m

jljlpch · jljlpch · commit b56e52d58204 · 2017-11-24T16:04:23.000+08:00
diff --git a/04k8s(10.1.12.20-29)/09consul/00pull.sh b/04k8s(10.1.12.20-29)/09consul/00pull.sh
@@ -2,7 +2,6 @@
 # email:546711211@qq.com
 # qq group:573283836
 
-
 docker pull consul:0.9.1
 docker tag consul:0.9.1 10.1.12.61:5000/consul:0.9.1
 docker push 10.1.12.61:5000/consul:0.9.1
diff --git a/05k8s(192.168.0.20)/02nginxproxy/00readme.txt b/05k8s(192.168.0.20)/02nginxproxy/00readme.txt
@@ -5,11 +5,9 @@
 1、在192.168.0.20 建立nginx代理 
 
 
-
 2、每台机器加上http-proxy的指向
 
 
-
 3、yum 用不了，需要把yum源换成aliyun的http,同时把其中file协议换成http
 
 
diff --git a/05k8s(192.168.0.20)/02nginxproxy/98proxycp.sh b/05k8s(192.168.0.20)/02nginxproxy/98proxycp.sh
@@ -31,7 +31,7 @@ for ip in $NODE_IPS ;do
       echo "初始化$ip proxy..."
        Script=" 
           echo \" export http_proxy=http://192.168.0.20:85 \" >> /etc/profile
-          echo \" export https_proxy=https://192.168.0.20:443 \" >> /etc/profile         
+          #echo \" export https_proxy=https://192.168.0.20:443 \" >> /etc/profile 
           source /etc/profile
           curl www.google.cn
         "
@@ -40,5 +40,7 @@ for ip in $NODE_IPS ;do
 done
 
 
+
+
 #  echo  " export http_proxy=http://192.168.0.20:85 " >> /etc/profile
 #  source /etc/profile
diff --git a/05k8s(192.168.0.20)/02nginxproxy/CentOS-Base.repo b/05k8s(192.168.0.20)/02nginxproxy/CentOS-Base.repo
@@ -17,6 +17,7 @@ baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
         http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
 #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
 gpgcheck=1
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  
 #released updates 
@@ -27,6 +28,7 @@ baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
         http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
 #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
 gpgcheck=1
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  
 #additional packages that may be useful
@@ -37,6 +39,8 @@ baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
         http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
 #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
 gpgcheck=1
+#
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  
 #additional packages that extend functionality of existing packages
@@ -48,6 +52,7 @@ baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
 #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
 gpgcheck=1
 enabled=0
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  
 #contrib - packages by Centos Users
diff --git a/05k8s(192.168.0.20)/02nginxproxy/epel.repo b/05k8s(192.168.0.20)/02nginxproxy/epel.repo
@@ -6,7 +6,8 @@ baseurl=http://mirrors.aliyun.com/epel/7/$basearch
 failovermethod=priority
 enabled=1
 gpgcheck=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+ gpgkey=http://etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
  
 [epel-debuginfo]
 name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
diff --git a/05k8s(192.168.0.20)/02nginxproxy/nginx.conf b/05k8s(192.168.0.20)/02nginxproxy/nginx.conf
@@ -2,9 +2,8 @@ worker_processes 1;
 master_process off;
 #daemon off;
 #pid /var/run/nginx.pid;
-
 events {
-    worker_connections 768;
+  worker_connections 768;
 # multi_accept on;
 }
 
@@ -21,23 +20,14 @@ http {
 
     sendfile on;
     server {
+        #域名服务器
         resolver 202.120.2.100;
+        #监听本机端口，其它机器都指向本机的ip该端口上进行代理
         listen 85;
         location / {
             #proxy_pass http://$http_host$request_uri;
-            proxy_pass $scheme://$http_host$request_uri;
-            #proxy_pass http://mirrors.aliyun.com/epel/;
-        } 
-        location /epel/ {
-            proxy_pass http://mirrors.aliyun.com/epel/ ;
-        }
-        location /ubuntu/ {
-            proxy_pass http://mirrors.aliyun.com/ubuntu/ ;
-        }
-
-        location /centos/ {
-            proxy_pass http://mirrors.aliyun.com/centos/ ;
-        }       
+            proxy_pass $scheme://$http_host$request_uri;          
+        }         
     }
 
 }
diff --git a/doc/06springboot-docker-ssl-init.md b/doc/06springboot-docker-ssl-init.md
@@ -213,3 +213,137 @@ done
 
 ```
 
+
+## yum源的问题
+  
+  采用阿里的CentOS-Base.repo，这里需要编辑其gpgkey的地址，它原来是file协议，反向代理不了。修改成http即可
+  ### 创建/aliyunRepo/CentOS-Base.repo文件
+
+  ```
+# CentOS-Base.repo
+#
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the 
+# remarked out baseurl= line instead.
+#
+#
+ 
+[base]
+name=CentOS-$releasever - Base - mirrors.aliyun.com
+failovermethod=priority
+baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
+        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
+gpgcheck=1
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+ 
+#released updates 
+[updates]
+name=CentOS-$releasever - Updates - mirrors.aliyun.com
+failovermethod=priority
+baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
+        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
+gpgcheck=1
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+ 
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras - mirrors.aliyun.com
+failovermethod=priority
+baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
+        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
+gpgcheck=1
+#
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+ 
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus - mirrors.aliyun.com
+failovermethod=priority
+baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
+        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
+gpgcheck=1
+enabled=0
+#gpgkey=file:///mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+ 
+#contrib - packages by Centos Users
+[contrib]
+name=CentOS-$releasever - Contrib - mirrors.aliyun.com
+failovermethod=priority
+baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
+        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
+#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
+gpgcheck=1
+enabled=0
+gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
+
+
+
+  ```
+
+  ### 创建/aliyunRepo/epel.repo文件
+  
+```
+[epel]
+name=Extra Packages for Enterprise Linux 7 - $basearch
+baseurl=http://mirrors.aliyun.com/epel/7/$basearch
+        http://mirrors.aliyuncs.com/epel/7/$basearch
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=0
+#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+ gpgkey=http://etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+ 
+[epel-debuginfo]
+name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
+baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
+        http://mirrors.aliyuncs.com/epel/7/$basearch/debug
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+gpgcheck=0
+ 
+[epel-source]
+name=Extra Packages for Enterprise Linux 7 - $basearch - Source
+baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
+        http://mirrors.aliyuncs.com/epel/7/SRPMS
+#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
+failovermethod=priority
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
+gpgcheck=0
+
+
+```
+
+  ### 分发到每台机器上
+NODE_IPS="192.168.0.2  192.168.0.5 192.168.0.6  192.168.0.7  192.168.0.8  192.168.0.9  192.168.0.10  192.168.0.11 192.168.0.12   192.168.0.13  192.168.0.14   192.168.0.15   192.168.0.16 192.168.0.17  192.168.0.18    192.168.0.19"
+NODE_NAME="ms02 ms05 ms06  ms07   ms08   ms09  ms10   ms11  ms12  ms13  ms14  ms15  ms16  ms17   ms18 ms19"
+
+for ip in $NODE_IPS ;do
+      echo "初始化$ip aliyu 的..."
+      ssh root@$ip "cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak1"
+      ssh root@$ip "cp /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.bak1"
+     
+      scp /aliyunRepo/CentOS-Base.repo root@$ip:/etc/yum.repos.d/CentOS-Base.repo
+      scp /aliyunRepo/epel.repo root@$ip:/etc/yum.repos.d/epel.repo
+
+      ssh root@$ip " ls /etc/yum.repos.d/"
+      
+      sleep 10
+done
+
+```
diff --git a/doc/07springboot-docker-autiproxy-net.md b/doc/07springboot-docker-autiproxy-net.md
@@ -1 +1,88 @@
- # Spring boot+docker 半自动化部署(七)、反向代理上网
+ # Spring boot+docker 半自动化部署(七)、反向代理上网
+
+网络安全要求较高，只有192.168.0.20能上外网，其它机器都上不了网，只能使用反向代理上网，建立反向代理：
+1、在192.168.0.20 建立nginx代理 
+2、每台机器加上http-proxy的指向
+3、yum 用不了，需要把yum源换成aliyun的http,同时把其中file协议换成http
+
+## nginx的配置文件
+nginx的docker部署非常方便，和前面文件服务器一样，只要拉镜像运行即可，其关键在于配置文件
+默认的情况下，nginx没有配置文件，需要在/etc/nginx/nginx.conf位置配置主配置文件，没有主配置文件，直接配置子配置文件在docker中会报错“找不到/etc/nginx/nginx.conf文件”
+这里仅仅做反向代理用，就直接配置在主配置文件中即可
+
+在管理机主机创建/etc/nginx/nginx.conf中，然后把该文件映射到docker中，这样就不需要在docker容器中配置
+
+```
+worker_processes 1;
+master_process off;
+#daemon off;
+#pid /var/run/nginx.pid;
+events {
+  worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+    #include mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log /var/log/nginx/access.log;
+    #error_log /var/log/nginx/error.log;
+
+    sendfile on;
+    server {
+        #域名服务器
+        resolver 202.120.2.100;
+        #监听本机端口，其它机器都指向本机的ip该端口上进行代理
+        listen 85;
+        location / {
+            #proxy_pass http://$http_host$request_uri;
+            proxy_pass $scheme://$http_host$request_uri;          
+        }         
+    }
+}
+
+```
+
+
+## nginx的启动
+
+启用反向代理的docker比较简单，拉镜像下载启动
+
+```
+docker run -d    -v /etc/nginx:/etc/nginx  -v /usr/local/nginx/conf/:/usr/local/nginx/conf/      --restart=always \
+--privileged=true  --net=host  --name nginx-proxy -p 85:85  nginx
+
+```
+
+这里关键是把其位置和本地位置进行映射即可，其配置文件配置的端口也需要在主机上映射出来。
+如果不行，那么就docker restart nginx-proxy,重启一下。
+
+## 每台机器指向该端口
+
+在代理机只需要编写http_proxy环境变量，把该变量指指定管理机即可
+下面采用批量的形式把http_proxy写入/etc/profile
+
+```
+NODE_IPS="192.168.0.2  192.168.0.5 192.168.0.6  192.168.0.7  192.168.0.8  192.168.0.9  192.168.0.10  192.168.0.11 192.168.0.12   192.168.0.13  192.168.0.14   192.168.0.15   192.168.0.16 192.168.0.17  192.168.0.18    192.168.0.19"
+NODE_NAME="ms02 ms05 ms06  ms07   ms08   ms09  ms10   ms11  ms12  ms13  ms14  ms15  ms16  ms17   ms18 ms19"
+
+for ip in $NODE_IPS ;do
+      echo "初始化$ip proxy..."
+       Script=" 
+          echo \" export http_proxy=http://192.168.0.20:85 \" >> /etc/profile
+          #echo \" export https_proxy=https://192.168.0.20:443 \" >> /etc/profile 
+          source /etc/profile
+          curl www.google.cn
+        "
+      ssh root@$ip "$Script"
+      sleep 5
+done
+
+```
+
+
