请按照本文档的指导进行部署,部署过程基于 PIGX 服务 2000+企业客户实践总结,网络安全请慎重 请慎重。
本章文档对应视频 📺 20.阿里云 ECS 部署
#初始化 ECS
#购买 ECS
特别说明: 开发环境、测试环境强烈建议选择【ECS 按量付费】👉🏻 《阿里云服务器 ECS 按量付费和包年包月有什么区别?》(opens new window)
#初始化 CentOS7
curl -O http://vip.pigx.top/os7init.sh
sh os7init.sh pig4cloud
Copied!
#安装 JDK
根据使用的版本安装对应版本 Java
#安装 Java8
yum install -y java
java -version
# 配套字体库安装
yum install -y fontconfig mkfontscale
Copied!
#安装 Java17
wget https://cdn.azul.com/zulu/bin/zulu17.44.15-ca-jdk17.0.8-linux.x86_64.rpm
rpm -ivh zulu17.44.15-ca-jdk17.0.8-linux.x86_64.rpm
java -version
# 配套字体库安装
yum install -y fontconfig mkfontscale
Copied!
#安装 Mysql 8
wget http://vip.pigx.top/mysql80-community-release-el7-11.noarch.rpm -O mysql80-community-release-el7-7.noarch.rpm
rpm -ivh mysql80-community-release-el7-7.noarch.rpm
yum install -y mysql mysql-server
# 修改配置文件
vim /etc/my.cnf
lower_case_table_names=1
# 重启mysql
systemctl restart mysqld
# 查看默认密码 (注意复制全了很多特殊字符)
grep password /var/log/mysqld.log
# mysql client 链接 mysql
mysql -uroot -p
# 修改默认密码为 root
alter user 'root'@'localhost' identified by 'ZxcRoot123!@#';
set global validate_password.check_user_name=0;
set global validate_password.policy=0;
set global validate_password.length=1;
alter user 'root'@'localhost' identified by 'root';
# 修改为允许远程访问
use mysql;
update user set host = '%' where user = 'root';
FLUSH PRIVILEGES;
Copied!
#安装 Redis
yum install redis
systemctl restart redis
Copied!
#安装 NGINX
https://nginx.org/en/linux_packages.html
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
yum install -y yum-utils
yum-config-manager --enable nginx-mainline
yum install -y nginx
#配置 hosts
vim /etc/hosts
127.0.0.1 pigx-register
127.0.0.1 pigx-gateway
127.0.0.1 pigx-redis
127.0.0.1 pigx-mysql
127.0.0.1 pigx-sentinel
127.0.0.1 pigx-xxl
127.0.0.1 pigx-seata
source /etc/hosts
#部署 pigx
#准备源码包
pigx 服务端 编译 jar , 注意打包命令,需要在服务端根目录执行
# 5.5 + 版本打包命令
mvn clean install -Pcloud
# 低版本打包命令
mvn clean install
pigx-ui 前端 编译 dist ,在前端根目录执行
npm run build
#初始化数据库
pigx db 目录
source 1schema.sql
source 2pigxx.sql
source 3pigxx_ac.sql
source 4pigxx_job.sql
source 5pigxx_mp.sql
source 6pigxx_config.sql
source 7pigxx_pay.sql
source 8pigxx_codegen.sql
#启动服务端
nohup java -Dfile.encoding=utf-8 -jar pigx-register.jar > /dev/null 2>&1 &
nohup java -Dfile.encoding=utf-8 -jar pigx-monitor.jar > /dev/null 2>&1 &
nohup java -Dfile.encoding=utf-8 -jar pigx-gateway.jar > /dev/null 2>&1 &
nohup java -Dfile.encoding=utf-8 -jar pigx-auth.jar > /dev/null 2>&1 &
nohup java -Dfile.encoding=utf-8 -jar pigx-upms-biz.jar > /dev/null 2>&1 &
#部署前端
mkdir -p /data/pigx-ui && cp -r dist/* /data/pigx-ui
cd /etc/nginx/conf.d && rm -f default.conf
vim pigx.conf
server {
listen 80;
server_name localhost;
gzip on;
gzip_static on; # 需要http_gzip_static_module 模块
gzip_min_length 1k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types text/plain text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# 前端打包好的dist目录文件
root /data/pigx-ui/;
location ^~/api/ {
proxy_pass http://pigx-gateway:9999/; #注意/后缀
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
# 屏蔽所有敏感路径,不用改代码
location ~* ^/(actuator|swagger-ui|v3/api-docs|swagger-resources|webjars|doc.html) {
return 403; # 禁止访问
}
}
nginx
🌟安全建议:安全问题无小事!部署过程基于 PIGX 服务 2000+企业客户实践总结,网络安全请慎重 请慎重!!
安全建议
生产条件下关闭 swagger、actuator 端点
nacos/application-dev.yml
# 配置安全属性:关闭端点、关闭swagger
management:
endpoints:
enabled-by-default: false
springdoc:
api-docs:
enabled: false
对外端口、安全组说明
默认情况下,服务器仅对外开放基础的 80/443 nginx 服务端口,nginx 配置按本文的复制!!!
📄 前端部署到非nginx根路径📄 nginx 部署微服务前端
Toggle Sidebar
