Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

synchronization

Browse Source
This commit is contained in:
offends
2025-08-25 17:53:08 +08:00
commit c201eb5ef9
318 changed files with 23092 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Docker/Dockerfile/Aliyun-dns-sync/Dockerfile Normal file
View File

@@ -0,0 +1,15 @@
FROM python:3
RUN pip install aliyun-python-sdk-core -i https://pypi.tuna.tsinghua.edu.cn/simple \
&& sleep 2 \
&& pip install aliyun-python-sdk-alidns -i https://pypi.tuna.tsinghua.edu.cn/simple
RUN touch /var/log/python.log \
&& sed -i s@/deb.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list.d/debian.sources \
&& apt-get update \
&& apt-get -y install cron \
&& echo '*/1 * * * * sh /aliyun-dns-sync/cron.sh' | crontab
COPY ./File/* /aliyun-dns-sync/
CMD [ "bash", "/aliyun-dns-sync/start.sh" ]

141
Docker/Dockerfile/Aliyun-dns-sync/File/aliyun-dns-sync.py Normal file
View File

@@ -0,0 +1,141 @@
#!/usr/bin/env python
#coding=utf-8
# 加载核心SDK
#from aliyunsdkcore import client
#from aliyunsdksts.request.v20150401 import AssumeRoleRequest
#import json
#import oss2
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
# 加载获取 、 新增、 更新、 删除接口
from aliyunsdkalidns.request.v20150109 import DescribeSubDomainRecordsRequest, AddDomainRecordRequest, UpdateDomainRecordRequest, DeleteDomainRecordRequest
# 加载内置模块
import json,urllib
# AccessKey 和 Secret 建议使用 RAM 子账户的 KEY 和 SECRET 增加安全性
ID = ''
SECRET = ''
# 地区节点 可选地区取决于你的阿里云帐号等级普通用户只有四个分别是杭州、上海、深圳、河北具体参考官网API
regionId = 'cn-hangzhou'
# 配置认证信息
client = AcsClient(ID, SECRET, regionId)
# 设置主域名
DomainName = ''
# 子域名列表 列表参数可根据实际需求增加或减少值
SubDomainList = ['@','www']
# 获取外网IP 三个地址返回的ip地址格式各不相同3322 的是最纯净的格式, 备选1为 json格式 备选2 为curl方式获取 两个备选地址都需要对获取值作进一步处理才能使用
def getIp():
# 备选地址: 1. http://pv.sohu.com/cityjson?ie=utf-8 2. curl -L tool.lu/ip
with urllib.request.urlopen('http://www.3322.org/dyndns/getip') as response:
html = response.read()
ip = str(html, encoding='utf-8').replace("\n", "")
return ip
# 查询记录
def getDomainInfo(SubDomain):
request = DescribeSubDomainRecordsRequest.DescribeSubDomainRecordsRequest()
request.set_accept_format('json')
# 设置要查询的记录类型为 A记录 官网支持A / CNAME / MX / AAAA / TXT / NS / SRV / CAA / URL隐性(显性)转发 如果有需要可将该值配置为参数传入
request.set_Type("A")
#request.set_Type("www")
# 指定查记的域名 格式为 'test.binghe.com'
request.set_SubDomain(SubDomain)
response = client.do_action_with_exception(request)
response = str(response, encoding='utf-8')
# 将获取到的记录转换成json对象并返回
return json.loads(response)
# 新增记录 (默认都设置为A记录通过配置set_Type可设置为其他记录)
def addDomainRecord(client,value,rr,domainname):
request = AddDomainRecordRequest.AddDomainRecordRequest()
request.set_accept_format('json')
# request.set_Priority('1') # MX 记录时的必选参数
request.set_TTL('600') # 可选值的范围取决于你的阿里云账户等级,免费版为 600 - 86400 单位为秒
request.set_Value(value) # 新增的 ip 地址
request.set_Type('A') # 记录类型
request.set_RR(rr) # 子域名名称
request.set_DomainName(domainname) #主域名
# 获取记录信息,返回信息中包含 TotalCount 字段,表示获取到的记录条数 0 表示没有记录, 其他数字为多少表示有多少条相同记录正常有记录的值应该为1如果值大于1则应该检查是不是重复添加了相同的记录
response = client.do_action_with_exception(request)
response = str(response, encoding='utf-8')
relsult = json.loads(response)
return relsult
# 更新记录
def updateDomainRecord(client,value,rr,record_id):
request = UpdateDomainRecordRequest.UpdateDomainRecordRequest()
request.set_accept_format('json')
# request.set_Priority('1')
request.set_TTL('600')
request.set_Value(value) # 新的ip地址
request.set_Type('A')
request.set_RR(rr)
request.set_RecordId(record_id) # 更新记录需要指定 record_id ,该字段为记录的唯一标识,可以在获取方法的返回信息中得到该字段的值
response = client.do_action_with_exception(request)
response = str(response, encoding='utf-8')
return response
# 删除记录
def delDomainRecord(client,subdomain):
info = getDomainInfo(subdomain)
if info['TotalCount'] == 0:
print('没有相关的记录信息,删除失败!')
elif info["TotalCount"] == 1:
print('准备删除记录')
request = DeleteDomainRecordRequest.DeleteDomainRecordRequest()
request.set_accept_format('json')
record_id = info["DomainRecords"]["Record"][0]["RecordId"]
request.set_RecordId(record_id) # 删除记录需要指定 record_id ,该字段为记录的唯一标识,可以在获取方法的返回信息中得到该字段的值
result = client.do_action_with_exception(request)
print('删除成功,返回信息:')
print(result)
else:
# 正常不应该有多条相同的记录,如果存在这种情况,应该手动去网站检查核实是否有操作失误
print("存在多个相同子域名解析记录值,请核查后再操作!")
# 有记录则更新,没有记录则新增
def setDomainRecord(client,value,rr,domainname):
info = getDomainInfo(rr + '.' + domainname)
if info['TotalCount'] == 0:
print('准备添加新记录')
add_result = addDomainRecord(client,value,rr,domainname)
print(add_result)
elif info["TotalCount"] == 1:
print('准备更新已有记录')
record_id = info["DomainRecords"]["Record"][0]["RecordId"]
cur_ip = getIp()
old_ip = info["DomainRecords"]["Record"][0]["Value"]
if cur_ip == old_ip:
print ("新ip与原ip相同,不更新!")
else:
update_result = updateDomainRecord(client,value,rr,record_id)
print('更新成功,返回信息:')
print(update_result)
else:
# 正常不应该有多条相同的记录,如果存在这种情况,应该手动去网站检查核实是否有操作失误
print("存在多个相同子域名解析记录值,请核查删除后再操作!")
IP = getIp()
# 循环子域名列表进行批量操作
for x in SubDomainList:
setDomainRecord(client,IP,x,DomainName)

4
Docker/Dockerfile/Aliyun-dns-sync/File/cron.sh Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
# 启动同步
/usr/local/bin/python /aliyun-dns-sync/aliyun-dns-sync.py > /var/log/python.log

7
Docker/Dockerfile/Aliyun-dns-sync/File/start.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# 启动 cron
service cron start
# 查看日志
tail -f /var/log/python.log

15
Docker/Dockerfile/Aliyun-dns-sync/README.md Normal file
View File

@@ -0,0 +1,15 @@
*
> 本文作者:丁辉
# 通过脚本调用阿里云接口实现动态公网IP实时与阿里云域名解析同步
> 使用前修改 Python 脚本内如下参数
```bash
ID = '' #AccessKey ID
SECRET = '' #AccessKey Secret
regionId = '' #地域
DomainName = '' #域名
```

5
Docker/Dockerfile/Busybox/Dockerfile Normal file
View File

@@ -0,0 +1,5 @@
FROM busybox:latest
RUN echo "启动成功" > /file.txt
CMD ["tail","-f","/file.txt"]

7
Docker/Dockerfile/Busybox/README.md Normal file
View File

@@ -0,0 +1,7 @@
*
> 本文作者:丁辉
# Busybox
> 此应用于容器启动测试

6
Docker/Dockerfile/Cache-Registry/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM registry:latest
ENV PROXY_REMOTE_URL="" \
DELETE_ENABLED="true"
COPY ./entrypoint.sh /entrypoint.sh

56
Docker/Dockerfile/Cache-Registry/README.md Normal file
View File

@@ -0,0 +1,56 @@
> 本文作者:丁辉
# 镜像仓库代理服务
## 优点
1. **加速后续拉取**:同一个镜像只需从 Docker Hub 拉取一次,后续所有团队的拉取请求都会从本地缓存服务器获取,速度极快。
2. **节省带宽**:减少对公网 Docker Hub 的重复请求,尤其适合带宽有限或按流量计费的环境。
## 镜像仓库地址
| 站点名 | URL | 备注 |
| :---------: | :--------------------------: | :--------------------------------------------------------: |
| DockerHub | https://registry-1.docker.io | 拉取镜像需要带上 `library` (可能就我有这情况吧,没仔细深究) |
| Quay | https://quay.io | |
| Gcr | https://gcr.io | |
| Ghcr | https://ghcr.io | |
| K8sgcr | https://k8s.gcr.io | |
| Registryk8s | https://registry.k8s.io | |
## 已构建好的镜像
```bash
hub.offends.cn/registry-proxy:latest
```
## 启动容器
[仓库地址](https://gitee.com/offends/Kubernetes/tree/main/Docker/Dockerfile/Cache-Registry)
- Docker
```bash
docker run -itd \
--restart always \
-p 80:5000 \
-v "/etc/localtime:/etc/localtime" \
-v "/var/lib/registryproxy:/var/lib/registry" \
-e PROXY_REMOTE_URL="https://registry-1.docker.io/library" \
--name=registry-proxy \
hub.offends.cn/registry-proxy:latest
```
- Docker-compose
> 文件在本仓库当前目录下, 修改 `PROXY_REMOTE_URL` 参数后即可使用
```bash
docker-compose up -d
```
- Kubernetes
**查看此篇文档**
[Kubernetes部署Registry镜像仓库缓存服务](https://gitee.com/offends/Kubernetes/tree/main/Docker/Dockerfile/Cache-Registry/README.md)

13
Docker/Dockerfile/Cache-Registry/docker-compose.yaml Normal file
View File

@@ -0,0 +1,13 @@
version: "3"
services:
registryproxy:
image: "hub.offends.cn/registry-proxy:latest"
container_name: "registryproxy"
restart: "always"
volumes:
- "/etc/localtime:/etc/localtime"
- "/var/lib/registryproxy:/var/lib/registry"
environment:
- "PROXY_REMOTE_URL=http://registry:5000"
ports:
- "5000:5000"

37
Docker/Dockerfile/Cache-Registry/entrypoint.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
#############################################################################################
# 用途: 定制缓存 Registry 镜像
# 作者: 丁辉
# 编写时间: 2024-06-29
#############################################################################################
set -e
# 配置 Headers
sed -i "/headers:/a\ Access-Control-Allow-Origin: ['*']" /etc/docker/registry/config.yml
sed -i "/headers:/a\ Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']" /etc/docker/registry/config.yml
sed -i "/headers:/a\ Access-Control-Expose-Headers: ['Docker-Content-Digest']" /etc/docker/registry/config.yml
# 检查环境变量PROXY_REMOTE_URL是否非空, 检查配置文件中变量出现的次数是否为0
if [ -n "$PROXY_REMOTE_URL" ] && [ $(grep -c "$PROXY_REMOTE_URL" "/etc/docker/registry/config.yml") -eq 0 ]; then
echo "proxy:" >> /etc/docker/registry/config.yml
echo " remoteurl: $PROXY_REMOTE_URL" >> /etc/docker/registry/config.yml
# 可以提供用户名和密码保持私密
# echo " username: $PROXY_USERNAME" >> /etc/docker/registry/config.yml
# echo " password: $PROXY_PASSWORD" >> /etc/docker/registry/config.yml
echo "----- Enabled Proxy To Remote -----"
fi
# 判断是否开启 Registry 镜像镜像清理
if [ "$DELETE_ENABLED" = "true" ] && [ $(grep -c "delete:" /etc/docker/registry/config.yml) -eq 0 ]; then
sed -i '/rootdirectory:/a\ delete:' /etc/docker/registry/config.yml
sed -i '/delete:/a\ enabled: true' /etc/docker/registry/config.yml
echo "----- Enabled Local Storage Delete -----"
fi
case "$1" in
*.yaml|*.yml) set -- registry serve "$@" ;;
serve|garbage-collect|help|-*) set -- registry "$@" ;;
esac
exec "$@"

5
Docker/Dockerfile/Centos/Dockerfile Normal file
View File

@@ -0,0 +1,5 @@
FROM scratch
ADD ./centos/rootfs /
CMD /bin/bash

10
Docker/Dockerfile/Centos/README.md Normal file
View File

@@ -0,0 +1,10 @@
*
> 本文作者:丁辉
# Centos 镜像构建
```bash
./build.sh
```

72
Docker/Dockerfile/Centos/build.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/bin/bash
#############################################################################################
# 用途: 构建 Centos 系统 Docker 镜像的脚本
# 作者: 丁辉
# 编写时间: 2023-11-27
#############################################################################################
# 镜像地址
# 阿里云: https://mirrors.aliyun.com/centos/
# 官方: https://www.centos.org/
# 其他: https://vault.centos.org/
VERSION="7.9.2009"
CENTOS_VERSION="7"
URL="https://mirrors.aliyun.com/centos/$VERSION/os/x86_64/Packages"
RPM_VERSION="centos-release-7-9.2009.0.el7.centos.x86_64.rpm"
CENTOS_URL="$URL/$RPM_VERSION"
# 加载检测脚本
source <(curl -sS https://gitee.com/offends/Linux/raw/main/File/Shell/Check_command.sh)
function INSTALL_WGET(){
CHECK_INSTALL wget
}
# 初始化目录和文件
function INIT_DIR(){
CHECK_DIR ./centos/rootfs && cd ./centos
CHECK_COMMAND_NULL rpm --root $PWD/rootfs --initdb
SEND_INFO "初始化目录和文件完成"
SEND_INFO "正在获取RPM文件"
CHECK_COMMAND_NULL wget $CENTOS_URL
CHECK_FILE "centos-release-7-9.2009.0.el7.centos.x86_64.rpm"
NULL_TRUE rpm -ivh --nodeps --root $PWD/rootfs --package ./$RPM_VERSION
# #在无法获取到软件包源的情况下使用
# SEND_INFO "正在备份 YUM 源文件"
# CHECK_DIR /etc/yum.repos.d/Offends
# CHECK_COMMAND_NULL \cp -r /etc/yum.repos.d/epel.repo /etc/yum.repos.d/Offends && \cp -r /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/Offends
# # 获取需要的软件包源
# SEND_INFO "正在获取软件包源"
# CHECK_COMMAND_NULL wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-$CENTOS_VERSION.repo
# CHECK_COMMAND_NULL wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-$CENTOS_VERSION.repo
# # 清除缓存
# SEND_INFO "正在清除缓存"
# CHECK_COMMAND_NULL yum makecache
# # 根据自己需求修改
# CHECK_COMMAND_NULL sed -i 's@baseurl=.*@baseurl=https://mirrors.aliyun.com/centos/7.9.2009/os/x86_64/@' /etc/yum.repos.d/*.repo
SEND_INFO "正在安装基础软件包,拉取过程较慢请稍后"
CHECK_COMMAND_NULL yum --installroot=$PWD/rootfs install yum --nogpgcheck -y
SEND_INFO "开始构建镜像"
CHECK_COMMAND_NULL cd .. && docker build -t centos:$VERSION .
SEND_INFO "构建完成,镜像名称: centos:$VERSION"
# # 恢复 YUM 源文件
# SEND_INFO "正在恢复 YUM 源文件"
# CHECK_COMMAND_NULL rm -rf /etc/yum.repos.d/CentOS-Base.repo && rm -rf /etc/yum.repos.d/epel.repo
# CHECK_COMMAND_NULL cp -r /etc/yum.repos.d/Offends/* /etc/yum.repos.d/
}
function ALL(){
INSTALL_WGET
INIT_DIR
}
ALL

5
Docker/Dockerfile/Debain/Dockerfile Normal file
View File

@@ -0,0 +1,5 @@
FROM scratch
ADD rootfs.tar.xz /
CMD /bin/bash

10
Docker/Dockerfile/Debain/README.md Normal file
View File

@@ -0,0 +1,10 @@
*
> 本文作者:丁辉
# Debain 镜像构建
```bash
./build.sh
```

48
Docker/Dockerfile/Debain/build.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
#############################################################################################
# 用途: 构建 Debian 系统 Docker 镜像的脚本
# 作者: 丁辉
# 编写时间: 2023-11-27
#############################################################################################
# 镜像地址
# https://docker.debian.net/
ROOTFS="https://github.com/debuerreotype/docker-debian-artifacts/raw"
VERSION="1f1e36af44a355418661956f15e39f5b04b848b6"
FILE="stable/rootfs.tar.xz"
DEBAIN=$ROOTFS/$VERSION/$FILE
# 加载检测脚本
source <(curl -sS https://gitee.com/offends/Linux/raw/main/File/Shell/Check_command.sh)
function INSTALL_WGET(){
CHECK_INSTALL wget
}
function INSTALL(){
SEND_INFO "正在下载资源文件,请稍等..."
CHECK_COMMAND_NULL wget $DEBAIN
BUILD
}
# 构建 Debian 系统
function BUILD(){
CHECK_FILE "rootfs.tar.xz"
SEND_INFO "正在构建 Debian 系统,请稍等..."
CHECK_COMMAND_NULL docker import rootfs.tar.xz debian:stable
# docker build -t debian:stable .
CHECK_COMMAND_NULL rm -rf rootfs.tar.xz
SEND_INFO "构建完成,镜像名称: debian:stable"
}
function ALL(){
INSTALL_WGET
INSTALL
}
ALL

5
Docker/Dockerfile/Drone-Images/Dockerfile-git Normal file
View File

@@ -0,0 +1,5 @@
FROM alpine/git
LABEL maintainer="Offends <offends4@163.com>"
RUN apk add --no-cache bash

10
Docker/Dockerfile/Drone-Images/Dockerfile-minio Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine:latest
LABEL maintainer="Offends <offends4@163.com>"
COPY ./mc.sh .
RUN apk add --no-cache --virtual .build-deps \
curl \
&& sh ./mc.sh \
&& apk del .build-deps

11
Docker/Dockerfile/Drone-Images/Dockerfile-oss Normal file
View File

@@ -0,0 +1,11 @@
FROM alpine:latest
LABEL maintainer="Offends <offends4@163.com>"
RUN apk add --no-cache --virtual .build-deps \
unzip \
bash \
curl \
&& curl -O https://gosspublic.alicdn.com/ossutil/install.sh \
&& bash install.sh && rm -rf install.sh \
&& apk del .build-deps

14
Docker/Dockerfile/Drone-Images/README.md Normal file
View File

@@ -0,0 +1,14 @@
*
> 本文作者:丁辉
# Drone 基础镜像构建
> Dockerfile示例
| 文件名 | 镜像功能 | 构建示例 |
| :--------------: | :-------------------------: | :-----------------------------------------------: |
| Dockerfile-git | 最小化 Git 容器 | docker build -t 镜像名:标签 -f Dockerfile-git . |
| Dockerfile-minio | 容器内自带 Minio 客户端命令 | docker build -t 镜像名:标签 -f Dockerfile-minio . |
| Dockerfile-oss | 容器内自带 oss 客户端命令 | docker build -t 镜像名:标签 -f Dockerfile-oss . |

25
Docker/Dockerfile/Drone-Images/mc.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
#############################################################################################
# 用途: 部署 MinIO 客户端工具 mc
# 作者: 丁辉
# 编写时间: 2024-02-14
#############################################################################################
# 判断系统架构
if [ $(arch) = "x86_64" ] || [ $(arch) = "amd64" ]; then
ARCH_TYPE=linux-amd64
elif [ $(arch) = "aarch64" ] || [ $(arch) = "arm64" ]; then
ARCH_TYPE=linux-arm64
else
echo "无法识别的系统架构: $(arch)"
exit 1
fi
# 变量定义
URL="https://dl.min.io/client/mc/release/$ARCH_TYPE"
# 下载文件
curl -so /usr/local/bin/mc https://dl.min.io/client/mc/release/linux-amd64/mc
# 添加执行权限
chmod 777 /usr/local/bin/mc

3
Docker/Dockerfile/Fio/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM alpine:latest
RUN apk add fio

7
Docker/Dockerfile/Fio/README.md Normal file
View File

@@ -0,0 +1,7 @@
*
> 本文作者:丁辉
# Fio
> 此应用于磁盘读写性能测试

128
Docker/Dockerfile/Frp/.drone.yml Normal file
View File

@@ -0,0 +1,128 @@
kind: pipeline
type: docker
name: Build Frps
# 手动触发或接口触发
trigger:
event:
- custom
# 指定架构,需在 runner 配置环境变量中指定 DRONE_RUNNER_ARCH,或自动获取
platform:
os: linux
arch: amd64
# 指定运行环境节点,需在 runner 配置环境变量中指定 DRONE_RUNNER_LABELS
node:
City: abroad
# 使用插件构建镜像
steps:
- name: Build Frps
image: plugins/docker
# 仅当本地不存在该镜像时才拉取
pull: if-not-exists
settings:
registry:
from_secret: REGISTRY
username:
from_secret: DOCKER_USERNAME
password:
from_secret: DOCKER_PASSWORD
repo:
from_secret: REPO
# 是否禁止推送镜像
dry_run: false
tags:
- frps
# 要使用的上下文路径,默认为 git 存储库的根目录
context: ./frps
# 要使用的 dockerfile 路径,默认为 git 存储库的根目录
dockerfile: ./frps/Dockerfile
when:
branch:
- main
---
kind: pipeline
type: docker
name: Build Frpc
# 手动触发或接口触发
trigger:
event:
- custom
# 指定架构,需在 runner 配置环境变量中指定 DRONE_RUNNER_ARCH,或自动获取
platform:
os: linux
arch: amd64
# 指定运行环境节点,需在 runner 配置环境变量中指定 DRONE_RUNNER_LABELS
node:
City: abroad
# 使用插件构建镜像
steps:
- name: Build Frpc
image: plugins/docker
# 仅当本地不存在该镜像时才拉取
pull: if-not-exists
settings:
registry:
from_secret: REGISTRY
username:
from_secret: DOCKER_USERNAME
password:
from_secret: DOCKER_PASSWORD
repo:
from_secret: REPO
# 是否禁止推送镜像
dry_run: false
tags:
- frpc
# 要使用的上下文路径,默认为 git 存储库的根目录
context: ./frpc
# 要使用的 dockerfile 路径,默认为 git 存储库的根目录
dockerfile: ./frpc/Dockerfile
when:
branch:
- main
---
kind: pipeline
type: docker
name: Sync Ipsec Vpn Image
trigger:
event:
include:
- custom
# 指定运行环境节点,需在 runner 配置环境变量中指定 DRONE_RUNNER_LABELS
node:
City: abroad
steps:
- name: Sync Ipsec Vpn Image
image: docker:dind
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
DOCKER_USERNAME:
from_secret: DOCKER_USERNAME
DOCKER_PASSWORD:
from_secret: DOCKER_PASSWORD
REGISTRY:
from_secret: REGISTRY
REPO:
from_secret: REPO
commands:
- docker pull hwdsl2/ipsec-vpn-server
- docker login $REGISTRY -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
- docker tag hwdsl2/ipsec-vpn-server $REPO:ipsec-vpn-server
- docker push $REPO:ipsec-vpn-server
volumes:
- name: dockersock
host:
path: /var/run/docker.sock

13
Docker/Dockerfile/Frp/Drone构建参数解释.md Normal file
View File

@@ -0,0 +1,13 @@
*
> 本文作者:丁辉
## Drone构建参数解释
| 变量名 | 变量值 | 备注 |
| :-------------: | :---------------------------------------------------: | :------------: |
| DOCKER_USERNAME | | 镜像仓库账号 |
| DOCKER_PASSWORD | | 镜像仓库密码 |
| REGISTRY | registry.cn-hangzhou.aliyuncs.com | 镜像仓库地址 |
| REPO | registry.cn-hangzhou.aliyuncs.com/<命名空间>/<镜像名> | 镜像的仓库名称 |

27
Docker/Dockerfile/Frp/frpc/Dockerfile Normal file
View File

@@ -0,0 +1,27 @@
FROM alpine:latest
LABEL maintainer="Offends <offends4@163.com>"
ARG VERSION_ARG
ENV VERSION=${VERSION_ARG:-0.53.2}
RUN if [ $(arch) = "x86_64" ] || [ $(arch) = "amd64" ]; then \
ARCH_TYPE="amd64"; \
elif [ $(arch) = "aarch64" ] || [ $(arch) = "arm64" ]; then \
ARCH_TYPE="arm"; \
else \
ARCH_TYPE="amd64"; \
fi \
&& wget https://github.com/fatedier/frp/releases/download/v${VERSION}/frp_${VERSION}_linux_${ARCH_TYPE}.tar.gz \
&& tar -zvxf frp_${VERSION}_linux_${ARCH_TYPE}.tar.gz \
&& cp -r frp_${VERSION}_linux_${ARCH_TYPE} frp \
&& mv /frp/frpc /usr/local/bin/ \
&& rm -rf /frp/frps* /frp/LICENSE \
&& rm -rf /frp_${VERSION}_linux_${ARCH_TYPE}*
COPY ./frpc.ini /frp/frpc.ini
WORKDIR /frp
CMD /usr/local/bin/frpc -c /frp/frpc.ini

24
Docker/Dockerfile/Frp/frpc/README.md Normal file
View File

@@ -0,0 +1,24 @@
*
> 本文作者:丁辉
# **Frpc内网穿透**
> Frpc 为内网穿透客户端
>
## Docker构建
构建镜像
> 默认构建 0.53.2 版本
```bash
docker build -t registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc .
```
> 手动选择构建版本
```bash
docker build --build-arg VERSION_ARG=0.53.2 -t registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc .
```

8
Docker/Dockerfile/Frp/frpc/frpc.bat Normal file
View File

@@ -0,0 +1,8 @@
@echo off
if "%1" == "h" goto begin
mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
:begin
REM
cd C:\frpc
frpc -c frpc.ini
exit

30
Docker/Dockerfile/Frp/frpc/frpc.ini Normal file
View File

@@ -0,0 +1,30 @@
[common]
server_addr = {{ .Envs.FRP_SERVER_ADDR }}
server_port = 7000
token = 12345678
[windows]
type = tcp
local_ip = {{ .Envs.FRP_WINDOWS_IP }}
local_port = {{ .Envs.FRP_WINDOWS_PORT }}
remote_port = 3389
#liunx tcp 端口写法
; [liunx]
; type = tcp
; local_ip = 127.0.0.1
; local_port = 22
; remote_port = 22
#esxi 端口写法
; [esxi-web]
; type = tcp
; local_ip = {{ .Envs.FRP_ESXI_WEB__ADDR }}
; local_port = 443
; remote_port = 20000
; [esxi-902]
; type = tcp
; local_ip = {{ .Envs.FRP_ESXI_VSPHERE_API_ADDR }}
; local_port = 902
; remote_port = 902

21
Docker/Dockerfile/Frp/frps/404.html Normal file
View File

@@ -0,0 +1,21 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>链接失败</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>请联系管理人员 Mr .Ding</h1>
<p>实在抱歉一定要抓紧联系(家里停电|屋子着火|----).<br/>
请一定要联系我.</p>
<p>我需要知道家里的状况 <a>哈哈</a>.</p>
<p><em>感谢您的配合.</em></p>
</body>
</html>

35
Docker/Dockerfile/Frp/frps/Dockerfile Normal file
View File

@@ -0,0 +1,35 @@
FROM alpine:latest
LABEL maintainer="Offends <offends4@163.com>"
ARG VERSION_ARG
ENV VERSION=${VERSION_ARG:-0.53.2}
RUN if [ $(arch) = "x86_64" ] || [ $(arch) = "amd64" ]; then \
ARCH_TYPE="amd64"; \
elif [ $(arch) = "aarch64" ] || [ $(arch) = "arm64" ]; then \
ARCH_TYPE="arm"; \
else \
ARCH_TYPE="amd64"; \
fi \
&& wget https://github.com/fatedier/frp/releases/download/v${VERSION}/frp_${VERSION}_linux_${ARCH_TYPE}.tar.gz \
&& tar -zvxf frp_${VERSION}_linux_${ARCH_TYPE}.tar.gz \
&& cp -r frp_${VERSION}_linux_${ARCH_TYPE} frp \
&& mv /frp/frps /usr/local/bin/ \
&& rm -rf /frp/frpc* /frp/LICENSE \
&& rm -rf /frp_${VERSION}_linux_${ARCH_TYPE}*
COPY ./frps.ini /frp/frps.ini
COPY ./404.html /frp/404.html
WORKDIR /frp
#客户端连接端口
EXPOSE 7000
#frp Web端
EXPOSE 7500
CMD /usr/local/bin/frps -c /frp/frps.ini

23
Docker/Dockerfile/Frp/frps/README.md Normal file
View File

@@ -0,0 +1,23 @@
*
> 本文作者:丁辉
# **Frps内网穿透**
> Frps为内网穿透服务端
## Docker构建
构建镜像
> 默认构建 0.53.2 版本
```bash
docker build -t registry.cn-hangzhou.aliyuncs.com/offends/frp:frps .
```
> 手动选择构建版本
```bash
docker build --build-arg VERSION_ARG=0.53.2 -t registry.cn-hangzhou.aliyuncs.com/offends/frp:frps .
```

10
Docker/Dockerfile/Frp/frps/frps.ini Normal file
View File

@@ -0,0 +1,10 @@
[common]
bind_port = 7000
dashboard_port = 7500
token = 12345678
dashboard_user = admin
dashboard_pwd = admin
#vhost_http_port = 80
#vhost_https_port = 443
custom_404_page = /frp/404.html
max_pool_count = 5

20
Docker/Dockerfile/Mysql/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM mysql:5.7
# FROM mysql:8
ENV MYSQL_USER=demo \
MYSQL_PASSWORD=demo \
MYSQL_DATABASE=demo \
MYSQL_ROOT_PASSWORD=root
COPY ./sql/* /docker-entrypoint-initdb.d/
# 更改配置文件
#COPY ./my.cnf /etc/my.cnf
CMD ["mysqld", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"]
# 旧加密方式
# --default-authentication-plugin=mysql_native_password
# 是一种基本的身份验证插件,它使用经典的 MySQL 加密方法来存储和验证用户的密码。这意味着用户的密码以散列形式存储在数据库中,而在用户登录时,其密码将与存储的散列进行比较。
# 新加密方式
# --default-authentication-plugin=caching_sha2_password

14
Docker/Dockerfile/Mysql/Dockerfile-secrets Normal file
View File

@@ -0,0 +1,14 @@
FROM mysql:5.7
# FROM mysql:8
ENV MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root-pass \
MYSQL_USER=demo \
MYSQL_DATABASE=demo \
MYSQL_PASSWORD_FILE=/run/secrets/mysql-demo-pass
COPY ./sql/* /docker-entrypoint-initdb.d/
# 更改配置文件
#COPY ./my.cnf /etc/my.cnf
CMD ["mysqld", "--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"]

21
Docker/Dockerfile/Mysql/README.md Normal file
View File

@@ -0,0 +1,21 @@
*
> 本文作者:丁辉
# Mysql 镜像构建
- 自动初始化 Mysql 数据库, 构建示例
```bash
docker build -t <镜像名:标签> .
```
- Mysql 通过 Secrets 隐藏构建账户密码, 示例
[Mysql-Secrets 使用](https://gitee.com/offends/Kubernetes/tree/main/Docker/Docker%E4%BD%BF%E7%94%A8%E6%96%87%E6%A1%A3/Mysql-secrets%E4%BD%BF%E7%94%A8.md)
```bash
docker build -t <镜像名:标签> --file=./Dockerfile-secrets .
```

1
Docker/Dockerfile/Mysql/my.cnf Normal file
View File

@@ -0,0 +1 @@
# 写入配置文件指定内容

1
Docker/Dockerfile/Mysql/sql/01_init_offends.sql Normal file
View File

@@ -0,0 +1 @@
-- 初始化基础 sql

16
Docker/Dockerfile/Nginx/Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
# 推荐使用最新版,漏洞会较少,通过漏洞扫描的几率较大
#FROM nginx:latest
FROM nginx:alpine
# 初始化 NGINX 配置文件
ENV NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates \
NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template \
NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/conf.d
COPY ./templates/*.template /etc/nginx/templates/
COPY ./nginx.conf /etc/nginx/nginx.conf
# 自定义初始化变量
ENV NGINX_PORT=80 \
NGINX_HOST=localhost

16
Docker/Dockerfile/Nginx/Dockerfile-node Normal file
View File

@@ -0,0 +1,16 @@
# 多阶段构建
FROM node:14 as build
COPY . /app
WORKDIR /app
RUN npm config set registry https://registry.npmmirror.com \
&& npm install \
&& npm run build:prod
FROM nginx:alpine
COPY --from=build /app/dist /app/www
COPY ./web.conf /etc/nginx/conf.d/default.conf

12
Docker/Dockerfile/Nginx/README.md Normal file
View File

@@ -0,0 +1,12 @@
*
> 本文作者:丁辉
# Nginx 镜像构建
> Dockerfile示例
| 文件名 | 示例作用 | 构建示例 |
| :-------------: | :-------------------------------------: | :----------------------------------------------: |
| Dockerfile | 示例如何通过环境变量更改Nginx配置文件 | docker build -t 镜像名:标签 . |
| Dockerfile-ndoe | 示例如何通过过阶段构建构建Npm前端代码 | docker build -t 镜像名:标签 -f Dockerfile-node . |

31
Docker/Dockerfile/Nginx/nginx.conf Normal file
View File

@@ -0,0 +1,31 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

17
Docker/Dockerfile/Nginx/templates/default.conf.template Normal file
View File

@@ -0,0 +1,17 @@
server {
listen ${NGINX_PORT};
listen [::]:${NGINX_PORT};
server_name ${NGINX_HOST};
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

8
Docker/Dockerfile/Nginx/web.conf Normal file
View File

@@ -0,0 +1,8 @@
server {
listen 80;
location / {
root /app/www;
index index.html index.htm;
}
}