操作指南
大约 4 分钟约 1077 字
操作指南
主要记录了博客主题安装到服务器的流程。
1、系统环境准备
1.1、创建Ubunut用户(博客部署专用)
- sudo adduser work
- sudo usermod -aG sudo work
1.2、软件服务安装
docker安装 1、执行安装docker命令
sudo apt install docker.io.注意:使用会出现"ubuntu is not in the sudoers file. This incident will be reported."错误提示,需要配置ubuntu用户的sudo权限
2、查看docker是否安装完成.
sudo docker -version Docker version 24.0.7, build 24.0.7-0ubuntu2~22.04.1docker-compose安装
sudo apt install docker-compose sudo docker-compose --version
2、部署流程
2.1、使用docker-compose部署 gitea(测试gitea和nginx为初始服务没有做任何的配置工作)
docker-compose.yaml配置文件如下:
networks:
gitea:
external: false
services:
gitea_server:
image: registry.cn-shanghai.aliyuncs.com/happyluo/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- ./gitea/data:/data
- ./gitea/log:/data/gitea/log
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"2.2、gitea服务初始化配置,可以通过页面配置也可以通过接口配置 (只能在本机执行curl命令)
主要有一下配置项目
app_url = http(s)😕/ip/gitea/
actions = self
admin_name = blog admin_email = blog@163.com admin_passwd = work admin_confirm_passwd = work
curl -X POST -d "db_type=sqlite3&db_host=localhost%3A3306&db_user=root&db_passwd=&db_name=gitea&ssl_mode=disable&db_schema=&db_path=%2Fdata%2Fgitea%2Fgitea.db&app_name=Gitea%3A+Git+with+a+cup+of+tea&repo_root_path=%2Fdata%2Fgit%2Frepositories&lfs_root_path=%2Fdata%2Fgit%2Flfs&run_user=git&domain=120.46.206.90&ssh_port=22&http_port=3000&app_url=http%3A%2F%2F120.46.206.90%2Fgitea%2F&log_root_path=%2Fdata%2Fgitea%2Flog&smtp_addr=&smtp_port=&smtp_from=&smtp_user=&smtp_passwd=&offline_mode=on&disable_gravatar=on&disable_registration=on&default_allow_create_organization=on&default_enable_timetracking=on&no_reply_address=noreply.localhost&password_algorithm=pbkdf2&admin_name=blog&admin_email=blog%40163.com&admin_passwd=work&admin_confirm_passwd=work&actions=self" http://ip:3000/2.3、使用docker-compose部署 nginx服务
docker-compose.yaml配置文件如下:
networks:
gitea:
external: false
services:
nginx:
image: registry.cn-shanghai.aliyuncs.com/happyluo/nginx:latest
container_name: nginx
restart: always
ports:
- 80:80
- 443:443
networks:
- gitea
volumes:
- ./nginx/www:/usr/share/nginx/www
- ./nginx/ssl:/usr/share/nginx/ssl(提前准备好)
- ./nginx/nginx.conf:/etc/nginx/nginx.conf(需要修改反向代理ip)
- ./nginx/log:/var/log/nginx需要修改nginx.conf中的反向代理ip地址为内网ip地址,如果配置公网ip地址有可能因为3000端口未开放导致无法访问,不同的云服务提供商结果可能不同
nginx.conf配置如下
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 10m;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64K;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
# Http跳转Https
server {
listen 80;
# SSL 默认访问端口号为443
listen 443 ssl;
server_name blog_application;
charset utf-8;
# 证书文件的路径
ssl_certificate /usr/share/nginx/ssl/blog.crt;
# 私钥文件的路径
ssl_certificate_key /usr/share/nginx/ssl/blog.key;
ssl_session_timeout 10m;
# 请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
# 请按照以下套件配置,配置加密套件,写法遵循openssl 标准
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
# 官网
location / {
root /usr/share/nginx/www/;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location = /gitea {
proxy_pass http://${内网ip}:3000/;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ ^/(gitea|v2)($|/) {
client_max_body_size 512M;
# 确保 nginx 使用未转义 URI, 按原样保持 "%2F"。 确保 nginx 去除 "/gitea" 子路径前缀, 按原样传递 "/v2"。
rewrite ^ $request_uri;
rewrite ^(/gitea)?(/.*) $2 break;
proxy_pass http://${内网ip}:3000$uri;
# 其他的常规 HTTP 表头,见上面“使用 Nginx 作为反向代理服务”小节的配置
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}2.4、在第3步nginx服务可以访问的情况下,使用blog账号登陆,创建actions组织,导入actions@checkout,actions@scp-action代码,创建blog组织,导入blog/theme-hope模板代码
2.5、从获取全局的Runner注册token,修改runner目录下的.env的配置文件:
GITEA_INSTANCE_URL=http://ip:3000/
GITEA_RUNNER_REGISTRATION_TOKEN=Token
GITEA_RUNNER_NAME=global_runner
GITEA_RUNNER_LABELS=global_runner2.6、docker-compose启动gitea runner服务
docker-compose.yaml配置如下
networks:
gitea:
external: false
services:
act_runner:
image: registry.cn-shanghai.aliyuncs.com/happyluo/gitea-act_runner:latest
container_name: act_runner
restart: always
environment:
GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL}
GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
GITEA_RUNNER_NAME: ${GITEA_RUNNER_NAME}
GITEA_RUNNER_LABELS: ${GITEA_RUNNER_LABELS}
networks:
- gitea
depends_on:
- gitea_server
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock2.7、runner启动成功之后,需要登录服务配置runner的密钥参数用于后续的自动发版。
key,username,port,host其中key需要在服务器提前生成。
2.8、docker pull registry.cn-shanghai.aliyuncs.com/happyluo/gitee_runner-images镜像,然后重命名为gitea/runner-images.外网docker无法下载。
- docker pull registry.cn-shanghai.aliyuncs.com/happyluo/gitee_runner-images
- docker tag images gitea/runner-images