一.先使用管理员权限:
sudo -i
二.安装ufc
1.apt-get install ufw
2.设置默认访问规则:
sudo ufw default deny incoming
sudo ufw default allow outgoing
3.设置服务规则:
ufw allow 22
ufw allow 443
4.启用防火墙:
ufw enable
5.查看防火墙状态:
ufw status
6.如果您曾经添加或删除规则,您应该重新加载防火墙:
ufw reload
7.如果您需要关闭防火墙:
ufw disable
二.保护服务器:Fail2ban(可选)
apt-get update
apt-get install fail2ban
三:安装docker
官网地址:https://docs.docker.com/engine/install/
1.卸载旧的版本(如果有的话):
apt-get remove docker docker-engine docker.io containerd runc
2.使用Docker 存储库安装(推荐):
更新apt包索引并安装包以允许apt通过 HTTPS 使用存储库:
apt-get update
apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
3.添加 Docker 的官方 GPG 密钥:
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
4.使用以下命令设置稳定存储库。要添加 nightly或test存储库,请在以下命令中的单词之后添加单词nightly或test(或两者):
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
5.安裝 Docker 引擎
更新apt包索引,安装最新版本的 Docker Engine、containerd 和 Docker Compose,或者进入下一步安装特定版本:
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
6.要安装特定版本的 Docker Engine,请在 repo 中列出可用版本,然后选择并安装:
apt-cache madison docker-ce
apt-get install docker-ce=
7.hello-world 通过运行映像来验证 Docker 引擎是否已正确安装:
docker run hello-world
四:安装Docker-Compose:
1.安装:
sudo curl -L "https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose
2.设置可执行权限:
sudo chmod +x /usr/local/bin/docker-compose
3.确认docker-compose已经正确安装:
sudo docker-compose --version
注意:对于最小的发行版,或者 /usr/local/bin 不是 $PATH 环境的一部分的系统,您可能还需要将二进制文件符号链接到 /usr/bin 中:
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
五:创建 docker-compose.yml 文件和本地目录
1.创建目录:
sudo mkdir -p /var/www/rocket.chat/data/runtime/db
sudo mkdir -p /var/www/rocket.chat/data/dump
2.下载标准docker-compose.yml标准文件:
curl -L https://go.rocket.chat/i/docker-compose.yml -O
或者curl -L https://raw.githubusercontent.com/RocketChat/Docker.Official.Image/master/compose.yml -O
注意:可以编辑文件
编辑镜像:registry.rocket.chat/rocketchat/rocket.chat:latest 以指定您希望使用的镜像(请参阅可用的 Docker 镜像部分)
从默认 http://localhost:3000 编辑 ROOT_URL 以根据需要匹配您的域名或 IP 地址
如果您有一个注册令牌来自动注册您可以提供的工作区:
REG_TOKEN={你的令牌在这里} docker-compose up -d
3.启动contianer:
docker-compose up -d
4.更新 Rocket.Chat Docker 镜像(数据不受影响):
docker pull registry.rocket.chat/rocketchat/rocket.chat:latest
docker-compose stop rocketchat
docker-compose rm rocketchat
docker-compose up -d rocketchat
六:设置自动启动跟奔溃恢复:
1.Create the upstart job for MongoDB
sudo nano /etc/init/rocketchat_mongo.conf
内容如下:
description "MongoDB service manager for rocketchat"
# Start MongoDB after docker is running
start on (started docker)
stop on runlevel [!2345]
# Automatically Respawn with finite limits
respawn
respawn limit 99 5
# Path to our app
chdir /var/www/rocket.chat
script
# Showtime
exec /usr/local/bin/docker-compose up mongo
end script
保存退出。
2.Create the upstart job for Rocket.Chat
sudo nano /etc/init/rocketchat_app.conf
内容如下:
description "Rocketchat service manager"
# Start Rocketchat only after mongo job is running
start on (started rocketchat_mongo)
stop on runlevel [!2345]
# Automatically Respawn with finite limits
respawn
respawn limit 99 5
# Path to our app
chdir /var/www/rocket.chat
script
# Bring up rocketchat app and hubot
exec /usr/local/bin/docker-compose up rocketchat hubot
end script
7.OK重启系统并查看docker 容器:
reboot
sudo docker ps -a
# HTTPS Server
server {
listen 443 ssl;
server_name chat.inumio.com;
client_max_body_size 5M;
access_log /var/log/nginx/rocket-access.log;
error_log /var/log/nginx/rocketchat_error.log;
ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
location / {
proxy_pass http://chat.inumio.com:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
文章评论