add

2024-10-30 16:30:51 +08:00
commit 437acbeb63
3363 changed files with 653948 additions and 0 deletions
--- a/2-生产环境4.0/1.txt
+++ b/2-生产环境4.0/1.txt
@@ -0,0 +1 @@
+1. 
--- a/2-生产环境4.0/132-nginx.conf
+++ b/2-生产环境4.0/132-nginx.conf
@@ -0,0 +1,147 @@
+
+#server {
+#    listen 443 ssl   ;
+#    listen [::]:443 ssl    ;
+#    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+#    include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+#    server_name s.uavcmlc.com;
+#    rewrite ^(.*)$ https://s.uavcmlc.com:443$1 permanent;
+#    error_page 497 301 https://s.uavcmlc.com:443$1;
+#}
+
+
+upstream  k8s_cluster {
+    ip_hash;
+    #server 192.168.148.132:30500;
+    #server 192.168.148.130:30500;
+    server 192.168.148.160:30500;
+    #server 192.168.148.161:30500;
+    #server 192.168.148.162:30500;
+    #server 192.168.148.170:30500;
+    server 192.168.148.170:30500;
+    server 192.168.148.173:30500;
+
+
+}
+
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+    server_name s.uavcmlc.com;
+
+    # 淇CSRF婕?    valid_referers none blocked server_names;
+    if ($invalid_referer) {
+           return 403;
+    }
+
+    location / {
+        proxy_pass http://k8s_cluster/;
+        client_max_body_size 5120m;
+        client_body_buffer_size 5120m;
+        client_body_timeout 6000s;
+        proxy_send_timeout 10000s;
+        proxy_read_timeout 10000s;
+        proxy_connect_timeout 600s;
+        proxy_max_temp_file_size 5120m;
+        proxy_request_buffering on;
+        proxy_buffering off;
+        proxy_buffer_size 4k;
+        proxy_buffers 4 12k;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /_AMapService/v4/map/styles {
+        set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
+        proxy_pass https://webapi.amap.com/v4/ap/styles;
+    }
+
+    location /_AMapService/ {
+        set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
+        proxy_pass https://restapi.amap.com/;
+    }
+
+
+    location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) {
+        return 403;
+    }
+    error_page 404 /404.html;
+
+}
+
+server {
+    listen 443 ssl    ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    server_name slive.uavcmlc.com;
+
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
+    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
+
+    #proxy_ignore_client_abort on;
+
+    location / {
+        proxy_pass http://k8s_cluster/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #proxy_pass http://192.168.148.130:38080/;
+    }
+}
+
+server {
+    listen 443 ssl    ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    server_name soss.uavcmlc.com;
+
+    ignore_invalid_headers off;
+    proxy_buffering off;
+    client_max_body_size 1024m;
+    client_body_buffer_size 1024m;
+    sendfile            on;
+    send_timeout 600;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   600;
+    types_hash_max_size 2048;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 300;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        chunked_transfer_encoding off;
+
+        proxy_pass http://192.168.148.141:9000;
+    }
+}
+server {
+  listen 443 ssl    ;
+  listen [::]:443 ssl    ;
+  include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+  server_name soss-cs.uavcmlc.com;
+
+  client_max_body_size    5120m;
+  client_body_buffer_size 5120m;
+
+  location / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_http_version 1.1;
+    proxy_pass http://192.168.148.141:9001;
+  }
+}
--- a/2-生产环境4.0/2-imageDownSync.sh
+++ b/2-生产环境4.0/2-imageDownSync.sh
@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+
+### 需要修改以下的内容  ###
+#### 需要修改以下的内容  ###
+#### 需要修改以下的内容  ###
+
+cmlc_app_image_list="cmlc-app-images.txt"         # 需要修改版本
+rancher_image_list="kubernetes-1.20.4.txt"  # 一般不需要修改
+middleware_image_list="middleware-images.txt"     # 一般不需要修改
+DockerRegisterDomain="192.168.8.65:8033"     # 需要根据实际修改
+HarborAdminPass=V2ryStr@ngPss                     # 需要跟第一脚本中的密码保持一致
+
+#### 需要修改以上的内容  ###
+#### 需要修改以上的内容  ###
+#### 需要修改以上的内容  ###
+
+downloadAllNeededImages() {
+  while [[ $# > 0 ]]; do
+    pulled=""
+    while IFS= read -r i; do
+      [ -z "${i}" ] && continue
+      echo "开始下载：${i}"
+      if docker pull "${i}" >/dev/null 2>&1; then
+        echo "Image pull success: ${i}"
+        pulled="${pulled} ${i}"
+      else
+        if docker inspect "${i}" >/dev/null 2>&1; then
+          pulled="${pulled} ${i}"
+        else
+          echo "Image pull failed: ${i}"
+        fi
+      fi
+      echo "-------------------------------------------------"
+    done <"${1}"
+    shift
+  done
+}
+
+downloadAllNeededImagesAndCompress() {
+  while [[ $# > 0 ]]; do
+    pulled=""
+    while IFS= read -r i; do
+      [ -z "${i}" ] && continue
+      echo "开始下载：${i}"
+      if docker pull "${i}" >/dev/null 2>&1; then
+        echo "Image pull success: ${i}"
+        pulled="${pulled} ${i}"
+      else
+        if docker inspect "${i}" >/dev/null 2>&1; then
+          pulled="${pulled} ${i}"
+        else
+          echo "Image pull failed: ${i}"
+        fi
+      fi
+      echo "-------------------------------------------------"
+    done <"${1}"
+    compressPacName="$(echo ${1} | cut -d"." -f1).tar.gz"
+
+    echo "Creating ${compressPacName} with $(echo ${pulled} | wc -w | tr -d '[:space:]') images"
+    docker save $(echo ${pulled}) | gzip --stdout > ${compressPacName}
+
+    shift
+  done
+
+}
+
+pushRKEImageToHarbor(){
+  linux_images=()
+  while IFS= read -r i; do
+      [ -z "${i}" ] && continue
+      linux_images+=("${i}");
+  done < "${rancher_image_list}"
+
+  docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
+
+  for i in "${linux_images[@]}"; do
+      [ -z "${i}" ] && continue
+      case $i in
+      */*)
+          image_name="${DockerRegisterDomain}/${i}"
+          ;;
+      *)
+          image_name="${DockerRegisterDomain}/rancher/${i}"
+          ;;
+      esac
+
+      echo "开始镜像至私有仓库推送：${image_name}"
+      docker tag "${i}" "${image_name}"
+      docker push "${image_name}"
+      echo "-------------------------------------------------"
+  done
+  
+}
+
+pushCMLCAPPImageToHarbor(){
+  app_images=()
+  while IFS= read -r i; do
+      [ -z "${i}" ] && continue
+      app_images+=("${i}");
+  done < "${cmlc_app_image_list}"
+
+  docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
+  for app in "${app_images[@]}"; do
+      [ -z "${app}" ] && continue
+      image_name="${DockerRegisterDomain}/$(echo ${app} | cut -d"/" -f2-8)"
+      echo "开始镜像至私有仓库推送：${image_name}"
+      docker tag "${app}" "${image_name}"
+      docker push "${image_name}"
+      echo "-------------------------------------------------"
+  done
+}
+
+pushMiddlewareImageToHarbor(){
+  middleware_image=()
+  while IFS= read -r i; do
+      [ -z "${i}" ] && continue
+      middleware_image+=("${i}");
+  done < "${middleware_image_list}"
+
+  docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
+  for app in "${middleware_image[@]}"; do
+      [ -z "${app}" ] && continue
+      case ${app} in
+      */*/*)
+          image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f3-8)"
+          ;;
+      */*)
+          image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f2-8)"
+          ;;
+      esac
+
+      echo "开始镜像至私有仓库推送：${image_name}"
+      docker tag "${app}" "${image_name}"
+      docker push "${image_name}"
+      echo "-------------------------------------------------"
+  done
+}
+
+
+#downloadAllNeededImagesAndCompress  "kubernetes-1.20.4.txt"
+downloadAllNeededImages   "cmlc-app-images-4.0.4.txt"
+#
+#pushRKEImageToHarbor
+#pushMiddlewareImageToHarbor
--- a/2-生产环境4.0/cmlc-app-images-4.0.0.txt
+++ b/2-生产环境4.0/cmlc-app-images-4.0.0.txt
@@ -0,0 +1,46 @@
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-mws:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-ai-brain:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-visualization:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-splice:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-cms-portal:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-share:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-industrial-portfolio:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-data-post-process:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-device:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-cms:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-kpi-monitor:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-notice:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-developer:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-mission:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-gateway:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-admin-gateway:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-open-gateway:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-admin-user:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-admin-data:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-mqtthandler:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-logger:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-surveillance:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-user:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-airspace:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-alarm:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-brain:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-waypoint:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-cloud-live:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-process:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-srs-operator:v3.3.2
+harbor.cdcyy.com.cn/cmii/cmii-srs-oss-adaptor:v4.0.0-ts
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-base:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-media:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-autowaypoint:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-suav-supervision:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-emergency-rescue:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-logistics:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-logistics:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:4.0.0
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-security:4.0.0
--- a/2-生产环境4.0/cmlc-app-images-4.0.4.txt
+++ b/2-生产环境4.0/cmlc-app-images-4.0.4.txt
@@ -0,0 +1,46 @@
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-mws:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-ai-brain:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-visualization:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-splice:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-cms-portal:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-share:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-industrial-portfolio:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-data-post-process:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-device:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-cms:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-kpi-monitor:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-notice:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-developer:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-mission:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-gateway:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-admin-gateway:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-open-gateway:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-admin-user:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-admin-data:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-mqtthandler:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-logger:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-surveillance:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-user:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-airspace:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-alarm:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-brain:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-waypoint:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-cloud-live:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-process:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-srs-operator:v3.3.2
+harbor.cdcyy.com.cn/cmii/cmii-srs-oss-adaptor:v4.0.4-ts
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-base:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-media:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-autowaypoint:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-suav-supervision:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-emergency-rescue:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-logistics:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-logistics:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:4.0.4
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-security:4.0.4
--- a/2-生产环境4.0/负载均衡服务器/to-do.md
+++ b/2-生产环境4.0/负载均衡服务器/to-do.md
@@ -0,0 +1,2 @@
+1. 证书
+2. 去掉IP
--- a/2-生产环境4.0/负载均衡服务器/update-nginx.sh
+++ b/2-生产环境4.0/负载均衡服务器/update-nginx.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+
+if [[ $( ip addr | grep -c "192.168.148.131") -eq 1 ]]; then
+    echo "当前主机为 主loadbalancer节点！ 当前时间为 $(date) "
+
+    chown -R nginx:nginx /etc/nginx/
+
+
+    cd /etc/nginx/ && nginx -t
+    cd /etc/nginx/conf.d/ && nginx -t
+
+    if [[  $? -ne  0 ]]; then
+
+        echo "nginx conf is wrong ! please check !"
+        return 23
+    fi
+
+    echo "start to sync nginx conf to another nginx node"
+    rclone sync /etc/nginx/ loadbalancer:/etc/nginx/
+
+
+    echo "start to restart this-self and another nginx conf"
+    systemctl restart nginx
+    ssh loadbalancer "systemctl restart nginx"
+
+
+else
+
+    echo "can't modify nginx conf in this host !"
+fi
+
--- a/2-生产环境4.0/负载均衡服务器/配置/131-nginx-conf.conf
+++ b/2-生产环境4.0/负载均衡服务器/配置/131-nginx-conf.conf
--- a/2-生产环境4.0/负载均衡服务器/配置/131-oss-nginx.conf
+++ b/2-生产环境4.0/负载均衡服务器/配置/131-oss-nginx.conf
@@ -0,0 +1,88 @@
+upstream minio_prod {
+  server 192.168.148.139:39000;
+  server 192.168.148.137:39000;
+  server 192.168.148.140:39000;
+}
+
+server {
+    listen 443  ssl ;
+    #listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    #include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+    server_name oss.uavcmlc.com ;
+    #add_header 'Access-Control-Allow-Origin' "www.uavcmlc.com";
+    location / {
+        #valid_referers none *.uavcmlc.com;
+        #if ($invalid_referer) {
+        #    return 403;
+        #}
+
+        port_in_redirect off;
+        client_max_body_size                    5120m;
+        proxy_connect_timeout                   20s;
+        proxy_send_timeout                      120s;
+        proxy_read_timeout                      120s;
+        proxy_buffering                         off;
+        proxy_buffer_size                       4k;
+        proxy_buffers                           4 4k;
+        proxy_max_temp_file_size                1024m;
+        proxy_request_buffering                 on;
+        proxy_http_version                      1.1;
+        proxy_cookie_domain                     off;
+        proxy_cookie_path                       off;
+        proxy_next_upstream                     error timeout;
+        proxy_next_upstream_timeout             0;
+        proxy_next_upstream_tries               3;
+        proxy_redirect                          off;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass http://minio_prod;
+    }
+    location /minio/ {
+        allow 112.19.8.120/29;
+        allow 183.220.149.16/28;
+        deny  all;
+        proxy_pass http://minio_prod/minio/;
+    }
+    location /crossdomain.xml {
+        allow 112.19.8.120/29;
+        allow 183.220.149.16/28;
+        deny  all;
+    }
+
+    error_page 404 /404.html;
+}
+
+server {
+    listen 443 ssl    ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    server_name soss.uavcmlc.com;
+
+    ignore_invalid_headers off;
+    proxy_buffering off;
+    client_max_body_size 1024m;
+    client_body_buffer_size 1024m;
+    sendfile            on;
+    send_timeout 600;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   600;
+    types_hash_max_size 2048;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 300;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        chunked_transfer_encoding off;
+
+        proxy_pass http://192.168.148.141:9000;
+    }
+}
--- a/2-生产环境4.0/负载均衡服务器/配置/131-web-nginx.conf
+++ b/2-生产环境4.0/负载均衡服务器/配置/131-web-nginx.conf
@@ -0,0 +1,105 @@
+server {
+    listen 443 ssl   ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+    server_name uavcmlc.com;
+    rewrite ^(.*)$ https://www.uavcmlc.com:443$1 permanent;
+    error_page 497 301 https://www.uavcmlc.com:443$1;
+}
+upstream  k8s_cluster {
+    ip_hash;
+    server 192.168.148.130:30500;
+    server 192.168.148.160:30500;
+    server 192.168.148.161:30500;
+    server 192.168.148.162:30500;
+}
+server {
+    listen 443 ssl    backlog=1024;
+    listen [::]:443 ssl    backlog=1024;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+    server_name www.uavcmlc.com s.uavcmlc.com;
+    location / {
+        proxy_pass http://k8s_cluster/;
+        client_max_body_size 5120m;
+        client_body_buffer_size 5120m;
+        client_body_timeout 6000s;
+        proxy_send_timeout 10000s;
+        proxy_read_timeout 10000s;
+        proxy_connect_timeout 600s;
+        proxy_max_temp_file_size 5120m;
+        proxy_request_buffering on;
+        proxy_buffering off;
+        proxy_buffer_size 4k;
+        proxy_buffers 4 12k;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) {
+        return 403;
+    }
+    error_page 404 /404.html;
+
+}
+
+server {
+    listen 443 ssl    ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    include /etc/nginx/conf.d/ssl_settings/error-template.conf;
+
+    #add_header Access-Control-Allow-Origin *;
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
+    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
+
+    server_name live.uavcmlc.com;
+    proxy_ignore_client_abort on;
+
+    location / {
+        proxy_pass http://192.168.148.130:30080/;
+    }
+    location /api/ {
+        allow 112.19.8.120/29;
+        allow 183.220.149.16/28;
+        deny  all;
+        proxy_pass http://192.168.148.130:30985/api/;
+    }
+    location /console/ {
+        return 403;
+    }
+    location /rtc/v1/ {
+        proxy_pass http://192.168.148.130:30985/rtc/v1/;
+    }
+    location /api/hubs/live/ {
+        proxy_set_header Host "live-op.uavcmlc.com";
+        proxy_pass http://k8s_cluster/api/hubs/live/;
+    }
+
+    error_page 404 /404.html;
+}
+server {
+    listen 443 ssl    ;
+    listen [::]:443 ssl    ;
+    include /etc/nginx/conf.d/ssl_settings/ssl-x-uavcmlc.conf;
+    server_name slive.uavcmlc.com;
+
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
+    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
+
+    #proxy_ignore_client_abort on;
+
+    location / {
+        proxy_pass http://k8s_cluster/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #proxy_pass http://192.168.148.130:38080/;
+    }
+}
--- a/2-生产环境4.0/负载均衡服务器/高负载均衡/check-lb-ip.sh
+++ b/2-生产环境4.0/负载均衡服务器/高负载均衡/check-lb-ip.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+
+export log_file=/etc/keepalived/report.log
+
+if [[ $( ip addr | grep -c "192.168.148.131") -eq 1 ]]; then
+
+    echo "当前主机为 主loadbalancer节点！ 当前时间为 $(date) " >> ${log_file}
+
+    echo "start to sync nginx conf to another loadbalancer" >> ${log_file}
+    rclone sync /etc/nginx/ loadbalancer:/etc/nginx/ >> ${log_file}
+
+    echo "start to reload the other loadbalancer nginx" >> ${log_file}
+    ssh loadbalancer "systemctl restart nginx"
+
+    echo "" >> ${log_file}
+    echo "----------------------------" >> ${log_file}
+fi
+
+
--- a/2-生产环境4.0/负载均衡服务器/高负载均衡/crontab.sh
+++ b/2-生产环境4.0/负载均衡服务器/高负载均衡/crontab.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+
+nginx
+
+boge14@Level5
+
+
+*/15 * * * * /etc/keepalived/check-lb-ip.sh
--- a/2-生产环境4.0/负载均衡服务器/高负载均衡/keepalived-1.conf
+++ b/2-生产环境4.0/负载均衡服务器/高负载均衡/keepalived-1.conf
@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id web-1  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_nginx {
+    script "/etc/keepalived/nginx_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state MASTER  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens192: ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 192.168.148.141 ## 本机ip地址
+    priority 200  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass super-cyy
+    }
+    track_script {
+        chk_nginx
+    }
+    virtual_ipaddress {
+        192.168.148.131  ## 虚拟ip
+    }
+}
--- a/2-生产环境4.0/负载均衡服务器/高负载均衡/keepalived-2.conf
+++ b/2-生产环境4.0/负载均衡服务器/高负载均衡/keepalived-2.conf
@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id web-2  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_nginx {
+    script "/etc/keepalived/nginx_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_2 {
+    state BACKUP  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens192 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 192.168.148.142 ## 本机ip地址
+    priority 100  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass super-cyy
+    }
+    track_script {
+        chk_nginx
+    }
+    virtual_ipaddress {
+        192.168.148.131  ## 虚拟ip
+    }
+}
--- a/2-生产环境4.0/负载均衡服务器/高负载均衡/nginx_check.sh
+++ b/2-生产环境4.0/负载均衡服务器/高负载均衡/nginx_check.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+
+log_file=/etc/keepalived/report.log
+COUNT=$(systemctl status nginx | grep -c "active (running)")
+
+
+if [ "$COUNT" -eq 0 ];then
+
+    echo "[ERROR] moniter nginx failure ! $(date) " >> ${log_file}
+    systemctl restart nginx
+
+    sleep 2
+    if [ $(systemctl status nginx | grep -c "active (running)") -eq 0 ];then
+        echo "[ERROR] restart nginx failed ! $(date) " >> ${log_file}
+        killall keepalived
+    fi
+fi