Serve端
警告
请认真查阅和严格按照文档的步骤执行,否则可能无法正常运行
# 启动前环境要求及部署
# 1. Minio
docker run -d -p 9000:9000 -p 9001:9001 --name minio -v /home/minio/data:/data \
-v /home/minio/cert:/root/.minio -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
--restart=always quay.io/minio/minio server /data --console-address ":9001"
# 没有完全结束, 使用方法2生成两个文件后, 为minio配置https
# 放置于抛出的 /home/minio/cert/certs 目录下 重启容器
# 2. 生成一个证书
下载签名工具 签名工具 (opens new window)
查看minio内部IP
docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)
# 172.17.0.3 是docker minio内部IP, 需要特别注意这个IP在映射出端口的情况下必须写
certgen-windows-amd64.exe -ecdsa-curve P256 -host 127.0.0.1,localhost,172.17.0.3,192.168.0.103
# 执行后会生成 private.key public.crt 备用
# 3. JDK
强制要求Open Jdk 17+ , 这是由于最新版Tio用17+ JDK构建的原因, 非作者主观意愿可以调整的.
# 配置JDK证书信任,否则会抛出下列错误
# javax.net.ssl.SSLHandshakeException: PKIX path building failed:
# sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target
# at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
# at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
# at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
# 在JDK bin目录下运行
.\keytool -import -alias sslServer_03 -file D:\key\public.crt -keystore ..\lib\security\cacerts -storepass changeit -v
# 4. MongoDB
# 注意替换`密码`两个字, 不要激动
docker run --name mongo --restart=always -p 27017:27017 -v /home/mongodb:/data/db \
-e MONGO_INITDB_ROOT_USERNAME=admin -e MONGO_INITDB_ROOT_PASSWORD=密码 \
-d mongo:latest mongod --auth
# 5. nginx配置
# 参考配置如下
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 75s;
gzip on;
gzip_min_length 4k;
gzip_comp_level 4;
client_max_body_size 1024m;
client_header_buffer_size 32k;
client_body_buffer_size 8m;
server_names_hash_bucket_size 512;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
gzip_types application/javascript application/x-javascript text/javascript text/css application/json application/xml;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 9999 ssl http2;
ssl_certificate /home/nginxWebUI/cert/public.crt;
ssl_certificate_key /home/nginxWebUI/cert/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
location / {
proxy_pass http://192.168.31.93:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /ws {
proxy_pass http://192.168.31.93:9326;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://192.168.31.93:8088/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /courier/ {
proxy_pass https://192.168.3.128:9000/courier/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/openvidu/ {
proxy_pass http://127.0.0.1/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# 6. OpenVidu视频服务器搭建
curl https://s3-eu-west-1.amazonaws.com/aws.openvidu.io/install_openvidu_2.22.0.sh | bash
# 脚本会下载一个文件夹到当前目录
cd openvidu
vi .env
# 修改 DOMAIN_OR_PUBLIC_IP=为你公网/内网服务器地址
# 修改 OPENVIDU_SECRET=MY_SECRET
# 修改 CERTIFICATE_TYPE=owncert
# 复制步骤2中生成的 private.key public.crt 到 openvidu/owncert 下
# 重命名 private.key 为 certificate.key public.crt 为 certificate.cert
./openvidu start
# 80 TCP: http 访问端口
# 443 TCP: https访问端口
# 3478 TCP+UDP: TURN server 用来解析IP
# 40000 - 57000 TCP+UDP: KMS用来建立媒体连接
# 57001 - 65535 TCP+UDP: turnserver 用来建立中继连接
# 8888 KMS 连接端口
# 启动
更新依赖
ImServe run 没啥好说的
# 打包
正常构建,好像也没啥好说的, 最终的jar 在imServe下面的target目录.im-server-jar-with-dependencies.jar
# 运行
FROM openjdk:17
MAINTAINER 473302042@qq.com
ADD im-server-jar-with-dependencies.jar im-server-jar-with-dependencies.jar
ADD public.crt public.crt
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' > /etc/timezone
RUN keytool -import -alias sslServer_03 -file public.crt -keystore /usr/java/openjdk-17/lib/security/cacerts -storepass changeit -v -noprompt
EXPOSE 8088 9326
ENTRYPOINT ["java","-XX:+HeapDumpOnOutOfMemoryError","-Dtio.default.read.buffer.size=512","-XX:HeapDumpPath=./java-im-server-pid.hprof","-DENV=prod","-jar","im-server-jar-with-dependencies.jar"]
注意: 自签名的话需要将public.ctr放置到同目录,公网颁发则去除 ADD public.crt public.crt 和RUN keytool -import -alias sslServer...即可
启动
#!/bin/bash
docker build -t courier:latest .
docker stop courier
docker rm courier
docker run -d --net=host --name courier courier:latest
上次更新: 8/6/2022, 1:25:58 PM