Jenkins 伺服器所需軟體列表#
運行 Jenkins 需要#
- Jenkins
- Jdk 17+ (Jenkins 運行需要)
- Nginx (可選,可以直接使用 IP + 端口的方式訪問)
業務需要#
- Maven
- 修改 Maven 源
- JDK 8 (與業務代碼所需 Java 版本一致)
- NVM (管理 NodeJS 版本)
- NodeJS 10.24.1
- NodeJS 12.22.12
- NodeJS 14.21.3
- NodeJS 16.20.2
- NodeJS 18.20.5
- NodeJS 20.18.1
- 代碼憑據配置配置(拉取代碼需要)
- SSH-Keygen
- GitLab 的賬戶密碼
- PHP (與業務代碼所需 PHP 版本一致)
- Compress
- Ansible
- 配置賬戶密碼
- 配置免密執行 sudo 命令
Jenkins 所需插件列表#
- Localization Support
- Localization (Simplified)
- Locale
- GitLab 相關
- Blue Ocean
- Role-based Authorization Strategy
- Pipeline: Stage View
- Build Pipeline
- Version Number
應用伺服器所需軟體列表#
- JDK 8(後端 Java 包運行需要)
- Nginx (前端包代理需要)
- Supervisord(後端 Java 進程管理)
- PHP
- compose
Jenkins 安裝配置#
Jenkins 伺服器#
安裝與業務一致的打包環境#
安裝 JDK 8#
由於 Oracle 為了保證 JDK 的更新而強制關閉 JDK 舊版本的登錄下載;所以,對於 JDK 8 的版本來說,需要我們手動從 Oracle Java 網站上下載,然後上傳至伺服器。這裡我們將 JDK 8 的壓縮包上傳至伺服器的 /usr/local/src/ 目錄下。
cd /usr/local/src
解壓縮預編譯好的 JDK 8 壓縮包,並移動到外層目錄中:
tar -zxvf jdk-8u371-linux-x64.tar.gz
mv jdk1.8.0_371 /usr/local/jdk8
寫入環境變量,便於後續打包時調用:
echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile
echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile
刷新環境變量,使其生效。
source /etc/profile
安裝並配置 Maven#
安裝 Maven
Maven 的下載地址如下:https://archive.apache.org/dist/maven/maven-3/
選擇最新版本進行下載即可。
對於伺服器來說,可以使用 wget 命令進行下載,對於國內的伺服器,使用清華源進行下載,這裡我們下載至 /usr/local/src 目錄下。
cd /usr/local/src
wget https://archive.apache.org/dist/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz
解壓縮預編譯好的 Maven 壓縮包,並移動到外層目錄中:
tar -zxvf apache-maven-3.9.9-bin.tar.gz
cp -r /usr/local/src/apache-maven-3.9.9 /usr/local/maven3.9
寫入環境變量,便於後續打包時調用:
echo '
PATH=$PATH:/usr/local/maven3.9/bin
export PATH' >> /etc/profile
刷新環境變量,使其生效。
source /etc/profile
配置 Maven
需要配置的內容有以下兩點:
- 修改鏡像源地址為國內源
- 配置私人鏡像源地址
修改 Maven 配置文件:
vim /usr/local/maven3.9/conf/settings.xml
添加如下內容:
...
<servers>
+ <server>
+ <id>self-hosted-nexus</id>
+ <username>${username}</username>
+ <password>${password}</password>
+ </server>
</servers>
...
<mirrors>
+ <mirror>
+ <id>self-hosted-nexus</id>
+ <mirrorOf>*</mirrorOf>
+ <name>self-hosted-nexus</name>
+ <url>${url}</url>
+ </mirror>
+ <mirror>
+ <id>aliyun-maven</id>
+ <mirrorOf>*</mirrorOf>
+ <url>https://maven.aliyun.com/repository/public/</url>
+ </mirror>
</mirrors>
...
將這裡的 ${username} 和 ${password} 替換為私有倉庫的賬戶密碼,將 ${url} 替換為可以被訪問到的地址。
安裝 NodeJS#
安裝 NVM
NVM 的下載地址如下:https://github.com/nvm-sh/nvm
選擇最新版本進行下載即可。
對於伺服器來說,可以使用 wget 命令進行下載,對於國內的伺服器,使用清華源進行下載,這裡我們下載至 /usr/local/src 目錄下。
cd /usr/local/src
wget https://github.com/nvm-sh/nvm/archive/refs/tags/v0.40.1.tar.gz -O nvm-0.40.1.tar.gz
解壓縮預編譯好的 NVM 壓縮包,並移動到外層目錄中:
tar -zxvf nvm-0.40.1.tar.gz
mv nvm-0.40.1 /usr/local/nvm0.40
添加到 Bash 的配置文件中:
echo "source /usr/local/nvm0.40/nvm.sh" >> ~/.bashrc
刷新 Bash 的配置,使其生效:
source ~/.bashrc
安裝多個版本的 NodeJS
使用 NVM 安裝 NodeJS 時,無法查詢到 NodeJS 版本,只有 io.js 版本,這是因為 NVM 無法連接至 NodeJS 版本伺服器導致的,可以指定伺服器進行版本安裝。
NVM_NODEJS_ORG_MIRROR=https://nodejs.org/dist nvm install <nodejs_version>
# or
NVM_NODEJS_ORG_MIRROR=https://npmmirror.com/mirrors/node/ nvm install <nodejs_version>
使用 NVM 安裝各個 NodeJS 穩定版:
nvm install v10.24.1
nvm install v12.22.12
nvm install v14.21.3
nvm install v16.20.2
nvm install v18.20.5
nvm install v20.18.1
安裝並配置 PHP#
[!TODO]
安裝並配置 Jenkins#
安裝 Jenkins 所需運行時#
Jenkins 新版本需要 JDK 17 及以上,這裡我們手動從 Oracle Java 網站上下載最新的 JDK 版本,然後上傳至伺服器的 /usr/local/src/ 目錄下。
cd /usr/local/src
解壓縮預編譯好的 JDK 21 壓縮包,並移動到外層目錄中:
tar -zxvf jdk-21-linux-x64.tar.gz
mv jdk21 /usr/local/jdk21
這裡我們不將 JDK 21 寫入到環境變量中,以免調用 JDK 環境打包時使用錯誤的 JDK 環境,在 Jenkins 啟動時使用絕對路徑來使用 JDK 21。
安裝 Jenkins#
下載 Jenkins 的 RedHat 發行版的安裝包,國內的伺服器使用清華源進行下載。
cd /usr/local/src
wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat/jenkins-2.491-1.1.noarch.rpm --no-check-certificate
安裝二進制安裝包
rpm -ivh jenkins-2.491-1.1.noarch.rpm
配置 Jenkins#
修改 Jenkins 的啟動配置文件
vim /usr/lib/systemd/system/jenkins.service
修改如下內容:
#
# This file is managed by systemd(1). Do NOT edit this file manually!
# To override these settings, run:
#
# systemctl edit jenkins
#
# For more information about drop-in files, see:
#
# https://www.freedesktop.org/software/systemd/man/systemd.unit.html
#
[Unit]
Description=Jenkins Continuous Integration Server
Requires=network.target
After=network.target
StartLimitBurst=5
StartLimitIntervalSec=5m
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/bin/jenkins
Restart=on-failure
SuccessExitStatus=143
# Configures the time to wait for start-up. If Jenkins does not signal start-up
# completion within the configured time, the service will be considered failed
# and will be shut down again. Takes a unit-less value in seconds, or a time span
# value such as "5min 20s". Pass "infinity" to disable the timeout logic.
#TimeoutStartSec=90
# Unix account that runs the Jenkins daemon
# Be careful when you change this, as you need to update the permissions of
# $JENKINS_HOME, $JENKINS_LOG, and (if you have already run Jenkins)
# $JENKINS_WEBROOT.
- User=jenkins
+ User=root
- Group=jenkins
+ Group=root
# Directory where Jenkins stores its configuration and workspaces
- Environment="JENKINS_HOME=/var/lib/jenkins"
+ Environment="JENKINS_HOME=/data/jenkins"
- WorkingDirectory=/var/lib/jenkins
+ WorkingDirectory=/data/jenkins
# Location of the Jenkins WAR
#Environment="JENKINS_WAR=/usr/share/java/jenkins.war"
# Location of the exploded WAR
Environment="JENKINS_WEBROOT=%C/jenkins/war"
# Location of the Jenkins log. By default, systemd-journald(8) is used.
#Environment="JENKINS_LOG=%L/jenkins/jenkins.log"
# The Java home directory. When left empty, JENKINS_JAVA_CMD and PATH are consulted.
#Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
+ Environment="JAVA_HOME=/usr/local/jdk21"
# The Java executable. When left empty, JAVA_HOME and PATH are consulted.
#Environment="JENKINS_JAVA_CMD=/etc/alternatives/java"
# Arguments for the Jenkins JVM
Environment="JAVA_OPTS=-Djava.awt.headless=true"
# Unix Domain Socket to listen on for local HTTP requests. Default is disabled.
#Environment="JENKINS_UNIX_DOMAIN_PATH=/run/jenkins/jenkins.socket"
# IP address to listen on for HTTP requests.
# The default is to listen on all interfaces (0.0.0.0).
#Environment="JENKINS_LISTEN_ADDRESS="
# Port to listen on for HTTP requests. Set to -1 to disable.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
Environment="JENKINS_PORT=8080"
# IP address to listen on for HTTPS requests. Default is disabled.
#Environment="JENKINS_HTTPS_LISTEN_ADDRESS="
# Port to listen on for HTTPS requests. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTPS_PORT=443"
# Path to the keystore in JKS format (as created by the JDK's keytool).
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE=/path/to/keystore.jks"
# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=s3cR3tPa55w0rD"
# IP address to listen on for HTTP2 requests. Default is disabled.
#Environment="JENKINS_HTTP2_LISTEN_ADDRESS="
# HTTP2 port to listen on. Default is disabled.
# To be able to listen on privileged ports (port numbers less than 1024),
# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities
# directive below.
#Environment="JENKINS_HTTP2_PORT="
# Controls which capabilities to include in the ambient capability set for the
# executed process. Takes a whitespace-separated list of capability names, e.g.
# CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. Ambient capability sets are
# useful if you want to execute a process as a non-privileged user but still
# want to give it some capabilities. For example, add the CAP_NET_BIND_SERVICE
# capability to be able to listen on privileged ports (port numbers less than
# 1024).
#AmbientCapabilities=CAP_NET_BIND_SERVICE
# Debug level for logs. The higher the value, the more verbose. 5 is INFO.
#Environment="JENKINS_DEBUG_LEVEL=5"
# Set to true to enable logging to /var/log/jenkins/access_log.
#Environment="JENKINS_ENABLE_ACCESS_LOG=false"
# Servlet context (important if you want to use reverse proxying)
#Environment="JENKINS_PREFIX=/jenkins"
# Arbitrary additional arguments to pass to Jenkins.
# Full option list: java -jar jenkins.war --help
#Environment="JENKINS_OPTS="
# Maximum core file size. If unset, the value from the OS is inherited.
#LimitCORE=infinity
# Maximum file size. If unset, the value from the OS is inherited.
#LimitFSIZE=infinity
# File descriptor limit. If unset, the value from the OS is inherited.
#LimitNOFILE=8192
# Maximum number of processes. If unset, the value from the OS is inherited.
#LimitNPROC=32768
# Set the umask to control the permission bits of files that Jenkins creates.
#
# 0027 makes files read-only for group and inaccessible for others, which some
# security sensitive users might consider beneficial, especially if Jenkins
# is running on a server that is used for multiple purposes. Beware that 0027
# permissions would interfere with sudo scripts that run on the controller
# (see JENKINS-25065).
#
# Note also that the particularly sensitive parts of $JENKINS_HOME (such as
# credentials) are always written without 'other' access. So the umask values
# only affect job configuration, build records, etc.
#
# If unset, the value from the OS is inherited, which is normally 0022.
# The default umask comes from pam_umask(8) and /etc/login.defs.
#UMask=0022
[Install]
WantedBy=multi-user.target
修改完成後,重新載入配置文件
systemctl daemon-reload
這裡修改了 Jenkins 的工作目錄在 /data 路徑下,需要手動創建該目錄:
mkdir -p /data/jenkins
創建完成後,運行 Jenkins
systemctl enable jenkins --now
使用如下命令查看運行情況:
systemctl status jenkins
運行成功後,可以在同一局域網伺服器內,通過該 Jenkins 伺服器 IP 地址 + 8080 端口號訪問 Jenkins 的 Web 界面。
默認密碼使用如下命令查看:
cat /data/jenkins/secrets/initialAdminPassword
Jenkins 默認下載源國內下載較慢,需要修改成清華源:
vim /data/jenkins/hudson.model.UpdateCenter.xml
修改如下內容:
<?xml version='1.1' encoding='UTF-8'?>
<sites>
<site>
<id>default</id>
- <url>https://updates.jenkins.io/update-center.json</url>
+ <url>https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json</url>
</site>
</sites>
在安裝完成 Jenkins 後,啟動時需要的目錄就已經生成完畢了,其中的更新地址依舊為 update.jenkins.io , 仍然需要修改為國內源:
cd /data/jenkins/updates
sed -i 's#updates.jenkins.io/download/plugins#mirrors.tuna.tsinghua.edu.cn/jenkins/plugins#g' default.json
sed -i 's#www.google.com#www.bilibili.com#g' default.json
配置代碼拉取憑據#
使用 SSH 協議拉取#
Jenkins 如果可以使用 SSH 協議進行代碼拉取,可以將本機的 SSH 的公鑰配置在 Git 伺服器上。
首先生成 SSH-Keygen,由於安全考慮,Github 已經不允許基於 RSA2048 算法的密鑰生成,這裡使用 ed25519 算法,如果伺服器無法支持該算法,可以使用 RSA4096 算法
ssh-keygen -t ed25519 -C "[email protected]"
# or
ssh-keygen -t rsa -b 4096 -C "[email protected]"
當系統提示 “輸入要存儲密鑰的文件” 時,可以使用回車結束默認文件的位置,如果之前創建過了,ssh-keygen 可能會要求你重寫密鑰,這種情況下,可以對剛剛創建的文件進行自定義命名。此時,可以修改 .gitconfig 文件,來指定使用哪個密鑰來進行代碼的拉取。這裡我們假定剛剛生成的密鑰命名為 id_rsa_gitlab 和 id_rsa_gitlab.pub
修改 ssh 的配置文件:
vim /root/.ssh/config
寫入如下內容:
Host self-hosted-gitlab
HostName gitlab.example.com
User git
IdentityFile /root/.ssh/id_rsa_gitlab
IdentitiesOnly yes
同時,需要將 id_rsa_gitlab.pub 文件中的內容配置在 GitLab 伺服器上。
使用 HTTP 協議拉取#
當不能使用 SSH 協議拉取代碼時,需要配置 Git 倉庫的登錄憑據。
在 Jenkins Web 界面上,依照如下順序進行點擊:
[系統管理] -> [憑據] -> 最底部的 [System] -> [全局憑據 (unrestricted)] -> [+ Add Credentials]
憑據的類型選擇:Username with password,根據具體的信息進行填寫 Git 伺服器的用戶名和地址。
配置 Ansible 進行分發#
使用 Ansible 軟體對已完成編譯的業務代碼包進行分發,分發過程中使用了 scp 命令,需要保證 Jenkins 伺服器和業務伺服器之間可以通過 SSH 協議進行通信。
在 Jenkins 伺服器上安裝 Ansible
yum install -y ansible
配置 ansible 軟體的 hosts 文件:
vim /etc/ansible/hosts
寫入如下內容:
+ [web]
+ 192.168.50.101 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"
+ 192.168.50.102 ansible_ssh_port=22 ansible_ssh_user=nginx ansible_ssh_pass="your_password"
其中的 192.168.50.101 和 192.168.50.102 兩台為業務所在的伺服器。需要保證這兩台伺服器可以通過 nginx 用戶進行登錄。
完成後,使用 Ansible Ping 模塊進行測試:
ansible web -m ping
返回值為 pong 代表成功。
配置 Nginx 反向代理#
Jenkins 服務成功啟動後,可以通過局域網內跳板機使用 IP:Port 來進行訪問,對於外部的訪問,需要配置 Nginx 反向代理,配置內容如下:
此 Nginx 配置文件配置於最外層的代理伺服器上。
vim /usr/local/nginx1.27/conf/conf.d/jenkins.conf
寫入如下內容:
upstream jenkins {
keepalive 32; # keepalive connections
server 127.0.0.1:8080; # jenkins ip and port
}
# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80; # Listen on port 80 for IPv4 requests
server_name jenkins.example.com; # replace 'jenkins.example.com' with your server domain name
# this is the jenkins web root directory
# (mentioned in the output of "systemctl cat jenkins")
root /var/run/jenkins/war/;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
# pass through headers from Jenkins that Nginx considers invalid
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
# rewrite all static files into requests to the root
# E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
# have nginx handle all the static requests to userContent folder
# note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
# this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
# Required for Jenkins websocket agents
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off; # Required for HTTP CLI commands
}
}
如果使用 Blue Ocean 時遇到某些路徑問題,將如下代碼段添加至配置文件中:
if ($request_uri ~* "/blue(/.*)") {
proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;
break;
}
Web 應用伺服器#
配置 nginx 用戶權限#
由於 Jenkins 需要分發已完成打包的代碼包,在分發過程中,可能會涉及到 root 權限的操作行為,在執行 sudo 時需要輸入密碼,所以需要修改 nginx 用戶的權限,使其可以免密執行 sudo 命令。
修改如下文件內容:
vim /etc/sudoers
新增如下內容:
...
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
+ nginx ALL=(ALL) NOPASSWD: ALL
...
需要保證業務伺服器上 nginx 用戶的存在,且可以執行登錄操作,如果在創建 nginx 用戶時添加了 /sbin/nologin 參數,可以進行如下操作進行恢復:
vim /etc/passwd
修改如下內容:
- nginx:x:1000:1000::/home/nginx:/sbin/nologin
+ nginx:x:1000:1000::/home/nginx:/bin/bash
安裝業務需要的軟體環境#
安裝 JDK 8#
由於 Oracle 為了保證 JDK 的更新而強制關閉 JDK 舊版本的登錄下載;所以,對於 JDK 8 的版本來說,需要我們手動從 Oracle Java 網站上下載,然後上傳至伺服器。這裡我們將 JDK 8 的壓縮包上傳至伺服器的 /usr/local/src/ 目錄下。
cd /usr/local/src
解壓縮預編譯好的 JDK 8 壓縮包,並移動到外層目錄中:
tar -zxvf jdk-8u371-linux-x64.tar.gz
mv jdk1.8.0_371 /usr/local/jdk8
寫入環境變量,便於後續打包時調用:
echo 'PATH=$PATH:/usr/local/jdk8/bin
export PATH' >> /etc/profile
echo 'JAVA_HOME=/usr/local/jdk8' >> /etc/profile
刷新環境變量,使其生效。
source /etc/profile
安裝與配置 Supervisord#
安裝 Supervisord
對於 Java 進程,如果使用 nohup 這樣的命令來啟動,對於業務而言並不能完整的控制和監控進程,這裡我們選擇使用 Supervisord 這個軟體來對 Java 進程進行控制管理和監控。
下載 Supervisord 源碼到 /usr/local/src 目錄下:
cd /usr/local/src
wget https://files.pythonhosted.org/packages/ce/37/517989b05849dd6eaa76c148f24517544704895830a50289cbbf53c7efb9/supervisor-4.2.5.tar.gz
解壓:
tar -zxvf supervisor-4.2.5.tar.gz
由於 Supervisord 是由 Python 進行編寫的,需要使用 python 來進行安裝:
cd /usr/local/src/supervisor-4.2.5
python3 setup.py install
安裝完成後,將 supervisord 命令寫入到全局變量中:
ln -sf /usr/local/bin/supervisor* /usr/bin/
ln -sf /usr/local/bin/echo_supervisord_conf /usr/bin/
寫入成功後,可以通過如下命令進行版本查看:
supervisord --version
配置 Supervisord
創建 Supervisord 運行所需要的工作目錄:
mkdir -p /etc/supervisord.d
mkdir -p /var/log/supervisor
mkdir -p /var/run/supervisor
創建默認配置文件 :
echo 'D /var/run/supervisor 0775 root root -' > /etc/tmpfiles.d/supervisor.conf
echo_supervisord_conf > /etc/supervisord.conf
修改配置文件內容:
...
[unix_http_server]
- file=/tmp/supervisor/supervisor.sock ; (the path to the socket file)
+ file=/var/run/supervisor/supervisor.sock ; (the path to the socket file)
[supervisorctl]
- serverurl=unix:///tmp/supervisor/supervisor.sock ; use a unix:// URL for a unix socket
+ serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket
[inet_http_server] ; inet (TCP) server disabled by default
- ;port=*:9001 ; ip_address:port specifier, *:port for all iface
+ port=*:9001 ; ip_address:port specifier, *:port for all iface
- ;username=admin ; default is no username (open server)
+ username=admin ; default is no username (open server)
- ;password=<password> ; default is no password (open server)
+ password=<password> ; default is no password (open server)
[supervisord]
- logfile=/tmp/supervisor/supervisord.log
+ logfile=/var/log/supervisor/supervisord.log
[include]
+ files = supervisord.d/*/*.ini supervisord.d/*.ini
創建 Systemd 配置文件
vim /etc/systemd/system/supervisord.service
寫入如下內容:
# supervisord service for systemd (CentOS 7.0+)
# by ET-CS (https://github.com/ET-CS)
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=/usr/bin/supervisord
ExecStop=/usr/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/bin/supervisorctl $OPTIONS reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
啟動 Supervisord 並配置開機自啟:
systemctl daemon-reload
systemctl enable supervisord --now
根據不同的需求,使用目錄分類,並根據具體業務編寫如下的配置:
vim /etc/supervisord.d/${example-work}/${example-program}
寫入如下內容:
Warning
根據需要替換配置文件中的變量為業務的具體值。
[program: ${example-program}]
command=/usr/local/jdk8/bin/java -jar -Xms1g -Xmx1g -Dspring.profiles.active=${env} -Dserver.port=${port} /data/contents/${example-work}/${example-program}.jar
directory=/data/contents/${example-work}/
startsecs=10
autorestart=true
startretries=3
user=root
priority=999
redirect_stderr=true
stdout_logfile_maxbytes=1GB
stdout_logfile_backups = 1
stopasgroup=false
killasgroup=false
stdout_logfile=/data/logs/${example-work}-${example-program}.log
安裝 Nginx#
業務伺服器上的 Nginx 僅僅提供最簡單的反向代理服務,對於 SSL 證書解析、訪問路由與訪問頻率的限制,都將其抽離至最外層代理以及 WAF 進行處理,所以僅安裝最基礎的功能即可。
安裝 PHP#
[!TODO]