当前位置:网站首页>PIP private active deployment

PIP private active deployment

2021-02-23 17:59:22 JJLAAA

1 Demand analysis

  • Private developers : The development team needs a convenient python Private package publishing mechanism
  • Private mirror source : Self built official source image , Improve access speed , Avoid accidental network problems , Facilitate the privatization of offline environments

2 Use Docker Deploy PypiServer The server

2.1 download PypiServer Mirror image

docker pull pypiserver/pypiserver

2.2 Generate Auth Information

#  Installation dependency 
apt-get install -y apache2-utilssudo pip3 install passlib 
#  Generate  htpass  file 
mkdir -p /opt/pypiserver/auth /opt/pypiserver/packages
#  Indicates that all users can read and write but cannot execute the file / Folder 
chmod -R 666 /opt/pypiserver/packages
#  Meeting  prompt  Password input , Repeat the same two times 
cd /opt/pypiserver/auth && htpasswd -sc .htaccess ${username}

2.3 Container deployment

docker run -d \
-p ${port}:8080 \ 
--restart=always \ --name=pypiserver \ 
-v /opt/pypiserver/packages/:/data/packages \
-v /opt/pypiserver/auth:/data/auth/ \ 
pypiserver/pypiserver -P /data/auth/.htaccess -a update /data/packages

2.4 Nginx Reverse proxy

  • Use Docker Deploy Nginx service , At the same time provide HTTPS Support

    echo 'server {
    listen 80;
    server_name ${sever_name];
    rewrite ^(.*)$ https://${server_name}$1 permanent;
    }
    server {
    listen 443 ssl;
    server_name ${server_name};
    #ssl Certificate file location ( The common certificate file format is :crt/pem)
    ssl_certificate /etc/nginx/ssl/ps-cert.pem;
    #ssl certificate key Location 
    ssl_certificate_key /etc/nginx/ssl/ps-cert.key;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $host;
    proxy_set_header X-Real-IP $remote_addr;
    #  You can use frp Do penetration , Mapping intranet services to the public network 
    proxy_pass http://${public_ip}:${port};
    }
    }' >> /opt/pypi/pypi.conf
  • Deploy Nginx Containers

    docker run -d \
    --restart always \
    -v /opt/pypi/pypi.conf:/etc/nginx/conf.d/pypi.conf \
    -v /opt/pypi/ssl/ps-cert.pem:/etc/nginx/ssl/ps-cert.pem \
    -v /opt/pypi/ssl/ps-cert.key:/etc/nginx/ssl/ps-cert.key \
    -p ${port}:80 \
    --name=pypi_nginx
    nginx

3 install bandersnatch Local source synchronization tool

3.1 Native configuration

The configuration file

mkdir -p /opt/bandersnatch/log && touch /opt/bandersnatch/bandersnatch.conf /opt/bandersnatch/bandersnatch-log.conf

echo '[mirror]
directory = /opt/bandersnatchjson = false
release-files = true
cleanup = false
master = https://pypi.org
timeout = 10
global-timeout = 1800
workers = 3hash-index = false
stop-on-error = false
storage-backend = filesystem
;log-config = /opt/bandersnatch/bandersnatch-log.conf
; root_uri = https://example.comverifiers = 3
;keep_index_versions = 0
;vim: set ft=cfg:
;diff-file = /srv/pypi/mirrored-files
;diff-append-epoch = true
[plugins]
enabled = all
[blacklist]
; https://bandersnatch.readthedocs.io/en/latest/filtering_configuration.html
; https://pypi.org/stats/
[whitelist]
packages = 
cntk 
tensorflow-gpu 
tensorflow 
tensorflow-cpu 
torch' > /opt/bandersnatch/bandersnatch.conf \
&& echo '
[loggers]
keys=root,file
[handlers]
keys=root,file
[formatters]
keys=common
[logger_root]
level=NOTSEThandlers=root
[logger_file]
level=INFO
handlers=file
propagate=1qual
name=bandersnatch
[formatter_common]
format=%(asctime)s %(name)-12s: %(levelname)s %(message)s
[handler_root]
class=StreamHandlerlevel=DEBUGformatter=commonargs=(sys.stdout,) 
[handler_file]
class=handlers.Rotating
FileHandlerlevel=INFO
formatter=commonargs=('/opt/bandersnatch/log/bandersnatch.log','D',1,'UTF-8')
# will manage one file a day' > /opt/bandersnatch/bandersnatch-log.conf

Deploy container

docker run -d \
--restart=always \ 
--name=bandersnatch \ 
-v /opt/bandersnatch/bandersnatch.conf:/etc/bandersnatch.conf \ 
-v /opt/bandersnatch:/opt/bandersnatch \ 
pypa/bandersnatch bandersnatch mirror

3.2 nginx Reverse agent configuration

Use Docker Deploy Nginx service ,nginx The configuration file is as follows

server {
listen 80;
server_name ${server_name};
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name ${server_name};
#ssl Certificate file location ( The common certificate file format is :crt/pem)
ssl_certificate /etc/nginx/ssl/bs-cert.pem;
#ssl certificate key Location 
ssl_certificate_key /etc/nginx/ssl/bs-cert.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Real-IP $remote_addr;
#  You can use frp Do penetration , Mapping intranet services to the public network 
proxy_pass http://${public_ip}:${port};
}
}

5 Reference resources

版权声明
本文为[JJLAAA]所创,转载请带上原文链接,感谢
https://chowdera.com/2021/02/20210223175807497G.html

随机推荐