Jenkins 服务器所需软件列表#
运行 Jenkins 需要#
- Jenkins
- Jdk 17+ (Jenkins 运行需要)
- Nginx (可选,可以直接使用 IP + 端口的方式访问)
业务需要#
- Maven
- 修改 Maven 源
- JDK 8 (与业务代码所需 Java 版本一致)
- NVM (管理 NodeJS 版本)
- NodeJS 10.24.1
- NodeJS 12.22.12
- NodeJS 14.21.3
- NodeJS 16.20.2
- NodeJS 18.20.5
- NodeJS 20.18.1
- 代码凭据配置配置(拉取代码需要)
- SSH-Keygen
- GitLab 的账户密码
- PHP (与业务代码所需 PHP 版本一致)
- Compress
- Ansible
- 配置账户密码
- 配置免密执行 sudo 命令
Jenkins 所需插件列表#
- Localization Support
- Localization (Simplified)
- Locale
- GitLab 相关
- Blue Ocean
- Role-based Authorization Strategy
- Pipeline: Stage View
- Build Pipeline
- Version Number
应用服务器所需软件列表#
- JDK 8(后端 Java 包运行需要)
- Nginx (前端包代理需要)
- Supervisord(后端 Java 进程管理)
- PHP
- compose
Jenkins 安装配置#
Jenkins 服务器#
安装与业务一致的打包环境#
安装 JDK 8#
由于 Oracle 为了保证 JDK 的更新而强制关闭 JDK 旧版本的登录下载;所以,对于 JDK 8 的版本来说,需要我们手动从 Oracle Java 网站上下载,然后上传至服务器。这里我们将 JDK 8 的压缩包上传至服务器的 /usr/local/src/ 目录下。
cd /usr/local/src
解压缩预编译好的 JDK 8 压缩包,并移动到外层目录中:
tar -zxvf jdk-8u371-linux-x64.tar.gz
mv jdk1.8.0_371 /usr/local/jdk8
写入环境变量,便于后续打包时调用:
echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile
echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile
刷新环境变量,使其生效。
source /etc/profile
安装并配置 Maven#
安装 Maven
Maven 的下载地址如下:https://archive.apache.org/dist/maven/maven-3/
选择最新版本进行下载即可。
对于服务器来说,可以使用 wget 命令进行下载,对于国内的服务器,使用清华源进行下载,这里我们下载至 /usr/local/src 目录下。
cd /usr/local/src
wget https://archive.apache.org/dist/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz
解压缩预编译好的 Maven 压缩包,并移动到外层目录中:
tar -zxvf apache-maven-3.9.9-bin.tar.gz
cp -r /usr/local/src/apache-maven-3.9.9 /usr/local/maven3.9
写入环境变量,便于后续打包时调用:
echo '
PATH=$PATH:/usr/local/maven3.9/bin
export PATH' >> /etc/profile
刷新环境变量,使其生效。
source /etc/profile
配置 Maven
需要配置的内容有以下两点:
- 修改镜像源地址为国内源
- 配置私人镜像源地址
修改 Maven 配置文件:
vim /usr/local/maven3.9/conf/settings.xml
添加如下内容:
...
<servers>
+ <server>
+ <id>self-hosted-nexus</id>
+ <username>${username}</username>
+ <password>${password}</password>
+ </server>
</servers>
...
<mirrors>
+ <mirror>
+ <id>self-hosted-nexus</id>
+ <mirrorOf>*</mirrorOf>
+ <name>self-hosted-nexus</name>
+ <url>${url}</url>
+ </mirror>
+ <mirror>
+ <id>aliyun-maven</id>
+ <mirrorOf>*</mirrorOf>
+ <url>https://maven.aliyun.com/repository/public/</url>
+ </mirror>
</mirrors>
...
将这里的 ${username} 和 ${password} 替换为私有仓库的账户密码,将 ${url} 替换为可以被访问到的地址。
安装 NodeJS#
安装 NVM
NVM 的下载地址如下:https://github.com/nvm-sh/nvm
选择最新版本进行下载即可。
对于服务器来说,可以使用 wget 命令进行下载,对于国内的服务器,使用清华源进行下载,这里我们下载至 /usr/local/src 目录下。
cd /usr/local/src
wget https://github.com/nvm-sh/nvm/archive/refs/tags/v0.40.1.tar.gz -O nvm-0.40.1.tar.gz
解压缩预编译好的 NVM 压缩包,并移动到外层目录中:
tar -zxvf nvm-0.40.1.tar.gz
mv nvm-0.40.1 /usr/local/nvm0.40
添加到 Bash 的配置文件中:
echo "source /usr/local/nvm0.40/nvm.sh" >> ~/.bashrc
刷新 Bash 的配置,使其生效:
source ~/.bashrc
安装多个版本的 NodeJS
使用 NVM 安装 NodeJS 时,无法查询到 NodeJS 版本,只有 io.js 版本,这是因为 NVM 无法连接至 NodeJS 版本服务器导致的,可以指定服务器进行版本安装。
NVM_NODEJS_ORG_MIRROR=https://nodejs.org/dist nvm install <nodejs_version>
# or
NVM_NODEJS_ORG_MIRROR=https://npmmirror.com/mirrors/node/ nvm install <nodejs_version>
使用 NVM 安装各个 NodeJS 稳定版:
nvm install v10.24.1
nvm install v12.22.12
nvm install v14.21.3
nvm install v16.20.2
nvm install v18.20.5
nvm install v20.18.1
安装并配置 PHP#
[!TODO]
安装并配置 Jenkins#
安装 Jenkins 所需运行时#
Jenkins 新版本需要 JDK 17 及以上,这里我们手动从 Oracle Java 网站上下载最新的 JDK 版本,然后上传至服务器的 /usr/local/src/ 目录下。
cd /usr/local/src
解压缩预编译好的 JDK 21 压缩包,并移动到外层目录中:
tar -zxvf jdk-21-linux-x64.tar.gz
mv jdk21 /usr/local/jdk21
这里我们不将 JDK 21 写入到环境变量中,以免调用 JDK 环境打包时使用错误的 JDK 环境,在 Jenkins 启动时使用绝对路径来使用 JDK 21。
安装 Jenkins#
下载 Jenkins 的 RedHat 发行版的安装包,国内的服务器使用清华源进行下载。
cd /usr/local/src
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat/jenkins-2.491-1.1.noarch.rpm --no-check-certificate
安装二进制安装包
rpm -ivh jenkins-2.491-1.1.noarch.rpm
配置 Jenkins#
修改 Jenkins 的启动配置文件
vim /usr/lib/systemd/system/jenkins.service
修改如下内容:
#
# This file is managed by systemd(1). Do NOT edit this file manually!
# To override these settings, run:
#
# systemctl edit jenkins
#
# For more information about drop-in files, see:
#
# https://www.freedesktop.org/software/systemd/man/systemd.unit.html
#
[Unit]
Description=Jenkins Continuous Integration Server
Requires=network.target
After=network.target
StartLimitBurst=5
StartLimitIntervalSec=5m
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/bin/jenkins
Restart=on-failure
SuccessExitStatus=143
# Configures the time to wait for start-up. If Jenkins does not signal start-up
# completion within the configured time, the service will be considered failed
# and will be shut down again. Takes a unit-less value in seconds, or a time span
# value such as "5min 20s". Pass "infinity" to disable the timeout logic.
#TimeoutStartSec=90
# Unix account that runs the Jenkins daemon
# Be careful when you change this, as you need to update the permissions of
# $JENKINS_HOME, $JENKINS_LOG, and (if you have already run Jenkins)
# $JENKINS_WEBROOT.
- User=jenkins
+ User=root
- Group=jenkins
+ Group=root
# Directory where Jenkins stores its configuration and workspaces
- Environment="JENKINS_HOME=/var/lib/jenkins"
+ Environment="JENKINS_HOME=/data/jenkins"
- WorkingDirectory=/var/lib/jenkins
+ WorkingDirectory=/data/jenkins
# Location of the Jenkins WAR
#Environment="JENKINS_WAR=/usr/share/java/jenkins.war"
# Location of the exploded WAR
Environment="JENKINS_WEBROOT=%C/jenkins/war"
# Location of the Jenkins log. By default, systemd-journald(8) is used.
#Environment="JENKINS_LOG=%L/jenkins/jenkins.log"
# The Java home directory. When left empty, JENKINS_JAVA_CMD and PATH are consulted.
#Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
+ Environment="JAVA_HOME=/usr/local/jdk21"
# The Java executable. When left empty, JAVA_HOME and PATH are consulted.
#Environment="JENKINS_JAVA_CMD=/etc/alternatives/java"
# Arguments for the Jenkins JVM
Environment="JAVA_OPTS=-Djava.awt.headless=true"
# Unix Domain Socket to listen on for local HTTP requests. Default is disabled.
#Environment="JENKINS_UNIX_DOMAIN_PATH=/run/jenkins/jenkins.socket"
# IP address to listen on for HTTP requests.
# The default is to listen on all interfaces (0.0.0.0).
#Environment="JENKINS_LISTEN_ADDRESS="
# Port to listen on for HTTP requests. Set to -1 to disable.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
Environment="JENKINS_PORT=8080"
# IP address to listen on for HTTPS requests. Default is disabled.
#Environment="JENKINS_HTTPS_LISTEN_ADDRESS="
# Port to listen on for HTTPS requests. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTPS_PORT=443"
# Path to the keystore in JKS format (as created by the JDK's keytool).
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE=/path/to/keystore.jks"
# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=s3cR3tPa55w0rD"
# IP address to listen on for HTTP2 requests. Default is disabled.
#Environment="JENKINS_HTTP2_LISTEN_ADDRESS="
# HTTP2 port to listen on. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTP2_PORT="
# Controls which capabilities to include in the ambient capability set for the
# executed process. Takes a whitespace-separated list of capability names, e.g.
# CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. Ambient capability sets are
# useful if you want to execute a process as a non-privileged user but still
# want to give it some capabilities. For example, add the CAP_NET_BIND_SERVICE
# capability to be able to listen on privileged ports (port numbers less than
# 1024).
#AmbientCapabilities=CAP_NET_BIND_SERVICE
# Debug level for logs. The higher the value, the more verbose. 5 is INFO.
#Environment="JENKINS_DEBUG_LEVEL=5"
# Set to true to enable logging to /var/log/jenkins/access_log.
#Environment="JENKINS_ENABLE_ACCESS_LOG=false"
# Servlet context (important if you want to use reverse proxying)
#Environment="JENKINS_PREFIX=/jenkins"
# Arbitrary additional arguments to pass to Jenkins.
# Full option list: java -jar jenkins.war --help
#Environment="JENKINS_OPTS="
# Maximum core file size. If unset, the value from the OS is inherited.
#LimitCORE=infinity
# Maximum file size. If unset, the value from the OS is inherited.
#LimitFSIZE=infinity
# File descriptor limit. If unset, the value from the OS is inherited.
#LimitNOFILE=8192
# Maximum number of processes. If unset, the value from the OS is inherited.
#LimitNPROC=32768
# Set the umask to control the permission bits of files that Jenkins creates.
#
# 0027 makes files read-only for group and inaccessible for others, which some
# security sensitive users might consider beneficial, especially if Jenkins
# is running on a server that is used for multiple purposes. Beware that 0027
# permissions would interfere with sudo scripts that run on the controller
# (see JENKINS-25065).
#
# Note also that the particularly sensitive parts of $JENKINS_HOME (such as
# credentials) are always written without 'other' access. So the umask values
# only affect job configuration, build records, etc.
#
# If unset, the value from the OS is inherited, which is normally 0022.
# The default umask comes from pam_umask(8) and /etc/login.defs.
#UMask=0022
[Install]
WantedBy=multi-user.target
修改完成后,重新载入配置文件
systemctl daemon-reload
这里修改了 Jenkins 的工作目录在 /data 路径下,需要手动创建该目录:
mkdir -p /data/jenkins
创建完成后,运行 Jenkins
systemctl enable jenkins --now
使用如下命令查看运行情况:
systemctl status jenkins
运行成功后,可以在同一局域网服务器内,通过该 Jenkins 服务器 IP 地址 + 8080 端口号访问 Jenkins 的 Web 界面。
默认密码使用如下命令查看:
cat /data/jenkins/secrets/initialAdminPassword
Jenkins 默认下载源国内下载较慢,需要修改成清华源:
vim /data/jenkins/hudson.model.UpdateCenter.xml
修改如下内容:
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
- <url>https://updates.jenkins.io/update-center.json</url>
+ <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites>
在安装完成 Jenkins 后,启动时需要的目录就已经生成完毕了,其中的更新地址依旧为 update.jenkins.io , 仍然需要修改为国内源:
cd /data/jenkins/updates
sed -i 's#updates.jenkins.io/download/plugins#mirrors.tuna.tsinghua.edu.cn/jenkins/plugins#g' default.json
sed -i 's#www.google.com#www.bilibili.com#g' default.json
配置代码拉取凭据#
使用 SSH 协议拉取#
Jenkins 如果可以使用 SSH 协议进行代码拉取,可以将本机的 SSH 的公钥配置在 Git 服务器上。
首先生成 SSH-Keygen,由于安全考虑,Github 已经不允许基于 RSA2048 算法的密钥生成,这里使用 ed25519 算法,如果服务器无法支持该算法,可以使用 RSA4096 算法
ssh-keygen -t ed25519 -C "[email protected]"
# or
ssh-keygen -t rsa -b 4096 -C "[email protected]"
当系统提示 “输入要存储密钥的文件” 时,可以使用回车结束默认文件的位置,如果之前创建过了,ssh-keygen 可能会要求你重写密钥,这种情况下,可以对刚刚创建的文件进行自定义命名。此时,可以修改 .gitconfig 文件,来指定使用哪个密钥来进行代码的拉取。这里我们假定刚刚生成的密钥命名为 id_rsa_gitlab 和 id_rsa_gitlab.pub
修改 ssh 的配置文件:
vim /root/.ssh/config
写入如下内容:
Host self-hosted-gitlab
HostName gitlab.example.com
User git
IdentityFile /root/.ssh/id_rsa_gitlab
IdentitiesOnly yes
同时,需要将 id_rsa_gitlab.pub 文件中的内容配置在 GitLab 服务器上。
使用 HTTP 协议拉取#
当不能使用 SSH 协议拉取代码时,需要配置 Git 仓库的登录凭据。
在 Jenkins Web 界面上,依照如下顺序进行点击:
[系统管理] -> [凭据] -> 最底部的 [System] -> [全局凭据 (unrestricted)] -> [+ Add Credentials]
凭据的类型选择:Username with password,根据具体的信息进行填写 Git 服务器的用户名和地址。
配置 Ansible 进行分发#
使用 Ansible 软件对已完成编译的业务代码包进行分发,分发过程中使用了 scp 命令,需要保证 Jenkins 服务器和业务服务器之间可以通过 SSH 协议进行通信。
在 Jenkins 服务器上安装 Ansible
yum install -y ansible
配置 ansible 软件的 hosts 文件:
vim /etc/ansible/hosts
写入如下内容:
+ [web]
+ 192.168.50.101 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"
+ 192.168.50.102 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"
其中的 192.168.50.101 和 192.168.50.102 两台为业务所在的服务器。需要保证这两台服务器可以通过 nginx 用户进行登录。
完成后,使用 Ansible Ping 模块进行测试:
ansible web -m ping
返回值为 pong 代表成功。
配置 Nginx 反向代理#
Jenkins 服务成功启动后,可以通过局域网内跳板机使用 IP:Port 来进行访问,对于外部的访问,需要配置 Nginx 反向代理,配置内容如下:
此 Nginx 配置文件配置于最外层的代理服务器上。
vim /usr/local/nginx1.27/conf/conf.d/jenkins.conf
写入如下内容:
upstream jenkins {
keepalive 32; # keepalive connections
server 127.0.0.1:8080; # jenkins ip and port
}
# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80; # Listen on port 80 for IPv4 requests
server_name jenkins.example.com; # replace 'jenkins.example.com' with your server domain name
# this is the jenkins web root directory
# (mentioned in the output of "systemctl cat jenkins")
root /var/run/jenkins/war/;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
# pass through headers from Jenkins that Nginx considers invalid
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
# rewrite all static files into requests to the root
# E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
# have nginx handle all the static requests to userContent folder
# note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
# this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
# Required for Jenkins websocket agents
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off; # Required for HTTP CLI commands
}
}
如果使用 Blue Ocean 时遇到某些路径问题,将如下代码段添加至配置文件中:
if ($request_uri ~* "/blue(/.*)") {
proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;
break;
}
Web 应用服务器#
配置 nginx 用户权限#
由于 Jenkins 需要分发已完成打包的代码包,在分发过程中,可能会涉及到 root 权限的操作行为,在执行 sudo 时需要输入密码,所以需要修改 nginx 用户的权限,使其可以免密执行 sudo 命令。
修改如下文件内容:
vim /etc/sudoers
新增如下内容:
...
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
+ nginx ALL=(ALL) NOPASSWD: ALL
...
需要保证业务服务器上 nginx 用户的存在,且可以执行登录操作,如果在创建 nginx 用户时添加了 /sbin/nologin 参数,可以进行如下操作进行恢复:
vim /etc/passwd
修改如下内容:
- nginx:x:1000:1000::/home/nginx:/sbin/nologin
+ nginx:x:1000:1000::/home/nginx:/bin/bash
安装业务需要的软件环境#
安装 JDK 8#
由于 Oracle 为了保证 JDK 的更新而强制关闭 JDK 旧版本的登录下载;所以,对于 JDK 8 的版本来说,需要我们手动从 Oracle Java 网站上下载,然后上传至服务器。这里我们将 JDK 8 的压缩包上传至服务器的 /usr/local/src/ 目录下。
cd /usr/local/src
解压缩预编译好的 JDK 8 压缩包,并移动到外层目录中:
tar -zxvf jdk-8u371-linux-x64.tar.gz
mv jdk1.8.0_371 /usr/local/jdk8
写入环境变量,便于后续打包时调用:
echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile
echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile
刷新环境变量,使其生效。
source /etc/profile
安装与配置 Supervisord#
安装 Supervisord
对于 Java 进程,如果使用 nohup 这样的命令来启动,对于业务而言并不能完整的控制和监控进程,这里我们选择使用 Supervisord 这个软件来对 Java 进程进行控制管理和监控。
下载 Supervisord 源码到 /usr/local/src 目录下:
cd /usr/local/src
wget https://files.pythonhosted.org/packages/ce/37/517989b05849dd6eaa76c148f24517544704895830a50289cbbf53c7efb9/supervisor-4.2.5.tar.gz
解压:
tar -zxvf supervisor-4.2.5.tar.gz
由于 Supervisord 是由 Python 进行编写的,需要使用 python 来进行安装:
cd /usr/local/src/supervisor-4.2.5
python3 setup.py install
安装完成后,将 supervisord 命令写入到全局变量中:
ln -sf /usr/local/bin/supervisor* /usr/bin/
ln -sf /usr/local/bin/echo_supervisord_conf /usr/bin/
写入成功后,可以通过如下命令进行版本查看:
supervisord --version
配置 Supervisord
创建 Supervisord 运行所需要的工作目录:
mkdir -p /etc/supervisord.d
mkdir -p /var/log/supervisor
mkdir -p /var/run/supervisor
创建默认配置文件 :
echo 'D /var/run/supervisor 0775 root root -' > /etc/tmpfiles.d/supervisor.conf
echo_supervisord_conf > /etc/supervisord.conf
修改配置文件内容:
...
[unix_http_server]
- file=/tmp/supervisor/supervisor.sock ; (the path to the socket file)
+ file=/var/run/supervisor/supervisor.sock ; (the path to the socket file)
[supervisorctl]
- serverurl=unix:///tmp/supervisor/supervisor.sock ; use a unix:// URL for a unix socket
+ serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket
[inet_http_server] ; inet (TCP) server disabled by default
- ;port=*:9001 ; ip_address:port specifier, *:port for all iface
+ port=*:9001 ; ip_address:port specifier, *:port for all iface
- ;username=admin ; default is no username (open server)
+ username=admin ; default is no username (open server)
- ;password=<password> ; default is no password (open server)
+ password=<password> ; default is no password (open server)
[supervisord]
- logfile=/tmp/supervisor/supervisord.log
+ logfile=/var/log/supervisor/supervisord.log
[include]
+ files = supervisord.d/*/*.ini supervisord.d/*.ini
创建 Systemd 配置文件
vim /etc/systemd/system/supervisord.service
写入如下内容:
# supervisord service for systemd (CentOS 7.0+)
# by ET-CS (https://github.com/ET-CS)
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=/usr/bin/supervisord
ExecStop=/usr/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/bin/supervisorctl $OPTIONS reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
启动 Supervisord 并配置开机自启:
systemctl daemon-reload
systemctl enable supervisord --now
根据不同的需求,使用目录分类,并根据具体业务编写如下的配置:
vim /etc/supervisord.d/${example-work}/${example-program}
写入如下内容:
Warning
根据需要替换配置文件中的变量为业务的具体值。
[program: ${example-program}]
command=/usr/local/jdk8/bin/java -jar -Xms1g -Xmx1g -Dspring.profiles.active=${env} -Dserver.port=${port} /data/contents/${example-work}/${example-program}.jar
directory=/data/contents/${example-work}/
startsecs=10
autorestart=true
startretries=3
user=root
priority=999
redirect_stderr=true
stdout_logfile_maxbytes=1GB
stdout_logfile_backups = 1
stopasgroup=false
killasgroup=false
stdout_logfile=/data/logs/${example-work}-${example-program}.log
安装 Nginx#
业务服务器上的 Nginx 仅仅提供最简单的反向代理服务,对于 SSL 证书解析、访问路由与访问频率的限制,都将其抽离至最外层代理以及 WAF 进行处理,所以仅安装最基础的功能即可。
安装 PHP#
[!TODO]