[Series] One by one, step by step deploy .net core applications

Our goal:

CentOS system
nginx server
asp.net core applications
mysql server
Tencent cloud server
Tools to prepare
[Xshell] - Tools Xshell in use windwos, the principle is to use SHH agreement allows us to connect to other computers, similar to the windows remote desktop connection, but now Tencent cloud for remote host ---------- --【Excuting an order】
[] WinSCP - when we write the asp.net core sites, publishing documents, you need to go on CentOS copy, then use WinSCP, when configured ip, again on the CentOS connect to another system, you can achieve two share computer files, copy files ---------- [copy]
[.Net core SDK] -. Net core development of web or webapp to run on CentOS, you need the environment, .net core network Quguan see, there are various versions of the download under linux installation -------- --- [] ------ CentOS install .net core

[Nginx] - it is a reverse proxy http server can forward

【installation】

curl -o nginx.rpm
http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh nginx.rpm
yum install nginx #安装

[Configuration]

In the / etc / nginx in
CD / etc / nginx
Vim nginx.conf

Content:
the User nginx;
worker_processes 1;

  error_log  /var/log/nginx/error.log warn;
  pid        /var/run/nginx.pid;

  events {
      worker_connections  1024;
  }

  http {
      include       /etc/nginx/mime.types;
      default_type  application/octet-stream;

      log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

      access_log  /var/log/nginx/access.log  main;

      sendfile        on;
      #tcp_nopush     on;
      client_max_body_size  2000m;  #最大限制为2000M --万一你的web需要上传文件或者图片等大文件

      keepalive_timeout  65;

      #gzip  on;

      include /etc/nginx/conf.d/*.conf;
  }

Note that the last basis include, this is a bit like the C language, meaning that the configuration file is nested, a more detailed configuration to go inside to find /etc/nginx/conf.d/*.conf

cd /etc/nginx/conf.d/
vim default.conf

内容为下：
    server {
        listen       80;
        server_name  118.24.112.238;

        #charset koi8-r;
        #access_log  /var/log/nginx/host.access.log  main;

        location / {
            proxy_pass http://localhost:5009;
            proxy_http_version 1.1;
        proxy_set_header X-real-ip           $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection keep-alive;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        proxy_connect_timeout    600;
        proxy_read_timeout       600;
        proxy_send_timeout       600;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
    server {
        listen       81;
        server_name  118.24.112.238;

        #charset koi8-r;
        #access_log  /var/log/nginx/host.access.log  main;

        location / {
            proxy_pass http://localhost:5000;
            proxy_http_version 1.1;
        proxy_set_header X-real-ip           $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection keep-alive;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

Probably means that listens on port 80, 5009 rpm, 81 monitor port, switch 5000, the follow-up other pending additional knowledge

【重载】

nginx配置文件修改后，请一定不要忘记重载，新手很容易忘，
nginx -s reload

[Daemon]

nginx installation configurations are good, firewall port 80 open, dotnet netcore.dll run, the site open, forward port 80 to 5000, this is indeed released, but unlikely to be executed once each boot dotnet run, but you need to Configuring guard service Supervisor, (guard service - daemon) ====================== what guard service, has been allowed to run our web, own error handling he restarted

【installation】

yum install python-setuptools
easy_install supervisor #安装Supervisor

[Configuration]

Supervisor的默认配置文件supervisord.conf  但是没有使用
自建了一个supervisor目录，

Cmd []: mkdir / etc / supervisor
then outputs the configuration file to the specified directory:
[cmd]: echo_supervisord_conf> /etc/supervisor/supervisord.conf # Supervisor configuration
wherein the end of the file supervisord.conf:
; [the include]
; Files = relative / Directory / .ini
modify ([Note] removed; without spaces)
[the include]
files = the conf.d / .conf
and CD / etc / Supervisor /
mkdir the conf.d
new file:
Vim zyhopsys.conf
Vim zyhopsys -admin.conf
file content was about:
[program: opadmin]
the command = command dotnet ZYH.Operation.Sys.Admin.dll # (note) to run the program
directory = / home / opadmin / # ( Note Note) corresponding storage directory of your project, this place is a lot of beginners mistake! ! !
autorestart = true # quits unexpectedly restart automatically
environment = ASPNETCORE_ENVIRONMENT = Production # process environment variables
stderr_logfile = / var / log / myproject.err.log ; # error log file
stdout_logfile = / var / log / myproject.out.log ; # Output log file
user identity user = root # processes executing
StopSignal = INT
autostart = to true
autorestart is to true =
startsecs. 1 =

[Run] carrying profile

  supervisord -c /etc/supervisor/supervisord.conf
  这里稍微提一句：supervisord的启动顺讯
  supervisord                                   #默认去找$CWD/supervisord.conf，也就是当前目录
  supervisord                                   #默认$CWD/etc/supervisord.conf，也就当前目录下的etc目录
  supervisord                                   #默认去找/etc/supervisord.conf的配置文件
  supervisord -c /home/supervisord.conf         #到指定路径下去找配置文件

  运行后：ps -ef | grep dotnet
  可以查看自己的网站是否已运行,正常如下
  root      1877  1817  0 16:40 pts/1    00:00:00 grep --color=auto dotnet
  root      4971 26752  0 13:57 ?        00:00:07 dotnet ZYH.Operation.Sys.Admin.dll
  root      4972 26752  0 13:57 ?        00:00:05 dotnet ZYH.Operation.Sys.Web.dll

[Reload]

  supervisorctl reload  #重新加载
  每次重新部署 后，可以执行一下上面的命令

Set [boot]

  -建立配置文件
  打开目录 /usr/lib/systemd/system/ 新建文件 supervisord.service
  cd /usr/lib/systemd/system/
  vim supervisord.service
  内容：   
  # dservice for systemd (CentOS 7.0+)
  # by ET-CS (https://github.com/ET-CS)
  [Unit]
  Description=Supervisor daemon

  [Service]
  Type=forking
  ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
  ExecStop=/usr/bin/supervisorctl shutdown
  ExecReload=/usr/bin/supervisorctl reload
  KillMode=process
  Restart=on-failure
  RestartSec=42s

  [Install]
  WantedBy=multi-user.target
  执行命令：
  systemctl enable supervisord 
  systemctl is-enabled supervisord #来验证是否为开机启动

[Firewall]

If you can not access the public network ip: That's because CentOs firewall blocked, we open the port.

firewall-cmd --zone = public --add- port = 80 / tcp --permanent # ( open 80 ports)
systemctl restart firewalld # (reboot the firewall for the configuration with immediate effect)

- I use Tencent cloud host, and not by the above command mysql remote access

firewall-cmd --zone = public --add-port = 3306 / tcp --permanent # (open port 3306)

Finally, use iptables

【installation】

  #先检查是否安装了iptables
  service iptables status
  #安装iptables
  yum install -y iptables
  #升级iptables
  yum update iptables
  #安装iptables-services
  yum install iptables-services

[Stop] firewalld

  #停止firewalld服务
  systemctl stop firewalld
  #禁用firewalld服务
  systemctl mask firewalld

[Iptables configuration]

  vim /etc/sysconfig/iptables
  # sample configuration for iptables service
  # you can edit this manually or use system-config-firewall
  # please do not ask us to add additional ports/services to this default configuration
  *filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  -A INPUT -p icmp -j ACCEPT
  -A INPUT -i lo -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT

  -A INPUT -j REJECT --reject-with icmp-host-prohibited
  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  COMMIT

In summary, until now, we do not involve interaction with the database level, but the .net core publishing environment configuration experience on linux

      CentOS的安装
      远程执行终端Xshell
      远程拷贝文件WinSCP
      .net core 环境的安装
      服务器nginx的安装，配置,转发规则配置等
      守护服务Supervisor的安装，自启动

Nexus, had previously been released, but our dynamic website, there must be a data source, we choose mysql, mysql installation experience, root account login, password,

    # wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
  # rpm -ivh mysql-community-release-el7-5.noarch.rpm
  # yum install mysql-community-server

Permission to open, open port (similar to sqlserver1433 port) CentOS firewall -3306, and reboot the firewall, so that we will be able to remotely access mysql

centOS预装了mariadb(mysql之父为了mysql可能存在闭源风险而搞mysql分支)

安装完以后mariadb自动就被替换了，将不再生效。

 【安装】

    # wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
    # rpm -ivh mysql-community-release-el7-5.noarch.rpm
    # yum install mysql-community-server

 【重启mysql服务】


    # service mysqld restart

 【修改密码】

初次安装mysql，root账户没有密码。

直接 #mysql -u root

# mysql>show databases;

mysql>set password for 'root'@'localhost' =password('设置你的密码');
Query OK, 0 rows affected (0.00 sec)

不需要重启数据库即可生效。

 【配置】

#vim /etc/my.cnf

内容如下：
    # For advice on how to change settings please see
    # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
    [client]
    default-character-set=utf8
    # 加上 免得有中文乱码

    [mysql]

    [mysqld]

    character-set-server = utf8
    # 加上 免得有中文乱码

    innodb_log_file_size=640M

    max_allowed_packet = 64M 
    #加上，当你有大量数据要往数据库中存储就需要这个配置，例如二进制文件

    #
    # Remove leading # and set to the amount of RAM for the most important data
    # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
    # innodb_buffer_pool_size = 128M
    #
    # Remove leading # to turn on a very important data integrity option: logging
    # changes to the binary log between backups.
    # log_bin
    #
    # Remove leading # to set options mainly useful for reporting servers.
    # The server defaults are faster for transactions and fast SELECTs.
    # Adjust sizes as needed, experiment to find the optimal values.
    # join_buffer_size = 128M
    # sort_buffer_size = 2M
    # read_rnd_buffer_size = 2M

    datadir=/var/lib/mysql

    socket=/var/lib/mysql/mysql.sock

    # Disabling symbolic-links is recommended to prevent assorted security risks
    symbolic-links=0

    default-storage-engine=InnoDB
    max_connections=151

    # Recommended in standard MySQL setup
    sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

    [mysqld_safe]

    log-error=/var/log/mysqld.log

    pid-file=/var/run/mysqld/mysqld.pid

【远程连接设置】- 我就想在家，在公司，在任何地方都能进入我自己的数据库操作一下，navicat连一下

    #把在所有数据库的所有表的所有权限赋值给位于所有IP地址的root用户。

    mysql> grant all privileges on *.* to root@'%'identified by 'password';

    #如果是新用户而不是root，则要先新建用户

    mysql>create user 'username'@'%' identified by 'password'; 



【重载】

    配置文件修改后，别忘记重启mysql
    service mysqld restart

References: https: //www.cnblogs.com/zhaopei/p/netcore.html--- sense Xieyuan You farming life code

[Series] One by one, step by step deploy .net core applications

Our goal:

Tools to prepare

Guess you like