HENGSHI SENSE 第三方软件配置常见问题
Nginx 相关配置
上传文件是否有大小限制?
需要通过前置的反向代理进行限制,比如 nginx:
# nginx 配置文件在衡石的 server 中配置
client_max_body_size 100m;如何设置 http 连接超时时间?
http 连接超时也是在衡石前端的反向代理设置,比如 nginx:
# nginx 配置文件在衡石的 server 中配置
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;如何通过80和443端口进行服务?
HENGSHI SENSE 不能以 root 启动,所以不能绑定小于1024的端口。如需监听80和443端口,建议使用 nginx 做反向代理。 建立配置文件/etc/nginx/conf.d/hengshi.conf,内容如下。
# hengshi proxy
upstream hengshi-proxy {
server <HENGSHI_IP>:<HENGSHI_PORT>;
}
server {
server_name <SERVNAME>;
access_log /var/log/nginx/access.log main;
listen 80;
location / {
proxy_pass http://hengshi_proxy;
}
}
server {
server_name <SERVNAME>
listen 443 ssl http2; # 一定要配置 https 2.0 提升浏览器请求并发数
access_log /var/log/nginx/access.log main;
gzip on; #开启 gzip 压缩,优化页面加载速度
gzip_vary on;
client_max_body_size 200M;
proxy_connect_timeout 900;
proxy_read_timeout 900;
proxy_send_timeout 900;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate <PATH_TO_CER>
ssl_certificate_key <PATH_TO_CER_KEY>
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
# 以下 X-Forwarded-Host 与 X-Forwarded-Proto 设置,对于 SSO 场景是必要的,注意不要遗漏!
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://hengshi-proxy;
}
}其中,变量需要替换成真实值。
- <HENGSHI_IP>: 部署 HENGSHI 的机器 ip。
- <HENGSHI_PORT>: HENGSHI 服务绑定的端口。
- <SERVNAME>: Nginx 用于提供服务的 hostname。
- <PATH_TO_CER>, <PATH_TO_CER_KEY>: 分别是提供 ssl 服务的 cer/key 文件的绝对路径。
离线安装docker与docker-compose
| 类别 | 架构 | 下载地址 |
|---|---|---|
| Linux | docker x86_64 | https://download.hengshi.com/3rd/docker-linux-x64/docker-28.1.1.tgz |
| Linux | docker-compose x86_64 | https://download.hengshi.com/3rd/docker-linux-x64/docker-compose-linux-x86_64_v2.36.2.tar.gz |
| Linux | docker arm64 | https://download.hengshi.com/3rd/docker-linux-aarch64/docker-23.0.6.tgz |
| Linux | docker-compose arm64 | https://download.hengshi.com/3rd/docker-linux-aarch64/docker-compose |
本文示例为x86_64平台,如您是arm64请下载对应的安装包。
1, 将docker与docker-compose的安装包下载到服务器上, 你应该看到如下文件内容
shell
❯ ls
docker-28.1.1.tgz docker-compose-linux-x86_64_v2.36.2.tar.gz2, 安装docker
shell
tar xf docker-28.1.1.tgz # 解压文件
cp docker/* /usr/bin/ # 将可执行文件文件拷贝至系统路径下3, 准备docker.service文件
shell
cat <<EOF > /usr/lib/systemd/system/docker.service/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF4, 启动docker服务
shell
systemctl daemon-reload
systemctl start docker
systemctl enable docker # 加入开机启动
systemctl status docker # 查看服务状态5, 拷贝docker-compose到系统目录下
shell
tar xf docker-compose-linux-x86_64_v2.36.2.tar.gz
cp docker-compose /usr/local/bin/
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose6, 查看docker与docker-compose的版本, 返回如下示例信息则安装成功。
shell
❯ docker -v
Docker version 28.1.1, build 4eba377
❯ docker-compose version
Docker Compose version v2.36.2