sudo apt update && \
sudo apt-get install -y apt-transport-https python unzip ca-certificates curl software-properties-common && \
sudo apt upgrade -ycurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
sudo apt-get update && \
sudo apt-get install docker-ce -y && \
sudo usermod -aG docker ubuntu && \
sudo curl -L https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose && \
sudo chmod +x /usr/local/bin/docker-composeУстановка AWS CLI Tools:
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" && \
unzip awscli-bundle.zip && \
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws && \
rm -r ./awscli-bundle.zip ./awscli-bundleПрописываем ключи:
aws configureДелаем вход в реестр Amazon ECR:
eval $(aws ecr get-login --no-include-email)Добавляем в crontab:
crontab -eстроки
0 */5 * * * eval $(/usr/local/bin/aws ecr get-login --no-include-email)
30 1 1 * * docker system prune -af
cd ~ && \
curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh && \
sudo bash nodesource_setup.sh && \
sudo apt-get install nodejs -y && \
rm ./nodesource_setup.shcd ~ && sudo npm i -g pm2 && mkdir ./deploy && cd ./deployСоздать файл pm2.yml:
nano ~/deploy/pm2.ymlapps:
- script: './node_modules/http-deployer/deployer.js'
env:
DEPLOYER_CONFIG_PATH: '/home/ubuntu/deploy/config.json'
DEPLOYER_PORT: 8081Создание конфигурационного файла config.json:
nano ~/deploy/config.json{
"version": 1,
"secret": "",
"projects": [
{
"name": "",
"path": "/home/ubuntu/deploy/docker-compose.yml"
}
]
}Создание secret при помощи random-world-cli:
random-world-cli strings.uuid -r 1Конфигурируем автозапуск:
sudo chown -R $USER:$(id -gn $USER) /home/ubuntu/.config && \
npm i http-deployer && \
pm2 start pm2.yml && \
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u ubuntu --hp /home/ubuntu && \
pm2 savesudo apt install nginx -ysudo rm /etc/nginx/sites-enabled/default && \
sudo nano /etc/nginx/sites-enabled/defaultserver {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 204;
}
}sudo nano /etc/nginx/nginx.confНужно внести изменения в блок http:
http {
server_tokens off; # Изменить
real_ip_header X-Forwarded-For; # Добавить
include snippets/gzip.conf; # Заменить все настройки GZip
}sudo nano /etc/nginx/snippets/redirect-ssl.confif ($http_x_forwarded_proto = 'http') {
return 301 https://$server_name$request_uri;
}sudo nano /etc/nginx/snippets/gzip.confgzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon application/javascript text/javascript image/png image/gif image/jpeg image/jpg;sudo nano /etc/nginx/snippets/proxy.conf;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 240s;Созданива файла конфигурации:
sudo nano /etc/nginx/sites-available/name.confСодержимое:
upstream :name {
server 0.0.0.0:49011;
server 0.0.0.0:49012;
}
server {
listen 80;
listen [::]:80;
server_name name.com;
include snippets/redirect-ssl.conf;
location / {
proxy_pass http://dashboard/;
include snippets/proxy.conf;
}
}После создания: заменить :name на название проекта из deployer
Создать файл
sudo nano /etc/nginx/snippets/staging.confДобавить в него
location = /robots.txt { return 200 "User-agent: *\nDisallow: /\n"; }
И подключить к нужному виртуальному хосту
include snippets/staging.conf;