Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Cloud Server Environment Setup and Network Port Management

Tech 1

Containerization with Docker

To manage applications efficiently, Docker is used as the primary runtime environment. Ensure system compatibility before proceeding with the installation.

Installation via Package Manager

Update the local package index and install the necessary dependencies to allow yum to use a repository over HTTPS:

sudo yum install -y yum-utils

Add the stable Docker repository to your system:

sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Install the Docker Engine, CLI, and containerd:

sudo yum install docker-ce docker-ce-cli containerd.io

Post-Installation Configuration

Enible and start the Docker service:

sudo systemctl start docker
sudo systemctl enable docker

To accelerate image downloads, configure a registry mirror by editing the daemon configuration file:

sudo vi /etc/docker/daemon.json

Insert the following configuration:

{
  "registry-mirrors": ["https://ckib1ecu.mirror.aliyuncs.com"]
}

Reload the daemon and restart the service to apply changes:

sudo systemctl daemon-reload
sudo systemctl restart docker

Management Commands

  • Verify installation: docker --version
  • Check running containers: docker ps
  • Start a specific container: docker start <container_id_or_name>

Redis Deployment

Deploying Redis through Docker simplifies dependency management and enviroment isolation.

  1. Deploy Container: Execute the following command to run a password-protected Redis instance mapping port 6304 on the host to 6379 in the container:

    docker run --name kv-store -p 6304:6379 -d redis:latest --requirepass YourSecurePassword

  2. Accessing the Service: Connect to the Redis isntance using the internal CLI:

    docker exec -it kv-store redis-cli

    Authenticate inside the CLI:

    127.0.0.1:6379> auth YourSecurePassword

Nginx Source Compilation

Compiling Nginx from source allows for custom module selection and optimized performance.

Dependency Installation

Install the compiler toolchain and required libraries (PCRE for rewrites, Zlib for compression, and OpenSSL for TLS):

sudo yum install -y gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel

Compilation Steps

  1. Download and Extract:

    wget https://nginx.org/download/nginx-1.19.8.tar.gz
tar -zxvf nginx-1.19.8.tar.gz
cd nginx-1.19.8

  2. Configuration: Define the installation prefix and enable the SSL module:

    ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module

  3. Build and Install:

    make
sudo make install

SSL Configuration Example

Edit the nginx.conf file to set up HTTPS proxying:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

If you encounter a 403 Forbidden error, ensure the user directive in nginx.conf is set to a user with sufficient permissions (e.g., user root;).

Nacos Service Discovery Setup

Run Nacos in standalone mode with persistent storage for logs and configuration.

  1. Initialize Directory Structure: Extract default configurations from a temporary container to host directories to ensure persistence:

    docker run --name nacos-temp -d nacos/nacos-server
docker cp nacos-temp:/home/nacos/logs /root/nacos/logs
docker cp nacos-temp:/home/nacos/conf /root/nacos/conf
docker rm -f nacos-temp

  2. Run with Volume Mapping: Map ports 8848 (HTTP) and 9848/9849 (gRPC) while specifying resource limits:

    docker run -d --name service-nacos \
-p 8848:8848 -p 9848:9848 -p 9849:9849 \
--privileged=true \
-e JVM_XMS=256m -e JVM_XMX=256m \
-e MODE=standalone \
-v /root/nacos/logs:/home/nacos/logs \
-v /root/nacos/conf:/home/nacos/conf \
--restart=always nacos/nacos-server

Firewall and Port Management

Security requires managing ports at both the operating system level and the cloud provider security group level.

Firewalld Operations

  • Start and Enable Service:

    systemctl start firewalld
systemctl enable firewalld

  • Check Open Ports:

    firewall-cmd --zone=public --list-ports

  • Authorize Port Access: Open a specific port (e.g., 8848) permanently:

    firewall-cmd --zone=public --add-port=8848/tcp --permanent
firewall-cmd --reload

  • Revoke Port Access:

    firewall-cmd --zone=public --remove-port=8848/tcp --permanent
firewall-cmd --reload

  • Verify Status: Check if a specific port is actively allowed:

    firewall-cmd --zone=public --query-port=8848/tcp
Tags: dockernginxRedis
Back to List

Prev: Control Flow Structures in C: Branching and Iteration

Next: Counting Coprime Pairs Using Möbius Inversion

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top