ContiNew Admin 演示环境迁移
原 ContiNew Admin 演示环境服务器即将到期,记录迁移演示环境到新服务器的过程。
服务器配置
| 配置名称 | 配置值 |
|---|---|
| 操作系统 | Ubuntu 24.04.1 LTS |
| 核数 | 8核 |
| 内存 | 16GB |
| 硬盘 | 系统盘:30GB,数据盘:200GB(/mnt/data) |
| 带宽 | 10 Mbits |
安装 Docker、Docker Compose
参考 Ubuntu 安装 Docker、Docker Compose。
shell
docker -v
# 输出
Docker version 28.3.3, build 980b856shell
docker-compose -v
# 输出
Docker Compose version v2.39.2上传部署物料
基础设施
上传配置到 /mnt/data/infra(已创建软链接 ~/infra),授权 chmod -R 777 ~/infra。
text
~/infra
├─ mysql
│ ├─ conf
│ └─ data
├─ redis
│ ├─ conf
│ │ └─ redis.conf
│ └─ data
├─ minio
│ ├─ conf
│ └─ data
├─ schedule-server(任务调度服务端部署目录,如不需要定时任务可删除)
│ ├─ Dockerfile
│ └─ continew-extension-schedule-server.jar
└─ docker-compose.ymlyaml
version: '3'
services:
mysql:
image: mysql:8.0.42
container_name: mysql
restart: always
ports:
- '3306:3306'
volumes:
- ~/infra/mysql/conf/:/etc/mysql/conf.d/
- ~/infra/mysql/data/:/var/lib/mysql/
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD: 你的root用户密码
# 初始化数据库(后续的初始化 SQL 会在这个库执行)
MYSQL_DATABASE: continew_admin_job
MYSQL_USER: 数据库用户名
MYSQL_PASSWORD: 数据库用户密码
command:
--mysql-native-password=ON
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
redis:
image: redis:7.2.8
container_name: redis
restart: always
ports:
- '6379:6379'
volumes:
- ~/infra/redis/conf/redis.conf:/usr/local/redis/config/redis.conf
- ~/infra/redis/data/:/data/
- ~/infra/redis/logs/:/logs/
environment:
TZ: Asia/Shanghai
command: 'redis-server /usr/local/redis/config/redis.conf --appendonly yes'
minio:
image: minio/minio:RELEASE.2025-07-23T15-54-02Z
container_name: minio
restart: always
ports:
- '9000:9000'
- '9001:9001'
volumes:
- ~/infra/minio/conf/:/root/.minio/
- ~/infra/minio/data/:/data/
environment:
TZ: Asia/Shanghai
MINIO_ROOT_USER: 你的MinIO用户名
MINIO_ROOT_PASSWORD: 你的MinIO用户密码
command: server --address ':9000' --console-address ':9001' /data
schedule-server:
build: ./schedule-server
container_name: schedule-server
restart: always
ports:
- '18001:18001'
- '1788:1788'
volumes:
- ~/infra/schedule-server/logs/:/app/logs/
environment:
TZ: Asia/Shanghai
DB_HOST: 172.17.0.1
DB_PORT: 3306
DB_USER: 你的数据库用户名
DB_PWD: 你的数据库密码
DB_NAME: continew_admin_job
depends_on:
- mysql核心程序
上传配置到 /mnt/data/continew(已创建软链接 ~/continew),授权 chmod -R 777 ~/continew。
text
~/continew
├─ tmp(临时目录,用于 CI/CD)
│ └─ web
├─ continew-admin
│ ├─ bin
│ ├─ config
│ ├─ lib
│ ├─ web
│ └─ Dockerfile
├─ nginx
│ └─ conf
│ └─ nginx.conf
└─ docker-compose.ymlyaml
version: '3'
services:
continew-server:
build: ./continew-admin
container_name: continew-server
restart: always
ports:
- '18000:18000'
- '1789:1789'
volumes:
- ~/continew/continew-admin/config/:/app/config/
- ~/continew/continew-admin/data/file/:/app/data/file/
- ~/continew/continew-admin/logs/:/app/logs/
- ~/continew/continew-admin/lib/:/app/lib/
environment:
TZ: Asia/Shanghai
DB_HOST: 172.17.0.1
DB_PORT: 3306
DB_USER: 你的数据库用户名
DB_PWD: 你的数据库密码
DB_NAME: continew_admin
REDIS_HOST: 172.17.0.1
REDIS_PORT: 6379
REDIS_PWD: 你的 Redis 密码
REDIS_DB: 15
SCHEDULE_HOST: 172.17.0.1
SCHEDULE_PORT: 1788
continew-web:
image: nginx:1.27.0
container_name: continew-web
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ~/continew/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
- ~/continew/nginx/cert/:/etc/nginx/cert/
- ~/continew/nginx/logs/:/var/log/nginx/
# 其他站点
- ~/continew/nginx/html/:/usr/share/nginx/html/
# 前端目录
- ~/continew/continew-admin/web/:/usr/share/nginx/html/admin/
environment:
TZ: Asia/Shanghainginx
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 限制 body 大小
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# ContiNew Admin
server {
listen 443 ssl;
server_name admin.continew.top;
ssl_certificate /etc/nginx/cert/admin.continew.top.pem;
ssl_certificate_key /etc/nginx/cert/admin.continew.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html/admin;
try_files $uri $uri/ /index.html;
index index.html index.htm;
# Nginx 部署时,POST 请求本地静态文件会返回 405 错误(Not Allowed)
# 用于解决一半 mock 数据,一半后端接口的情况
error_page 405 =200 https://$host$request_uri;
}
# /api/ 代理到后端
location /api/ {
proxy_pass http://172.17.0.1:18000/;
proxy_ignore_client_abort on;
proxy_http_version 1.1;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 演示环境安全配置
valid_referers *.continew.top;
if ($invalid_referer) {
return 403;
}
if ($request_method !~* GET|POST|OPTIONS) {
rewrite ^/(.*)$ /403;
}
location ~ ^/api/system/file/(upload|dir)$ {
rewrite ^ /403;
}
}
# 403拦截响应
location = /403 {
add_header 'Access-Control-Allow-Origin' "https://admin.continew.top";
add_header 'Access-Control-Max-Age' 86400;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
default_type application/json;
return 200 '{"success":false, "code":403, "msg":"演示环境,不允许操作", "data":null}';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# 将 HTTP 请求转发到 HTTPS
server {
listen 80;
server_name admin.continew.top;
rewrite ^ https://$http_host$request_uri? permanent;
}
## ContiNew Admin 文件服务器站点
server {
listen 443 ssl;
server_name continew-admin.file.continew.top;
# 证书直接存放 /docker/nginx/cert 目录下即可(更改证书名称即可,无需更改证书路径)
ssl_certificate /etc/nginx/cert/continew-admin.file.continew.top.pem;
ssl_certificate_key /etc/nginx/cert/continew-admin.file.continew.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ^~ / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_ignore_client_abort on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://114.66.50.42:19000/continew-admin/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name continew-admin.file.continew.top;
rewrite ^ https://$http_host$request_uri? permanent;
}
# ContiNew 文档
server {
listen 443 ssl;
server_name continew.top www.continew.top;
ssl_certificate /etc/nginx/cert/continew.top.pem;
ssl_certificate_key /etc/nginx/cert/continew.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html/doc;
try_files $uri $uri/ /index.html;
index index.html index.htm;
error_page 405 =200 https://$host$request_uri;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
return 204;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# 将 HTTP 请求转发到 HTTPS
server {
listen 80;
server_name continew.top www.continew.top;
rewrite ^ https://$http_host$request_uri? permanent;
}
}迁移SSL证书
迁移原有 SSL 证书到 ~/continew/nginx/cert 目录下。
运行容器
基础设施
启动基础设施相关容器。
shell
cd ./infra
docker-compose up -d检查相关容器运行状态。如果容器运行有错误,修正配置重新构建前,请记得先删除对应挂载目录数据。
docker ps检查安全组配置,检查基础设施是否能正常访问,并进行初始配置。
Snail Job 需要登录后修改密码(默认:admin/admin)
MinIO 需要登录控制台创建
continew-admin桶MySQL 需要创建
continew_admin数据库及新用户(用于 continew-server)。sqlCREATE DATABASE continew_admin; CREATE USER `用户名`@`主机地址` IDENTIFIED WITH mysql_native_password BY '密码'; GRANT ALL ON `continew_admin`.* TO `用户名`@`主机地址`;
核心程序
修改 github action 变量配置(Actions secrets and variables),使其重新构建及部署即可,还可以检测相关 CI/CD 是否正确。
SERVER_HOST
SERVER_PORT
SERVER_USERNAME
SERVER_PASSWORD
SERVER_TMP_PATH
SERVER_PATH检查相关容器运行状态。如果容器运行有错误,修正配置后可以重新构建镜像并运行容器。
shell
docker ps
# 检查指定容器状态
docker logs -f continew-server
# 重新构建镜像并运行容器
docker-compose up --force-recreate --build -d continew-server检查核心程序是否能正常访问。
初始化演示环境数据
- 上传文件到 MinIO,并初始化
sys_storage,sys_file表 - 调整
sys_option系统参数表
调整域名解析
调整域名解析到新服务器。
备份
备份实际部署配置文件。