重新启动CentOS 8系统。
出现GRUB菜单
选择第一个选项 CentOS Linux
按下 e键盘,进行编辑
找到 linux ($root)开头的行
把 ro 改成 rw init=/sysroot/bin/sh
按 ctrl+x启动引导进入单用户模式。
执行chroot /sysroot以读写模式挂载根文件系统。
修改密码passwd root
告诉系统对文件系统进行重新标记。执行touch /.autorelabel。这个是针对SELinux的
输入exit和 reboot系统
这时系统将开始SElinux relabel过程,几分钟后系统将重启。
修改root密码完成。
chroot /sysroot/
LANG=en
passwd
touch /.autorelabel
exit
https://github.com/Chanzhaoyu/chatgpt-web
vi docker-compose.yml
version: '3'
services:
app:
image: chenzhaoyu94/chatgpt-web
container_name: chatgpt
restart: unless-stopped
networks:
- mynetwork
ports:
- 3002:3002
environment:
OPENAI_API_KEY: sk-xxxxxxx
AUTH_SECRET_KEY: xxxxx
MAX_REQUEST_PER_HOUR: 0
TIMEOUT_MS: 60000
networks:
mynetwork:
external: true
https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E
https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
https://juejin.cn/post/7136001093720342542
https://github.com/Neilpang/acme.sh/wiki/dnsapi
curl https://get.acme.sh | sh -s email=admin@qq.com && ln -s ~/.acme.sh/ /data/acme && cd /data/acme && ./acme.sh --upgrade
export GD_Key="9jNKkbv5CWc_W2eNpeo8EpPuzentQE84ea"
export GD_Secret="9CgpFtEs54gBYndYBnnVFb"acme.sh --set-default-ca --server letsencrypt./acme.sh ---force --issue --dns dns_cf -d *.xxx.com \
--key-file /data/nginx/ssl/xxx.com.key \
--fullchain-file /data/nginx/ssl/xxx.com.cer \
--reloadcmd "docker restart nginx"
# --reloadcmd "service nginx force-reload"
vi /data/nginx/conf/http2https.conf
server {
listen 80;
server_name *.domain.com;
return 301 https://$host:20443$request_uri;
}
vi syn_ssl.sh
./acme.sh --force --issue --dns dns_dp -d *.$1
./acme.sh --install-cert -d *.$1 \
--key-file /data/nginx/ssl/$1.key\
--fullchain-file /data/nginx/ssl/$1.cer\
--reloadcmd "service nginx force-reload"
server
{
server_name test.domain.com;
ssl_certificate "/ssl/test.domain.com.cer";
ssl_certificate_key "/ssl/test.domain.com.key";
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
sendfile on;
location /wmswebapi/
{
root /;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Cache-Control 'no-store,no-cache,must-revalidate, proxy-revalidate, max-age=0';
proxy_pass http://192.168.100.1:8025/;
}
location /
{
root /;
proxy_pass http://192.168.100.1:9025/;
index index.html index.htm;
}
}https://console.dnspod.cn/account/token/token
Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"[External Account Binding] The JWS Signature MUST be present"}系统:CentOS release 6.8 (Final)
OpenSSL版本:OpenSSL 1.0.1e-fips 11 Feb 2013
打开OpenSSL官网,发现最新版本为openssl-1.1.1k
//下载最新版本,可以在本机下载后上传至服务器
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz//解压
tar -zvxf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k//安装依赖包
yum install -y zlib zlib-devel
//安装gcc
yum install -y gcc//配置openssl安装目录和openssldir
./config --prefix=/usr/local/openssl --openssldir=/usr/local/ssl
//使用2个线程同时编译
make -j 2
make install//备份当前openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak //这个有些场景不存在
//配置软连接到新版本
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
//更新动态链接库数据并重新加载
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v
//查看是否升级成功
[root@salve openssl-1.1.1k]# openssl version
OpenSSL 1.1.1k 25 Mar 20211. Cloudflare Option:
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="xxxx@sss.com"
或者
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Account_ID="xxxxxxxxxxxxx"
export CF_Zone_ID="xxxxxxxxxxxxx"
./acme.sh --issue --dns dns_cf -d example.com -d www.example.com
2. DNSPod.cn
export DP_Id="1234"
export DP_Key="sADDsdasdgdsf"
./acme.sh --issue --dns dns_dp -d example.com -d www.example.com
4. GoDaddy.com
export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
./acme.sh --issue --dns dns_gd -d example.com -d www.example.com
5. Use PowerDNS
https://doc.powerdns.com/md/httpapi/README/
export PDNS_Url="http://ns.example.com:8081"
export PDNS_ServerId="localhost"
export PDNS_Token="0123456789ABCDEF"
export PDNS_Ttl=60
./acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
8. Use LuaDNS domain API
Get your API token at https://api.luadns.com/settings
export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export LUA_Email="xxxx@sss.com"
To issue a cert:
./acme.sh --issue --dns dns_lua -d example.com -d www.example.com
9. Use DNSMadeEasy domain API
Get your API credentials at https://cp.dnsmadeeasy.com/account/info
export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export ME_Secret="qdfqsdfkjdskfj"
To issue a cert:
./acme.sh --issue --dns dns_me -d example.com -d www.example.com
10. Use Amazon Route53 domain API
https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API
export AWS_ACCESS_KEY_ID=XXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
To issue a cert:
./acme.sh --issue --dns dns_aws -d example.com -d www.example.com
11. Use Aliyun domain API to automatically issue cert
First you need to login to your Aliyun account to get your RAM API key. https://ram.console.aliyun.com/users
export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_ali -d example.com -d www.example.com
13. Use Alwaysdata domain API
First you need to login to your Alwaysdata account to get your API Key.
export AD_API_KEY="myalwaysdataapikey"
Ok, let's issue a cert now:
./acme.sh --issue --dns dns_ad -d example.com -d www.example.com
15. Use FreeDNS
export FREEDNS_User="..."
export FREEDNS_Password="..."
./acme.sh --issue --dns dns_freedns -d example.com
21. Use ClouDNS.net
# Use this for a sub auth ID
export CLOUDNS_SUB_AUTH_ID=XXXXX
# Use this for a regular auth ID
#export CLOUDNS_AUTH_ID=XXXXX
export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
./acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
28. Use Name.com API
Create your API token here: https://www.name.com/account/settings/api
export Namecom_Username="testuser"
export Namecom_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
And now you can issue certs with:
./acme.sh --issue --dns dns_namecom -d example.com -d www.example.com
37. Use Azure DNS
export AZUREDNS_SUBSCRIPTIONID="12345678-9abc-def0-1234-567890abcdef"
export AZUREDNS_TENANTID="11111111-2222-3333-4444-555555555555"
export AZUREDNS_APPID="3b5033b5-7a66-43a5-b3b9-a36b9e7c25ed"
export AZUREDNS_CLIENTSECRET="1b0224ef-34d4-5af9-110f-77f527d561bd"
./acme.sh --issue --dns dns_azure -d example.com -d www.example.com# 进入数据库
docker exec -it postgres /bin/bash
su postgres
psql
#数据库
CREATE DATABASE "solardata" WITH OWNER = "postgres";
#导出数据库
pg_dump -h localhost -p 5432 -U postgres -d solardata> solardata.sql
#模式
create schema wms
#数据导入
psql -U postgres -d solardata <public.sqlmkdir -p /data/pgsql && mkdir -p /data/redis && mkdir -p /data/nginx/conf && mkdir -p /data/nginx/ssl
配置文件:部署.zip
docker network create --subnet=192.168.100.0/24 mynetwork
vi /data/docker-compose.yml
version: "3"
services:
postgres:
image: postgres:15.2
container_name: postgres
restart: unless-stopped
networks:
- mynetwork
environment:
- POSTGRES_PASSWORD=postgres
- PGDATA=/var/lib/postgresql/data/pgdata
- TZ=Asia/Shanghai
ports:
- 5432:5432
volumes:
- /data/pgsql:/var/lib/postgresql/data
redis:
image: redis:7.0.10
container_name: redis
restart: unless-stopped
networks:
- mynetwork
environment:
- TZ=Asia/Shanghai
ports:
- 6379:6379
volumes:
- /data/redis/redis.conf:/etc/redis/redis.conf
- /data/redis/data:/data
command: bash -c "redis-server /etc/redis/redis.conf"
nginx:
image: nginx:stable-alpine-perl
container_name: nginx
restart: unless-stopped
networks:
- mynetwork
environment:
- TZ=Asia/Shanghai
ports:
- 443:443
- 80:80
volumes:
- /data/nginx/conf/:/etc/nginx/conf.d
- /data/nginx/ssl/:/ssl
- /data/nginx/logs:/var/log/nginx
networks:
mynetwork:
external: true
vi /data/redis/redis.conf
bind 0.0.0.0
protected-mode no
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile "/var/run/redis_6379.pid"
# debug verbose notice warning (only very important / critical messages are logged)
loglevel notice
logfile "/data/redis.log"
databases 16
always-show-logo yes
#900秒后 有一个key变化就持久话
#300秒后 有10个key变化就持久话
#60秒后 有10000个key变化就持久话
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
# The filename where to dump the DB
dbfilename dump.rdb
#redis的工作目录(持久化文件和日志生成后保存的目录)
dir "/data"
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
replica-priority 100
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
appendonly no
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
lua-time-limit 5000systemctl restart docker