docker + nginx
docker pull nginx
docker run --name nginx --rm -p 80:80 -d nginx
docker stop nginx
docker exec nginx whereis nginx
docker exec nginx ls /etc/nginx
docker cp nginx:/etc/nginx/nginx.conf ~/nginx
yum install -y tree
docker exec nginx ls /etc/nginx/conf.d
docker cp nginx:/etc/nginx/conf.d ~/nginx/conf.d
docker run --name nginx -d -p 80:80 -p 443:443 \
-v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
-v ~/nginx/logs:/var/log/nginx \
-v /etc/letsencrypt:/etc/letsencrypt \
nginx
docker stop nginx
docker run --name nginx --rm -d -p 80:80 -p 443:443 \
-v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
-v ~/nginx/logs:/var/log/nginx \
nginx
curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo
yum install -y certbot
pip install --upgrade --force-reinstall 'requests==2.6.0' urllib3
certbot certonly -d *.adsryen.cn -d adsryen.cn --manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory
Please deploy a DNS TXT record under the name
_acme-challenge.adsryen.cn with the following value:
2_F8ljNNjU_P6_fUVpaaB0A3QprSIiA4ODWvd77HFnQ
Before continuing, verify the record is deployed.
Please deploy a DNS TXT record under the name
_acme-challenge.adsryen.cn with the following value:
Lwb2Ef3Fch7YFyG7iWDTRanoP3AyuUiYYgIIckCzGcQ
Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
find / -type f -name ".certbot.lock" -exec rm {} \;
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/adsryen.cn/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/adsryen.cn/privkey.pem
Your cert will expire on 2020-02-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[root@adsryen nginx]# tree /etc/letsencrypt
/etc/letsencrypt
├── accounts
│ └── acme-v02.api.letsencrypt.org
│ └── directory
│ └── 4a7ed3e412c035edcf077438d642b1e7
│ ├── meta.json
│ ├── private_key.json
│ └── regr.json
├── archive
│ └── adsryen.cn
│ ├── cert1.pem
│ ├── chain1.pem
│ ├── fullchain1.pem
│ └── privkey1.pem
├── csr
│ ├── 0000_csr-certbot.pem
│ └── 0001_csr-certbot.pem
├── keys
│ ├── 0000_key-certbot.pem
│ └── 0001_key-certbot.pem
├── live
│ ├── README
│ └── adsryen.cn
│ ├── cert.pem -> ../../archive/adsryen.cn/cert1.pem
│ ├── chain.pem -> ../../archive/adsryen.cn/chain1.pem
│ ├── fullchain.pem -> ../../archive/adsryen.cn/fullchain1.pem
│ ├── privkey.pem -> ../../archive/adsryen.cn/privkey1.pem
│ └── README
├── renewal
│ └── adsryen.cn.conf
└── renewal-hooks
├── deploy
├── post
└── pre
15 directories, 18 files
crontab -e
00 01 01 * * sudo /usr/bin/certbot renew --quiet && sudo docker restart nginx
server {
listen 80;
server_name adsryen.cn www.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name adsryen.cn www.adsryen.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
docker run --name nginx --rm -d -p 80:80 -p 443:443 \
-v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
-v ~/nginx/logs:/var/log/nginx \
-v /etc/letsencrypt:/etc/letsencrypt \
nginx
bark
docker run --name bark -dt -p 8888:8080 --restart=always \
-v ~/bark/data:/data \
finab/bark-server
curl http://0.0.0.0:8888/ping
server {
listen 80;
server_name bark.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name bark.adsryen.cn;
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://172.16.166.99:8888;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
docker restart nginx
curl https://bark.adsryen.cn/ping
webhook
docker pull hongkongkiwi/webhook
docker run -d -p 9000:9000 --name=webhook --restart=always \
-v ~/webhook:/etc/webhook \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker \
hongkongkiwi/webhook -verbose -hooks=/etc/webhook/hooks.json -hotreload
[
{
"id": "query",
"execute-command": "/etc/webhook/query.sh",
"command-working-directory": "/etc/webhook",
"response-message": "webhook.adsryen.cn received successfully!"
}
]
hooks.json
#! /bin/sh
curl -i -X GET \
"https://sc.ftqq.com/SCU67099T95840f46f3bad01fae1c893c968be0e25dd94acd8217a.send?text=%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8F%88%E5%8F%91%E6%9D%A5%E6%96%B0%E6%B6%88%E6%81%AF%E5%95%A6!&desp=%E6%AC%A2%E8%BF%8E%E8%AE%BF%E9%97%AE%5B%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99%5D(https%3A%2F%2Fblob.adsryen.cn%3FtokenId%3D$(uuidgen))%2C%E8%AF%B7%E5%85%B3%E6%B3%A8%E5%BE%AE%E4%BF%A1%E5%85%AC%E4%BC%97%E5%8F%B7%3A%E3%80%8C+%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99+%E3%80%8D+!%5Bwechat%3Aadsryen%5D(https%3A%2F%2Fgitbook.prlrr.com%2Fadsryen-wechat-public.jpeg)"
query.sh
chmod +x query.sh
curl http://0.0.0.0:9000/hooks/query
curl https://webhook.adsryen.cn/hooks/query
server {
listen 80;
server_name webhook.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name webhook.adsryen.cn;
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://172.16.166.99:9000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
docker restart nginx
curl https://webhook.adsryen.cn/hooks/query
blog
docker exec nginx whereis nginx
docker exec nginx ls /usr/share/nginx/html
docker cp nginx:/usr/share/nginx/html/index.html ~/blog
docker run --name blog -d -p 4000:80 --restart=always -v ~/blog:/usr/share/nginx/html nginx
server {
listen 80;
server_name blog.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name blog.adsryen.cn;
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://172.16.166.99:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
docker restart nginx
curl https://blog.adsryen.cn
name: blog
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: "12.x"
- name: Build blog
run: |
npm install -g gitbook-cli
gitbook install
gitbook build
- name: Upload blog
uses: appleboy/scp-action@master
env:
HOST: ${{ secrets.HOST }}
USERNAME: ${{ secrets.USERNAME }}
KEY: ${{ secrets.KEY }}
with:
source: _book/*
target: ~/blog
rm: true
strip_components: 1
- name: Deploy blog
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
docker restart blog
curl https://blog.adsryen.cn
server {
listen 80;
server_name adsryen.cn www.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name adsryen.cn www.adsryen.cn;
location / {
proxy_pass http://172.16.166.99:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
docker stop nginx
docker run --name nginx -d -p 80:80 -p 443:443 --restart=always \
-v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
-v ~/nginx/logs:/var/log/nginx \
-v /etc/letsencrypt:/etc/letsencrypt \
nginx
curl https://adsryen.cn
curl https://www.adsryen.cn
curl https://blog.adsryen.cn
resume
docker exec nginx whereis nginx
docker exec nginx ls /usr/share/nginx/html
docker cp nginx:/usr/share/nginx/html/index.html ~/resume
docker run --name resume -d -p 1006:80 --restart=always -v ~/resume:/usr/share/nginx/html nginx
server {
listen 80;
server_name resume.adsryen.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name resume.adsryen.cn;
ssl on;
ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://172.16.166.99:1006;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
docker restart nginx
curl https://resume.adsryen.cn
name: resume.adsryen.cn
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Upload resume
uses: appleboy/scp-action@master
env:
HOST: ${{ secrets.HOST }}
USERNAME: ${{ secrets.USERNAME }}
KEY: ${{ secrets.KEY }}
with:
source: static,index.html,README.md,LICENSE
target: /root/resume
rm: true
- name: Deploy resume
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.KEY }}
script: |
docker restart resume
curl https://resume.adsryen.cn
最后更新于