[Up]常用資訊

[重點文章] 重點文章 [重點文章] 重點文章

2023年8月2日 星期三

[Debian] Debian 12.1 安裝 新版 jenkins 2.303.1 和 Ansible 2.15.2 + Nginx 1.21.3 + Postgresql 15.3 + php-8.1 新增 Gitlab 16.2.2

[Debian] Debian 12.1 安裝 新版 jenkins 2.303.1 和 Ansible 2.15.2 + Nginx 1.21.3 + Postgresql 15.3 + php-8.1 新增 Gitlab 16.2.2

 
#Step 01 – 安裝 系統及 ansible


安裝作業系統 後 接著安裝 ansible + jenkins 

20230803 更新
#

pip3 install ansible

#
# 確認版本
ansible --version

# 舊版安裝 方式
# apt install gnupg2

deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main

~# echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
~# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
~# sudo apt update
~# sudo apt install ansible -y
~# pip install ansible
~# sudo ansible --version

########################################### 安裝舊版結束  ######################################

# 確認 Ansible 版本

sudo ansible --version

ansible [core 2.15.2]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.3 (main, Aug  3 2023, 10:45:46) [GCC 12.2.0] (/usr/local/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
#####################################


#
設定 ssh key 即同步到主機
~# ssh-keygen
~# ssh-copy-id root@192.168.96.15
~# ssh-copy-id root@192.168.96.17

設定 Ansible 主機群
~# vi $HOME/hosts
[Web]
192.168.1.15

[DB]
192.168.1.17

 
#Step 02 – 安裝 jenkins


安裝 java jdk (使用 openjdk-11 )

apt install default-jdk -y

將 Jenkins repository  更新到你的系統內

### Debian 10.3 版本以上執行

sudo wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

### Debian 12 20230705 安裝
 
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
  /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null


###

sudo apt update

sudo apt install jenkins -y

###

更新套件並安裝 jenkins
sudo apt update
sudo apt install jenkins

# 設定開機啟動 jenkins

systemctl daemon-reload

sudo systemctl enable --now jenkins

20220922 修改路徑 (20230705 維持設定)

vi /lib/systemd/system/jenkins.service

約第122行

Environment="JENKINS_PREFIX=/jenkins"

systemctl daemon-reload

systemctl restart jenkins.service


Overriding service configurations

When installed on a modern Linux distribution running systemd(1), the systemd(1) service unit is delivered to:

Debian
/lib/systemd/system/jenkins.service

Red Hat
/usr/lib/systemd/system/jenkins.service

openSUSE
/usr/lib/systemd/system/jenkins.service

 
#Step 03 – 安裝 nginx 1.25.1-1


$ echo deb http://nginx.org/packages/debian/ stretch nginx | sudo tee /etc/apt/sources.list.d/nginx.list
$ echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
$ wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key 
$ sudo apt update && apt install nginx -y

需要注意的是,這一步安裝的 Nginx 和系統自帶的 nginx 的配置目錄略有區別,可以用一下幾個簡單的命令修正:
讓設定習慣不用改變
sudo mkdir /etc/nginx/{sites-available,sites-enabled}
sudo mv /etc/nginx/conf.d/* /etc/nginx/sites-available
sudo rmdir -f /etc/nginx/conf.d/
sudo perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf

要設定一下設定檔連結
ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/

mkdir -p /var/www/html

chown -R nginx:nginx /var/www/html

檢查 nginx 設定檔是否正確

nginx -t

重新啟動 nginx 並 設定開機啟動

重新啟動
sudo systemctl restart nginx 

sudo systemctl enable --now nginx 



 
#Step 04 – Postgresql 15


# apt update && sudo apt upgrade -y

# apt install wget sudo curl gnupg2 -y

# sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

# wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

# apt -y update

# apt install postgresql-15 -y

# systemctl daemon-reload

# systemctl start postgresql

# systemctl enable postgresql

# systemctl status postgresql

# ss -antpl | grep 5432

# sudo -u postgres psql -c "SELECT version();"


管理 psql

sudo -u postgres psql

CREATE ROLE admin WITH LOGIN SUPERUSER CREATEDB CREATEROLE PASSWORD 'f99XVu73Spfcgxw';
ALTER USER postgres WITH PASSWORD 'f99XVu73Spfcgxw';
#
#
Manage application users

修改密碼 

postgres=# ALTER USER postgres PASSWORD 'Pa55WordD8m0';

#################################

create database grafana_db;
create user grafana_user with encrypted password 'f99XVu73Spfcgxw';
grant all privileges on database grafana_db to grafana_user;


# 如果遇到 資料庫權限不足 可以設定
# 可以確認 grafana.log
GRANT ALL ON DATABASE grafana_db TO grafana_user;

ALTER DATABASE grafana_db OWNER TO grafana_user;
\q

$ psql -h 127.0.0.1 -U grafana_user -d grafana_db


grafana_db=> \dt

#######################

create database test_db;
create user test_user with encrypted password 'f99XVu73Spfcgxw';
grant all privileges on database test_db to test_user;
\q

##################################

CREATE TABLE accounts (
	user_id serial PRIMARY KEY,
	username VARCHAR ( 50 ) UNIQUE NOT NULL,
	password VARCHAR ( 50 ) NOT NULL,
	email VARCHAR ( 255 ) UNIQUE NOT NULL,
	created_on TIMESTAMP NOT NULL,
        last_login TIMESTAMP 
);



##################################


####
create database zabbix;
create user zabbix with encrypted password 'f99XVu73Spfcgxw';
grant all privileges on database zabbix to zabbix;

# 確認 postgresql-14 服務是否啟動
ss -tunelp | grep 5432

sudo su - postgres
psql -c "alter user postgres with password 'StrongDBPassw0rd'"
exit

Step 4a – Allow Remote Connections to PostgreSQL for Grafana HA Architecture

$ find / -name postgresql.conf 2>/dev/null
/etc/postgresql/15/main/postgresql.conf
$ sudo vi /etc/postgresql/15/main/postgresql.conf
listen_addresses = '*'     ### add this line


$ sudo vi /etc/grafana/grafana.ini
(...)
[database]
type = postgres
host = 127.0.0.1:5432
name = grafana_db
user = grafana_user
password = f99XVu73Spfcgxw

 
#Step 05 – 安裝 PHP 8.1.20


############ 安裝 php 8.1 #######################################
sudo apt -y install lsb-release apt-transport-https ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
apt update
apt upgrade


sudo apt install php8.1-amqp php8.1-common php8.1-gd php8.1-ldap php8.1-odbc php8.1-readline php8.1-sqlite3 php8.1-xsl \
php8.1-curl php8.1-gmp php8.1-mailparse php8.1-opcache php8.1-redis php8.1-sybase php8.1-yac \
php8.1-ast php8.1-dba php8.1-igbinary php8.1-mbstring php8.1-pgsql php8.1-rrd php8.1-tidy php8.1-yaml \
php8.1-bcmath php8.1-dev php8.1-imagick php8.1-memcached php8.1-phpdbg php8.1-smbclient php8.1-uuid php8.1-zip \
php8.1-bz2 php8.1-ds php8.1-imap php8.1-msgpack php8.1-pspell php8.1-snmp php8.1-xdebug php8.1-zmq \
php8.1-cgi php8.1-enchant php8.1-interbase php8.1-mysql php8.1-psr php8.1-soap php8.1-xhprof \
php8.1-cli php8.1-fpm php8.1-intl php8.1-oauth php8.1-raphf php8.1-solr php8.1-xml php8.1-mcrypt -y

#####
php8.1-amqp            php8.1-decimal         php8.1-grpc            php8.1-maxminddb       php8.1-opcache         php8.1-redis           php8.1-tidy            php8.1-yac
php8.1-apcu            php8.1-dev             php8.1-igbinary        php8.1-mbstring        php8.1-pcov            php8.1-rrd             php8.1-uopz            php8.1-yaml
php8.1-ast             php8.1-ds              php8.1-imagick         php8.1-mcrypt          php8.1-pgsql           php8.1-smbclient       php8.1-uploadprogress  php8.1-zip
php8.1-bcmath          php8.1-enchant         php8.1-imap            php8.1-memcache        php8.1-phpdbg          php8.1-snmp            php8.1-uuid            php8.1-zmq
php8.1-bz2             php8.1-fpm             php8.1-inotify         php8.1-memcached       php8.1-protobuf        php8.1-soap            php8.1-vips            php8.1-zstd
php8.1-cgi             php8.1-gd              php8.1-interbase       php8.1-mongodb         php8.1-ps              php8.1-solr            php8.1-xdebug
php8.1-cli             php8.1-gearman         php8.1-intl            php8.1-msgpack         php8.1-pspell          php8.1-sqlite3         php8.1-xhprof
php8.1-common          php8.1-gmagick         php8.1-ldap            php8.1-mysql           php8.1-psr             php8.1-ssh2            php8.1-xml
php8.1-curl            php8.1-gmp             php8.1-lz4             php8.1-oauth           php8.1-raphf           php8.1-swoole          php8.1-xmlrpc
php8.1-dba             php8.1-gnupg           php8.1-mailparse       php8.1-odbc            php8.1-readline        php8.1-sybase          php8.1-xsl

#####
sudo apt install php8.1-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,dev,imap,mbstring,opcache,soap,zip,intl,bcmath} -y

pecl install mcrypt-1.0.4

# Install PHP mcrypt on Debian 11/PHP 預設
#
# Install pre-requisites

apt install php-dev libmcrypt-dev php-pear -y

# Install mcrypt PHP module

pecl channel-update pecl.php.net

pecl install channel://pecl.php.net/mcrypt-1.0.4

###########################################################
Build process completed successfully
Installing '/usr/lib/php/20190902/mcrypt.so'
install ok: channel://pecl.php.net/mcrypt-1.0.3
configuration option "php_ini" is not set to php.ini location
You should add "extension=mcrypt.so" to php.ini

Add mcrypt.so to the php.ini file
vi /etc/php/8.0/cli/php.ini

For Nginx, use this:

vi /etc/php/8.0/fpm/php.ini

For Apache
vi /etc/php/8.0/apache2/php.ini

修改 php.ini 設定
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 100M
cgi.fix_pathinfo = 0
max_execution_time = 360
date.timezone = Asia/Taipei

# 修改 php.ini 使用指令
cd /etc
cp php.ini php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = 128M/memory_limit = 512M/g' php.ini
sed -i 's/post_max_size = 8M/post_max_size = 20M/g' php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 20M/g' php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' php.ini

## 20201111 新增 (20230705 維持設定)
# 修改 php.ini 使用指令
cd /etc/php/8.1/fpm/
cp /etc/php/8.1/fpm/php.ini /etc/php/8.1/fpm/php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php/8.1/fpm/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 100M/g' /etc/php/8.1/fpm/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 100M/g' /etc/php/8.1/fpm/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php/8.1/fpm/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 360/g' /etc/php/8.1/fpm/php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /etc/php/8.1/fpm/php.ini

cd /etc/php/8.1/cli/
cp /etc/php/8.1/cli/php.ini /etc/php/8.1/cli/php.ini.`date +"%Y%m%d%H%M%S"`
sed -i 's/memory_limit = -1/memory_limit = 512M/g' /etc/php/8.1/cli/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 100M/g' /etc/php/8.1/cli/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 100M/g' /etc/php/8.1/cli/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php/8.1/cli/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 360/g' /etc/php/8.1/cli/php.ini
sed -i 's/;date.timezone =/date.timezone = "Asia\/Taipei"/g' /etc/php/8.1/cli/php.ini


#########

#########
修改run php

        # php-fpm
                location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass   unix:/var/run/php/php8.0-fpm.sock;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
                include        fastcgi_params;
        }

  location ~* \.php$ {
    fastcgi_pass unix:/run/php/php8.0-fpm.sock;
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
## 如果使用 nginx 1.18 最新版需修改 www.conf
修改 /etc/php/8.0/fpm/pool.d/www.conf 設定檔,改變執行者及群組
# vi /etc/php/8.0/fpm/pool.d/www.conf
user = nginx
group = nginx
listen = /run/php/php8.0-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666

#新增修改方式
cp /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/www.conf.`date +"%Y%m%d%H%M%S"`
#
sed -i 's/user = www-data/user = nginx/g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's/group = www-data/group = nginx/g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/8.1/fpm/pool.d/www.conf
sed -i 's/;listen.mode = 0660/listen.mode = 0666/g' /etc/php/8.1/fpm/pool.d/www.conf


systemctl restart php8.1-fpm.service
systemctl status php* | grep fpm.service

 
#Step 06 – 將 jenkins 加入 nginx


新增加
        location ^~ /jenkins/ {
                proxy_set_header        Host              $host;
                proxy_set_header        X-Real-IP         $remote_addr;
                proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $http_x_forwarded_proto;
                proxy_set_header        X-Forwarded-Port  $http_x_forwarded_port;
                proxy_max_temp_file_size 0;

                #proxy_pass              http://localhost:8081/jenkins/;
                proxy_pass              http://127.0.0.1:8081/jenkins/;
                # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
                sendfile off;

                # Required for new HTTP-based CLI
                proxy_http_version      1.1;
                proxy_request_buffering off;
                # This is the maximum upload size
                client_max_body_size       10m;
                client_body_buffer_size    128k;


        }
#################
#################

修改 jenkin 路徑

vi /etc/default/jenkins

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins"

# sed -i 's/HTTP_PORT --prefix=\//HTTP_PORT --prefix=\/jenkins/g' /etc/default/jenkins
#
sed -i 's/HTTP_PORT=8080/HTTP_PORT=8081/g' /etc/default/jenkins

sed -i 's/$HTTP_PORT"/$HTTP_PORT --prefix=\/jenkins"/g' /etc/default/jenkins
  
重新啟動 nginx 和 jenkins 

systemctl restart nginx.service
systemctl restart jenkins.service

sudo systemctl enable --now jenkins.service


輸入 http://xxx.xxx.xxx.xxx/jenkins

  
 
#Step 07 –


/var/www/html/phptest.php

touch /var/www/html/phpinfo.php && echo '' >> /var/www/html/phpinfo.php

############################################################

mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Country Name (2 letter code) [AU]:TW1
State or Province Name (full name) [Some-State]:Taiwan2
Locality Name (eg, city) []:Taipei3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company4
Organizational Unit Name (eg, section) []:My Unit5
Common Name (e.g. server FQDN or YOUR name) []:myhost.loacldomain.tw
Email Address []:user@loacldomain.tw

# 一行指令執行
mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=TW/ST=Taiwan/L=Taipei/O=MongoDB/OU=IT/CN=mylocaldomain.com/emailAddress=admin@mylocaldomain.com"

# 一行指令執行
mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=TW/ST=Taiwan/L=Taipei/O=MongoDB/OU=IT/CN=$HOSTNAME.mylocaldomain.com/emailAddress=admin@mylocaldomain.com"

touch /var/www/html/phpinfo.php && echo '<?php phpinfo(); ?>' >> /var/www/html/phpinfo.php

touch /var/www/html/phpinfo.php && echo '<?php phpinfo(); ?>' >> /var/www/html/phpinfo.php

<html>
<head>
    <title>PHP Test</title>
</head>
    <body>
    <?php echo '<p>Hello World</p>';
 
    // In the variables section below, replace user and password with your own MySQL credentials as created on your server
    $servername = "localhost";
    $username = "webuser";
    $password = "password";
 
    // Create MySQL connection
    $conn = mysqli_connect($servername, $username, $password);
 
    // Check connection - if it fails, output will include the error message
    if (!$conn) {
        die('<p>Connection failed: </p>' . mysqli_connect_error());
    }
    echo '<p>Connected successfully</p>';
    ?>
</body>
</html>
#############################################
 
#Step 08 –

#nginx 設定檔

cp /etc/nginx/sites-available/default.conf default.conf.`date +"%Y%m%d%H%M%S"`

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    # 設定網站跟目錄
    root /var/www/html;
    # 預設首頁
    index index.php index.html index.htm;

    server_name _;

    location / {
        #root   /var/www/html;
        #index  index.html index.htm;
        try_files $uri $uri/ /index.php?$query_string;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /var/wwww/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}
    # php-fpm
    location ~ \.php$ {
        #try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/var/run/php/php8.0-fpm.sock;
        fastcgi_index  index.php;
        #fastcgi_param  SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}
        location ^~ /jenkins/ {
                proxy_set_header        Host              $host;
                proxy_set_header        X-Real-IP         $remote_addr;
                proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $http_x_forwarded_proto;
                proxy_set_header        X-Forwarded-Port  $http_x_forwarded_port;
                proxy_max_temp_file_size 0;

                #proxy_pass              http://localhost:8080/jenkins/;
                proxy_pass              http://127.0.0.1:8080/jenkins/;
                # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
                sendfile off;

                # Required for new HTTP-based CLI
                proxy_http_version      1.1;
                proxy_request_buffering off;
                # This is the maximum upload size
                client_max_body_size       10m;
                client_body_buffer_size    128k;


        }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

##################################
#
#### 以下為最後OK設定檔 20211006更新
#
##################################

server {
        listen 80 default_server;
        listen [::]:80 default_server;

  # 導向至 HTTPS
  rewrite ^(.*) https://$host$1 permanent;
}
server {
        # SSL 設定
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        # 憑證與金鑰的路徑
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;
        client_max_body_size 100M;
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html index.php;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
#
        location ~ \.php$ {
            #try_files $uri /index.php =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass   unix:/var/run/php/php8.1-fpm.sock;
            fastcgi_index  index.php;
            #fastcgi_param  SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
#
        location /grafana/ {
            proxy_pass http://localhost:3000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location ^~ /jenkins/ {
                proxy_set_header        Host              $host;
                proxy_set_header        X-Real-IP         $remote_addr;
                proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $http_x_forwarded_proto;
                proxy_set_header        X-Forwarded-Port  $http_x_forwarded_port;
                proxy_max_temp_file_size 0;

                proxy_pass              http://localhost:8080/jenkins/;
                #proxy_pass              http://127.0.0.1:8081/jenkins/;
                # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
                sendfile off;

                # Required for new HTTP-based CLI
                proxy_http_version      1.1;
                proxy_request_buffering off;
                # This is the maximum upload size
                client_max_body_size       10m;
                client_body_buffer_size    128k;

        }

        location /gitlab/ {
                   proxy_pass http://127.0.0.1:10987/gitlab/;
                   proxy_set_header Host $http_host;
                   proxy_set_header X-Real-IP $remote_addr;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header X-Forwarded-Proto https;
                   proxy_set_header X-Forwarded-Protocol https;
                   proxy_set_header X-Url-Scheme https;
                   proxy_set_header X-Forwarded-Ssl on;
                   proxy_read_timeout 90;
                   client_max_body_size 0;
                   gzip off;
                   proxy_http_version 1.1;
                                   #
                                   #proxy_redirect      http://localhost:10987/gitlab $scheme://gitlab.example.com:10987/gitlab;
        }
        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


Jenkins 安裝套件
	
Active ChoicesVersion
Parameterized Trigger
slack
AnsiColor
Notification
Periodic Backup
Green balls
Blue Ocean
Git server
## Build Pipeline

 
#Step 09 – Gitlab


安裝 Gitlab Debian 11

apt-get update -y

# 需要套件
```
apt-get install curl ca-certificates apt-transport-https gnupg2 -y

```

### Add GitLab Repository

```
curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash

```

### 編輯 更新清單

```
curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | bash
```

### 修改編輯清單

```
# vi /etc/apt/sources.list.d/gitlab_gitlab-ce.list

######## 找到
######## 
######## deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bullseye main
######## deb-src https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bullseye main
######## 
######## 更換為
######## 
######## deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ buster main
######## deb-src https://packages.gitlab.com/gitlab/gitlab-ce/debian/ buster main
######## 

# 新版 debian 12 更新 修改路徑 目前 gitlab 不支援 Debian 12 
將
#deb [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bookworm main
#deb-src [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bookworm main

修改為如下 :
#deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ buster main
#deb-src https://packages.gitlab.com/gitlab/gitlab-ce/debian/ buster main
deb [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bullseye main
deb-src [signed-by=/usr/share/keyrings/gitlab_gitlab-ce-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-ce/debian/ bullseye main




更新清單

apt update -y

```

### 安裝 GitLab CE

```
apt install gitlab-ce -y

```

設定 Configure GitLab

```

vi /etc/gitlab/gitlab.rb

修改 url

external_url 'http://gitlab.example.com:10987/gitlab/'

sed -i '/auth_backend/s/#//;s/8080/8081/' /etc/gitlab/gitlab.rb
sed -i '/= 8080/s/#//;s/8080/8081/' /etc/gitlab/gitlab.rb


vi /etc/hosts

127.0.0.1	gitlab.example.com


#### external_url "https://example.com/gitlab"
#### gitlab_rails['gitlab_shell_ssh_port'] = 22
#### nginx['listen_addresses'] = ['127.0.0.1']
#### nginx['listen_port'] = 10987
#### nginx['listen_https'] = false
#### nginx['proxy_set_headers'] = {
#### "X-Forwarded-Ssl" => "on",
#### }

#20230705 02的設定
#### external_url "https://gitlab.example.com/gitlab"
#### gitlab_rails['gitlab_shell_ssh_port'] = 22
#### nginx['listen_addresses'] = ['127.0.0.1']
#### nginx['listen_port'] = 10987
#### nginx['listen_https'] = false
#### nginx['proxy_set_headers'] = {
#### "X-Forwarded-Ssl" => "on",
#### }


編輯設定

gitlab-ctl reconfigure

設定 host

```

### 找root登入密碼

```
cat /etc/gitlab/initial_root_password

確認版本

sudo gitlab-rake gitlab:env:info


System information
System:         Debian 12
Current User:   git
Using RVM:      no
Ruby Version:   3.0.6p216
Gem Version:    3.4.14
Bundler Version:2.4.16
Rake Version:   13.0.6
Redis Version:  7.0.12
Sidekiq Version:6.5.7
Go Version:     unknown

GitLab information
Version:        16.2.2
Revision:       9a102b1b08b
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     13.11
URL:            http://gitlab.example.com:10987/gitlab
HTTP Clone URL: http://gitlab.example.com:10987/gitlab/some-group/some-project.git
SSH Clone URL:  git@gitlab.example.com:some-group/some-project.git
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:        14.23.0
Repository storages:
- default:      unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell


```

 
#Step 10 –


jenkins 啟動後需要安裝套件

Blue Ocean
simple themes
Modern Status
active choice 
ThinBackup

active 

Groovy script从文件中获取变量值 讀行

def lineList = new File("/home/F5/test.csv").readLines();
lineList.each {
    println it.toUpperCase();
}


// 過濾執行條件 csv 檔中的 job 名稱 
// 要使用絕對路徑
def command = "sh /home/F5/scripts/standalone_job.sh 3 /home/F5/server_list/Job_Site7.csv First_Forceoffline"
def proc = command.execute()
proc.waitFor()              
def instances = proc.in.text.readLines()
return instances



備份單獨 job

先設定 Credentials.txt 帳號檔案

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth @Credentials.txt get-job CN-001_Active_New_Script-001 > CN-001_Active_New_Script-001.xml

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth @Credentials.txt create-job Bnewmyjob < CN-001_Active_New_Script-001.xml =>

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218


java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password list-jobs

or

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218 list-jobs

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password build jobname
java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:password build abcd

or

java -jar jenkins-cli.jar -s http://localhost/jenkins -auth username:12cb4a9876b0414fa8e9453e93a7d218 build abcd
to diable unix_socket auth (passwordless login on cli)

Mariadb config
/etc/mysql/mariadb.conf.d/50-server.cnf

MySQL config
/etc/mysql/my.cnf

add following parameter


plugin-load-add = auth_socket.so


on mysql cli


update mysql.user set password=password('GerP@ssword') where user='root';
update mysql.user set plugin=” where User='root';
or 
ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';

flush privileges;


restart MySQL server

systemctl restart mariadb.service

or

systemctl restart mysql.service


ALTER USER 'root'@'localhost' IDENTIFIED BY 'GerP@ssw0rd';
<!DOCTYPE html>
<html>
<head>
   <!-- HTML meta refresh URL redirection -->
   <meta http-equiv="refresh"
   content="0; url=/jenkins">
</head>
<body>
   <p>The page has moved to:
   <a href="/jenkins">this page</a></p>
</body>
</html>

沒有留言:

張貼留言