zhmg23

我们是如此的不同

CentOS7下安装Redash

一、说明

操作系统:CentOS Linux release 7.x

docker  Server Version: 19.03.8

redash:8.0.0

二、安装docker-ce  docker-compose

1、安装docker-ce

首先删除较旧版本的docker(如果有):

yum remove docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce

下一步安装需要的软件包:

yum install -y yum-utils device-mapper-persistent-data lvm2

配置docker-ce repo:

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

最后安装docker-ce:

yum install docker-ce

修改默认存储路径

vim /usr/lib/systemd/system/docker.service 

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

修改为:

ExecStart=/usr/bin/dockerd --graph /data/docker  -H fd:// --containerd=/run/containerd/containerd.sock


2、安装

sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose


三、安装Redash

mkdir /opt/redash

cd /opt/redash

#从GitHub下载源码

git clone https://github.com/getredash/redash.git


#创建docker-compose.production.yml文件,内容参考yml配置

touch docker-compose.production.yml  内容如下:

 

# This is an example configuration for Docker Compose. Make sure to atleast update

# the cookie secret & postgres database password.

#

# Some other recommendations:

# 1. To persist Postgres data, assign it a volume host location.

# 2. Split the worker service to adhoc workers and scheduled queries workers.

version: '3.2'

services:

  server:

    image: redash/redash:8.0.0.b32245

    command: server

    depends_on:

      - postgres

      - redis

    ports:

      - "5000:5000"

    environment:

      PYTHONUNBUFFERED: 0

      REDASH_LOG_LEVEL: "INFO"

      REDASH_REDIS_URL: "redis://redis:6379/0"

      REDASH_DATABASE_URL: "postgresql://postgres@postgres/postgres"

      REDASH_COOKIE_SECRET: "XJ22k6vaXUk8"

      REDASH_WEB_WORKERS: 4   

      #邮箱 

      REDASH_MAIL_SERVER: "mail.yourdomain.com"

      REDASH_MAIL_PORT: 25

      REDASH_MAIL_USE_TLS: "false"

      REDASH_MAIL_USE_SSL: "false"

      REDASH_MAIL_USERNAME: "report@yourdomain.com"

      REDASH_MAIL_PASSWORD: "YourPassword"

      REDASH_MAIL_DEFAULT_SENDER: "report@yourdomain.com"

      REDASH_HOST: "https://redash.yourdomain.com"

    restart: always

  worker:

    image: redash/redash:8.0.0.b32245

    command: scheduler

    environment:

      PYTHONUNBUFFERED: 0

      REDASH_LOG_LEVEL: "INFO"

      REDASH_REDIS_URL: "redis://redis:6379/0"

      REDASH_DATABASE_URL: "postgresql://postgres@postgres/postgres"

      QUEUES: "queries,scheduled_queries,celery"

      WORKERS_COUNT: 2

    restart: always

  redis:

    image: redis:3.0-alpine

    ports:

     - "6379:6379"

    volumes: 

      - ./data/redis:/data

    restart: always

  postgres:

    image: postgres:9.5.6-alpine

    ports:

     - "15432:5432"

    volumes:

      - ./data/postgresql_data:/var/lib/postgresql/data

    restart: always

  nginx:

    image: redash/nginx:latest

    ports:

      - "88:80"

    depends_on:

      - server

    links:

      - server:redash

    restart: always


 

#创建db

docker-compose -f docker-compose.production.yml run --rm server create_db


 

#运行 redash  后台运行

docker-compose -f docker-compose.production.yml up -d


#如果配置邮箱预警可用以下命令检测 可以接受到邮件,如有问题可检测你的邮件配置

docker exec -it redash_server_1_5309d7faa1d5  python manage.py send_test_mail


注:如果无法正常发送邮件,是无法创建用户的,因为创建用户,需要发送激活邮件,才能正常创建用户

至此redhas安装完成


四、配置域名https访问

upstream redash {

  server 172.17.0.1:5000;

}


server {

  listen 80;

  server_name  redash.yourdomain.com;


  # Allow accessing /ping without https. Useful when placing behind load balancer.

  location /ping {

    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass       https://redash;

  }


  location / {

    # Enforce SSL.

    return 301 https://$host$request_uri;

  }

}



server {

  listen   443 ssl;

  server_name  redash.yourdomain.com;



  ssl_certificate     /usr/server/nginx/conf/key/2020_yourdomain.com.pem;

  ssl_certificate_key /usr/server/nginx/conf/key/2020_yourdomain.com.key;


  # Specifies that we don't want to use SSLv2 (insecure) or SSLv3 (exploitable)

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  # Uses the server's ciphers rather than the client's

  ssl_prefer_server_ciphers on;

  # Specifies which ciphers are okay and which are not okay. List taken from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


  gzip on;

  gzip_types *;

  gzip_proxied any;


  location / {

   if ($whiteiplist = 0){

       return 403;

       }

    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

    proxy_redirect   off;

    proxy_pass       https://redash;

  }

access_log  /data/logs/nginx/redash.yourdomain.access.log  main;

}



评论