# gitea+drone_cicd部署记录 ## 基础环境 1. centos 7.6 bit64 *3 2. mysql 8.0 3. gitea 1.16.8 4. Nginx nginx-1.20.0 ## 服务器划分 - 一台 2H4G8M80G硬盘的腾讯云(248-3) 安装 mysql+gitea+nginx(代理gitea) - 一台 2H4G8M60G硬盘的腾讯云(248-2) 安装docker+drone+drone runner - 一台 2H4G8M60G硬盘的腾讯云(248-1) 安装 mysql+java+ nginx(服务发布) ## 安装mysql #### 下载mysql 源 打开地址 https://dev.mysql.com/downloads/repo/yum/ 找到 **Red Hat Enterprise Linux 7 / Oracle Linux 7 (Architecture Independent), RPM Package** 点击进去 找到 mysql 8.0 的源 在ssh 中下载 ``` wget https://repo.mysql.com//mysql80-community-release-el7-6.noarch.rpm ``` 查找 并卸载 自带的mysql ``` rpm -qa|grep mysql find / -name mysql rpm -e --nodeps mysql-libs-5.1.* ``` #### 安装mysql ``` //安装 mysql 源 yum localinstall mysql80-community-release-el7-3.noarch.rpm //安装密钥 rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 //安装mysql 8.0 yum install mysql-community-server //启动 mysql service mysqld start ``` #### 修改mysql 密码 ```arcade //查询密码 grep 'temporary password' /var/log/mysqld.log //登录mysql mysql -uroot -p //修改密码 ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!'; //刷新权限 flush privileges; //创建用户名 create user '你的用户名'@'%' identified with mysql_native_password by '你的密码'; create user 'gitea'@'%' identified with mysql_native_password by 'gitea147258;D'; //设置权限 grant all on *.* to '你的用户名'@'%'; grant all on *.* to 'gitea'@'%'; //刷新权限 flush privileges; ``` ## 安装gitea ### 安装git ``` yum -y install git ``` ### 安装gitea ``` 创建一个目录用于存放gitea和git数据的目录 mkdir /opt/git // 创建用户组 groupadd git //创建用户 useradd git -g git //进入创建的目录 cd /opt/git //下载github 最新版 (https://github.com/go-gitea/gitea) wget -O gitea https://github.com/go-gitea/gitea/releases/download/v1.16.8/gitea-1.16.8-linux-amd64 // 设置成可运行文件 chmod +x gitea //切换至 git 用户 su git 测试运行 能访问后 退出 切换到 root ./gitea web //将刚刚创建的目录授权给 git 用户,组。 chown -R git:git /opt/git //设置进程守护 vim /etc/systemd/system/gitea.service [Unit] Description=Gitea After=syslog.target After=network.target [Service] RestartSec=2s Type=simple User=git Group=git ExecStart=/opt/git/gitea web --config /opt/git/custom/conf/app.ini Restart=always [Install] WantedBy=multi-user.target //运行 systemctl start gitea // 查看是否成功运行 ps -aux | grep gitea ``` ### 安装Nginx #### 下载nginx ```bash //切换目录 (看个人习惯) cd /opt/nginx wget http://nginx.org/download/nginx-1.20.0.tar.gz ``` #### 安装依赖 ``` # 安装gcc、gcc-c++ yum -y install gcc yum -y install gcc-c++ # 安装pcre 、zilb yum -y install pcre* yum -y install zlib* # 安装openssl(若需要支持 https 协议) yum -y install openssl yum -y install openssl-devel ``` #### 解压nginx ``` tar -zxvf nginx-1.20.0.tar.gz ``` #### 编译nginx ``` //进入nginx 目录 cd nginx-1.20.0 //配置编译参数 ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre //编译安装 make && make install //指定配置启动 访问ip 看到欢迎信息则成功 /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ``` #### 进程守护 ``` # 新建文件 vim /lib/systemd/system/nginx.service # 添加内容 [Unit] Description=nginx.server After=network.target [Service] Type=forking PIDFILE=/var/run/nginx.pid ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecRepload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target ``` #### 开机自启 ``` # 启动nginx服务 systemctl start nginx.service # 停止nginx服务 systemctl stop nginx.service # 重启nginx服务 systemctl restart nginx.service # 查看nginx服务当前状态 systemctl status nginx.service # 设置nginx服务开机自启动 systemctl enable nginx.service # 停止nginx服务开机自启动 systemctl disable nginx.service ``` #### 常用命令 ``` # 进入目录 cd /usr/local/nginx/sbin # 验证配置是否正确 ./nginx -t # 如果看到如下内容, 那么配置正确, 可以重启Nginx nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful # 重启Nginx, 之后就可以通过域名访问了, 哈哈 ./nginx -s reload ``` #### 配置反向代理 目录 ssl证书自行替换 ``` server { listen 80; listen 443 ssl http2; server_name gitea.dr1997.com; index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/gitea_dr1997_com; #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则 #error_page 404/404.html; #HTTP_TO_HTTPS_START if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } #HTTP_TO_HTTPS_END ssl_certificate /www/ssl/gitea_dr1997_com/fullchain.pem; ssl_certificate_key /www/ssl/gitea_dr1997_com/privkey.pem; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri; #SSL-END #ERROR-PAGE-START 错误页配置,可以注释、删除或修改 #error_page 404 /404.html; #error_page 502 /502.html; #ERROR-PAGE-END #引用反向代理规则,注释后配置的反向代理将无效 location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:3000; } location ~ .*\.(js|css|png)$ { proxy_pass http://127.0.0.1:3000; } #PROXY-END/ #禁止访问的文件或目录 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } access_log /www/wwwlogs/gitea.dr1997.com.log; error_log /www/wwwlogs/gitea.dr1997.com.error.log; } ``` ## 安装 Drone ### 安装 drone server ### 安装 drone runner ### 流水线配置 ``` workspace: base: /srv/drone-demo path: . pipeline: build: image: golang:alpine # pull: true environment: - KEY=VALUE secrets: [key1, key2] commands: - echo $$KEY - pwd - ls - go version - GO111MODULE=off CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app ./ - ls - ./app ``` 全程容器化 ``` docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITEA_SERVER=https://git.dr1997.com \ --env=DRONE_GITEA_CLIENT_ID=74e78545-efa3-4c69-b9a3-226579f65ead \ --env=DRONE_GITEA_CLIENT_SECRET=BeSfuXea0EFwNCNNE3dLA4aDbZUyAeFEmpjpibZx1Ysq \ --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \ --env=DRONE_SERVER_HOST=drone.dr1997.com \ --env=DRONE_SERVER_PROTO=https \ --env=DRONE_TLS_AUTOCERT=true \ --env=DRONE_GIT_ALWAYS_AUTH=true \ --publish=80:80 \ --publish=443:443 \ --restart=always \ --detach=true \ --name=drone \ drone/drone:2 docker pull drone/drone-runner-docker:1 docker run --detach \ --volume=/var/run/docker.sock:/var/run/docker.sock \ --env=DRONE_RPC_PROTO=https \ --env=DRONE_RPC_HOST=drone.dr1997.com \ --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \ --env=DRONE_RUNNER_CAPACITY=2 \ --env=DRONE_RUNNER_NAME=my-first-runner \ --publish=3000:3000 \ --restart=always \ --name=runner \ drone/drone-runner-docker:1 ```