EBIM部署文档

初始化环境配置：

sudo yum -y install net-tools wget vim epel-release psmisc telnet-server xinetd bind-utils sysstat ntpdate
sudo yum group install "Development Tools" "Development Libraries"

sudo yum -y install gcc make gcc-c++ openssl openssl-devel wget vim 
sudo yum -y install ntpdate sysstat epel-release net-tools psmisc
sudo yum install cairo cairo-devel cairomm-devel libjpeg-turbo-devel pango pango-devel pangomm pangomm-devel giflib-devel

#时间同步设置
*/30 * * * * /usr/sbin/ntpdate us.pool.ntp.org |logger -t NTP
#开启firewalld
firewall-cmd --permanent --add-port=3000/tcp
firewall-cmd --permanent --add-service=http
#设置允许某个ip或网段访问某个端口或服务
firewall-cmd  --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.8" port port="80" protocol="tcp" accept'

firewall-cmd  --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" port port="80" protocol="tcp" accept'

firewall-cmd  --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" accept'

firewall-cmd --reload

EBIM环境配置：

1). NODEJS安装（两种方式：源码安装和nvm版本管理工具安装，推荐1.2安装方式）

1.1）Node.JS(6.10.3)：

yum -y install gcc gcc-c++ openssl-devel   ##确认服务器有node.js编译及依赖相关软件
yum -y install nodejs npm  ##(EPEL-release安装)
wget https://nodejs.org/dist/v6.10.3/node-v6.10.3.tar.gz ##(以下步骤为源码安装)
sudo tar zxvf node-v6.10.3.tar.gz && cd node-v6.10.3 && sudo ./configure --prefix=/usr/local/node && sudo make && sudo make install
vim /etc/profile
[root@BobServerStation node-v0.10.24]# vim /etc/profile
#set nodejs env
export NODE_HOME=/usr/local/node
export PATH=$NODE_HOME/bin:$PATH
export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH
[root@BobServerStation node-v0.10.24]# source /etc/profile  ##重启生效

 1.2）nvm： nodejs版本管理

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash   ##nvm安装 
## 安装完成后,会发现使用nvm install stable 安装node速度很慢。使用国内镜像快速安装node: 把环境变量 NVM_NODEJS_ORG_MIRROR, 加入到 .bash_profile 文件中:
## nvm
export NVM_NODEJS_ORG_MIRROR=https://npm.taobao.org/mirrors/node
## nvm 使用参考https://github.com/creationix/nvm
# 设置 npm 淘宝镜像
npm install -g pm2 --registry=https://registry.npm.taobao.org

 1.3）Linux添加字体（点击这里）

2).MongoDB(集群方式参考MongoDB副本集原理、搭建、应用（5）):

systemLog:
    quiet: false  
    path: /data/mongodb/logs/mongom.log  
    logAppend: false
    destination: file
    logRotate: rename

processManagement:  
    fork: true  
    pidFilePath: /data/mongodb/dbm/mongod.pid  
net:  
    bindIp: 127.0.0.1  
    port: 27017  
    maxIncomingConnections: 65536
    wireObjectCheck: true  
    ipv6: false   
storage:  
    dbPath: /data/mongodb/dbm
    indexBuildRetry: true  
    journal:  
        enabled: true  
    directoryPerDB: true
    engine: wiredTiger  
    syncPeriodSecs: 60   
    wiredTiger:  
        engineConfig:  
           # cacheSizeGB: 8  
            journalCompressor: snappy  
            directoryForIndexes: false    
        collectionConfig:  
            blockCompressor: snappy  
        indexConfig:  
            prefixCompression: true  
operationProfiling:  
    slowOpThresholdMs: 100  
    mode: all
security:  
    #authorization: enabled  
    #clusterAuthMode: keyFile  
    #keyFile: /usr/local/mongodb/conf/keyfile  
    javascriptEnabled: true  
setParameter:   
    enableLocalhostAuthBypass: true  
    authenticationMechanisms: SCRAM-SHA-1
replication:  
    oplogSizeMB: 4096
   #replSetName: ebim

sudo wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.2.8.tgz
sudo wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.4.4.tgz
sudo wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.6.9.tgz
sudo tar zxvf mongodb-linux-x86_64-rhel70-3.4.4.tgz && sudo mv mongodb-linux-x86_64-rhel70-3.4.4 /usr/local/mongodb && sudo cd /usr/local/mongodb && sudo mkdir conf
创建启动配置文件：
mkdir -p /home/mongodb/data/dba
mkdir -p /home/mongodb/logs

vim conf/mongoa.conf #以下内容为mongoa.conf配置文件内容
port=27017
dbpath=/home/mongodb/data/dba
logpath=/home/mongodb/logs/mongoa.log
journal=true
logappend=true
storageEngine=wiredTiger
#auth=true
fork=true
nohttpinterface=true

#relica set 配置
oplogSize=4096
#replSet=ebim
#keyFile=/usr/local/mongodb/conf/replkeyfile

启动mongodb服务：
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/conf/mongoa.conf

2.1).配置MongoDB帐号：

>use admin
switched to db admin
> db.createUser(
...  {
...    user: "root",
...    pwd: "password",
...    roles: [
...       { role: "root", db: "admin" }      #超级root帐号
...    ]
...  }
... )
>use ebimdb
switched to db ebimdb
> db.createUser(
...  {
...    user: "ebim",
...    pwd: "password",
...    roles: [
...       { role: "readWrite", db: "ebimdb" }
...    ]
...  }
... )

添加keyfile认证文件，并配置权限
openssl rand -base64 741 > /usr/local/mongodb/conf/replkeyfile
chmod 600 /usr/local/mongodb/conf/replkeyfile

2.2) . 修改MongoDB配置文件（mongoa.conf）:   去除auth，keyFile参数注释.(副本集则需要将keyfile 认证文件copy到所有所有节点，并去除配置文件replSet参数注释)

3 ) . EBIM服务端部署：

修改全局安装npm package权限(nvm安装无需执行此步骤)
sudo chown -R $(whoami) $(npm config get prefix)/{lib/node_modules,bin,share}
安装pm2
npm i pm2 -g
安装ImageMagick,unoconv
sudo yum install ImageMagick.x86_64 ImageMagick-devel.x86_64 unoconv libreoffice cjkuni-ukai-fonts.noarch cjkuni-uming-fonts.noarch texlive-cjk.noarch texlive-cjk-doc.noarch texlive-xecjk.noarch texlive-xecjk-doc.noarch

3.1）.修改服务端配置，并执行初始化：

#修改配置文件参数
vim config/env.js
vim config/services/production.js
#服务端初始化
node bin/shell.js ./init.js
#启动服务
pm2 start pm2.ebim.config.js --env=production && pm2 start pm2.worker.config.js --env=production

4）.Nginx

yum -y install nginx

Nginx配置文件：

user  nginx nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    charset  utf-8;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 500m;

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  60;

    tcp_nodelay on;

    #fastcgi_connect_timeout 300;
    #fastcgi_send_timeout 300;
    #fastcgi_read_timeout 300;
    #fastcgi_buffer_size 64k;
    #fastcgi_buffers 4 64k;
    #fastcgi_busy_buffers_size 128k;
    #fastcgi_temp_file_write_size 256k;

    open_file_cache max=65535 inactive=20s;
    open_file_cache_min_uses 5;
    open_file_cache_valid 60s; 
    
    proxy_redirect off;
    proxy_connect_timeout    60;
    proxy_read_timeout       120;
    proxy_send_timeout       20;
    proxy_buffer_size        32k;
    proxy_buffers            4 128k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied        expired no-cache no-store private auth;
    gzip_disable        "MSIE [1-6].";          

    server_tokens off;

    upstream web_server {
        server 127.0.0.1:3010 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3011 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3012 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3013 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3014 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3015 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3016 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3017 weight=1 max_fails=2 fail_timeout=30s;
        server 127.0.0.1:3020 weight=1 max_fails=2 fail_timeout=30s;
     }

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        access_log  /var/log/nginx/access.log  main;

        location / {
            #root   html;
            #index  index.html index.htm;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass http://web_server;
            proxy_http_version 1.1;
            proxy_set_header Host  $host;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP  $remote_addr;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ .php$ {
            #root           html;
        #   fastcgi_pass   127.0.0.1:9000;
        #   fastcgi_index  index.php;
        #   fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #   fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        #   include        fastcgi_params;
        # }

        location /status {
            stub_status on;
            access_log   off;
        }

        #location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
        #   {
        #        expires      30d;
        #    }

        #location ~ .*.(js|css)?$
        #   {
        #        expires      12h;
        #    }
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
include vhost/*.conf;
}

5）.添加MongoDB  EBIM服务为开机启动

#mongodb开机启动
vim /usr/lib/systemd/system/mongod.service
[Unit]
Description=mongodb
After=network.target remote-fs.target nss-lookup.target
 
[Service]
LimitCORE=infinity
LimitNOFILE=65535
#LimitNPROC=
#User=mongo
#Group=mongo
Type=forking
Environment=MONGOFILE=/usr/local/mongodb344/conf/mongom.conf
#EnvironmentFile=/usr/local/mongodb/conf/mongo.env
PIDFile=/home/mongodb/data/dba/mongod.pid
ExecStart=/usr/local/mongodb344/bin/mongod -f $MONGOFILE
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
RestartSec=42s
PrivateTmp=true
 
[Install]
WantedBy=multi-user.target
#EBIM开机启动
chmod +x /etc/rc.d/rc.local
## ln -s /usr/local/node/bin/node /usr/bin/node
vim /etc/rc.d/rc.local
su - ebim -c "/usr/local/node/bin/pm2 start /home/ebim/xxx/pm2.ebim.config.js --env=production"
su - ebim -c "/usr/local/node/bin/pm2 start /home/ebim/xxx/pm2.worker.config.js --env=production"

6）.数据备份：

30 4 * * 3 /bin/sh /home/scripts/mongobak.sh  
#!/bin/bash
FLODER="/home/mongobak"
DATE=$(date '+%Y-%m-%d')
if [ ! -d "$FLODER" ];then
    mkdir -p "$FLODER"
fi
cd /usr/local/mongodb
## ./bin/mongodump  -o /home/mongobak/mongodb-$DATE
./bin/mongodump --port=27018 -u root -p xxx  --oplog  -o  /home/mongobak/mongodb-$DATE

find /home/mongobak -mtime +10 |xargs rm -rf