Postgresql
- 拉取最新镜像并且启动容器。
docker run -it --name=mypostgres --rm -v /home/chencanxin/dockerdata/postgres:/var/lib/postgresql/data -p 5432:5432 postgres
其中参数说明:
--rm Automatically remove the container when it exits
--interactive,-i Keep STDIN open even if not attached
--tty,-t Allocate a pseudo-TTY .即分配一个终端 terminal - 进入容器
docker exec -it mypostgres - 切换为postgres用户:su postgres
- 设置密码 alter
Redis
MysqL
Jenkins
Portainer
Nginx 转发
设置 https
http{
#配置共享会话缓存大小,视站点访问情况设定
ssl_session_cache shared:SSL:10m;
#配置会话超时时间
ssl_session_timeout 10m;
server {
listen 443 ssl;
server_name chencanxin.cn;
#设置长连接
keepalive_timeout 70;
#HSTS策略
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#证书<a href="https://www.f2er.com/tag/wenjian/" target="_blank" class="keywords">文件</a>
ssl_certificate /etc/ssl/1_chencanxin.cn_bundle.crt;
#私钥<a href="https://www.f2er.com/tag/wenjian/" target="_blank" class="keywords">文件</a>
ssl_certificate_key /etc/ssl/2_chencanxin.cn.key;
#优先采取服务器算法
ssl_prefer_server_ciphers on;
#使用DH<a href="https://www.f2er.com/tag/wenjian/" target="_blank" class="keywords">文件</a>
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#定义算法
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
#减少点击劫持
add_header X-Frame-Options DENY;
#<a href="https://www.f2er.com/tag/jinzhi/" target="_blank" class="keywords">禁止</a>服务器<a href="https://www.f2er.com/tag/zidong/" target="_blank" class="keywords">自动</a>解析资源类型
add_header X-Content-Type-Options nosniff;
#防XSS攻擊
add_header X-Xss-Protection 1;
}
}
重写 80 端口
server {
listen 80;
server_name chencanxin.cn;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
基于https 转发端口应用
server {
listen 443 ssl;
server_name chencanxin.cn;
#设置长连接
keepalive_timeout 70;
##HSTS策略
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
##证书文件
ssl_certificate /etc/ssl/1_chencanxin.cn_bundle.crt;
##私钥文件
ssl_certificate_key /etc/ssl/2_chencanxin.cn.key;
##优先采取服务器算法
ssl_prefer_server_ciphers on;
##使用DH文件
##ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
##定义算法
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
##减少点击劫持
add_header X-Frame-Options DENY;
##禁止服务器自动解析资源类型
add_header X-Content-Type-Options nosniff;
##防XSS攻擊
add_header X-Xss-Protection 1;
location /usermanage/api/ {
proxy_pass http://localhost:8083;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header Remote_addr $remote_addr;
}
location /usermanage/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8082;
proxy_read_timeout 90;
}
location / {
rewrite ".*" https://segmentfault.com/blog/chencanxin;
}
}
Nginx proxy_pass 的坑
location 后面紧跟的路径最后,加和不加“/”,是有区别的,具体见下文: