Golang系列篇之配置内网GO仓库源代理(三)

背景

1. 公司内部服务器无法连通外网。
2. DMZ区有一台服务器可以连通外网。
3. 自己采用自己公司部门内部的DMZ区服务器搭建内网的go仓库代理源

DMZ区服务器安装相关服务

服务器需要有docker基础环境
服务器IP地址为: 192.168.1.214
安装服务统一使用docker镜像运行容器来实现。

1. 容器化CoreDNS服务

目录结构

]$ tree ./coredns
./coredns
├── Corefile
├── hosts
└── install_coredns.sh

0 directories, 3 files

Corefile文件内容

$ cat Corefile
.:53 {
    hosts {
        fallthrough
    }
    forward .  114.114.114.114 8.8.8.8
    errors
    cache
}

hosts配置内容

$ cat hosts
192.168.1.224 github.com

安装coredns的脚本内容如下:

$ cat install_coredns.sh
#!/bin/bash

docker stop coredns
docker rm -f coredns

docker run -d \
  --restart always \
  --name coredns \
  -p 53:53/tcp \
  -p 53:53/udp \
  -v /data/devops_scripts/coredns/hosts:/etc/hosts \
  -v /data/devops_scripts/coredns/Corefile:/Corefile \
  coredns/coredns

安装CoreDNS服务

sudo bash  install_coredns.sh

安装完成。

2.容器化运行nexus服务

$ cat run.sh
HOME_PATH=$PWD

DATA_PATH=/data/nexus_data/:/nexus-data/
LOCALE_TIME=/usr/share/zoneinfo/Asia/Shanghai:/etc/localtime

mkdir -p /data/nexus_data && chown -R 200:200 /data/nexus_data
docker stop  nexus
docker rm -f nexus
docker run --restart=always --privileged=true \
    --name nexus \
    -p 8081:8081 -p 8888-8889:8888-8889 \
    -e INSTALL4J_ADD_VM_PARAMS="-Xms8g -Xmx8g -XX:MaxDirectMemorySize=8g -Djava.util.prefs.userRoot=/nexus-data" \
    -e NEXUS_CONTEXT=nexus \
    -e REGISTRY_STORAGE_DELETE_ENABLED=true \
    --ulimit nofile=655350 \
    --ulimit memlock=-1 \
    --memory=16G \
    --memory-swap=-1 \
    --cpuset-cpus='1-4' \
    -v $LOCALE_TIME \
    -v $DATA_PATH \
    -d sonatype/nexus3:latest

运行nexus服务

$ sudo bash run.sh

2.1 配置nexus服务

• 访问地址: http://192.168.1.224:8081/nexus
• 使用默认密码: admin / admin 登录
• 登录进入,请自行设置新密码.

1. 创建仓库:

2. 选择代理

3. 配置阿里云代理
代理地址: https://mirrors.aliyun.com/goproxy/

4. 配置国内和国外goproxy代理

配置goproxy.cn基本和配置阿里云地址类似。
goproxy.cn的代理地址: https://goproxy.cn
goproxy.cn的代理地址: https://goproxy.io/

5. 创建go代理的仓库组

• 创建仓库组的目的是管理多个go代理仓库.
  
  

3.容器化运行tengine服务

目录结构

$ tree  ./tengine
./tengine
├── conf.d
│   └── devops.conf
├── nginx.conf
└── run.sh

1 directory, 3 files

nginx.conf

cat nginx.conf
$ cat nginx.conf
user  nginx;
worker_processes 4;
worker_rlimit_nofile 102400;

error_log  log/error.log warn;
pid        log/nginx.pid;


events {
    use epoll;
    worker_connections  102400;
    multi_accept on;
}

# load modules compiled as Dynamic Shared Object (DSO)
#
#dso {
#    load ngx_http_fastcgi_module.so;
#    load ngx_http_rewrite_module.so;
#}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  log/access.log  main;

    sendfile        on;
    tcp_nopush      on;
    #tcp_nodelay     on;

    keepalive_timeout  180;

    proxy_temp_path /usr/local/nginx/temp;
    proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=gmz_cache:200m inactive=1d max_size=2g;

    gzip  on;
    gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php;
    gzip_min_length 1k;
    gzip_buffers    4 16k;
    gzip_http_version 1.1;
    gzip_comp_level   9;
    gzip_vary   on;

    client_header_timeout 600s;
    client_body_timeout 600s;
    client_max_body_size 100M;
    client_body_buffer_size 256k;

#    autoindex on; #开启nginx目录浏览功能
#    autoindex_exact_size off; #文件大小从KB开始显示
#    autoindex_localtime on; #显示文件修改时间为服务器本地时间
    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    include conf.d/*.conf;
}

devops.conf

$ cat conf.d/devops.conf
upstream nexus {
  keepalive 32; # keepalive connections
  server 192.168.1.224:8081; # nexus ip and port
}


server {
  resolver 114.114.114.114;       #指定DNS服务器IP地址
  listen 80;
  server_name     192.168.1.224;
  #ssl_certificate     ssl/server.crt;
  #ssl_certificate_key ssl/server.key;

  access_log      /usr/local/nginx/log/nginx_access.log;
  error_log       /usr/local/nginx/log/nginx_error.log;

  # pass through headers from Jenkins which are considered invalid by Nginx server.
  ignore_invalid_headers off;

  location / {
      proxy_pass http://$host$request_uri;     #设定代理服务器的协议和地址
      proxy_set_header HOST $host;
      proxy_buffers 256 4k;
      proxy_max_temp_file_size 0k;
      proxy_connect_timeout 30;
      proxy_send_timeout 60;
      proxy_read_timeout 60;
      proxy_next_upstream error timeout invalid_header http_502;
  }


  location /nexus {
      sendfile off;
      proxy_pass         http://nexus/nexus;
      proxy_redirect     default;
      proxy_http_version 1.1;

      proxy_set_header   Host              $host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size 0;

      #this is the maximum upload size
      client_max_body_size       500m;
      client_body_buffer_size    1024k;

      proxy_connect_timeout      90;
      proxy_send_timeout         90;
      proxy_read_timeout         90;
      proxy_buffering            off;
      proxy_request_buffering    off;
      proxy_set_header Connection ""; # Clear for keepalive
  }


  location = /favicon.ico {
      log_not_found off;
      access_log off;
  }
}
server {
    resolver 114.114.114.114;       #指定DNS服务器IP地址
    listen 443;
    access_log      /usr/local/nginx/log/https_access.log;
    error_log       /usr/local/nginx/log/https_error.log;
    location / {
       proxy_pass https://$host$request_uri;    #设定代理服务器的协议和地址
       proxy_buffers 256 4k;
       proxy_max_temp_file_size 0k;
       proxy_connect_timeout 30;
       proxy_send_timeout 60;
       proxy_read_timeout 60;
       proxy_next_upstream error timeout invalid_header http_502;
    }
}

运行容器化的脚本

$ cat run.sh
# set -x
HOME_PATH=$PWD

CONF=$HOME_PATH/nginx.conf:/usr/local/nginx/conf/nginx.conf
CONF_D_PATH=$HOME_PATH/conf.d/:/usr/local/nginx/conf/conf.d/
LOCALE_TIME=/usr/share/zoneinfo/Asia/Shanghai:/etc/localtime

docker stop tengine
docker rm -f tengine

docker run --restart=always --privileged=true \
    --name tengine \
    -p 80:80 -p 443:443 \
    -v $CONF:ro \
    -v $CONF_D_PATH \
    -v $LOCALE_TIME \
    -d liyuanjie/alpine_tengine:2.3.2

运行tengine脚本

$ sudo bash  run.sh

内网服务器配置项

1. 修改网卡DNS地址

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-ens32
DNS1=192.168.1.224

重启网卡

$ sudo systemctl  restart network

2. 修改hosts文件

$ sudo  vi /etc/hosts
192.168.1.224  github.com
192.168.1.224  sum.golang.org

3. 修改go相关的代理

命令修改

go env -w GOSUMDB="off"
go env -w GOPROXY="http://192.168.1.224:8081/nexus/repository/goproxy_group/,direct"

/etc/profile

# vim  /etc/profile
export GOROOT=$HOME/softinstall/golang # go软件安装路径
export GOPATH=$HOME/softinstall/golangthirty # go依赖包下载的路径
export GOBIN=$GOPATH/bin   # go build之后,执行命令的路径
export GO111MODULE=on
export GOPROXY=http://192.168.1.224:8081/nexus/repository/goproxy_group/,direct
# export GOPROXY=https://goproxy.cn,direct
# export GOPROXY="https://mirrors.aliyun.com/goproxy/,https://goproxy.cn"
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin # 添加为系统的环境变量

创建项目目录

mkdir /data/goprojects/test1/
cd /data/goprojects/test1
go mod init  test1
go get github.com/davecgh/go-spew

5. 验证

go get github.com/davecgh/go-spew
go get github.com/davyxu/cellnet

检查依赖

go mod  tidy

部署中间踩了很多的坑，但是结果还是很令人满意的。
例如: goproxy的docker镜像
goproxy的docker镜像配置代理链接地址
我使用了这个docker镜像，完全不管用。也是醉了。