7.9 KiB
7.9 KiB
gitea+drone_cicd部署记录
基础环境
- centos 7.6 bit64 *3
- mysql 8.0
- gitea 1.16.8
- Nginx nginx-1.20.0
服务器划分
- 一台 2H4G8M80G硬盘的腾讯云(248-3) 安装 mysql+gitea+nginx(代理gitea)
- 一台 2H4G8M60G硬盘的腾讯云(248-2) 安装docker+drone+drone runner
- 一台 2H4G8M60G硬盘的腾讯云(248-1) 安装 mysql+java+ nginx(服务发布)
安装mysql
下载mysql 源
打开地址
https://dev.mysql.com/downloads/repo/yum/
找到 Red Hat Enterprise Linux 7 / Oracle Linux 7 (Architecture Independent), RPM Package
点击进去 找到 mysql 8.0 的源
在ssh 中下载
wget https://repo.mysql.com//mysql80-community-release-el7-6.noarch.rpm
查找 并卸载 自带的mysql
rpm -qa|grep mysql
find / -name mysql
rpm -e --nodeps mysql-libs-5.1.*
安装mysql
//安装 mysql 源
yum localinstall mysql80-community-release-el7-3.noarch.rpm
//安装密钥
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
//安装mysql 8.0
yum install mysql-community-server
//启动 mysql
service mysqld start
修改mysql 密码
//查询密码
grep 'temporary password' /var/log/mysqld.log
//登录mysql
mysql -uroot -p
//修改密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';
//刷新权限
flush privileges;
//创建用户名
create user '你的用户名'@'%' identified with mysql_native_password by '你的密码';
create user 'gitea'@'%' identified with mysql_native_password by 'gitea147258;D';
//设置权限
grant all on *.* to '你的用户名'@'%';
grant all on *.* to 'gitea'@'%';
//刷新权限
flush privileges;
安装gitea
安装git
yum -y install git
安装gitea
创建一个目录用于存放gitea和git数据的目录
mkdir /opt/git
// 创建用户组
groupadd git
//创建用户
useradd git -g git
//进入创建的目录
cd /opt/git
//下载github 最新版 (https://github.com/go-gitea/gitea)
wget -O gitea https://github.com/go-gitea/gitea/releases/download/v1.16.8/gitea-1.16.8-linux-amd64
// 设置成可运行文件
chmod +x gitea
//切换至 git 用户
su git
测试运行 能访问后 退出 切换到 root
./gitea web
//将刚刚创建的目录授权给 git 用户,组。
chown -R git:git /opt/git
//设置进程守护
vim /etc/systemd/system/gitea.service
[Unit]
Description=Gitea
After=syslog.target
After=network.target
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
ExecStart=/opt/git/gitea web --config /opt/git/custom/conf/app.ini
Restart=always
[Install]
WantedBy=multi-user.target
//运行
systemctl start gitea
// 查看是否成功运行
ps -aux | grep gitea
安装Nginx
下载nginx
//切换目录 (看个人习惯)
cd /opt/nginx
wget http://nginx.org/download/nginx-1.20.0.tar.gz
安装依赖
# 安装gcc、gcc-c++
yum -y install gcc
yum -y install gcc-c++
# 安装pcre 、zilb
yum -y install pcre*
yum -y install zlib*
# 安装openssl(若需要支持 https 协议)
yum -y install openssl
yum -y install openssl-devel
解压nginx
tar -zxvf nginx-1.20.0.tar.gz
编译nginx
//进入nginx 目录
cd nginx-1.20.0
//配置编译参数
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre
//编译安装
make && make install
//指定配置启动 访问ip 看到欢迎信息则成功
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
进程守护
# 新建文件
vim /lib/systemd/system/nginx.service
# 添加内容
[Unit]
Description=nginx.server
After=network.target
[Service]
Type=forking
PIDFILE=/var/run/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecRepload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
开机自启
# 启动nginx服务
systemctl start nginx.service
# 停止nginx服务
systemctl stop nginx.service
# 重启nginx服务
systemctl restart nginx.service
# 查看nginx服务当前状态
systemctl status nginx.service
# 设置nginx服务开机自启动
systemctl enable nginx.service
# 停止nginx服务开机自启动
systemctl disable nginx.service
常用命令
# 进入目录
cd /usr/local/nginx/sbin
# 验证配置是否正确
./nginx -t
# 如果看到如下内容, 那么配置正确, 可以重启Nginx
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# 重启Nginx, 之后就可以通过域名访问了, 哈哈
./nginx -s reload
配置反向代理
目录 ssl证书自行替换
server
{
listen 80;
listen 443 ssl http2;
server_name gitea.dr1997.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/gitea_dr1997_com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/ssl/gitea_dr1997_com/fullchain.pem;
ssl_certificate_key /www/ssl/gitea_dr1997_com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#引用反向代理规则,注释后配置的反向代理将无效
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000;
}
location ~ .*\.(js|css|png)$ {
proxy_pass http://127.0.0.1:3000;
}
#PROXY-END/
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
access_log /www/wwwlogs/gitea.dr1997.com.log;
error_log /www/wwwlogs/gitea.dr1997.com.error.log;
}
安装 Drone
安装 drone server
安装 drone runner
流水线配置
workspace:
base: /srv/drone-demo
path: .
pipeline:
build:
image: golang:alpine
# pull: true
environment:
- KEY=VALUE
secrets: [key1, key2]
commands:
- echo $$KEY
- pwd
- ls
- go version
- GO111MODULE=off CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app ./
- ls
- ./app
全程容器化
docker run \
--volume=/var/lib/drone:/data \
--env=DRONE_GITEA_SERVER=https://git.dr1997.com \
--env=DRONE_GITEA_CLIENT_ID=74e78545-efa3-4c69-b9a3-226579f65ead \
--env=DRONE_GITEA_CLIENT_SECRET=BeSfuXea0EFwNCNNE3dLA4aDbZUyAeFEmpjpibZx1Ysq \
--env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
--env=DRONE_SERVER_HOST=drone.dr1997.com \
--env=DRONE_SERVER_PROTO=https \
--env=DRONE_TLS_AUTOCERT=true \
--env=DRONE_GIT_ALWAYS_AUTH=true \
--publish=80:80 \
--publish=443:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:2
docker pull drone/drone-runner-docker:1
docker run --detach \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--env=DRONE_RPC_PROTO=https \
--env=DRONE_RPC_HOST=drone.dr1997.com \
--env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
--env=DRONE_RUNNER_CAPACITY=2 \
--env=DRONE_RUNNER_NAME=my-first-runner \
--publish=3000:3000 \
--restart=always \
--name=runner \
drone/drone-runner-docker:1