搜索到
104
篇与
的结果
-
Kibana 8.14.3 完整部署方案 一、整体规划项目值运行用户appKibana 安装路径/data/app/kibana-serverKibana 配置目录/data/app/kibana-server/configKibana 日志目录/data/app/kibana-logs监听端口5601访问协议HTTP(可后续配置 HTTPS)对接 ES 地址https://192.168.101.44:9200(使用你之前服务器的 IP)二、完整部署步骤2.1 下载并解压 Kibana(使用国内镜像)# 切换到 app 用户 sudo -i -u app # 进入安装目录 cd /data/app # 使用华为云镜像下载 Kibana 8.14.3 wget https://mirrors.huaweicloud.com/kibana/8.14.3/kibana-8.14.3-linux-x86_64.tar.gz # 解压 tar xzvf kibana-8.14.3-linux-x86_64.tar.gz # 重命名目录 mv kibana-8.14.3 kibana-server # 清理安装包 rm -f kibana-8.14.3-linux-x86_64.tar.gz # 创建日志目录 mkdir -p /data/app/kibana-logs2.2 配置 Kibana# 备份原始配置 cp /data/app/kibana-server/config/kibana.yml /data/app/kibana-server/config/kibana.yml.bak # 编辑配置文件 vi /data/app/kibana-server/config/kibana.yml写入以下完整配置(根据你的实际环境修改 ES 地址和密码):# ======================== 服务器配置 ======================== server.host: "0.0.0.0" server.port: 5601 # ======================== Elasticsearch 连接配置 ======================== elasticsearch.hosts: ["http://192.168.101.44:9200"] elasticsearch.username: "kibana" elasticsearch.password: "YourKibanaPassword123!" elasticsearch.ssl.verificationMode: none # ======================== 新版日志配置(替代 logging.dest) ======================== logging: appenders: file: type: file fileName: /data/app/kibana-logs/kibana.log layout: type: json root: appenders: [file] level: info # ======================== 其他配置 ======================== i18n.locale: "zh-CN"2.3 设置目录权限# 退出 app 用户 exit # 确保所有目录属主为 app sudo chown -R app:app /data/app/kibana-server sudo chown -R app:app /data/app/kibana-logs2.4 配置系统参数(可选,提高并发)# 增加文件描述符限制(与 ES 保持一致) echo "app soft nofile 65535" | sudo tee -a /etc/security/limits.conf echo "app hard nofile 65535" | sudo tee -a /etc/security/limits.conf三、创建 Systemd 服务文件sudo vi /etc/systemd/system/kibana.service写入以下内容:[Unit] Description=Kibana Server Documentation=https://www.elastic.co After=network.target elasticsearch.service Wants=elasticsearch.service [Service] Type=simple User=app Group=app WorkingDirectory=/data/app/kibana-server Environment=NODE_OPTIONS="--max-old-space-size=512" ExecStart=/data/app/kibana-server/bin/kibana ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=3 LimitNOFILE=65535 LimitNPROC=4096 TimeoutStopSec=20 [Install] WantedBy=multi-user.target四、启动并管理 Kibana4.1 启动服务# 重载 systemd 配置 sudo systemctl daemon-reload # 启动 Kibana sudo systemctl start kibana # 设置开机自启 sudo systemctl enable kibana # 查看服务状态 sudo systemctl status kibana4.2 查看日志(排查问题)# 查看 systemd 日志 sudo journalctl -u kibana -f # 查看 Kibana 自身日志 sudo tail -f /data/app/kibana-logs/kibana.log4.3 常用管理命令# 启动 sudo systemctl start kibana # 停止 sudo systemctl stop kibana # 重启 sudo systemctl restart kibana # 查看状态 sudo systemctl status kibana # 查看实时日志 sudo journalctl -u kibana -f # 禁用开机自启 sudo systemctl disable kibana五、防火墙配置# 开放 Kibana 端口 5601 sudo firewall-cmd --permanent --add-port=5601/tcp sudo firewall-cmd --reload六、验证 Kibana 部署6.1 本地测试# 访问 Kibana 首页 curl http://localhost:5601 # 应该返回 HTML 内容(包含 "Kibana" 字样)6.2 浏览器访问打开浏览器,访问 http://<你的服务器IP>:5601如果连接正常,会看到 Kibana 欢迎页面首次访问可能需要等待几分钟初始化索引不需要额外登录(Kibana 本身不设认证,但连接 ES 使用了认证)6.3 测试与 ES 的数据交互进入 Kibana 界面 → 点击左上角菜单 → Management → Dev Tools在控制台中执行以下命令(测试 ES 连接):# 查看集群健康状态 GET /_cluster/health # 创建测试索引 PUT /test-kibana-index # 添加文档 POST /test-kibana-index/_doc { "message": "Hello Kibana!", "timestamp": "2026-06-03" } # 搜索文档 GET /test-kibana-index/_search七、常见问题排查问题可能原因解决方案Kibana 无法启动端口被占用`sudo netstat -tlnpgrep 5601,修改 server.port`连接 ES 失败ES 地址/认证错误检查 elasticsearch.hosts、用户名、密码SSL 证书错误ES 使用自签名证书设置 elasticsearch.ssl.verificationMode: nonekibana 用户不存在未在 ES 中创建在 ES 中执行创建 kibana 用户的 API日志目录权限错误目录属主不是 appsudo chown -R app:app /data/app/kibana-logs访问 5601 无响应防火墙未开放检查防火墙规则,开放 5601 端口Kibana 一直显示“Kibana server is not ready yet”ES 未就绪或 Kibana 索引初始化慢等待 2-3 分钟,查看日志 journalctl -u kibana -f -
Elasticsearch 8.14.3 完整部署方案 一、环境规划项目值运行用户appJDK 安装路径/data/app/jdk17ES 安装路径/data/app/es-serverES 数据目录/data/app/es-dataES 日志目录/data/app/es-logsES 配置目录/data/app/es-server/config证书目录/data/app/es-server/config/certs服务端口9200 (HTTPS)集群模式单节点二、完整部署命令2.1 创建 app 用户和基础目录# 创建 app 用户 sudo useradd app -m -s /bin/bash # 创建安装根目录并授权 sudo mkdir -p /data/app sudo chown app:app /data/app2.2 安装 JDK 17# 切换到 app 用户 sudo -i -u app # 进入安装目录 cd /data/app # 下载 JDK 17 wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/17/jdk/x64/linux/OpenJDK17U-jdk_x64_linux_hotspot_17.0.19_10.tar.gz # 解压 tar xzvf OpenJDK17U-jdk_x64_linux_hotspot_17.0.19_10.tar.gz # 重命名目录 mv jdk-17.0.19+10/ jdk17 # 清理安装包 rm -f OpenJDK17U-jdk_x64_linux_hotspot_17.0.19_10.tar.gz # 配置环境变量 echo 'export JAVA_HOME=/data/app/jdk17' >> /home/app/.bashrc echo 'export PATH=$PATH:$JAVA_HOME/bin' >> /home/app/.bashrc source /home/app/.bashrc # 验证 JDK java -version2.3 安装 Elasticsearch# 仍在 app 用户下执行 cd /data/app # 下载 ES 8.14.3 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-linux-x86_64.tar.gz # 解压 tar xzvf elasticsearch-8.14.3-linux-x86_64.tar.gz # 重命名 mv elasticsearch-8.14.3 es-server # 清理安装包 rm -f elasticsearch-8.14.3-linux-x86_64.tar.gz # 创建数据和日志目录 mkdir -p /data/app/es-data mkdir -p /data/app/es-logs2.4 生成 SSL 证书(开启安全认证必需)# 仍在 app 用户下执行 cd /data/app/es-server # 生成 CA 证书(直接回车,不设密码) ./bin/elasticsearch-certutil ca # 生成节点证书(直接回车,不设密码) ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 创建证书目录并移动证书 mkdir -p config/certs mv elastic-certificates.p12 config/certs/ mv elastic-stack-ca.p12 config/certs/ # 设置证书权限 chmod 644 config/certs/elastic-certificates.p122.5 配置 Elasticsearch# 备份原配置 cp /data/app/es-server/config/elasticsearch.yml /data/app/es-server/config/elasticsearch.yml.bak # 写入新配置 cat > /data/app/es-server/config/elasticsearch.yml << 'EOF' # ======================== 路径配置 ======================== path.data: /data/app/es-data path.logs: /data/app/es-logs # ======================== 集群配置 ======================== cluster.name: my-app-cluster node.name: node-1 network.host: 0.0.0.0 http.port: 9200 discovery.type: single-node # ======================== 安全认证配置 ======================== # 开启安全功能 xpack.security.enabled: true # 传输层 SSL 配置(节点间通信) xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 # HTTP 层 SSL 配置(开启 HTTPS) xpack.security.http.ssl.enabled: false xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12 EOF2.6 配置 JVM 堆内存(可选,根据服务器内存调整)# 设置堆内存为 1G(根据实际情况调整) sed -i 's/^-Xms.*/-Xms1g/' /data/app/es-server/config/jvm.options sed -i 's/^-Xmx.*/-Xmx1g/' /data/app/es-server/config/jvm.options2.7 退出 app 用户,配置系统参数# 退出 app 用户 exit# 配置文件描述符限制 echo "app soft nofile 65535" | sudo tee -a /etc/security/limits.conf echo "app hard nofile 65535" | sudo tee -a /etc/security/limits.conf # 配置虚拟内存映射数 echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf sudo sysctl -p # 配置进程限制 echo "app soft nproc 4096" | sudo tee -a /etc/security/limits.conf echo "app hard nproc 4096" | sudo tee -a /etc/security/limits.conf2.8 创建 Systemd 服务文件sudo cat > /etc/systemd/system/elasticsearch.service << 'EOF' [Unit] Description=Elasticsearch Server Documentation=https://www.elastic.co After=network.target [Service] Type=simple User=app Group=app WorkingDirectory=/data/app/es-server Environment=JAVA_HOME=/data/app/jdk17 Environment=ES_PATH_CONF=/data/app/es-server/config ExecStart=/data/app/es-server/bin/elasticsearch ExecReload=/bin/kill -HUP $MAINPID KillMode=process LimitNOFILE=65535 LimitNPROC=4096 TimeoutStopSec=20 Restart=on-failure RestartSec=3 [Install] WantedBy=multi-user.target EOF2.9 设置目录权限并启动服务# 确保所有目录属主为 app sudo chown -R app:app /data/app # 重载 systemd sudo systemctl daemon-reload # 启动 Elasticsearch sudo systemctl start elasticsearch # 查看启动状态(等待 10-20 秒让服务完全启动) sleep 15 sudo systemctl status elasticsearch2.10 设置内置用户密码# 使用 auto 模式,自动生成随机密码 sudo -u app /data/app/es-server/bin/elasticsearch-setup-passwords auto --insecure执行后,系统会提示输入以下用户的密码(请务必牢记):用户说明密码建议elastic超级管理员强密码kibanaKibana 连接用强密码logstash_systemLogstash 监控随机密码beats_systemBeats 监控随机密码apm_systemAPM 监控随机密码remote_monitoring_user远程监控随机密码2.11 开启防火墙端口# 开放 9200 端口 sudo firewall-cmd --permanent --add-port=9200/tcp sudo firewall-cmd --reload2.12 设置开机自启sudo systemctl enable elasticsearch三、验证部署3.1 基础验证(HTTPS + 认证)# 使用 elastic 用户和密码访问(-k 忽略自签名证书验证) curl -u elastic:<你设置的密码> http://localhost:9200预期输出:{ "name" : "node-1", "cluster_name" : "my-app-cluster", "cluster_uuid" : "xxxxxxxxxxxxxxxxxxxxxx", "version" : { "number" : "8.14.3", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "d55f984299e0e88dee72ebd8255f7ff130859ad0", "build_date" : "2024-07-07T22:04:49.882652950Z", "build_snapshot" : false, "lucene_version" : "9.10.0", "minimum_wire_compatibility_version" : "7.17.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "You Know, for Search" }3.2 查看集群健康状态curl -k -u elastic:<密码> https://localhost:9200/_cluster/health?pretty3.3 查看节点信息curl -k -u elastic:<密码> https://localhost:9200/_cat/nodes?v3.4 远程访问验证(从其他机器执行)curl -k -u elastic:<密码> https://<服务器IP>:9200四、日常管理命令4.1 服务管理# 启动 sudo systemctl start elasticsearch # 停止 sudo systemctl stop elasticsearch # 重启 sudo systemctl restart elasticsearch # 查看状态 sudo systemctl status elasticsearch # 查看日志 sudo journalctl -u elasticsearch -f # 查看最近 100 行日志 sudo journalctl -u elasticsearch -n 1004.2 密码管理# 修改 elastic 用户密码 curl -k -u elastic:<旧密码> -X POST https://localhost:9200/_security/user/elastic/_password -H "Content-Type: application/json" -d '{"password":"<新密码>"}' # 创建新用户 curl -k -u elastic:<密码> -X POST https://localhost:9200/_security/user/monitor -H "Content-Type: application/json" -d '{"password":"<密码>","roles":["monitoring_user"]}'4.3 证书管理# 查看证书信息 openssl pkcs12 -info -in /data/app/es-server/config/certs/elastic-certificates.p12 -nokeys五、目录结构总览/data/app/ ├── jdk17/ # JDK 安装目录 │ ├── bin/ │ ├── lib/ │ └── ... ├── es-server/ # ES 安装目录 │ ├── bin/ # 可执行文件 │ ├── config/ │ │ ├── elasticsearch.yml # 主配置文件 │ │ ├── jvm.options # JVM 配置 │ │ └── certs/ # SSL 证书目录 │ │ ├── elastic-certificates.p12 │ │ └── elastic-stack-ca.p12 │ ├── lib/ # 依赖库 │ └── modules/ # 模块 ├── es-data/ # 数据目录 │ └── nodes/ # 节点数据 └── es-logs/ # 日志目录 └── elasticsearch.log # 主日志文件六、常见问题排查问题检查命令解决方案服务启动失败sudo systemctl status elasticsearch查看错误信息,检查配置文件语法证书错误sudo journalctl -u elasticsearch -n 50确认证书路径正确,权限为 644内存不足free -h调整 jvm.options 中的 -Xms 和 -Xmx端口被占用`sudo netstat -tlnpgrep 9200`修改 http.port 或停止占用进程认证失败检查密码是否正确使用 elasticsearch-setup-passwords 重置远程无法访问sudo firewall-cmd --list-all确认防火墙开放 9200 端口七、安全建议(生产环境)证书替换:自签名证书仅适用于测试环境,生产环境请使用 CA 签发的正式证书IP 绑定:network.host: 0.0.0.0 允许所有 IP 访问,建议改为具体内网 IP防火墙:仅允许可信 IP 访问 9200 端口定期改密:定期更换 elastic 等内置用户密码审计日志:开启审计功能 xpack.security.audit.enabled: true备份:定期备份 /data/app/es-data 目录和证书文件
-
三主三从 Redis 集群搭建与重启数据保障方案 一、环境规划与准备工作1.1 节点分配服务器 IP端口角色备注192.168.101.416379Master 1主节点192.168.101.416380Slave 1从节点(作为 .41 主节点的备用)192.168.101.426379Master 2主节点192.168.101.426380Slave 2从节点(作为 .42 主节点的备用)192.168.101.436379Master 3主节点192.168.101.436380Slave 3从节点(作为 .43 主节点的备用)注意:Redis 集群的总线通信端口会自动占用 port + 10000,即 16379 和 16380,也需要开放。1.2 软件环境要求操作系统:CentOS 7.xRedis 版本:5.0 或以上(推荐 6.2.x / 7.2.x,内置集群管理工具)网络互通:三台服务器之间需能互相 ping 通,所有端口可互相访问运行账号:app(如不存在则自动创建)二、每台服务器统一操作步骤(共三台)以下操作需在 192.168.101.41、192.168.101.42、192.168.101.43 三台服务器上各自执行一遍。2.1 创建 app 账号(如已存在可跳过)# 创建 app 用户组和用户(无登录 shell) groupadd app useradd -g app -m -s /sbin/nologin app # 设置目录权限(后续创建目录后需 chown)2.2 安装 Redis(三台机器)# 安装依赖 yum install -y gcc gcc-c++ make tcl # 下载源码 mkdir -p /data/app/src && cd /data/app/src wget https://download.redis.io/releases/redis-7.2.5.tar.gz tar -zxvf redis-7.2.5.tar.gz cd redis-7.2.5 # 编译并指定安装路径 make make install PREFIX=/data/app/redis # 将二进制路径加入 PATH(永久生效) echo 'export PATH=/data/app/redis/bin:$PATH' > /etc/profile.d/redis.sh source /etc/profile.d/redis.sh # 验证 /data/app/redis/bin/redis-server --version2.3 创建工作目录(每台机器)# 创建两个实例的工作目录 mkdir -p /data/redis-cluster/{6379,6380}/data mkdir -p /data/redis-cluster/{6379,6380}/conf mkdir -p /data/redis-cluster/{6379,6380}/logs # 创建集群节点配置文件目录 mkdir -p /var/run/redis-cluster # 修改目录所有者为 app chown -R app:app /data/redis-cluster chown -R app:app /var/run/redis-cluster2.4 生成主节点配置文件(端口 6379)编辑配置文件:vi /data/redis-cluster/6379/conf/redis.conf内容如下(以 192.168.101.41 为例,其他机器相同):# 基础配置 port 6379 bind 0.0.0.0 protected-mode no daemonize yes pidfile /var/run/redis-cluster/redis_6379.pid loglevel notice logfile /data/redis-cluster/6379/logs/redis.log # 工作目录和数据目录 dir /data/redis-cluster/6379/data # ========== 集群配置 ========== cluster-enabled yes cluster-config-file /data/redis-cluster/6379/conf/nodes-6379.conf cluster-node-timeout 5000 # ========== 数据持久化配置 ========== save 900 1 save 300 10 save 60 10000 rdbcompression yes dbfilename dump-6379.rdb appendonly yes appendfilename "appendonly-6379.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb # 访问密码 requirepass redispasswd # 主从同步认证密码 masterauth redispasswd2.5 生成从节点配置文件(端口 6380)vi /data/redis-cluster/6380/conf/redis.conf内容(将 6379 替换为 6380):port 6380 bind 0.0.0.0 protected-mode no daemonize yes pidfile /var/run/redis-cluster/redis_6380.pid loglevel notice logfile /data/redis-cluster/6380/logs/redis.log dir /data/redis-cluster/6380/data cluster-enabled yes cluster-config-file /data/redis-cluster/6380/conf/nodes-6380.conf cluster-node-timeout 5000 save 900 1 save 300 10 save 60 10000 rdbcompression yes dbfilename dump-6380.rdb appendonly yes appendfilename "appendonly-6380.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb requirepass redispasswd masterauth redispasswd2.6 配置防火墙(三台机器)# 开放 Redis 端口 firewall-cmd --permanent --add-port=6379/tcp firewall-cmd --permanent --add-port=6380/tcp # 开放集群总线端口 firewall-cmd --permanent --add-port=16379/tcp firewall-cmd --permanent --add-port=16380/tcp # 重载防火墙 firewall-cmd --reload # 验证 firewall-cmd --list-ports若生产环境不方便关闭 SELinux,可临时关闭:setenforce 0 sed -i 's/=enforcing/=disabled/g' /etc/selinux/config2.7 配置 systemd 开机自启(使用 app 账号):# 主节点 service cat > /etc/systemd/system/redis-6379.service << EOF [Unit] Description=Redis Server 6379 After=network.target [Service] Type=forking User=app Group=app ExecStart=/data/app/redis/bin/redis-server /data/redis-cluster/6379/conf/redis.conf ExecStop=/data/app/redis/bin/redis-cli -p 6379 -a 'redispasswd' shutdown Restart=always [Install] WantedBy=multi-user.target EOF # 从节点 service(端口改为 6380) cat > /etc/systemd/system/redis-6380.service << EOF [Unit] Description=Redis Server 6380 After=network.target [Service] Type=forking User=app Group=app ExecStart=/data/app/redis/bin/redis-server /data/redis-cluster/6380/conf/redis.conf ExecStop=/data/app/redis/bin/redis-cli -p 6380 -a 'redispasswd' shutdown Restart=always [Install] WantedBy=multi-user.target EOF # 启用 systemctl enable redis-6379 redis-6380 # 验证 ps aux | grep redis-server netstat -tuln | grep -E '6379|6380'三、创建 Redis 集群(只需在一台机器执行)当 三台服务器上的 6 个 Redis 实例全部启动后,在任意一台有 redis-cli 的机器上执行:redis-cli -a 'redispasswd' --cluster create \ 192.168.101.41:6379 \ 192.168.101.42:6379 \ 192.168.101.43:6379 \ 192.168.101.41:6380 \ 192.168.101.42:6380 \ 192.168.101.43:6380 \ --cluster-replicas 1系统会输出槽位分配,输入 yes 确认。看到以下输出即成功:text[OK] All 16384 slots covered.四、数据持久化配置详解4.1 双重持久化策略:AOF + RDBAOF 每秒同步:appendfsync everysec 最多丢失 1 秒数据。重启优先使用 AOF 恢复,数据更完整。AOF 重写:自动压缩,避免文件过大。4.2 验证持久化是否生效# 写入测试数据 redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' set test_key "test_value" # 检查持久化文件 ls -la /data/redis-cluster/6379/data/ # 应有 .rdb 和 .aof # 手动触发 AOF 重写 redis-cli -p 6379 -a 'redispasswd' BGREWRITEAOF五、重启与数据恢复验证方案5.1 重启单个 Redis 实例# 写入测试数据 redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' set user:1001 "test1001" # 停止实例(使用 app 账号) su - app -s /bin/bash -c "/data/app/redis/bin/redis-cli -h 192.168.101.41 -p 6379 -a 'redispasswd' shutdown" # 重启 service redis-6379 restart # 验证数据 redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' get user:1001 # 应返回 "test1001"5.2 模拟实例宕机(kill -9)# 写入 100 条数据 for i in {1..100}; do redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' --no-auth-warning set "test:key:$i" "value_$i" 2>/dev/null printf "Progress: %3d/100\r" $i done echo -e "\n✅ 写入完成" # 强制杀死进程(查找 app 用户的进程) systemctl stop redis-6379 redis-6380 # 重启 systemctl restart redis-6379 redis-6380 # 查询所有节点的key总数 echo "=== 分别查询每个节点 ===" for node in 192.168.101.41 192.168.101.42 192.168.101.43; do count=$(redis-cli -h $node -p 6379 -a 'redispasswd' --no-auth-warning keys "test:key:*" 2>/dev/null | wc -l) echo "$node:6379 - $count 条" done echo "" echo "总计:32 + 30 + 38 = 100 条 ✅"5.3 整机重启(模拟断电/维护)前提:已配置 systemd 开机自启。# 重启前写入标记 redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' set after_reboot_test "data_before_reboot" # 重启服务器 reboot # 重启后检查 systemctl status redis-6379 redis-6380 redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' cluster info | grep cluster_state # 应为 ok redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' get after_reboot_test # 应返回原值5.4 主节点故障自动转移(高可用)# 写入 1000 条数据 for i in {1..1000}; do redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' set hatest:$i "payload_$i" done # 关闭主节点 192.168.101.41:6379 redis-cli -h 192.168.101.41 -p 6379 -a 'redispasswd' shutdown # 等待 15 秒,查看哪个从节点被提升 redis-cli -h 192.168.101.42 -p 6379 -a 'redispasswd' cluster nodes # 数据验证(连接新主节点) redis-cli -c -h 192.168.101.42 -p 6380 -a 'redispasswd' get hatest:500六、常用管理与监控命令6.1 集群状态检查redis-cli -c -h 192.168.101.41 -p 6379 -a 'redispasswd' > cluster info > cluster nodes > cluster slots6.2 单节点管理# 停止节点(使用 app 账号) su -s /bin/bash -c "/data/app/redis/bin/redis-cli -h 192.168.101.41 -p 6379 -a 'redispasswd' shutdown" app # 启动节点 su -s /bin/bash -c "/data/app/redis/bin/redis-server /data/redis-cluster/6379/conf/redis.conf" app # 查看日志 tail -f /data/redis-cluster/6379/logs/redis.log6.3 数据持久化验证ls -lh /data/redis-cluster/*/data/*.aof redis-cli -h 192.168.101.41 -p 6379 -a 'redispasswd' BGSAVE redis-cli -h 192.168.101.41 -p 6379 -a 'redispasswd' BGREWRITEAOF七、故障排查清单🔴 问题1:重启后节点未自动加入集群确保 cluster-config-file 目录可写且属主为 app检查网络:telnet 192.168.101.42 6379手动握手:redis-cli -h 192.168.101.42 -p 6379 -a 'redispasswd' CLUSTER MEET 192.168.101.41 6379🔴 问题2:数据恢复不完整检查 appendonly yes 是否配置修复 AOF:redis-check-aof --fix /path/to/appendonly.aof🔴 问题3:集群状态为 FAIL检查所有节点是否运行:ps aux | grep redis-server检查防火墙端口(包括 16379、16380)等待足够节点恢复后集群自动恢复🔴 问题4:权限不足导致启动失败检查目录权限:ls -la /data/redis-cluster(应为 app:app)检查 PID 目录权限:ls -la /var/run/redis-cluster使用 su 命令切换用户启动,或通过 systemd(已配置 User=app)启动八、Redis 集群版本升级方案(不停服滚动升级)8.1 升级前准备8.1.1 环境检查# 记录当前版本(三台机器) /data/app/redis/bin/redis-server --version # 记录集群状态 redis-cli -a 'redispasswd' --cluster check 192.168.101.41:6379 # 备份当前二进制及配置文件(三台机器) tar -czf /data/backup/redis-$(date +%Y%m%d)-bin.tar.gz /data/app/redis/ cp -r /data/redis-cluster /data/backup/redis-cluster-$(date +%Y%m%d)8.1.2 下载目标版本(以升级到 7.4.0 为例)cd /data/app/src wget https://download.redis.io/releases/redis-7.4.0.tar.gz tar -zxvf redis-7.4.0.tar.gz cd redis-7.4.0 # 编译 make8.2.1 升级从节点(以 192.168.101.41:6380 为例)# 1. 确认当前角色为从节点 redis-cli -h 192.168.101.41 -p 6380 -a 'redispasswd' role # 预期输出中 "role" 为 "slave" # 2. 停止旧版本实例 systemctl stop redis-6380 # 3. 替换二进制文件 mv /data/app/redis/bin /data/app/redis/bin.bak-$(date +%Y%m%d) mkdir -p /data/app/redis/bin cp /data/app/src/redis-7.4.0/src/{redis-server,redis-cli,redis-check-aof,redis-check-rdb,redis-sentinel} /data/app/redis/bin/ # 4. 验证新版本 /data/app/redis/bin/redis-server --version # 5. 启动新版本实例 systemctl start redis-6380 # 6. 验证同步状态 redis-cli -h 192.168.101.41 -p 6380 -a 'redispasswd' info replication | grep -E "role|master_link_status"8.2.2 执行主从切换(可选,如需升级主节点)# 手动触发故障转移,将从节点提升为主节点 redis-cli -h 192.168.101.41 -p 6380 -a 'redispasswd' cluster failover # 等待切换完成(约 5-10 秒) sleep 10 # 验证新主节点 redis-cli -h 192.168.101.41 -p 6380 -a 'redispasswd' role # 预期 "role" 变为 "master"8.2.3 升级原主节点(现在已降级为从节点)# 此时原主节点 6379 已变为从节点,重复 8.2.1 步骤升级 systemctl stop redis-6379 # ... 替换二进制 ... systemctl start redis-63798.2.4 依次升级其他机器机器升级顺序建议192.168.101.416380(从)→ 6379(原主)192.168.101.426380(从)→ 6379(原主)192.168.101.436380(从)→ 6379(原主)8.3 升级后验证8.3.1 集群健康检查# 检查集群状态 redis-cli -a 'redispasswd' --cluster check 192.168.101.41:6379 # 验证所有节点版本 for port in 6379 6380; do echo "=== 192.168.101.41:$port ===" redis-cli -h 192.168.101.41 -p $port -a 'redispasswd' info server | grep redis_version done8.3.2 数据完整性验证# 查询所有节点的key总数 echo "=== 分别查询每个节点 ===" for node in 192.168.101.41 192.168.101.42 192.168.101.43; do count=$(redis-cli -h $node -p 6379 -a 'redispasswd' --no-auth-warning keys "test:key:*" 2>/dev/null | wc -l) echo "$node:6379 - $count 条" done echo "" echo "总计:32 + 30 + 38 = 100 条 ✅"8.4 回滚方案(升级失败时)8.4.1 快速回滚(保留原二进制备份)# 停止问题实例 systemctl stop redis-6379 # 恢复旧版本二进制 rm -rf /data/app/redis/bin mv /data/app/redis/bin.bak-YYYYMMDD /data/app/redis/bin # 重启实例 systemctl start redis-63798.4.2 全量回滚(保留配置和数据)# 停止所有实例 systemctl stop redis-6379 redis-6380 # 恢复完整环境(从备份) rm -rf /data/app/redis tar -xzf /data/backup/redis-YYYYMMDD-bin.tar.gz -C / # 重启所有实例 systemctl start redis-6379 redis-63808.5 升级注意事项风险点应对措施客户端协议不兼容升级前确认业务使用的 Redis 命令未被废弃或变更RDB/AOF 加载失败升级前在测试环境验证,生产环境先升级单节点观察集群脑裂滚动升级期间避免同时重启多个主节点密码/ACL 变更新版本可能引入 ACL 规则变化,检查 requirepass 与 masterauth模块兼容性如使用了 Redis Module(如 RediSearch),需同步升级模块8.6 升级检查清单- [ ] 已记录当前版本与集群状态 - [ ] 已完成二进制及配置文件备份 - [ ] 已在测试环境完成版本兼容性验证 - [ ] 已通知业务方升级时间窗口 - [ ] 已准备回滚脚本与备份文件 - [ ] 滚动升级过程中每完成一个节点均验证同步状态 - [ ] 升级后完成集群健康检查与数据抽样验证 - [ ] 已更新运维文档中的版本信息
-
NFSv4服务搭建 1. 安装NFS服务端 yum install nfs-utils -y2. 创建并配置共享目录mkdir /data/nfs3.修改 /etc/exports 配置文件vim /etc/exports 在文件末尾添加一行,指定要共享的目录、允许的客户端网段和权限: /data/nfs 192.168.137.200(rw,sync,no_root_squash,fsid=0) \ 192.168.137.201(rw,sync,no_root_squash,fsid=0) \ 192.168.137.202(rw,sync,no_root_squash,fsid=0)参数说明fsid=0NFSv4 必需。标识根文件系统,NFSv4 通过此参数识别导出的根no_root_squash允许客户端 root 用户保留服务器端 root 权限rw读写权限sync同步写入,保证数据一致性4.重启服务# 重启 NFS 服务 systemctl restart nfs-server # 查看当前导出状态 exportfs -v5. 配置防火墙(NFSv4 只需开放 2049 端口)NFSv4 的优势:仅需 TCP 2049 端口!# firewalld(CentOS/RHEL) firewall-cmd --permanent --add-port=2049/tcp firewall-cmd --reload6. 客户端挂载与验证在客户端安装 NFS 支持:# CentOS/RHEL yum install nfs-utils -y挂载 NFSv4 共享:# 创建挂载点 mkdir /mnt/nfs_test # NFSv4 挂载(注意 vers=4 参数) mount -t nfs -o vers=4 192.168.137.3:/ /mnt/nfs_testdf -h验证[root@master ~]# df -h | grep nfs df: /mnt/nfs_client: Stale file handle 192.168.137.3:/ 119G 37G 76G 33%cd /mnt/nfs_test7.开机启动挂载sudo vim /etc/fstab # 在文件末尾添加以下内容: 192.168.137.3:/ /mnt/nfs_test nfs vers=4,noatime,hard,intr,_netdev 0 0 # 验证 umount /mnt/nfs_test mount -a
-
Windows netsh 端口转发完全指南[临时暴露内网服务解决方案 Windows netsh 端口转发完全指南[临时暴露内网服务解决方案netsh (Network Shell) 是 Windows 系统自带的强大网络配置命令行工具,其中的 interface portproxy 组件可以实现系统级的端口转发功能。📋 一、什么是 netsh 端口转发?端口转发是指将发往本机某个端口的网络流量,自动重定向到另一个目标地址和端口的过程。而 netsh 实现的是系统内核级别的端口转发,在 TCP/IP 协议栈层面完成流量转发。核心特点特性说明无需安装Windows 系统原生支持(Windows XP/Vista/7/8/10/11/Server 全系列)系统级转发在内核层面完成,对应用程序透明TCP 协议支持只支持 TCP 协议(不支持 UDP、ICMP 等)持久性规则永久生效(直到手动删除或系统重置)支持 IPv4 和 IPv6支持 v4tov4、v4tov6、v6tov4、v6tov6 四种组合🚀 二、核心命令详解2.1 添加端口转发规则基本语法:netsh interface portproxy add v4tov4 listenaddress=本地IP listenport=本地端口 connectaddress=目标IP connectport=目标端口参数说明:参数必填说明示例listenaddress否本机监听的IP地址192.168.1.100 或 0.0.0.0(所有接口)listenport是本机监听的端口8080connectaddress是目标服务器IP或域名10.0.0.5 或 example.comconnectport是目标服务器端口80常用示例:转发到内网服务器netsh interface portproxy add v4tov4 listenport=8080 connectaddress=192.168.1.100 connectport=80指定监听IP(多网卡环境)netsh interface portproxy add v4tov4 listenaddress=192.168.1.10 listenport=8080 connectaddress=10.0.0.5 connectport=3389IPv6 到 IPv4 转发netsh interface portproxy add v6tov4 listenport=8080 connectaddress=192.168.1.100 connectport=80转发到外部域名netsh interface portproxy add v4tov4 listenport=443 connectaddress=www.example.com connectport=4432.2 查看转发规则查看所有规则:netsh interface portproxy show all查看特定类型规则:netsh interface portproxy show v4tov4 netsh interface portproxy show v4tov6 netsh interface portproxy show v6tov4 netsh interface portproxy show v6tov6输出示例:侦听 ipv4: 连接到 ipv4: 地址 端口 地址 端口 --------------- ---------- --------------- ---------- 192.168.1.10 8080 10.0.0.5 3389 0.0.0.0 443 192.168.1.100 4432.3 删除转发规则删除单条规则:netsh interface portproxy delete v4tov4 listenaddress=192.168.1.10 listenport=8080批量删除:# 删除所有 v4tov4 规则 netsh interface portproxy reset🔧 三、完整实战案例场景1:远程桌面(RDP)转发将内网机器 A(192.168.1.100)的远程桌面(3389)通过本机(192.168.1.10)的 13389 端口暴露给外网。cmd# 1. 添加转发规则(管理员权限) netsh interface portproxy add v4tov4 listenport=13389 connectaddress=192.168.1.100 connectport=3389 # 2. 检查规则 netsh interface portproxy show all # 3. 开放防火墙端口 netsh advfirewall firewall add rule name="RDP Forward 13389" dir=in action=allow protocol=TCP localport=13389 # 4. 验证转发 # 从外网访问:你的公网IP:13389场景2:Web 服务临时共享将内网开发服务器(10.0.0.50:3000)的 Web 应用通过本机 8080 端口临时分享给团队。# 添加转发 netsh interface portproxy add v4tov4 listenport=8080 connectaddress=10.0.0.50 connectport=3000 # 开放防火墙 netsh advfirewall firewall add rule name="Web Share 8080" dir=in action=allow protocol=TCP localport=8080 # 通知同事访问:你的IP:8080场景3:多端口转发脚本创建一个批处理文件 setup_forward.bat:@echo off echo 正在设置端口转发规则... :: 转发 Web 服务 netsh interface portproxy add v4tov4 listenport=8080 connectaddress=192.168.1.101 connectport=80 :: 转发远程桌面 netsh interface portproxy add v4tov4 listenport=13389 connectaddress=192.168.1.102 connectport=3389 :: 转发数据库 netsh interface portproxy add v4tov4 listenport=3306 connectaddress=192.168.1.103 connectport=3306 :: 开放防火墙端口 for %%p in (8080 13389 3306) do ( netsh advfirewall firewall add rule name="Forward Port %%p" dir=in action=allow protocol=TCP localport=%%p ) echo 转发规则设置完成! netsh interface portproxy show all pause⚠️ 四、常见问题与解决方案问题1:转发不生效症状:规则添加成功,但访问失败排查步骤:# 1. 检查转发规则是否存在 netsh interface portproxy show all # 2. 检查防火墙是否开放端口 netsh advfirewall firewall show rule name="你的规则名" # 3. 检查端口监听状态 netstat -ano | findstr :8080 # 4. 检查 IP 路由是否启用 netsh interface ipv4 show interfaces # 需要确认"转发"状态为"已启用"问题2:只能本地访问,外部无法访问原因:listenaddress 设置了具体 IP 但防火墙或网络策略限制解决:# 修改为监听所有接口 netsh interface portproxy delete v4tov4 listenaddress=192.168.1.10 listenport=8080 netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=8080 connectaddress=10.0.0.5 connectport=80问题3:重启后规则消失原因:没有将规则保存为持久化配置解决:创建启动脚本# 创建 startup_forward.bat,放入启动文件夹 # shell:startup 打开启动文件夹 @echo off netsh interface portproxy add v4tov4 listenport=8080 connectaddress=192.168.1.100 connectport=80
-
CenterOS ELK环境搭建 1.准备工作1.1 安装jdk8(可以省略)下载安装包wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/8/jdk/x64/linux/OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz解压并移动到目标路径tar xzvf OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz mv jdk8u422-b05 jdk8 mv jdk8 /software/配置环境变量 vim ~/.bashrcexport JAVA_HOME=/software/jdk8 export PATH=$PATH:$JAVA_HOME/bin source ~/.bashrc验证[root@localhost ~]# java -version2.Elasticsearch 部署2.1 源码部署[单节点]下载源码包并解压下载地址:https://www.elastic.co/cn/downloads/elasticsearchhttps://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-linux-x86_64.tar.gz tar xzvf elasticsearch-8.14.3-linux-x86_64.tar.gz mkdir /data/elasticsearch mv elasticsearch-8.14.3 /data/elasticsearch/ cd /data/elasticsearch/elasticsearch-8.14.3/创建es启动用户# 创建用户 useradd es # 目录授权 chown es:es -R /data/elasticsearch/elasticsearch-8.14.3/ES 不能用root启动,否则会出现报错cd bin [root@localhost bin]# ./elasticsearch warning: ignoring JAVA_HOME=/software/jdk8; using bundled JDK Jul 28, 2024 12:07:26 AM sun.util.locale.provider.LocaleProviderAdapter <clinit> WARNING: COMPAT locale provider will be removed in a future release [2024-07-28T00:07:26,940][INFO ][o.e.n.NativeAccess ] [localhost.localdomain] Using [jdk] native provider and native methods for [Linux] [2024-07-28T00:07:26,953][ERROR][o.e.b.Elasticsearch ] [localhost.localdomain] fatal exception while booting Elasticsearchjava.lang.RuntimeException: can not run elasticsearch as root at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.initializeNatives(Elasticsearch.java:286) at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.initPhase2(Elasticsearch.java:169) at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:74) See logs for more details. ERROR: Elasticsearch did not exit normally - check the logs at /software/elasticsearch-8.14.3/logs/elasticsearch.log ERROR: Elasticsearch died while starting up, with exit code 1系统参数配置#1、设置系统参数 *表示所有用户生效 echo '* soft nofile 100001' >> /etc/security/limits.conf echo '* hard nofile 100002' >> /etc/security/limits.conf echo '* soft nproc 100001' >> /etc/security/limits.conf echo '* hard nproc 100002' >> /etc/security/limits.conf #2、设置内存设置 echo 'vm.max_map_count=655360' >> /etc/sysctl.conf #3、加载sysctl配置,执行命令 sysctl -p# 重启生效 reboot不配置系统参数启动会出现如下报错[2024-07-28T02:28:31,731][ERROR][o.e.b.Elasticsearch ] [es-node1] node validation exception [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/bootstrap-checks.html] bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/_file_descriptor_check.html] bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/_maximum_map_count_check.html] ERROR: Elasticsearch did not exit normally - check the logs at /software/elasticsearch-8.14.3/logs/es.log [2024-07-28T02:28:31,735][INFO ][o.e.n.Node ] [es-node1] stopping ... [2024-07-28T02:28:31,749][INFO ][o.e.n.Node ] [es-node1] stopped [2024-07-28T02:28:31,750][INFO ][o.e.n.Node ] [es-node1] closing ... [2024-07-28T02:28:31,756][INFO ][o.e.n.Node ] [es-node1] closed [2024-07-28T02:28:31,758][INFO ][o.e.x.m.p.NativeController] [es-node1] Native controller process has stopped - no new native processes can be started ERROR: Elasticsearch died while starting up, with exit code 78修改配置文件vim config/elasticsearch.yml修改数据和日志目录(这里可以不用修改,如果不修改,默认放在elasticsearch根目录下)# 数据目录位置 path.data: /data/elasticsearch/data # 日志目录位置 path.logs: /data/elasticsearch/logs 修改绑定的ip允许远程访问#默认只允许本机访问,修改为0.0.0.0后则可以远程访问 # 绑定到0.0.0.0,允许任何ip来访问 network.host: 0.0.0.0 初始化节点名称cluster.name: es node.name: es-node1 cluster.initial_master_nodes: ["es-node1"]开启xpack 认证功能# cd 到 elasticsearch文件夹下 # 创建一个证书颁发机构 #会要求输入密码直接回车即可 #执行完成之后会在bin目录的同级目录生成一个文件elastic-stack-ca.p12 ./bin/elasticsearch-certutil ca # 为节点生成证书和私钥 #会要求输入密码直接回车即可 #执行完成之后会在bin目录的同级目录生成一个文件elastic-certificates.p12 ./bin/elasticsearch-certutil cert --ca ./elastic-stack-ca.p12 # 移动到config/certs目录下 可以手动创建 mkdir config/certs mv *.p12 config/certs/xpack.security.enabled: true xpack.security.enrollment.enabled: true http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type xpack.security.http.ssl: enabled: false verification_mode: certificate keystore.path: certs/elastic-certificates.p12 truststore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/elastic-certificates.p12 truststore.path: certs/elastic-certificates.p12xpack 认证功能认证未开启会出现问题访问http://IP:9200/测试,页面无法加载,后台日志出现报错[2024-07-28T02:51:56,319][WARN ][o.e.h.n.Netty4HttpServerTransport] [es-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/192.168.124.16:9200, remoteAddress=/192.168.124.16:40472} [2024-07-28T02:52:05,731][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [es-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/192.168.124.16:9300, remoteAddress=/192.168.124.16:57560, profile=default} ^[[B^[[B^[[B[2024-07-28T03:03:25,366][WARN ][o.e.h.n.Netty4HttpServerTransport] [es-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/192.168.124.16:9200, remoteAddress=/192.168.124.16:40476}是因为ES8默认开启了 SSL 认证,解决办法1、使用 https 发送请求,需要完成https证书配置等,暂时跳过2、修改elasticsearch.yml配置文件将xpack.security.enabled设置为false[生产环境下不建议这么使用]cd /software/elasticsearch-8.14.3/conf/ vim elasticsearch.yml xpack.security.enabled: false再次重启访问访问即可正常切换用户启动测试# 目录授权 chown es:es -R /data/elasticsearch # 切换用户 su es cd /data/elasticsearch/elasticsearch-8.14.3/bin/ ./elasticsearch # -d 后台启动━ ✅ Elasticsearch security features have been automatically configured! ✅ Authentication is enabled and cluster connections are encrypted. ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`): ys42G-eSmGL*jqZF7iqL ❌ Unable to generate an enrollment token for Kibana instances, try invoking `bin/elasticsearch-create-enrollment-token -s kibana`. ❌ An enrollment token to enroll new nodes wasn't generated. To add nodes and enroll them into this cluster: • On this node: ⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`. ⁃ Restart Elasticsearch. • On other nodes: ⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.访问测试: http://172.21.58.47:9200/ 需要输入用户名和密码用户密码重置# 或者之前设置过忘记了,可以重新设置密码 ./bin/elasticsearch-reset-password -u elastic ./bin/elasticsearch-reset-password -u kibana3.Kibana部署3.1 源码部署下载源码包并解压下载地址:Download Kibana Free | Get Started Now | Elasticwget https://artifacts.elastic.co/downloads/kibana/kibana-8.14.3-linux-x86_64.tar.gz tar xzvf kibana-8.14.3-linux-x86_64.tar.gz mv kibana-8.14.3 /data/elasticsearch cd /data/elasticsearch/kibana-8.14.3/修改配置文件vim config/kibana.yml# 修改绑定的ip允许远程访问 server.host: "0.0.0.0" # Kibana汉化页面 i18n.locale: "zh-CN" # 配置 elasticsearch 登录用户 elasticsearch.username: "kibana" elasticsearch.password: "上面设置的密码"启动测试# 目录授权给es用户 chown es:es -R /data/elasticsearch/kibana-8.14.3/ # 通过es用户启动 su es cd /data/elasticsearch/kibana-8.14.3/ ./bin/kibana # 后台启动 nohup ./bin/kibana > /dev/null 2>&1 &访问测试http:// 172.21.58.47:5601/4.Logstash 部署4.1 源码部署下载源码包并解压下载地址:Download Logstash Free | Get Started Now | Elasticwget https://artifacts.elastic.co/downloads/logstash/logstash-8.14.3-linux-x86_64.tar.gz tar xzvf logstash-8.14.3-linux-x86_64.tar.gz mv logstash-8.14.3 /software/ cd /software/logstash-8.14.3参考资料Index of /Adoptium/8/jdk/x64/linux/ | 清华大学开源软件镜像站 | Tsinghua Open Source MirrorELK介绍、Elasticsearch单节点部署、Elasticsearch集群部署_systemctl 管理elsearch-CSDN博客[ES错误:max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]-CSDN博客](https://blog.csdn.net/weixin_43950568/article/details/122459088)[vm.max_map_count [65530] is too low 问题解决(Windows 10、WSL 2、Docker Desktop)_容器化vm.max map count [65530] istoo low-CSDN博客](https://blog.csdn.net/Pointer_v/article/details/112395425)ELasticsearch基本使用——基础篇_elasticsearch使用-CSDN博客Elasticsearch 8.0报错:received plaintext http traffic on an https channel, closing connection_closing connection -1-CSDN博客ES 8.x 系列教程:ES 8.0 服务安装(可能是最详细的ES 8教程)-阿里云开发者社区 (aliyun.com)【ES三周年】吊打ElasticSearch和Kibana(入门保姆级教程-2)-腾讯云开发者社区-腾讯云 (tencent.com)SpringBoot整合Logstash,实现日志统计_springboot 整合 logstash-CSDN博客Logstash 安装与部署(无坑版)-腾讯云开发者社区-腾讯云 (tencent.com)
-
Docker build时Sending build context to Docker daemon过大 1.现象描述执行服务发布构建镜像时候发现构建很慢,一直卡在下面的Sending build context to Docker daemonSending build context to Docker daemon 4.309 GB原因:docker client会默认把Dockerfile同级所有文件发给docker Deamon中,因为目录下有备份的很多jar包,导致累计起来越来越慢。2.解决办法使用.dockerignore文件,设置黑名单,该文件包含的目录不会被发送到Docker daemon中将Dockerfile迁移后其他目录中执行。参考资料【docker】解决Docker build时 Sending build context to Docker daemon 过大的问题_sending build context to docker daemon很大-CSDN博客关于Sending build context to Docker daemon 数据很大的问题 - 我为什么要写这个 - 博客园 (cnblogs.com)
-
ELK环境搭建-Kibana 0.前置条件0.1 安装jdk8下载安装包wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/8/jdk/x64/linux/OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz解压并移动到目标路径tar xzvf OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz mv jdk8u422-b05 jdk8 mv jdk8 /software/配置环境变量 vim ~/.bashrcexport JAVA_HOME=/software/jdk8 export PATH=$PATH:$JAVA_HOME/bin source ~/.bashrc验证[root@localhost ~]# java -version1.源码部署1.1 下载源码包并解压下载地址:Download Kibana Free | Get Started Now | Elasticwget https://artifacts.elastic.co/downloads/kibana/kibana-8.14.3-linux-x86_64.tar.gz tar xzvf kibana-8.14.3-linux-x86_64.tar.gz mv kibana-8.14.3 /software/ cd /software/kibana-8.14.3/1.2 修改配置文件vim config/kibana.yml修改绑定的ip允许远程访问server.host: "0.0.0.0"Kibana汉化页面i18n.locale: "zh-CN"1.3 启动测试# 目录授权给es用户 chown es:es -R /software/kibana-8.14.3/ # 通过es用户启动 su es ./kibana1.4 访问测试http://192.168.124.16:5601/1.5 连接Elasticsearchvim config/kibana.yml修改连接es的配置elasticsearch.hosts: ["http://localhost:9200"]重启kibana并通过控制台的开发工具进行连接es测试# 创建索引 PUT /my-index # 添加文档(数据)到my-index索引 POST /my-index/_doc { "id": "park_rocky-mountain", "title": "Rocky Mountain", "description": "Bisected north to south by the Continental Divide, this portion of the Rockies has ecosystems varying from over 150 riparian lakes to montane and subalpine forests to treeless alpine tundra." } # 在my-index索引中搜索数据 GET /my-index/_search?q="rocky mountain"1.5通过分析-Discover查看创建的索引和执行搜索功能参考资料ELK介绍、Elasticsearch单节点部署、Elasticsearch集群部署_systemctl 管理elsearch-CSDN博客【ES三周年】吊打ElasticSearch和Kibana(入门保姆级教程-2)-腾讯云开发者社区-腾讯云 (tencent.com)
-
ELK环境搭建-Elasticsearch 0.前置条件0.1 安装jdk8下载安装包wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/8/jdk/x64/linux/OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz解压并移动到目标路径tar xzvf OpenJDK8U-jdk_x64_linux_hotspot_8u422b05.tar.gz mv jdk8u422-b05 jdk8 mv jdk8 /software/配置环境变量 vim ~/.bashrcexport JAVA_HOME=/software/jdk8 export PATH=$PATH:$JAVA_HOME/bin source ~/.bashrc验证[root@localhost ~]# java -version1.源码部署[单节点]1.1下载源码包并解压下载地址:https://www.elastic.co/cn/downloads/elasticsearchhttps://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-linux-x86_64.tar.gz tar xzvf elasticsearch-8.14.3-linux-x86_64.tar.gz mv elasticsearch-8.14.3 /software/ cd /software/elasticsearch-8.14.3/1.2 修改配置文件cd config/ vim elasticsearch.yml修改数据和日志目录(这里可以不用修改,如果不修改,默认放在elasticsearch根目录下)# 数据目录位置 path.data: /xxxx/elasticsearch/data # 日志目录位置 path.logs: /xxxx/elasticsearch/logs 修改绑定的ip允许远程访问#默认只允许本机访问,修改为0.0.0.0后则可以远程访问 # 绑定到0.0.0.0,允许任何ip来访问 network.host: 0.0.0.0 初始化节点名称cluster.name: es node.name: es-node1 cluster.initial_master_nodes: ["es-node1"]1.3 启动测试cd bin [root@localhost bin]# ./elasticsearch warning: ignoring JAVA_HOME=/software/jdk8; using bundled JDK Jul 28, 2024 12:07:26 AM sun.util.locale.provider.LocaleProviderAdapter <clinit> WARNING: COMPAT locale provider will be removed in a future release [2024-07-28T00:07:26,940][INFO ][o.e.n.NativeAccess ] [localhost.localdomain] Using [jdk] native provider and native methods for [Linux] [2024-07-28T00:07:26,953][ERROR][o.e.b.Elasticsearch ] [localhost.localdomain] fatal exception while booting Elasticsearchjava.lang.RuntimeException: can not run elasticsearch as root at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.initializeNatives(Elasticsearch.java:286) at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.initPhase2(Elasticsearch.java:169) at org.elasticsearch.server@8.14.3/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:74) See logs for more details. ERROR: Elasticsearch did not exit normally - check the logs at /software/elasticsearch-8.14.3/logs/elasticsearch.log ERROR: Elasticsearch died while starting up, with exit code 1出现症状 :无法已root用户启动,解决办法创建用户并进行目录授权# 创建用户 useradd es # 目录授权 chown es:es -R /software/elasticsearch-8.14.3/ # 切换用户 su es再次启动# 再次启动 cd /software/elasticsearch-8.14.3/bin/ ./elasticsearch再次启动报错[2024-07-28T02:28:31,731][ERROR][o.e.b.Elasticsearch ] [es-node1] node validation exception [2] bootstrap checks failed. You must address the points described in the following [2] lines before starting Elasticsearch. For more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/bootstrap-checks.html] bootstrap check failure [1] of [2]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/_file_descriptor_check.html] bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.14/_maximum_map_count_check.html] ERROR: Elasticsearch did not exit normally - check the logs at /software/elasticsearch-8.14.3/logs/es.log [2024-07-28T02:28:31,735][INFO ][o.e.n.Node ] [es-node1] stopping ... [2024-07-28T02:28:31,749][INFO ][o.e.n.Node ] [es-node1] stopped [2024-07-28T02:28:31,750][INFO ][o.e.n.Node ] [es-node1] closing ... [2024-07-28T02:28:31,756][INFO ][o.e.n.Node ] [es-node1] closed [2024-07-28T02:28:31,758][INFO ][o.e.x.m.p.NativeController] [es-node1] Native controller process has stopped - no new native processes can be started ERROR: Elasticsearch died while starting up, with exit code 78针对max file descriptors [4096] for elasticsearch process is too low# 在root用户下追加配置 vim /etc/security/limits.conf # 配置内容 *表示所有用户生效 * soft nofile 65536 * hard nofile 65536 # 重启生效 reboot # 可使用命令查看是否生效 ulimit -H -n针对ax virtual memory areas vm.max_map_count [65530] is too low# 在root用户下追加配置 vim /etc/sysctl.conf # 配置内容 vm.max_map_count=262144 # 重启生效 reboot # 可使用命令查看是否生效 sysctl -p再次重启# 再次启动 cd /software/elasticsearch-8.14.3/bin/ ./elasticsearch访问http://192.168.124.16:9200/测试,页面无法加载,后台日志出现报错[2024-07-28T02:51:56,319][WARN ][o.e.h.n.Netty4HttpServerTransport] [es-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/192.168.124.16:9200, remoteAddress=/192.168.124.16:40472} [2024-07-28T02:52:05,731][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [es-node1] received plaintext traffic on an encrypted channel, closing connection Netty4TcpChannel{localAddress=/192.168.124.16:9300, remoteAddress=/192.168.124.16:57560, profile=default} ^[[B^[[B^[[B[2024-07-28T03:03:25,366][WARN ][o.e.h.n.Netty4HttpServerTransport] [es-node1] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/192.168.124.16:9200, remoteAddress=/192.168.124.16:40476}原因:是因为ES8默认开启了 SSL 认证,解决办法1、使用 https 发送请求,需要完成https证书配置等,暂时跳过2、修改elasticsearch.yml配置文件将xpack.security.enabled设置为false[生产环境下不建议这么使用]cd /software/elasticsearch-8.14.3/conf/ vim elasticsearch.yml xpack.security.enabled: false再次重启访问访问http://192.168.124.16:9200/测试(注意:请确认端口9200防火墙开放!){ "name": "es-node1", "cluster_name": "es", "cluster_uuid": "P_mYyZhLTy2CNOFOxmwItw", "version": { "number": "8.14.3", "build_flavor": "default", "build_type": "tar", "build_hash": "d55f984299e0e88dee72ebd8255f7ff130859ad0", "build_date": "2024-07-07T22:04:49.882652950Z", "build_snapshot": false, "lucene_version": "9.10.0", "minimum_wire_compatibility_version": "7.17.0", "minimum_index_compatibility_version": "7.0.0" }, "tagline": "You Know, for Search" }参考资料ELK介绍、Elasticsearch单节点部署、Elasticsearch集群部署_systemctl 管理elsearch-CSDN博客[ES错误:max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]-CSDN博客](https://blog.csdn.net/weixin_43950568/article/details/122459088)[vm.max_map_count [65530] is too low 问题解决(Windows 10、WSL 2、Docker Desktop)_容器化vm.max map count [65530] istoo low-CSDN博客](https://blog.csdn.net/Pointer_v/article/details/112395425)ELasticsearch基本使用——基础篇_elasticsearch使用-CSDN博客Elasticsearch 8.0报错:received plaintext http traffic on an https channel, closing connection_closing connection -1-CSDN博客ES 8.x 系列教程:ES 8.0 服务安装(可能是最详细的ES 8教程)-阿里云开发者社区 (aliyun.com)【ES三周年】吊打ElasticSearch和Kibana(入门保姆级教程-2)-腾讯云开发者社区-腾讯云 (tencent.com)
-
docker安装Immich-一款开源高性能的自托管照片和视频备份方案 1.下载docker镜像docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/immich-app/immich-server:v1.110.0 docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/immich-app/immich-server:v1.110.0 ghcr.io/immich-app/immich-server:v1.110.0 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/immich-app/immich-machine-learning:v1.110.0 docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/immich-app/immich-machine-learning:v1.110.0 ghcr.io/immich-app/immich-machine-learning:v1.110.0 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/redis:7.2-alpine docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/redis:7.2-alpine docker.io/redis:7.2-alpine docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 2. 准备docker-compose文件docker-compose.yml# # WARNING: Make sure to use the docker-compose.yml of the current release: # # https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml # # The compose file on main may not be compatible with the latest release. # name: immich services: immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} # extends: # file: hwaccel.transcoding.yml # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding volumes: # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env ports: - 2283:3001 depends_on: - redis - database restart: always immich-machine-learning: container_name: immich_machine_learning # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag. # Example tag: ${IMMICH_VERSION:-release}-cuda image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration # file: hwaccel.ml.yml # service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable volumes: - model-cache:/cache env_file: - .env restart: always redis: container_name: immich_redis image: docker.io/redis:7.2-alpine healthcheck: test: redis-cli ping || exit 1 restart: always database: container_name: immich_postgres image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} POSTGRES_INITDB_ARGS: '--data-checksums' volumes: # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file - ${DB_DATA_LOCATION}:/var/lib/postgresql/data healthcheck: test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 interval: 5m start_interval: 30s start_period: 5m command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"] restart: always volumes: model-cache:.env# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables # The location where your uploaded files are stored UPLOAD_LOCATION=./library # The location where your database files are stored DB_DATA_LOCATION=./postgres # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List # TZ=Etc/UTC # The Immich version to use. You can pin this to a specific version like "v1.71.0" IMMICH_VERSION=v1.110.0 # Connection secret for postgres. You should change it to a random password DB_PASSWORD=postgres # The values below this line do not need to be changed ################################################################################### DB_USERNAME=postgres DB_DATABASE_NAME=immich3.启动服务docker-compose up -d4. 访问测试IP:2283参考资料Docker Compose [Recommended] | Immich【Docker项目实战】Docker环境下部署immich照片管理系统-腾讯云开发者社区-腾讯云 (tencent.com)Immich - 手机自动备份照片视频到 NAS!开源自部署私有云相册 (替代群晖谷歌) - 异次元软件下载 (iplaysoft.com)
-
Cloudflare Workers 搭建 Docker镜像加速服务 1.将域名托管到Cloudflare网站地址:https://dash.cloudflare.com/按指示步骤完成操作即可2.新建 workers在左侧 workers and pages,然后新建,名字随便起。没有过多的配置,直接完成!3.编辑代码点击右上角的编辑代码,进入3.1 新建 index.html如果所示,代码里面的docker.xxoo.team请替换成你自己的域名。<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>镜像使用说明</title> <style> body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0; padding: 0; background-color: #f0f2f5; display: flex; flex-direction: column; min-height: 100vh; } .header { background: linear-gradient(90deg, #4e54c8 0%, #8f94fb 100%); color: white; text-align: center; padding: 20px 0; } .container { flex: 1; display: flex; justify-content: center; align-items: center; padding: 20px; } .content { background: white; border-radius: 8px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); padding: 20px; max-width: 800px; /* 调整后的宽度 */ width: 100%; font-size: 16px; /* 放大字体 */ } .code-block { background: #2d2d2d; color: #f8f8f2; padding: 10px; border-radius: 8px; margin: 10px 0; overflow-x: auto; font-family: "Courier New", Courier, monospace; /* 保持代码块的字体 */ } .footer { background: #444; color: white; text-align: center; padding: 5px 0; /* 调低高度 */ } .footer a { color: #4caf50; text-decoration: none; } @media (max-width: 600px) { .content { padding: 10px; font-size: 14px; /* 在小屏幕上稍微减小字体 */ } } </style> </head> <body> <div class="header"> <h1>镜像使用说明</h1> </div> <div class="container"> <div class="content"> <p>要设置加速镜像服务,你可以执行下面命令:</p> <div class="code-block"> <pre> sudo tee /etc/docker/daemon.json <<EOF { "registry-mirrors": ["https://docker.xxoo.team"] } EOF </pre> </div> <p>如果执行了上述命令,配置了镜像加速服务,可以直接 pull 镜像:</p> <div class="code-block"> <pre> docker pull halohub/halo:latest # 拉取 halo 镜像 </pre> </div> <p>因为Workers用量有限,在使用加速镜像服务时,你可以手动 pull 镜像然后 re-tag 之后 push 至本地镜像仓库:</p> <div class="code-block"> <pre> docker pull docker.xxoo.team/halohub/halo:latest # 拉取 halo 镜像 </pre> </div> </div> </div> <div class="footer"> <p>Powered by Cloudflare Workers</p> <p><a href="https://www.xxoo.team">www.xxoo.team</a></p> </div> </body> </html>3.2 修改 worker.jsimport HTML from './index.html'; export default { async fetch(request) { const url = new URL(request.url); const path = url.pathname; const originalHost = request.headers.get("host"); const registryHost = "registry-1.docker.io"; if (path.startsWith("/v2/")) { const headers = new Headers(request.headers); headers.set("host", registryHost); const registryUrl = `https://${registryHost}${path}`; const registryRequest = new Request(registryUrl, { method: request.method, headers: headers, body: request.body, redirect: "follow", }); const registryResponse = await fetch(registryRequest); console.log(registryResponse.status); const responseHeaders = new Headers(registryResponse.headers); responseHeaders.set("access-control-allow-origin", originalHost); responseHeaders.set("access-control-allow-headers", "Authorization"); return new Response(registryResponse.body, { status: registryResponse.status, statusText: registryResponse.statusText, headers: responseHeaders, }); } else { return new Response(HTML.replace(/{{host}}/g, originalHost), { status: 200, headers: { "content-type": "text/html" } }); } } }修改完记得保存。4.部署+绑定域名直接弹出部署,不用填任何东西,即可系统默认分配的有域名,被墙无法访问,所以只能用自己的域名才行。绑定成功需要等待几分钟,访问你的域名,如果出现如下页面就完成!参考资料运维 - 白嫖Cloudflare Workers 搭建 Docker Hub镜像加速服务| - 个人文章 - SegmentFault 思否如何使用 Cloudflare Workers 自建 Docker 镜像代理 | 小王爷 (xiaowangye.org)通过 cloudflare 白嫖个人 docker 镜像加速服务_cloudflare docker-CSDN博客
-
Docker 安装Nexus3 1.拉取镜像docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/sonatype/nexus3:3.70.1 docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/sonatype/nexus3:3.70.1 docker.io/sonatype/nexus3:3.70.12.持久化目录配置mkdir -p /data/nexus-data chmod 777 -R /data/nexus-data3.启动docker run -d --name nexus3 -p 8081:8081 --restart always -v /data/nexus-data:/nexus-data docker.io/sonatype/nexus3:3.70.1查看日志-稍等一下,出现 Started Sonatype Nexus OSS 表示启动好了。docker logs -f nexus3024-08-13 14:20:27,770+0000 INFO [quartz-10-thread-1] *SYSTEM org.sonatype.nexus.quartz.internal.task.QuartzTaskInfo - Task 'Metric aggregation' [content.usage.aggregation] state change RUNNING -> WAITING (OK) 2024-08-13 14:20:30,909+0000 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.siesta.SiestaServlet - Initialized 2024-08-13 14:20:30,918+0000 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Initialized 2024-08-13 14:20:30,993+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.w.WebAppContext@3942aeab{Sonatype Nexus,/,null,AVAILABLE} 2024-08-13 14:20:31,132+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.AbstractConnector - Started ServerConnector@3103ceb8{HTTP/1.1, (http/1.1)}{0.0.0.0:8081} 2024-08-13 14:20:31,133+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.Server - Started @246168ms 2024-08-13 14:20:31,134+0000 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - ------------------------------------------------- Started Sonatype Nexus OSS 3.70.1-024.访问测试安装完成后可访问管理平台:http://ip:8081默认管理员用户名:admin 密码:admin123,如果提示密码不对,需要到容器里面查看管理员admin密码cat /data/nexus-data/admin.password参考资料docker.io/sonatype/nexus3 项目中国可用镜像列表 | 高速可靠的 Docker 镜像资源 (aityp.com)渡渡鸟镜像同步站 (aityp.com)Docker 安装Nexus3 快速搭建Maven私有仓库 (完整详细版)-CSDN博客Download (sonatype.com)
-
HE Tunnel Broker:ipv4服务器增加ipv6隧道 0.背景国内包括腾讯、阿里等轻量云及弹性云服务器产品都不提供 IPv6 地址或提供地址但不提供 IPv6 网关转发支持。如阿里云 ECS,默认不支持 IPv6,但 IPv6 CIDR 分配、VPC、VNIC 绑定等均可顺利完成,唯独需配置(购买)IPv6 网关带宽才能开启完整的 IPv6 功能,此处不做评价。既然如此,我们不妨使用 HE(Hurricane Electric)的 IPv6 隧道服务(tunnelbroker),获得近乎无穷的 IPv6 地址的同时还建立了一条专用的跨洲隧道。即使在 HE IP 大量被“认证”的今天,HE ipv6 tunnel 也是不可多得的优质免费服务,既可以访问外网,也可以用于内网穿透发布内网服务。1.简介Hurricane Electric (简称:HE) 是一家位于美国的全球互联网服务提供商。该公司运营了世界上以对等数最大 IPv6 网络,同时也提供免费的 IPv6 隧道服务,其隧道服务可以追溯到 2001 年。虽然经过多年的发展 IPv6 已经相当普及,但依然还是有部分 VPS 商家由于各种各样的原因没有给 VPS 标配 IPv6 地址,有的需要加钱、有的甚至不给加钱。如果此时有访问 IPv6 网络的需求,就可以接入 HE Tunnel Broker 提供的 IPv6 隧道免费给 IPv4 VPS 主机添加公网 IPv6 地址来获得 IPv6 网络的访问能力。2.创建 Tunnel Broker IPv6 隧道注册 Tunnel Broker 账号:Hurricane Electric Free IPv6 Tunnel Broker点击左侧的Create Regular Tunnel(创建常规隧道)输入 VPS 的公网 IP 地址根据 VPS 的位置选择一个合适的节点页面拉到最下方,点击Create Tunnel(创建隧道)在 Tunnel Details 页面可以看到创建的 IPv6 隧道的详细信息,其中 Client IPv6 Address 是申请到公网 IPv6 地址。3.获取配置示例在 Tunnel Details 页面有个 Example Configuration 选项卡,在这里你可以选择合适的配置示例。就比如这里有 Debian/Ubuntu 的 interfaces 配置文件示例:只要基于 Debian 的发行版和使用 interfaces 配置文件的系统理论上都可以使用。其它不兼容的发行版则可以使用 Linux-net-tools 或 Linux-route2 示例手动输入命令。这里使用的是Linux-net-tools版本进行配置,直接输入对应的命令执行完即可。ifconfig sit0 up ifconfig sit0 inet6 tunnel ::66.220.18.42 ifconfig sit1 up ifconfig sit1 inet6 add 2001:xxxxxa6::2/64 route -A inet6 add ::/0 dev sit14.测试效果通过ip a命令可以查看到配置的对应的IP19: sit0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 inet6 ::10.147.17.193/96 scope global valid_lft forever preferred_lft forever inet6 ::172.17.0.1/96 scope global valid_lft forever preferred_lft forever inet6 ::172.20.245.117/96 scope global valid_lft forever preferred_lft forever inet6 ::127.0.0.1/96 scope host valid_lft forever preferred_lft forever 20: sit1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/sit 0.0.0.0 peer 66.220.18.42 inet6 2001:xxxx:c:3a6::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::a93:11c1/64 scope link valid_lft forever preferred_lft forever inet6 fe80::ac11:1/64 scope link valid_lft forever preferred_lft forever inet6 fe80::ac14:f575/64 scope link valid_lft forever preferred_lft foreverping测试(base) [root@aliyun vaultwarden]# ping6 2400:3200:baba::1 PING 2400:3200:baba::1(2400:3200:baba::1) 56 data bytes 64 bytes from 2400:3200:baba::1: icmp_seq=1 ttl=115 time=343 ms 64 bytes from 2400:3200:baba::1: icmp_seq=2 ttl=115 time=402 ms 64 bytes from 2400:3200:baba::1: icmp_seq=3 ttl=115 time=442 ms 64 bytes from 2400:3200:baba::1: icmp_seq=4 ttl=115 time=407 ms 64 bytes from 2400:3200:baba::1: icmp_seq=5 ttl=115 time=313 ms5.配置优先使用 IPv4 网络默认情况下 IPv6 网络优先级会高于 IPv4 ,为了防止 IPv6 隧道拖慢 VPS 的正常网速,可以设置优先使用 IPv4 网络。同时也能减轻了对 HE Tunnel Broker 节点的网络压力,合理使用宝贵的免费资源。编辑 /etc/gai.conf 文件,在末尾添加下面这行配置:precedence ::ffff:0:0/96 100一键添加命令如下:echo 'precedence ::ffff:0:0/96 100' | sudo tee -a /etc/gai.conf完事执行 curl ip.p3terx.com 命令,显示 VPS 的 IPv4 地址则代表成功。参考资料【VPS教程】Debian 12使用HE.NET配置IPV6 - Crzax的博客-Crzax的博客 (zsfirst.top)tunnelbroker注册网站申请ipv6过程 - 简书 (jianshu.com)HE Tunnel Broker 教程:IPv4 VPS 服务器免费添加公网 IPv6 地址 - P3TERX ZONE配置HE隧道服务获取无穷IPv6地址、内网穿透、外网访问 - 老E的博客 (appscross.com)
-
CenterOS7安装配置redis 1.安装gcc环境判断是否安装了gcc环境gcc --version如果GCC已安装,此命令将输出GCC的版本信息。如果未安装,您将看到类似于“command not found”的信息。下载安装gcc环境yum install -y gcc tcl2.下载redis下载地址: https://download.redis.io/releases/wget https://download.redis.io/releases/redis-7.2.5.tar.gz tar xzvf redis-7.2.5.tar.gz3.编译安装cd redis-7.2.5 make && make install验证是否安装成功ll /usr/local/bin/redis*4.修改启动配置文件mkdir /etc/redis cd redis-7.2.5 cp redis.conf /etc/redis/ vim /etc/redis/redis.conf常用配置# 是否以守护进程启动 默认:no daemonize no # 用于设置Redis绑定的网络接口(网卡)。如果不配置bind,默认情况下Redis监听所有可用的网卡,redis只接受来自绑定网络接口的请求。 # Redis的配置文件中一般默认有bind 127.0.0.1,只允许本地连接,如果想要被远程访问注释掉bind配置或者bind外网ip即可。 bind 192.168.124.16 # redis服务端口 默认:6379 port 6379 # 日志级别配置 默认:notice ## debug:能设置的最高的日志级别,打印所有信息,包括debug信息。 ## verbose:打印除了debug日志之外的所有日志。 ## notice:打印除了debug和verbose级别的所有日志。 ## warning:仅打印非常重要的信息。 loglevel notice # 日志文件输出路径配置 ## 该路径默认为空。可以根据自己需要把日志文件输出到指定位置。 logfile "" # 连接密码配置 默认无密码 requirepass 1234565.启动redis测试 redis-server /etc/redis/redis.conf连接测试[root@localhost redis]# redis-cli -h 127.0.0.1 -p 6379 127.0.0.1:6379> auth redis (error) WRONGPASS invalid username-password pair or user is disabled. 127.0.0.1:6379> auth 123456 OK 127.0.0.1:6379> set k1 v1 OK 127.0.0.1:6379> get k1 "v1"开放防火墙firewall-cmd --add-port=6379/tcp --permanent firewall-cmd --reload远程连接测试redis-cli -h 192.168.124.16 -p 6379 192.168.124.16:6379> auth 123456 OK 192.168.124.16:6379> set k2 v2 OK 192.168.124.16:6379> get k2 "v2"6.配置开机启动vim /etc/systemd/system/redis.service[Unit] Description=redis-server After=network.target [Service] Type=simple ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf PrivateTmp=true [Install] WantedBy=multi-user.target systemctl daemon-reload systemctl start redis systemctl status redis systemctl enable redis参考资料CentOS 7下载安装Redis(超详细,亲测可行)_centos7 redis-CSDN博客Redis常用配置详解_redis配置-CSDN博客Redis 6.0 访问控制列表ACL说明(有这篇就够了)_redis6提示不支持acl-CSDN博客确定Redis每一两分钟收到一次SIGTERM的原因-腾讯云开发者社区-腾讯云 (tencent.com)
-
CenterOS7手动安装gitlab 1.准备工作gitlab的安装,需要依赖相关组件,主要有policycoreutils-pythonopensshpostfix实测默认的centerOS7上都已经安装了1.1 检查policycoreutils-python是否安装[root@localhost .jenkins]# rpm -qa|grep policycoreutils-python policycoreutils-python-2.5-34.el7.x86_641.2 检查openssh是否安装[root@localhost .jenkins]# rpm -qa|grep openssh openssh-clients-7.4p1-23.el7_9.x86_64 openssh-7.4p1-23.el7_9.x86_64 openssh-server-7.4p1-23.el7_9.x86_641.3 检查postfix是否安装[root@localhost .jenkins]# rpm -qa|grep postfix postfix-2.10.1-9.el7.x86_642.下载gitlab安装包从gitlab官网地址中下载:https://packages.gitlab.com/gitlab/gitlab-ce,选择适用于CentOS7的el/7版本进行下载。wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-16.6.8-ce.0.el7.x86_64.rpm/download.rpm镜像站下载地址:https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-17.1.1-ce.0.el7.x86_64.rpm3.安装gitlabrpm -i gitlab-ce-17.1.1-ce.0.el7.x86_64.rpm当出现以下内容提示,说明gitlab安装成功;warning: gitlab-ce-17.1.1-ce.0.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID f27eab47: NOKEY It looks like GitLab has not been configured yet; skipping the upgrade script. *. *. *** *** ***** ***** .****** ******* ******** ******** ,,,,,,,,,***********,,,,,,,,, ,,,,,,,,,,,*********,,,,,,,,,,, .,,,,,,,,,,,*******,,,,,,,,,,,, ,,,,,,,,,*****,,,,,,,,,. ,,,,,,,****,,,,,, .,,,***,,,, ,*,. _______ __ __ __ / ____(_) /_/ / ____ _/ /_ / / __/ / __/ / / __ `/ __ \ / /_/ / / /_/ /___/ /_/ / /_/ / \____/_/\__/_____/\__,_/_.___/ Thank you for installing GitLab! GitLab was unable to detect a valid hostname for your instance. Please configure a URL for your GitLab instance by setting `external_url` configuration in /etc/gitlab/gitlab.rb file. Then, you can start your GitLab instance by running the following command: sudo gitlab-ctl reconfigure For a comprehensive list of configuration options please see the Omnibus GitLab readme https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md Help us improve the installation experience, let us know how we did with a 1 minute survey: https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=17-14.修改对外暴露的IP及端口修改/etc/gitlab/gitlab.rb文件中的external_url,设置gitlab的登录地址;vim /etc/gitlab/gitlab.rb## GitLab URL ##! URL on which GitLab will be reachable. ##! For more details on configuring external_url see: ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab ##! ##! Note: During installation/upgrades, the value of the environment variable ##! EXTERNAL_URL will be used to populate/replace this value. ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP ##! address from AWS. For more details, see: ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html external_url 'http://192.168.124.17:8080'重新加载配置gitlab-ctl reconfigure #重新生成相关配置文件,执行此命令时间比较长5.启动GitLab# 关闭防火墙 也可以自行开放端口 systemctl stop firewalld # 开放端口号 firewall-cmd --zone=public --add-port=8080/tcp --permanent # 重启防火墙 systemctl restart firewalld# 重启gitlab gitlab-ctl restart启动日志ok: run: alertmanager: (pid 6113) 1s ok: run: gitaly: (pid 6122) 1s ok: run: gitlab-exporter: (pid 6137) 0s ok: run: gitlab-kas: (pid 6148) 1s ok: run: gitlab-workhorse: (pid 6156) 0s ok: run: logrotate: (pid 6166) 0s ok: run: nginx: (pid 6172) 1s ok: run: node-exporter: (pid 6178) 0s ok: run: postgres-exporter: (pid 6183) 1s ok: run: postgresql: (pid 6193) 0s ok: run: prometheus: (pid 6202) 0s ok: run: puma: (pid 6212) 0s ok: run: redis: (pid 6217) 0s ok: run: redis-exporter: (pid 6224) 0s ok: run: sidekiq: (pid 6235) 0s访问测试:http://192.168.124.17:8080502问题定位:端口冲突导致的vim /etc/gitlab/gitlab.rb找到如下内容### Advanced settings # puma['listen'] = '127.0.0.1' # puma['port'] = 8080 # puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' # puma['somaxconn'] = 2048修改为### Advanced settings puma['listen'] = '127.0.0.1' puma['port'] = 8008 # puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' # puma['somaxconn'] = 2048重新配置启动#重新生成相关配置文件,执行此命令时间比较长 gitlab-ctl reconfigure # 重启gitlab gitlab-ctl restart再次访问测试:http://192.168.124.17:8080/6. 配置gitlab开机自动启动systemctl enable gitlab-runsvdir.service systemctl start gitlab-runsvdir.service # 关闭gitlab的自动启动命令: systemctl disable gitlab-runsvdir.service参考资料Index of /gitlab-ce/yum/el7/ | 清华大学开源软件镜像站 | Tsinghua Open Source Mirrorcentos 7离线安装中文版GitLab - 小破孩楼主 - 博客园 (cnblogs.com)CentOS7离线搭建GitLab_在centos7上离线安装gitlab-CSDN博客linux中安装Gitlab服务器后登录报错502解决办法(图文结合)_linux安装gitlab后502-CSDN博客
