KayChen

一. 部署

• 创建 docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12

version: '3'
services:
  openvpn:
    cap_add:
     - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
     - "1194:1194"
    restart: always
    volumes:
     - ./data/conf:/etc/openvpn

二. 初始化

• 初始化配置

  1	docker-compose run --rm openvpn ovpn_genconfig -u tcp://vpn.kaychen.cn

• 初始化证书

  1	docker-compose run --rm openvpn ovpn_initpki

  输出示例

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /etc/openvpn/pki Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Enter New CA Key Passphrase: (输入密码) Re-Enter New CA Key Passphrase: (输入密码) Generating RSA private key, 2048 bit long modulus (2 primes) ...............................................+++++ ..............................................+++++ You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]:(直接回车) DH parameters of size 2048 created at /etc/openvpn/pki/dh.pem Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Generating a RSA private key ..................+++++ ...........................+++++ writing new private key to '/etc/openvpn/pki/easy-rsa-72.DKOLbA/tmp.HckbDH' ----- Using configuration from /etc/openvpn/pki/easy-rsa-72.DKOLbA/tmp.glJiIo Enter pass phrase for /etc/openvpn/pki/private/ca.key:(输入密码) Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'vpn.kaychen.cn' Certificate is to be certified until Oct 31 10:23:04 2024 GMT (825 days) Write out database with 1 new entries Data Base Updated Using SSL: openssl OpenSSL 1.1.1g 21 Apr 2020 Using configuration from /etc/openvpn/pki/easy-rsa-147.oHBngi/tmp.iaDMkK Enter pass phrase for /etc/openvpn/pki/private/ca.key:(输入密码) An updated CRL has been created. CRL file: /etc/openvpn/pki/crl.pem

• 调整目录权限

  1	sudo chown -R $(whoami): ./data

• 生成客户端证书

  1 2 3 4

  # with a passphrase (recommended) docker-compose run --rm openvpn easyrsa build-client-full zhengkai.chen # without a passphrase (not recommended) docker-compose run --rm openvpn easyrsa build-client-full zhengkai.chen nopass

• 导出客户端配置ovpn

  1	docker-compose run --rm openvpn ovpn_getclient zhengkai.chen > zhengkai.chen.ovpn

• 撤销客户端证书

  1 2 3 4

  # Keep the corresponding crt, key and req files. docker-compose run --rm openvpn ovpn_revokeclient zhengkai.chen # Remove the corresponding crt, key and req files. docker-compose run --rm openvpn ovpn_revokeclient zhengkai.chen remove

• 启动openVPN

  1	docker-compose up -d

三. 下载客户端

• MacOS
• Windows

参考:

• openvpn官网

• docker-openvpn

• openvpn 配置

下载安装frp

在 Github 的 Release 页面中下载到最新版本的客户端和服务端二进制文件，所有文件被打包在一个压缩包中

部署

解压缩下载的压缩包，将其中的 frpc 拷贝到内网服务所在的机器上，将 frps 拷贝到具有公网 IP 的机器上，放置在任意目录

1
2
3
4
5

tar xzf frp_0.37.0_linux_amd64.tar.gz
cd frp_0.37.0_linux_amd64
sudo cp -f frps frpc /usr/local/bin/
sudo mkdir /etc/frp
sudo cp -f frp* /etc/frp/

配置服务端frps.ini

1
2
3
4
5
6
7
8
9

[common]
bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443

dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin

生成域名证书（支持https）

1

certbot certonly  -d *.kaychen.cn --preferred-challenges dns --manual --server https://acme-v02.api.letsencrypt.org/directory

根据命令提示操作后，复制fullchain.pem和privkey.pem到/etc/frp目录

配置客户端frpc.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

[common]
server_addr = 43.128.56.179
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

[jenkins]
type = https
custom_domains = jenkins.kaychen.cn
plugin = https2http
plugin_local_addr = 127.0.0.1:8081
plugin_crt_path = /etc/frp/fullchain.crt
plugin_key_path = /etc/frp/privkey.key
plugin_header_X-From-Where = frp

[gitlab]
type = https
custom_domains = gitlab.kaychen.cn
plugin = https2https
plugin_local_addr = 127.0.0.1:443
plugin_crt_path = /etc/frp/fullchain.crt
plugin_key_path = /etc/frp/privkey.key
plugin_header_X-From-Where = frp

配置开机启动

客户端

vim /lib/systemd/system/frpc.service

1
2
3
4
5
6
7
8
9
10
11
12
13

[Unit]
Description=Frp Client Service
After=network.target

[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.ini
ExecReload=/usr/local/bin/frpc reload -c /etc/frp/frpc.ini

[Install]
WantedBy=multi-user.target

服务端

vim /lib/systemd/system/frps.service

1
2
3
4
5
6
7
8
9
10
11
12

[Unit]
Description=Frp Server Service
After=network.target

[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini

[Install]
WantedBy=multi-user.target

启动服务

1
2
3
4
5

sudo systemctl start frps
sudo systemctl enable frps

sudo systemctl start frpc
sudo systemctl enable frpc

参考

• FRP github
• frp下反向代理实现https协议

拉取python镜像

1

docker pull python:3-alpine

创建Dockerfile

安装自己需要的包

1
2
3
4
5
6
7

FROM python:3-alpine
RUN pip install pandas
RUN pip install xlrd
RUN apk add build-base postgresql-dev
RUN pip install psycopg2

WORKDIR /data

Build镜像

1

docker build -t python3:alpine .

启动测试

1

docker run -it --name python3 -v $PWD:/data python3:alpine sh

主机使用python容器cli

在.zshrc中增加

1
2
3
4
5
6
7
8

python () {
    docker run \
        -it \
        --rm \
        --volume $PWD:/data:rw \
        --workdir /data \
        python3:alpine python "$@"
}

执行source .zshrc生效

使用

执行python -V测试输出版本号即可

1. 下载node docker镜像

1

docker pull node:12-alpine

因目前node版本如果超过12则hexo部署会报错, 我们选择使用12版本

2. 创建Hexo镜像

编写Dockerfile

1
2
3
4
5
6
7
8

FROM node:12-alpine
RUN npm install -g hexo-cli
RUN apk add openssh
RUN apk add git
RUN git config --global user.email "kaychen.cn@gmail.com"
RUN git config --global user.name "kaychen"

WORKDIR /data

生产镜像

1

docker build -t hexo:12-alpine .

3. 增加本地命令

在.zshrc中增加

1
2
3
4
5
6
7
8
9
10

hexo () {
    docker run \
        -it \
        --rm \
        -p 4000:4000 \
        --volume $PWD:/data:rw \
        --volume $HOME:/root:rw \
        --workdir /data \
        hexo:12-alpine hexo "$@"
}

让配置生效

1

source .zshrc

4. 使用hexo

1
2
3

cd {项目目录}
hexo s -g //预览
hexo d -g //部署

自动ssh

1
2
3
4
5
6
7
8
9
10
11
12

#!/usr/bin/expect
set host 192.168.10.210
set user protest2
set password 1qazXDR%
set port 22

spawn ssh $user@$host -p $port
expect {
"(yes/no)?" { send "yes\r";exp_continue }
"*assword:*" { send "$password\r" }
}
interact

自动scp

1
2
3
4
5
6
7
8
9

#!/usr/bin/expect
set password 1qazXDR%
spawn scp /tmp/1.txt protest2@192.168.10.210:/tmp/
expect {
  "(yes/no)?" { send "yes\n";exp_continue}
  "*assword:" { send "$password\n" }
}
expect "100%"
expect eof

Gitlab

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

version: "3"
services:
  gitlab:
    container_name: 'gitlab'
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    user: root
    hostname: '192.168.56.128'
    privileged: true
    environment:
      GITLAB_OMNIBUS_CONFIG:
        external_url 'https://192.168.56.128'
    ports:
      - '80:80'
      - '443:443'
      - '2222:22'
    volumes:
      - './data/gitlab/config:/etc/gitlab'
      - './data/gitlab/logs:/var/log/gitlab'
      - './data/gitlab/data:/var/opt/gitlab'
    network_mode: bridge

Gitlab-Runner

1
2
3
4
5
6
7
8
9
10
11
12
13
14

version: "3"
services:
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    container_name: gitlab-runner
    privileged: true
    volumes:
      - ./data/gitlab-runner/config:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock
      - $HOME/.m2:/root/.m2
    environment:
      TZ: "$TZ"
    restart: always
    network_mode: bridge

Jenkins

1
2
3
4
5
6
7
8
9
10
11
12

version: "3"
services:
  jenkins:
    container_name: jenkins
    image: jenkinsci/blueocean
    restart: always
    volumes:
      - "/opt/jenkins_home:/var/jenkins_home"
      - "/var/run/docker.sock:/var/run/docker.sock"
    ports:
      - 8081:8080
    network_mode: bridge

一.配置引入

1. 添加以下依赖到pom.xml

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

   <!--mysql驱动--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <!--mybatis--> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.5.1</version> </dependency> <!--mybatis spring整合jar包--> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>2.0.1</version> </dependency> <!--jdbc--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> </dependency> <!--单元测试--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> </dependency>

2. 在resources目录下薪增mybatis-config.xml文件,内容如下:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

   <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> <environments default="development"> <environment id="development"> <transactionManager type="JDBC"/> <dataSource type="POOLED"> <property name="driver" value="com.mysql.cj.jdbc.Driver"/> <property name="url" value="jdbc:mysql://10.21.100.77:3306/mybatis?useSSL=true&amp;useUnicode=true&amp;characterEncoding=UTF-8"/> <property name="username" value="root"/> <property name="password" value="${password}"/> </dataSource> </environment> </environments> <mappers> <mapper resource="com/kaychen/springboot01/dao/UserMapper.xml"/> </mappers> </configuration>

3. 为了能正常引入mappers文件, 需要在pom.xml文件的<build>模块中增加

   1 2 3 4 5 6 7 8 9 10

   <resources> <resource> <directory>src/main/java</directory> <includes> <include>**/*.properties</include> <include>**/*.xml</include> </includes> <filtering>false</filtering> </resource> </resources>

4. 在com/kaychen/springboot01/目录下创建dao, pojo, controller, service

   

5. 在utils工具类包中创建MybatisUtils.java工具类文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

   package com.kaychen.springboot01.utils; import org.apache.ibatis.io.Resources; import org.apache.ibatis.session.SqlSession; import org.apache.ibatis.session.SqlSessionFactory; import org.apache.ibatis.session.SqlSessionFactoryBuilder; import java.io.IOException; import java.io.InputStream; public class MybatisUtils { private static SqlSessionFactory sqlSessionFactory; static { try { String resource = "mybatis-config.xml"; InputStream inputStream = Resources.getResourceAsStream(resource); sqlSessionFactory = new SqlSessionFactoryBuilder().build(inputStream); } catch (IOException e) { e.printStackTrace(); } } public static SqlSession getSqlSession(){ return sqlSessionFactory.openSession(); } }

6. 在pojo目录中新增User.java数据库实体类文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

   package com.kaychen.springboot01.pojo; public class User { private int id; private String username; private String password; public User(){ } public User(int id,String username, String password){ this.id = id; this.username = username; this.password = password; } public int getId(){ return id; } public String getUsername() { return username; } public String getPassword() { return password; } }

7. 在dao目录中新增userDao.java接口类文件

   1 2 3 4 5 6 7 8 9 10

   package com.kaychen.springboot01.dao; import com.kaychen.springboot01.pojo.User; import java.util.List; public interface UserDao { List<User> listUser(); }

8. 在dao目录中新增UserMapper.xml文件

   1 2 3 4 5 6 7 8 9 10

   <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.kaychen.springboot01.dao.UserDao"> <select id="listUser" resultType="com.kaychen.springboot01.pojo.User"> select * from mybatis.user </select> </mapper>

二.junit测试

1.在com/kaychen/springboot01目录下创建dao目录以及UserDaoTest.java文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

package com.kaychen.springboot01.dao;

import com.kaychen.springboot01.pojo.User;
import com.kaychen.springboot01.utils.MybatisUtils;
import org.apache.ibatis.session.SqlSession;
import org.junit.Test;

import java.util.List;


public class UserDaoTest {
    @Test
    public void test(){
        SqlSession sqlSession =  MybatisUtils.getSqlSession();
        UserDao userDao = sqlSession.getMapper(UserDao.class);
        List<User> listUser = userDao.listUser();
        for (User user : listUser) {
            System.out.println(user);
        }
        sqlSession.close();
    }
}

三. 整合springboot

1. 在service中新增UserService.java类文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

   package com.kaychen.springboot01.service; import com.kaychen.springboot01.dao.UserDao; import com.kaychen.springboot01.pojo.User; import com.kaychen.springboot01.utils.MybatisUtils; import org.apache.ibatis.session.SqlSession; import java.util.List; public class UserService { public List<User> listUser(){ SqlSession sqlSession = MybatisUtils.getSqlSession(); UserDao userdao = sqlSession.getMapper(UserDao.class); List<User> data = userdao.listUser(); return data; } }

2. 在controller目录中新增UserController.java类文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

   package com.kaychen.springboot01.controller; import com.kaychen.springboot01.service.UserService; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/api") public class UserController { @RequestMapping("/hello") @ResponseBody public Object listUser(){ UserService userService = new UserService(); return userService.listUser(); } }

3. 请求localhost/api/hello得到返回数据

   1 2 3 4 5 6 7

   [ { "id": 1, "username": "king", "password": "Zhengkai2021" } ]

参考文档：

1. MyBatis官方文档

1.共享目录设置

1. 查看共享目录,用vmware-hgfsclient命令可以看到你的共享目录，这个命令是你安装了vmwaretools成功后生成的

2. 默认挂载目录为/mnt/hgfs

3. 手动挂载目录命令

   1	sudo /usr/bin/vmhgfs-fuse .host:/ /mnt/hgfs -o subtype=vmhgfs-fuse,allow_other

2.设置开启自启动虚拟机

1. 编写startLinuxVM.bat

   1	"C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe" start "E:\VM\Ubuntu\Ubunut1810.vmx" nogui

2. 将startLinuxVM.bat添加自启动目录

   1	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

Logstash是一个应用程序日志、事件的传输、处理、管理和搜索的平台。你可以用它来统一对应用程序日志进行收集管理，提供 Web 接口用于查询和统计。

一、安装

环境:Centos6

需要java运行环境:java -version

下载并安装公共签名密钥

1

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

然后在/etc/yum.repos.d/目录添加一个以.repo后缀的文件，比如:logstash.repo

1
2
3
4
5
6

[logstash-2.3]
name=Logstash repository for 2.3.x packages
baseurl=https://packages.elastic.co/logstash/2.3/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

至此资源库添加完成，你可以使用yum安装logstash了

1

yum install logstash

安装完成后，可用以下命令测试是否安装成功

1

bin/logstash -e 'input { stdin { } } output { stdout {} }'

logstash的默认程序路径在:/opt/logstash/

logstash的默认配置文件路径在:/etc/logstash/conf.d/

二、配置

在/etc/logstash/conf.d/新建一个以.conf后缀的文件，比如:nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

input {
    file {
        path => "/opt/log/pv.ifchange.com/pv.ifchange.com.access.log"
        type => "nginx-access"
    }
}
output {
    http {
        format => "form"
        http_method => "post"
        url => "http://logsystem.dev.ifchange.com/analysislog/clickLog"
        mapping => ["Body", '%{message}']
    }
    stdout {
        codec => "rubydebug"
    }
}

以上配置代表将文件/opt/log/pv.ifchange.com/pv.ifchange.com.access.log里的日志实时通过HTTP POST的方式提交给http://logsystem.dev.ifchange.com/analysislog/clickLog进行处理。为了方便调试，加了stdout参数，代表输出到屏幕。

##三、启动
为了方便调试可手动启动:

1

/opt/logstash/bin/logstash agent -f /etc/logstash/conf.d/test.conf

也可直接使用服务启动:

1

service logstash start

停止服务:

1

service logstash stop

配置文件测试:

1

service logstash configtest