Skip to main content

Cài đặt ban đầu cho server

  • Server CentOS 8: 8GB Ram, 16 cpu
  • Cài docker
# Cài docker
yum install -y yum-utils
sudo yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl status docker
sudo systemctl enable docker
docker --version

# Cài docker compose
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
  • Cài nginx
sudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
  • Sinh cặp ssh key để pull code từ github về. Key nằm trong ~/.ssh/id_rsa.pub
ssh-keygen
  • Tạo user, directory chứa code
adduser
adduser doc5s
passwd doc5s
su doc5s
sudoer
visudo
su doc5s
cd /home/doc5s/doc5s/code
  • Pull code
git fetch
git branch
# Nếu chưa ở main
git checkout main
git pull
  • Check container có chạy lên ko. Nếu trạng thái là Exited thì phải dùng lệnh check log để check, còn ko sao thì ok.
docker ps -a

Kết quả các container sẽ show ra như này

image.png

  • Sử dụng nginx làm reverse proxy về các port của container. Port api sẽ forward về 3001 (NestJS), port client sẽ forward về 3000 (NextJS). Cấu hình nằm trong thư mục /etc/nginx/conf.d/
    • Nội dung file nginx /etc/nginx/conf.d/nhaplieu.com.conf 
      server {
    if ($host = nhaplieu.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    # Redirect HTTP to HTTPS
    listen 80;
    server_name nhaplieu.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name nhaplieu.com;

    proxy_read_timeout 3600;
    proxy_connect_timeout 3600;
    proxy_send_timeout 3600;

    # SSL configuration
    #    ssl_certificate /opt/ssl_sohoa.online/sohoa_online_certificate.crt;
    #    ssl_certificate_key /opt/ssl_sohoa.online/sohoa_online_privkey.key;
    #    ssl_trusted_certificate /opt/ssl_sohoa.online/sohoa_online_rootca.crt;

    # ssl_protocols TLSv1.2 TLSv1.3;
    # ssl_ciphers HIGH:!aNULL:!MD5;

    # Reverse proxy to NestJS backend
    location /api {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Reverse proxy to fe
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Optional: Add error logging
    error_log /var/log/nginx/nhaplieu_com_error.log;
    access_log /var/log/nginx/nhaplieu_com_access.log;

    ssl_certificate /etc/letsencrypt/live/nhaplieu.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nhaplieu.com/privkey.pem; # managed by Certbot
}
  • Một vài câu lệnh khác
# Check log nginx
sudo tail -f /var/log/nginx/error.log
systemctl restart nginx
sudo tail -f /var/log/nginx/error.log
journalctl -xe

# Check log container
docker logs -f --tail 100 code-api-1
docker logs code-api-1

 

Back to top