Skip to content

ContiNew Admin 演示环境迁移

原 ContiNew Admin 演示环境服务器即将到期,记录迁移演示环境到新服务器的过程。


服务器配置

配置名称配置值
操作系统Ubuntu 24.04.1 LTS
核数8核
内存16GB
硬盘系统盘:30GB,数据盘:200GB(/mnt/data)
带宽10 Mbits

安装 Docker、Docker Compose

参考 Ubuntu 安装 Docker、Docker Compose

shell
docker -v

# 输出
Docker version 28.3.3, build 980b856
shell
docker-compose -v

# 输出
Docker Compose version v2.39.2

上传部署物料

基础设施

上传配置到 /mnt/data/infra(已创建软链接 ~/infra),授权 chmod -R 777 ~/infra

text
~/infra
├─ mysql
│  ├─ conf
│  └─ data
├─ redis
│  ├─ conf
│  │  └─ redis.conf
│  └─ data
├─ minio
│  ├─ conf
│  └─ data
├─ schedule-server(任务调度服务端部署目录,如不需要定时任务可删除)
│  ├─ Dockerfile
│  └─ continew-extension-schedule-server.jar
└─ docker-compose.yml
docker-compose.yml
yaml
version: '3'
services:
  mysql:
    image: mysql:8.0.42
    container_name: mysql
    restart: always
    ports:
      - '3306:3306'
    volumes:
      - ~/infra/mysql/conf/:/etc/mysql/conf.d/
      - ~/infra/mysql/data/:/var/lib/mysql/
    environment:
      TZ: Asia/Shanghai
      MYSQL_ROOT_PASSWORD: 你的root用户密码
      # 初始化数据库(后续的初始化 SQL 会在这个库执行)
      MYSQL_DATABASE: continew_admin_job
      MYSQL_USER: 数据库用户名
      MYSQL_PASSWORD: 数据库用户密码
    command:
      --mysql-native-password=ON
      --character-set-server=utf8mb4
      --collation-server=utf8mb4_general_ci
      --explicit_defaults_for_timestamp=true
      --lower_case_table_names=1
  redis:
    image: redis:7.2.8
    container_name: redis
    restart: always
    ports:
      - '6379:6379'
    volumes:
      - ~/infra/redis/conf/redis.conf:/usr/local/redis/config/redis.conf
      - ~/infra/redis/data/:/data/
      - ~/infra/redis/logs/:/logs/
    environment:
      TZ: Asia/Shanghai
    command: 'redis-server /usr/local/redis/config/redis.conf --appendonly yes'
  minio:
    image: minio/minio:RELEASE.2025-07-23T15-54-02Z
    container_name: minio
    restart: always
    ports:
      - '9000:9000'
      - '9001:9001'
    volumes:
      - ~/infra/minio/conf/:/root/.minio/
      - ~/infra/minio/data/:/data/
    environment:
      TZ: Asia/Shanghai
      MINIO_ROOT_USER: 你的MinIO用户名
      MINIO_ROOT_PASSWORD: 你的MinIO用户密码
    command: server --address ':9000' --console-address ':9001' /data
  schedule-server:
    build: ./schedule-server
    container_name: schedule-server
    restart: always
    ports:
      - '18001:18001'
      - '1788:1788'
    volumes:
      - ~/infra/schedule-server/logs/:/app/logs/
    environment:
      TZ: Asia/Shanghai
      DB_HOST: 172.17.0.1
      DB_PORT: 3306
      DB_USER: 你的数据库用户名
      DB_PWD: 你的数据库密码
      DB_NAME: continew_admin_job
    depends_on:
      - mysql

核心程序

上传配置到 /mnt/data/continew(已创建软链接 ~/continew),授权 chmod -R 777 ~/continew

text
~/continew
├─ tmp(临时目录,用于 CI/CD)
│  └─ web
├─ continew-admin
│  ├─ bin
│  ├─ config
│  ├─ lib
│  ├─ web
│  └─ Dockerfile
├─ nginx
│  └─ conf
│     └─ nginx.conf
└─ docker-compose.yml
docker-compose.yml
yaml
version: '3'
services:
  continew-server:
    build: ./continew-admin
    container_name: continew-server
    restart: always
    ports:
      - '18000:18000'
      - '1789:1789'
    volumes:
      - ~/continew/continew-admin/config/:/app/config/
      - ~/continew/continew-admin/data/file/:/app/data/file/
      - ~/continew/continew-admin/logs/:/app/logs/
      - ~/continew/continew-admin/lib/:/app/lib/
    environment:
      TZ: Asia/Shanghai
      DB_HOST: 172.17.0.1
      DB_PORT: 3306
      DB_USER: 你的数据库用户名
      DB_PWD: 你的数据库密码
      DB_NAME: continew_admin
      REDIS_HOST: 172.17.0.1
      REDIS_PORT: 6379
      REDIS_PWD: 你的 Redis 密码
      REDIS_DB: 15
      SCHEDULE_HOST: 172.17.0.1
      SCHEDULE_PORT: 1788
  continew-web:
    image: nginx:1.27.0
    container_name: continew-web
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ~/continew/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
      - ~/continew/nginx/cert/:/etc/nginx/cert/
      - ~/continew/nginx/logs/:/var/log/nginx/
      # 其他站点
      - ~/continew/nginx/html/:/usr/share/nginx/html/
      # 前端目录
      - ~/continew/continew-admin/web/:/usr/share/nginx/html/admin/
    environment:
      TZ: Asia/Shanghai
nginx.conf
nginx
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    # 限制 body 大小
    client_max_body_size 100m;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    # ContiNew Admin
    server {
        listen       443 ssl;
        server_name  admin.continew.top;

        ssl_certificate      /etc/nginx/cert/admin.continew.top.pem;
        ssl_certificate_key  /etc/nginx/cert/admin.continew.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
            root   /usr/share/nginx/html/admin;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
            # Nginx 部署时,POST 请求本地静态文件会返回 405 错误(Not Allowed)
            # 用于解决一半 mock 数据,一半后端接口的情况
            error_page 405 =200 https://$host$request_uri;
        }

        # /api/ 代理到后端
        location /api/ {
            proxy_pass http://172.17.0.1:18000/;
            proxy_ignore_client_abort on;
            proxy_http_version 1.1;
        
            # Proxy headers
            proxy_set_header Upgrade           $http_upgrade;
            proxy_set_header Connection        "Upgrade";
            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        
            # 演示环境安全配置
            valid_referers *.continew.top;
            if ($invalid_referer) {
                return 403;
            }
            if ($request_method !~* GET|POST|OPTIONS) {
                rewrite ^/(.*)$ /403;
            }
            location ~ ^/api/system/file/(upload|dir)$ {
                rewrite ^ /403;
            }
        }

        # 403拦截响应
        location = /403 {
            add_header 'Access-Control-Allow-Origin' "https://admin.continew.top";
            add_header 'Access-Control-Max-Age' 86400;
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS';
            default_type application/json;
            return 200 '{"success":false, "code":403, "msg":"演示环境,不允许操作", "data":null}';
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    # 将 HTTP 请求转发到 HTTPS
    server {
        listen  80;
        server_name  admin.continew.top;
        rewrite ^ https://$http_host$request_uri? permanent;
    }

    ## ContiNew Admin 文件服务器站点
    server {
        listen       443 ssl;
        server_name  continew-admin.file.continew.top;

        # 证书直接存放 /docker/nginx/cert 目录下即可(更改证书名称即可,无需更改证书路径)
        ssl_certificate      /etc/nginx/cert/continew-admin.file.continew.top.pem;
        ssl_certificate_key  /etc/nginx/cert/continew-admin.file.continew.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location ^~ / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_ignore_client_abort on;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://114.66.50.42:19000/continew-admin/;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    server {
        listen  80;
        server_name  continew-admin.file.continew.top;
        rewrite ^ https://$http_host$request_uri? permanent;
    }

    # ContiNew 文档
    server {
        listen       443 ssl;
        server_name  continew.top www.continew.top;

        ssl_certificate      /etc/nginx/cert/continew.top.pem;
        ssl_certificate_key  /etc/nginx/cert/continew.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
            root   /usr/share/nginx/html/doc;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
            error_page 405 =200 https://$host$request_uri;

            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
            
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
                return 204;
            }
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    # 将 HTTP 请求转发到 HTTPS
    server {
        listen  80;
        server_name  continew.top www.continew.top;
        rewrite ^ https://$http_host$request_uri? permanent;
    }
}

迁移SSL证书

迁移原有 SSL 证书到 ~/continew/nginx/cert 目录下。

运行容器

基础设施

启动基础设施相关容器。

shell
cd ./infra
docker-compose up -d

检查相关容器运行状态。如果容器运行有错误,修正配置重新构建前,请记得先删除对应挂载目录数据。

docker ps

检查安全组配置,检查基础设施是否能正常访问,并进行初始配置。

  1. Snail Job 需要登录后修改密码(默认:admin/admin)

  2. MinIO 需要登录控制台创建 continew-admin

  3. MySQL 需要创建 continew_admin 数据库及新用户(用于 continew-server)。

    sql
    CREATE DATABASE continew_admin;
    
    CREATE USER `用户名`@`主机地址` IDENTIFIED WITH mysql_native_password BY '密码';
    
    GRANT ALL ON `continew_admin`.* TO `用户名`@`主机地址`;

核心程序

修改 github action 变量配置(Actions secrets and variables),使其重新构建及部署即可,还可以检测相关 CI/CD 是否正确。

SERVER_HOST
SERVER_PORT
SERVER_USERNAME
SERVER_PASSWORD
SERVER_TMP_PATH
SERVER_PATH

检查相关容器运行状态。如果容器运行有错误,修正配置后可以重新构建镜像并运行容器。

shell
docker ps

# 检查指定容器状态
docker logs -f continew-server

# 重新构建镜像并运行容器
docker-compose up --force-recreate --build -d continew-server

检查核心程序是否能正常访问。

初始化演示环境数据

  1. 上传文件到 MinIO,并初始化 sys_storagesys_file
  2. 调整 sys_option 系统参数表

调整域名解析

调整域名解析到新服务器。

备份

备份实际部署配置文件。