1、安装docker
#检查之前有没有安装过旧版本docker
yum list installed | grep docker
#如果有旧版本就卸载
yum -y remove 包名
#安装yum管理工具
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加docker的yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#安装docker-ce
yum install docker-ce -y
#启动docker服务,加入开机自启,查看版本
systemctl start docker
systemctl enable docker
docker version
2、安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/"指定版本"/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
3、安装archery
docker pull registry.cn-hangzhou.aliyuncs.com/lihuanhuan/archery
4、下载Archery包
#安装git
yum -y install git
#下载Archery
git clone https://github.com/hhyo/Archery.git
5、修改配置
docker-compose.yml文件内的services可按照本身的运行环境来调整,同时注意检查版本号是否正确,比如说外部已经装好了mysql、redis、inception,就可以将对应的services删除, 但是需要注意修改settings.py文件的相关配置 根据网站中的说明,修改mysql,redis,inception 的配置,也可以不修改,直接运行配置,会自动运行对应的镜像
5.1、修改docker-compose.yml
version: '3'
services:
redis:
image: redis:5
container_name: redis
restart: always
command: redis-server --requirepass 123456 #密码
expose:
- "6379" #端口
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
- "./mysql/my.cnf:/etc/mysql/my.cnf"
- "./mysql/datadir:/var/lib/mysql"
environment:
MYSQL_DATABASE: archery
MYSQL_ROOT_PASSWORD: 123456 #root密码
inception:
image: hhyo/inception
container_name: inception
restart: always
expose:
- "6669"
volumes:
- "./inception/inc.cnf:/etc/inc.cnf"
goinception:
image: hanchuanchuan/goinception
container_name: goinception
restart: always
ports:
- "4000:4000"
volumes:
- "./inception/config.toml:/etc/config.toml"
archery:
image: hhyo/archery:v1.8.2
container_name: archery
restart: always
ports:
- "9123:9123" #端口
volumes:
- "./archery/settings.py:/opt/archery/archery/settings.py"
- "./archery/soar.yaml:/etc/soar.yaml"
- "./archery/docs.md:/opt/archery/docs/docs.md"
- "./archery/downloads:/opt/archery/downloads"
- "./archery/sql/migrations:/opt/archery/sql/migrations"
- "./archery/logs:/opt/archery/logs"
entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s /opt/archery/src/docker/startup.sh" #若是本地需要修改ip
environment:
NGINX_PORT: 9123
5.2、 修改archery/settings.py
# 该项目本身的mysql数据库地址
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'archery', #数据库
'USER': 'root', #用户
'PASSWORD': 'P@ssw0rd_njxg', #密码
'HOST': 'mysql', #数据库ip
'PORT': '3306', #端口
'OPTIONS': {
'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
'charset': 'utf8mb4'
},
'TEST': {
'NAME': 'test_archery',
'CHARSET': 'utf8mb4',
},
}
}
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://redis:6379/0", #redis地址
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": "123456" #redis密码
}
},
"dingding": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://redis:6379/1", #redis地址
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": "123456" #redis密码
}
}
}
6、启动
docker-compose -f docker-compose.yml up -d
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8abc468500bd mysql:5.7 "docker-entrypoint.s…" 2 hours ago Up 2 hours 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
b9ffa8710c65 hanchuanchuan/goinception "/usr/local/bin/dumb…" 2 hours ago Up 2 hours 4000/tcp goinception
5ebbaa722433 redis:5 "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp redis
718e83ed00e6 hhyo/archery:1.7.12 "dockerize -wait tcp…" 2 hours ago Up 2 hours 0.0.0.0:9123->9123/tcp archery
c77fb994581b hhyo/inception "/bin/sh -c 'nohup /…" 2 hours ago Up 2 hours 6669/tcp inception
7、表结构和数据初始化
docker exec -ti archery /bin/bash
source /opt/venv4archery/bin/activate
#表结构初始化
python3 manage.py makemigrations sql
python3 manage.py migrate
#数据初始化
python3 manage.py dbshell<sql/fixtures/auth_group.sql
python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql
8、重启容器(在容器外执行)
docker restart archery
9、日志和问题排查
#路径logs/archery.log
docker logs archery -f --tail=50
10、访问
11、修改archery端口
11.1、修改docker-compose.yml
#修改配置文件
archery:
image: hhyo/archery:v1.8.2
container_name: archery
restart: always
ports:
- "9123:9123" #端口
volumes:
- "./archery/settings.py:/opt/archery/archery/settings.py"
- "./archery/soar.yaml:/etc/soar.yaml"
- "./archery/docs.md:/opt/archery/docs/docs.md"
- "./archery/downloads:/opt/archery/downloads"
- "./archery/sql/migrations:/opt/archery/sql/migrations"
- "./archery/logs:/opt/archery/logs"
entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s /opt/archery/src/docker/startup.sh" #若是本地需要修改ip
environment:
NGINX_PORT: 9123
#执行命令
docker-compose -f docker-compose.yml up -d
11.2、进入archery容器修改nginx配置文件
docker exec -ti archery /bin/bash
#配置文件位置
/etc/nginx/nginx.conf
/opt/archery/src/docker/nginx.conf
server{
listen 9123; # 监听的端口(改为你需要的端口)
server_name archery;
client_max_body_size 20M; # 处理Request Entity Too Large
proxy_read_timeout 600s; # 超时时间与Gunicorn超时时间设置一致,主要用于在线查询
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host:9123; # 解决重定向404的问题,和listen端口保持一致,如果是docker则和宿主机映射端口保持一致
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
11.3修改容器端口
#查看容器CONTAINER ID
docker ps
#停止容器
docker stop CONTAINER ID
#停止docker服务
systemctl stop docker
#修改配置文件,端口全部修改掉
cd /var/lib/docker/containers/CONTAINER ID*
vi hostconfig.json
vi config.v2.json
#退出容器,重启
systemctl start docker
docker start CONTAINER ID
12、 redis并以配置文件方式启动
12.1、创建文件夹,从网上拉取conf配置文件放入文件夹内
redis 6.0.6 下载 -- Redis中国用户组(CRUG)(redis官网)
# 注释符号 #
# 1. 注释 bind 127.0.0.1
# 2. protected-mode yes 修改成 protected-mode no
# 3. 添加 requirepass yourpassword (注:不添加则可以无密码访问)
# 注:步骤1和步骤的2目的是为了远程连接redis,如果只需本地访问就无需修改。
# bind 127.0.0.1
protected-mode no
12.2、启动
docker run -p 6379:6379 --name redis -v /var/lib/redis.conf:/etc/redis/redis.conf -v /var/lib/data:/data -d redis redis-server /etc/redis/redis.conf --appendonly yes
配置解释:
-p 6379:6379: 第一个端口是宿主机端口(服务器端口),第二个端口是容器端口(容器是一个个沙箱外部不不能访问的),将容器的6379端口映射到宿主机的6379端口上,这样可以通过访问宿主机6379来访问redis;
–name iredis: 容器的名字 iredis 方便以后操作容器(docker start iredis ;docker stop iredis 等等);
-v /home/docker/redis/config/redis.conf:/etc/redis/redis.conf: 挂载持久化配置 /home/docker/redis/config/redis.conf :是宿主机(服务器)你自己的redis.conf文件路径 /etc/redis/redis.conf : 容器内部的redis.conf文件路径,不用手动创建,容器启动时会把上边宿主机的redis.conf自动映射到改目录下. 这样在修改redis.conf文件时候就不用进入到容器内部去修改了
-v /home/docker/redis/data:/data: 挂载持久化文件 /home/docker/redis/data是宿主机中持久化文件的位置,/data是容器中持久化文件的位置
-d : 后台启动