我的comsince技术小站

即时聊天系统在Centos上单机部署实践

2020/04/13 IM

本文主要说明飞享centos单机上的部署流程,如果大家购买相关mysql服务,可以选择部署相关服务

MySQL安装

NOTE: 不同版本的Centos安装可能存在差异,安装过程中注意错误提示

密码策略

当然如果不需要密码策略,可以禁用: 在/etc/my.cnf文件添加

validate_password = off
重启生效
systemctl restart mysqld

对象存储

私有化对象存储可以采用minio

本地化安装

wget http://dl.minio.org.cn/server/minio/release/linux-amd64/minio
chmod +x minio
## 前台启动
./minio server data/
## 后台启动
nohup ./minio server miniodata/ >/data/minio.log 2>&1 &
## 修改参数启动
MINIO_ACCESS_KEY=test MINIO_SECRET_KEY=test nohup ./minio  server  miniodata/  > /opt/minio/minio.log 2>&1 &
## 启动https 注意accesskey 和secretkey 保持不变
MINIO_ACCESS_KEY=test MINIO_SECRET_KEY=test nohup ./minio  server --address ":443" /data/miniodata/  > /data/minio.log 2>&1 &

NOTE: 更多高级配置,参见MinIO Server config.json (v18) 指南

聊天作为对象存储服务

MinIO 默认的策略是分享地址的有效时间最多是7天,要突破这种限制,可以在 bucket 中进行策略设置。点击对应的 bucket ,edit policy 添加策略 . NOTE: 另外上传的文件必须带文件后缀,不然无法下载

管理后台操作

  • 创建不同的bucket用于存储不同的文件类型,如下

    public static String MINIO_BUCKET_GENERAL_NAME = "minio-bucket-general-name";
    public static String MINIO_BUCKET_GENERAL_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_GENERAL_NAME;
    public static String MINIO_BUCKET_IMAGE_NAME = "minio-bucket-image-name";
    public static String MINIO_BUCKET_IMAGE_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_IMAGE_NAME;
    public static String MINIO_BUCKET_VOICE_NAME = "minio-bucket-voice-name";
    public static String MINIO_BUCKET_VOICE_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_VOICE_NAME;
    public static String MINIO_BUCKET_VIDEO_NAME = "minio-bucket-video-name";
    public static String MINIO_BUCKET_VIDEO_DOMAIN =  MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_VIDEO_NAME;
    public static String MINIO_BUCKET_FILE_NAME = "minio-bucket-file-name";
    public static String MINIO_BUCKET_FILE_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_FILE_NAME;
    public static String MINIO_BUCKET_PORTRAIT_NAME = "minio-bucket-portrait-name";
    public static String MINIO_BUCKET_PORTRAIT_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_PORTRAIT_NAME;
    public static String MINIO_BUCKET_FAVORITE_NAME = "minio-bucket-favorite-name";
    public static String MINIO_BUCKET_FAVORITE_DOMAIN = MINIO_UPLOAD_ENDPOINT+"/"+MINIO_BUCKET_FAVORITE_NAME;

参考资料

系统软件安装

  • 安装nc
yum install nc

NOTE: 我们提供一个安装目录,如下,里面包含jdkzookeeper,以及应该安装包,一级目录如下:

├── boot
├── jdk
└── zookeeper-3.4.6

Java环境配置

  • 编辑~/.bash_profile
export JAVA_HOME=/data/jdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
  • 执行以下命令生效配置
source ~/.bash_profile
  • 检查是否安装成功
[root@VM_0_2_centos data]# java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

Zookeeper安装与启动

  • zookeeper已经打包在整个安装配置文件中,只需要启动zookeeper就行
[root@VM_0_2_centos data]# ./zookeeper-3.4.6/bin/zkServer.sh start
JMX enabled by default
Using config: /data/zookeeper-3.4.6/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED

执行jps,查看zookeeper进程

[root@VM_0_2_centos data]# jps
25462 Jps
25211 QuorumPeerMain

项目部署结构说明

NOTE: 以下为boot目录下的文件结构,主要说明两个服务的目录结构,以及如何启动服务

项目结构目录概览

├── download #android Apk
│   ├── chat-debug-0.7.2.apk
│   ├── chat-debug.0.7.3.apk
│   ├── chat-debug.0.7.4.apk
│   ├── chat-debug.0.7.5.apk
│   └── chat-debug.apk
├── push-connector # 信令消息服务器目录,支持TCP,WSS链接
│   ├── jvm.ini #jvm参数配置
│   ├── lib
│   │   └── spring-boot-dubbo-push-connector-1.0.0-SNAPSHOT.jar
│   ├── logs # 日志
│   └── push-connector # 启动脚本
└── push-group # 业务相关逻辑服务,包括http登录接口
    ├── jvm.ini #jvm参数配置
    ├── lib
    │   └── spring-boot-web-push-group-1.0.0-SNAPSHOT.jar
    ├── logs # 日志
    └── push-group # 启动脚本

项目配置

NOTE: 以下证书配置都是基于我申请的域名得到的证书,如果本地部署可能导入证书错误,无法访问,实际编译的时候去掉相关配置

push-group证书配置

暂时去掉,在application.properties

## https 证书,本地测试请注销这些配置
#server.ssl.key-store: classpath:2436378_github.comsince.cn.pfx
#server.ssl.key-store-password: effjgv2y
#server.ssl.keyStoreType: PKCS12

push-connector

# wss ssl 配置,本地测试可以删除
#push.ssl.keystore=classpath:github.comsince.cn.jks
#push.ssl.truststore=classpath:trustkeystore.jks
#push.ssl.password=123456

NOTE:

certbot证书配置

unbutu 安装

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

生成证书

生成证书可以使用nginx 自动绑定生成的方式,这里采用standalone方式,这个是后需要将你要生成证书的域名设置DNS解析

certbot certonly --standalone -d media.comsince.cn --staple-ocsp -m ljlong_2008@126.com --agree-tos

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for media.comsince.cn
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/media.comsince.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/media.comsince.cn/privkey.pem
   Your cert will expire on 2020-09-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

证书续期问题

$certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/chat.comsince.cn.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

OCSP check failed for /etc/letsencrypt/archive/chat.comsince.cn/cert1.pem (are we offline?)
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for chat.comsince.cn
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/chat.comsince.cn/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/chat.comsince.cn/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • 服务端证书更新 当刷新了证书,服务端Jks也需要更新,使用KeyManager,使用格式转换工具,导入fullchain.pem,private.key即可

image

  • keytool 显示jks详细信息
keytool -list -keystore comsince.cn.jks 
输入密钥库口令:  

密钥库类型: JKS
密钥库提供方: SUN

您的密钥库包含 1 个条目

1, 2020-7-31, PrivateKeyEntry, 
证书指纹 (SHA1): 02:72:5F:EB:86:D7:42:2B:58:5B:D9:F3:05:F3:E5:17:45:15:D6:A5

NOTE: 可以看到别名alias 为1

  • 生成truststore.jks
keytool -import -alias certificatekey -file {公钥证书}  -keystore comsince.cn.trustkeystore.jks

申请泛域名证书

参考资料

mysql链接配置

NOTE:push-group的resource目录的c3p0-config.xml中配置

zookeeper,mysql host配置

由于代码中使用了zookeeper,mysql相关的host,你可以在你启动的机器中配置相关host.修改/etc/hosts

your centos ip zookeeper
127.0.0.1 mysql

项目编译

进行universe-push工程目录下,执行如下命令打包
mvn clean package -Dmaven.test.skip=true
  • 成功如下提示
[INFO] 
[INFO] comsince ........................................... SUCCESS [  0.736 s]
[INFO] tio-core ........................................... SUCCESS [  9.127 s]
[INFO] push-stub .......................................... SUCCESS [  2.071 s]
[INFO] push-common ........................................ SUCCESS [  1.060 s]
[INFO] push-sdk ........................................... SUCCESS [  0.001 s]
[INFO] push-aio-sdk ....................................... SUCCESS [  0.231 s]
[INFO] push-nio-sdk ....................................... SUCCESS [  2.049 s]
[INFO] sofa-bolt-sdk ...................................... SUCCESS [  0.707 s]
[INFO] spring-boot-dubbo-push-connector ................... SUCCESS [  4.394 s]
[INFO] spring-boot-dubbo-push-subscribe ................... SUCCESS [  0.248 s]
[INFO] spring-boot-web-push-api ........................... SUCCESS [  1.149 s]
[INFO] spring-boot-web-push-group ......................... SUCCESS [  9.126 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32.301 s
[INFO] Finished at: 2020-04-13T16:33:58+08:00
[INFO] Final Memory: 85M/814M
[INFO] ------------------------------------------------------------------------

更新项目jar包

NOTE:push-connector为例上传远程服务上,以更新服务

scp spring-boot-dubbo-push-connector/target/spring-boot-dubbo-push-connector.jar root@aliyun:/data/boot/push-connector/lib

项目启动

启动push-group

./push-connector start

启动push-connector

./push-group start

云服务网络配置

NOTE: 如果使用了腾讯云与阿里云,请开启相关的入端口8081844367899326

安装包下载

NOTE: 由于安装包大,所以请在百度云盘下载,提取码6xft

演示登录

输入任意手机号,输入超级验证码66666登录即可

Search

    Post Directory