<>包裹的地方需要根据实际情况修改
Docker、DockerCompose 安装脚本
install-docker.sh
curl -fsSL get.docker.com -o get-docker.sh && `# 下载安装脚本`
sudo sh get-docker.sh --mirror Aliyun && `# 执行安装脚本`
sudo systemctl enable docker && `# 加入开机启动`
sudo systemctl start docker && `# 启动docker服务`
sudo groupadd -f docker && `# 创建docker组`
sudo usermod -aG docker $USER && `# 将当前用户加入docker组`
sudo mkdir -p /etc/docker && `# 创建配置目录`
sudo newgrp docker && `# 更新docker组信息`
sudo echo -e '{\n "registry-mirrors": [\n "https://<your-aliyun-mirror-address>"\n ],\n "log-driver": "json-file",\n "log-opts": {\n "max-size": "500m",\n "max-file": "3"\n }\n}' >>/etc/docker/daemon.json && `# 设置阿里云镜像加速、日志大小限制`
sudo systemctl daemon-reload && `# 重新加载所有系统服务配置`
sudo systemctl restart docker `# 重启docker服务`
install-compose.sh
sudo curl -L "https://github.com/docker/compose/releases/download/v2.14.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 国内加速镜像
# sudo curl -L "https://get.daocloud.io/docker/compose/releases/download/v2.14.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
MySQL
docker-compose.yml
version: "3"
services:
mysql:
image: "mysql:5.7.40"
container_name: mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: <password>
TZ: Asia/Shanghai
ports:
- "3306:3306"
volumes:
- "$PWD/data:/var/lib/mysql"
- "$PWD/log:/var/log/mysql"
- "$PWD/conf:/etc/mysql/conf.d"
my-custom.cnf
# MySQL官方文档:https://dev.mysql.com/doc/refman/5.7/en/
# 客户端设置
[client]
# 默认连接端口
port = 3306
# 服务端基本配置
[mysqld]
# 服务端监听端口
port = 3306
# 数据库实例标识,每个数据库server-id不能重复
server-id = 1
#二进制日志文件名
log-bin = mysql-bin
# binlog记录格式,STATEMENT:直接记录原始语句,存在nondeterministic的问题(如AUTO_INCREMENT,UUID等),因此容易造成主从数据不一致;ROW:推荐的配置方式,将对数据修改的SQL语句转换成对应的行改变;MIXED:默认情况下为STATEMENT,遇到特殊的SQL语句时转换为ROW格式。参考:https://developer.aliyun.com/article/780928
binlog-format=ROW
# 二进制日志同步到磁盘的频率,每n个事务提交之后,MySQL将进行一次fsync之类的磁盘同步指令来将binlog_cache中的数据强制写入磁盘,0表示由文件系统自行决定什么时候同步
sync_binlog=0
# 设置binlog校验算法(循环冗余校验码)
binlog-checksum=CRC32
# 用于在二进制日志记录事件相关的信息,可降低故障排除的复杂度
binlog-rows-query-log_events=1
# 二进制日志保留天数,默认值0表示永久保留
expire_logs_days=0
# binlog单文件最大值,默认值1G
max_binlog_size=1024M
# 同时最大连接数
max_connections = 300
# 同ip最大错误尝试数
max_connect_errors = 30
# 忽略应用程序想要设置的其他字符集
skip-character-set-client-handshake
# 服务端默认字符集
character-set-server = utf8mb4
# 服务端默认排序规则
collation-server = utf8mb4_general_ci
# 非交互连接(连接池、非客户端方式)的超时时间,默认是28800,8小时
wait_timeout=1800
# 交互式连接超时时间,默认28800,8小时
interactive_timeout=1800
# sql模式,参考:https://www.cnblogs.com/clschao/articles/9962347.html
# NO_ENGINE_SUBSTITUTION:如果需要的存储引擎被禁用或未编译,那么抛出错误
# STRICT_TRANS_TABLES:如果一个值不能插入到一个事务表中,则中断当前的操作,对非事务表不做限制
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# 最大允许传输包的大小
max_allowed_packet = 10M
# 缓存相关设置,参考:https://www.cnblogs.com/zengkefu/p/5600185.html
query_cache_type = 1
query_cache_size = 128M
query_cache_limit = 4M
key_buffer_size = 256M
bulk_insert_buffer_size = 8M
read_buffer_size = 16K
# 禁止域名解析,参考:https://www.cnblogs.com/ivictor/p/5311607.html
skip-name-resolve
# 慢查询相关配置
slow_query_log=1
long_query_time = 6
slow_query_log_file=/var/log/mysql/slow-query.log
# 控制RDS for MySQL磁盘写入策略,参考:https://support.huaweicloud.com/bestpractice-rds/rds_02_0010.html
innodb_flush_log_at_trx_commit = 2
# redolog的写缓存
innodb_log_buffer_size = 16M
# 关闭ssl,默认开启ssl,mysql连接没有指定useSSL=false时会出现Bad handshake
skip_ssl
[mysql]
# 关闭自动补全
no-auto-rehash
MinIO
docker-compose.yml
version: "3"
services:
minio:
image: minio/minio:latest
container_name: minio
restart: always
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: <username>
MINIO_ROOT_PASSWORD: <password>
volumes:
- "$PWD/data:/data"
- "$PWD/conf:/root/.minio"
command: server --console-address ':9001' /data
# ========== 下面是traefik配置,不需要的可以不加 ==========
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio-console-secure.entrypoints=websecure"
- "traefik.http.routers.minio-console-secure.rule=Host(`minio.console.<your-domain>`)"
- "traefik.http.routers.minio-console-secure.service=minio-console-secure"
- "traefik.http.routers.minio-secure.entrypoints=websecure"
- "traefik.http.routers.minio-secure.rule=Host(`minio.<your-domain>`)"
- "traefik.http.routers.minio-secure.service=minio-secure"
- "traefik.http.services.minio-console-secure.loadbalancer.server.port=9001"
- "traefik.http.services.minio-secure.loadbalancer.server.port=9000"
networks:
proxy:
external: true
Vaultwarden
docker-compose.yml
version: '3'
services:
vaultwarden:
image: vaultwarden/server:1.26.0
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
# 数据库地址,不设置默认使用内置 sqllite3 数据库,存放在 /data 文件夹中
DATABASE_URL: "mysql://<username>:<password>@<ip>:<port>/<database>"
# 邮件发送设置,不设置无法使用邮件发送相关功能,例如:密码提示邮件
SMTP_HOST: <smtp.domain.tld>
SMTP_FROM: <vaultwarden@domain.tld>
SMTP_PORT: 587
SMTP_SECURITY: starttls
SMTP_USERNAME: <username>
SMTP_PASSWORD: <password>
volumes:
- ./data:/data
# ========== 下面是traefik配置,不需要的可以不加 ==========
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.bw-stripprefix.stripprefix.forceSlash=false"
- "traefik.http.middlewares.bw-stripprefix.stripprefix.prefixes=/notifications/hub"
- "traefik.http.routers.bitwarden-secure.entrypoints=websecure"
- "traefik.http.routers.bitwarden-secure.rule=Host(`bitwarden.<your-domain>`)"
- "traefik.http.routers.bitwarden-secure.service=bitwarden-secure"
- "traefik.http.routers.bitwarden-ws.entrypoints=websecure"
- "traefik.http.routers.bitwarden-ws.middlewares=bw-stripprefix@docker"
- "traefik.http.routers.bitwarden-ws.rule=Host(`bitwarden.<your-domain>`) && Path(`/notifications/hub`)"
- "traefik.http.routers.bitwarden-ws.service=bitwarden-ws"
- "traefik.http.services.bitwarden-secure.loadbalancer.server.port=80"
- "traefik.http.services.bitwarden-ws.loadbalancer.server.port=3012"
networks:
proxy:
external: true
Halo
docker-compose.yaml
version: "3"
services:
halo:
image: halohub/halo:2.0.2
container_name: halo
restart: on-failure:3
volumes:
- ./data:/root/.halo2
environment:
- SPRING_R2DBC_URL=r2dbc:pool:mysql://<ip>:<port>/<database>
- SPRING_R2DBC_USERNAME=<username>
- SPRING_R2DBC_PASSWORD=<password>
- SPRING_SQL_INIT_PLATFORM=mysql
# 外部访问地址,请根据实际需要修改
- HALO_EXTERNAL_URL=http://<your-domain>/
# 初始化的超级管理员用户名
- HALO_SECURITY_INITIALIZER_SUPERADMINUSERNAME=<username>
# 初始化的超级管理员密码
- HALO_SECURITY_INITIALIZER_SUPERADMINPASSWORD=<password>
# ========== 下面是traefik配置,不需要的可以不加 ==========
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.halo-compress.compress=true"
- "traefik.http.routers.halo-secure.entrypoints=websecure"
- "traefik.http.routers.halo-secure.middlewares=halo-compress@docker"
- "traefik.http.routers.halo-secure.rule=Host(`<your-domain>`)||Host(`www.<your-domain>`)"
- "traefik.http.routers.halo-secure.service=halo-secure"
- "traefik.http.services.halo-secure.loadbalancer.server.port=8090"
networks:
proxy:
external: true
Rustdesk
docker-compose.yml
version: '3'
services:
rustdesk-server:
container_name: rustdesk-server
image: rustdesk/rustdesk-server-s6:latest
restart: unless-stopped
ports:
- 21115:21115
- 21116:21116
- 21116:21116/udp
- 21117:21117
- 21118:21118
- 21119:21119
environment:
- "RELAY=ip:21117"
- "ENCRYPTED_ONLY=1"
# 使用 docker run --rm --entrypoint /usr/bin/rustdesk-utils rustdesk/rustdesk-server-s6:latest genkeypair 创建下面的密钥
- "KEY_PRIV=<private-key>"
- "KEY_PUB=<public-key>"
volumes:
- ./data:/data
Teamspeak
docker-compose.yml
version: '3.1'
services:
teamspeak:
image: teamspeak:latest
restart: always
ports:
- 9987:9987/udp
- 10011:10011
- 30033:30033
volumes:
- ./data:/var/ts3server
environment:
TS3SERVER_LICENSE: accept
Traefik
docker-compose.yml
version: '3.7'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/configurations:/configurations
networks:
- proxy
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=proxy'
- 'traefik.http.routers.traefik-secure.entrypoints=websecure'
- 'traefik.http.routers.traefik-secure.middlewares=user-auth@file'
- 'traefik.http.routers.traefik-secure.rule=Host(`traefik.<your-domain>`)'
- 'traefik.http.routers.traefik-secure.service=api@internal'
networks:
proxy:
external: true
traefik.yml
api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
- nofloc@file
tls:
certResolver: letsencrypt
pilot:
dashboard: false
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: email-address
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
buypass:
acme:
email: email-address
storage: acme.json
caServer: https://api.buypass.com/acme/directory
keyType: EC256
httpChallenge:
entryPoint: web
configurations/dynamic.yml
# Dynamic configuration
http:
middlewares:
nofloc:
headers:
customResponseHeaders:
Permissions-Policy: 'interest-cohort=()'
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
# users 选项是认证用户的列表
# 使用 echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
# 来创建 user:password 键值对
users:
- '<username>:<encrypted_password>'
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
评论区