更新

2022-08-28 09:57:48 +08:00
parent b7a0a5c104
commit 84be98ac74
20 changed files with 3211 additions and 0 deletions
--- a/gitea+drone_cicd部署.md
+++ b/gitea+drone_cicd部署.md
@ -0,0 +1,425 @@
+
+
+# gitea+drone_cicd部署记录
+
+
+
+## 基础环境
+
+1. centos 7.6 bit64 *3
+2. mysql 8.0
+3. gitea 1.16.8
+4. Nginx nginx-1.20.0
+
+## 服务器划分
+
+- 一台 2H4G8M80G硬盘的腾讯云(248-3) 安装 mysql+gitea+nginx(代理gitea)
+- 一台 2H4G8M60G硬盘的腾讯云(248-2) 安装docker+drone+drone runner 
+- 一台 2H4G8M60G硬盘的腾讯云(248-1) 安装 mysql+java+ nginx(服务发布)  
+
+
+
+## 安装mysql
+
+#### 下载mysql 源
+
+打开地址
+
+https://dev.mysql.com/downloads/repo/yum/
+
+找到 **Red Hat Enterprise Linux 7 / Oracle Linux 7 （Architecture Independent）， RPM Package**
+
+点击进去 找到 mysql 8.0 的源
+
+在ssh 中下载  
+
+```
+wget  https://repo.mysql.com//mysql80-community-release-el7-6.noarch.rpm
+```
+
+查找 并卸载 自带的mysql 
+
+```
+rpm -qa|grep mysql
+find / -name mysql
+
+rpm -e --nodeps mysql-libs-5.1.*
+
+```
+
+#### 安装mysql
+
+```
+
+//安装 mysql 源
+yum localinstall mysql80-community-release-el7-3.noarch.rpm
+
+
+//安装密钥
+rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
+
+//安装mysql 8.0
+yum install mysql-community-server
+
+
+//启动 mysql
+service mysqld start
+
+```
+
+#### 修改mysql 密码
+
+```arcade
+//查询密码
+grep 'temporary password' /var/log/mysqld.log
+
+//登录mysql
+mysql -uroot -p 
+
+//修改密码
+ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
+
+//刷新权限
+flush privileges;
+
+
+//创建用户名
+create user '你的用户名'@'%' identified with mysql_native_password by '你的密码';
+create user 'gitea'@'%' identified with mysql_native_password by 'gitea147258;D';
+//设置权限
+grant all on *.* to '你的用户名'@'%';
+grant all on *.* to 'gitea'@'%';
+//刷新权限
+flush privileges;
+
+```
+
+## 安装gitea
+
+
+
+### 安装git
+
+```
+yum -y install git
+```
+
+### 安装gitea
+
+```
+创建一个目录用于存放gitea和git数据的目录
+mkdir /opt/git
+
+// 创建用户组
+groupadd git
+//创建用户
+useradd git -g git 
+
+//进入创建的目录 
+cd /opt/git
+
+//下载github 最新版 (https://github.com/go-gitea/gitea)
+wget -O gitea  https://github.com/go-gitea/gitea/releases/download/v1.16.8/gitea-1.16.8-linux-amd64
+
+// 设置成可运行文件
+chmod +x gitea
+
+
+//切换至 git 用户
+su git
+
+测试运行  能访问后 退出 切换到 root  
+./gitea web
+
+//将刚刚创建的目录授权给 git 用户，组。
+chown -R git:git /opt/git
+
+
+//设置进程守护
+vim /etc/systemd/system/gitea.service
+
+[Unit]
+Description=Gitea
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+ExecStart=/opt/git/gitea web --config /opt/git/custom/conf/app.ini
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
+
+
+//运行
+systemctl start gitea
+// 查看是否成功运行
+ps -aux | grep gitea
+```
+
+### 安装Nginx
+
+#### 下载nginx 
+
+```bash
+//切换目录 (看个人习惯)
+cd /opt/nginx
+wget http://nginx.org/download/nginx-1.20.0.tar.gz
+
+```
+
+#### 安装依赖
+
+```
+# 安装gcc、gcc-c++
+yum -y install gcc
+yum -y install gcc-c++
+
+# 安装pcre 、zilb
+yum -y install pcre*
+yum -y install zlib*
+
+# 安装openssl(若需要支持 https 协议)
+yum -y install openssl
+yum -y install openssl-devel
+```
+
+
+
+#### 解压nginx
+
+```
+tar -zxvf nginx-1.20.0.tar.gz
+```
+
+#### 编译nginx
+
+```
+ //进入nginx 目录
+ cd nginx-1.20.0
+ 
+ //配置编译参数
+ ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre
+ 
+ //编译安装
+ make && make install
+ 
+ //指定配置启动 访问ip 看到欢迎信息则成功
+ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
+ 
+ 
+ 
+```
+
+#### 进程守护
+
+```
+# 新建文件
+vim /lib/systemd/system/nginx.service
+
+# 添加内容
+[Unit]
+Description=nginx.server
+After=network.target
+
+[Service]
+Type=forking
+PIDFILE=/var/run/nginx.pid
+ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
+ExecRepload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
+```
+
+
+
+#### 开机自启
+
+```
+# 启动nginx服务
+systemctl start nginx.service
+
+# 停止nginx服务
+systemctl stop nginx.service
+
+# 重启nginx服务
+systemctl restart nginx.service
+
+# 查看nginx服务当前状态
+systemctl status nginx.service
+
+# 设置nginx服务开机自启动
+systemctl enable nginx.service
+
+# 停止nginx服务开机自启动
+systemctl disable nginx.service
+```
+
+
+
+#### 常用命令
+
+```
+# 进入目录
+cd /usr/local/nginx/sbin
+
+# 验证配置是否正确
+./nginx -t
+# 如果看到如下内容, 那么配置正确, 可以重启Nginx
+nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
+nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
+
+# 重启Nginx, 之后就可以通过域名访问了, 哈哈
+./nginx -s reload
+```
+
+
+
+#### 配置反向代理
+
+目录 ssl证书自行替换
+
+```
+server
+{
+    listen 80;
+	listen 443 ssl http2;
+    server_name gitea.dr1997.com;
+    index index.php index.html index.htm default.php default.htm default.html;
+    root /www/wwwroot/gitea_dr1997_com;
+
+    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
+    #error_page 404/404.html;
+    #HTTP_TO_HTTPS_START
+    if ($server_port !~ 443){
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    #HTTP_TO_HTTPS_END
+    ssl_certificate    /www/ssl/gitea_dr1997_com/fullchain.pem;
+    ssl_certificate_key    /www/ssl/gitea_dr1997_com/privkey.pem;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497  https://$host$request_uri;
+
+    #SSL-END
+
+    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+
+	#引用反向代理规则，注释后配置的反向代理将无效
+
+	location / {
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_pass    http://127.0.0.1:3000;
+	}
+	location ~ .*\.(js|css|png)$ {
+		proxy_pass  http://127.0.0.1:3000;
+	}
+	#PROXY-END/
+	
+    #禁止访问的文件或目录
+    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
+    {
+        return 404;
+    }
+
+
+    access_log  /www/wwwlogs/gitea.dr1997.com.log;
+    error_log  /www/wwwlogs/gitea.dr1997.com.error.log;
+}
+```
+
+## 安装 Drone
+
+### 安装 drone server
+
+### 安装 drone runner
+
+### 流水线配置
+
+```
+workspace:
+  base: /srv/drone-demo
+  path: .
+
+pipeline:
+  build:
+     image: golang:alpine
+     # pull: true
+     environment:
+       - KEY=VALUE
+     secrets: [key1, key2]
+     commands:
+       - echo $$KEY
+       - pwd
+       - ls
+       - go version  
+       - GO111MODULE=off CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app ./
+       - ls
+       - ./app
+
+```
+
+全程容器化
+
+
+
+```
+
+docker run \
+  --volume=/var/lib/drone:/data \
+  --env=DRONE_GITEA_SERVER=https://git.dr1997.com \
+  --env=DRONE_GITEA_CLIENT_ID=74e78545-efa3-4c69-b9a3-226579f65ead \
+  --env=DRONE_GITEA_CLIENT_SECRET=BeSfuXea0EFwNCNNE3dLA4aDbZUyAeFEmpjpibZx1Ysq \
+  --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
+  --env=DRONE_SERVER_HOST=drone.dr1997.com \
+  --env=DRONE_SERVER_PROTO=https \
+  --env=DRONE_TLS_AUTOCERT=true \
+  --env=DRONE_GIT_ALWAYS_AUTH=true \
+  --publish=80:80 \
+  --publish=443:443 \
+  --restart=always \
+  --detach=true \
+  --name=drone \
+  drone/drone:2
+  
+  
+  
+  
+  docker pull drone/drone-runner-docker:1
+  
+  
+  
+  docker run --detach \
+  --volume=/var/run/docker.sock:/var/run/docker.sock \
+  --env=DRONE_RPC_PROTO=https \
+  --env=DRONE_RPC_HOST=drone.dr1997.com \
+  --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
+  --env=DRONE_RUNNER_CAPACITY=2 \
+  --env=DRONE_RUNNER_NAME=my-first-runner \
+  --publish=3000:3000 \
+  --restart=always \
+  --name=runner \
+  drone/drone-runner-docker:1
+```
+
+
+
+
+