搜索到
88
篇与
的结果
-
nginx配置禁止通过IP地址直接访问网站 默认情况下Nginx配置完毕后,是允许ip地址直接访问的。这样做的一个显式风险是网络上的各种ip访问扫码工具会收集我们的web应用程序信息,容易造成信息泄露。相应的,可以在access.log中看到很多通过IP地址访问的记录。修改nginx的配置文件可以禁止通过IP地址访问,相应的配置如下:server { listen 80 default_server; listen 443 default_server; server_tokens off; server_name _ ; return 444; ssl_certificate /usr/share/nginx/doc_html/doc.zhangmingrui.cool_bundle.crt; ssl_certificate_key /usr/share/nginx/doc_html/doc.zhangmingrui.cool.key; } 说明:default_server 代表默认无匹配(的server_name)时由当前的server处理。server_name _ 代表无效域名。return 444 匹配到该server后,返回444状态(前段收到ERR_EMPTY_RESPONSE 错误)。 -
安装docker时报错container-selinux >= 2:2.74 错误:软件包:docker-ce-rootless-extras-25.0.4-1.el7.x86_64 (docker-ce-stable) 需要:slirp4netns >= 0.4 错误:软件包:docker-ce-rootless-extras-25.0.4-1.el7.x86_64 (docker-ce-stable) 需要:fuse-overlayfs >= 0.7 错误:软件包:containerd.io-1.6.28-3.1.el7.x86_64 (docker-ce-stable) 需要:container-selinux >= 2:2.74 错误:软件包:3:docker-ce-25.0.4-1.el7.x86_64 (docker-ce-stable) 需要:container-selinux >= 2:2.74 安装docker时遇到以上报错,提示需要升级软件包。解决方案:wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install epel-release -y yum install container-selinux -y #安装最新的contain-selinux
-
k8s安装时报错解决方案(container runtime is not running) 在是用kubeadm安装v1.28.7版本的k8s集群时,出现以下报错。解决方案如下:rm -f /etc/containerd/config.toml systemctl restart containerd之后再用kubeadm命令重新执行初始化即可。 kubeadm init --config=kubeadm-init.yaml --dry-runkubeadm应答文件创建方式kubeadm config print init-defaults > init.yaml应答文件如下:apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.88.51 #管理节点的IP地址 bindPort: 6443 nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock #Runtime的socket地址 imagePullPolicy: IfNotPresent name: master1 #管理节点的名称 taints: null --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes #集群名称 controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry:80/library #私有仓库地址 kind: ClusterConfiguration kubernetesVersion: 1.28.0 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 #service地址段 podSubnet: 10.244.0.0/16 #pod地址段(新添加的信息) scheduler: {} #在文件最后追加,启用IPVS模式 --- kind: KubeProxyConfiguration apiVersion: kubeproxy.config.k8s.io/v1alpha1 mode: ipvs ipvs: strictARP: true #设置kubelet使用的Croup驱动模式为systemd --- kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 cgroupDriver: systemd
-
使用国内镜像地址拉取k8s安装需要的images 以下这些站点国内无法访问:https://hub.docker.com/ #Docker镜像仓库https://gcr.io/google-containers/ #谷歌镜像仓库https://gcr.io/kubernetes-helm/ #谷歌镜像仓库https://gcr.io/google-containers/pause #谷歌镜像仓库使用容器安装k8s时,需要拉取k8s安装所需的镜像,可以使用下面的一些镜像源进行替代,然后重新打上tag即可。安装k8s所需的镜像kubeadm config images list k8s.gcr.io/kube-apiserver:v1.28.7 k8s.gcr.io/kube-controller-manager:v1.28.7 k8s.gcr.io/kube-scheduler:v1.28.7 k8s.gcr.io/kube-proxy:v1.28.7 k8s.gcr.io/pause:3.9 k8s.gcr.io/etcd:3.5.10-0 k8s.gcr.io/coredns/coredns:v1.10.1方法一,使用阿里源docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.28.7 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.28.7 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.28.7 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.28.7 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.10-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.10.1下载后可以重新打标签,然后就可以把这些镜像上传到私有仓库里面。docker images | grep hangzhou |while read i t _ do docker tag $i:$t registry:80/library/${i##*/}:$t #打标签 docker push registry:80/library/${i##*/}:$t #上传 docker rmi ${i}:${t} registry:80/library/${i##*/}:${t} #删除所有镜像 done方法二,使用willdocker docker pull willdockerhub/kube-apiserver:v1.17.3
-
Redhat 8版本安装ansible步骤 配置本地和网络yum源rm -rf /etc/yum.repos.d/* yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel* sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel* vi /etc/yum.repos.d/local.repo local-BaseOS] name=local-BaseOS baseurl=file:///mnt/BaseOS/ enabled=1 gpgcheck=0 [local-APPStream] name=local-APPStream baseurl=file:///mnt/AppStream/ enabled=1 gpgcheck=0 直接使用yum安装ansible时会报错问题: conflicting requests - nothing provides /usr/bin/python3.11 needed by ansible-8.3.0-1.el8.noarch - nothing provides python(abi) = 3.11 needed by ansible-8.3.0-1.el8.noarch - nothing provides python3.11dist(ansible-core) >= 2.15.3 needed by ansible-8.3.0-1.el8.noarch (尝试添加 '--skip-broken' 来跳过无法安装的软件包 或 '--nobest' 来不只使用最佳选择的软件包)正确的安装方式yum install python3 python3-pip pip3 install --upgrade pip pip3 install setuptools-rust pip3 install ansible
