banner
K1NG

K1NG

读书,买花,长大。

Jenkins 安裝配置教程

Jenkins 伺服器所需軟體列表#

運行 Jenkins 需要#

  • Jenkins
  • Jdk 17+ (Jenkins 運行需要)
  • Nginx (可選,可以直接使用 IP + 端口的方式訪問)

業務需要#

  • Maven
    • 修改 Maven 源
  • JDK 8 (與業務代碼所需 Java 版本一致)
  • NVM (管理 NodeJS 版本)
    • NodeJS 10.24.1
    • NodeJS 12.22.12
    • NodeJS 14.21.3
    • NodeJS 16.20.2
    • NodeJS 18.20.5
    • NodeJS 20.18.1
  • 代碼憑據配置配置(拉取代碼需要)
    • SSH-Keygen
    • GitLab 的賬戶密碼
  • PHP (與業務代碼所需 PHP 版本一致)
    • Compress
  • Ansible
    • 配置賬戶密碼
    • 配置免密執行 sudo 命令

Jenkins 所需插件列表#

  1. Localization Support
  2. Localization (Simplified)
  3. Locale
  4. GitLab 相關
  5. Blue Ocean
  6. Role-based Authorization Strategy
  7. Pipeline: Stage View
  8. Build Pipeline
  9. Version Number

應用伺服器所需軟體列表#

  • JDK 8(後端 Java 包運行需要)
  • Nginx (前端包代理需要)
  • Supervisord(後端 Java 進程管理)
  • PHP
    • compose

Jenkins 安裝配置#

Jenkins 伺服器#

安裝與業務一致的打包環境#

安裝 JDK 8#

由於 Oracle 為了保證 JDK 的更新而強制關閉 JDK 舊版本的登錄下載;所以,對於 JDK 8 的版本來說,需要我們手動從 Oracle Java 網站上下載,然後上傳至伺服器。這裡我們將 JDK 8 的壓縮包上傳至伺服器的 /usr/local/src/ 目錄下。

cd /usr/local/src

解壓縮預編譯好的 JDK 8 壓縮包,並移動到外層目錄中:

tar -zxvf jdk-8u371-linux-x64.tar.gz

mv jdk1.8.0_371 /usr/local/jdk8

寫入環境變量,便於後續打包時調用:

echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile

echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile

刷新環境變量,使其生效。

source /etc/profile
安裝並配置 Maven#
安裝 Maven

Maven 的下載地址如下:https://archive.apache.org/dist/maven/maven-3/

選擇最新版本進行下載即可。

對於伺服器來說,可以使用 wget 命令進行下載,對於國內的伺服器,使用清華源進行下載,這裡我們下載至 /usr/local/src 目錄下。

cd /usr/local/src

wget https://archive.apache.org/dist/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz

解壓縮預編譯好的 Maven 壓縮包,並移動到外層目錄中:

tar -zxvf apache-maven-3.9.9-bin.tar.gz

cp -r /usr/local/src/apache-maven-3.9.9 /usr/local/maven3.9

寫入環境變量,便於後續打包時調用:

echo '
PATH=$PATH:/usr/local/maven3.9/bin
export PATH' >> /etc/profile

刷新環境變量,使其生效。

source /etc/profile
配置 Maven

需要配置的內容有以下兩點:

  1. 修改鏡像源地址為國內源
  2. 配置私人鏡像源地址

修改 Maven 配置文件:

vim /usr/local/maven3.9/conf/settings.xml

添加如下內容:

...
<servers>
+    <server>
+        <id>self-hosted-nexus</id>
+        <username>${username}</username>
+        <password>${password}</password> 
+    </server>
</servers>

...

<mirrors>
+    <mirror>
+        <id>self-hosted-nexus</id>
+        <mirrorOf>*</mirrorOf>
+        <name>self-hosted-nexus</name>
+        <url>${url}</url>
+    </mirror>
+    <mirror>
+        <id>aliyun-maven</id>
+        <mirrorOf>*</mirrorOf>
+        <url>https://maven.aliyun.com/repository/public/</url>
+    </mirror>
</mirrors>

...

將這裡的 ${username}${password} 替換為私有倉庫的賬戶密碼,將 ${url} 替換為可以被訪問到的地址。

安裝 NodeJS#
安裝 NVM

NVM 的下載地址如下:https://github.com/nvm-sh/nvm

選擇最新版本進行下載即可。

對於伺服器來說,可以使用 wget 命令進行下載,對於國內的伺服器,使用清華源進行下載,這裡我們下載至 /usr/local/src 目錄下。

cd /usr/local/src

wget https://github.com/nvm-sh/nvm/archive/refs/tags/v0.40.1.tar.gz -O nvm-0.40.1.tar.gz

解壓縮預編譯好的 NVM 壓縮包,並移動到外層目錄中:

tar -zxvf nvm-0.40.1.tar.gz
mv nvm-0.40.1 /usr/local/nvm0.40

添加到 Bash 的配置文件中:

echo "source /usr/local/nvm0.40/nvm.sh" >> ~/.bashrc

刷新 Bash 的配置,使其生效:

source ~/.bashrc
安裝多個版本的 NodeJS

使用 NVM 安裝 NodeJS 時,無法查詢到 NodeJS 版本,只有 io.js 版本,這是因為 NVM 無法連接至 NodeJS 版本伺服器導致的,可以指定伺服器進行版本安裝。

NVM_NODEJS_ORG_MIRROR=https://nodejs.org/dist nvm install <nodejs_version>

# or

NVM_NODEJS_ORG_MIRROR=https://npmmirror.com/mirrors/node/ nvm install <nodejs_version>

使用 NVM 安裝各個 NodeJS 穩定版:

nvm install v10.24.1
nvm install v12.22.12
nvm install v14.21.3
nvm install v16.20.2
nvm install v18.20.5
nvm install v20.18.1
安裝並配置 PHP#

[!TODO]

安裝並配置 Jenkins#

安裝 Jenkins 所需運行時#

Jenkins 新版本需要 JDK 17 及以上,這裡我們手動從 Oracle Java 網站上下載最新的 JDK 版本,然後上傳至伺服器的 /usr/local/src/ 目錄下。

cd /usr/local/src

解壓縮預編譯好的 JDK 21 壓縮包,並移動到外層目錄中:

tar -zxvf jdk-21-linux-x64.tar.gz

mv jdk21 /usr/local/jdk21

這裡我們不將 JDK 21 寫入到環境變量中,以免調用 JDK 環境打包時使用錯誤的 JDK 環境,在 Jenkins 啟動時使用絕對路徑來使用 JDK 21。

安裝 Jenkins#

下載 Jenkins 的 RedHat 發行版的安裝包,國內的伺服器使用清華源進行下載。

cd /usr/local/src

wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat/jenkins-2.491-1.1.noarch.rpm --no-check-certificate

安裝二進制安裝包

rpm -ivh jenkins-2.491-1.1.noarch.rpm
配置 Jenkins#

修改 Jenkins 的啟動配置文件

vim /usr/lib/systemd/system/jenkins.service

修改如下內容:

#
# This file is managed by systemd(1). Do NOT edit this file manually!
# To override these settings, run:
#
#     systemctl edit jenkins
#
# For more information about drop-in files, see:
#
#     https://www.freedesktop.org/software/systemd/man/systemd.unit.html
#

[Unit]
Description=Jenkins Continuous Integration Server
Requires=network.target
After=network.target
StartLimitBurst=5
StartLimitIntervalSec=5m

[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/bin/jenkins
Restart=on-failure
SuccessExitStatus=143

# Configures the time to wait for start-up. If Jenkins does not signal start-up
# completion within the configured time, the service will be considered failed
# and will be shut down again. Takes a unit-less value in seconds, or a time span
# value such as "5min 20s". Pass "infinity" to disable the timeout logic.
#TimeoutStartSec=90

# Unix account that runs the Jenkins daemon
# Be careful when you change this, as you need to update the permissions of
# $JENKINS_HOME, $JENKINS_LOG, and (if you have already run Jenkins)
# $JENKINS_WEBROOT.
- User=jenkins
+ User=root
- Group=jenkins
+ Group=root

# Directory where Jenkins stores its configuration and workspaces
- Environment="JENKINS_HOME=/var/lib/jenkins"
+ Environment="JENKINS_HOME=/data/jenkins"
- WorkingDirectory=/var/lib/jenkins
+ WorkingDirectory=/data/jenkins

# Location of the Jenkins WAR
#Environment="JENKINS_WAR=/usr/share/java/jenkins.war"

# Location of the exploded WAR
Environment="JENKINS_WEBROOT=%C/jenkins/war"

# Location of the Jenkins log. By default, systemd-journald(8) is used.
#Environment="JENKINS_LOG=%L/jenkins/jenkins.log"

# The Java home directory. When left empty, JENKINS_JAVA_CMD and PATH are consulted.
#Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
+ Environment="JAVA_HOME=/usr/local/jdk21"

# The Java executable. When left empty, JAVA_HOME and PATH are consulted.
#Environment="JENKINS_JAVA_CMD=/etc/alternatives/java"

# Arguments for the Jenkins JVM
Environment="JAVA_OPTS=-Djava.awt.headless=true"

# Unix Domain Socket to listen on for local HTTP requests. Default is disabled.
#Environment="JENKINS_UNIX_DOMAIN_PATH=/run/jenkins/jenkins.socket"

# IP address to listen on for HTTP requests.
# The default is to listen on all interfaces (0.0.0.0).
#Environment="JENKINS_LISTEN_ADDRESS="

# Port to listen on for HTTP requests. Set to -1 to disable.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
Environment="JENKINS_PORT=8080"

# IP address to listen on for HTTPS requests. Default is disabled.
#Environment="JENKINS_HTTPS_LISTEN_ADDRESS="

# Port to listen on for HTTPS requests. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTPS_PORT=443"

# Path to the keystore in JKS format (as created by the JDK's keytool).
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE=/path/to/keystore.jks"

# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=s3cR3tPa55w0rD"

# IP address to listen on for HTTP2 requests. Default is disabled.
#Environment="JENKINS_HTTP2_LISTEN_ADDRESS="

# HTTP2 port to listen on. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTP2_PORT="

# Controls which capabilities to include in the ambient capability set for the
# executed process. Takes a whitespace-separated list of capability names, e.g.
# CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. Ambient capability sets are
# useful if you want to execute a process as a non-privileged user but still
# want to give it some capabilities. For example, add the CAP_NET_BIND_SERVICE
# capability to be able to listen on privileged ports (port numbers less than
# 1024).
#AmbientCapabilities=CAP_NET_BIND_SERVICE

# Debug level for logs. The higher the value, the more verbose. 5 is INFO.
#Environment="JENKINS_DEBUG_LEVEL=5"

# Set to true to enable logging to /var/log/jenkins/access_log.
#Environment="JENKINS_ENABLE_ACCESS_LOG=false"

# Servlet context (important if you want to use reverse proxying)
#Environment="JENKINS_PREFIX=/jenkins"

# Arbitrary additional arguments to pass to Jenkins.
# Full option list: java -jar jenkins.war --help
#Environment="JENKINS_OPTS="

# Maximum core file size. If unset, the value from the OS is inherited.
#LimitCORE=infinity

# Maximum file size. If unset, the value from the OS is inherited.
#LimitFSIZE=infinity

# File descriptor limit. If unset, the value from the OS is inherited.
#LimitNOFILE=8192

# Maximum number of processes. If unset, the value from the OS is inherited.
#LimitNPROC=32768

# Set the umask to control the permission bits of files that Jenkins creates.
#
# 0027 makes files read-only for group and inaccessible for others, which some
# security sensitive users might consider beneficial, especially if Jenkins
# is running on a server that is used for multiple purposes. Beware that 0027
# permissions would interfere with sudo scripts that run on the controller
# (see JENKINS-25065).
#
# Note also that the particularly sensitive parts of $JENKINS_HOME (such as
# credentials) are always written without 'other' access. So the umask values
# only affect job configuration, build records, etc.
#
# If unset, the value from the OS is inherited, which is normally 0022.
# The default umask comes from pam_umask(8) and /etc/login.defs.
#UMask=0022

[Install]
WantedBy=multi-user.target

修改完成後,重新載入配置文件

systemctl daemon-reload

這裡修改了 Jenkins 的工作目錄在 /data 路徑下,需要手動創建該目錄:

mkdir -p /data/jenkins

創建完成後,運行 Jenkins

systemctl enable jenkins --now

使用如下命令查看運行情況:

systemctl status jenkins

運行成功後,可以在同一局域網伺服器內,通過該 Jenkins 伺服器 IP 地址 + 8080 端口號訪問 Jenkins 的 Web 界面。

默認密碼使用如下命令查看:

cat /data/jenkins/secrets/initialAdminPassword

Jenkins 默認下載源國內下載較慢,需要修改成清華源:

vim /data/jenkins/hudson.model.UpdateCenter.xml

修改如下內容:

<?xml version='1.1' encoding='UTF-8'?>
<sites>
    <site>
        <id>default</id>
-       <url>https://updates.jenkins.io/update-center.json</url>
+       <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
    </site>
</sites>

在安裝完成 Jenkins 後,啟動時需要的目錄就已經生成完畢了,其中的更新地址依舊為 update.jenkins.io , 仍然需要修改為國內源:

cd /data/jenkins/updates

sed -i 's#updates.jenkins.io/download/plugins#mirrors.tuna.tsinghua.edu.cn/jenkins/plugins#g' default.json

sed -i 's#www.google.com#www.bilibili.com#g' default.json

配置代碼拉取憑據#

使用 SSH 協議拉取#

Jenkins 如果可以使用 SSH 協議進行代碼拉取,可以將本機的 SSH 的公鑰配置在 Git 伺服器上。

首先生成 SSH-Keygen,由於安全考慮,Github 已經不允許基於 RSA2048 算法的密鑰生成,這裡使用 ed25519 算法,如果伺服器無法支持該算法,可以使用 RSA4096 算法

ssh-keygen -t ed25519 -C "[email protected]"

# or

ssh-keygen -t rsa -b 4096 -C "[email protected]"

當系統提示 “輸入要存儲密鑰的文件” 時,可以使用回車結束默認文件的位置,如果之前創建過了,ssh-keygen 可能會要求你重寫密鑰,這種情況下,可以對剛剛創建的文件進行自定義命名。此時,可以修改 .gitconfig 文件,來指定使用哪個密鑰來進行代碼的拉取。這裡我們假定剛剛生成的密鑰命名為 id_rsa_gitlabid_rsa_gitlab.pub

修改 ssh 的配置文件:

vim /root/.ssh/config

寫入如下內容:

Host self-hosted-gitlab
  HostName gitlab.example.com
  User git
  IdentityFile /root/.ssh/id_rsa_gitlab
  IdentitiesOnly yes

同時,需要將 id_rsa_gitlab.pub 文件中的內容配置在 GitLab 伺服器上。

使用 HTTP 協議拉取#

當不能使用 SSH 協議拉取代碼時,需要配置 Git 倉庫的登錄憑據。

在 Jenkins Web 界面上,依照如下順序進行點擊:

[系統管理] -> [憑據] -> 最底部的 [System] -> [全局憑據 (unrestricted)] -> [+ Add Credentials]

憑據的類型選擇:Username with password,根據具體的信息進行填寫 Git 伺服器的用戶名和地址。

配置 Ansible 進行分發#

使用 Ansible 軟體對已完成編譯的業務代碼包進行分發,分發過程中使用了 scp 命令,需要保證 Jenkins 伺服器和業務伺服器之間可以通過 SSH 協議進行通信。

在 Jenkins 伺服器上安裝 Ansible

yum install -y ansible

配置 ansible 軟體的 hosts 文件:

vim /etc/ansible/hosts

寫入如下內容:

+ [web]
+ 192.168.50.101 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"
+ 192.168.50.102 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"

其中的 192.168.50.101 和 192.168.50.102 兩台為業務所在的伺服器。需要保證這兩台伺服器可以通過 nginx 用戶進行登錄。

完成後,使用 Ansible Ping 模塊進行測試:

ansible web -m ping

返回值為 pong 代表成功。

配置 Nginx 反向代理#

Jenkins 服務成功啟動後,可以通過局域網內跳板機使用 IP:Port 來進行訪問,對於外部的訪問,需要配置 Nginx 反向代理,配置內容如下:

此 Nginx 配置文件配置於最外層的代理伺服器上。

vim /usr/local/nginx1.27/conf/conf.d/jenkins.conf

寫入如下內容:

upstream jenkins {
  keepalive 32; # keepalive connections
  server 127.0.0.1:8080; # jenkins ip and port
}

# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen          80;       # Listen on port 80 for IPv4 requests

  server_name     jenkins.example.com;  # replace 'jenkins.example.com' with your server domain name

  # this is the jenkins web root directory
  # (mentioned in the output of "systemctl cat jenkins")
  root            /var/run/jenkins/war/;

  access_log      /var/log/nginx/jenkins.access.log;
  error_log       /var/log/nginx/jenkins.error.log;

  # pass through headers from Jenkins that Nginx considers invalid
  ignore_invalid_headers off;

  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
    # rewrite all static files into requests to the root
    # E.g /static/12345678/css/something.css will become /css/something.css
    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
  }

  location /userContent {
    # have nginx handle all the static requests to userContent folder
    # note : This is the $JENKINS_HOME dir
    root /var/lib/jenkins/;
    if (!-f $request_filename){
      # this file does not exist, might be a directory or a /**view** url
      rewrite (.*) /$1 last;
      break;
    }
    sendfile on;
  }

  location / {
      sendfile off;
      proxy_pass         http://jenkins;
      proxy_redirect     default;
      proxy_http_version 1.1;

      # Required for Jenkins websocket agents
      proxy_set_header   Connection        $connection_upgrade;
      proxy_set_header   Upgrade           $http_upgrade;

      proxy_set_header   Host              $http_host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size 0;

      #this is the maximum upload size
      client_max_body_size       10m;
      client_body_buffer_size    128k;

      proxy_connect_timeout      90;
      proxy_send_timeout         90;
      proxy_read_timeout         90;
      proxy_request_buffering    off; # Required for HTTP CLI commands
  }

}

如果使用 Blue Ocean 時遇到某些路徑問題,將如下代碼段添加至配置文件中:

if ($request_uri ~* "/blue(/.*)") {
    proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;
    break;
}

Web 應用伺服器#

配置 nginx 用戶權限#

由於 Jenkins 需要分發已完成打包的代碼包,在分發過程中,可能會涉及到 root 權限的操作行為,在執行 sudo 時需要輸入密碼,所以需要修改 nginx 用戶的權限,使其可以免密執行 sudo 命令。

修改如下文件內容:

vim /etc/sudoers

新增如下內容:

...

## Same thing without a password
# %wheel    ALL=(ALL)   NOPASSWD: ALL
+ nginx   ALL=(ALL)   NOPASSWD: ALL

...

需要保證業務伺服器上 nginx 用戶的存在,且可以執行登錄操作,如果在創建 nginx 用戶時添加了 /sbin/nologin 參數,可以進行如下操作進行恢復:

vim /etc/passwd

修改如下內容:

- nginx:x:1000:1000::/home/nginx:/sbin/nologin
+ nginx:x:1000:1000::/home/nginx:/bin/bash

安裝業務需要的軟體環境#

安裝 JDK 8#

由於 Oracle 為了保證 JDK 的更新而強制關閉 JDK 舊版本的登錄下載;所以,對於 JDK 8 的版本來說,需要我們手動從 Oracle Java 網站上下載,然後上傳至伺服器。這裡我們將 JDK 8 的壓縮包上傳至伺服器的 /usr/local/src/ 目錄下。

cd /usr/local/src

解壓縮預編譯好的 JDK 8 壓縮包,並移動到外層目錄中:

tar -zxvf jdk-8u371-linux-x64.tar.gz

mv jdk1.8.0_371 /usr/local/jdk8

寫入環境變量,便於後續打包時調用:

echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile

echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile

刷新環境變量,使其生效。

source /etc/profile
安裝與配置 Supervisord#
安裝 Supervisord

對於 Java 進程,如果使用 nohup 這樣的命令來啟動,對於業務而言並不能完整的控制和監控進程,這裡我們選擇使用 Supervisord 這個軟體來對 Java 進程進行控制管理和監控。

下載 Supervisord 源碼到 /usr/local/src 目錄下:

cd /usr/local/src

wget https://files.pythonhosted.org/packages/ce/37/517989b05849dd6eaa76c148f24517544704895830a50289cbbf53c7efb9/supervisor-4.2.5.tar.gz

解壓:

tar -zxvf supervisor-4.2.5.tar.gz

由於 Supervisord 是由 Python 進行編寫的,需要使用 python 來進行安裝:

cd /usr/local/src/supervisor-4.2.5

python3 setup.py install

安裝完成後,將 supervisord 命令寫入到全局變量中:

ln -sf /usr/local/bin/supervisor* /usr/bin/
ln -sf /usr/local/bin/echo_supervisord_conf /usr/bin/

寫入成功後,可以通過如下命令進行版本查看:

supervisord --version
配置 Supervisord

創建 Supervisord 運行所需要的工作目錄:

mkdir -p /etc/supervisord.d
mkdir -p /var/log/supervisor
mkdir -p /var/run/supervisor

創建默認配置文件 :

echo 'D /var/run/supervisor 0775 root root -' > /etc/tmpfiles.d/supervisor.conf
echo_supervisord_conf > /etc/supervisord.conf

修改配置文件內容:

...
[unix_http_server]
- file=/tmp/supervisor/supervisor.sock   ; (the path to the socket file)
+ file=/var/run/supervisor/supervisor.sock   ; (the path to the socket file)
[supervisorctl]
- serverurl=unix:///tmp/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket
+ serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket

[inet_http_server]         ; inet (TCP) server disabled by default
- ;port=*:9001                ; ip_address:port specifier, *:port for all iface
+ port=*:9001                ; ip_address:port specifier, *:port for all iface
- ;username=admin             ; default is no username (open server)
+ username=admin             ; default is no username (open server)
- ;password=<password>        ; default is no password (open server)
+ password=<password>        ; default is no password (open server)

[supervisord]
- logfile=/tmp/supervisor/supervisord.log
+ logfile=/var/log/supervisor/supervisord.log

[include]
+ files = supervisord.d/*/*.ini supervisord.d/*.ini

創建 Systemd 配置文件

vim /etc/systemd/system/supervisord.service

寫入如下內容:

# supervisord service for systemd (CentOS 7.0+)
# by ET-CS (https://github.com/ET-CS)
[Unit]
Description=Supervisor daemon

[Service]
Type=forking
ExecStart=/usr/bin/supervisord
ExecStop=/usr/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/bin/supervisorctl $OPTIONS reload
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

啟動 Supervisord 並配置開機自啟:

systemctl daemon-reload

systemctl enable supervisord --now

根據不同的需求,使用目錄分類,並根據具體業務編寫如下的配置:

vim /etc/supervisord.d/${example-work}/${example-program}

寫入如下內容:

Warning

根據需要替換配置文件中的變量為業務的具體值。

[program: ${example-program}]
command=/usr/local/jdk8/bin/java -jar -Xms1g -Xmx1g -Dspring.profiles.active=${env} -Dserver.port=${port} /data/contents/${example-work}/${example-program}.jar
directory=/data/contents/${example-work}/
startsecs=10
autorestart=true
startretries=3
user=root
priority=999
redirect_stderr=true
stdout_logfile_maxbytes=1GB
stdout_logfile_backups = 1
stopasgroup=false
killasgroup=false
stdout_logfile=/data/logs/${example-work}-${example-program}.log
安裝 Nginx#

業務伺服器上的 Nginx 僅僅提供最簡單的反向代理服務,對於 SSL 證書解析、訪問路由與訪問頻率的限制,都將其抽離至最外層代理以及 WAF 進行處理,所以僅安裝最基礎的功能即可。

安裝 PHP#

[!TODO]

載入中......
此文章數據所有權由區塊鏈加密技術和智能合約保障僅歸創作者所有。