server/sa-charts
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Compare commits

base: server:33daa2864b490b1096cad002d9867b9fc091ac8c
Branches Tags
server:master
server:1.0
...
compare: server:5074e9cc427919dc6002d5010abf3a526e9fafa2
Branches Tags
server:master
server:1.0

3 Commits
33daa2864b ... 5074e9cc42

Author SHA1 Message Date
yumengcheng
5074e9cc42 docker-swarm-review 2026-05-13 15:27:39 +08:00
yumengcheng
da02c6a994 Revert "docker-swarm-review" 
This reverts commit 49d2697ef4c5047934a642b0df656c5112d37509.
 2026-05-13 15:27:26 +08:00
yumengcheng
95a34b2f89 docker-swarm-review 2026-05-13 15:27:25 +08:00
128 changed files with 13062 additions and 0 deletions
Expand all files Collapse all files

15
docker-swarm-review/10.5x环境配置记录/0.使用阿里云的源.md Normal file
View File

@@ -0,0 +1,15 @@
更换yum源为阿里云的yum源因为后续Centos7可能也会停止官方的yum源支持所以需要手动更换
备份官方yum源配置文件
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
下载阿里云yum源配置文件
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
4、清除缓存生产新的缓存
yum clean all
yum makecache

92
docker-swarm-review/10.5x环境配置记录/1. 安装docker.md Normal file
View File

@@ -0,0 +1,92 @@
1、卸载旧版本
执行如下指令对旧版本进行卸载:
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
执行完毕后如果输入docker version发现docker依然还存在则说明当前机器上存在的是历史版本输入如下指令进行卸载即可
sudo yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
在卸载完毕后,也要对之前的数据进行清理(这里是默认路径,如果自己更改过的话,则需要清理自己更改后的数据所在路径):
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
2、配置仓库
这里我们可以借助yum-config-manager这个工具来实现仓库的配置在利用之前先下载一个yum工具包
sudo yum install -y yum-utils
在安装完毕后,输入如下指令进行配置:
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
接下来为了提高安装速度,我们进行配置使用国内源,输入如下指令:
### sed -i 's@//download.docker.com@//mirrors.ustc.edu.cn/docker-ce@g' /etc/yum.repos.d/docker-ce.repo
sed -i 's@//download.docker.com@//mirrors.aliyun.com/docker-ce@g' /etc/yum.repos.d/docker-ce.repo
3、安装
输入如下指令进行docker安装
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin d
设置日志大小
vim /etc/docker/daemon.json
<!--
{
"log-opts": {"max-size":"1g", "max-file":"3"},
"registry-mirrors": ["https://dockerproxy.net"]
} -->
{
"log-opts": {"max-size":"1g", "max-file":"3"},
"registry-mirrors": ["https://docker.hlmirror.com"]
}
systemctl reload docker
4、启动docker
安装完毕后,进行启动,先输入如下指令加载配置:
sudo systemctl daemon-reload
接下来启动服务:
sudo systemctl start docker
启动完毕后我们可以输入如下指令,查看是否已经启动:
systemctl status docker
systemctl enable docker
5. 停用firewalld
```
[root@ZD-CRM1 ~]# systemctl stop firewalld
[root@ZD-CRM1 ~]# systemctl disable firewalld
```
6. ulimit
ulimit -SHn 65536
vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

28
docker-swarm-review/10.5x环境配置记录/2. docker-swarm 初始化.md Normal file
View File

@@ -0,0 +1,28 @@
1. 10.51上执行 docker swarm init
```
[root@ZD-CRM1 ~]# docker swarm init
Swarm initialized: current node (pbbaiutisn0vsvwt8tfxwusev) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-2jliqh8rns5afbnzrrwr036p7c0kkj38188290at4xb35zgctg-ek7ku7qskkfiu2pl0dmu8q5v6 192.168.10.51:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
```
2. 其他机器执行上面的 docker swarm join
```
docker swarm join --token SWMTKN-1-2jliqh8rns5afbnzrrwr036p7c0kkj38188290at4xb35zgctg-ek7ku7qskkfiu2pl0dmu8q5v6 192.168.10.51:2377
```
3. 10.51上查看集群情况
```
[root@ZD-CRM1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
pbbaiutisn0vsvwt8tfxwusev * ZD-CRM1 Ready Active Leader 25.0.1
je9g46e68diiryiz1cddd7765 ZD-CRM2 Ready Active 25.0.1
fqim3l4inkscd4px8jzi9j7nc ZD-CRM3 Ready Active 25.0.1
```

101
docker-swarm-review/10.5x环境配置记录/3. 基本服务安装.md Normal file
View File

@@ -0,0 +1,101 @@
## 基础配置
### 1. 初始化网路 review
docker network create \
--driver=overlay \
--subnet=10.17.0.0/16 \
--scope swarm \
--attachable \
review
### 2. [portainer](../portainer) 管理工具
docker stack deploy --compose-file docker-compose.yml portainer
管理界面: https://192.168.10.51:9443
页面出现报错docker service update portainer_agent --force
### 3. [monitor](../monitor)
用于 grafana 监控
管理界面: 192.168.10.51:3000
admin gkxl2024#@
## 软件包
部署方法均参见文件夹内readme变量在对于的env文件。
### 1. [rabbitmq](../rabbitmq)
管理界面: 192.168.10.51:15672
内部review_rabbitmq_stats:5672,review_rabbitmq_queue1:5672,review_rabbitmq_queue2:5672
stomp-url192.168.10.51:15674
### 2. [xxl-job-adin](../xxl-job-admin)
管理界面: 192.168.10.51:9991
内部review-xxl-job-admin:8080
### 3. [nacos](../nacos-cluser)
管理界面: http://192.168.10.51:25848/nacos/
### 4. [redis](../redis-review-50)
端口192.168.10.51:6379
内部review_redis_redis-sentinel:16379
### 5. [elasticsearch](../elasticsearch)
管理界面: 192.168.10.51:5601
外部端口: 192.168.10.51:9200
内部端口: review-es-elasticsearch:9200
### 6. [log](../log)
无管理界面仅需要加载对于的volumesreview-log
### 7. [elasticsearch](../mysql-repl-tool)
管理界面: 192.168.10.51:5601
外部端口: 192.168.10.51:9200
内部端口: review-es-elasticsearch:9200
### 8. [skywalking](../skywalking)
管理界面: 192.168.10.51:18080
内部端口: review-skywalking-oap:11800
### 8. [mysql](../mysql-repl-tool)
用于 [nacos](../nacos-cluser/mysql-schema.sql)xxl-job
管理界面: 192.168.10.51:25306
内部端口: review-tool-mysql-master:3306 review-tool-mysql-salve:3306
## 其余服务
[clickhouse](../clickhouse) 应用于服务 3.123
[datart](../datart) 依赖的服务其中mysql服务bi正在使用在3.123上
[jenkins](../jenkins) 3.120上专门用于部署
[canal](../canal) 用于数据同步只clickhouse在3.120

105
docker-swarm-review/10.5x环境配置记录/portainer_template.json Normal file
View File

@@ -0,0 +1,105 @@
{
"version": "3",
"templates": [
{
"id": 52,
"type": 2,
"title": "nacos cluser",
"description": "nacos集群",
"categories": ["开发组件"],
"platform": "linux",
"logo": "",
"repository": {
"url": "https://git.sino-assist.com/sa-charts/",
"stackfile": "docker-swarm/nacos-cluser/cluster-docker-compose.yml"
},
"env": [
{
"name": "NAMESPACE",
"label": "NAMESPACE",
"default": "review"
},
{
"name": "NACOS_VERSION",
"label": "NACOS_VERSION",
"default": "v2.3.0"
},
{
"name": "NODE_PORT_11",
"label": "NODE_PORT_11",
"default": "21848"
},
{
"name": "NODE_PORT_12",
"label": "NODE_PORT_12",
"default": "22848"
},
{
"name": "NODE_PORT_13",
"label": "NODE_PORT_13",
"default": "22849"
},
{
"name": "NODE_PORT_21",
"label": "NODE_PORT_21",
"default": "23848"
},
{
"name": "NODE_PORT_22",
"label": "NODE_PORT_22",
"default": "24848"
},
{
"name": "NODE_PORT_23",
"label": "NODE_PORT_23",
"default": "24849"
},
{
"name": "NODE_PORT_31",
"label": "NODE_PORT_31",
"default": "25848"
},
{
"name": "NODE_PORT_32",
"label": "NODE_PORT_32",
"default": "26848"
},
{
"name": "NODE_PORT_33",
"label": "NODE_PORT_33",
"default": "26849"
},
{
"name": "MYSQL_SERVICE_HOST",
"label": "MYSQL_SERVICE_HOST",
"default": "review-tool-mysql-master"
},
{
"name": "MYSQL_SERVICE_USER",
"label": "MYSQL_SERVICE_USER",
"default": "zd_tool"
},
{
"name": "MYSQL_SERVICE_PASSWORD",
"label": "MYSQL_SERVICE_PASSWORD",
"default": "gkxl2024#@"
},
{
"name": "NACOS_AUTH_IDENTITY_KEY",
"label": "NACOS_AUTH_IDENTITY_KEY",
"default": "nacos"
},
{
"name": "NACOS_AUTH_IDENTITY_VALUE",
"label": "NACOS_AUTH_IDENTITY_VALUE",
"default": "gkxl2024#@"
},
{
"name": "NACOS_AUTH_TOKEN",
"label": "NACOS_AUTH_TOKEN",
"default": "OTg1NjRzZnJ0Z2RmZzIwMjQ1NTU1NTExZWZnZGVmZGVz"
}
]
}
]
}

2
docker-swarm-review/10.5x环境配置记录/前期处理.md Normal file
View File

@@ -0,0 +1,2 @@
1. redis的数据需要全部切换为无状态
2.

30
docker-swarm-review/Dockerfile Normal file
View File

@@ -0,0 +1,30 @@
FROM harbor.sino-assist.com/marsal1212/java11:latest as builder
ENV active_profile ''
ENV nacos_address ''
ENV nacos_password ''
ENV project_name ''
ENV namespace ''
ENV params '-Dserver.port=8080'
ARG FILE_JAR
ENV TZ=Asia/Shanghai
RUN cp /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
WORKDIR application
COPY $FILE_JAR application.jar
RUN java -Djarmode=layertools -jar application.jar extract
FROM harbor.sino-assist.com/marsal1212/java11:latest
WORKDIR application
VOLUME /tmp
COPY --from=builder application/dependencies/ ./
COPY --from=builder application/spring-boot-loader/ ./
COPY --from=builder application/snapshot-dependencies/ ./
COPY --from=builder application/application/ ./
#ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]
ENTRYPOINT java -javaagent:/skywalking-agent/skywalking-agent.jar -DSW_AGENT_NAMESPACE=$namespace -DSW_AGENT_COLLECTOR_BACKEND_SERVICES=${namespace}-skywalking-oap:11800 -DSW_AGENT_NAME=$project_name -Dspring.profiles.active=$active_profile -Dsa.nacos.namespace=$namespace -Dsa.nacos.password=$nacos_password -Dsa.nacos.addr=$nacos_address $params -Dfile.encoding=UTF-8 org.springframework.boot.loader.JarLauncher
#ENTRYPOINT java -javaagent:/skywalking-agent/skywalking-agent.jar -DSW_AGENT_NAMESPACE=$namespace -DSW_AGENT_COLLECTOR_BACKEND_SERVICES=${namespace}-skywalking-oap:11800 -DSW_AGENT_NAME=$project_name -Dserver.port=8080 -Dspring.profiles.active=$active_profile -Dsa.nacos.namespace=$namespace -Dsa.nacos.password=$nacos_password -Dsa.nacos.addr=$nacos_address -Dfile.encoding=UTF-8 org.springframework.boot.loader.JarLauncher

338
docker-swarm-review/build.gradle Normal file
View File

@@ -0,0 +1,338 @@
import java.time.Instant
import java.time.format.DateTimeFormatter
plugins {
id 'org.springframework.boot' version '2.7.18' apply false
id 'io.spring.dependency-management' version '1.1.0' apply false
id 'com.github.shalousun.smart-doc' version '2.6.9' apply false
id "org.sonarqube" version "4.0.0.2929"
id 'com.google.cloud.tools.jib' version '3.3.2' apply false
}
ext { // 自定义扩展 字段 这里定义版本信息
jjwtVersion = '0.11.1'
mapstructPlusVersion = '1.2.4'
jacksonVersion = '2.17.1'
woodstoxVersion = '6.6.2'
lombokVersion = '1.18.32'
guavaVersion = '33.2.0-jre'
slf4jVersion = '1.7.36'
log4jVersion = '1.2.17'
springCloudVersion = '2021.0.9'
springCloudAlibabaVersion = '2021.0.6.0'
springBootVersion = '2.7.18'
junitVersion = '5.9.3'
skywalkingVersion = '8.15.0'
canalVersion = '1.1.5'
mysqlVersion = '8.0.27'
colaVersion = '4.0.1'
pagehelperVersion = '1.4.7'
smartDocVersion = '2.6.9'
hibernateValidatorVersion = '8.0.1.Final'
javaxAnnotationVersion = '1.3.2'
prometheusVersion = '1.10.4'
minioVersion = '8.5.4'
easyexcelVersion = '3.3.1'
hutoolVersion = '5.8.18'
zxingVersion = '3.4.0'
shardingsphereVersion = '5.2.1'
snakeyamlVersion = '1.33'
oauth2AuthorizationServerVersion = '0.4.1'
springSecurityVersion = '5.8.2'
wxJavaVersion = '4.4.0'
bootAdminVersion = '2.7.15'
fastjsonVersion = '1.2.83'
curvesapiVersion = '1.06'
jeepayVersion = '1.5.0'
}
//配置所有项目公共内容
allprojects {
group 'com.sa'
version '1.1-SNAPSHOT'
//配置仓库
repositories {
maven {
url 'https://maven.aliyun.com/repository/public'
}
maven {
url 'https://oss.sonatype.org/content/groups/public/'
}
maven {
url 'https://maven.sino-assist.com/repository/thirdparty/'
}
mavenLocal()
mavenCentral()
}
}
def pomProjects = ['starters', 'infra-config', 'job', 'interface', 'infra', 'infra', 'admin', 'search', 'doc', 'commons', 'ns']
def bootRunProjects = [
'data-search', 'gps-data', 'data-statistics', 'data-report', 'boot-admin',
'zgs-manager', 'return-order', 'aggregation', 'api-gate', 'sa-uaa', 'supplier-setting',
'finance-connector', 'sa-gateway', 'export-app', 'sa-response', 'sa-api',
'sa-app', 'sa-admin', 'gps-pass', 'file-oss', 'supplier-app','call-center','toc-user-client','supplier-manage'
]
static def getMainClass(project) {
if (project.hasProperty('mainClassName')) {
return project.mainClassName
} else {
return null
}
}
//配置子工程
subprojects {
if (!pomProjects.contains(it.name)) {
apply plugin: "io.spring.dependency-management"
apply plugin: "java"
// 设置编码格式
tasks.withType(JavaCompile).configureEach {
options.encoding = "UTF-8"
java {
sourceCompatibility = "8"
targetCompatibility = "8"
}
}
dependencyManagement {
resolutionStrategy {
cacheChangingModulesFor 0, 'seconds'
}
imports {
mavenBom "com.alibaba.cloud:spring-cloud-alibaba-dependencies:${springCloudAlibabaVersion}"
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
mavenBom "org.springframework.boot:spring-boot-dependencies:${springBootVersion}"
mavenBom "com.fasterxml.jackson:jackson-bom:${jacksonVersion}"
// mavenBom "org.springframework.security:spring-security-bom:${springSecurityVersion}"
}
dependencies {
dependency "org.slf4j:slf4j-api:${slf4jVersion}"
dependency "log4j:log4j:${log4jVersion}"
dependency "com.alibaba.otter:canal.client:${canalVersion}"
dependency "com.alibaba.otter:canal.protocol:${canalVersion}"
dependency "mysql:mysql-connector-java:${mysqlVersion}"
dependency "com.github.pagehelper:pagehelper-spring-boot-starter:${pagehelperVersion}"
dependency "com.github.shalousun:smart-doc:${smartDocVersion}"
dependency "org.hibernate:hibernate-validator:${hibernateValidatorVersion}"
dependency "javax.annotation:javax.annotation-api:${javaxAnnotationVersion}"
dependency "org.projectlombok:lombok:${lombokVersion}"
dependency "io.micrometer:micrometer-registry-prometheus:${prometheusVersion}"
dependency "io.minio:minio:${minioVersion}"
dependency "com.alibaba:easyexcel:${easyexcelVersion}"
dependency "com.alibaba:easyexcel-core:${easyexcelVersion}"
dependency "cn.hutool:hutool-core:${hutoolVersion}"
dependency "cn.hutool:hutool-all:${hutoolVersion}"
dependency "com.alibaba:fastjson:${fastjsonVersion}"
dependency "com.google.zxing:core:${zxingVersion}"
dependency "com.google.zxing:javase:${zxingVersion}"
dependency "org.yaml:snakeyaml:${snakeyamlVersion}"
dependency "org.apache.shardingsphere:shardingsphere-jdbc-core-spring-boot-starter:${shardingsphereVersion}"
dependency "org.springframework.security:spring-security-oauth2-authorization-server:${oauth2AuthorizationServerVersion}"
dependency "com.github.binarywang:weixin-java-pay:${wxJavaVersion}"
dependency "com.github.binarywang:weixin-java-miniapp:${wxJavaVersion}"
dependency "de.codecentric:spring-boot-admin-starter-client:${bootAdminVersion}"
dependency "com.github.binarywang:weixin-java-mp:${wxJavaVersion}"
dependency "com.jeequan:jeepay-sdk-java:${jeepayVersion}"
dependency "com.google.guava:guava:${guavaVersion}"
dependency "org.apache.skywalking:apm-toolkit-logback-1.x:${skywalkingVersion}"
dependency "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
dependency "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
dependency "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
dependency "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:${jacksonVersion}"
dependency "com.fasterxml.jackson.dataformat:jackson-dataformat-smile:${jacksonVersion}"
dependency "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${jacksonVersion}"
dependency "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${jacksonVersion}"
dependency "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${jacksonVersion}"
dependency "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${jacksonVersion}"
dependency "com.fasterxml.jackson.module:jackson-module-parameter-names:${jacksonVersion}"
dependency "com.fasterxml.woodstox:woodstox-core:${woodstoxVersion}"
dependency "com.github.virtuald:curvesapi:${curvesapiVersion}"
dependency "com.google.errorprone:error_prone_annotations:2.11.0"
dependency "com.google.protobuf:protobuf-java:3.17.1"
dependency "com.nimbusds:nimbus-jose-jwt:9.24.4"
dependency "com.squareup.okhttp3:okhttp:4.9.3"
dependency "com.squareup.okio:okio:2.8.0"
dependency "commons-codec:commons-codec:1.15"
dependency "commons-collections:commons-collections:3.2.2"
dependency "commons-fileupload:commons-fileupload:1.4"
dependency "commons-logging:commons-logging:1.2"
dependency "commons-io:commons-io:2.11.0"
dependency "commons-lang:commons-lang:2.6"
dependency 'commons-beanutils:commons-beanutils:1.9.4'
dependency "net.java.dev.jna:jna:5.10.0"
dependency "org.apache.commons:commons-pool2:2.11.1"
dependency "org.apache.commons:commons-compress:1.23.0"
dependency "org.apache.httpcomponents:httpclient:4.5.14"
dependency "org.apache.httpcomponents:httpmime:4.5.14"
dependency "org.apache.groovy:groovy:4.0.21"
dependency "org.apache.poi:poi:4.1.2"
dependency "org.apache.poi:poi-ooxml:4.1.2"
dependency "org.apache.poi:poi-ooxml-schemas:4.1.2"
dependency "org.apache.poi:poi-scratchpad:4.1.2"
dependency "org.bouncycastle:bcprov-jdk15on:1.70"
dependency "org.bouncycastle:bcpkix-jdk15on:1.70"
dependency "org.mybatis:mybatis:3.5.14"
dependency "org.mybatis:mybatis-spring:2.1.2"
dependency "org.ow2.ams:asm:9.3"
dependency "org.objenesis:objenesis:3.2"
dependency "org.beust:jcommander:1.82"
}
}
dependencies {
compileOnly "com.google.guava:guava"
compileOnly "cn.hutool:hutool-all"
compileOnly "org.projectlombok:lombok:${lombokVersion}"
annotationProcessor "org.projectlombok:lombok:${lombokVersion}"
testCompileOnly "org.projectlombok:lombok:${lombokVersion}"
testAnnotationProcessor "org.projectlombok:lombok:${lombokVersion}"
compileOnly "io.github.linpeilie:mapstruct-plus:${mapstructPlusVersion}"
annotationProcessor "io.github.linpeilie:mapstruct-plus-processor:${mapstructPlusVersion}"
testCompileOnly "io.github.linpeilie:mapstruct-plus:${mapstructPlusVersion}"
testAnnotationProcessor "io.github.linpeilie:mapstruct-plus-processor:${mapstructPlusVersion}"
}
}
if (it.name.contains("-starter")) {
apply plugin: "java-library"
}
if (bootRunProjects.contains(it.name)) {
apply plugin: "java"
apply plugin: "idea"
apply plugin: "org.springframework.boot"
apply plugin: 'com.github.shalousun.smart-doc'
apply plugin: 'com.google.cloud.tools.jib'
smartdoc {
configFile = file("src/main/resources/smart-doc.json")
exclude 'org.springframework.boot:spring-boot-starter-tomcat'
exclude 'org.springframework.boot.*'
exclude 'com.xuxueli:xxl-job-core:*'
exclude 'com.alibaba:easyexcel-core:*'
exclude 'org.apache.*'
}
//配置子模块依赖
dependencies {
implementation "org.apache.skywalking:apm-toolkit-logback-1.x"
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation "org.junit.jupiter:junit-jupiter-api:${junitVersion}"
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitVersion}"
}
sourceSets {
main {
resources {
srcDirs("${rootProject.projectDir}/doc/spring-cloud-config")
}
}
}
test {
useJUnitPlatform()
}
jib{
String imageName = "harbor.sino-assist.com/marsal1212/java11:latest"
from{
image = imageName
}
to{
image = "harbor.sino-assist.com/sa-server/${project.name}:${project.properties.get('docker_version')}"
}
container{
environment = [active_profile:'dev', nacos_address:'', nacos_password:'nacos', project_name:"", namespace:"", params: "", nativeIp: "", limitMemory: "1G", reservationsMemory: "1G"]
creationTime = DateTimeFormatter.ISO_INSTANT.format(Instant.now())
entrypoint = ["/bin/sh", "-c",
'java -javaagent:/skywalking-agent/skywalking-agent.jar -Dskywalking.trace.ignore_path=/actuator,/actuator/* ' +
' -DSW_AGENT_COLLECTOR_BACKEND_SERVICES=${namespace}-skywalking-oap:11800 -DSW_AGENT_NAME=$project_name ' +
' -DSW_AGENT_INSTANCE_NAME=$project_name:${nativeIp} -Dspring.cloud.nacos.discovery.metadata.ip=${nativeIp} ' +
' -Dspring.devtools.add-properties=false -Xms${reservationsMemory} -Xmx${limitMemory}' +
' -Dserver.port=8080 -Dspring.profiles.active=$active_profile -Dsa.nacos.namespace=$namespace ' +
' -Dsa.nacos.password=$nacos_password -Dsa.nacos.addr=$nacos_address $params -Dfile.encoding=UTF-8 ' +
' -cp @/app/jib-classpath-file @/app/jib-main-class-file'
]
}
}
afterEvaluate {
bootJar {
layered {
application {
intoLayer("spring-boot-loader") {
include "org/springframework/boot/loader/**"
}
intoLayer("application")
}
dependencies {
intoLayer("application") {
includeProjectDependencies()
}
intoLayer("snapshot-dependencies") {
include "*:*:*SNAPSHOT*"
}
intoLayer("dependencies")
}
layerOrder = ["dependencies", "spring-boot-loader", "snapshot-dependencies", "application"]
}
}
}
}
}
// 在文件底部更新gradle wrapper的版本
task updateWrapper(type: UpdateWrapper) {
gradleVersion = '8.7'
}
// 自定义任务用于更新wrapper
class UpdateWrapper extends DefaultTask {
@Input
String gradleVersion
@TaskAction
void update() {
File wrapperDir = new File(project.getProjectDir(), "gradle/wrapper")
File propertiesFile = new File(wrapperDir, "gradle-wrapper.properties")
Properties properties = new Properties()
propertiesFile.withInputStream { input ->
properties.load(input)
}
properties.setProperty("distributionUrl", "https://services.gradle.org/distributions/gradle-$gradleVersion-bin.zip")
properties.setProperty("distributionSha256Sum", "some-sha-sum") // 这里填写正确的SHA-256校验和
propertiesFile.withOutputStream { output ->
properties.store(output, null)
}
File wrapperJar = new File(wrapperDir, "gradle-wrapper.jar")
if (wrapperJar.exists()) {
wrapperJar.delete()
}
}
}

9
docker-swarm-review/canal/README Normal file
View File

@@ -0,0 +1,9 @@
# crm1环境下 部署canal
docker network create --driver overlay review
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_canal
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_canal

33
docker-swarm-review/canal/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
db:
image: canal/canal-server:v1.1.5
environment:
- TZ=Asia/Shanghai
- canal.instance.master.address=${canal_instance_master_address}
- canal.instance.dbUsername=${canal_instance_dbUsername}
- canal.instance.dbPassword=${canal_instance_dbPassword}
- canal.instance.gtidon=false
- canal.instance.connectionCharset=UTF-8
- canal.instance.tsdb.enable=true
- canal.instance.enableDruid=false
- canal.instance.filter.regex=${canal_instance_filter_regex}
- canal.instance.parser.parallel=true
- canal.serverMode=rabbitMQ
- canal.mq.topic=${canal_mq_topic}
- rabbitmq.host=${rabbitmq_host}
- rabbitmq.exchange=${rabbitmq_exchange}
- rabbitmq.username=${rabbitmq_username}
- rabbitmq.password=${rabbitmq_password}
- rabbitmq.virtual.host=${rabbitmq_virtual_host}
deploy:
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_canal==1

11
docker-swarm-review/canal/env_crm1 Normal file
View File

@@ -0,0 +1,11 @@
NAMESPACE=crm1
canal_instance_master_address=crm_mysql_db:3306
canal_instance_dbUsername=root
canal_instance_dbPassword=gkxl650
canal_instance_filter_regex=zd_rescue\\.user_order_20.*,zd_rescue\\.task_order_20.*,zd_rescue\\.task_order_cost_20.*,zd_rescue\\.supplier_account_record_20.*,zd_rescue\\.customer_order_account_20.*,zd_rescue\\.customer_order_relation_20.*
canal_mq_topic=canal_mysql_bin
rabbitmq_host=crm1_rabbitmq_stats:5672
rabbitmq_exchange=canal_exchange
rabbitmq_username=root
rabbitmq_password=gkxl650
rabbitmq_virtual_host=canal

11
docker-swarm-review/canal/env_review Normal file
View File

@@ -0,0 +1,11 @@
NAMESPACE=review
canal_instance_master_address=192.168.3.123:3306
canal_instance_dbUsername=repl
canal_instance_dbPassword=nczl@sino_db
canal_instance_filter_regex=zd_rescue.user_order_20.*,zd_rescue.task_order_20.*,zd_rescue.task_order_cost_20.*,zd_rescue.supplier_account_record_20.*,zd_rescue.customer_order_account_20.*,zd_rescue.customer_order_relation_20.*,zd_rescue.order_lowest_record
canal_mq_topic=canal_mysql_bin
rabbitmq_host=review-rabbitmq-stats:5672
rabbitmq_exchange=canal_exchange
rabbitmq_username=root
rabbitmq_password=gkxl650
rabbitmq_virtual_host=review

7
docker-swarm-review/clickhouse/README Normal file
View File

@@ -0,0 +1,7 @@
# crm1环境下 部署clickhouse
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_clickhouse
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_clickhouse

36
docker-swarm-review/clickhouse/docker-compose.yml Normal file
View File

@@ -0,0 +1,36 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
db:
image: docker.io/bitnami/clickhouse:23
ports:
- '${NODE_PORT}:8123'
environment:
- TZ=Asia/Shanghai
- CLICKHOUSE_ADMIN_USER=${CLICKHOUSE_ADMIN_USER}
- CLICKHOUSE_ADMIN_PASSWORD=${CLICKHOUSE_ADMIN_PASSWORD}
volumes:
- 'data_db:/bitnami/clickhouse'
- 'data_config:/opt/bitnami/clickhouse/etc'
deploy:
update_config:
order: start-first
resources:
limits:
cpus: "8"
memory: 24G
reservations:
cpus: "2"
memory: 12G
placement:
constraints:
- node.labels.${NAMESPACE}_clickhouse==1
volumes:
data_db:
driver: local
data_config:
driver: local

4
docker-swarm-review/clickhouse/env_crm1 Normal file
View File

@@ -0,0 +1,4 @@
NAMESPACE=crm1
NODE_PORT=8123
CLICKHOUSE_ADMIN_USER=default
CLICKHOUSE_ADMIN_PASSWORD=gkxl650

4
docker-swarm-review/clickhouse/env_review Normal file
View File

@@ -0,0 +1,4 @@
NAMESPACE=review
NODE_PORT=8123
CLICKHOUSE_ADMIN_USER=default
CLICKHOUSE_ADMIN_PASSWORD=gkxl650

10
docker-swarm-review/datart/README Normal file
View File

@@ -0,0 +1,10 @@
# crm1环境下 部署redis sentinel
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_redis
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_datart
java -Dspring.profiles.active=review -Xms512M -Dsa.nacos.namespace=review -Dspring.cloud.nacos.config.server-addr=192.168.10.12:8848 -Dspring.cloud.nacos.discovery.server-addr=192.168.10.12:8848 -Dfile.encoding=UTF-8 -jar /zd/gps/zhongdao-gps.jar

89
docker-swarm-review/datart/docker-compose.yml Normal file
View File

@@ -0,0 +1,89 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
redis:
image: 'bitnami/redis:7.0.11'
environment:
- TZ=Asia/Shanghai
- REDIS_REPLICATION_MODE=master
- REDIS_PASSWORD=${REDIS_PASSWORD}
ports:
- '${REDIS_PORT}:6379'
deploy:
update_config:
order: start-first
resources:
limits:
cpus: "1"
memory: 1G
reservations:
cpus: "0.1"
memory: 200M
placement:
constraints:
- node.labels.${NAMESPACE}_datart==1
db:
image: docker.io/bitnami/mysql:8.0
ports:
- '${MYSQL_PORT}:3306'
environment:
- TZ=Asia/Shanghai
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_ENABLE_SLOW_QUERY=0
- MYSQL_LONG_QUERY_TIME=10
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_AUTHENTICATION_PLUGIN=mysql_native_password
volumes:
- 'mysql:/bitnami/mysql/data'
healthcheck:
test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh']
interval: 15s
timeout: 5s
retries: 6
configs:
- source: my_conf
target: /opt/bitnami/mysql/conf/my_custom.cnf
deploy:
resources:
limits:
cpus: "2"
memory: 2G
reservations:
cpus: "0.1"
memory: 500M
placement:
constraints:
- node.labels.${NAMESPACE}_datart==1
chrome:
image: 'selenium/standalone-chrome:latest'
environment:
- TZ=Asia/Shanghai
ports:
- '${CHROME_PORT}:4444'
deploy:
resources:
limits:
cpus: "2"
memory: 6G
reservations:
cpus: "1"
memory: 2G
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_datart==1
volumes:
mysql:
driver: local
configs:
my_conf:
file: ./my.conf

9
docker-swarm-review/datart/env_crm1 Normal file
View File

@@ -0,0 +1,9 @@
NAMESPACE=crm1
REDIS_PORT=16379
REDIS_PASSWORD=gkxl650
MYSQL_PORT=13306
MYSQL_ROOT_PASSWORD=gkxl650
MYSQL_DATABASE=datart
MYSQL_USER=datart
MYSQL_PASSWORD=gkxl650
CHROME_PORT=14444

9
docker-swarm-review/datart/env_review Normal file
View File

@@ -0,0 +1,9 @@
NAMESPACE=review
REDIS_PORT=16379
REDIS_PASSWORD=gkxl650
MYSQL_PORT=13306
MYSQL_ROOT_PASSWORD=gkxl650
MYSQL_DATABASE=datart
MYSQL_USER=datart
MYSQL_PASSWORD=gkxl650
CHROME_PORT=14444

6
docker-swarm-review/datart/my.conf Normal file
View File

@@ -0,0 +1,6 @@
[mysqld]
max_allowed_packet=64M
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
log-bin=mysql-bin # 开启 binlog
binlog-format=ROW # 选择 ROW 模式
server_id=123

9
docker-swarm-review/elasticsearch/README Normal file
View File

@@ -0,0 +1,9 @@
# crm1环境下 部署 单机 es
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_es --with-registry-auth
# review环境下 部署 单机 es 仅用于日志
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_log_es --with-registry-auth

48
docker-swarm-review/elasticsearch/docker-compose.yml Normal file
View File

@@ -0,0 +1,48 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
elasticsearch:
image: docker.io/bitnami/elasticsearch:8.13.4
hostname: ${NAMESPACE}-es-elasticsearch
ports:
- '${NODE_PORT}:9200'
- '${NODE_PORT_2}:9300'
environment:
- TZ=Asia/Shanghai
- ELASTICSEARCH_HEAP_SIZE=8192m
volumes:
- '/mnt/data/volumes/elasticsearch:/bitnami/elasticsearch/data'
- '/mnt/data/volumes/elasticsearch-plugins:/opt/bitnami/elasticsearch/plugins'
deploy:
placement:
constraints:
- node.labels.${NAMESPACE}_es==1
kibana:
image: docker.io/bitnami/kibana:8.13.4
hostname: ${NAMESPACE}-es-kibana
ports:
- "${NODE_PORT_KIBANA}:5601"
volumes:
- "/mnt/data/volumes/kibana/data:/bitnami/kibana/data"
- "/mnt/data/volumes/kibana/config:/opt/bitnami/kibana/config"
environment:
- TZ=Asia/Shanghai
- KIBANA_ELASTICSEARCH_URL=${NAMESPACE}-es-elasticsearch
depends_on:
- elasticsearch
deploy:
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_es==1
# volumes:
# data_db:
# driver: local
# kibana_data:
# driver: local

4
docker-swarm-review/elasticsearch/env_crm1 Normal file
View File

@@ -0,0 +1,4 @@
NAMESPACE=crm1
NODE_PORT=9200
NODE_PORT_2=9300
NODE_PORT_KIBANA=5601

4
docker-swarm-review/elasticsearch/env_review Normal file
View File

@@ -0,0 +1,4 @@
NAMESPACE=review
NODE_PORT=9200
NODE_PORT_2=9300
NODE_PORT_KIBANA=5601

191
docker-swarm-review/elasticsearch/kibana.yml Normal file
View File

@@ -0,0 +1,191 @@
# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false
# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""
# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"
# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024
# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug
# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
# type: file
# fileName: /var/logs/kibana.log
# layout:
# type: json
# Example with size based log rotation
#logging.appenders.default:
# type: rolling-file
# fileName: /var/logs/kibana.log
# policy:
# type: size-limit
# size: 256mb
# strategy:
# type: numeric
# max: 10
# layout:
# type: json
# Logs queries sent to Elasticsearch.
#logging.loggers:
# - name: elasticsearch.query
# level: debug
# Logs http responses.
#logging.loggers:
# - name: http.server.response
# level: debug
# Logs system usage information.
#logging.loggers:
# - name: metrics.ops
# level: debug
# Enables debug logging on the browser (dev console)
#logging.browser.root:
# level: debug
# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data
# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
i18n.locale: "zh-CN"
# =================== Frequently used (Optional)===================
# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.
# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000
# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch clusters `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb
# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15
# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000
# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000
path:
data: /bitnami/kibana/data
pid:
file: /opt/bitnami/kibana/tmp/kibana.pid
server:
host: 0.0.0.0
port: 5601
elasticsearch:
hosts: http://review-es-elasticsearch:9200

15
docker-swarm-review/elasticsearch/node.options Normal file
View File

@@ -0,0 +1,15 @@
## Node command line options
## See `node --help` and `node --v8-options` for available options
## Please note you should specify one option per line
## max size of old space in megabytes
#--max-old-space-size=4096
## do not terminate process on unhandled promise rejection
--unhandled-rejections=warn
## restore < Node 16 default DNS lookup behavior
--dns-result-order=ipv4first
## enable OpenSSL 3 legacy provider
--openssl-legacy-provider

28
docker-swarm-review/fastdfs/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
version: '3'
services:
tracker:
container_name: tracker
image: harbor.sino-assist.com/ygqygq2/fastdfs-nginx:latest
command: tracker
network_mode: host
volumes:
- /data/tracker:/var/fdfs
ports:
- 22122:22122
storage0:
container_name: storage0
image: harbor.sino-assist.com/ygqygq2/fastdfs-nginx:latest
command: storage
network_mode: host
extra_hosts:
- "tracker:192.168.3.125"
environment:
- TRACKER_SERVER=tracker:22122
volumes:
- /data/storage0:/var/fdfs
- ./conf.d:/nginx_conf/conf.d
depends_on:
- tracker
## https://github.com/ygqygq2/fastdfs-nginx

9
docker-swarm-review/jenkins/README Normal file
View File

@@ -0,0 +1,9 @@
# crm1环境下 部署canal
docker network create --driver overlay review
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_canal
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_canal

16
docker-swarm-review/jenkins/docker-compose.yml Normal file
View File

@@ -0,0 +1,16 @@
version: '3.8'
networks:
jenkins:
external: false
services:
jenkins:
image: harbor.sino-assist.com/marsal1212/jenkins:latest
environment:
- TZ=Asia/Shanghai
networks:
- 'jenkins'
volumes:
- './jenkins_home:/var/jenkins_home'
ports:
- 8081:8080

11
docker-swarm-review/jenkins/env_crm1 Normal file
View File

@@ -0,0 +1,11 @@
NAMESPACE=crm1
canal_instance_master_address=crm_mysql_db:3306
canal_instance_dbUsername=root
canal_instance_dbPassword=gkxl650
canal_instance_filter_regex=zd_rescue\\.user_order_20.*,zd_rescue\\.task_order_20.*,zd_rescue\\.task_order_cost_20.*,zd_rescue\\.supplier_account_record_20.*,zd_rescue\\.customer_order_account_20.*,zd_rescue\\.customer_order_relation_20.*
canal_mq_topic=canal_mysql_bin
rabbitmq_host=crm1_rabbitmq_stats:5672
rabbitmq_exchange=canal_exchange
rabbitmq_username=root
rabbitmq_password=gkxl650
rabbitmq_virtual_host=canal

11
docker-swarm-review/jenkins/env_review Normal file
View File

@@ -0,0 +1,11 @@
NAMESPACE=review
canal_instance_master_address=192.168.10.10:3306
canal_instance_dbUsername=repl
canal_instance_dbPassword=nczl@sino_db
canal_instance_filter_regex=zd_rescue\\.user_order_20.*,zd_rescue\\.task_order_20.*,zd_rescue\\.task_order_cost_20.*,zd_rescue\\.supplier_account_record_20.*,zd_rescue\\.customer_order_account_20.*,zd_rescue\\.customer_order_relation_20.*
canal_mq_topic=canal_mysql_bin
rabbitmq_host=192.168.3.110:5672
rabbitmq_exchange=canal_exchange
rabbitmq_username=root
rabbitmq_password=gkxl650
rabbitmq_virtual_host=review

15
docker-swarm-review/log/README Normal file
View File

@@ -0,0 +1,15 @@
# es index生命周期参考 https://developer.aliyun.com/article/793119为索引配置索引模板即可索引模板中添加ilm
# {
# "index": {
# "lifecycle": {
# "name": "90-days-default"
# }
# }
# }
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_log --with-registry-auth
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_log --with-registry-auth

52
docker-swarm-review/log/docker-compose.yml Normal file
View File

@@ -0,0 +1,52 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
logstash:
image: docker.elastic.co/logstash/logstash:8.13.4
hostname: ${NAMESPACE}-log-logstash
ports:
- '${NODE_PORT}:5044'
environment:
- TZ=Asia/Shanghai
configs:
- source: logstash_conf
target: /usr/share/logstash/pipeline/my.conf
logging:
driver: json-file
options:
max-size: "500m"
max-file: "3"
deploy:
placement:
constraints:
- node.labels.${NAMESPACE}_es==1
filebeat:
image: docker.elastic.co/beats/filebeat:8.13.4
volumes:
- "kibana_data:/bitnami/kibana"
environment:
- TZ=Asia/Shanghai
- LOGSTASH_URL=${NAMESPACE}-log-logstash:5044
- KIBANA_HOSTS=${NAMESPACE}-es-kibana
configs:
- source: filebeat_conf
target: /usr/share/filebeat/filebeat.yml
volumes:
- ${NAMESPACE}_logs:/logs
deploy:
update_config:
order: start-first
mode: global
placement:
constraints: [node.platform.os == linux]
configs:
logstash_conf:
file: ./logstash.conf
filebeat_conf:
file: ./filebeat.yml
volumes:
${NAMESPACE}_logs:
external: true

2
docker-swarm-review/log/env_crm1 Normal file
View File

@@ -0,0 +1,2 @@
NAMESPACE=crm1
NODE_PORT=5045

2
docker-swarm-review/log/env_review Normal file
View File

@@ -0,0 +1,2 @@
NAMESPACE=review
NODE_PORT=5044

16
docker-swarm-review/log/filebeat.yml Normal file
View File

@@ -0,0 +1,16 @@
filebeat.inputs:
- type: filestream
id: new-sino-log
paths:
- "/logs/*/*.log"
parsers:
- multiline:
type: pattern
pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
negate: true
match: after
setup.kibana.host: "${KIBANA_HOSTS:kibana:5601}"
output.logstash:
hosts: '${LOGSTASH_URL:logstash:5044}'

90
docker-swarm-review/log/jvm.options Normal file
View File

@@ -0,0 +1,90 @@
## JVM configuration
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms1g
-Xmx1g
################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################
## GC configuration
11-13:-XX:+UseConcMarkSweepGC
11-13:-XX:CMSInitiatingOccupancyFraction=75
11-13:-XX:+UseCMSInitiatingOccupancyOnly
## Locale
# Set the locale language
#-Duser.language=en
# Set the locale country
#-Duser.country=US
# Set the locale variant, if any
#-Duser.variant=
## basic
# set the I/O temp directory
#-Djava.io.tmpdir=$HOME
# set to headless, just in case
-Djava.awt.headless=true
# ensure UTF-8 encoding by default (e.g. filenames)
-Dfile.encoding=UTF-8
# use our provided JNA always versus the system one
#-Djna.nosys=true
# Turn on JRuby invokedynamic
-Djruby.compile.invokedynamic=true
## heap dumps
# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps
# ensure the directory exists and has sufficient space
#-XX:HeapDumpPath=${LOGSTASH_HOME}/heapdump.hprof
## GC logging
#-Xlog:gc*,gc+age=trace,safepoint:file=@loggc@:utctime,pid,tags:filecount=32,filesize=64m
# log GC status to a file with time stamps
# ensure the directory exists
#-Xloggc:${LS_GC_LOG_FILE}
# Entropy source for randomness
-Djava.security.egd=file:/dev/urandom
# Copy the logging context from parent threads to children
-Dlog4j2.isThreadContextMapInheritable=true
# FasterXML/jackson defaults
#
# Sets the maximum string length (in chars or bytes, depending on input context).
# This limit is not exact and an exception will happen at sizes greater than this limit.
# Some text values that are a little bigger than the limit may be treated as valid but no
# text values with sizes less than or equal to this limit will be treated as invalid.
# This value should be higher than `logstash.jackson.stream-read-constraints.max-number-length`.
# The jackson library defaults to 20000000 or 20MB, whereas Logstash defaults to 200MB or 200000000 characters.
-Dlogstash.jackson.stream-read-constraints.max-string-length=200000000
#
# Sets the maximum number length (in chars or bytes, depending on input context).
# The jackson library defaults to 1000, whereas Logstash defaults to 10000.
-Dlogstash.jackson.stream-read-constraints.max-number-length=10000
#
# Sets the maximum nesting depth. The depth is a count of objects and arrays that have not
# been closed, `{` and `[` respectively.
#-Dlogstash.jackson.stream-read-constraints.max-nesting-depth=1000

36
docker-swarm-review/log/logstash.conf Normal file
View File

@@ -0,0 +1,36 @@
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:oldtimestamp}\s+\[%{DATA:service}\]\s+\[TID:%{NOTSPACE:tid}\]\s+\[%{DATA:thread}\]\s+%{LOGLEVEL:loglevel}\s+%{NOTSPACE:class}\s+-%{GREEDYDATA:oldmessage}"}
}
date {
match => ["oldtimestamp", "ISO8601"]
target => "@timestamp"
}
mutate {
replace => { "message" => "%{oldmessage}" }
remove_field => [ "oldmessage","oldtimestamp","agent","host","input","log.flags","log.flags.keyword","tags" ]
}
}
output {
if [service] {
elasticsearch {
hosts => [ "review-es-elasticsearch:9200" ]
index => "sslog-%{[service]}"
action => "create"
ilm_enabled => false
}
}else{
elasticsearch {
hosts => [ "review-es-elasticsearch:9200" ]
index => "sslog-default"
action => "create"
ilm_enabled => false
}
}
}

18
docker-swarm-review/minio/README Normal file
View File

@@ -0,0 +1,18 @@
# es index生命周期参考 https://developer.aliyun.com/article/793119为索引配置索引模板即可索引模板中添加ilm
# {
# "index": {
# "lifecycle": {
# "name": "90-days-default"
# }
# }
# }
docker network create \
--driver overlay \
review
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_log --with-registry-auth
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - minio --with-registry-auth

35
docker-swarm-review/minio/docker-compose.yml Normal file
View File

@@ -0,0 +1,35 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
minio:
image: docker.io/bitnami/minio:2023
hostname: ${NAMESPACE}-minio
ports:
- '${NODE_PORT}:9000'
- '${NODE_PORT_1}:9001'
environment:
# 时区上海
TZ: Asia/Shanghai
# 管理后台用户名
MINIO_ROOT_USER: ${MINIO_ROOT_USER}
# 管理后台密码最小8个字符
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
volumes:
- 'data:/data'
deploy:
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_minio==1
volumes:
data:
driver: local

5
docker-swarm-review/minio/env_crm1 Normal file
View File

@@ -0,0 +1,5 @@
NAMESPACE=crm1
NODE_PORT=9000
NODE_PORT_1=9001
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=gkxl###650

5
docker-swarm-review/minio/env_review Normal file
View File

@@ -0,0 +1,5 @@
NAMESPACE=review
NODE_PORT=9000
NODE_PORT_1=9001
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=gkxl###650

12
docker-swarm-review/mongodb/README Normal file
View File

@@ -0,0 +1,12 @@
# crm1环境下 部署集群mongodb
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_mongodb
# crm1环境下 部署集群mongodb rs
docker stack deploy --compose-file docker-stack-rs.yml review_mongodb --with-registry-auth

25
docker-swarm-review/mongodb/docker-compose.yml Normal file
View File

@@ -0,0 +1,25 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
db:
image: docker.io/bitnami/mongodb:6.0
ports:
- '${NODE_PORT}:27017'
environment:
- TZ=Asia/Shanghai
- MONGODB_ROOT_USER=root
- MONGODB_ROOT_PASSWORD=123456
- MONGODB_DATABASE=${MONGODB_DATABASE}
volumes:
- '/mnt/data/volumes/mongodb:/bitnami/mongodb'
deploy:
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_mongodb==1

64
docker-swarm-review/mongodb/docker-stack-rs.yml Normal file
View File

@@ -0,0 +1,64 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
version: '3.8'
networks:
default:
name: review
external: true
services:
primary:
image: docker.io/bitnami/mongodb:7.0
hostname: mongodb-primary
ports:
- 27015:27017
environment:
- TZ=Asia/Shanghai
- MONGODB_ADVERTISED_HOSTNAME=mongodb-primary
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_ROOT_PASSWORD=123456
- MONGODB_REPLICA_SET_KEY=replicasetkey123
volumes:
- '/mnt/data/volumes/mongodb/primary:/bitnami/mongodb'
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.hostname == ZD-CRM5]
secondary:
image: docker.io/bitnami/mongodb:7.0
hostname: mongodb-secondary
ports:
- 27016:27017
depends_on:
- mongodb-primary
environment:
- TZ=Asia/Shanghai
- MONGODB_ADVERTISED_HOSTNAME=mongodb-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary
- MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=123456
- MONGODB_REPLICA_SET_KEY=replicasetkey123
volumes:
- '/mnt/data/volumes/mongodb/secondary:/bitnami/mongodb'
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.hostname == ZD-CRM6]
arbiter:
image: docker.io/bitnami/mongodb:7.0
depends_on:
- mongodb-primary
environment:
- TZ=Asia/Shanghai
- MONGODB_ADVERTISED_HOSTNAME=mongodb-arbiter
- MONGODB_REPLICA_SET_MODE=arbiter
- MONGODB_INITIAL_PRIMARY_HOST=mongodb-primary
- MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD=password123
- MONGODB_REPLICA_SET_KEY=replicasetkey123
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.hostname == ZD-CRM3]

3
docker-swarm-review/mongodb/env_crm1 Normal file
View File

@@ -0,0 +1,3 @@
NAMESPACE=crm1
NODE_PORT=27017
MONGODB_DATABASE=gps_data

3
docker-swarm-review/mongodb/env_review Normal file
View File

@@ -0,0 +1,3 @@
NAMESPACE=review
NODE_PORT=27017
MONGODB_DATABASE=gps_data

19
docker-swarm-review/monitor/README Normal file
View File

@@ -0,0 +1,19 @@
env $(cat ./env_review | xargs) envsubst < ./docker-stack.yml | docker stack deploy --compose-file - monitor
docker stack deploy --compose-file docker-compose.yml monitor --with-registry-auth
docker run \
-p 9090:9090 \
-v /opt/support/prometheus.yml:/etc/prometheus/prometheus.yml \
prom/prometheus:v2.52.0
docker service create --name cadvisor -l prometheus-job=cadvisor \
--mode=global --publish target=8080,mode=host \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock,ro \
--mount type=bind,src=/,dst=/rootfs,ro \
--mount type=bind,src=/var/run,dst=/var/run \
--mount type=bind,src=/sys,dst=/sys,ro \
--mount type=bind,src=/var/lib/docker,dst=/var/lib/docker,ro \
spcodes/cadvisor:v0.49.1 -docker_only

70
docker-swarm-review/monitor/docker-compose.yml Normal file
View File

@@ -0,0 +1,70 @@
version: '3.8'
services:
prometheus:
image: prom/prometheus:v2.52.0
ports:
- "9090:9090"
configs:
- source: prometheus_conf
target: /etc/prometheus/prometheus.yml
command:
- --config.file=/etc/prometheus/prometheus.yml
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
mode: replicated
placement:
constraints: [node.hostname == ZD-CRM2]
replicas: 1
# alertmanager:
# image: prom/alertmanager:v0.27.0
# ports:
# - "9093:9093"
# volumes:
# - ./alertmanager.yml:/etc/alertmanager/alertmanager.yml
# command:
# - --config.file=/etc/alertmanager/alertmanager.yml
# deploy:
# mode: replicated
# replicas: 1
# node-exporter:
# image: prom/node-exporter:v1.8.1
# volumes:
# - /proc:/host/proc:ro
# - /sys:/host/sys:ro
# - /:/rootfs:ro
# deploy:
# mode: global
# placement:
# constraints: [node.role == manager]
cadvisor:
image: spcodes/cadvisor:v0.49.1
ports:
- 8180:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
deploy:
mode: global
grafana:
image: grafana/grafana:11.0.0
ports:
- 23000:3000
volumes:
- /opt/data/grafana/:/var/lib/grafana:ro
deploy:
mode: replicated
placement:
constraints: [node.hostname == ZD-CRM2]
replicas: 1
configs:
prometheus_conf:
# file: ./prometheus.yml
external: true
name: monitor_prometheus_conf_v2

125
docker-swarm-review/monitor/docker-stack.yml Normal file
View File

@@ -0,0 +1,125 @@
version: "3.8"
services:
grafana:
image: portainer/template-swarm-monitoring:grafana-9.5.2
ports:
- target: 3000
published: 3000
protocol: tcp
mode: ingress
deploy:
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
- node.labels.monitoring == true
volumes:
- type: volume
source: grafana-data
target: /var/lib/grafana
environment:
- GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
- GF_USERS_ALLOW_SIGN_UP=false
networks:
- net
prometheus:
image: portainer/template-swarm-monitoring:prometheus-v2.44.0
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--log.level=error'
- '--storage.tsdb.path=/prometheus'
- '--storage.tsdb.retention.time=7d'
deploy:
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
- node.labels.monitoring == true
volumes:
- type: volume
source: prometheus-data
target: /prometheus
networks:
- net
cadvisor:
image: spcodes/cadvisor:v0.49.1
command: -logtostderr -docker_only
deploy:
mode: global
resources:
limits:
memory: 128M
reservations:
memory: 64M
volumes:
- type: bind
source: /
target: /rootfs
read_only: true
- type: bind
source: /var/run
target: /var/run
read_only: true
- type: bind
source: /sys
target: /sys
read_only: true
- type: bind
source: /var/lib/docker
target: /var/lib/docker
read_only: true
- type: bind
source: /dev/disk
target: /dev/disk
read_only: true
networks:
- net
node-exporter:
image: prom/node-exporter:v1.5.0
command:
- '--path.sysfs=/host/sys'
- '--path.procfs=/host/proc'
- '--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|host|etc)($$|/)'
- '--no-collector.ipvs'
deploy:
mode: global
resources:
limits:
memory: 128M
reservations:
memory: 64M
volumes:
- type: bind
source: /
target: /rootfs
read_only: true
- type: bind
source: /proc
target: /host/proc
read_only: true
- type: bind
source: /sys
target: /host/sys
read_only: true
networks:
- net
volumes:
grafana-data:
prometheus-data:
networks:
net:
driver: host

30
docker-swarm-review/monitor/prometheus.yml Normal file
View File

@@ -0,0 +1,30 @@
scrape_configs:
# Make Prometheus scrape itself for metrics.
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# Create a job for Docker Swarm containers.
- job_name: 'dockerswarm'
dockerswarm_sd_configs:
- host: unix:///var/run/docker.sock
role: nodes
relabel_configs:
# Fetch metrics on port 9323.
- source_labels: [__meta_dockerswarm_node_address]
target_label: __address__
replacement: $1:9323
# Set hostname as instance label
- source_labels: [__meta_dockerswarm_node_hostname]
target_label: instance
# Only keep containers that should be running.
- source_labels: [__meta_dockerswarm_task_desired_state]
regex: running
action: keep
# Only keep containers that have a `prometheus-job` label.
- source_labels: [__meta_dockerswarm_service_label_prometheus_job]
regex: .+
action: keep
# Use the prometheus-job Swarm label as Prometheus job label.
- source_labels: [__meta_dockerswarm_service_label_prometheus_job]
target_label: job

50
docker-swarm-review/mysql-repl-tool/README.md Normal file
View File

@@ -0,0 +1,50 @@
生产环境用于nacos xxl-job的专用数据库
# review环境下 部署 附属工具类服务使用的mysql
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_tool_mysql
[mysqladmin]
user=
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
port=3306
tmpdir=/opt/bitnami/mysql/tmp
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mysql/logs/mysqld.log
slow_query_log=0
slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
long_query_time=10
character_set_server=utf8mb4
collation_server=utf8mb4_unicode_ci
plugin_dir=/opt/bitnami/mysql/lib/plugin
[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default_character_set=utf8mb4
plugin_dir=/opt/bitnami/mysql/lib/plugin
[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
---- 实际版本
[mysqld]
max_connections=500
max_allowed_packet=64M
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
log-bin=mysql-bin # 开启 binlog
binlog-format=ROW # 选择 ROW 模式
server_id=209

92
docker-swarm-review/mysql-repl-tool/docker-compose.yml Normal file
View File

@@ -0,0 +1,92 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
mysql-master:
image: docker.io/bitnami/mysql:8.0
hostname: ${NAMESPACE}-tool-mysql-master
ports:
- '${NODE_PORT_MASTER}:3306'
volumes:
- 'mysql_repl_master_data:/bitnami/mysql/data'
environment:
- MYSQL_REPLICATION_MODE=master
- MYSQL_REPLICATION_USER=repl_user
- MYSQL_REPLICATION_PASSWORD=${MYSQL_REPLICATION_PASSWORD}
# - MYSQL_DATABASE=my_database
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_AUTHENTICATION_PLUGIN=mysql_native_password
- MYSQL_ENABLE_SLOW_QUERY=0
- MYSQL_LONG_QUERY_TIME=10
configs:
- source: custome_config_master
target: /opt/bitnami/mysql/conf/my_custom.cnf
healthcheck:
test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh']
interval: 15s
timeout: 5s
retries: 6
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.hostname == ZD-BAK-APP1]
mysql-slave:
image: docker.io/bitnami/mysql:8.0
hostname: ${NAMESPACE}-tool-mysql-slave
ports:
- '${NODE_PORT_SLAVE}:3306'
volumes:
- 'mysql_repl_slave_data:/bitnami/mysql/data'
depends_on:
- mysql-master
environment:
- MYSQL_REPLICATION_MODE=slave
- MYSQL_REPLICATION_USER=repl_user
- MYSQL_REPLICATION_PASSWORD=${MYSQL_REPLICATION_PASSWORD}
# - MYSQL_DATABASE=my_database
- MYSQL_MASTER_HOST=mysql-master
- MYSQL_MASTER_PORT_NUMBER=3306
- MYSQL_MASTER_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_AUTHENTICATION_PLUGIN=mysql_native_password
- MYSQL_ENABLE_SLOW_QUERY=0
- MYSQL_LONG_QUERY_TIME=10
# ALLOW_EMPTY_PASSWORD is recommended only for development.
# - ALLOW_EMPTY_PASSWORD=yes
# In case of missing binary files on master, use `true` to reset those binary files. Creating a previous backup is recommended.
- MYSQL_REPLICATION_SLAVE_DUMP=false
healthcheck:
test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh']
interval: 30s
timeout: 10s
retries: 6
start_period: 180s
configs:
- source: custome_config_slave
target: /opt/bitnami/mysql/conf/my_custom.cnf
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.hostname == ZD-BAK-APP2]
volumes:
mysql_repl_master_data:
driver: local
mysql_repl_slave_data:
driver: local
configs:
custome_config_master:
external: true
name: ${CUSTOME_CONFIG_MASTER}
custome_config_slave:
external: true
name: ${CUSTOME_CONFIG_SLAVE}

9
docker-swarm-review/mysql-repl-tool/env_review Normal file
View File

@@ -0,0 +1,9 @@
NAMESPACE=review
NODE_PORT_MASTER=25306
NODE_PORT_SLAVE=25307
MYSQL_USER=zd_tool
MYSQL_PASSWORD=gkxl2024#@
MYSQL_ROOT_PASSWORD=gkxl2024#@
MYSQL_REPLICATION_PASSWORD=gkxl2024#@
CUSTOME_CONFIG_MASTER=review_tool_mysql_master_conf_v1
CUSTOME_CONFIG_SLAVE=review_tool_mysql_slave_conf_v1

36
docker-swarm-review/mysql/README Normal file
View File

@@ -0,0 +1,36 @@
# crm1环境下 部署 mysql
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_mysql
[mysqladmin]
user=
[mysqld]
skip_name_resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
port=3306
tmpdir=/opt/bitnami/mysql/tmp
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid
max_allowed_packet=16M
bind_address=0.0.0.0
log_error=/opt/bitnami/mysql/logs/mysqld.log
slow_query_log=0
slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
long_query_time=10
character_set_server=utf8mb4
collation_server=utf8mb4_unicode_ci
plugin_dir=/opt/bitnami/mysql/lib/plugin
[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default_character_set=utf8mb4
plugin_dir=/opt/bitnami/mysql/lib/plugin
[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid_file=/opt/bitnami/mysql/tmp/mysqld.pid

42
docker-swarm-review/mysql/docker-compose.yml Normal file
View File

@@ -0,0 +1,42 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
db:
image: docker.io/bitnami/mysql:8.0
ports:
- '${NODE_PORT}:3306'
environment:
- TZ=Asia/Shanghai
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_ENABLE_SLOW_QUERY=0
- MYSQL_LONG_QUERY_TIME=10
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_AUTHENTICATION_PLUGIN=mysql_native_password
volumes:
- 'data_db:/bitnami/mysql/data'
healthcheck:
test: ['CMD', '/opt/bitnami/scripts/mysql/healthcheck.sh']
interval: 15s
timeout: 5s
retries: 6
configs:
- source: custome_config
target: /opt/bitnami/mysql/conf/my_custom.cnf
deploy:
placement:
constraints:
- node.labels.${NAMESPACE}_mysql==1
volumes:
data_db:
driver: local
configs:
custome_config:
external: true
name: ${CUSTOME_CONFIG}

7
docker-swarm-review/mysql/env_review Normal file
View File

@@ -0,0 +1,7 @@
NAMESPACE=review
NODE_PORT=3306
MYSQL_USER=gkxl650
MYSQL_PASSWORD=gkxl650
MYSQL_ROOT_PASSWORD=gkxl650
MYSQL_DATABASE=zd_rescue
CUSTOME_CONFIG=review_mysql_conf_v1

10
docker-swarm-review/nacos-cluser/README Normal file
View File

@@ -0,0 +1,10 @@
# crm1环境下 部署单机nacos
env $(cat ./env_crm1 | xargs) envsubst < ./standalone-derby.yml | docker stack deploy --compose-file - crm1_nacos
# review环境下 部署单机nacos
env $(cat ./env_review | xargs) envsubst < ./cluster-docker-compose.yml | docker stack deploy --compose-file - review_nacos

103
docker-swarm-review/nacos-cluser/cluster-docker-compose.yml Normal file
View File

@@ -0,0 +1,103 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
nacos1:
image: nacos/nacos-server:${NACOS_VERSION}
hostname: ${NAMESPACE}-nacos1
ports:
- ${NODE_PORT_11}:8848
- ${NODE_PORT_12}:9848
- ${NODE_PORT_13}:9849
volumes:
- nacos_cluster_log:/home/nacos/logs #配置docker存储日志的卷
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: ${NAMESPACE}-nacos1:8848 ${NAMESPACE}-nacos2:8848 ${NAMESPACE}-nacos3:8848
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true' #1.2.0版本默认关闭登陆界面
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: ${MYSQL_SERVICE_HOST}
MYSQL_SERVICE_DB_NAME: nacos
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: ${MYSQL_SERVICE_USER}
MYSQL_SERVICE_PASSWORD: ${MYSQL_SERVICE_PASSWORD}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_IDENTITY_KEY}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_IDENTITY_VALUE}
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN}
deploy:
replicas: 1 #部署时,指定部署一个副本
placement:
constraints: [node.hostname == ZD-BAK-APP1]
restart_policy:
condition: on-failure
nacos2:
image: nacos/nacos-server:${NACOS_VERSION}
hostname: ${NAMESPACE}-nacos2
ports:
- ${NODE_PORT_21}:8848
- ${NODE_PORT_22}:9848
- ${NODE_PORT_23}:9849
volumes:
- nacos_cluster_log:/home/nacos/logs #配置docker存储日志的卷
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: ${NAMESPACE}-nacos1:8848 ${NAMESPACE}-nacos2:8848 ${NAMESPACE}-nacos3:8848
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true' #1.2.0版本默认关闭登陆界面
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: ${MYSQL_SERVICE_HOST}
MYSQL_SERVICE_DB_NAME: nacos
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: ${MYSQL_SERVICE_USER}
MYSQL_SERVICE_PASSWORD: ${MYSQL_SERVICE_PASSWORD}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_IDENTITY_KEY}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_IDENTITY_VALUE}
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN}
deploy:
replicas: 1 #部署时,指定部署一个副本
placement:
constraints: [node.hostname == ZD-BAK-APP2]
restart_policy:
condition: on-failure
nacos3:
image: nacos/nacos-server:${NACOS_VERSION}
hostname: ${NAMESPACE}-nacos3
ports:
- ${NODE_PORT_31}:8848
- ${NODE_PORT_32}:9848
- ${NODE_PORT_33}:9849
volumes:
- nacos_cluster_log:/home/nacos/logs #配置docker存储日志的卷
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: ${NAMESPACE}-nacos1:8848 ${NAMESPACE}-nacos2:8848 ${NAMESPACE}-nacos3:8848
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true' #1.2.0版本默认关闭登陆界面
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: ${MYSQL_SERVICE_HOST}
MYSQL_SERVICE_DB_NAME: nacos
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: ${MYSQL_SERVICE_USER}
MYSQL_SERVICE_PASSWORD: ${MYSQL_SERVICE_PASSWORD}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_IDENTITY_KEY}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_IDENTITY_VALUE}
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN}
deploy:
replicas: 1 #部署时,指定部署一个副本
placement:
constraints: [node.hostname == zd-bak-app3]
restart_policy:
condition: on-failure
volumes:
nacos_cluster_log:
driver: local

5
docker-swarm-review/nacos-cluser/env_crm1 Normal file
View File

@@ -0,0 +1,5 @@
NAMESPACE=crm1
NACOS_VERSION=v2.2.2
NODE_PORT=8848
NODE_PORT_2=9848
NACOS_SERVER_IP=192.168.1.209

17
docker-swarm-review/nacos-cluser/env_review Normal file
View File

@@ -0,0 +1,17 @@
NAMESPACE=review
NACOS_VERSION=v2.3.0
NODE_PORT_11=21848
NODE_PORT_12=22848
NODE_PORT_13=22849
NODE_PORT_21=23848
NODE_PORT_22=24848
NODE_PORT_23=24849
NODE_PORT_31=25848
NODE_PORT_32=26848
NODE_PORT_33=26849
MYSQL_SERVICE_HOST=review-tool-mysql-master
MYSQL_SERVICE_USER=zd_tool
MYSQL_SERVICE_PASSWORD=gkxl2024#@
NACOS_AUTH_IDENTITY_KEY=nacos
NACOS_AUTH_IDENTITY_VALUE=gkxl2024#@
NACOS_AUTH_TOKEN=OTg1NjRzZnJ0Z2RmZzIwMjQ1NTU1NTExZWZnZGVmZGVz

213
docker-swarm-review/nacos-cluser/mysql-schema.sql Normal file
View File

@@ -0,0 +1,213 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/******************************************/
/* 表名称 = config_info */
/******************************************/
CREATE TABLE `config_info` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) DEFAULT NULL COMMENT 'group_id',
`content` longtext NOT NULL COMMENT 'content',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
`c_desc` varchar(256) DEFAULT NULL COMMENT 'configuration description',
`c_use` varchar(64) DEFAULT NULL COMMENT 'configuration usage',
`effect` varchar(64) DEFAULT NULL COMMENT '配置生效的描述',
`type` varchar(64) DEFAULT NULL COMMENT '配置的类型',
`c_schema` text COMMENT '配置的模式',
`encrypted_data_key` text NOT NULL COMMENT '密钥',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfo_datagrouptenant` (`data_id`,`group_id`,`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info';
/******************************************/
/* 表名称 = config_info_aggr */
/******************************************/
CREATE TABLE `config_info_aggr` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`datum_id` varchar(255) NOT NULL COMMENT 'datum_id',
`content` longtext NOT NULL COMMENT '内容',
`gmt_modified` datetime NOT NULL COMMENT '修改时间',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfoaggr_datagrouptenantdatum` (`data_id`,`group_id`,`tenant_id`,`datum_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='增加租户字段';
/******************************************/
/* 表名称 = config_info_beta */
/******************************************/
CREATE TABLE `config_info_beta` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`beta_ips` varchar(1024) DEFAULT NULL COMMENT 'betaIps',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
`encrypted_data_key` text NOT NULL COMMENT '密钥',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfobeta_datagrouptenant` (`data_id`,`group_id`,`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info_beta';
/******************************************/
/* 表名称 = config_info_tag */
/******************************************/
CREATE TABLE `config_info_tag` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id',
`tag_id` varchar(128) NOT NULL COMMENT 'tag_id',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfotag_datagrouptenanttag` (`data_id`,`group_id`,`tenant_id`,`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info_tag';
/******************************************/
/* 表名称 = config_tags_relation */
/******************************************/
CREATE TABLE `config_tags_relation` (
`id` bigint(20) NOT NULL COMMENT 'id',
`tag_name` varchar(128) NOT NULL COMMENT 'tag_name',
`tag_type` varchar(64) DEFAULT NULL COMMENT 'tag_type',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id',
`nid` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增长标识',
PRIMARY KEY (`nid`),
UNIQUE KEY `uk_configtagrelation_configidtag` (`id`,`tag_name`,`tag_type`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_tag_relation';
/******************************************/
/* 表名称 = group_capacity */
/******************************************/
CREATE TABLE `group_capacity` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`group_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Group ID空字符表示整个集群',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数0表示使用默认值',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_group_id` (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='集群、各Group容量信息表';
/******************************************/
/* 表名称 = his_config_info */
/******************************************/
CREATE TABLE `his_config_info` (
`id` bigint(20) unsigned NOT NULL COMMENT 'id',
`nid` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增标识',
`data_id` varchar(255) NOT NULL COMMENT 'data_id',
`group_id` varchar(128) NOT NULL COMMENT 'group_id',
`app_name` varchar(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`md5` varchar(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip',
`op_type` char(10) DEFAULT NULL COMMENT 'operation type',
`tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段',
`encrypted_data_key` text NOT NULL COMMENT '密钥',
PRIMARY KEY (`nid`),
KEY `idx_gmt_create` (`gmt_create`),
KEY `idx_gmt_modified` (`gmt_modified`),
KEY `idx_did` (`data_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='多租户改造';
/******************************************/
/* 表名称 = tenant_capacity */
/******************************************/
CREATE TABLE `tenant_capacity` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`tenant_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Tenant ID',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='租户容量信息表';
CREATE TABLE `tenant_info` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`kp` varchar(128) NOT NULL COMMENT 'kp',
`tenant_id` varchar(128) default '' COMMENT 'tenant_id',
`tenant_name` varchar(128) default '' COMMENT 'tenant_name',
`tenant_desc` varchar(256) DEFAULT NULL COMMENT 'tenant_desc',
`create_source` varchar(32) DEFAULT NULL COMMENT 'create_source',
`gmt_create` bigint(20) NOT NULL COMMENT '创建时间',
`gmt_modified` bigint(20) NOT NULL COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info';
CREATE TABLE `users` (
`username` varchar(50) NOT NULL PRIMARY KEY COMMENT 'username',
`password` varchar(500) NOT NULL COMMENT 'password',
`enabled` boolean NOT NULL COMMENT 'enabled'
);
CREATE TABLE `roles` (
`username` varchar(50) NOT NULL COMMENT 'username',
`role` varchar(50) NOT NULL COMMENT 'role',
UNIQUE INDEX `idx_user_role` (`username` ASC, `role` ASC) USING BTREE
);
CREATE TABLE `permissions` (
`role` varchar(50) NOT NULL COMMENT 'role',
`resource` varchar(255) NOT NULL COMMENT 'resource',
`action` varchar(8) NOT NULL COMMENT 'action',
UNIQUE INDEX `uk_role_permission` (`role`,`resource`,`action`) USING BTREE
);
INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE);
INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN');

38
docker-swarm-review/nacos-cluser/standalone-derby.yml Normal file
View File

@@ -0,0 +1,38 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
server:
hostname: ${NAMESPACE}_nacos_server
image: nacos/nacos-server:${NACOS_VERSION}
environment:
- PREFER_HOST_MODE=hostname
- NACOS_SERVER_IP=${NACOS_SERVER_IP}
- MODE=standalone
- NACOS_AUTH_ENABLE=true
- NACOS_AUTH_IDENTITY_KEY=bndmsdsad
- NACOS_AUTH_IDENTITY_VALUE=wepqweq#dasld
- NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456587012345678901234567890123456789
ports:
- target: 8848
published: ${NODE_PORT}
protocol: tcp
mode: host # 解析默认是ingress就是通过swarm的负载均衡模式无论通过集群节点的映射端口都能访问到业务容器此种方式类似于k8s的NodePort的svc服务暴露方式而host则属于业务容器运行在哪个节点则就通过节点地址+映射端口访问对应的业务容器。
- target: 9848
published: ${NODE_PORT_2}
protocol: tcp
mode: host
volumes:
- data_server:/home/nacos/
deploy:
update_config:
order: stop-first
placement:
constraints:
- node.labels.${NAMESPACE}_nacos_server==1
volumes:
data_server:
driver: local

5
docker-swarm-review/nacos/README Normal file
View File

@@ -0,0 +1,5 @@
# crm1环境下 部署单机nacos
env $(cat ./env_crm1 | xargs) envsubst < ./standalone-derby.yml | docker stack deploy --compose-file - crm1_nacos

155
docker-swarm-review/nacos/cluser.yml Normal file
View File

@@ -0,0 +1,155 @@
version: '3.8'
services:
nacos1:
container_name: nacos1
image: nacos/nacos-server:latest
hostname: nacos1
restart: always
ports:
- target: 8848
published: 8848
protocol: tcp
mode: host #采用host模式默认为ingress配置较灵活根据自己的需求也可调整为ingress本案例防止nacos 采用 swarm集群调度所以改为host模式两台服务器之间通过内网及nacos端口访问通过nginx配置对外服务
volumes:
- cluster1_logs:/home/nacos/logs #配置docker存储日志的卷
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: 192.168.3.75:8848 192.168.3.94:8848 192.168.3.142:8848
NACOS_SERVER_IP: 192.168.3.75
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true' #1.2.0版本默认关闭登陆界面
MYSQL_SERVICE_HOST: mysql
MYSQL_SERVICE_DB_NAME: nacos_devtest
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: nacos
MYSQL_SERVICE_PASSWORD: 123456
deploy:
replicas: 1 #部署时,指定部署一个副本
placement:
constraints:
- node.labels.env==docker-server-1
restart_policy:
condition: on-failure
depends_on:
- mysql
networks:
- srm
nacos2:
container_name: nacos2
image: nacos/nacos-server:latest
restart: always
hostname: nacos2
ports:
- target: 8848
published: 8848
protocol: tcp
mode: host
volumes:
- cluster2_logs:/home/nacos/logs
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: 192.168.3.75:8848 192.168.3.94:8848 192.168.3.142:8848
NACOS_SERVER_IP: 192.168.3.94
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true'
MYSQL_SERVICE_HOST: mysql
MYSQL_SERVICE_DB_NAME: nacos_devtest
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: nacos
MYSQL_SERVICE_PASSWORD: 123456
deploy:
replicas: 1
placement:
constraints:
- node.labels.env==docker-server-2
restart_policy:
condition: on-failure
depends_on:
- mysql
networks:
- srm
nacos3:
container_name: nacos3
image: nacos/nacos-server:latest
restart: always
hostname: nacos3
ports:
- target: 8848
published: 8848
protocol: tcp
mode: host
volumes:
- cluster3_logs:/home/nacos/logs
environment:
MODE: cluster
PREFER_HOST_MODE: hostname
NACOS_SERVERS: 192.168.3.75:8848 192.168.3.94:8848 192.168.3.142:8848
NACOS_SERVER_IP: 192.168.3.142
NACOS_SERVER_PORT: 8848
NACOS_AUTH_ENABLE: 'true'
MYSQL_SERVICE_HOST: mysql
MYSQL_SERVICE_DB_NAME: nacos_devtest
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_USER: nacos
MYSQL_SERVICE_PASSWORD: 123456
deploy:
replicas: 1
placement:
constraints:
- node.labels.env==docker-server-3
restart_policy:
condition: on-failure
depends_on:
- mysql
networks:
- srm
mysql:
image: mysql:5.7.33
restart: always
container_name: mysql
hostname: mysql
ports:
- 3306:3306
volumes:
- /data/software/nacos/mysql/data:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
- /etc/my.cnf:/etc/mysql/mysql.conf.d/my.cnf
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD: sonar
MYSQL_DATABASE: nacos_devtest
deploy:
replicas: 1
placement:
constraints:
- node.labels.env==docker-server-1
restart_policy:
condition: on-failure
networks:
- srm
volumes:
cluster1_logs:
cluster2_logs:
cluster3_logs:
networks:
srm:
external: true
#https://blog.51cto.com/u_12898848/4054447

5
docker-swarm-review/nacos/env_crm1 Normal file
View File

@@ -0,0 +1,5 @@
NAMESPACE=crm1
NACOS_VERSION=v2.2.2
NODE_PORT=8848
NODE_PORT_2=9848
NACOS_SERVER_IP=192.168.1.209

38
docker-swarm-review/nacos/standalone-derby.yml Normal file
View File

@@ -0,0 +1,38 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
server:
hostname: ${NAMESPACE}_nacos_server
image: nacos/nacos-server:${NACOS_VERSION}
environment:
- PREFER_HOST_MODE=hostname
- NACOS_SERVER_IP=${NACOS_SERVER_IP}
- MODE=standalone
- NACOS_AUTH_ENABLE=true
- NACOS_AUTH_IDENTITY_KEY=bndmsdsad
- NACOS_AUTH_IDENTITY_VALUE=wepqweq#dasld
- NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456587012345678901234567890123456789
ports:
- target: 8848
published: ${NODE_PORT}
protocol: tcp
mode: host # 解析默认是ingress就是通过swarm的负载均衡模式无论通过集群节点的映射端口都能访问到业务容器此种方式类似于k8s的NodePort的svc服务暴露方式而host则属于业务容器运行在哪个节点则就通过节点地址+映射端口访问对应的业务容器。
- target: 9848
published: ${NODE_PORT_2}
protocol: tcp
mode: host
volumes:
- data_server:/home/nacos/
deploy:
update_config:
order: stop-first
placement:
constraints:
- node.labels.${NAMESPACE}_nacos_server==1
volumes:
data_server:
driver: local

68
docker-swarm-review/nginx-proxy-simple/crm1.conf Normal file
View File

@@ -0,0 +1,68 @@
server {
listen 8080;
server_name api1.sino-assist.com api2.sino-assist.com;
location / {
proxy_pass http://ss208_sa-gateway_svc:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*actuator.* {
deny all;
}
}
server {
listen 8080;
server_name crm1.sino-assist.com crm2.sino-assist.com;
location / {
proxy_pass http://crm1_ss_sa-cc_svc:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nacos/ {
proxy_pass http://crm1_nacos_server:8848/nacos/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /xxl-job-admin {
proxy_pass http://crm1_xxl_job_server:8080/xxl-job-admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /boot-admin/ {
proxy_pass http://ss209_boot-admin_svc:8080/boot-admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /mq/ {
proxy_pass http://crm1_rabbitmq_stats:15672/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

53
docker-swarm-review/nginx-proxy-simple/deploy.sh Normal file
View File

@@ -0,0 +1,53 @@
#!/bin/bash
# 在 192.168.3.132 上执行
# 1. 创建配置目录
mkdir -p /data/nginx-proxy
# 2. 写入 nginx 配置
cat > /data/nginx-proxy/nginx.conf << 'EOF'
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 100M;
server {
listen 8080;
# 前端
location / {
proxy_pass http://192.168.3.132:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 后端网关
location ~ ^/(common|order|supplier|contract|base|export-app|auth|user|system|api|ws|return|returnVehicle|returnOrder|supplierManage|agg-api|zgs|gps|data-search)/ {
proxy_pass http://192.168.3.132:28092;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
EOF
# 3. 启动 nginx 容器
docker run -d \
--name nginx-proxy \
--restart always \
-p 8080:8080 \
-v /data/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf:ro \
nginx:alpine

26
docker-swarm-review/nginx-proxy-simple/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
version: '3.8'
services:
nginx-proxy:
image: nginx:alpine
ports:
- '8080:8080'
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
environment:
- TZ=Asia/Shanghai
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
placement:
constraints:
- node.labels.review_nginx_proxy==1
networks:
default:
name: review
external: true

35
docker-swarm-review/nginx-proxy-simple/nginx.conf Normal file
View File

@@ -0,0 +1,35 @@
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 100M;
server {
listen 8080;
# 前端
location / {
proxy_pass http://192.168.3.132:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 后端网关 - 所有 API 请求
location ~ ^/(common|order|supplier|contract|base|export-app|auth|user|system|api|ws|return|returnVehicle|returnOrder|supplierManage|agg-api|zgs|gps|data-search)/ {
proxy_pass http://192.168.3.132:28092;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}

68
docker-swarm-review/nginx-proxy-simple/review.conf Normal file
View File

@@ -0,0 +1,68 @@
server {
listen 8080;
server_name apireview.sino-assist.com;
location / {
proxy_pass http://ss132_sa-gateway_svc:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*actuator.* {
deny all;
}
}
server {
listen 8080;
server_name ccreview.sino-assist.com;
location / {
proxy_pass http://review_ss_sa-cc_svc:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nacos/ {
proxy_pass http://review_nacos_nacos1:8848/nacos/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /xxl-job-admin {
proxy_pass http://review_xxl_job_server:8080/xxl-job-admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /boot-admin/ {
proxy_pass http://ss132_boot-admin_svc:8080/boot-admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /mq/ {
proxy_pass http://review_rabbitmq_stats:15672/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

126
docker-swarm-review/nginx-proxy-simple/review_temp.conf Normal file
View File

@@ -0,0 +1,126 @@
server {
listen 80;
server_name crm1.sino-assist.com api1.sino-assist.com api-sit.sino-assist.com;
include ssl.sino_assist.conf;
# 中道汽车救援公众号
location /MP_verify_TyW3WkUF0gacMB4m.txt {
default_type text/html;
return 200 "TyW3WkUF0gacMB4m";
}
# 中道汽车服务 服务号
location /MP_verify_WjQInvWDvPvfZvL0.txt {
default_type text/html;
return 200 "WjQInvWDvPvfZvL0";
}
location / {
proxy_pass http://192.168.1.209:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
location /h5/supplier/dispatch {
proxy_pass http://192.168.1.209:8031/h5/supplier/dispatch;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
location ^~ /dev/h5/rescue {
rewrite ^/dev/h5/rescue/(.*)$ /h5/client/$1 break; # [2,5](@ref)
proxy_pass http://192.168.1.209:8032;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
location /h5/client/ {
proxy_pass http://192.168.1.209:8032/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
location /dev/h5/rentCar {
proxy_pass http://192.168.1.209:8034/dev/h5/rentCar;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
}
server {
listen 80;
server_name portainer.sino-assist.com;
include ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.209:9000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name oem-jlr.sino-assist.com;
include ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.226:5868/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
}

10
docker-swarm-review/nginx-review-132/README Normal file
View File

@@ -0,0 +1,10 @@
# crm1环境下 部署nginx
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_nginx
# review环境下 部署nginx
env $(cat ./env_review | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - review_nginx

58
docker-swarm-review/nginx-review-132/docker-compose.yml Normal file
View File

@@ -0,0 +1,58 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
server1:
image: 'docker.io/bitnami/nginx:1.24'
ports:
- mode: host
protocol: tcp
published: 8180
target: 8080
- mode: host
protocol: tcp
published: 8143
target: 8443
environment:
- TZ=Asia/Shanghai
volumes:
- /opt/logs/nginx/:/opt/bitnami/nginx/logs/
configs:
- source: nginx_conf
target: /opt/bitnami/nginx/conf/nginx.conf
- source: nginx_ssl_sinoassist_config
target: /opt/bitnami/nginx/conf/ssl.sinoassist.conf
- source: ssl_sinoassist_key
target: /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.key
- source: ssl_sinoassist_pem
target: /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.pem
- source: nginx_review_config
target: /opt/bitnami/nginx/conf/server_blocks/review_temp.conf
deploy:
mode: replicated
replicas: 1
update_config:
order: start-first
placement:
constraints:
- node.hostname==ZD-BAK-APP2
configs:
nginx_conf:
external: true
name: nginx_conf_v1
nginx_ssl_sinoassist_config:
external: true
name: nginx_ssl_sinoassist_conf_v1
nginx_review_config:
external: true
name: nginx_review_config_v2
ssl_sinoassist_key:
external: true
name: ssl_sinoassist_key_2024
ssl_sinoassist_pem:
external: true
name: ssl_sinoassist_pem_2024

4
docker-swarm-review/nginx-review-132/env_crm1 Normal file
View File

@@ -0,0 +1,4 @@
NAMESPACE=crm1
NODE_PORT=8080
CUSTOME_CONFIG=nginx_conf_v1
CUSTOME_CONFIG=nginx_conf_v1

1
docker-swarm-review/nginx-review-132/env_review Normal file
View File

@@ -0,0 +1 @@
NAMESPACE=review

60
docker-swarm-review/nginx-review-132/nginx.conf Normal file
View File

@@ -0,0 +1,60 @@
# Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
user www www; ## Default: nobody
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
pid "/opt/bitnami/nginx/tmp/nginx.pid";
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log "/opt/bitnami/nginx/logs/access.log" main;
add_header X-Frame-Options SAMEORIGIN;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/css application/javascript text/xml application/xml+rss;
keepalive_timeout 65;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
client_max_body_size 105M;
server_tokens off;
absolute_redirect off;
port_in_redirect off;
include "/opt/bitnami/nginx/conf/server_blocks/*.conf";
# # HTTP Server
# server {
# # Port to listen on, can also be set in IP:PORT format
# listen 80;
# include "/opt/bitnami/nginx/conf/bitnami/*.conf";
# location /status {
# stub_status on;
# access_log off;
# allow 127.0.0.1;
# deny all;
# }
# }
}

282
docker-swarm-review/nginx-review-132/nginx_review_config_v1 Normal file
View File

@@ -0,0 +1,282 @@
#### 中道review环境开始 ####
upstream api.zhongdao {
server ss52_sa-gateway_svc:8080;
server ss53_sa-gateway_svc:8080;
}
# 中道外部接口
server {
listen 8080;
server_name api.sinoassist.net api.sinoassist.com xcx-api.sinoassist.com interface.review.sino-assist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
location / {
proxy_pass http://api.zhongdao;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*actuator.* {
deny all;
}
}
# 接口
server {
listen 8080;
server_name api-nj.do-dec.com api-cd.do-dec.com api-wh.do-dec.com api-hz.do-dec.com api-sh.do-dec.com;
location / {
proxy_pass http://api.zhongdao;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*actuator.* {
deny all;
}
}
server {
server_name site.sinoassist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
location / {
root /zd/cc-site/dist/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
}
server {
server_name www.sinoassist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
location /h5/rescue {
alias /zd/rescue-h5/dist/;
try_files $uri $uri/ /h5/rescue/index.html;
index index.html;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
location /dev/h5/rescue {
proxy_pass http://192.168.1.209:8030/dev/h5/rescue;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
location /h5/client/ {
alias /zd/sino-client-h5/dist/build/h5/;
index index.html;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
location /h5/supplier/dispatch {
alias /zd/supplier-dispatch-h5/dist/;
try_files $uri $uri/ /h5/supplier/dispatch/index.html;
index index.html;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
# 太科app 海豚湾 微信验证配置
location /FowqINu4W1.txt {
default_type text/html;
return 200 "90d7811c9e948fe95df1fd46ca3c1984";
}
location /HQgOV1DbaM.txt {
default_type text/html;
return 200 "91aad82c4fadf3b6b4843771561dac64";
}
location /pay/gateway/ {
proxy_pass http://192.168.3.121:9226/pay/gateway/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
client_max_body_size 200m;
}
location /pay/gateway/api/ {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.3.121:9216/api/;
# 启用支持websocket连接
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://review_ss_sa-cc_svc:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(export-app|common|order|supplier|contract|base) {
proxy_pass http://api.zhongdao;
}
}
## 前端http强制转https
server {
listen 8080;
server_name www.sinoassist.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://www.sinoassist.com$request_uri;
}
#### 中道review环境结束 ####
## 公司其他域名的切换
# 4s店微信
server {
listen 8080;
server_name wx4s.sinoassist.com;
location / {
proxy_pass http://192.168.10.7:8777;
}
}
# 微信供应商
server {
listen 8080;
server_name wxdd.sinoassist.com;
location / {
proxy_pass http://192.168.10.7:8568;
}
}
# 呼叫中心接口
server {
listen 8080;
server_name apicc.sinoassist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
location / {
proxy_pass http://192.168.5.201:8080;
}
}
# 呼叫中心接口websocket
server {
listen 8080;
server_name apiccws.sinoassist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
location / {
proxy_pass http://192.168.5.201:1884;
}
}
## 救援生产环境其他服务域名切换
## rabbitmq stomp
upstream stomp.zhongdao {
server review_rabbitmq_queue1:15674;
server review_rabbitmq_queue2:15674;
server review_rabbitmq_stats:15674;
}
server {
listen 8080;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
server_name stomp.sinoassist.com;
location / {
proxy_pass http://stomp.zhongdao;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# 备份文件服务器
server {
listen 8080;
server_name file.sinoassist.com;
include /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
# 录音文件服务器
location /ly/ {
proxy_pass http://192.168.5.204:8088/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
# 备份文件服务器
location / {
proxy_pass http://192.168.10.18:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
if ($request_filename ~ .*\.(htm|html)$)
{
add_header Cache-Control no-cache;
}
}
}

11
docker-swarm-review/nginx-review-132/nginx_ssl_sinoassist_conf_v1 Normal file
View File

@@ -0,0 +1,11 @@
listen 8443 ssl;
ssl_certificate /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.pem;
ssl_certificate_key /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

59
docker-swarm-review/nginx-review-132/swarm/docker-compose.yml Normal file
View File

@@ -0,0 +1,59 @@
version: "3.8"
services:
nginx-review:
image: nginx:alpine
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 18888
published: 18888
protocol: tcp
mode: host
- target: 18889
published: 18889
protocol: tcp
mode: host
- target: 1180
published: 1180
protocol: tcp
mode: host
- target: 8888
published: 8888
protocol: tcp
mode: host
- target: 38888
published: 38888
protocol: tcp
mode: host
environment:
- TZ=Asia/Shanghai
volumes:
- /data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /data/nginx/sites:/etc/nginx/sites:ro
- /data/nginx/ssl.sino_assist.conf:/etc/nginx/ssl.sino_assist.conf:ro
- /data/nginx/ssl.conf:/etc/nginx/ssl.conf:ro
- /data/nginx/ssl:/etc/nginx/ssl:ro
- /opt/logs/nginx:/var/log/nginx
deploy:
replicas: 1
placement:
constraints:
- node.hostname == ZD-BAK-APP2
restart_policy:
condition: on-failure
update_config:
parallelism: 1
delay: 10s
networks:
- review
networks:
review:
external: true

14
docker-swarm-review/nginx-review-132/swarm/logrotate-nginx Normal file
View File

@@ -0,0 +1,14 @@
/opt/logs/nginx/*.log {
daily
rotate 90
dateext
dateformat -%Y%m%d
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
docker kill --signal=USR1 $(docker ps -qf name=nginx-review) 2>/dev/null || true
endscript
}

73
docker-swarm-review/nginx-review-132/swarm/nginx.conf Normal file
View File

@@ -0,0 +1,73 @@
worker_processes auto;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
client_max_body_size 500m;
sendfile on;
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 3;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
keepalive_timeout 6500;
proxy_connect_timeout 6000;
proxy_read_timeout 6000;
proxy_send_timeout 6000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 默认 server拦截无匹配请求
server {
listen 80 default_server;
location / {
return 404;
}
}
include /etc/nginx/sites/*.conf;
}
stream {
upstream http_gateway {
server 127.0.0.1:18888;
}
upstream https_gateway {
server 127.0.0.1:18889;
}
map $ssl_preread_protocol $upstream {
default http_gateway;
"TLSv1.0" https_gateway;
"TLSv1.1" https_gateway;
"TLSv1.2" https_gateway;
"TLSv1.3" https_gateway;
}
server {
listen 8888;
listen 38888;
ssl_preread on;
proxy_pass $upstream;
}
}

95
docker-swarm-review/nginx-review-132/swarm/sites/crm1.conf Normal file
View File

@@ -0,0 +1,95 @@
server {
listen 80;
server_name crm1.sino-assist.com api1.sino-assist.com api-sit.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
# 中道汽车救援公众号
location /MP_verify_TyW3WkUF0gacMB4m.txt {
default_type text/html;
return 200 "TyW3WkUF0gacMB4m";
}
# 中道汽车服务服务号
location /MP_verify_WjQInvWDvPvfZvL0.txt {
default_type text/html;
return 200 "WjQInvWDvPvfZvL0";
}
location / {
proxy_pass http://192.168.1.209:8080/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
location /h5/supplier/dispatch {
proxy_pass http://192.168.1.209:8031/h5/supplier/dispatch;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location ^~ /dev/h5/rescue {
rewrite ^/dev/h5/rescue/(.*)$ /h5/client/$1 break;
proxy_pass http://192.168.1.209:8032;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location ^~ /dev/h5/rvc {
rewrite ^/dev/h5/rvc/(.*)$ /h5/rvc/$1 break;
proxy_pass http://192.168.1.209:8035;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /h5/rvc/ {
proxy_pass http://192.168.1.209:8035/;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /h5/client/ {
proxy_pass http://192.168.1.209:8032/;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /dev/h5/rentCar {
proxy_pass http://192.168.1.209:8034/dev/h5/rentCar;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
}
server {
listen 80;
server_name portainer.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.209:9000/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name oem-jlr.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.226:5868/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

75
docker-swarm-review/nginx-review-132/swarm/sites/crm2.conf Normal file
View File

@@ -0,0 +1,75 @@
server {
listen 80;
server_name api2.sino-assist.com interface.crm2.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /oss/minio/ {
proxy_set_header Host $http_host;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_pass http://192.168.3.132:28773/oss/minio/;
}
location ~ .*actuator.* {
deny all;
}
location / {
proxy_pass http://192.168.1.209:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name test-api-sh.do-dec.com test-api-nj.do-dec.com test-api-cd.do-dec.com test-api-wh.do-dec.com test-api-hz.do-dec.com;
location / {
proxy_pass http://192.168.1.209:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
# cc.crm2 前端https
server {
include /etc/nginx/ssl.sino_assist.conf;
server_name cc.crm2.sino-assist.com crm2.sino-assist.com;
location / {
proxy_pass http://192.168.1.209:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
# http → https 跳转
server {
listen 80;
server_name cc.crm2.sino-assist.com crm2.sino-assist.com;
return 301 https://$server_name$request_uri;
}
server {
listen 80;
server_name stomp2.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.209:15674;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
}

27
docker-swarm-review/nginx-review-132/swarm/sites/fastdfs.conf Normal file
View File

@@ -0,0 +1,27 @@
server {
listen 18888;
listen 18889 ssl;
server_name file-gk.sino-assist.com;
include /etc/nginx/ssl.conf;
location /n1/ {
proxy_pass http://192.168.3.125:8080/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
location / {
proxy_pass http://192.168.3.119:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

242
docker-swarm-review/nginx-review-132/swarm/sites/git.conf Normal file
View File

@@ -0,0 +1,242 @@
server {
listen 80;
server_name jira.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:8018/;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_redirect off;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_buffers 32 4k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
}
server {
listen 80;
server_name itsm.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /WW_verify_TWp375Kzd79EfP0l.txt {
default_type text/html;
return 200 "TWp375Kzd79EfP0l";
}
location / {
proxy_pass http://192.168.3.200:8013/;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_redirect off;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_buffers 32 4k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
}
server {
listen 80;
server_name wiki.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.101:8081;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
proxy_read_timeout 86400s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_cache off;
}
}
server {
listen 80;
server_name vote.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.124:8089;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
proxy_read_timeout 86400s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_cache off;
}
}
server {
listen 80;
server_name jira.sinoassist.com;
location / {
proxy_pass http://192.168.3.129:10880/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 1180;
location / {
proxy_pass http://192.168.3.140:8018/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name harbor.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:8082/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name docker-mirror.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:5000/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name git.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:3000/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name maven.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:8081/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name api-doc.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.129:7700/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name hr.sinoassist.com;
include /etc/nginx/ssl.conf;
location / {
proxy_pass http://192.168.3.200:8012;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name training.sino-assist.com;
include /etc/nginx/ssl.conf;
location / {
proxy_pass http://192.168.1.226:8090;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name csc.sino-assist.com;
location / {
proxy_pass http://192.168.1.161:8011;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name file.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.1.171:8088/;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

14
docker-swarm-review/nginx-review-132/swarm/sites/oss.conf Normal file
View File

@@ -0,0 +1,14 @@
server {
listen 80;
server_name oss.sinoassist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.125:25773;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

70
docker-swarm-review/nginx-review-132/swarm/sites/pay.conf Normal file
View File

@@ -0,0 +1,70 @@
server {
listen 80;
server_name pay.sinoassist.com;
include /etc/nginx/ssl.conf;
location /MP_verify_WjQInvWDvPvfZvL0.txt {
default_type text/html;
return 200 "WjQInvWDvPvfZvL0";
}
location /api/ {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://192.168.3.125:9216;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://192.168.3.125:9226;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name pay-manager.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /api/ {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://192.168.3.125:9217;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://192.168.3.125:9227;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
server {
listen 80;
server_name pay-client.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /api/ {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://192.168.3.125:9218;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://192.168.3.125:9228;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

80
docker-swarm-review/nginx-review-132/swarm/sites/review.conf Normal file
View File

@@ -0,0 +1,80 @@
# review 后端接口(原经 3.110 → 3.132:18092 中转,现直连网关)
server {
listen 80;
server_name interface.review.sino-assist.com apireview.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.132:28092;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
location ~ .*actuator.* {
deny all;
}
}
# review 前端
server {
include /etc/nginx/ssl.sino_assist.conf;
server_name cc.review.sino-assist.com ccreview.sino-assist.com;
location /MP_verify_TyW3WkUF0gacMB4m.txt {
default_type text/html;
return 200 "TyW3WkUF0gacMB4m";
}
location /MP_verify_WjQInvWDvPvfZvL0.txt {
default_type text/html;
return 200 "WjQInvWDvPvfZvL0";
}
location /dev/h5/rescue/ {
proxy_pass http://192.168.1.209:8032/;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /m/ {
return 301 https://api1.sino-assist.com/base/shortUrlMappings/$request_uri;
}
location /m/dev- {
return 301 https://api.sinoassist.com/base/shortUrlMappings/$request_uri;
}
location / {
proxy_pass http://192.168.3.132:8081;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}
# http → https 跳转
server {
listen 80;
server_name cc.review.sino-assist.com ccreview.sino-assist.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://ccreview.sino-assist.com$request_uri;
}
server {
listen 80;
server_name jenkins.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.120:8081;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
}

43
docker-swarm-review/nginx-review-132/swarm/sites/uat.conf Normal file
View File

@@ -0,0 +1,43 @@
# http → https 跳转
server {
listen 80;
server_name uat.sino-assist.com api-uat.sino-assist.com api-pre.sino-assist.com;
return 301 https://$host$request_uri;
}
server {
server_name uat.sino-assist.com api-uat.sino-assist.com api-pre.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_cookie_path / "/; HttpOnly; Secure; SameSite=Strict";
proxy_pass http://192.168.3.126:8080/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
if ($request_filename ~ .*\.(htm|html)$) {
add_header Cache-Control no-cache;
}
}
location /h5/supplier/dispatch {
proxy_pass http://192.168.3.126:8031/h5/supplier/dispatch;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /h5/client {
proxy_pass http://192.168.3.126:8032/h5/client;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
location /dev/h5/rentCar {
proxy_pass http://192.168.3.126:8034/dev/h5/rentCar;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
}

32
docker-swarm-review/nginx-review-132/swarm/sites/wx.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 80;
server_name supplierwxtest.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /ws {
proxy_pass http://192.168.3.111:13000/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
proxy_pass http://192.168.13.24:8081;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
}
server {
listen 80;
server_name site.sinoassist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.10.2:8090;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 200m;
}
}

60
docker-swarm-review/nginx-review-132/swarm/sites/zd_report.conf Normal file
View File

@@ -0,0 +1,60 @@
server {
listen 80;
server_name report.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location /SinoGYS {
proxy_pass http://192.168.14.47/SinoGYS;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
location /SinoORG {
proxy_pass http://192.168.14.47/SinoORG;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
location / {
proxy_pass http://192.168.3.123:8080;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
server {
listen 80;
server_name bi.sino-assist.com;
include /etc/nginx/ssl.sino_assist.conf;
location / {
proxy_pass http://192.168.3.123:4280;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
server {
listen 80;
server_name bi.sinoassist.com;
include /etc/nginx/ssl.conf;
location /WW_verify_TWp375Kzd79EfP0l.txt {
default_type text/html;
return 200 "TWp375Kzd79EfP0l";
}
location / {
proxy_pass http://192.168.3.131:80;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}

8
docker-swarm-review/nginx-review-132/swarm/ssl.conf Normal file
View File

@@ -0,0 +1,8 @@
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/2026/sinoassist.com.pem;
ssl_certificate_key /etc/nginx/ssl/2026/sinoassist.com.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

8
docker-swarm-review/nginx-review-132/swarm/ssl.sino_assist.conf Normal file
View File

@@ -0,0 +1,8 @@
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/23368363_sino-assist.com_nginx/sino-assist.com.pem;
ssl_certificate_key /etc/nginx/ssl/23368363_sino-assist.com_nginx/sino-assist.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

4
docker-swarm-review/nginx/README Normal file
View File

@@ -0,0 +1,4 @@
# crm1环境下 部署nginx
env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_nginx

26
docker-swarm-review/nginx/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
version: '3.8'
networks:
default:
name: ${NAMESPACE}
external: true
services:
server:
image: 'docker.io/bitnami/nginx:1.24'
ports:
- '${NODE_PORT}:8080'
environment:
- TZ=Asia/Shanghai
configs:
- source: custome_config
target: /opt/bitnami/nginx/conf/server_blocks/crm1.conf
deploy:
update_config:
order: start-first
placement:
constraints:
- node.labels.${NAMESPACE}_nginx==1
configs:
custome_config:
external: true
name: ${CUSTOME_CONFIG}

3
docker-swarm-review/nginx/env_crm1 Normal file
View File

@@ -0,0 +1,3 @@
NAMESPACE=crm1
NODE_PORT=8080
CUSTOME_CONFIG=crm1_nginx_config

211
docker-swarm-review/pipeline-script Normal file
View File

@@ -0,0 +1,211 @@
#!/usr/bin/env groovy
import groovy.json.JsonSlurperClassic
//properties(projectProperties)
def jsonOption = new JsonSlurperClassic().parseText(params.modulesOption)
echo "jsonOption ${jsonOption}"
jsonOption.harbor = "harbor.sino-assist.com"
jsonOption.deploy_server = "192.168.3.132"
jsonOption.profile = "review"
jsonOption.nacos_address = "review-nacos1:8848,review-nacos2:8848,review-nacos3:8848"
jsonOption.namespace = "review"
def branch = params.branch
def DOCKER_CREDENTIAL_ID = 'harbor'
def REGISTRY_URL = jsonOption.harbor
def IMAGE_TAG = params.branch
def deploy_modules = jsonOption.deploy_modules
def deploy_server = jsonOption.deploy_server
def deploy_step = jsonOption.deploy_step
// 根据传入的部署模块配置build的内容
def deploy_project_names = ""
for (module in deploy_modules) {
if (module.o == true) {
deploy_project_names += " ${module.module}:jib "
}
}
node {
def gradleHome = tool 'gradle'
def gradle = "${gradleHome}/bin/gradle"
stage('checkout') {
git branch: branch, credentialsId: 'gitlab', url: 'https://git.sino-assist.com/server/sa-server.git'
}
stage('docker-build-push') {
if (deploy_step.contains("打包镜像")) {
withCredentials([usernamePassword(passwordVariable: 'DOCKER_PASSWORD', usernameVariable: 'DOCKER_USERNAME', credentialsId: "${DOCKER_CREDENTIAL_ID}",)]) {
sh "docker login $REGISTRY_URL -u '$DOCKER_USERNAME' -p '$DOCKER_PASSWORD'"
}
sh "$gradle $deploy_project_names -x test --parallel --build-cache -Pdocker_hub='$REGISTRY_URL' -Pdocker_version=$IMAGE_TAG -Djib.console=plain"
}
}
if (deploy_step.contains("部署服务")) {
stage('docker-deploy') {
for (final module in deploy_modules) {
if (module.o == true) {
def modules = module.module.split(":")
module.projectName = modules[modules.length - 1]
module.imageTag = IMAGE_TAG
echo "deploy module ${module.module}"
def services = docker_service_param(module, jsonOption)
echo "部署服务"
for (final def svc in services) {
String yml = makeYML(svc)
String serverName = svc.get("serviceName")
String ymlFile = "/data/swarm/${serverName}.yml"
// 添加 SSH 选项: -o StrictHostKeyChecking=no 跳过 host key 检查
String deploy = "sshpass -p 'Sino.2025' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@${deploy_server} \" mkdir -p /data/swarm/ && echo '''${yml}''' > ${ymlFile} && docker stack deploy -c ${ymlFile} ${serverName} --prune --with-registry-auth\""
echo deploy
sh deploy
}
}
}
}
}
}
def makeYML(params) {
return """
version: \\"3.8\\"
services:
svc:
image: ${params.IMAGE}
environment:
- active_profile=${params.profile}
- nacos_address=${params.nacos_address}
- nacos_password=gkxl2024#@
- namespace=${params.namespace}
- project_name=${params.projectName}
- params=${params.params}
- nativeIp=${params.nativeIp}
- reservationsMemory=${params.reservationsMemory}
- limitMemory=${params.limitMemory}
- TZ=Asia/Shanghai
ports:
- '${params.port}:8080'
healthcheck:
test: \\"curl --fail --silent localhost:8080/actuator/health/ping | grep UP || exit 1\\"
interval: 15s
timeout: 5s
retries: 20
volumes:
- ${params.namespace}_logs:/logs
logging:
driver: json-file
options:
max-size: "1G"
max-file: "3"
extra_hosts:
- "hostname:127.0.0.1"
- "open.property.cic.cn:59.46.218.8"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
update_config:
order: stop-first
resources:
limits:
cpus: \\"${params.limitCpu}\\"
memory: ${params.limitMemory}
reservations:
cpus: \\"${params.reservationsCpu}\\"
memory: ${params.reservationsMemory}
placement:
constraints:
- "node.hostname==${params.hostname}"
networks:
default:
name: ${params.namespace}
external: true
volumes:
${params.namespace}_logs:
external: true
"""
}
// 转换内存格式0.1G -> 102M, 0.5G -> 512M, 1G -> 1G
def convertMemory(String mem) {
if (mem == null || mem.trim().isEmpty()) {
return "512M"
}
mem = mem.trim().toUpperCase()
// 如果是小数G格式转换为M
if (mem.matches(/^\d+\.\d+G$/)) {
def value = mem.replace("G", "").toDouble()
def mbValue = (value * 1024).intValue()
return "${mbValue}M"
}
return mem
}
def docker_service_param(module, jsonOption) {
def ipHostnameMap = [
'192.168.3.132': 'ZD-BAK-APP2',
'192.168.3.133': 'zd-bak-app3',
'192.168.3.134': 'ZD-BAK-APP1',
]
def projectName = module.projectName
def node = module.node
def cpu = module.cpu.split("-")
def memory = module.memory.split("-")
// 转换内存格式,确保 Java 堆参数有效
def reservationsMemory = convertMemory(memory[0])
def limitMemory = convertMemory(memory[1])
def address = module.address.split("\n")
def services = []
for (final def add in address) {
def addSplit = add.split(":")
def ip = addSplit[0]
def port = addSplit[1]
def hostname = ipHostnameMap.get(ip)
def serviceName = """ss${ip.split("\\.")[3]}_${projectName}"""
def par = """-Dspring.cloud.inetutils.preferredNetworks=10.18"""
services.add([
nacos_address : jsonOption.nacos_address,
namespace : jsonOption.namespace,
projectName : projectName,
IMAGE : "$jsonOption.harbor/sa-server/$projectName:$module.imageTag",
profile : jsonOption.profile,
node : node, // 副本数量
reservationsCpu : cpu[0], // 保留cpu
limitCpu : cpu[1], // 最大cpu
reservationsMemory: reservationsMemory, // 保留内存(已转换格式)
limitMemory : limitMemory, // 最大内存(已转换格式)
serviceName : serviceName,
hostname : hostname,
port : port,
nativeIp : ip,
params : par
])
}
echo "params ${params}"
return services
}
// vim: ft=groovy

Some files were not shown because too many files have changed in this diff Show More