188 lines
6.0 KiB
Markdown
188 lines
6.0 KiB
Markdown
> 如果不清楚如何安装docker-compose的,可以看下《centos安装docker》文档
|
||
|
||
1. 在文件编辑器上,使用全局替换的方式,将文件夹下的所有 `192.168.193.128`替换为服务器的ip
|
||
|
||
2. 将本目录所有文件及文件夹打包上传到服务器,效果如图所示
|
||
|
||
|
||
|
||
3. 执行授权命令
|
||
|
||
```
|
||
chmod -R 777 ./rocketmq/broker/logs
|
||
chmod -R 777 ./rocketmq/broker/store
|
||
chmod -R 666 ./minio/data
|
||
chmod -R 777 ./elasticsearch/data
|
||
```
|
||
|
||
4. 启动容器
|
||
|
||
> ps: 容器一共要下载7G左右的数据,请耐心等待
|
||
> 注意: java文件夹中的docker-compose文件采用的是本地模式,如果有需要改成ports模式,要把本地模式去掉,
|
||
> 并且同步开放并且映射原java端口号以及端口号+1000的端口号,该端口号是给xxl-job使用的
|
||
```
|
||
docker-compose up -d --build
|
||
```
|
||
|
||
|
||
5. 各个端访问路径及其密码
|
||
|
||
请自行192.168.193.128替换为服务器ip
|
||
|
||
全局搜索密码 hn02le.34lkdLKD 替换为自己所设置的新密码: ! ! !
|
||
|
||
- mysql: 使用数据库连接工具进行连接, 端口3306 账号及密码 root/hn02le.34lkdLKD
|
||
- minio: http://192.168.193.128:9000 账号及密码 admin/hn02le.34lkdLKD
|
||
- redis: 端口6379,密码是 hn02le.34lkdLKD
|
||
- nacos: http://192.168.193.128:8848/nacos 账号及密码 nacos/hn02le.34lkdLKD
|
||
- xxl-job: http://192.168.193.128:8080/xxl-job-admin 账号及密码 admin/hn02le.34lkdLKD
|
||
- rocketmq-console:http://192.168.193.128:8180
|
||
|
||
|
||
6. 访问minio管理页面,右下角有个加号,创建存储区域(create bucker) 名为`mall4cloud`
|
||
|
||
|
||
|
||
若要前端可以读取图片,需要设置权限
|
||
|
||
|
||
|
||
|
||
|
||
7. 创建es索引
|
||
|
||
在es部署成功后,新建索引有两种方法
|
||
7.1.通过 Elasticsearch 的 RESTFul API 创建索引
|
||
|
||
```
|
||
PUT http://127.0.0.1:9200/product
|
||
```
|
||
|
||
7.2.通过 CURL 命令创建索引
|
||
|
||
```
|
||
curl -X PUT "localhost:9200/product?pretty"
|
||
{
|
||
...
|
||
}
|
||
```
|
||
|
||
|
||
8. canal创建mysql账号
|
||
|
||
```shell
|
||
|
||
创建并授权用户 canal;
|
||
|
||
```mysql
|
||
CREATE USER canal IDENTIFIED BY 'canal';
|
||
|
||
GRANT SELECT, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'canal'@'%';
|
||
|
||
FLUSH PRIVILEGES;
|
||
```
|
||
|
||
mysql查询binglog位置
|
||
|
||
```mysql
|
||
SHOW MASTER STATUS
|
||
```
|
||
|
||
编辑`./canal/conf/example/instance.properties`
|
||
|
||
修改以下四个参数
|
||
|
||
```properties
|
||
# 填写数据库地址
|
||
canal.instance.master.address=192.168.193.128:3306
|
||
# 填写执行命令`SHOW MASTER STATUS`后的File内容
|
||
canal.instance.master.journal.name=mysql-binlog.000001
|
||
|
||
|
||
|
||
# username/password
|
||
# 填写数据库账号
|
||
canal.instance.dbUsername=canal
|
||
# 填写数据库密码
|
||
canal.instance.dbPassword=hn02le.34lkdLKD
|
||
|
||
```
|
||
|
||
|
||
|
||
重启`canal`
|
||
|
||
```shell
|
||
docker restart mall4cloud-canal
|
||
```
|
||
|
||
9. 如果测试环境、开发环境、生产环境用的都是同一套支付系统,那么会面临一个问题:
|
||
|
||
测试环境中的支付单号1,会与生产环境中的支付单号1重复。所以需要在不同的环境增加一个需要,比如加多个序号测试环境的1会变成11,开发环境的1会变成21
|
||
|
||
需要在`application.yml` 修改这个配置,请配置1-99。请手动在不同的环境加上不同的id
|
||
```yaml
|
||
application:
|
||
workerId: 10
|
||
```
|
||
|
||
## 10. 系统会部署两个redis,请不要清空redis,一个是用来放缓存的,一个是用来放库存的,请不要随便清空mall4cloud-aof-redis这个redis,否则相当于删库跑路!!!库存会找不回来!!!同时改redis也会挂载在服务器当中,并开启了aof,详细看 `./redis/redis.conf` 这个配置文件
|
||
|
||
## 11. 为了服务器安全,建议出了商城应用以外,所有中间件的端口不要暴露在公网如redis,mysql等,或者设置复杂密码,避免遭受攻击。所有访问开启https
|
||
|
||
nginx推荐的配置如下(根据需要进行增加配置)
|
||
|
||
```config
|
||
server {
|
||
listen 80;
|
||
server_name xxx.com;
|
||
# 永久重定向到https
|
||
location / {
|
||
return 301 https://$host$request_uri;
|
||
}
|
||
}
|
||
|
||
server {
|
||
# 开启http2
|
||
listen 443 ssl http2;
|
||
listen [::]:443 ssl http2;
|
||
server_name xxx.com;
|
||
|
||
ssl_certificate /ssl/xxx.com.pem;
|
||
ssl_certificate_key /ssl/xxx.com.key;
|
||
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:MozSSL:10m;
|
||
ssl_session_tickets off;
|
||
|
||
# 强tls协议
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
# 强加密方式
|
||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||
ssl_prefer_server_ciphers off;
|
||
|
||
location / {
|
||
# 一些安全的请求头
|
||
add_header Cache-Control "no-store";
|
||
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
||
add_header X-Frame-Options "SAMEORIGIN";
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
add_header X-Content-Type-Options "nosniff";
|
||
# 配置页面运行访问的地址,除了了这些地址以外都不允许访问
|
||
add_header Content-Security-Policy "default-src 'self' https://xxxx.com wss://im.xxxx.com;img-src 'self' https://img.xxxx.com data:; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline';font-src 'self' data:;";
|
||
|
||
proxy_pass http://xxxx;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
}
|
||
|
||
# 屏蔽接口文档
|
||
location /doc.html {
|
||
return 404;
|
||
}
|
||
}
|
||
```
|
||
|
||
## 12. shardingSphere连接
|
||
根据docker配置的端口连接sharding,默认为3307端口,账号sharding,密码hn02le.34lkdLKD,可以在`开发环境搭建/中间件docker-compse一键安装/shardingsphere/conf/server.yaml`中修改
|