docker + nginx

docker pull nginx

docker run --name nginx --rm -p 80:80 -d nginx

docker stop nginx

docker exec nginx whereis nginx

docker exec nginx ls /etc/nginx

docker cp nginx:/etc/nginx/nginx.conf ~/nginx

yum install -y tree

docker exec nginx ls /etc/nginx/conf.d

docker cp nginx:/etc/nginx/conf.d ~/nginx/conf.d

docker run --name nginx -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx

docker stop nginx

docker run --name nginx --rm -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    nginx

curl -o /etc/yum.repos.d/epel-7.repo https://mirrors.aliyun.com/repo/epel-7.repo

yum install -y certbot

pip install --upgrade --force-reinstall 'requests==2.6.0' urllib3

certbot certonly -d *.adsryen.cn -d adsryen.cn --manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory

Please deploy a DNS TXT record under the name
_acme-challenge.adsryen.cn with the following value:

2_F8ljNNjU_P6_fUVpaaB0A3QprSIiA4ODWvd77HFnQ

Before continuing, verify the record is deployed.

Please deploy a DNS TXT record under the name
_acme-challenge.adsryen.cn with the following value:

Lwb2Ef3Fch7YFyG7iWDTRanoP3AyuUiYYgIIckCzGcQ

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

find / -type f -name ".certbot.lock" -exec rm {} \;

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/adsryen.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/adsryen.cn/privkey.pem
   Your cert will expire on 2020-02-27. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[root@adsryen nginx]# tree /etc/letsencrypt
/etc/letsencrypt
├── accounts
│   └── acme-v02.api.letsencrypt.org
│       └── directory
│           └── 4a7ed3e412c035edcf077438d642b1e7
│               ├── meta.json
│               ├── private_key.json
│               └── regr.json
├── archive
│   └── adsryen.cn
│       ├── cert1.pem
│       ├── chain1.pem
│       ├── fullchain1.pem
│       └── privkey1.pem
├── csr
│   ├── 0000_csr-certbot.pem
│   └── 0001_csr-certbot.pem
├── keys
│   ├── 0000_key-certbot.pem
│   └── 0001_key-certbot.pem
├── live
│   ├── README
│   └── adsryen.cn
│       ├── cert.pem -> ../../archive/adsryen.cn/cert1.pem
│       ├── chain.pem -> ../../archive/adsryen.cn/chain1.pem
│       ├── fullchain.pem -> ../../archive/adsryen.cn/fullchain1.pem
│       ├── privkey.pem -> ../../archive/adsryen.cn/privkey1.pem
│       └── README
├── renewal
│   └── adsryen.cn.conf
└── renewal-hooks
    ├── deploy
    ├── post
    └── pre

15 directories, 18 files

crontab -e

00 01 01 * * sudo /usr/bin/certbot renew --quiet && sudo docker restart nginx

server {
    listen       80;
    server_name  adsryen.cn www.adsryen.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  adsryen.cn www.adsryen.cn;
    
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

docker run --name nginx --rm -d -p 80:80 -p 443:443 \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx

bark

docker run --name bark -dt -p 8888:8080 --restart=always \
    -v ~/bark/data:/data \
    finab/bark-server

curl http://0.0.0.0:8888/ping

server {
    listen       80;
    server_name  bark.adsryen.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  bark.adsryen.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  location / {
      proxy_pass http://172.16.166.99:8888;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}

docker restart nginx

curl https://bark.adsryen.cn/ping

webhook

docker pull hongkongkiwi/webhook

docker run -d -p 9000:9000 --name=webhook --restart=always \
	-v ~/webhook:/etc/webhook \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v /usr/bin/docker:/usr/bin/docker \
  hongkongkiwi/webhook -verbose -hooks=/etc/webhook/hooks.json -hotreload

[
  {
    "id": "query",
    "execute-command": "/etc/webhook/query.sh",
    "command-working-directory": "/etc/webhook",
    "response-message": "webhook.adsryen.cn received successfully!"
  }
]

hooks.json

#! /bin/sh

curl -i -X GET \
 "https://sc.ftqq.com/SCU67099T95840f46f3bad01fae1c893c968be0e25dd94acd8217a.send?text=%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8F%88%E5%8F%91%E6%9D%A5%E6%96%B0%E6%B6%88%E6%81%AF%E5%95%A6!&desp=%E6%AC%A2%E8%BF%8E%E8%AE%BF%E9%97%AE%5B%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99%5D(https%3A%2F%2Fblob.adsryen.cn%3FtokenId%3D$(uuidgen))%2C%E8%AF%B7%E5%85%B3%E6%B3%A8%E5%BE%AE%E4%BF%A1%E5%85%AC%E4%BC%97%E5%8F%B7%3A%E3%80%8C+%E9%9B%AA%E4%B9%8B%E6%A2%A6%E6%8A%80%E6%9C%AF%E9%A9%BF%E7%AB%99+%E3%80%8D+!%5Bwechat%3Aadsryen%5D(https%3A%2F%2Fgitbook.prlrr.com%2Fadsryen-wechat-public.jpeg)"

query.sh

chmod +x query.sh

curl http://0.0.0.0:9000/hooks/query

curl https://webhook.adsryen.cn/hooks/query

server {
    listen       80;
    server_name  webhook.adsryen.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  webhook.adsryen.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  
  location / {
      proxy_pass http://172.16.166.99:9000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}

docker restart nginx

curl https://webhook.adsryen.cn/hooks/query

blog

docker exec nginx whereis nginx

docker exec nginx ls /usr/share/nginx/html

docker cp nginx:/usr/share/nginx/html/index.html ~/blog

docker run --name blog -d -p 4000:80 --restart=always -v ~/blog:/usr/share/nginx/html nginx

server {
    listen       80;
    server_name  blog.adsryen.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  blog.adsryen.cn;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location / {
      proxy_pass http://172.16.166.99:4000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
}

docker restart nginx

curl https://blog.adsryen.cn

name: blog

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - uses: actions/setup-node@v1
      with:
        node-version: "12.x"
    - name: Build blog
      run: |
        npm install -g gitbook-cli
        gitbook install
        gitbook build 
    - name: Upload blog
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        KEY: ${{ secrets.KEY }}
      with:
        source: _book/*
        target: ~/blog
        rm: true
        strip_components: 1
    - name: Deploy blog
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        script: |
          docker restart blog

curl https://blog.adsryen.cn

server {
    listen       80;
    server_name  adsryen.cn www.adsryen.cn;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name  adsryen.cn www.adsryen.cn;
    
    location / {
      proxy_pass http://172.16.166.99:4000;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

docker stop nginx

docker run --name nginx -d -p 80:80 -p 443:443 --restart=always \
    -v ~/nginx/nginx.conf:/etc/nginx/nginx.conf \
    -v ~/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf \
    -v ~/nginx/logs:/var/log/nginx \
    -v /etc/letsencrypt:/etc/letsencrypt \
    nginx

curl https://adsryen.cn
curl https://www.adsryen.cn
curl https://blog.adsryen.cn

resume

docker exec nginx whereis nginx

docker exec nginx ls /usr/share/nginx/html

docker cp nginx:/usr/share/nginx/html/index.html ~/resume

docker run --name resume -d -p 1006:80 --restart=always -v ~/resume:/usr/share/nginx/html nginx

server {
    listen       80;
    server_name  resume.adsryen.cn;
    return 301 https://$server_name$request_uri;  
}

server {
  listen 443 ssl http2;
  server_name  resume.adsryen.cn;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/adsryen.cn/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/adsryen.cn/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  
  location / {
      proxy_pass http://172.16.166.99:1006;
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}

docker restart nginx

curl https://resume.adsryen.cn

name: resume.adsryen.cn

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Upload resume
      uses: appleboy/scp-action@master
      env:
        HOST: ${{ secrets.HOST }}
        USERNAME: ${{ secrets.USERNAME }}
        KEY: ${{ secrets.KEY }}
      with:
        source: static,index.html,README.md,LICENSE
        target: /root/resume
        rm: true
    - name: Deploy resume
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        script: |
          docker restart resume

curl https://resume.adsryen.cn

上一页docker compose 下一页docker + blog

最后更新于2年前

这有帮助吗？