|
|
|
# Ushio-cn
|
|
|
|
|
|
|
|
## 硬件配置
|
|
|
|
- 华为云云服务器-北京一-可用区1-通用计算型 | s3.medium.2 | 1vCPUs | 2GB
|
|
|
|
|
|
|
|
## 系统配置
|
|
|
|
- CentOS 7.4 64bit (docker-c7-40 市场镜像)
|
|
|
|
|
|
|
|
## ip地址
|
|
|
|
- ipv4: `114.116.85.132`
|
|
|
|
|
|
|
|
## 端口占用
|
|
|
|
- `22`: ssh
|
|
|
|
- `80`: http
|
|
|
|
- `443`: https/wss
|
|
|
|
- `1688`: kms
|
|
|
|
|
|
|
|
|
|
|
|
## iptables策略
|
|
|
|
```iptables
|
|
|
|
# default
|
|
|
|
iptables -A OUTPUT -j ACCEPT
|
|
|
|
iptables -A INPUT -j REJECT
|
|
|
|
iptables -A FORWARD -j REJECT
|
|
|
|
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
|
|
|
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
|
|
|
|
# ssh
|
|
|
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
|
|
|
|
|
|
|
# http & https
|
|
|
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
|
|
|
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
## 工具集环境
|
|
|
|
- docker1.13.1
|
|
|
|
- nodeJS
|
|
|
|
- python 2.7.5
|
|
|
|
- python 3.6
|
|
|
|
- java
|
|
|
|
- php
|
|
|
|
- go
|
|
|
|
|
|
|
|
## 注册服务
|
|
|
|
- ushio
|
|
|
|
- rclone
|
|
|
|
- nginx(ushio)
|
|
|
|
|
|
|
|
### NODEJS工具
|
|
|
|
- npm
|
|
|
|
- npx
|
|
|
|
- n
|
|
|
|
- cnpm
|
|
|
|
- yarn
|
|
|
|
- pm2
|
|
|
|
- todo-ddl
|
|
|
|
|
|
|
|
## PYTHON工具
|
|
|
|
- pip
|
|
|
|
- pip3
|
|
|
|
|
|
|
|
## iis服务列表
|
|
|
|
- api.yimian.xyz
|
|
|
|
- img.yimian.xyz
|
|
|
|
- log.yimian.xyz
|
|
|
|
- onedrive.yimian.xyz
|
|
|
|
- session.yimian.xyz
|
|
|
|
- kms.yimian.xyz
|
|
|
|
- frp.yimian.xyz
|
|
|
|
- onedrive.yimian.xyz
|
|
|
|
- shorturl.yimian.xyz
|
|
|
|
- eee.dog
|
|
|
|
- dns.yimian.xyz
|
|
|
|
- acg.watch
|
|
|
|
|
|
|
|
## dokcer集群
|
|
|
|
```docker-compose.yml
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
## 文件结构
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|---home
|
|
|
|
| |---lib
|
|
|
|
| | |---anti-ddos(iotcat/anti-ddos)
|
|
|
|
| | |---qcloudsms(qcloudsms/qcloudsms_php)
|
|
|
|
| | |---huaweicloud-sdk-php-obs(iotcat/huaweicloud-sdk-php-obs)
|
|
|
|
| |
|
|
|
|
| |---opt
|
|
|
|
| |
|
|
|
|
| |---www
|
|
|
|
| | |---api(iotcat/ushio-api)
|
|
|
|
| | |---img(iotcat/ushio-img)
|
|
|
|
| | |---log(iotcat/ushio-log)
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## docker集群
|
|
|
|
```yml
|
|
|
|
version: '3'
|
|
|
|
services:
|
|
|
|
|
|
|
|
# system-level services
|
|
|
|
#--------------------------------
|
|
|
|
nginx:
|
|
|
|
image: iotcat/ushio-nginx
|
|
|
|
container_name: nginx
|
|
|
|
restart: always
|
|
|
|
ports:
|
|
|
|
- "80:80"
|
|
|
|
- "443:443"
|
|
|
|
volumes:
|
|
|
|
- "/mnt/etc/cn.yimian.xyz/nginx/:/etc/nginx/"
|
|
|
|
- "/mnt/:/mnt/"
|
|
|
|
- "/var/log/nginx/:/var/log/nginx/"
|
|
|
|
- "/home/www/:/home/www/"
|
|
|
|
#network_mode: "host"
|
|
|
|
depends_on:
|
|
|
|
- oneindex
|
|
|
|
- php-fpm
|
|
|
|
- frps
|
|
|
|
- session
|
|
|
|
- acg.watch-api
|
|
|
|
- serverstatus
|
|
|
|
- ushio-win-server
|
|
|
|
- danmaku-api
|
|
|
|
- coro-api
|
|
|
|
- todo-ddl-api
|
|
|
|
- upload-api
|
|
|
|
networks:
|
|
|
|
- default
|
|
|
|
- php_net
|
|
|
|
- frp_net
|
|
|
|
|
|
|
|
dns:
|
|
|
|
image: strm/dnsmasq
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- /mnt/config/dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf
|
|
|
|
- /mnt/config/dnsmasq/dnsmasq.d/:/etc/dnsmasq.d/
|
|
|
|
- /mnt/config/dnsmasq/hosts.conf:/etc/hosts.conf
|
|
|
|
ports:
|
|
|
|
- "53:53/udp"
|
|
|
|
- "53:53/tcp"
|
|
|
|
cap_add:
|
|
|
|
- NET_ADMIN
|
|
|
|
networks:
|
|
|
|
- dns_net
|
|
|
|
|
|
|
|
# Database
|
|
|
|
#----------------------------------
|
|
|
|
redis:
|
|
|
|
image: redis
|
|
|
|
container_name: redis
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/tmp/redis/data/:/data/"
|
|
|
|
ports:
|
|
|
|
- "6379:6379"
|
|
|
|
networks:
|
|
|
|
- redis_net
|
|
|
|
mongo:
|
|
|
|
image: mongo
|
|
|
|
container_name: mongo
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/var/mongo:/data/db"
|
|
|
|
networks:
|
|
|
|
- mongo_net
|
|
|
|
|
|
|
|
|
|
|
|
# app-level services
|
|
|
|
# --------------------------------------
|
|
|
|
php-fpm:
|
|
|
|
container_name: php-fpm
|
|
|
|
image: crunchgeek/php-fpm:7.3
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/home/:/home/"
|
|
|
|
- "/mnt/:/mnt/"
|
|
|
|
networks:
|
|
|
|
- php_net
|
|
|
|
frps:
|
|
|
|
image: snowdreamtech/frps
|
|
|
|
container_name: frps
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/config/frp/frps.ini:/etc/frp/frps.ini"
|
|
|
|
ports:
|
|
|
|
- "4480:4480"
|
|
|
|
- "4443:4443"
|
|
|
|
- "4477:4477"
|
|
|
|
- "4400-4440:4400-4440"
|
|
|
|
networks:
|
|
|
|
- frp_net
|
|
|
|
emqx:
|
|
|
|
image: emqx/emqx
|
|
|
|
container_name: emqx
|
|
|
|
restart: always
|
|
|
|
ports:
|
|
|
|
- "1883:1883"
|
|
|
|
- "8083:8083"
|
|
|
|
- "8883:8883"
|
|
|
|
- "8084:8084"
|
|
|
|
- "18083:18083"
|
|
|
|
networks:
|
|
|
|
- mqtt_net
|
|
|
|
monitor:
|
|
|
|
#build: https://github.com/iotcat/ushio-monitor.git
|
|
|
|
image: iotcat/ushio-monitor
|
|
|
|
container_name: monitor
|
|
|
|
restart: always
|
|
|
|
command: USER=cn.yimian.xyz
|
|
|
|
network_mode: "host"
|
|
|
|
|
|
|
|
|
|
|
|
# common apps
|
|
|
|
# -------------------------------------
|
|
|
|
oneindex:
|
|
|
|
image: iotcat/oneindex
|
|
|
|
container_name: oneindex
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/config/oneindex/:/var/www/html/config/"
|
|
|
|
healthcheck:
|
|
|
|
test: /bin/bash /healthcheck.sh
|
|
|
|
interval: 1m
|
|
|
|
timeout: 10s
|
|
|
|
retries: 3
|
|
|
|
|
|
|
|
session:
|
|
|
|
#build: https://github.com/iotcat/ushio-session.git
|
|
|
|
image: iotcat/ushio-session
|
|
|
|
container_name: session
|
|
|
|
restart: always
|
|
|
|
networks:
|
|
|
|
- default
|
|
|
|
- redis_net
|
|
|
|
acg.watch-api:
|
|
|
|
#build: https://github.com/iotcat/acg.watch-api.git
|
|
|
|
image: iotcat/acg.watch-api
|
|
|
|
container_name: acg.watch-api
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/cache/video/:/mnt/cache/video/"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# local apps
|
|
|
|
# ---------------------------------------
|
|
|
|
serverstatus:
|
|
|
|
image: cppla/serverstatus
|
|
|
|
container_name: serverstatus
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/config/serverstatus/config.json:/ServerStatus/server/config.json"
|
|
|
|
ports:
|
|
|
|
- "35601:35601"
|
|
|
|
ushio-win-server:
|
|
|
|
#build: https://github.com/iotcat/ushio-win-server.git
|
|
|
|
image: iotcat/ushio-win-server
|
|
|
|
container_name: ushio-win-server
|
|
|
|
restart: always
|
|
|
|
kms:
|
|
|
|
#build: https://github.com/iotcat/kms-dockcer.git
|
|
|
|
image: iotcat/kms
|
|
|
|
container_name: kms
|
|
|
|
restart: always
|
|
|
|
ports:
|
|
|
|
- "1688:1688"
|
|
|
|
bingimgupdate-opt:
|
|
|
|
#build: https://github.com/iotcat/bingUpdateImg-opt.git
|
|
|
|
image: iotcat/bingimgupdate-opt
|
|
|
|
container_name: bingimgupdate-opt
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/config/token/huaweicloud/:/mnt/config/token/huaweicloud/"
|
|
|
|
- "/tmp/:/tmp/"
|
|
|
|
danmaku-api:
|
|
|
|
#build: https://github.com/iotcat/danmaku-api.git
|
|
|
|
image: iotcat/danmaku-api
|
|
|
|
container_name: danmaku-api
|
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- redis
|
|
|
|
- mongo
|
|
|
|
networks:
|
|
|
|
- default
|
|
|
|
- redis_net
|
|
|
|
- mongo_net
|
|
|
|
environment:
|
|
|
|
REDIS_HOST: "redis"
|
|
|
|
REDIS_PORT: 6379
|
|
|
|
MONGO_HOST: "mongo"
|
|
|
|
MONGO_PORT: 27017
|
|
|
|
MONGO_DATABASE: "danmaku"
|
|
|
|
volumes:
|
|
|
|
- /var/log/danmaku-api/app:/usr/src/app/logs
|
|
|
|
- /var/log/danmaku-api/pm2:/root/.pm2/logs
|
|
|
|
coro-api:
|
|
|
|
#build: https://github.com/iotcat/coro-api.git
|
|
|
|
image: iotcat/coro-api
|
|
|
|
container_name: coro-api
|
|
|
|
restart: always
|
|
|
|
todo-ddl-api:
|
|
|
|
#build: https://github.com/iotcat/todo-ddl-api.git
|
|
|
|
image: iotcat/todo-ddl-api
|
|
|
|
container_name: todo-ddl-api
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/var/todo-ddl/:/mnt/var/todo-ddl/"
|
|
|
|
upload-api:
|
|
|
|
#build: https://github.com/IoTcat/upload-api.git
|
|
|
|
image: iotcat/upload-api
|
|
|
|
container_name: upload-api
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- "/mnt/config/token/huaweicloud/:/mnt/config/token/huaweicloud/"
|
|
|
|
tmpfs:
|
|
|
|
- /tmp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# networks setting
|
|
|
|
# ------------------------------------
|
|
|
|
networks:
|
|
|
|
default:
|
|
|
|
|
|
|
|
dns_net:
|
|
|
|
|
|
|
|
redis_net:
|
|
|
|
|
|
|
|
mongo_net:
|
|
|
|
|
|
|
|
php_net:
|
|
|
|
|
|
|
|
frp_net:
|
|
|
|
|
|
|
|
mqtt_net:
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## 操作日志
|
|
|
|
---------------------------------
|
|
|
|
**2020-6-11**
|
|
|
|
- 试图通过华为云面板重装系统为CentOS7.6,失败
|
|
|
|
- 提交华为工单重装系统为CentOS7.6,不受理
|
|
|
|
- 通过[MeowLove/Network-Reinstall-System-Modify](https://github.com/MeowLove/Network-Reinstall-System-Modify)网络安装CentOS7.6,遇到无限重启,失败
|
|
|
|
- 通过[dansnow](https://zhujiwiki.com/13350/)的脚本重装,报错,失败
|
|
|
|
- 放弃重装,直接使用原有系统市场镜像并重置
|
|
|
|
- 更改主机名为`cn.yimian.xyz`
|
|
|
|
- yum更新
|
|
|
|
- yum安装企业库
|
|
|
|
- yum安装工具`wget git vim unzip zip openssl make gcc gcc-c++ screen fuse fuse-devel`
|
|
|
|
- 安装并配置 git
|
|
|
|
- 配置docker
|
|
|
|
- 安装docker-compose
|
|
|
|
- 配置ushio集群为服务
|
|
|
|
- 安装配置nodeJS
|
|
|
|
- 清除防火墙
|
|
|
|
- 关闭SELINUX
|
|
|
|
- 安装配置iptables
|
|
|
|
- 挂载onedrive
|
|
|
|
- 链接.vimrc
|
|
|
|
- 链接.ssh公钥
|
|
|
|
- 链接黑名单白名单
|
|
|
|
- 安装配置php
|
|
|
|
- 安装php-fpm
|
|
|
|
- 安装go
|
|
|
|
- 安装pip
|
|
|
|
- 安装python3
|
|
|
|
- 安装pip3
|
|
|
|
- 安装nginx(ushio)
|
|
|
|
|
|
|
|
----------------------------------------------
|
|
|
|
**2020-6-12**
|
|
|
|
- 链接docker集群
|
|
|
|
- 配置泛域名证书自动续期[acme.sh](https://github.com/acmesh-official/acme.sh)
|
|
|
|
- 配置华为云存储obsutil
|
|
|
|
- ~~挂载obsfs~~
|
|
|
|
- 解决github的dns污染(将`199.232.69.194 assets-cdn.github.com`加入`/etc/hosts)
|
|
|
|
----------------------------------
|
|
|
|
**2020-6-15**
|
|
|
|
- 部署api.yimian.xyz
|
|
|
|
- 部署img.yimian.xyz
|
|
|
|
- 解决php的pdo_mysql无法找到问题
|
|
|
|
- 卸载nginx,使用docker架构
|
|
|
|
- 转换ushio-img到php-sdk
|
|
|
|
------------------------------
|
|
|
|
**2020-6-18**
|
|
|
|
- 调试upload-api
|
|
|
|
- 部署imgbed
|
|
|
|
- 部署filebed
|
|
|
|
- 接入log
|
|
|
|
- 接入session
|
|
|
|
- 部署ushio-monitor
|
|
|
|
- 接入serverstatus
|
|
|
|
|
|
|
|
--------------------------------
|
|
|
|
**2020-6-19**
|
|
|
|
- 接入oneindex
|
|
|
|
- 接入kms
|
|
|
|
- 接入acg.watch
|
|
|
|
- 接入oneindex
|
|
|
|
- 部署frp
|
|
|
|
- 部署shorturl
|
|
|
|
- 部署dnsmasq
|
|
|
|
|
|
|
|
-------------------------------------
|