Reason 原因

我記憶體感覺不夠用,所以只好使用群集,而且我找到一個可以提供 DNS 循環功能的免費 DNS 提供商

My server memory is not enough that I think, So I use the swarm as well. And I found a free DNS vender which it can provide the DNS round robin feature.

Basic resources 基礎資源

Ubuntu 20.04 minmal is my choice.

Ubuntu 20.04 minmal 是我得選擇

  • Free Domain name and DNS freenom(.tk、.ml、.ga、.cf、.gq)
  • Free DNS CloudDNS

You must prepare 3 domain names like:

你必須準備3個 domain names 像是:

traefik.{DomainName}, code.{DomainName}, blog.{DomainName}

Software resources 軟體資源

  • Docker
  • Docker Swarm
  • Docker-compose
  • Hugo
  • Traefik
  • code-server(vscode online version)

Architecture diagram 結構關聯圖

graph TD Clinet[Client] subgraph DNS RR(Round Robin) end Server1[Manager server] Server2[Worker server] subgraph DockerSwarm subgraph proxy-Network Traefik(Traefik:
Reverse Proxy&Load Balancer) CodeServer(CodeServer) subgraph worknet-Network Blog1(Blog1) Blog2(Blog2) end end WorkSpace((WorkSpace)) end Clinet --> RR RR --> Clinet Clinet --> |80 & 443| Server1 Clinet --> |80 & 443| Server2 Server1 --> Traefik Server2 --> Traefik Traefik -->|code.DomainName| CodeServer Traefik -->|blog.DomainName| Blog1 Traefik -->|blog.DomainName| Blog2 CodeServer --> WorkSpace Blog1 --> WorkSpace Blog2 --> WorkSpace

Installation instructions 安裝說明

All CODEUSER name need be same.

所有的 CODEUSER 名稱都要一樣。

Please type command one by one.

請一個一個輸入指令。

準備 兩個 VMs 都要裝 docker docker-compose 只要裝在 manager 就好

Docker

sudo apt-get remove docker docker-engine docker.io containerd runc;
sudo apt-get update;
sudo apt-get install apt-transport-https  ca-certificates curl gnupg-agent  software-properties-common;
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -;
sudo apt-key fingerprint 0EBFCD88;
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update;
sudo apt-get install docker-ce docker-ce-cli containerd.io;
sudo systemctl enable --now docker.service;

If you would like to use Docker as a non-root user, you should now consider adding your user to the “docker” group with something like:

如果你是 non-root 使用者想要使用 Docker, 你現在應該考慮通過以下方式將使用者加入到 Docker 的群組裡:

sudo usermod -aG docker {your-user} // echo $USER;

Please login again.

請重新登入

Docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
sudo chmod +x /usr/local/bin/docker-compose;

Simple commands for docker-compose operation 用於docker-compose操作的簡單命令

Check your docker-compose.yml

檢查你的 docker-compose.yml

docker-compose config;

Launch your container from docker-compose.yml

從 docker-compose.yml 啟動你的容器

docker-compose up -d;

Stop your container from docker-compose.yml

從 docker-compose.yml 停止你的容器

docker-compose stop;

Remove your container from docker-compose.yml

從 docker-compose.yml 移除你的容器

docker-compose rm;

Setting 設定

Oracle Cloud 的安全訪問列表

開起: TCP 80 TCP 443 CDIR 0.0.0.0/0 (對外)

開起: TCP 2377 TCP/UDP 7946 UDP 4789 CDIR 10.0.0.0/16 (對內)

記得可以用 nc(netcat) 測試一下

Linux firewall

In Oracle Cloud, ubuntu used iptables.

sudo iptables -I INPUT -p tcp -m tcp --dport 2377 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp --dport 7946 -j ACCEPT
sudo iptables -I INPUT -p udp -m udp --dport 7946 -j ACCEPT
sudo iptables -I INPUT -p udp -m udp --dport 4789 -j ACCEPT
sudo service netfilter-persistent save

Create vieux/sshfs Volume

Notice the authorized_keys file must contain ssh public keys for each vps.

docker plugin install vieux/sshfs sshkey.source=/home/${USER}/.ssh/

Plugin "vieux/sshfs" is requesting the following privileges:
 - network: [host]
 - mount: [/var/lib/docker/plugins/]
 - mount: []
 - device: [/dev/fuse]
 - capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N] y

docker volume create -d vieux/sshfs -o sshcmd={user}@{ip}:{path} -o IdentityFile=/root/.ssh/id_rsa -o allow_other sshvolume

docker run -it --rm -v sshvolume:/tmp busybox ls /tmp

So we need create “workspace” and “letsencrypt” volumes. Note! “letsencrypt” will store acme.json file for “Let’s Encrypt

docker volume create -d vieux/sshfs -o sshcmd={user}@{ip}:{path}/workspace -o IdentityFile=/root/.ssh/id_rsa -o allow_other workspace
docker volume create -d vieux/sshfs -o sshcmd={user}@{ip}:{path}/letsencrypt -o IdentityFile=/root/.ssh/id_rsa -o allow_other letsencrypt

Enable Docker Swarm

On master

docker swarm init --advertise-addr {LAN IP Address}

On worker

docker swarm join --token {TOKEN}

Create Overlay Network

We need create “proxy” and “worknet” networks.

Note. “worknet” for internal, “proxy” for public

docker network create -d overlay --internal worknet
docker network create -d overlay proxy

Clone my codes.

Note! check out “swarm” branch

Sources
Traefik
Code-Server
MyBlog

Setting Code-server

In your code-server terminal.

cd /config/workspace/;
sudo chown -R abc:abc blog;
cd blog
rm -rf public
echo 'BLOGPATH=/config/workspace/blog\nfunction hugo {\n  zsh <<< "cd ${BLOGPATH} && /usr/local/bin/hugo $@";\n}' >> ~/.zshrc;
source ~/.zshrc;
hugo new site .