![format,png](https://img-blog.csdnimg.cn/img_convert/b6567012c1e2f1a52aae94f3dca7d9bc.webp?x-oss-process=image/format,png)
最终效果
一、参考资料
- TUNA mirrors 主页:tuna/mirror-web: Source code of the web interface of https://mirrors.tuna.tsinghua.edu.cn/ (github.com)
- tunasync:tuna/tunasync: Mirror job management tool. (github.com)
- Fancy Index:Fancy Index | NGINX
- Nginx:nginx: Linux packages
- Njs:njs: log (nginx.org)
二、部署环境
- 系统版本:CentOS Stream 9
三、部署过程
一、基础设置
详情请阅读以下文章
二、部署后端
1.安装GO语言与Rsync
yum install golang rsync -y
2.获取Tunasync
cd
wget https://githubproxy.chentech.asia/https://github.com/tuna/tunasync/releases/download/v0.8.0/tunasync-linux-amd64-bin.tar.gz
tar zxvf tunasync-linux-amd64-bin.tar.gz -C /usr/bin/
3.创建仓库目录
mkdir -p /data/mirrors
4.创建日志目录
mkdir -p /data/logs/tunasync
5.创建Tunasync配置文件目录
mkdir /etc/tunasync
6.创建Manager配置文件
vim /etc/tunasync/manager.conf
debug = false
[server]
addr = "127.0.0.1"
port = 14242
ssl_cert = ""
ssl_key = ""
[files]
db_type = "bolt"
db_file = "/etc/tunasync/manager.db"
ca_cert = ""
7.创建Worker配置文件
vim /etc/tunasync/worker.conf
[global]
name = "worker"
log_dir = "/data/logs/tunasync/{{.Name}}"
mirror_dir = "/data/mirrors"
concurrent = 10
interval = 120
[manager]
api_base = "http://127.0.0.1:14242"
token = ""
ca_cert = ""
[cgroup]
enable = false
base_path = "/sys/fs/cgroup"
group = "tunasync"
[server]
hostname = "localhost"
listen_addr = "127.0.0.1"
listen_port = 6000
ssl_cert = ""
ssl_key = ""
#Centos
[[mirrors]]
name = "centos"
provider = "rsync"
upstream = "rsync://rsync.mirrors.ustc.edu.cn/centos/"
use_ipv6 = false
#Ubuuntu
[[mirrors]]
name = "ubuntu"
provider = "rsync"
upstream = "rsync://archive.ubuntu.com/ubuntu/"
use_ipv6 = false
log_dir:tunasync日志路径
mirror_dir:镜像的路径
concurrent:线程数
interval:同步周期,单位分钟
api_base:manager地址
name:镜像名称
upstream:upstream同步地址
8.通过Systemd进行管理
vim /usr/lib/systemd/system/tunasync-manager.service
[Unit]
Description = TUNA mirrors sync manager
After=network.target
Requires=network.target
[Service]
Type=simple
User=root
ExecStart = /usr/bin/tunasync manager -c /etc/tunasync/manager.conf --with-systemd
[Install]
WantedBy=multi-user.target
vim /usr/lib/systemd/system/tunasync-worker.service
[Unit]
Description = TUNA mirrors sync worker
After=network.target
[Service]
Type=simple
User=root
PermissionsStartOnly=true
#ExecStartPre=/usr/bin/cgcreate -t tunasync -a tunasync -g memory:tunasync
ExecStart=/usr/bin/tunasync worker -c /etc/tunasync/worker.conf --with-systemd
ExecReload=/bin/kill -SIGHUP $MAINPID
#ExecStopPost=/usr/bin/cgdelete memory:tunasync
[Install]
WantedBy=multi-user.target
systemctl enable --now tunasync-worker
systemctl enable --now tunasync-manager
等一会儿执行
tunasynctl list --all
查看是否有同步信息,有则成功部署
![format,png](https://img-blog.csdnimg.cn/img_convert/cecfb541abee02efa4f4d8ba88d70019.webp?x-oss-process=image/format,png)
示例
三、部署前端
1.安装NodeJS与Nginx
安装nodejs、gcc、g++、make
yum install nodejs gcc g++ make -y
安装pcre
cd
wget https://jaist.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz
tar zxvf pcre-8.45.tar.gz
cd pcre-8.45
./configure
make && make install
安装openssl
cd
wget https://www.openssl.org/source/openssl-3.2.1.tar.gz
tar zxvf openssl-3.2.1.tar.gz
cd openssl-3.2.1
./config
make && make install
安装zlib
cd
wget https://zlib.net/zlib-1.3.1.tar.gz
tar zxvf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure
make && make install
通过Epel安装Nginx,编译安装fancy-index和njs模块
yum install epel-release -y && yum update -y
yum install nginx -y
cd
wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar zxvf nginx-1.24.0.tar.gz
cd nginx-1.24.0
wget https://githubproxy.chentech.asia/https://github.com/aperezdc/ngx-fancyindex/releases/download/v0.5.2/ngx-fancyindex-0.5.2.tar.xz
tar xvf ngx-fancyindex-0.5.2.tar.xz
wget https://hg.nginx.org/njs/archive/tip.tar.gz
tar zxvf tip.tar.gz
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-openssl-opt=enable-ktls --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-E' --add-module=./ngx-fancyindex-0.5.2 --add-dynamic-module=./njs-8309b884e265/nginx
make && make install
报错
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
安装libxslt-dev
yum install libxslt-devel -y
报错
./configure: error: the HTTP image filter module requires the GD library.
You can either do not enable the module or install the libraries.
安装
yum install gd-devel -y
启动Nginx
systemctl start nginx
启用开机运行
systemctl enable nginx
上面两步可以合并为
systemctl enable --now nginx
因为本地部署不会被攻击所以本例直接关闭系统自带的防火墙
systemctl disable firewalld && systemctl stop firewalld
浏览器访问服务器IP出现下图网页即正确安装
![format,png](https://img-blog.csdnimg.cn/img_convert/5b23edf56101e6e68b7040f4489be2b0.webp?x-oss-process=image/format,png)
效果
2.安装Ruby并配置Gem国内源
yum install patch autoconf automake bison bzip2 libtool readline-devel ruby-devel sqlite-devel -y
gem sources --add https://mirrors.ustc.edu.cn/rubygems/ --remove https://rubygems.org/
gem sources -l
3.安装bundle和build并配置bundle源
gem install bundle
gem install build
gem install jekyll bundler
bundle config mirror.https://rubygems.org https://mirrors.ustc.edu.cn/rubygems
4.拉取前端源码
cd
git clone https://githubproxy.chentech.asia/https://github.com/tuna/mirror-web.git
5.下载动态数据文件
cd mirror-web
mkdir -p static/status
wget https://mirrors.tuna.tsinghua.edu.cn/static/tunasync.json -O static/tunasync.json
wget https://mirrors.tuna.tsinghua.edu.cn/static/tunet.json -O static/tunet.json
wget https://mirrors.tuna.tsinghua.edu.cn/static/status/isoinfo.json -O static/status/isoinfo.json
6.安装依赖
bundle install
提示
[root@localhost mirror-web]# bundle install
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
忽略即可
7.修改项目文件
通过WinSCP登录服务器以管理文件,也可以用Vim编辑器直接编辑
配置文件:
- _config.yml
- _data/options.yml
网页文件:
- _includes/
- _layouts/
- fancy-index/
8.生成静态网页
生成静态网页到Nginx网站目录下
bundle exec jekyll build --destination /usr/share/nginx/html
再软连接到仓库目录下
ln -s /usr/share/nginx/html/fancy-index /data/mirrors
ln -s /usr/share/nginx/html/help /data/mirrors
ln -s /usr/share/nginx/html/news /data/mirrors
ln -s /usr/share/nginx/html/static /data/mirrors
ln -s /usr/share/nginx/html/status /data/mirrors
ln -s /usr/share/nginx/html/404.html /data/mirrors
ln -s /usr/share/nginx/html/feed.xml /data/mirrors
ln -s /usr/share/nginx/html/index.html /data/mirrors
ln -s /usr/share/nginx/html/legacy_index.html /data/mirrors
ln -s /usr/share/nginx/html/robots.txt /data/mirrors
ln -s /usr/share/nginx/html/sitemap.xml /data/mirrors
9.修改Nginx配置文件
编辑/etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
load_module /usr/lib64/nginx/modules/ngx_http_js_module.so;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location /static/tunasync.json {
proxy_pass http://localhost:14242/jobs;
}
fancyindex_header /fancy-index/before;
fancyindex_footer /fancy-index/after;
fancyindex_exact_size off;
fancyindex_time_format "%Y-%m-%d %H:%M";
fancyindex_name_length 256;
js_path /data/mirrors/static/njs;
js_import fancyIndexRender from /data/mirrors/static/njs/fancy_index.njs;
location /fancy-index {
internal;
root /data/mirrors;
subrequest_output_buffer_size 100k;
location = /fancy-index/before {
js_content fancyIndexRender.fancyIndexBeforeRender;
}
location = /fancy-index/after {
js_content fancyIndexRender.fancyIndexAfterRender;
}
}
location /{
fancyindex on;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /404.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
重启Nginx服务
systemctl restart nginx
刷新浏览器
![format,png](https://img-blog.csdnimg.cn/img_convert/f87eb3c69728f3ff67baa335c2c84338.webp?x-oss-process=image/format,png)
示例
四、配置Web
关闭SElinux,不然通过Systemd进行管理时会报无权限
编辑/etc/selinux/config
vim /etc/selinux/config
#SELINUX=enforcing
SELINUX=disable
重启后继续
reboot
复制/root/mirror-web/geninfo至/etc/tunasync/geninfo
cp -r /root/mirror-web/geninfo /etc/tunasync/geninfo
修改/etc/tunasync/geninfo/genisolist.ini
#root = /data/
root = /data/mirrors/
新建/etc/tunasync/geninfo/genisoinfo.sh
#!/bin/bash
web=/usr/share/nginx/html
disks="/ /data/mirrors"
while true; do
python3 /etc/tunasync/geninfo/genisolist.py 2>/dev/null > $web/static/status/isoinfo.json
echo -n "[" > $web/static/status/disk.json
df -B 1k --output="size,used" $disks | awk '{if (FNR==1) ; else {if (FNR>2) printf ","; printf "{\"total_kb\":%s,\"used_kb\":%s}", $1, $2;}}' >> $web/static/status/disk.json
echo -n "]" >> $web/static/status/disk.json
sleep 15m
done
设置可执行
chmod +x /etc/tunasync/geninfo/genisoinfo.sh
通过Systemd管理
vim /usr/lib/systemd/system/tunasync-geninfo.service
[Unit]
Description = TUNA mirrors genisoinfo
After=network.target
[Service]
Type=simple
User=root
ExecStart=/etc/tunasync/geninfo/genisoinfo.sh
[Install]
WantedBy=multi-user.target
systemctl enable --now tunasync-geninfo
五、其他配置
Web监控图是由Grafana定时生成的,不在本文的讨论范围内