服务器设置

[可选] 设置系统 Swap 交换分区

因为 vps 服务器的运行内存很小,所以这里先设置下 Swap

# 1GB RAM with 2GB Swap
sudo fallocate -l 2G /swapfile && \
sudo dd if=/dev/zero of=/swapfile bs=1024 count=2097152 && \
sudo chmod 600 /swapfile && \
sudo mkswap /swapfile && \
sudo swapon /swapfile && \
echo "/swapfile swap swap defaults 0 0" | sudo tee -a /etc/fstab && \
sudo swapon --show && \
sudo free -h

安装并生成证书

curl https://get.acme.sh | sh -s email=czj.june@gmail.com

.acme.sh/acme.sh --issue --server letsencrypt --dns dns_aws -d chensoul.com -d '*.chensoul.com'

.acme.sh/acme.sh --installcert -d chensoul.com -d *.chensoul.com  --cert-file /usr/local/nginx/ssl/chensoul.com.cer --key-file /usr/local/nginx/ssl/chensoul.com.key --fullchain-file /usr/local/nginx/ssl/fullchain.cer --ca-file /usr/local/nginx/ssl/ca.cer   --reloadcmd "sudo nginx -s reload"

Docker 安装和配置

Docker 安装

具体过程可以参考网上文章。

自定义网络

参考 Best Practice: Use a Docker network ,创建一个自定义的网络:

docker network create custom

查看 docker 网络:

[root@vps ~]# docker network ls
NETWORK ID     NAME            DRIVER    SCOPE
68f4aeaa57bd   bridge          bridge    local
6a96b9d8617e   custom          bridge    local
4a8679e35f4d   host            host      local
ba21bef23b04   none            null      local

注意:bridge、host、none 是内部预先创建的网络。

然后,在其他服务的 docker-compose.yml 文件添加:

networks:
  default:
    external: true
    name: custom

例如:

version: "3"

services:
  pgsql:
    image: postgres:13
    restart: always
    ports:
      - 5433:5432
    environment:
      - POSTGRES_USER=chenzj
      - POSTGRES_PASSWORD=chenzj@vps2021
    volumes:
      - /data/postgres:/var/lib/postgresql/data

networks:
  default:
    external: true
    name: custom

服务部署

Postgresql

1、参考 PostgreSql安装和部署 ,通过 docker-compose 安装,创建 postgresql.yaml:

version: "3"

services:
  pgsql:
    image: postgres:13-alpine
    container_name: pgsql
    restart: always
    ports:
      - 5432:5432
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=admin@pg!
    networks:
      - custom
    volumes:
      - /data/postgres:/var/lib/postgresql/data

networks:
  custom:
    external: true

2、启动

docker-compose -f postgresql.yaml up -d

Rsshub

直接通过 Docker 安装运行:

docker run -d --name rsshub -p 1200:1200 diygod/rsshub

配置 nginx :

server {
    listen 80;
    listen [::]:80;
    server_name rsshub.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     rsshub.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:1200;
    }
}

Uptime Kuma

参考 kuma,使用 docker compose 部署,创建 uptime.yaml:

version: '3.3'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    volumes:
      - ~/.uptime-kuma:/app/data
    ports:
      - 3001:3001  # <Host Port>:<Container Port>
    restart: always

启动:

docker-compose -f uptime.yaml up -d

配置 nginx :

server {
    listen 80;
    listen [::]:80;
    server_name uptime.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     uptime.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:3001;
	    proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;

        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }
}

升级

docker compose -f uptime.yaml down 
docker pull louislam/uptime-kuma:1
docker-compose -f uptime.yaml up -d

Umami

参考 umami docker-compose.yml ,使用 docker 镜像 umami:postgresql-latest 来安装 umami。

1、在 pqsql 容器创建 umami 数据库和用户:

docker exec -it pgsql psql -U postgres -c "CREATE USER umami WITH PASSWORD 'umami@pg';"
docker exec -it pgsql psql -U postgres -c "CREATE DATABASE umami owner=umami;"
docker exec -it pgsql psql -U postgres -c "GRANT ALL privileges ON DATABASE umami TO umami;"

然后,初始化数 umami 数据。先进入容器:

docker exec -it pgsql bash

进入 umami 数据库:

psql -U umami -d umami
umami=>

执行 schema.postgresql.sql 文件内容。

2、通过 docker-compose 安装,创建 umami.yaml:

version: '3'
services:
  umami:
    image: ghcr.io/umami-software/umami:postgresql-latest
    container_name: umami
    ports:
      - "3000:3000"
    environment:
      DATABASE_URL: postgresql://umami:umami@pg@pgsql:5432/umami
      DATABASE_TYPE: postgresql
      HASH_SALT: vps@2023
    networks:
      - custom
    restart: always

networks:
  custom:
    external: true

启动:

docker-compose -f umami.yaml up -d

3、设置自定义域名

umami.chensoul.com

4、配置 nginx

server {
    listen 80;
    listen [::]:80;
    server_name umami.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     umami.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

5、添加网站

访问 https://umami.chensoul.com/,默认用户名和密码为 admin/umami。登陆之后,修改密码,并添加网站。

6、升级

docker compose -f umami.yaml down 
docker pull ghcr.io/umami-software/umami:postgresql-latest
docker-compose -f umami.yaml up -d

Cusdis

VPS IP 可能被墙,所以可以使用三方云服务部署,具体参考轻量级开源免费博客评论系统解决方案 (Cusdis + Railway)

1、在 pqsql 容器创建 cusdis 数据库和用户:

docker exec -it pgsql psql -U postgres -c "CREATE USER cusdis WITH PASSWORD 'cusdis@pg';"
docker exec -it pgsql psql -U postgres -c "CREATE DATABASE cusdis owner=cusdis;"
docker exec -it pgsql psql -U postgres -c "GRANT ALL privileges ON DATABASE cusdis TO cusdis;"

2、通过 docker-compose 安装,创建 cusdis.yaml:

version: '3'
services:
  cusdis:
    image: djyde/cusdis:latest
    container_name: cusdis
    ports:
      - "3010:3000"
    environment:
      - USERNAME=admin
      - PASSWORD=cusdis
      - JWT_SECRET=vps@2023
      - NEXTAUTH_URL=https://cusdis.chensoul.com
      - HOST=https://cusdis.chensoul.com
      - DB_TYPE=pgsql
      - DB_URL=postgresql://cusdis:cusdis@pg@pgsql:5432/cusdis
    networks:
      - custom
    restart: always

networks:
  custom:
    external: true

以下配置为 EMAIL 配置可选,下面是使用 Gmail 进行配置,需要首先开启两阶段验证并创建一个应用密码:

SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_SECURE=true
SMTP_USER=your gmail email
SMTP_PASSWORD=<app password>
SMTP_SENDER=your gmail email

3、启动

docker-compose -f cusdis.yaml up -d

4、配置 nginx

server {
    listen 80;
    listen [::]:80;
    server_name cusdis.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     cusdis.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:3010;
	    proxy_pass_header Authorization;
	    proxy_pass_header WWW-Authenticate;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	if ($uri = '/js/iframe.umd.js') {
        	add_header 'Access-Control-Allow-Origin' '*';
        	#add_header 'Access-Control-Allow-Origin' 'http://localhost:1313';
    	}
    }
}

5、部署一个 Telegram 机器人,参考 Official Telegram bot

6、升级

docker compose -f cusdis.yaml down 
docker pull djyde/cusdis:latest
docker-compose -f cusdis.yaml up -d

memos

通过 docker-compose 安装,创建 memos.yaml:

version: "3.0"
services:
  memos:
    image: neosmemo/memos:latest
    container_name: memos
    volumes:
      - ~/.memos/:/var/opt/memos
    ports:
      - 5230:5230

启动

docker-compose -f memos.yaml up -d

配置 nginx

server {
    listen 80;
    listen [::]:80;
    server_name memos.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     memos.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:5230;
    }
}

升级

docker compose -f memos.yaml down 
docker pull neosmemo/memos:latest
docker-compose -f memos.yaml up -d

n8n

1、在 pqsql 容器创建 n8n 数据库和用户:

docker exec -it pgsql psql -U postgres -c "CREATE USER n8n WITH PASSWORD 'n8n@pg';"

docker exec -it pgsql psql -U postgres -c "CREATE DATABASE n8n owner=n8n;"

docker exec -it pgsql psql -U postgres -c "GRANT ALL privileges ON DATABASE n8n TO n8n;" ;

2、通过 docker 安装:

docker run -d  \
 --name n8n \
 --network=custom \
 -p 5678:5678 \
 -e DB_TYPE=postgresdb \
 -e DB_POSTGRESDB_DATABASE=n8n \
 -e DB_POSTGRESDB_HOST=pgsql \
 -e DB_POSTGRESDB_PORT=5432 \
 -e DB_POSTGRESDB_USER=n8n \
 -e DB_POSTGRESDB_PASSWORD=n8n@pg \
 -e GENERIC_TIMEZONE="Asia/Shanghai" \
 -e WEBHOOK_URL=https://n8n.chensoul.com/ \
 -v ~/.n8n:/home/node/.n8n \
 docker.n8n.io/n8nio/n8n \
 n8n start

通过 docker-compose 安装,创建 n8n.yaml:

version: '3.8'

services:
  n8n:
    image: n8nio/n8n
    container_name: n8n
    restart: always
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=pgsql
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=n8n@pg
      - TZ="Asia/Shanghai"
      - GENERIC_TIMEZONE="Asia/Shanghai"
      - WEBHOOK_URL=https://n8n.chensoul.com/
    ports:
      - 5678:5678
    volumes:
      - ~/.n8n:/home/node/.n8n
    networks:
      - custom

networks:
  custom:
    external: true

3、启动

docker-compose -f n8n.yaml up -d

4、设置 nginx 转发

server {
    listen 80;
    listen [::]:80;
    server_name n8n.chensoul.com;

    return 301 https://$host$request_uri;
}

server {
    listen          443 ssl;
    server_name     n8n.chensoul.com;

    ssl_certificate      /usr/local/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /usr/local/nginx/ssl/chensoul.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://127.0.0.1:5678;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
				access_log /var/log/nginx/n8n.log combined buffer=128k flush=5s;

				proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "Upgrade";
    }
}

这里面的转发配置不对的话,会导致直接访问 5678 端口正常,但是访问 nginx 的话,workflow 会一直处于执行。

5、添加 workflow

参考这篇文章 http://stiles.cc/archives/237/ ,目前我配置了以下 workflows,实现了 github、douban、rss、memos 同步到 Telegram。

my-n8n-workflows

workflows 参考:

6、升级

docker compose -f n8n.yaml down 
docker pull n8nio/n8n
docker-compose -f n8n.yaml up -d

7、备份

: ${EXPORT_DIR="workflow-$(date +%Y%m%d)"}
rm -rf $EXPORT_DIR/*

docker exec -u node -it n8n n8n export:workflow --backup --output=./$EXPORT_DIR/
docker cp n8n:/home/node/$EXPORT_DIR .

#docker exec -u node -it n8n n8n export:credentials --all --output=./credentials.json
#docker cp n8n:/home/node/credentials.json .

cd $EXPORT_DIR
for file in *; do
    filename=$(cat "$file" | jq -r '.name')  # 使用-r选项以纯文本形式输出字段值
    echo "$filename"
    mv "$file" "$filename".json
done