consistent;</span></span><br><span class="line">		<span class="attr">server</span> <span class="string">192.168.85.107:8682 max_fails=1 fail_timeout=10s;</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line">    <span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">        <span class="attr">listen</span> <span class="string">8001;</span></span><br><span class="line">        <span class="attr">proxy_connect_timeout</span> <span class="string">5s;</span></span><br><span class="line">        <span class="attr">proxy_timeout</span> <span class="string">10s;</span></span><br><span class="line">        <span class="attr">proxy_pass</span> <span class="string">feedback;</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#配置说明</span></span><br><span class="line"><span class="comment">#hash $remote_addr consistent 根据客户端ip hash取值</span></span><br><span class="line"><span class="comment">#max_fails=1 fail_timeout=10s  即10s内后端失败了1次【即一次请求超时】，那么这个后端就被标识为不可用 默认值就是</span></span><br><span class="line"><span class="comment">#proxy_connect_timeout  连接超时时间</span></span><br><span class="line"><span class="comment">#proxy_timeout 转发超时时间</span></span><br><span class="line"><span class="comment">#proxy_pass 转发到具体服务</span></span><br></pre></td></tr></table></figure>

<h1 id="3-正向代理"><a href="#3-正向代理" class="headerlink" title="3. 正向代理"></a>3. 正向代理</h1><h2 id="3-1-http正向代理"><a href="#3-1-http正向代理" class="headerlink" title="3.1 http正向代理"></a>3.1 http正向代理</h2><ul>
<li><p>例：现在要通过nginx来正向代理客户端访问一台web服务端口为8681的服务器，前提是客户端不能直接通过URI访问到web服务器（有限制）</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600847686089.png" alt="1600847686089"></p>
</li>
<li><p>正向代理服务器，http_forproxy.conf配置如下</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">在conf.d中创建并配置http_forproxy.conf</span></span><br><span class="line">vi http_forproxy.conf</span><br><span class="line"><span class="meta">#</span><span class="language-bash">在配置文件中加入以下内容</span></span><br></pre></td></tr></table></figure>

<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">    <span class="attr">listen</span>       <span class="string">80;</span></span><br><span class="line">    <span class="attr">server_name</span>  <span class="string">IP地址;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">    #charset koi8-r;</span></span><br><span class="line"><span class="comment">    #access_log  /var/log/nginx/test_proxy.access.log  main;</span></span><br><span class="line">    <span class="attr">resolver</span> <span class="string">8.8.8.8;</span></span><br><span class="line">    <span class="attr">location</span> <span class="string">/ &#123;  </span></span><br><span class="line">        <span class="attr">proxy_pass</span> <span class="string">http://$http_host$request_uri;</span></span><br><span class="line">    <span class="attr">&#125;</span>  <span class="string"></span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">    # redirect server error pages to the static page /50x.html</span></span><br><span class="line">    <span class="attr">error_page</span>   <span class="string">500 502 503 504  /50x.html;</span></span><br><span class="line">    <span class="attr">location</span> = <span class="string">/50x.html &#123;</span></span><br><span class="line">            <span class="attr">root</span>   <span class="string">html;</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#配置说明:</span></span><br><span class="line"><span class="comment">#resolver 配置DNS</span></span><br><span class="line"><span class="comment">#proxy_pass 代理转发地址</span></span><br></pre></td></tr></table></figure></li>
<li><p>验证：在浏览器中使用此代理服务器访问web服务器的8681端口</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600847371380.png" alt="1600847371380"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600847659782.png" alt="1600847659782"></p>
</li>
</ul>
<h1 id="4-TLS免费证书自动更新"><a href="#4-TLS免费证书自动更新" class="headerlink" title="4. TLS免费证书自动更新"></a>4. TLS免费证书自动更新</h1><h2 id="4-1-使用-Certbot-免费的命令行工具-来安装一个免费的-Let’s-Encrypt-SSL-证书"><a href="#4-1-使用-Certbot-免费的命令行工具-来安装一个免费的-Let’s-Encrypt-SSL-证书" class="headerlink" title="4.1 使用 Certbot 免费的命令行工具 来安装一个免费的 Let’s Encrypt SSL 证书"></a>4.1 使用 Certbot 免费的命令行工具 来安装一个免费的 Let’s Encrypt SSL 证书</h2><h3 id="4-1-1-下载certbot软件包"><a href="#4-1-1-下载certbot软件包" class="headerlink" title="4.1.1 下载certbot软件包"></a>4.1.1 下载certbot软件包</h3><ul>
<li>我们从供应商的网站直接下载</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">使用root用户</span></span><br><span class="line">wget -P /usr/local/bin https://dl.eff.org/certbot-auto</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">配置可执行权限</span></span><br><span class="line">chmod +x /usr/local/bin/certbot-auto</span><br></pre></td></tr></table></figure>

<h3 id="4-1-2-生成强健的-Dh-Diffie-Hellman-组"><a href="#4-1-2-生成强健的-Dh-Diffie-Hellman-组" class="headerlink" title="4.1.2 生成强健的 Dh(Diffie-Hellman) 组"></a>4.1.2 生成强健的 Dh(Diffie-Hellman) 组</h3><ul>
<li>Diffie–Hellman key 交换（DH）是一个在不安全通讯频道进行安全交换 keys 的方法。通过输入下面的命令，生成一个 2048 位的 DH 参数：</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048</span><br></pre></td></tr></table></figure>

<h3 id="4-1-3-获取-Let’s-Encrypt-SSL-证书"><a href="#4-1-3-获取-Let’s-Encrypt-SSL-证书" class="headerlink" title="4.1.3 获取 Let’s Encrypt SSL 证书"></a>4.1.3 获取 Let’s Encrypt SSL 证书</h3><h4 id="4-1-3-1-使用webroot插件，用来验证服务器"><a href="#4-1-3-1-使用webroot插件，用来验证服务器" class="headerlink" title="4.1.3.1 使用webroot插件，用来验证服务器"></a>4.1.3.1 使用webroot插件，用来验证服务器</h4><ul>
<li>想要获得一个域名 SSL 证书，我们将会使用 Webroot 插件，它将会为验证请求证书的域名在<code>$&#123;webroot-path&#125;/.well-known/acme-challenge</code>目录下创建一个临时文件。The Let’s Encrypt 服务器将会发起一个 HTTP 请求，用于请求这个临时文件，来验证被请求域名已经指向了这个运行 certbot 的服务器。</li>
<li>想要使流程更简单，我们将把所有针对<code>.well-known/acme-challenge</code>的 HTTP 请求映射到一个目录，<code>/var/lib/letsencrypt</code>。</li>
</ul>
<ol>
<li><p>创建目录，更改目录权限</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkdir -p /var/lib/letsencrypt/.well-known</span><br><span class="line">chgrp nginx /var/lib/letsencrypt</span><br><span class="line">chmod g+s /var/lib/letsencrypt</span><br></pre></td></tr></table></figure></li>
<li><p>创建一个nginx配置文件目录，用于模块化nginx配置</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">mkdir /data/nginx/nginx/conf/snippets</span><br></pre></td></tr></table></figure></li>
<li><p>创建并配置 <code>letsencrypt.conf </code></p>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#1.创建snippets文件夹</span></span><br><span class="line"><span class="attr">cd</span> <span class="string">/data/nginx/nginx/conf/snippets</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#2.在snippets中创建并配置letsencrypt.conf</span></span><br><span class="line"><span class="attr">vi</span> <span class="string">letsencrypt.conf</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#在 letsencrypt.conf中加入以下内容</span></span><br><span class="line">  <span class="attr">location</span> <span class="string">^~ /.well-known/acme-challenge/ &#123;</span></span><br><span class="line">  <span class="attr">allow</span> <span class="string">all;</span></span><br><span class="line">  <span class="attr">root</span> <span class="string">/var/lib/letsencrypt/;</span></span><br><span class="line">  <span class="attr">default_type</span> <span class="string">&quot;text/plain&quot;;</span></span><br><span class="line">  <span class="attr">try_files</span> <span class="string">$uri =404;</span></span><br><span class="line"> <span class="attr">&#125;</span></span><br></pre></td></tr></table></figure></li>
</ol>
<h4 id="4-1-3-2-获取证书"><a href="#4-1-3-2-获取证书" class="headerlink" title="4.1.3.2  获取证书"></a>4.1.3.2  获取证书</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">/usr/local/bin/certbot-auto certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com</span><br></pre></td></tr></table></figure>

<ul>
<li><p>注：在第一次运行<code>certbot</code>的时候，这个工具将会安装一些缺失的依赖软件包。一旦 SSL 证书被成功安装，certbot 将会打印下面的信息（证书目录，到期时间等）：</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1600932775892.png" alt="1600932775892"></p>
</li>
</ul>
<h4 id="4-1-3-3-配置https反向代理"><a href="#4-1-3-3-配置https反向代理" class="headerlink" title="4.1.3.3 配置https反向代理"></a>4.1.3.3 配置https反向代理</h4><p>配置 <code>https_reproxy.conf</code></p>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#1.进入到conf.d目录</span></span><br><span class="line"><span class="attr">cd</span> <span class="string">/data/nginx/nginx/conf/conf.d</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#2.配置https_reproxy.conf</span></span><br><span class="line"><span class="attr">vi</span> <span class="string">https_reproxy.conf</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#加入以下内容</span></span><br><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">  #只能使用默认80端口</span></span><br><span class="line">  <span class="attr">listen</span> <span class="string">80;</span></span><br><span class="line"><span class="comment">  #此处配置备案域名</span></span><br><span class="line">  <span class="attr">server_name</span> <span class="string">example.com www.example.com;</span></span><br><span class="line">  <span class="attr">include</span> <span class="string">/data/nginx/nginx/conf/snippets/letsencrypt.conf</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line">       <span class="attr">listen</span>       <span class="string">443 ssl;</span></span><br><span class="line">       <span class="attr">server_name</span>  <span class="string">example.com www.example.com;</span></span><br><span class="line"></span><br><span class="line">       <span class="attr">keepalive_timeout</span> <span class="string">100;</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">	   #配置证书目录</span></span><br><span class="line">       <span class="attr">ssl_certificate</span> <span class="string">/etc/letsencrypt/live/example.com/fullchain.pem;</span></span><br><span class="line">       <span class="attr">ssl_certificate_key</span> <span class="string">/etc/letsencrypt/live/example.com/privkey.pem;</span></span><br><span class="line">       </span><br><span class="line">       <span class="attr">ssl_session_cache</span>    <span class="string">shared:SSL:1m;</span></span><br><span class="line">	   <span class="attr">ssl_session_timeout</span>  <span class="string">5m;</span></span><br><span class="line">	  <span class="attr">ssl_protocols</span> <span class="string">TLSv1.2 TLSv1.3;</span></span><br><span class="line">      <span class="attr">ssl_ciphers</span> <span class="string">ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</span></span><br><span class="line"></span><br><span class="line">       <span class="attr">location</span> <span class="string">/ &#123;</span></span><br><span class="line"><span class="comment">        #    root   /home/www;</span></span><br><span class="line"><span class="comment">        #    index  index.html index.htm;</span></span><br><span class="line">         <span class="attr">proxy_pass</span> <span class="string">http://localhost:8080;</span></span><br><span class="line">       <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h3 id="4-1-4-配置自动更新Let’s-Encrypt-SSL-证书"><a href="#4-1-4-配置自动更新Let’s-Encrypt-SSL-证书" class="headerlink" title="4.1.4 配置自动更新Let’s Encrypt SSL 证书"></a>4.1.4 配置自动更新Let’s Encrypt SSL 证书</h3><ul>
<li><p>注： Let’s Encrypt 签发的证书被所有的主流浏览器所信任，但是只有 90 天有效期，我们需要在证书过期之前自动续订证书 。</p>
<ol>
<li><p>通过运行 <code>crontab</code> 命令，来创建一个定时任务： </p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">crontab -e</span><br></pre></td></tr></table></figure></li>
<li><p>添加以下内容</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">代表一天两次运行，并且自动刷新任何离过期还有 30 天左右的域名证书。</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">0 */12 * * * root <span class="built_in">test</span> -x /usr/local/bin/certbot-auto -a \! -d /run/systemd/system &amp;&amp; perl -e <span class="string">&#x27;sleep int(rand(3600))&#x27;</span> &amp;&amp; /usr/local/bin/certbot-auto -q renew --renew-hook <span class="string">&quot;/data/nginx/nginx/sbin/nginx -s reload&quot;</span></span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">这样每5天就会执行一次所有域名的续期操作</span></span><br><span class="line">  0 3 */5 * * /usr/local/bin/certbot-auto renew --disable-hook-validation --renew-hook &quot;/data/nginx/nginx/sbin/nginx -s reload&quot;</span><br></pre></td></tr></table></figure></li>
<li><p>测试更新，并不会真的更新证书</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">certbot-auto --dry-run renew</span><br></pre></td></tr></table></figure></li>
<li><p>查看证书过期时间</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">certbot certificates</span><br></pre></td></tr></table></figure></li>
<li><p>强制提前更新证书</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">certbot-auto renew --force-renew --renew-hook &quot;/data/nginx/nginx/sbin/nginx -s reload&quot;</span><br></pre></td></tr></table></figure></li>
</ol>
</li>
</ul>
<h3 id="4-1-5-撤销删除证书"><a href="#4-1-5-撤销删除证书" class="headerlink" title="4.1.5  撤销删除证书"></a>4.1.5  撤销删除证书</h3><ol>
<li><p>撤销</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">如还有需要请先对证书进行备份</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash"><span class="built_in">cp</span> /etc/letsencrypt/ /etc/letsencrypt.backup -r</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">撤销命名，注意：指定目前真实使用的证书文件绝对路径</span></span><br><span class="line">certbot revoke --cert-path /etc/letsencrypt/live/ccbpay.manfanglanting.com/privkey.pem</span><br></pre></td></tr></table></figure></li>
<li><p>删除</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">certbot delete</span><br><span class="line"><span class="meta">#</span><span class="language-bash">一般撤销之后就没有证书文件了，此时会提示证书文件不存在</span></span><br></pre></td></tr></table></figure></li>
<li><p>删除https_reproxy.conf中的ssl配置,并重新加载nginx</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.删除以下内容</span></span><br><span class="line">server &#123;</span><br><span class="line">       listen       443 ssl;</span><br><span class="line">       server_name  example.com www.example.com;</span><br><span class="line"></span><br><span class="line">       keepalive_timeout 100;</span><br><span class="line"></span><br><span class="line">	   #配置证书目录</span><br><span class="line">       ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;</span><br><span class="line">       ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;</span><br><span class="line">       </span><br><span class="line">       ssl_session_cache    shared:SSL:1m;</span><br><span class="line">	   ssl_session_timeout  5m;</span><br><span class="line">	  ssl_protocols TLSv1.2 TLSv1.3;</span><br><span class="line">      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</span><br><span class="line"></span><br><span class="line">       location / &#123;</span><br><span class="line">        #    root   /home/www;</span><br><span class="line">        #    index  index.html index.htm;</span><br><span class="line">         proxy_pass http://localhost:8080;</span><br><span class="line">       &#125;</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.重新加载nginx</span></span><br><span class="line">/data/nginx/nginx/sbin/nginx -s reload</span><br></pre></td></tr></table></figure></li>
</ol>
<h2 id="4-2-使用自动脚本-acme-sh-安装证书"><a href="#4-2-使用自动脚本-acme-sh-安装证书" class="headerlink" title="4.2 使用自动脚本 acme.sh 安装证书"></a>4.2 使用自动脚本 <code>acme.sh</code> 安装证书</h2><ul>
<li><p>中文文档</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">https://github.com/acmesh-official/acme.sh/wiki/说明</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-2-1-下载解压acme-sh"><a href="#4-2-1-下载解压acme-sh" class="headerlink" title="4.2.1 下载解压acme.sh"></a>4.2.1 下载解压acme.sh</h3><ol>
<li><p>这里选择直接从GitHub下载</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">wget https://github.com/acmesh-official/acme.sh/archive/master.zip</span><br></pre></td></tr></table></figure></li>
<li><p>解压</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">unzip master.zip</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="4-2-2-安装acme-sh"><a href="#4-2-2-安装acme-sh" class="headerlink" title="4.2.2 安装acme.sh"></a>4.2.2 安装acme.sh</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1. 进入acme目录</span></span><br><span class="line">cd acme.sh-master</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.安装</span></span><br><span class="line">./acme.sh --install </span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">安装程序将执行3个操作：</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">1.创建和复制acme.sh到home目录去(<span class="variable">$HOME</span>): ~/.acme.sh/。所有证书也将放置在此文件夹中。</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.并创建一个bash的别名：acme.sh=~/.acme.sh/acme.sh</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">3.创建定时任务，以检查和更新证书，如果需要的话</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">重新载入~/.bashrc</span></span><br><span class="line">source ~/.bashrc</span><br></pre></td></tr></table></figure>

<h3 id="4-2-3-生成证书"><a href="#4-2-3-生成证书" class="headerlink" title="4.2.3 生成证书"></a>4.2.3 生成证书</h3><ul>
<li><strong>acme.sh</strong> 实现了 <strong>acme</strong> 协议支持的所有验证协议. 一般有两种方式验证: http 和 dns 验证。</li>
</ul>
<h4 id="4-2-3-1使用http的nginx模式"><a href="#4-2-3-1使用http的nginx模式" class="headerlink" title="4.2.3.1使用http的nginx模式"></a>4.2.3.1使用http的nginx模式</h4><ol>
<li><p>编辑http_reproxy.conf文件</p>
<ul>
<li>保证80端口可用</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">server &#123;</span><br><span class="line">        listen       80;</span><br><span class="line">        server_name  example.com;</span><br><span class="line"></span><br><span class="line">        location / &#123;</span><br><span class="line">            root   html;</span><br><span class="line">            index  index.html index.htm;</span><br><span class="line">        &#125;</span><br><span class="line">   &#125;</span><br></pre></td></tr></table></figure></li>
<li><p>需要将nginx添加到环境变量中,否则<code>acme.sh</code>不能找到nginx命令，会报<code>nginx command is not found.</code></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1602597188870.png" alt="1602597188870"></p>
</li>
<li><p>运行以下命令，申请证书</p>
</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh  --issue  -d example.com -d *.example.com --nginx /data/nginx/nginx/conf/nginx.conf</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">-d 配置域名</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--nginx 后需要指定实际配置域名的配置文件路径</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">*.example.com 通配符证书</span></span><br></pre></td></tr></table></figure>

<h4 id="4-2-3-2-使用阿里云的DNS"><a href="#4-2-3-2-使用阿里云的DNS" class="headerlink" title="4.2.3.2 使用阿里云的DNS"></a>4.2.3.2 使用阿里云的DNS</h4><ol>
<li><p>登录阿里云控制台，获取api秘钥  <a href="https://ak-console.aliyun.com/#/accesskey">Https://ak-console.aliyun.com/#/accesskey</a></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1602828329608.png" alt="1602828329608"></p>
</li>
<li><p>运行以下两行命令</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">export Ali_Key=&quot;111231313&quot;</span><br><span class="line">export Ali_Secret=&quot;Oc53ns30dvP1141414414JgrgI6pkY&quot;</span><br></pre></td></tr></table></figure></li>
<li><p>运行以下命令生成证书</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --issue --dns dns_ali -d example.com -d www.example.com</span><br><span class="line"><span class="meta"># </span><span class="language-bash">如果生成失败  可以在后面加上  --debug 或者 --<span class="built_in">log</span> 重新运行以获取详细错误</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">如果出现</span>  </span><br><span class="line"><span class="meta">#</span><span class="language-bash">Error add txt <span class="keyword">for</span> domain:_acme-challenge.wangzw.cn</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">Please check <span class="built_in">log</span> file <span class="keyword">for</span> more details: /root/.acme.sh/acme.sh.log</span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">需要在阿里云控制台--RAM访问控制中给当前用户添加AliyunDNSFullAccess权限</span></span><br></pre></td></tr></table></figure>

<ul>
<li> 这个<code>Ali_Key</code>和<code>Ali_Secret</code>会被保存在<code>~/.acme.sh/account.conf</code>在需要的时候会被重复使用。 </li>
</ul>
</li>
</ol>
<h3 id="4-2-4-DNSPOD（腾讯云）"><a href="#4-2-4-DNSPOD（腾讯云）" class="headerlink" title="4.2.4 DNSPOD（腾讯云）"></a>4.2.4 DNSPOD（腾讯云）</h3><ul>
<li>域名是使用dnspod来管理域名dns</li>
</ul>
<ol>
<li><p>申请token</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment">#dnspod.cn 需要先申请api 操作密锁，路径是： 账号中心-密锁管理</span></span><br><span class="line"><span class="comment">#https://console.dnspod.cn/account/token</span></span><br></pre></td></tr></table></figure></li>
<li><p>配置环境变量</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="built_in">export</span> DP_Id=<span class="string">&quot;12***5&quot;</span></span><br><span class="line"><span class="built_in">export</span> DP_Key=<span class="string">&quot;212fb35f*************9b7a22&quot;</span></span><br></pre></td></tr></table></figure></li>
<li><p>申请ssl证书</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">acme.sh   –issue   –dns dns_dp  -d  example.com  -d  *.example.com</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="4-2-5-证书配置-拷贝到指定目录"><a href="#4-2-5-证书配置-拷贝到指定目录" class="headerlink" title="4.2.5 证书配置(拷贝到指定目录)"></a>4.2.5 证书配置(拷贝到指定目录)</h3><ul>
<li>注意，默认生成的证书都放在安装目录下：<code>~/.acme.sh/</code> 请不要直接使用此目录下的文件，例：不要直接让nginx的配置文件使用这下面的文件，这里面的文件都是内部使用，而且目录结构可能会变化。正确的使用方法是使用<code>--install-cert</code>命令，并指定目标位置，然后证书文件会被复制到相应的位置。</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">1.需要先创建存放证书的文件夹</span></span><br><span class="line">mkdir  /data/nginx/nginx/certs</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">2.运行以下命令</span></span><br><span class="line">acme.sh --install-cert -d example.com.cn \</span><br><span class="line">--key-file       /data/nginx/nginx/certs/example.com.cn.key  \</span><br><span class="line">--fullchain-file/data/nginx/nginx/certs/fullchain.cer \</span><br><span class="line">--reloadcmd     &quot;systemctl force-reload nginx.service&quot;</span><br></pre></td></tr></table></figure>

<h3 id="4-2-6-更新证书"><a href="#4-2-6-更新证书" class="headerlink" title="4.2.6 更新证书"></a>4.2.6 更新证书</h3><ul>
<li>不需要手动更新证书。所有证书将每60天自动更新一次。但也可以强制续订证书：</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --renew -d example.com --force</span><br></pre></td></tr></table></figure>

<ul>
<li>记录一次更新失败的解决办法</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">第一种方法</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">--insecure <span class="comment">#增加这个参数</span></span></span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">第二种方法 没使用</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">在acme.sh中搜索curl --silent，将其修改为curl -k --silent，其他保持不变即可</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash"> 这个-k什么用途  可以看这里 https://curl.se/docs/sslcerts.html</span></span><br></pre></td></tr></table></figure>



<h3 id="4-2-7-停止续订证书"><a href="#4-2-7-停止续订证书" class="headerlink" title="4.2.7 停止续订证书"></a>4.2.7 停止续订证书</h3><ul>
<li><p>要停止更新证书，您可以执行以下操作将证书从更新列表中删除</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --remove -d example.com </span><br></pre></td></tr></table></figure></li>
<li><p>证书/密钥文件没有从磁盘中删除。您可以删除相应的目录。</p>
</li>
</ul>
<h3 id="4-2-8-撤销证书"><a href="#4-2-8-撤销证书" class="headerlink" title="4.2.8 撤销证书"></a>4.2.8 撤销证书</h3><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">撤销证书</span></span><br><span class="line"><span class="meta">$ </span><span class="language-bash">acme.sh --revoke -d example.com</span> </span><br></pre></td></tr></table></figure>

<h3 id="4-2-9-自动升级acme-sh"><a href="#4-2-9-自动升级acme-sh" class="headerlink" title="4.2.9 自动升级acme.sh"></a>4.2.9 自动升级acme.sh</h3><ul>
<li><p>acme.sh在不断开发中，因此强烈建议使用最新的版本，您可以将acme.sh更新为最新版本</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --upgrade</span><br></pre></td></tr></table></figure></li>
<li><p>也可以启用自动升级,那么acme.sh将自动保持最新</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">这个地方可能会报错</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">推荐先安装socat。如果你使用standalone mode，那么我们需要为了standalone server使用socat。如果你不使用standalone mode，那么请忽略这条警告</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">想要安装socat的话，可以使用yum安装socat：yum install socat</span></span><br><span class="line">acme.sh --upgrade --auto-upgrade</span><br></pre></td></tr></table></figure></li>
<li><p>禁用自动升级</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --upgrade --auto-upgrade 0</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-2-10-管理证书"><a href="#4-2-10-管理证书" class="headerlink" title="4.2.10 管理证书"></a>4.2.10 管理证书</h3><ul>
<li><p>通过acme.sh申请过证书、域名等 </p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --list</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-2-11-配置https反向代理"><a href="#4-2-11-配置https反向代理" class="headerlink" title="4.2.11 配置https反向代理"></a>4.2.11 配置https反向代理</h3><ul>
<li><p>在conf.d中配置https_reproxy.conf</p>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="attr">server</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">		#监听443端口。443为知名端口号，主要用于HTTPS协议</span></span><br><span class="line">		<span class="attr">listen</span>       <span class="string">443 ssl;</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment">		#定义使用www.xx.com访问</span></span><br><span class="line">		<span class="attr">server_name</span>  <span class="string">192.168.85.107 example.com;</span></span><br><span class="line"></span><br><span class="line">         <span class="attr">keepalive_timeout</span> <span class="string">100;</span></span><br><span class="line"><span class="comment"> </span></span><br><span class="line"><span class="comment">		#ssl证书文件位置</span></span><br><span class="line">		<span class="attr">ssl_certificate</span>      <span class="string">/data/nginx/CA/example.cer;</span></span><br><span class="line"><span class="comment">		#ssl证书key位置</span></span><br><span class="line">		<span class="attr">ssl_certificate_key</span>  <span class="string">/data/nginx/CA/example.key;</span></span><br><span class="line"> </span><br><span class="line">		<span class="attr">ssl_session_cache</span>    <span class="string">shared:SSL:10m;</span></span><br><span class="line">		<span class="attr">ssl_session_timeout</span>  <span class="string">30m;</span></span><br><span class="line"><span class="comment">		#启用指定协议</span></span><br><span class="line">		<span class="attr">ssl_protocols</span>       <span class="string">TLSv1 TLSv1.1 TLSv1.2;   </span></span><br><span class="line"><span class="comment">		#指定启用的密码。密码是按照OpenSSL库能够理解的格式指定的</span></span><br><span class="line">	     <span class="attr">ssl_ciphers</span> <span class="string">ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</span></span><br><span class="line"> </span><br><span class="line">        <span class="attr">index</span> <span class="string">index.html index.htm;</span></span><br><span class="line">		<span class="attr">location</span> <span class="string">/ &#123;</span></span><br><span class="line">          <span class="attr">proxy_pass</span> <span class="string">http://localhost:8682;</span></span><br><span class="line">		<span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line">        <span class="attr">error_page</span>   <span class="string">500 502 503 504  /50x.html;</span></span><br><span class="line">        <span class="attr">location</span> = <span class="string">/50x.html &#123;</span></span><br><span class="line">           <span class="attr">root</span>   <span class="string">html;</span></span><br><span class="line">        <span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-2-12-acme-sh-V3版本默认使用ZeroSSL证书"><a href="#4-2-12-acme-sh-V3版本默认使用ZeroSSL证书" class="headerlink" title="4.2.12 acme.sh V3版本默认使用ZeroSSL证书"></a>4.2.12 acme.sh V3版本默认使用ZeroSSL证书</h3><ul>
<li><p>如果需要改回lets的</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh  --register-account  --server letsencrypt  -m  myemail@example.com</span><br><span class="line"></span><br><span class="line">--or--</span><br><span class="line"></span><br><span class="line">acme.sh  --issue --server letsencrypt  -d  example.com  --dns dns_cf</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">或者直接设置默认证书就是lets</span></span><br><span class="line">acme.sh  --set-default-ca  --server letsencrypt</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="4-3-windows环境下使用acme-sh安装证书"><a href="#4-3-windows环境下使用acme-sh安装证书" class="headerlink" title="4.3 windows环境下使用acme.sh安装证书"></a>4.3 windows环境下使用<code>acme.sh</code>安装证书</h2><ul>
<li>注：4.3中所有申请方式，均依赖于阿里云DNS解析。</li>
</ul>
<h3 id="4-3-1-使用Cygwin工具模拟linux环境使用-acme-sh-安装"><a href="#4-3-1-使用Cygwin工具模拟linux环境使用-acme-sh-安装" class="headerlink" title="4.3.1  使用Cygwin工具模拟linux环境使用 acme.sh 安装"></a>4.3.1  使用Cygwin工具模拟linux环境使用 acme.sh 安装</h3><ul>
<li>主要是使用Cygwin工具模拟linux环境安装，Cygwin是一个在windows平台上运行的类似UNIX的模拟环境 </li>
</ul>
<h4 id="4-3-1-1-安装Cygwin"><a href="#4-3-1-1-安装Cygwin" class="headerlink" title="4.3.1.1 安装Cygwin"></a>4.3.1.1 安装Cygwin</h4><ol>
<li>下载Cygwin程序包</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">https://cygwin.com/setup-x86_64.exe #64位</span><br><span class="line">https://cygwin.com/setup-x86.exe    #32位</span><br></pre></td></tr></table></figure>

<ol start="2">
<li><p>点击安装包</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606275781747.png" alt="1606275781747" style="zoom: 67%;" /></li>
<li><p>默认</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606275815552.png" alt="1606275815552" style="zoom:67%;" /></li>
<li><p>选择安装路径</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606275831301.png" alt="1606275831301" style="zoom:67%;" /></li>
<li><p>选择存储路径,如果没有需要创建此目录</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606275895235.png" alt="1606275895235" style="zoom:67%;" /></li>
<li><p>选择网络连接，默认</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606275984385.png" alt="1606275984385" style="zoom:67%;" /></li>
<li><p>这里选择使用阿里云镜像</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">http://mirrors.aliyun.com/cygwin/</span><br></pre></td></tr></table></figure>

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606276175248.png" alt="1606276175248" style="zoom:67%;" /></li>
<li><p>选择需要下载安装的组件包，选择curl、cron、bzip2、wget、gcc-core、gcc-g++、make、openssh、lynx</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606276519627.png" alt="1606276519627" style="zoom:67%;" />

<ul>
<li>检查需要安装的包是否选中</li>
</ul>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606276672183.png" alt="1606276672183"  /></li>
<li><p>安装完成</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606400597842.png" alt="1606400597842"></p>
</li>
<li><p>检查安装是否成功,在Cygwin终端中输入此命令会打印出版本的运行状态</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">cygcheck -c cygwin</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606286228564.png" alt="1606286228564"></p>
</li>
</ol>
<h4 id="4-3-1-2-开始安装acme-sh"><a href="#4-3-1-2-开始安装acme-sh" class="headerlink" title="4.3.1.2 开始安装acme.sh"></a>4.3.1.2 开始安装acme.sh</h4><ol>
<li><p>直接在终端中运行以下命令</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">也可使用wget</span></span><br><span class="line"><span class="meta"># </span><span class="language-bash">wget -O - https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh</span></span><br></pre></td></tr></table></figure></li>
<li><p>如果出现以下错误，是因为本机无法解析域名，需要在hosts中手动添加上</p>
</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606272032840.png" alt="1606272032840"></p>
<ul>
<li><p>在hosts文件中添加以下内容</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">文件位置 C:\Windows\System32\drivers\etc</span></span><br><span class="line"></span><br><span class="line">199.232.96.133 raw.githubusercontent.com</span><br></pre></td></tr></table></figure></li>
</ul>
<ol start="3">
<li>重新下载，当出现 <code>Install success!</code>之后安装成功</li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606272047201.png" alt="1606272047201"></p>
<h4 id="4-3-1-3-申请证书"><a href="#4-3-1-3-申请证书" class="headerlink" title="4.3.1.3 申请证书"></a>4.3.1.3 申请证书</h4><ul>
<li><p>使用阿里云的DNS，方式与4.2.3.2一致</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606355410440.png" alt="1606355410440"></p>
</li>
</ul>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606355359998.png" alt="1606355359998" style="zoom:67%;" />

<h4 id="4-3-1-4-配置证书"><a href="#4-3-1-4-配置证书" class="headerlink" title="4.3.1.4 配置证书"></a>4.3.1.4 配置证书</h4><ul>
<li>注：证书申请成功之后，需要配置证书(拷贝到指定目录)，例如我们使用nginx做https反向代理，证书会在60天自动更新，在证书更新之后需要对nginx做reload，由于nginx在windows中运行对于命令行下操作nginx不是很友好（必须切换到nginx安装的绝对路径中才能操作），所以此处需要使用批处理来操作（没有找到更好的办法）。</li>
</ul>
<ol>
<li><p>编写批处理</p>
<ul>
<li><p>放置在nginx安装的根目录中</p>
</li>
<li><p>批处理文件 <code>reload-nginx.bat</code></p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606373292991.png" alt="1606373292991" style="zoom: 50%;" /></li>
</ul>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">@<span class="built_in">echo</span> off</span><br><span class="line">E:</span><br><span class="line"><span class="built_in">cd</span> E:\SoftWare\nginx-1.18.0</span><br><span class="line">tasklist /fi <span class="string">&quot;imagename eq nginx.exe&quot;</span> | find <span class="string">&quot;:&quot;</span> &gt; nul</span><br><span class="line"><span class="keyword">if</span> errorlevel 1 nginx -s reload</span><br></pre></td></tr></table></figure>

<ul>
<li>其中第2，3行需要根据实际nginx安装的盘符和路径进行改写</li>
</ul>
</li>
<li><p>运行以下命令配置证书</p>
<ul>
<li>注：在Cygwin终端中盘符表示为 /cygdrive/d（代表D盘），/cygdrive/e（代表E盘）</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">acme.sh --install-cert -d example.com \</span><br><span class="line">--key-file       /cygdrive/d/DownloadFile/keyfile/example.com.key  \</span><br><span class="line">--fullchain-file /cygdrive/d/DownloadFile/keyfile/fullchain.cer \</span><br><span class="line">--reloadcmd     &quot;/cygdrive/e/SoftWare/nginx-1.18.0/reload-nginx.bat&quot;</span><br></pre></td></tr></table></figure>

<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606373989885.png" alt="1606373989885"></p>
</li>
</ol>
<h3 id="4-3-2-使用Certify-SSL-TLS工具申请证书"><a href="#4-3-2-使用Certify-SSL-TLS工具申请证书" class="headerlink" title="4.3.2 使用Certify SSL/TLS工具申请证书"></a>4.3.2 使用Certify SSL/TLS工具申请证书</h3><ul>
<li><h3 id="管理IIS、Windows和其他服务的免费https证书，-证书来自Let-s-Encrypt和其他ACME证书颁发机构"><a href="#管理IIS、Windows和其他服务的免费https证书，-证书来自Let-s-Encrypt和其他ACME证书颁发机构" class="headerlink" title="管理IIS、Windows和其他服务的免费https证书， 证书来自Let`s Encrypt和其他ACME证书颁发机构"></a>管理IIS、Windows和其他服务的免费https证书， 证书来自Let`s Encrypt和其他ACME证书颁发机构</h3></li>
</ul>
<h4 id="4-3-2-1-下载安装客户端"><a href="#4-3-2-1-下载安装客户端" class="headerlink" title="4.3.2.1 下载安装客户端"></a>4.3.2.1 下载安装客户端</h4><ol>
<li>下载地址</li>
</ol>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">https://certifytheweb.com/home/download</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>一直默认安装即可</li>
</ol>
<h4 id="4-3-2-2-配置"><a href="#4-3-2-2-配置" class="headerlink" title="4.3.2.2 配置"></a>4.3.2.2 配置</h4><ul>
<li>官方配置文档：<a href="https://docs.certifytheweb.com/docs/intro">https://docs.certifytheweb.com/docs/intro</a></li>
</ul>
<ol>
<li><p>添加一个邮箱，在证书即将到期或者自动更新失败的情况下，通过邮件形式通知。</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606380299233.png" alt="1606380299233" style="zoom:67%;" /></li>
<li><p>添加域名</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606380411370.png" alt="1606380411370" style="zoom:67%;" /></li>
<li><p>选择颁发机构，我们选择Let`s Encrypt</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606380508003.png" alt="1606380508003" style="zoom:67%;" /></li>
<li><p>选择验证类型</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606380721058.png" alt="1606380721058" style="zoom:67%;" /></li>
<li><p>配置DNS api秘钥</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606380879811.png" alt="1606380879811" style="zoom:67%;" /></li>
<li><p>授权设置</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606381042928.png" alt="1606381042928" style="zoom:67%;" /></li>
<li><p>证书部署</p>
<ul>
<li>默认情况下，认证将自动更新/添加与证书主机名匹配的所有网站的https绑定。还可以选择定制部署发生的方式。可以定制这种行为，这里选择只存储。</li>
</ul>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606381397930.png" alt="1606381397930" style="zoom:67%;" /></li>
<li><p>设置申请或更新成功之后的第一个task（将证书部署到nginx）</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606382223765.png" alt="1606382223765" style="zoom:67%;" />

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606383546522.png" alt="1606383546522" style="zoom:67%;" />

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606383621320.png" alt="1606383621320" style="zoom:67%;" /></li>
<li><p>设置第二个task（reload nginx）</p>
<ul>
<li>其中使用到的批处理脚本与 本文档（4.3.1.4）中说明的批处理是同一个，按照4.3.1.4 中配置即可</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384087138.png" alt="1606384087138"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384153471.png" alt="1606384153471"></p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384197761.png" alt="1606384197761"></p>
</li>
<li><p>保存配置，测试，申请证书</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384404709.png" alt="1606384404709"></p>
<ul>
<li><p>测试</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606383725880.png" alt="1606383725880"></p>
</li>
<li><p>申请证书</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606383833355.png" alt="1606383833355" style="zoom:67%;" /></li>
</ul>
</li>
<li><p>申请成功</p>
<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384499335.png" alt="1606384499335" style="zoom:67%;" />

 <img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384587769.png" alt="1606384587769" style="zoom:67%;" />

<img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384754329.png" alt="1606384754329" style="zoom:67%;" /></li>
<li><p>自动更新可配置</p>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/1606384933082.png" alt="1606384933082"></p>
</li>
</ol>
<h2 id="4-4-certbot-snap方式"><a href="#4-4-certbot-snap方式" class="headerlink" title="4.4 certbot-snap方式"></a>4.4 certbot-snap方式</h2><h3 id="4-4-1-snap安装"><a href="#4-4-1-snap安装" class="headerlink" title="4.4.1 snap安装"></a>4.4.1 snap安装</h3><ol>
<li>将Epel存储库添加到CentOS安装中：</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">yum install snapd -y</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>启用：</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">systemctl <span class="built_in">enable</span> --now snapd.socket</span><br></pre></td></tr></table></figure>

<ol start="3">
<li>创建一个符号链接<code>/var/lib/snapd/snap</code>和<code>/snap</code>:</li>
</ol>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">ln</span> -s /var/lib/snapd/snap /snap</span><br></pre></td></tr></table></figure>

<ul>
<li>安装snap之后，要么重新登录，要么重新启动系统，以确保正确更新Snap的路径 </li>
</ul>
<ol start="4">
<li>执行以下指令，以确保您拥有最新版本的snap</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">snap install core</span><br><span class="line">snap refresh core</span><br></pre></td></tr></table></figure>

<h3 id="4-4-2-certbot-nginx-证书申请"><a href="#4-4-2-certbot-nginx-证书申请" class="headerlink" title="4.4.2 certbot-nginx 证书申请"></a>4.4.2 certbot-nginx 证书申请</h3><ol>
<li><p>下载certbot</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">snap install --classic certbot</span><br></pre></td></tr></table></figure></li>
<li><p>准备Certbot命令</p>
<ul>
<li>在机器上的命令行上执行以下指令，以确保<code>Certbot</code>命令可以运行。</li>
</ul>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">ln</span> -s /snap/bin/certbot /usr/bin/certbot</span><br></pre></td></tr></table></figure></li>
<li><p>申请证书</p>
<figure class="highlight bash"><table><tr><td class="code"><pre><span class="line">certbot  --nginx-server-root /data/nginx/nginx/conf/ --nginx -d *.example.com -d example.com</span><br><span class="line"></span><br><span class="line"><span class="comment">#有可能会提示找不到可执行的nginx二进制文件  那么就创建一个软连接 </span></span><br><span class="line"><span class="comment"># ln -s /data/nginx/nginx/sbin/nginx /usr/bin/nginx</span></span><br><span class="line"></span><br><span class="line"><span class="comment">#显示使用Certbot生成的所有证书的信息</span></span><br><span class="line">certbot  certificates</span><br></pre></td></tr></table></figure></li>
<li><p>自动更新</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment">#测试更新</span></span><br><span class="line">certbot renew --dry-run</span><br><span class="line"><span class="comment">#强制更新证书</span></span><br><span class="line">certbot renew --force-renewal</span><br><span class="line"></span><br><span class="line"><span class="comment">#certbot只会对有效期不足30天的证书执行更新</span></span><br><span class="line"><span class="comment">#定时任务存在于以下位置之一：</span></span><br><span class="line"><span class="comment">#/etc/crontab/</span></span><br><span class="line"><span class="comment">#/etc/cron.*/*</span></span><br><span class="line"><span class="comment">#systemctl list-timers </span></span><br><span class="line"></span><br><span class="line"><span class="comment">#一天两次执行 11.05  15:13  如果想修改那么就在/etc/systemd/system/snap.certbot.renew.timer中修改</span></span><br><span class="line"><span class="comment">#[Timer]</span></span><br><span class="line"><span class="comment">#Unit=snap.certbot.renew.service</span></span><br><span class="line"><span class="comment">#OnCalendar=*-*-* 11:05</span></span><br><span class="line"><span class="comment">#OnCalendar=*-*-* 15:13</span></span><br><span class="line"></span><br><span class="line"><span class="comment">#查看所有定时任务</span></span><br><span class="line"><span class="comment">#systemctl list-timers</span></span><br></pre></td></tr></table></figure></li>
<li><p>certbot 常用配置</p>
</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">用法:</span><br><span class="line">  certbot [子命令] [选项] [-d 域名] [-d 域名] ...</span><br><span class="line"></span><br><span class="line">Certbot工具用于获取和安装 HTTPS/TLS/SSL 证书。默认情况下，Certbot会尝试为本地网页服务器</span><br><span class="line">(如果不存在会默认安装一个到本地)获取并安装证书。最常用的子命令和选项如下:</span><br><span class="line"></span><br><span class="line">获取, 安装, 更新证书:</span><br><span class="line">    (默认) run       获取并安装证书到当前网页服务器</span><br><span class="line">    certonly        获取或更新证书，但是不安装</span><br><span class="line">    renew           更新已经获取但快过期的所有证书</span><br><span class="line">   -d 域名列表        指定证书对应的域名列表，域名之间使用逗号分隔</span><br><span class="line"></span><br><span class="line">  --apache          使用Apache插件进行身份认证和安装</span><br><span class="line">  --standalone      运行一个独立的网页服务器用于身份认证</span><br><span class="line">  --nginx           使用Nginx插件进行身份认证和安装</span><br><span class="line">  --webroot         把身份认证文件放置在服务器的网页根目录下</span><br><span class="line">  --manual          使用交互式或脚本钩子的方式获取证书</span><br><span class="line"></span><br><span class="line">   -n               非交互式运行</span><br><span class="line">  --test-cert       从预交付服务器上获取测试证书</span><br><span class="line">  --dry-run         测试获取或更新证书，但是不存储到本地硬盘</span><br><span class="line"></span><br><span class="line">证书管理:</span><br><span class="line">    certificates    显示使用Certbot生成的所有证书的信息</span><br><span class="line">    revoke          撤销证书(supply --cert-path)</span><br><span class="line">    delete          删除证书</span><br><span class="line"></span><br><span class="line">管理你的Let<span class="string">&#x27;s Encrypt账户</span></span><br><span class="line"><span class="string">    register        创建Let&#x27;</span>s Encrypt ACME账户</span><br><span class="line">  --agree-tos       同意ACME服务器的订阅协议</span><br><span class="line">   -m EMAIL         接收有关账户的重要通知的邮箱地址</span><br><span class="line"></span><br><span class="line">可选参数:</span><br><span class="line">  -h, --<span class="built_in">help</span>            显示帮助信息，然后退出</span><br><span class="line">  -c 配置文件, --config 配置文件</span><br><span class="line">                        配置文件的路径 (默认: /etc/letsencrypt/cli.ini</span><br><span class="line">                        或 ~/.config/letsencrypt/cli.ini)</span><br><span class="line">  -d 域名列表, --domains 域名列表, --domain 域名列表</span><br><span class="line">                        指定域名列表。如果有多个域名，可以多次使用-d参数，也可以在-d参数后</span><br><span class="line">                        使用逗号分隔的域名列表。(默认: 询问)</span><br><span class="line">  --cert-name 证书名称   指定证书名称。每次Certbot运行只使用一个证书名称。可以使用命令</span><br><span class="line">                        <span class="string">&#x27;certbot certificates&#x27;</span>查看已生成的证书名称。当创建新的证书时，</span><br><span class="line">                        此选项用于指定证书的名称。(默认: 无)</span><br><span class="line">  --dry-run             使用客户端执行一次试运行，获取测试证书(无效的证书)但不保存到磁盘。</span><br><span class="line">                        当前选项仅用于<span class="string">&#x27;certonly&#x27;</span>和<span class="string">&#x27;renew&#x27;</span>子命令。</span><br><span class="line">                        注: 尽管 --dry-run 选项试图阻止任何对系统的修改，但并不能做到</span><br><span class="line">                        完全避免: 如果使用类似apache或nginx网页服务器来认证插件，</span><br><span class="line">                        程序运行过程中，会尝试修改或恢复配置文件来获取测试证书，</span><br><span class="line">                        也会重启网页服务器来部署和回滚这些修改。如果定义了 --pre-hook 					   和--post-hook 选项它们会被同时执行，这两个选项有助于更精确地模				      拟更新证书。--renew-hook 选项在这里不会被执行。(默认: False)</span><br><span class="line">自动化:</span><br><span class="line">  用于自动运行或其他情况的参数</span><br><span class="line"></span><br><span class="line">  --keep-until-expiring, --keep, --reinstall</span><br><span class="line">                        如果被请求的证书已经存在，那么不执行更新操作直到证书将要过期</span><br><span class="line">                        (如果使用了<span class="string">&#x27;run&#x27;</span>子命令，无论是否过期证书都会被更新)。</span><br><span class="line">                        (默认: 询问)</span><br><span class="line">  --<span class="built_in">expand</span>              如果请求的证书名字是已经存在的证书名字的子集，那么这个本地证书</span><br><span class="line">                        会被重置并重命名。(默认: 询问)</span><br><span class="line">  --version             显示程序和版本号，然后退出</span><br><span class="line">  --force-renewal, --renew-by-default</span><br><span class="line">                        如果请求的证书已经存在，无论是否快要到期，更新该证书。</span><br><span class="line">                        (通常使用 --keep-until-expiring 选项)。</span><br><span class="line">                        该选项默认包含了 --<span class="built_in">expand</span> 选项的功能。(默认: False)</span><br><span class="line">  --renew-with-new-domains</span><br><span class="line">                        如果被请求的证书已经存在，但是域名变了，那么无论该证书是否将要过期都会被更新。(默认: False)</span><br><span class="line"></span><br><span class="line">安全:</span><br><span class="line">  有关安全的参数和服务器设置</span><br><span class="line"></span><br><span class="line">  --rsa-key-size N      RSA密钥的大小。 (默认: 2048)</span><br><span class="line">  --must-staple         为证书添加 OCSP Must Staple 扩展。当Apache版本高于2.3.3时，</span><br><span class="line">                        自动配置 OCSP Stapling 支持。 (默认: False)</span><br><span class="line">  --redirect            对于新认证的虚拟主机，自动重定向HTTP到HTTPS。 (默认: 询问)</span><br><span class="line">  --no-redirect         对于新认证的虚拟主机，不要重定向HTTP到HTTPS。 (默认: 询问)</span><br><span class="line">  --hsts                Add the Strict-Transport-Security header to every HTTP</span><br><span class="line">                        response. Forcing browser to always use SSL <span class="keyword">for</span> the</span><br><span class="line">                        domain. Defends against SSL Stripping. (default:</span><br><span class="line">                        False)</span><br><span class="line">  --uir                 Add the <span class="string">&quot;Content-Security-Policy: upgrade-insecure-</span></span><br><span class="line"><span class="string">                        requests&quot;</span> header to every HTTP response. Forcing the</span><br><span class="line">                        browser to use https:// <span class="keyword">for</span> every http:// resource.</span><br><span class="line">                        (default: None)</span><br><span class="line">  --staple-ocsp         Enables OCSP Stapling. A valid OCSP response is</span><br><span class="line">                        stapled to the certificate that the server offers</span><br><span class="line">                        during TLS. (default: None)</span><br><span class="line">  --strict-permissions  Require that all configuration files are owned by the</span><br><span class="line">                        current user; only needed <span class="keyword">if</span> your config is somewhere</span><br><span class="line">                        unsafe like /tmp/ (default: False)</span><br><span class="line"></span><br><span class="line">路径:</span><br><span class="line">  修改有关执行路径和服务器的参数</span><br><span class="line"></span><br><span class="line">  --cert-path 证书路径</span><br><span class="line">                        Path to <span class="built_in">where</span> cert is saved (with auth --csr),</span><br><span class="line">                        installed from, or revoked. (default: None)</span><br><span class="line">  --key-path 密钥路径    Path to private key <span class="keyword">for</span> cert installation or</span><br><span class="line">                        revocation (<span class="keyword">if</span> account key is missing) (default: None)</span><br><span class="line">  --chain-path 钥匙链路径</span><br><span class="line">                        Accompanying path to a certificate chain. (default:</span><br><span class="line">                        None)</span><br><span class="line">  --config-dir 配置文件目录</span><br><span class="line">                        Configuration directory. (default: /etc/letsencrypt)</span><br><span class="line">  --work-dir 工作目录    Working directory. (default: /var/lib/letsencrypt)</span><br><span class="line">  --logs-dir 日志目录    Logs directory. (default: /var/log/letsencrypt)</span><br><span class="line">  --server 服务器        ACME Directory Resource URI. (default:</span><br><span class="line">                        https://acme-v01.api.letsencrypt.org/directory)</span><br><span class="line">nginx:</span><br><span class="line">  Nginx网页服务器插件 - Alpha版本</span><br><span class="line"></span><br><span class="line">  --nginx-server-root NGINX_SERVER_ROOT</span><br><span class="line">                        Nginx server root directory. (default: /etc/nginx)</span><br><span class="line">  --nginx-ctl NGINX_CTL</span><br><span class="line">                        Path to the <span class="string">&#x27;nginx&#x27;</span> binary, used <span class="keyword">for</span> <span class="string">&#x27;configtest&#x27;</span> and</span><br><span class="line">                        retrieving nginx version number. (default: nginx)</span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>nginx</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>nginx</tag>
        <tag>windows</tag>
      </tags>
  </entry>
  <entry>
    <title>nginx+keepalived高可用</title>
    <url>/posts/bc02660d/</url>
    <content><![CDATA[<h3 id="摘要：nginx-keepalived-实现高可用（主备，双主模式）"><a href="#摘要：nginx-keepalived-实现高可用（主备，双主模式）" class="headerlink" title="摘要：nginx +keepalived 实现高可用（主备，双主模式）"></a>摘要：nginx +keepalived 实现高可用（主备，双主模式）</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="nginx-keepalived-高可用（主备）"><a href="#nginx-keepalived-高可用（主备）" class="headerlink" title="nginx+keepalived 高可用（主备）"></a>nginx+keepalived 高可用（主备）</h1><blockquote>
<p>Keepalived 是一种高性能的服务器高可用或热备解决方案， Keepalived 可以用来防止服务器单点故障的发生，通过配合 Nginx 可以实现服务的高可用，Keepalived 以 VRRP 协议为实现基础，用 VRRP 协议来实现高可用性(HA)。 </p>
<p>VRRP(Virtual RouterRedundancy Protocol)协议是用于实现路由器冗余的协议</p>
<p>keepalived官网：<a href="https://www.keepalived.org/">https://www.keepalived.org</a></p>
</blockquote>
<h2 id="测试服务器准备"><a href="#测试服务器准备" class="headerlink" title="测试服务器准备"></a>测试服务器准备</h2><table>
<thead>
<tr>
<th align="center">VIP</th>
<th align="center">IP</th>
<th align="center">PORT</th>
<th align="center">主备</th>
</tr>
</thead>
<tbody><tr>
<td align="center">192.168.85.108</td>
<td align="center">192.168.85.106</td>
<td align="center">80(nginx)</td>
<td align="center">MASTER</td>
</tr>
<tr>
<td align="center">192.168.85.108</td>
<td align="center">192.168.85.107</td>
<td align="center">80(nginx)</td>
<td align="center">BACKUP</td>
</tr>
</tbody></table>
<h2 id="安装nginx和keepalive"><a href="#安装nginx和keepalive" class="headerlink" title="安装nginx和keepalive"></a>安装nginx和keepalive</h2><h3 id="nginx-安装（主备）"><a href="#nginx-安装（主备）" class="headerlink" title="nginx 安装（主备）"></a>nginx 安装（主备）</h3><ul>
<li>安装nginx安装配置指南安装即可，本文档只是简单实现HA，故分别修改一下index.html加以区分</li>
</ul>
<figure class="highlight html"><table><tr><td class="code"><pre><span class="line"><span class="comment">&lt;!-- 在body标签中增加本机ip --&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">h1</span>&gt;</span>这是192.168.85.10X<span class="tag">&lt;/<span class="name">h1</span>&gt;</span></span><br></pre></td></tr></table></figure>

<h3 id="配置keepalivedNginx-sh-脚本"><a href="#配置keepalivedNginx-sh-脚本" class="headerlink" title="配置keepalivedNginx.sh 脚本"></a>配置<code>keepalivedNginx.sh</code> 脚本</h3><ul>
<li>vim <code>/etc/keepalived/keepalivedNginx.sh</code></li>
<li>chmod +x /etc/keepalived/keepalivedNginx.sh</li>
</ul>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line">A=`pgrep nginx |<span class="built_in">wc</span> -l`</span><br><span class="line"><span class="keyword">if</span> [ <span class="variable">$A</span> -eq 0 ];<span class="keyword">then</span></span><br><span class="line">  <span class="comment">#/usr/local/nginx/sbin/nginx #nginx命令的路径</span></span><br><span class="line">  currentime=`<span class="built_in">date</span> <span class="string">&quot;+%Y-%m-%d %H:%M:%S&quot;</span>`</span><br><span class="line">  <span class="comment">#/usr/sbin/nginx -c /etc/nginx/nginx.conf</span></span><br><span class="line">  systemctl start nginx</span><br><span class="line">  <span class="built_in">echo</span> <span class="string">&quot;nginx restart at <span class="variable">$currentime</span>  over !!!!!!&quot;</span> &gt;&gt; /opt/keepalived/monitornginx.log</span><br><span class="line">  <span class="built_in">sleep</span> 3</span><br><span class="line">  A=`pgrep nginx |<span class="built_in">wc</span> -l`</span><br><span class="line">  <span class="keyword">if</span> [ <span class="variable">$A</span> -eq 0 ];<span class="keyword">then</span></span><br><span class="line">    currentime=`<span class="built_in">date</span> <span class="string">&quot;+%Y-%m-%d %H:%M:%S&quot;</span>`</span><br><span class="line">    killall keepalived</span><br><span class="line">      <span class="built_in">echo</span> <span class="string">&quot;nginx restart at <span class="variable">$currentime</span> failed so kill keepalived!!!!!&quot;</span> &gt;&gt; /opt/keepaalived/monitornginx.log</span><br><span class="line">  <span class="keyword">fi</span></span><br><span class="line"><span class="keyword">fi</span></span><br></pre></td></tr></table></figure>

<h3 id="keepalived安装"><a href="#keepalived安装" class="headerlink" title="keepalived安装"></a>keepalived安装</h3><ol>
<li><p>下载依赖</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">yum install -y curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel </span><br></pre></td></tr></table></figure></li>
<li><p>下载并解压安装</p>
</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 源码下载解压</span></span><br><span class="line"><span class="built_in">cd</span> /usr/local/src</span><br><span class="line">wget https://www.keepalived.org/software/keepalived-2.2.2.tar.gz</span><br><span class="line">tar -zxvf keepalived-2.2.2.tar.gz</span><br><span class="line"></span><br><span class="line"><span class="comment"># 配置编译安装</span></span><br><span class="line"><span class="built_in">cd</span> keepalived-1.2.18</span><br><span class="line">./configure --prefix=/data/keepalived --sysconf=/etc</span><br><span class="line">make &amp;&amp; make install</span><br></pre></td></tr></table></figure>

<ol start="3">
<li><p>配置开机自启</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 如果没有自启脚本可以直接复制源码中的，默认源码安装完成后会有的</span></span><br><span class="line">systemctl <span class="built_in">enable</span> keepalived</span><br><span class="line"><span class="built_in">cp</span> /usr/local/src/keepalived-2.2.2/keepalived/etc/sysconfig/keepalived /etc/sysconfig/</span><br><span class="line"><span class="comment">#centos 6使用以下脚本</span></span><br><span class="line"><span class="comment">#cp /usr/local/src/keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/</span></span><br><span class="line"><span class="comment">#chkconfig keepalived on</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 创建一个软连接</span></span><br><span class="line"><span class="built_in">ln</span> -s /data/keepalived/sbin/keepalived /usr/sbin/</span><br></pre></td></tr></table></figure></li>
</ol>
<h3 id="配置keepalived"><a href="#配置keepalived" class="headerlink" title="配置keepalived"></a>配置keepalived</h3><h4 id="MASTER-（192-168-85-106）"><a href="#MASTER-（192-168-85-106）" class="headerlink" title="MASTER （192.168.85.106）"></a>MASTER （192.168.85.106）</h4><ul>
<li>修改此 <code>/keepalived/keepalived.conf </code>配置文件</li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">! Configuration File for keepalived</span></span><br><span class="line"><span class="attr">global_defs</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">	## keepalived 自带的邮件提醒需要开启 sendmail 服务。 建议用独立的监控或第三方 SMTP</span></span><br><span class="line">	<span class="attr">router_id</span> <span class="string">singlee ## 标识本节点的字条串，通常为 hostname</span></span><br><span class="line"><span class="attr">&#125;</span> <span class="string"></span></span><br><span class="line"><span class="comment">## keepalived 会定时执行脚本并对脚本执行的结果进行分析，动态调整 vrrp_instance 的优先级。如果脚本执行结果为 0，并且 weight 配置的值大于 0，则优先级相应的增加。如果脚本执行结果非 0，并且 weight配置的值小于 0，则优先级相应的减少。其他情况，维持原本配置的优先级，即配置文件中 priority 对应的值。</span></span><br><span class="line"><span class="attr">vrrp_script</span> <span class="string">chk_nginx &#123;</span></span><br><span class="line">	<span class="attr">script</span> <span class="string">&quot;/etc/keepalived/keepalivedNginx.sh&quot; ## 检测 nginx 状态的脚本路径</span></span><br><span class="line">	<span class="attr">interval</span> <span class="string">2 ## 检测时间间隔</span></span><br><span class="line">	<span class="attr">weight</span> <span class="string">-20 ## 如果条件成立，权重-20</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment">## 定义虚拟路由， VI_1 为虚拟路由的标示符，自己定义名称</span></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_1 &#123;</span></span><br><span class="line">	<span class="attr">state</span> <span class="string">MASTER ## 主节点为 MASTER， 对应的备份节点为 BACKUP</span></span><br><span class="line">	<span class="attr">interface</span> <span class="string">ens33 ## 绑定虚拟 IP 的网络接口，与本机 IP 地址所在的网络接口相同</span></span><br><span class="line">	<span class="attr">virtual_router_id</span> <span class="string">33 ## 虚拟路由的 ID 号， 两个节点设置必须一样， 可选 IP 最后一段使用, 相同的 VRID 为一个组，他将决定多播的 MAC 地址</span></span><br><span class="line">	<span class="attr">mcast_src_ip</span> <span class="string">192.168.85.106 ## 本机 IP 地址</span></span><br><span class="line">	<span class="attr">priority</span> <span class="string">100 ## 节点优先级， 值范围 0-254， MASTER 要比 BACKUP 高</span></span><br><span class="line">	<span class="attr">nopreempt</span> <span class="string">## 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题</span></span><br><span class="line">	<span class="attr">advert_int</span> <span class="string">1 ## 组播信息发送间隔，两个节点设置必须一样， 默认 1s</span></span><br><span class="line"><span class="comment">	## 设置验证信息，两个节点必须一致</span></span><br><span class="line">	<span class="attr">authentication</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">auth_type</span> <span class="string">PASS</span></span><br><span class="line">		<span class="attr">auth_pass</span> <span class="string">1111 ## 真实生产，按需求对应该过来</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line"><span class="comment">	## 将 track_script 块加入 instance 配置块</span></span><br><span class="line">	<span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">chk_nginx</span> <span class="string">## 执行 Nginx 监控的服务</span></span><br><span class="line">	<span class="attr">&#125;</span> <span class="string">#</span></span><br><span class="line"><span class="comment">	# 虚拟 IP 池, 两个节点设置必须一样</span></span><br><span class="line">	<span class="attr">virtual_ipaddress</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">192.168.85.108</span> <span class="string">## 虚拟 ip，可以定义多个</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h4 id="BACKUP-192-168-85-107"><a href="#BACKUP-192-168-85-107" class="headerlink" title="BACKUP (192.168.85.107)"></a>BACKUP (192.168.85.107)</h4><ul>
<li>修改此 <code>/keepalived/keepalived.conf </code>配置文件</li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">! Configuration File for keepalived</span></span><br><span class="line"><span class="attr">global_defs</span> <span class="string">&#123;</span></span><br><span class="line">	<span class="attr">router_id</span> <span class="string">wangzw</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="attr">vrrp_script</span> <span class="string">chk_nginx &#123;</span></span><br><span class="line">	<span class="attr">script</span> <span class="string">&quot;/etc/keepalived/keepalivedNginx.sh&quot;</span></span><br><span class="line">	<span class="attr">interval</span> <span class="string">2</span></span><br><span class="line">	<span class="attr">weight</span> <span class="string">-20</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_1 &#123;</span></span><br><span class="line">	<span class="attr">state</span> <span class="string">BACKUP</span></span><br><span class="line">	<span class="attr">interface</span> <span class="string">ens33</span></span><br><span class="line">	<span class="attr">virtual_router_id</span> <span class="string">33</span></span><br><span class="line">	<span class="attr">mcast_src_ip</span> <span class="string">192.168.85.107</span></span><br><span class="line">	<span class="attr">priority</span> <span class="string">90</span></span><br><span class="line">	<span class="attr">advert_int</span> <span class="string">1</span></span><br><span class="line">	<span class="attr">authentication</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">auth_type</span> <span class="string">PASS</span></span><br><span class="line">		<span class="attr">auth_pass</span> <span class="string">1111</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">	<span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">chk_nginx</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">	<span class="attr">virtual_ipaddress</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">192.168.85.108</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h3 id="配置clean-arp-sh"><a href="#配置clean-arp-sh" class="headerlink" title="配置clean_arp.sh"></a>配置clean_arp.sh</h3><blockquote>
<p>自动更新vip的arp记录到网关</p>
</blockquote>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta">#</span><span class="language-bash">!/bin/sh</span></span><br><span class="line">VIP=$1</span><br><span class="line">GATEWAY=192.168.85.2</span><br><span class="line">/sbin/arping -I ens33 -c 5 -s $VIP $GATEWAY &amp;&gt;/dev/null  </span><br></pre></td></tr></table></figure>

<h2 id="配置防火墙"><a href="#配置防火墙" class="headerlink" title="配置防火墙"></a>配置防火墙</h2><figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">#开启vrrp 协议  ens33是网卡名称</span></span><br><span class="line"><span class="attr">firewall-cmd</span> <span class="string">--direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destination 224.0.0.18 --protocol vrrp -j ACCEPT</span></span><br><span class="line"></span><br><span class="line"><span class="attr">firewall-cmd</span> <span class="string">--reload</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment">#如果使用的防火墙是iptables，在规则中添加一下内容</span></span><br><span class="line"><span class="comment">#master</span></span><br><span class="line"><span class="attr">-A</span> <span class="string">INPUT -i ens33 -p vrrp -s 192.168.85.107 -j ACCEPT #(192.168.85.107 从机IP)</span></span><br><span class="line"><span class="comment">#backup</span></span><br><span class="line"><span class="attr">-A</span> <span class="string">INPUT -i ens33 -p vrrp -s 192.168.85.106 -j ACCEPT #(192.168.85.16 主机IP)</span></span><br></pre></td></tr></table></figure>

<h2 id="启动nginx-keepalived-测试HA"><a href="#启动nginx-keepalived-测试HA" class="headerlink" title="启动nginx keepalived,测试HA"></a>启动nginx keepalived,测试HA</h2><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 分别启动主备服务器的nginx个keepalived</span></span><br><span class="line"><span class="comment"># 2. 使用虚拟ip访问,可以看到默认主就是106</span></span><br><span class="line"><span class="comment"># 3. 关闭106的nginx和keepalived  再次使用虚拟ip108访问，发现此时是指向107的，主备切换完成</span></span><br><span class="line"><span class="comment"># 4. 开启106的keepalived  重新使用虚拟ip108访问 发现此时指向的是106的nginx，主服务恢复</span></span><br></pre></td></tr></table></figure>

<h1 id="nginx-keepalived-高可用（双主）"><a href="#nginx-keepalived-高可用（双主）" class="headerlink" title="nginx+keepalived 高可用（双主）"></a>nginx+keepalived 高可用（双主）</h1><blockquote>
<p>主备情况下一台服务器处于备份状态浪费资源</p>
<p>双主情况下需要多一个vip，增加一个109的vip</p>
</blockquote>
<h2 id="master配置"><a href="#master配置" class="headerlink" title="master配置"></a>master配置</h2><figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">! Configuration File for keepalived</span></span><br><span class="line"><span class="attr">global_defs</span> <span class="string">&#123;</span></span><br><span class="line"><span class="comment">	## keepalived 自带的邮件提醒需要开启 sendmail 服务。 建议用独立的监控或第三方 SMTP</span></span><br><span class="line">	<span class="attr">router_id</span> <span class="string">singlee ## 标识本节点的字条串，通常为 hostname</span></span><br><span class="line"><span class="attr">&#125;</span> <span class="string"></span></span><br><span class="line"><span class="comment">## keepalived 会定时执行脚本并对脚本执行的结果进行分析，动态调整 vrrp_instance 的优先级。如果脚本执行结果为 0，并且 weight 配置的值大于 0，则优先级相应的增加。如果脚本执行结果非 0，并且 weight配置的值小于 0，则优先级相应的减少。其他情况，维持原本配置的优先级，即配置文件中 priority 对应的值。</span></span><br><span class="line"><span class="attr">vrrp_script</span> <span class="string">chk_nginx &#123;</span></span><br><span class="line">	<span class="attr">script</span> <span class="string">&quot;/etc/keepalived/keepalivedNginx.sh&quot; ## 检测 nginx 状态的脚本路径</span></span><br><span class="line">	<span class="attr">interval</span> <span class="string">2 ## 检测时间间隔</span></span><br><span class="line">	<span class="attr">weight</span> <span class="string">-20 ## 如果条件成立，权重-20</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="comment">## 定义虚拟路由， VI_1 为虚拟路由的标示符，自己定义名称</span></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_1 &#123;</span></span><br><span class="line">	<span class="attr">state</span> <span class="string">MASTER ## 主节点为 MASTER， 对应的备份节点为 BACKUP</span></span><br><span class="line">	<span class="attr">interface</span> <span class="string">ens33 ## 绑定虚拟 IP 的网络接口，与本机 IP 地址所在的网络接口相同</span></span><br><span class="line">	<span class="attr">virtual_router_id</span> <span class="string">33 ## 虚拟路由的 ID 号， 两个节点设置必须一样， 可选 IP 最后一段使用, 相同的 VRID 为一个组，他将决定多播的 MAC 地址</span></span><br><span class="line">	<span class="attr">mcast_src_ip</span> <span class="string">192.168.85.106 ## 本机 IP 地址</span></span><br><span class="line">	<span class="attr">priority</span> <span class="string">100 ## 节点优先级， 值范围 0-254， MASTER 要比 BACKUP 高</span></span><br><span class="line">	<span class="attr">nopreempt</span> <span class="string">## 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题</span></span><br><span class="line">	<span class="attr">advert_int</span> <span class="string">1 ## 组播信息发送间隔，两个节点设置必须一样， 默认 1s</span></span><br><span class="line"><span class="comment">	## 设置验证信息，两个节点必须一致</span></span><br><span class="line">	<span class="attr">authentication</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">auth_type</span> <span class="string">PASS</span></span><br><span class="line">		<span class="attr">auth_pass</span> <span class="string">1111 ## 真实生产，按需求改</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line"><span class="comment">	## 将 track_script 块加入 instance 配置块</span></span><br><span class="line">	<span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">chk_nginx</span> <span class="string">## 执行 Nginx 监控的服务</span></span><br><span class="line">	<span class="attr">&#125;</span> <span class="string">#</span></span><br><span class="line"><span class="comment">	# 虚拟 IP 池, 两个节点设置必须一样</span></span><br><span class="line">	<span class="attr">virtual_ipaddress</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">192.168.85.108</span> <span class="string">## 虚拟 ip，可以定义多个</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line"><span class="comment">	#当前节点成为master时，通知脚本执行任务</span></span><br><span class="line">	 <span class="attr">notify_master</span> <span class="string">&quot;/etc/keepalived/clean_arp.sh  192.168.85.108&quot;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_2 &#123;  </span></span><br><span class="line">    <span class="attr">state</span> <span class="string">BACKUP  </span></span><br><span class="line">    <span class="attr">interface</span> <span class="string">ens33  </span></span><br><span class="line">    <span class="attr">virtual_router_id</span> <span class="string">52 </span></span><br><span class="line">    <span class="attr">mcast_src_ip</span> <span class="string">192.168.85.107</span></span><br><span class="line">    <span class="attr">priority</span> <span class="string">90  </span></span><br><span class="line">    <span class="attr">advert_int</span> <span class="string">1  </span></span><br><span class="line">    <span class="attr">authentication</span> <span class="string">&#123;  </span></span><br><span class="line">        <span class="attr">auth_type</span> <span class="string">PASS  </span></span><br><span class="line">        <span class="attr">auth_pass</span> <span class="string">1111  </span></span><br><span class="line">    <span class="attr">&#125;</span>  <span class="string"></span></span><br><span class="line">    <span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">chk_nginx</span> <span class="string"></span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">virtual_ipaddress</span> <span class="string">&#123;  </span></span><br><span class="line">        <span class="attr">192.168.85.109</span> <span class="string"></span></span><br><span class="line">    <span class="attr">&#125;</span>  <span class="string"></span></span><br><span class="line">    <span class="attr">notify_master</span> <span class="string">&quot;/etc/keepalived/clean_arp.sh  192.168.85.109&quot;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h2 id="backup配置"><a href="#backup配置" class="headerlink" title="backup配置"></a>backup配置</h2><figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment">! Configuration File for keepalived</span></span><br><span class="line"><span class="attr">global_defs</span> <span class="string">&#123;</span></span><br><span class="line">	<span class="attr">router_id</span> <span class="string">wangzw</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="attr">vrrp_script</span> <span class="string">chk_nginx &#123;</span></span><br><span class="line">	<span class="attr">script</span> <span class="string">&quot;/etc/keepalived/keepalivedNginx.sh&quot;</span></span><br><span class="line">	<span class="attr">interval</span> <span class="string">2</span></span><br><span class="line">	<span class="attr">weight</span> <span class="string">-20</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_1 &#123;</span></span><br><span class="line">	<span class="attr">state</span> <span class="string">BACKUP</span></span><br><span class="line">	<span class="attr">interface</span> <span class="string">ens33</span></span><br><span class="line">	<span class="attr">virtual_router_id</span> <span class="string">33</span></span><br><span class="line">	<span class="attr">mcast_src_ip</span> <span class="string">192.168.85.106</span></span><br><span class="line">	<span class="attr">priority</span> <span class="string">90</span></span><br><span class="line">	<span class="attr">advert_int</span> <span class="string">1</span></span><br><span class="line">	<span class="attr">authentication</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">auth_type</span> <span class="string">PASS</span></span><br><span class="line">		<span class="attr">auth_pass</span> <span class="string">1111</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">	<span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">chk_nginx</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">	<span class="attr">virtual_ipaddress</span> <span class="string">&#123;</span></span><br><span class="line">		<span class="attr">192.168.85.108</span></span><br><span class="line">	<span class="attr">&#125;</span></span><br><span class="line">	<span class="attr">notify_master</span> <span class="string">&quot;/etc/keepalived/clean_arp.sh  192.168.85.108&quot;</span></span><br><span class="line"><span class="attr">&#125;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">vrrp_instance</span> <span class="string">VI_2 &#123;  </span></span><br><span class="line">    <span class="attr">state</span> <span class="string">MASTER  </span></span><br><span class="line">    <span class="attr">interface</span> <span class="string">ens33  </span></span><br><span class="line">    <span class="attr">virtual_router_id</span> <span class="string">52  </span></span><br><span class="line">    <span class="attr">mcast_src_ip</span> <span class="string">192.168.85.107</span></span><br><span class="line">    <span class="attr">priority</span> <span class="string">100 </span></span><br><span class="line">    <span class="attr">advert_int</span> <span class="string">1  </span></span><br><span class="line">    <span class="attr">authentication</span> <span class="string">&#123;  </span></span><br><span class="line">        <span class="attr">auth_type</span> <span class="string">PASS  </span></span><br><span class="line">        <span class="attr">auth_pass</span> <span class="string">1111  </span></span><br><span class="line">    <span class="attr">&#125;</span>  <span class="string"></span></span><br><span class="line">    <span class="attr">track_script</span> <span class="string">&#123;</span></span><br><span class="line">        <span class="attr">chk_nginx</span></span><br><span class="line">    <span class="attr">&#125;</span></span><br><span class="line">    <span class="attr">virtual_ipaddress</span> <span class="string">&#123;  </span></span><br><span class="line">        <span class="attr">192.168.85.109</span>  <span class="string"></span></span><br><span class="line">    <span class="attr">&#125;</span>  <span class="string"></span></span><br><span class="line">    <span class="attr">notify_master</span> <span class="string">&quot;/etc/keepalived/clean_arp.sh  192.168.85.109&quot; </span></span><br><span class="line"><span class="attr">&#125;</span></span><br></pre></td></tr></table></figure>

<h2 id="脑裂"><a href="#脑裂" class="headerlink" title="脑裂"></a>脑裂</h2><blockquote>
<p>由于keepalived体系中主备两台机器所处的状态与对方有关。如果主备机器之间的通信出了网题，就会发生脑裂，此时keepalived体系中会出现双主的情况，产生资源竞争。</p>
</blockquote>
<p>脑裂的几种原因：</p>
<ol>
<li><p>高可用服务器对之间心跳线链路发生故障，导致无法正常通信。</p>
</li>
<li><p>因网卡及相关驱动坏了，ip配置及冲突问题（网卡直连）。</p>
</li>
<li><p>因心跳线间连接的设备故障（网卡及交换机）。</p>
</li>
<li><p>因仲裁的机器出问题（采用仲裁的方案）。</p>
</li>
<li><p>高可用服务器上开启了 防火墙阻挡了心跳消息传输。</p>
</li>
<li><p>高可用服务器上心跳网卡地址等信息配置不正确，导致发送心跳失败。</p>
</li>
<li><p>其他服务配置不当等原因，如心跳方式不同，心跳广插冲突、软件Bug等。</p>
</li>
<li><p>Keepalived配置里同一 VRRP实例如果virtual_router_id两端参数配置不一致也会导致裂脑问题发生。</p>
</li>
</ol>
]]></content>
      <categories>
        <category>keepalived</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>nginx</tag>
        <tag>keepalived</tag>
      </tags>
  </entry>
  <entry>
    <title>redis安装部署指南</title>
    <url>/posts/f6030cf0/</url>
    <content><![CDATA[<h3 id="摘要：redis在linux下的安装部署，哨兵模式，集群模式"><a href="#摘要：redis在linux下的安装部署，哨兵模式，集群模式" class="headerlink" title="摘要：redis在linux下的安装部署，哨兵模式，集群模式"></a>摘要：redis在linux下的安装部署，哨兵模式，集群模式</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-02</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<h1 id="一、redis安装"><a href="#一、redis安装" class="headerlink" title="一、redis安装"></a>一、redis安装</h1><blockquote>
<p>redis官网：<a href="https://redis.io/download">https://redis.io/download</a></p>
<p>注：如果没有特殊版本要求，在centos下可以直接 <code>yum install -y redis</code> 此版本3</p>
</blockquote>
<h2 id="1-下载并解压"><a href="#1-下载并解压" class="headerlink" title="1. 下载并解压"></a>1. 下载并解压</h2><ul>
<li><p>目前最新稳定版本为6.2.4</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 直接下载到/data</span></span><br><span class="line">wget https://download.redis.io/releases/redis-6.2.4.tar.gz -O /data/redis.tar.gz</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2.解压并重命名</span></span><br><span class="line"><span class="built_in">mkdir</span> /data/redis &amp;&amp; tar -zxvf /data/redis.tar.gz -C /data/redis --strip-components 1</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="2-编译"><a href="#2-编译" class="headerlink" title="2. 编译"></a>2. 编译</h2><ul>
<li><p>安装到/data/redis里，方便管理</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 进入到源码包里</span></span><br><span class="line"><span class="built_in">cd</span> /data/redis</span><br><span class="line"><span class="comment"># 2. 编译并安装 PREFIX=指定程序存放的路径</span></span><br><span class="line">make &amp;&amp; make PREFIX=/data/redis install</span><br></pre></td></tr></table></figure></li>
<li><p>常见错误</p>
<ol>
<li><code>/bin/sh: cc: command not found</code></li>
</ol>
<ul>
<li>原因：没有安装gcc  </li>
<li>解决办法: <code>yum install -y gcc </code></li>
</ul>
<ol start="2">
<li><code>fatal error: jemalloc/jemalloc.h: No such file or directory</code></li>
</ol>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202303141116189.png"></p>
<ul>
<li><a href="https://www.cnblogs.com/EikiXu/p/9412645.html">原因</a>：Selecting a non-default memory allocator</li>
<li>解决办法：cd src  <code>make MALLOC=libc</code></li>
</ul>
<ol start="3">
<li><p><code>cc: error: ../deps/hiredis/libhiredis.a: No such file or directory cc: error: ../deps/lua/src/liblua.a: No such file or directory</code></p>
<ul>
<li><p>解决办法</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 到redis源码包的deps里</span></span><br><span class="line">make lua hiredis linenoise</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>make 错误<code>--collect2: ld returned 1 exit status</code></p>
<ul>
<li>原因 :操作系统是32位的</li>
</ul>
<p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202303141117756.png" alt="image-20230314111713942"></p>
<ul>
<li><p><a href="%5B(49%E6%9D%A1%E6%B6%88%E6%81%AF">解决办法</a> redis编译安装：make 的新错误–collect2: ld returned 1 exit status_weixin_34319817的博客-CSDN博客](<a href="https://blog.csdn.net/weixin_34319817/article/details/92900363">https://blog.csdn.net/weixin_34319817/article/details/92900363</a>))</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">执行 make 时加上参数 CFLAGS=<span class="string">&quot;-march=i686&quot;</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ol>
</li>
</ul>
<h2 id="3-修改配置文件"><a href="#3-修改配置文件" class="headerlink" title="3. 修改配置文件"></a>3. 修改配置文件</h2><ul>
<li>不建议使用<code>utils/install_server.sh</code>进行配置</li>
</ul>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 修改redis配置文件</span></span><br><span class="line"><span class="attr">vim</span> <span class="string">/data/redis/redis.conf</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 2. 将daemonize no 改为yes代表后台运行</span></span><br><span class="line"><span class="attr">daemonize</span> <span class="string">yes</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 3.修改pid的名称</span></span><br><span class="line"><span class="attr">pidfile</span> <span class="string">/var/run/redis.pid</span></span><br><span class="line"><span class="comment"></span></span><br><span class="line"><span class="comment"># 4.记录log</span></span><br><span class="line"><span class="attr">logfile</span> <span class="string">&quot;/data/redis/redis.log&quot;</span></span><br></pre></td></tr></table></figure>

<h2 id="4-添加开机启动"><a href="#4-添加开机启动" class="headerlink" title="4. 添加开机启动"></a>4. 添加开机启动</h2><ul>
<li> redis自带有脚本  <code>utils/redis_init_script</code> ,如果是按照文档上文安装的此处需要修改一下</li>
</ul>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 修改以下选项</span></span><br><span class="line"><span class="comment"># 配置实际路径</span></span><br><span class="line">EXEC=/data/redis/bin/redis-server</span><br><span class="line">CLIEXEC=/data/redis/bin/redis-cli</span><br><span class="line">CONF=<span class="string">&quot;/data/redis/redis.conf&quot;</span></span><br><span class="line">PIDFILE=/var/run/redis.pid</span><br><span class="line"></span><br><span class="line"><span class="comment">#============================= 非必要  =============================</span></span><br><span class="line"><span class="comment"># 如果更改了端口号 请在脚本中也做出修改</span></span><br><span class="line">REDISPORT=16379</span><br><span class="line"><span class="comment">#如果你使用了密码验证 请修改此脚本，增加密码 在stop中增加-a</span></span><br><span class="line">PASSWD=Abc.123</span><br><span class="line"><span class="variable">$CLIEXEC</span> -p <span class="variable">$REDISPORT</span> -a <span class="variable">$PASSWD</span> shutdown</span><br><span class="line"><span class="comment">#============================= end  =============================</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 2. 复制脚本文件</span></span><br><span class="line"><span class="built_in">cp</span> /data/redis/utils/redis_init_script /etc/init.d/redis</span><br><span class="line"></span><br><span class="line"><span class="comment"># 3. 开机自启</span></span><br><span class="line">chkconfig redis on</span><br><span class="line"></span><br><span class="line"><span class="comment"># 4.启动 | 关闭 | 检查</span></span><br><span class="line">systemctl start | stop | status redis</span><br><span class="line"><span class="comment"># 或 service管理</span></span><br></pre></td></tr></table></figure>

<h2 id="5-redis-conf-几个重要配置"><a href="#5-redis-conf-几个重要配置" class="headerlink" title="5. redis.conf 几个重要配置"></a>5. redis.conf 几个重要配置</h2><table>
<thead>
<tr>
<th>配置项名称</th>
<th>配置项值范围</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>daemonize</td>
<td>yes、no</td>
<td>yes表示启用守护进程，默认是no即不以守护进程方式运行。其中Windows系统下不支持启用守护进程方式运行</td>
</tr>
<tr>
<td>port</td>
<td>默认端口为 6379</td>
<td>指定 Redis 监听端口，</td>
</tr>
<tr>
<td>bind</td>
<td>默认127.0.0.1</td>
<td>绑定的主机地址,如果需要设置远程访问则直接将这个属性备注下或者改为bind * 即可,这个属性和下面的protected-mode控制了是否可以远程访问 。</td>
</tr>
<tr>
<td>protected-mode</td>
<td>yes 、no</td>
<td>保护模式，该模式控制外部网是否可以连接redis服务，默认是yes,所以默认我们外网是无法访问的，如需外网连接rendis服务则需要将此属性改为no。</td>
</tr>
<tr>
<td>timeout</td>
<td>300</td>
<td>当客户端闲置多长时间后关闭连接，如果指定为 0，表示关闭该功能</td>
</tr>
<tr>
<td>loglevel</td>
<td>debug、verbose、notice、warning</td>
<td>日志级别，默认为 notice</td>
</tr>
<tr>
<td>databases</td>
<td>16</td>
<td>设置数据库的数量，默认的数据库是0。整个通过客户端工具可以看得到</td>
</tr>
<tr>
<td>rdbcompression</td>
<td>yes、no</td>
<td>指定存储至本地数据库时是否压缩数据，默认为 yes，Redis 采用 LZF 压缩，如果为了节省 CPU 时间，可以关闭该选项，但会导致数据库文件变的巨大。</td>
</tr>
<tr>
<td>dbfilename</td>
<td>dump.rdb</td>
<td>指定本地数据库文件名，默认值为 dump.rdb</td>
</tr>
<tr>
<td>dir</td>
<td></td>
<td>指定本地数据库存放目录</td>
</tr>
<tr>
<td>requirepass</td>
<td></td>
<td>设置 Redis 连接密码，如果配置了连接密码，客户端在连接 Redis 时需要通过 AUTH <password> 命令提供密码，默认关闭</td>
</tr>
<tr>
<td>maxclients</td>
<td>0</td>
<td>设置同一时间最大客户端连接数，默认无限制，Redis 可以同时打开的客户端连接数为 Redis 进程可以打开的最大文件描述符数，如果设置 maxclients 0，表示不作限制。当客户端连接数到达限制时，Redis 会关闭新的连接并向客户端返回 max number of clients reached 错误信息。</td>
</tr>
<tr>
<td>maxmemory</td>
<td>XXX <bytes></td>
<td>指定 Redis 最大内存限制，Redis 在启动时会把数据加载到内存中，达到最大内存后，Redis 会先尝试清除已到期或即将到期的 Key，当此方法处理 后，仍然到达最大内存设置，将无法再进行写入操作，但仍然可以进行读取操作。Redis 新的 vm 机制，会把 Key 存放内存，Value 会存放在 swap 区。配置项值范围列里XXX为数值。</td>
</tr>
</tbody></table>
<h2 id="7-两个警告处理"><a href="#7-两个警告处理" class="headerlink" title="7. 两个警告处理"></a>7. 两个警告处理</h2><ol>
<li><p>WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.</p>
<ul>
<li><p>原因：对一个高负载的环境来说tcp设置128这个值，太小了</p>
</li>
<li><p>解决办法</p>
<figure class="highlight properties"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 编辑sysctl.conf</span></span><br><span class="line"><span class="attr">vim</span> <span class="string">/etc/sysctl.conf</span></span><br><span class="line"><span class="comment"># 增加以下内容</span></span><br><span class="line"><span class="attr">net.core.somaxconn</span>=<span class="string">1024</span></span><br><span class="line"><span class="comment">#立即生效</span></span><br><span class="line"><span class="attr">sysctl</span> <span class="string">-p</span></span><br></pre></td></tr></table></figure></li>
<li><p>补充</p>
<figure class="highlight tex"><table><tr><td class="code"><pre><span class="line">net.core.somaxconn 介绍</span><br><span class="line">1）概念介绍</span><br><span class="line">  对于一个TCP链接，Server与Client需要通过三次握手来建立网络链接，当三次握手成功之后，我们就可以看到端口状态由LISTEN转为ESTABLISHED，接着这条链路上就可以开始传送数据了</span><br><span class="line"></span><br><span class="line">net.core.somaxconn是Linux中的一个内核(kernel)参数，表示socket监听(listen)的backlog上限。</span><br><span class="line">什么是backlog？backlog就是socket的监听队列，当一个请求(request)尚未被处理或者建立时，它就会进入backlog。</span><br><span class="line">而socket server可以一次性处理backlog中的所有请求，处理后的请求不再位于监听队列中。</span><br><span class="line">当Server处理请求较慢时，导致监听队列被填满后，新来的请求就会被拒绝。</span><br><span class="line"></span><br><span class="line">2）补充</span><br><span class="line">Linux系统中，该参数的值默认是128</span><br><span class="line">如果Linux系统中部署了经常处理新请求(request)的高负载的服务，那么显然这个值是需要增加到更合适的值的</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add ‘vm.overcommit_memory = 1’ to /etc/sysctl.conf and then reboot or run the command ‘sysctl vm.overcommit_memory=1’ for this to take effect.</p>
<ul>
<li><p>原因：警告overcommit_memory设置为0! 在内存不足的情况下，后台保存可能失败</p>
</li>
<li><p>解决办法</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line"><span class="meta"># </span><span class="language-bash">编辑sysctl.conf</span></span><br><span class="line">vim /etc/sysctl.conf</span><br><span class="line"><span class="meta"># </span><span class="language-bash">增加以下内容</span></span><br><span class="line">vm.overcommit_memory=1</span><br><span class="line"><span class="meta">#</span><span class="language-bash">立即生效</span></span><br><span class="line">sysctl -p</span><br></pre></td></tr></table></figure></li>
<li><p>补充</p>
<figure class="highlight tex"><table><tr><td class="code"><pre><span class="line">overcommit<span class="built_in">_</span>memory有什么作用？  </span><br><span class="line">     overcommit<span class="built_in">_</span>memory取值又三种分别为0， 1， 2</span><br><span class="line"></span><br><span class="line">    overcommit<span class="built_in">_</span>memory=0， 表示内核将检查是否有足够的可用内存供应用进程使用；如果有足够的可用内存，内存申请允许；否则，内存申请失败，并把错误返回给应用进程。</span><br><span class="line">    overcommit<span class="built_in">_</span>memory=1， 表示内核允许分配所有的物理内存，而不管当前的内存状态如何。</span><br><span class="line">    overcommit<span class="built_in">_</span>memory=2， 表示内核允许分配超过所有物理内存和交换空间总和的内存</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ol>
<h1 id="二、redis主从"><a href="#二、redis主从" class="headerlink" title="二、redis主从"></a>二、redis主从</h1><blockquote>
<p>master: 192.168.85.107 16379</p>
<p>slave: 192.168.85.115 16380</p>
<p>slave: 192.168.85.106 16381</p>
</blockquote>
<ul>
<li><p>主从复制模式中，主要是从节点配置</p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">slaveof 192.168.85.107 16379  #作为192.168.1.100这台服务器的从服务器  在6版本之前为replicof</span><br><span class="line"></span><br><span class="line">replica-read-only   yes  #从服务器只读，写操作在主服务器上，实现读写分离</span><br><span class="line"></span><br><span class="line">repl-timeout 60 #从库复制超时时间，数据很多的话需要调长，否则主从会断开</span><br><span class="line"></span><br><span class="line">repl-backlog-size 1M #从服务离线之后，主服务器会把离线之后的写入命令存储在一个特定大小的队列中，避免短时间断开服务却进行全量同步的问题</span><br><span class="line"></span><br><span class="line">repl-diskless-sync yes #开启无盘复制，主从全量同步时，主库并不会在本地创建RDB 文件，而是创建一个子进程通过Socket将RDB文件写入到从服务器，节约IO资源</span><br><span class="line"></span><br><span class="line">client-output-buffer-limit replica 256mb 64mb 60  #客户端输出缓冲区配置。每个客户端连接（包括从库）后都会申请一个buffer空间，通过该选项限制可以避免buffer持续增长消耗内存。如果超过限制主库会强制断开连接，也就是说从库处理慢导致主库buffer积压达到限制后主库会强制断开从库的连接，此时主从复制会中断，中断后如果从库再次发起复制请求还会继续被断开导致恶性循环，引发复制风暴。调为0则不限制，</span><br><span class="line"><span class="meta">#</span><span class="language-bash">大小限制是256M，持续性限制是当客户端缓冲区大小持续60秒超过64M，则关闭客户端连接。</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">client-output-buffer-limit normal 0 0 0</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">client-output-buffer-limit replica 256mb 64mb 60</span></span><br><span class="line"><span class="meta">#</span><span class="language-bash">client-output-buffer-limit pubsub 8mb 2mb 60</span></span><br><span class="line"></span><br><span class="line">masterauth 123456789  #主库如果配置了密码，这里需要配置正确的密码</span><br></pre></td></tr></table></figure></li>
<li><p>查看是否成功</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 进入redis-cli客户端查看</span></span><br><span class="line">info replication</span><br></pre></td></tr></table></figure></li>
<li><p>当master挂掉之后，可以使用以下命令让slave成为master</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">SLAVEOF NO ONE</span><br></pre></td></tr></table></figure></li>
</ul>
<h1 id="三、哨兵模式"><a href="#三、哨兵模式" class="headerlink" title="三、哨兵模式"></a>三、哨兵模式</h1><p><img src="https://ziveni.oss-cn-beijing.aliyuncs.com/img/202204011703644.png"></p>
<blockquote>
<p>1.每个Sentinel进程以每秒钟一次的频率向整个集群中的Master主服务器，Slave从服务器以及其他Sentinel进程发送一个 PING 命令。<br>2.如果一个实例（instance）距离最后一次有效回复 PING 命令的时间超过 down-after-milliseconds 选项所指定的值， 则这个实例会被Sentinel进程标记为SDOWN。<br>3.如果一个Master主服务器被标记为SDOWN，则正在监视这个Master主服务器的所有 Sentinel进程要以每秒一次的频率确认Master主服务器的确进入了主观下线状态。<br>4.当有足够数量的Sentinel进程（大于等于配置文件指定的值）在指定的时间范围内确认Master主服务器进入了SDOWN， 则Master主服务器会被标记为客观下线ODOWN。<br>5.在一般情况下， 每个Sentinel进程会以每10 秒一次的频率向集群中的所有Master主服务器、Slave从服务器发送INFO命令。<br>当Master主服务器被Sentinel进程标记为ODOWN时，Sentinel进程向下线的Master主服务器的所有Slave从服务器发送INFO命令的频率会从 10 秒一次改为每秒一次。<br>6.若没有足够数量的Sentinel进程同意 Master主服务器下线， Master主服务器的客观下线状态就会被移除。若Master主服务器重新向Sentinel进程发送 PING 命令返回有效回复，Master主服务器的主观下线状态就会被移除。</p>
</blockquote>
<h2 id="3-1-配置"><a href="#3-1-配置" class="headerlink" title="3.1 配置"></a>3.1 配置</h2><ul>
<li>基于主从增加sentinel.conf 配置  节点为奇数，文档中使用了三个sentinel节点，每个节点都需要配置，主要不同为端口号</li>
</ul>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">port 26379</span><br><span class="line">dir &quot;/data/redis/26379&quot;</span><br><span class="line">logfile &quot;/data/redis/redis-sentinel.log&quot;</span><br><span class="line"><span class="meta">#</span><span class="language-bash">配置主节点的IP和端口，2代表主节点判断失败至少需要2个Sentinel节点同意，一般设置为Sentinel节点数的一半加1.</span></span><br><span class="line">sentinel monitor mymaster 192.168.85.106 6379 2</span><br><span class="line"><span class="meta">#</span><span class="language-bash">30秒ping不通主节点的信息，主观认为master宕机</span></span><br><span class="line">sentinel down-after-milliseconds mymaster 30000</span><br><span class="line"><span class="meta">#</span><span class="language-bash">故障转移时从节点同时向新主发起复制请求的数量，1代表从节点会轮询发起复制。</span></span><br><span class="line">sentinel parallel-syncs mymaster 1</span><br><span class="line"><span class="meta">#</span><span class="language-bash">故障转移开始，180秒内没有完成，则认为转移失败</span></span><br><span class="line">sentinel failover-timeout mymaster 180000</span><br></pre></td></tr></table></figure>

<h2 id="3-2-启动并测试"><a href="#3-2-启动并测试" class="headerlink" title="3.2 启动并测试"></a>3.2 启动并测试</h2><figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 启动 /data/redis/bin</span></span><br><span class="line">./redis-sentinel ../sentinel.conf</span><br><span class="line"></span><br><span class="line"><span class="comment"># 查看哨兵状态 -p 端口为哨兵节点的端口</span></span><br><span class="line">./redis-cli -p 26379</span><br><span class="line"></span><br><span class="line">$ 127.0.0.1:26379&gt; info sentinel</span><br><span class="line"><span class="comment"># Sentinel</span></span><br><span class="line">sentinel_masters:1</span><br><span class="line">sentinel_tilt:0</span><br><span class="line">sentinel_running_scripts:0</span><br><span class="line">sentinel_scripts_queue_length:0</span><br><span class="line">sentinel_simulate_failure_flags:0</span><br><span class="line">master0:name=mymaster,status=ok,address=127.0.0.1:6379,slaves=0,sentinels=3</span><br><span class="line"></span><br><span class="line"><span class="comment"># 同时可查看106 107的redis.conf配置文件发生变化  107的sentinel配置文件也发生了变化 </span></span><br></pre></td></tr></table></figure>

<ul>
<li>测试故障转移</li>
</ul>
<blockquote>
<p>故障转移的大体步骤如下：</p>
<ol>
<li>每个Sentinel节点每隔1秒对主、从、其他Sentinel阶段发送ping探测，超过down-after-milliseconds未返回响应，则判断该节点主观下线。</li>
<li>Sentinel节点向其他Sentinel节点询问对于异常节点的判断，当达到 quorum个sentinel节点都认为被主观下线的节点异常时，则对该节点做客观下线。</li>
<li>在sentinel节点中通过Raft算法选举出一个leader来完成故障转移。</li>
<li>当出现故障的节点是主节点时，sentinel leader会根据优先级、复制偏移量、runid等在从节点中选出一个作为主节点，执行slaveof no one命令。</li>
<li>leader向其他从节点发送指令，让他们成为新主的从节点，并将原来的主节点更新为从节点，当旧主恢复后去复制新主的数据。</li>
<li>复制完成后，发布主节点的切换消息。</li>
</ol>
</blockquote>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. kill 掉 106 master进程</span></span><br><span class="line"><span class="built_in">kill</span> -9 5677</span><br><span class="line"></span><br><span class="line"><span class="comment"># 2. 查看转移情况 -- master转移到107上</span></span><br><span class="line"><span class="variable">$127</span>.0.0.1:26379&gt; info sentinel</span><br><span class="line"><span class="comment"># Sentinel</span></span><br><span class="line">sentinel_masters:1</span><br><span class="line">sentinel_tilt:0</span><br><span class="line">sentinel_running_scripts:0</span><br><span class="line">sentinel_scripts_queue_length:0</span><br><span class="line">sentinel_simulate_failure_flags:0</span><br><span class="line">master0:name=mymaster,status=ok,address=192.168.85.107:6380,slaves=2,sentinels=3</span><br><span class="line"></span><br><span class="line">127.0.0.1:6380&gt; info replication</span><br><span class="line"><span class="comment"># Replication</span></span><br><span class="line">role:master</span><br><span class="line">connected_slaves:2</span><br><span class="line">slave0:ip=192.168.85.115,port=6381,state=online,offset=129383,lag=0</span><br><span class="line">slave1:ip=192.168.85.106,port=6379,state=online,offset=129383,lag=1</span><br><span class="line">master_replid:782dc289609fee05ac15e618dbc1d99c1180484d</span><br><span class="line">master_replid2:755d8165585452a9ed4d03aef0d0522bf6e8290b</span><br><span class="line">master_repl_offset:129669</span><br><span class="line">second_repl_offset:35062</span><br><span class="line">repl_backlog_active:1</span><br><span class="line">repl_backlog_size:1048576</span><br><span class="line">repl_backlog_first_byte_offset:3823</span><br><span class="line">repl_backlog_histlen:125847</span><br></pre></td></tr></table></figure>

<h1 id="四、-集群"><a href="#四、-集群" class="headerlink" title="四、 集群"></a>四、 集群</h1><blockquote>
<p><strong>Redis集群(Redis Cluster)</strong> 是Redis提供的分布式数据库方案，通过 <strong>分片(sharding)</strong> 来进行数据共享，并提供复制和故障转移功能。相比于主从复制、哨兵模式，Redis集群实现了较为完善的高可用方案，解决了存储能力受到单机限制，写操作无法负载均衡的问题。</p>
</blockquote>
<ul>
<li>集群的搭建可以分为四步：</li>
</ul>
<ol>
<li><p>启动节点：将节点以集群方式启动，此时节点是独立的。</p>
</li>
<li><p>节点握手：将独立的节点连成网络。</p>
<p>2.1. 在redis5之前需要使用CLUSTER MEET</p>
</li>
<li><p>槽指派：将16384个槽位分配给主节点，以达到分片保存数据库键值对的效果。</p>
<p>3.1. Redis集群通过分片(sharding)的方式保存数据库的键值对，整个数据库被分为16384个槽(slot)，数据库每个键都属于这16384个槽的一个，集群中的每个节点都可以处理0个或者最多16384个slot。</p>
<p>3.2 槽是数据管理和迁移的基本单位。当数据库中的16384个槽都分配了节点时，集群处于上线状态（ok）；如果有任意一个槽没有分配节点，则集群处于下线状态（fail）</p>
<p>3.3  CLUSTER ADDSLOTS redis5之前需要手动指定</p>
</li>
<li><p>主从复制：为从节点指定主节点。redis5之前需要CLUSTER REPLICATE <node_id></p>
</li>
</ol>
<table>
<thead>
<tr>
<th align="center">IP</th>
<th align="center">PORT（master）</th>
<th align="center">port（slave）</th>
</tr>
</thead>
<tbody><tr>
<td align="center">192.168.85.106</td>
<td align="center">6379（16379）</td>
<td align="center">26379（36379）</td>
</tr>
<tr>
<td align="center">192.168.85.107</td>
<td align="center">6380（16380）</td>
<td align="center">26380（36380）</td>
</tr>
<tr>
<td align="center">192.168.85.115</td>
<td align="center">6381（16381）</td>
<td align="center">26381（36381）</td>
</tr>
</tbody></table>
<h2 id="4-1-安装redis"><a href="#4-1-安装redis" class="headerlink" title="4.1  安装redis"></a>4.1  安装redis</h2><ol>
<li><p>按照redis编译安装</p>
</li>
<li><p>基础配置</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 1. 在每个节点上创建以下内容 分别存放配置文件  日志 pid  数据</span></span><br><span class="line"><span class="built_in">cd</span> /data/redis</span><br><span class="line"><span class="built_in">mkdir</span> conf <span class="built_in">log</span> run data  </span><br><span class="line"><span class="comment"># 106中</span></span><br><span class="line"><span class="built_in">mkdir</span> -p data/6379 data/26379</span><br><span class="line"><span class="comment"># 107中</span></span><br><span class="line"><span class="built_in">mkdir</span> -p data/6380 data/26380</span><br><span class="line"><span class="comment"># 115</span></span><br><span class="line"><span class="built_in">mkdir</span> -p data/6381 data/26381</span><br></pre></td></tr></table></figure></li>
</ol>
<h2 id="4-2-配置节点"><a href="#4-2-配置节点" class="headerlink" title="4.2 配置节点"></a>4.2 配置节点</h2><ol>
<li><p>先配置6379节点，后续直接复制修改即可</p>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 一 、复制redis.conf</span></span><br><span class="line"><span class="built_in">cp</span> /data/redis/redis.conf conf/redis_6379.conf</span><br><span class="line"></span><br><span class="line"><span class="comment"># 修改以下内容</span></span><br><span class="line"><span class="comment"># 二、允许远程访问</span></span><br><span class="line"><span class="comment">#1. 注释掉下面代码，或者改为 bind 0.0.0.0</span></span><br><span class="line"><span class="built_in">bind</span> 0.0.0.0</span><br><span class="line"><span class="comment">#2. 关闭保护模式</span></span><br><span class="line">protected-mode no</span><br><span class="line"></span><br><span class="line"><span class="comment"># 二.通用配置</span></span><br><span class="line"><span class="comment">#1. 开启守护进程</span></span><br><span class="line">daemonize <span class="built_in">yes</span></span><br><span class="line"><span class="comment">#2. 配置密码（必须设置相同的密码，不设masterauth的话宕机了不能自动恢复）</span></span><br><span class="line"><span class="comment">#requirepass tdfdsfnkinki.net</span></span><br><span class="line"><span class="comment">#集群节点间的访问密码</span></span><br><span class="line"><span class="comment">#masterauth tdfdsfnkinki.net</span></span><br><span class="line"><span class="comment"># 持久化类型</span></span><br><span class="line">appendonly <span class="built_in">yes</span></span><br><span class="line">appendfilename <span class="string">&quot;appendonly-6379.aof&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 三.集群配置</span></span><br><span class="line">port 7000 <span class="comment">#配置端口</span></span><br><span class="line">cluster-enabled <span class="built_in">yes</span> <span class="comment">#开启集群</span></span><br><span class="line">cluster-config-file nodes-6379.conf  <span class="comment">#集群节点配置文件</span></span><br><span class="line">pidfile /root/data/redis/run/6379.pid <span class="comment">#进程文件ID对应文件</span></span><br><span class="line">cluster-node-timeout 5000 <span class="comment">#集群节点超时时间，超过这个时间，集群认为该节点故障，如果是主节点，会进行相应的主从切换</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 四.配置对应目录</span></span><br><span class="line">logfile /root/data/redis/log/6379.log <span class="comment">#日志文件</span></span><br><span class="line"><span class="built_in">dir</span> /root/data/redis/data/6379 <span class="comment">#目录要提前创建好</span></span><br></pre></td></tr></table></figure></li>
<li><p>将redis_6379.conf 复制到其它节点做以下修改</p>
</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 主要是有关端口的，更换为实际端口</span></span><br><span class="line">appendfilename <span class="string">&quot;appendonly-6379.aof&quot;</span></span><br><span class="line">port 6379 </span><br><span class="line">cluster-config-file nodes-6379.conf </span><br><span class="line">pidfile /root/data/redis/run/redis_6379.pid </span><br><span class="line">logfile /root/data/redis/log/redis_6379.log </span><br><span class="line"><span class="built_in">dir</span> /root/data/redis/data/6379 </span><br></pre></td></tr></table></figure>

<ol start="3">
<li>启动各redis节点</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cd</span> /data/redis/bin</span><br><span class="line">./redis-server ../conf/redis_6379.conf</span><br><span class="line">./redis-server ../conf/redis_16379.conf</span><br><span class="line"><span class="comment"># 指定各节点配置</span></span><br></pre></td></tr></table></figure>

<h2 id="4-3-启动并测试"><a href="#4-3-启动并测试" class="headerlink" title="4.3 启动并测试"></a>4.3 启动并测试</h2><ol>
<li>配置集群</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 在Redis 5.0之后直接利用 redis-cli 完成集群配置</span></span><br><span class="line"><span class="comment">#--cluster-replicas 1 指示给定的创建节点列表是以主节点+从节点对组成的</span></span><br><span class="line"><span class="comment">#主从的对应关系可通过cluster nodes看到</span></span><br><span class="line">./redis-cli  --cluster create 192.168.85.106:6379   192.168.85.107:6380 192.168.85.115:6381  192.168.85.106:26379 192.168.85.107:26380 192.168.85.115:26381 --cluster-replicas 1</span><br><span class="line"></span><br><span class="line"><span class="comment"># cluster 其它操作</span></span><br><span class="line"><span class="comment"># 查看节点信息 </span></span><br><span class="line">cluster nodes</span><br><span class="line"><span class="comment">#节点id: 由40个16进制字符串组成，节点id只在集群初始化时创建一次，然后保存到集群配置文件（即前文提到的cluster-config-file）中，以后节点重新启动时会直接在集群配置文件中读取。</span></span><br><span class="line"><span class="comment">#port@cport: 前者为普通端口，用于为客户端提供服务；后者为集群端口，分配方法为：普通端口+10000，只用于节点间的通讯。</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 查看集群信息</span></span><br><span class="line">cluster info</span><br><span class="line"><span class="comment"># 查看槽位信息</span></span><br><span class="line">cluster slots</span><br><span class="line"><span class="comment"># 计算某个key的槽位</span></span><br><span class="line">cluster keyslot xxx</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>测试集群</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">./redis-cli -p 6379b -c</span><br><span class="line"><span class="comment">#-c 指定是集群模式连接 如果不加-c  如果key不在当前节点槽位会直接报错，不会主动重定向</span></span><br></pre></td></tr></table></figure>

<ol start="3">
<li>模拟故障</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># shutdown掉6379 看其slave会主动成为master，当6379恢复时会自动成为slave运行</span></span><br></pre></td></tr></table></figure>

<h2 id="4-4-集群伸缩"><a href="#4-4-集群伸缩" class="headerlink" title="4.4 集群伸缩"></a>4.4 集群伸缩</h2><h3 id="4-4-1-添加节点"><a href="#4-4-1-添加节点" class="headerlink" title="4.4.1 添加节点"></a>4.4.1 添加节点</h3><ol>
<li>增加两个节点</li>
</ol>
<table>
<thead>
<tr>
<th>IP</th>
<th>PORT（主）</th>
<th>PORT（从）</th>
</tr>
</thead>
<tbody><tr>
<td>192.168.85.115</td>
<td>8682(18682）</td>
<td>28682（38682）</td>
</tr>
</tbody></table>
<ol start="2">
<li>配置节点并启动</li>
<li>节点握手，借助 redis-cli –cluster add-node 命令分别添加节点8682和28682</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">./redis-cli --cluster add-node 192.168.85.115:8682 192.168.85.106:6379</span><br><span class="line">./redis-cli --cluster add-node 192.168.85.115:28682 192.168.85.106:6379</span><br></pre></td></tr></table></figure>

<ol start="4">
<li>重新分片,借助 redis-cli –cluster reshard 命令对集群重新分片，使得各节点槽位均衡</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 移动的槽位数：最终平均每个主节点有4096个slot，所以每个节点移动</span></span><br><span class="line"><span class="comment"># 接收槽位的目标节点ID：节点6382的ID</span></span><br><span class="line"><span class="comment"># 移出槽位的源节点ID：节点6379/6380/6381的ID</span></span><br><span class="line">./redis-cli --cluster reshard 192.168.85.115:8682</span><br></pre></td></tr></table></figure>

<ol start="5">
<li>设置主从关系</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">./redis-cli -p 28682 cluster replicate f3a55c3544dd6633d3eab7657e25d569afb69ea0 </span><br></pre></td></tr></table></figure>

<h3 id="4-4-2-删除节点"><a href="#4-4-2-删除节点" class="headerlink" title="4.4.2 删除节点"></a>4.4.2 删除节点</h3><ul>
<li>将8682 28682两个节点删除</li>
</ul>
<ol>
<li>重新分片，将8682节点上的槽位全部转移到节点6379上</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">./redis-cli --cluster reshard 192.168.85.106:6379</span><br></pre></td></tr></table></figure>

<ol start="2">
<li>删除节点</li>
</ol>
<figure class="highlight sh"><table><tr><td class="code"><pre><span class="line">./redis-cli --cluster del-node 192.168.85.115:8682 f3a55c3544dd6633d3eab7657e25d569afb69ea0</span><br><span class="line"></span><br><span class="line">./redis-cli --cluster del-node 192.168.85.115:28682 de555118a46ccedc65cc7f578d243a580d30360f</span><br></pre></td></tr></table></figure>

]]></content>
      <categories>
        <category>redis</category>
      </categories>
      <tags>
        <tag>linux</tag>
        <tag>redis</tag>
      </tags>
  </entry>
  <entry>
    <title>sudo配置规则.md</title>
    <url>/posts/ecad03f9/</url>
    <content><![CDATA[<h3 id="摘要：sudo的规则配置"><a href="#摘要：sudo的规则配置" class="headerlink" title="摘要：sudo的规则配置"></a>摘要：sudo的规则配置</h3><h3 id="更新内容"><a href="#更新内容" class="headerlink" title="更新内容"></a>更新内容</h3><table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2022-04</td>
<td align="center">新建文档</td>
</tr>
</tbody></table>
<span id="more"></span>

<figure class="highlight powershell"><table><tr><td class="code"><pre><span class="line">用户sudo授权：</span><br><span class="line">visudo</span><br><span class="line"><span class="comment">## Allow root to run any commands anywhere</span></span><br><span class="line">root    ALL=(ALL)       ALL</span><br><span class="line">user    ALL=(root)      NOPASSWD:ALL,!/sbin/shutdown,!/sbin/init,!/bin/<span class="built_in">rm</span> <span class="literal">-rf</span> /</span><br><span class="line"></span><br><span class="line">解释说明：</span><br><span class="line"><span class="number">1</span>）第一个字段user指定的是用户：可以是用户名，也可以是别名。每个用户设置一行，多个用户设置多行，也可以将多个用户设置成一个别名后再进行设置。</span><br><span class="line"><span class="number">2</span>）第二个字段ALL指定的是用户所在的主机：可以是ip,也可以是主机名，表示该sudo设置只在该主机上生效，ALL表示在所有主机上都生效！限制的一般都是本机，也就是限制使用这个文件的主机;一般都指定为<span class="string">&quot;ALL&quot;</span>表示所有的主机，不管文件拷到那里都可以用。比如：<span class="number">10.1</span>.<span class="number">1.1</span>=...则表示只在当前主机生效。</span><br><span class="line"><span class="number">3</span>）第三个字段（root）括号里指定的也是用户：指定以什么用户身份执行sudo，即使用sudo后可以享有所有root账号下的权限。如果要排除个别用户，可以在括号内设置，比如ALL=(ALL,!oracle,!pos)。</span><br><span class="line"><span class="number">4</span>）第四个字段ALL指定的是执行的命令：即使用sudo后可以执行所有的命令。除了关机和删除根内容以外；也可以设置别名。NOPASSWD: ALL表示使用sudo的不需要输入密码。</span><br><span class="line"><span class="number">5</span>）也可以授权给一个用户组</span><br><span class="line">	%admin ALL=(ALL) ALL	表示admin组里的所有成员可以在任何主机上以任何用户身份执行任何命令</span><br></pre></td></tr></table></figure>

<ul>
<li>参考连接</li>
<li><a href="https://juejin.cn/post/6992609027234463758">Linux sudo和sudoers详解！</a></li>
<li><a href="https://www.sogou.com/link?url=hedJjaC291OSi_i_Ca0srR5OmlBS3kcCytWslkz0jklZeKmuPWg0fw..">sudo配置文件详解</a></li>
</ul>
]]></content>
      <categories>
        <category>shell</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>shell</tag>
      </tags>
  </entry>
  <entry>
    <title>Prometheus之jvm-exporter</title>
    <url>/posts/7a55eda5/</url>
    <content><![CDATA[]]></content>
  </entry>
  <entry>
    <title>Nginx+Promtail+Loki+Grafana日志监控.md</title>
    <url>/posts/cfca3309/</url>
    <content><![CDATA[]]></content>
      <categories>
        <category>Nginx+Promtail+Loki+Grafana</category>
      </categories>
      <tags>
        <tag>nginx</tag>
        <tag>Promtail</tag>
        <tag>Loki</tag>
      </tags>
  </entry>
  <entry>
    <title>prometheus.yml详解及实战用例</title>
    <url>/posts/96d7fdc9/</url>
    <content><![CDATA[<table>
<thead>
<tr>
<th align="center">日期</th>
<th align="center">内容</th>
</tr>
</thead>
<tbody><tr>
<td align="center">2023-05-25</td>
<td align="center">新增文档</td>
</tr>
</tbody></table>
<h1 id="prometheus-配置文件说明"><a href="#prometheus-配置文件说明" class="headerlink" title="prometheus 配置文件说明"></a>prometheus 配置文件说明</h1><figure class="highlight yaml"><table><tr><td class="code"><pre><span class="line"><span class="string">prometheus的配置文件prometheus.yml，它主要分以下几个配置块：</span></span><br><span class="line"><span class="string">全局配置</span>        <span class="string">global</span></span><br><span class="line"><span class="string">告警配置</span>        <span class="string">alerting</span></span><br><span class="line"><span class="string">规则文件配置</span>    <span class="string">rule_files</span></span><br><span class="line"><span class="string">拉取配置</span>        <span class="string">scrape_configs</span></span><br><span class="line"><span class="string">远程读写配置</span>    <span class="string">remote_read、remote_write</span></span><br><span class="line"></span><br><span class="line"><span class="string">全局配置</span> <span class="string">global：</span></span><br><span class="line"><span class="string">global指定在所有其他配置上下文中有效的参数。还可用作其他配置部分的默认设置。</span></span><br><span class="line"><span class="attr">global:</span></span><br><span class="line">  <span class="comment"># 默认拉取频率</span></span><br><span class="line">  [ <span class="attr">scrape_interval:</span> <span class="string">&lt;duration&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">1m</span> ]</span><br><span class="line"></span><br><span class="line">  <span class="comment"># 拉取超时时间</span></span><br><span class="line">  [ <span class="attr">scrape_timeout:</span> <span class="string">&lt;duration&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">10s</span> ]</span><br><span class="line"></span><br><span class="line">  <span class="comment"># 执行规则频率</span></span><br><span class="line">  [ <span class="attr">evaluation_interval:</span> <span class="string">&lt;duration&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">1m</span> ]</span><br><span class="line"></span><br><span class="line">  <span class="comment"># 通信时添加到任何时间序列或告警的标签</span></span><br><span class="line">  <span class="comment"># external systems (federation, remote storage, Alertmanager).</span></span><br><span class="line">  <span class="attr">external_labels:</span></span><br><span class="line">    [ <span class="string">&lt;labelname&gt;:</span> <span class="string">&lt;labelvalue&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line">  <span class="comment"># 记录PromQL查询的日志文件</span></span><br><span class="line">  [ <span class="attr">query_log_file:</span> <span class="string">&lt;string&gt;</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="string">告警配置</span> <span class="string">alerting：</span></span><br><span class="line"><span class="string">alerting指定与Alertmanager相关的设置。</span></span><br><span class="line"><span class="attr">alerting:</span></span><br><span class="line">  <span class="attr">alert_relabel_configs:</span></span><br><span class="line">    [ <span class="bullet">-</span> <span class="string">&lt;relabel_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line">  <span class="attr">alertmanagers:</span></span><br><span class="line">    [ <span class="bullet">-</span> <span class="string">&lt;alertmanager_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="string">规则文件配置</span> <span class="string">rule_files：</span></span><br><span class="line"><span class="string">rule_files指定prometheus加载的任何规则的位置，从所有匹配的文件中读取规则和告警。目前没有规则。</span></span><br><span class="line"><span class="attr">rule_files:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;filepath_glob&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="string">拉取配置</span> <span class="string">scrape_configs：</span></span><br><span class="line"><span class="string">scrape_configs指定prometheus监控哪些资源。默认会拉取prometheus本身的时间序列数据，通过http://localhost:9090/metrics进行拉取。</span></span><br><span class="line"><span class="string">一个scrape_config指定一组目标和参数，描述如何拉取它们。在一般情况下，一个拉取配置指定一个作业。在高级配置中，这可能会改变。</span></span><br><span class="line"><span class="string">可以通过static_configs参数静态配置目标，也可以使用支持的服务发现机制之一动态发现目标。</span></span><br><span class="line"><span class="string">此外，relabel_configs在拉取之前，可以对任何目标及其标签进行修改。</span></span><br><span class="line"><span class="attr">scrape_configs:</span></span><br><span class="line"><span class="attr">job_name:</span> <span class="string">&lt;job_name&gt;</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 拉取频率</span></span><br><span class="line">[ <span class="attr">scrape_interval:</span> <span class="string">&lt;duration&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">&lt;global_config.scrape_interval&gt;</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 拉取超时时间</span></span><br><span class="line">[ <span class="attr">scrape_timeout:</span> <span class="string">&lt;duration&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">&lt;global_config.scrape_timeout&gt;</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 拉取的http路径</span></span><br><span class="line">[ <span class="attr">metrics_path:</span> <span class="string">&lt;path&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">/metrics</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># honor_labels 控制prometheus处理已存在于收集数据中的标签与prometheus将附加在服务器端的标签(&quot;作业&quot;和&quot;实例&quot;标签、手动配置的目标标签和由服务发现实现生成的标签)之间的冲突</span></span><br><span class="line"><span class="comment"># 如果 honor_labels 设置为 &quot;true&quot;，则通过保持从拉取数据获得的标签值并忽略冲突的服务器端标签来解决标签冲突</span></span><br><span class="line"><span class="comment"># 如果 honor_labels 设置为 &quot;false&quot;，则通过将拉取数据中冲突的标签重命名为&quot;exported_&lt;original-label&gt;&quot;来解决标签冲突(例如&quot;exported_instance&quot;、&quot;exported_job&quot;)，然后附加服务器端标签</span></span><br><span class="line"><span class="comment"># 注意，任何全局配置的 &quot;external_labels&quot;都不受此设置的影响。在与外部系统的通信中，只有当时间序列还没有给定的标签时，它们才被应用，否则就会被忽略</span></span><br><span class="line">[ <span class="attr">honor_labels:</span> <span class="string">&lt;boolean&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="literal">false</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># honor_timestamps 控制prometheus是否遵守拉取数据中的时间戳</span></span><br><span class="line"><span class="comment"># 如果 honor_timestamps 设置为 &quot;true&quot;，将使用目标公开的metrics的时间戳</span></span><br><span class="line"><span class="comment"># 如果 honor_timestamps 设置为 &quot;false&quot;，目标公开的metrics的时间戳将被忽略</span></span><br><span class="line">[ <span class="attr">honor_timestamps:</span> <span class="string">&lt;boolean&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="literal">true</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 配置用于请求的协议</span></span><br><span class="line">[ <span class="attr">scheme:</span> <span class="string">&lt;scheme&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="string">http</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment"># 可选的http url参数</span></span><br><span class="line"><span class="attr">params:</span></span><br><span class="line">  [ <span class="string">&lt;string&gt;:</span> [<span class="string">&lt;string&gt;</span>, <span class="string">...</span>] ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 在每个拉取请求上配置 username 和 password 来设置 Authorization 头部，password 和 password_file 二选一</span></span><br><span class="line"><span class="attr">basic_auth:</span></span><br><span class="line">  [ <span class="attr">username:</span> <span class="string">&lt;string&gt;</span> ]</span><br><span class="line">  [ <span class="attr">password:</span> <span class="string">&lt;secret&gt;</span> ]</span><br><span class="line">  [ <span class="attr">password_file:</span> <span class="string">&lt;string&gt;</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 在每个拉取请求上配置 bearer token 来设置 Authorization 头部，bearer_token 和 bearer_token_file 二选一</span></span><br><span class="line">[ <span class="attr">bearer_token:</span> <span class="string">&lt;secret&gt;</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 在每个拉取请求上配置 bearer_token_file 来设置 Authorization 头部，bearer_token_file 和 bearer_token 二选一</span></span><br><span class="line">[ <span class="attr">bearer_token_file:</span> <span class="string">/path/to/bearer/token/file</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 配置拉取请求的TLS设置</span></span><br><span class="line"><span class="attr">tls_config:</span></span><br><span class="line">  [ <span class="string">&lt;tls_config&gt;</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment"># 可选的代理URL</span></span><br><span class="line">[ <span class="attr">proxy_url:</span> <span class="string">&lt;string&gt;</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Azure服务发现配置列表</span></span><br><span class="line"><span class="attr">azure_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;azure_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Consul服务发现配置列表</span></span><br><span class="line"><span class="attr">consul_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;consul_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># DNS服务发现配置列表</span></span><br><span class="line"><span class="attr">dns_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;dns_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># EC2服务发现配置列表</span></span><br><span class="line"><span class="attr">ec2_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;ec2_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment"># OpenStack服务发现配置列表</span></span><br><span class="line"><span class="attr">openstack_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;openstack_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># file服务发现配置列表</span></span><br><span class="line"><span class="attr">file_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;file_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># GCE服务发现配置列表</span></span><br><span class="line"><span class="attr">gce_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;gce_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Kubernetes服务发现配置列表</span></span><br><span class="line"><span class="attr">kubernetes_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;kubernetes_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Marathon服务发现配置列表</span></span><br><span class="line"><span class="attr">marathon_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;marathon_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment"># AirBnB&#x27;s Nerve服务发现配置列表</span></span><br><span class="line"><span class="attr">nerve_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;nerve_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Zookeeper Serverset服务发现配置列表</span></span><br><span class="line"><span class="attr">serverset_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;serverset_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># Triton服务发现配置列表</span></span><br><span class="line"><span class="attr">triton_sd_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;triton_sd_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 静态配置目标列表</span></span><br><span class="line"><span class="attr">static_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;static_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 目标relabel配置列表</span></span><br><span class="line"><span class="attr">relabel_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;relabel_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment"># metric relabel配置列表</span></span><br><span class="line"><span class="attr">metric_relabel_configs:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;relabel_config&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 每次拉取样品的数量限制</span></span><br><span class="line"><span class="comment"># metric relabelling之后，如果有超过这个数量的样品，整个拉取将被视为失效。0表示没有限制</span></span><br><span class="line">[ <span class="attr">sample_limit:</span> <span class="string">&lt;int&gt;</span> <span class="string">|</span> <span class="string">default</span> <span class="string">=</span> <span class="number">0</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="string">远程读写配置</span> <span class="string">remote_read/remote_write：</span></span><br><span class="line"><span class="string">remote_read/remote_write将数据源与prometheus分离，当前不做配置。</span></span><br><span class="line"><span class="comment"># 与远程写功能相关的设置</span></span><br><span class="line"><span class="attr">remote_write:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;remote_write&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"><span class="comment"># 与远程读功能相关的设置</span></span><br><span class="line"><span class="attr">remote_read:</span></span><br><span class="line">  [ <span class="bullet">-</span> <span class="string">&lt;remote_read&gt;</span> <span class="string">...</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="string">简单配置示例：</span></span><br><span class="line"><span class="string">vim</span> <span class="string">/usr/local/prometheus/prometheus.yml</span></span><br><span class="line"></span><br><span class="line"><span class="attr">global:</span></span><br><span class="line">  <span class="attr">scrape_interval:</span> <span class="string">15s</span></span><br><span class="line">  <span class="attr">evaluation_interval:</span> <span class="string">15s</span></span><br><span class="line"></span><br><span class="line"><span class="attr">alerting:</span></span><br><span class="line">  <span class="attr">alertmanagers:</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">static_configs:</span></span><br><span class="line">    <span class="bullet">-</span> <span class="attr">targets:</span></span><br><span class="line">      <span class="comment"># - alertmanager:9093</span></span><br><span class="line"></span><br><span class="line"><span class="attr">rule_files:</span></span><br><span class="line">  <span class="comment"># - &quot;first_rules.yml&quot;</span></span><br><span class="line">  <span class="comment"># - &quot;second_rules.yml&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="attr">scrape_configs:</span></span><br><span class="line">  <span class="bullet">-</span> <span class="attr">job_name:</span> <span class="string">&#x27;prometheus&#x27;</span></span><br><span class="line">    <span class="attr">static_configs:</span></span><br><span class="line">    <span class="bullet">-</span> <span class="attr">targets:</span> [<span class="string">&#x27;localhost:9090&#x27;</span>]</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<span id="more"></span>

]]></content>
      <categories>
        <category>prometheus</category>
      </categories>
      <tags>
        <tag>centos</tag>
        <tag>prometheus</tag>
      </tags>
  </entry>
</search>