• 错误如下

Thu Jul 16 16:39:38 2020 Route addition fallback to route.exe
请求的操作需要提升。
Thu Jul 16 16:39:38 2020 ERROR: Windows route add command failed [adaptive]: returned error code 1
Thu Jul 16 16:39:38 2020 C:\WINDOWS\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.8.0.1
Thu Jul 16 16:39:38 2020 ROUTE: route addition failed using CreateIpForwardEntry: 拒绝访问。   [status=5 if_index=10]
Thu Jul 16 16:39:38 2020 Route addition via IPAPI failed [adaptive]
Thu Jul 16 16:39:38 2020 Route addition fallback to route.exe

后来参考各方文章后发现, 这个10段的网络没有网关ip, cmd里面执行

C:\Users\Administrator>route ADD 192.168.2.0 MASK 255.255.255.0 10.8.0.254
请求的操作需要提升。

后来修改了openvpn的快捷方式, 在兼容性里面勾选了 以管理员身份运行此程序, 重新打开程序, 终于问题解决了

• 创建 index.php 发布入口文件

<?php
if (empty($_SERVER['DOCUMENT_ROOT']) || strpos($_SERVER['DOCUMENT_ROOT'], ':') === false) {
    $hostSystem = 'linux';
} else {
    $hostSystem = 'windows';
}
echo '<h1><a href="">系统版本: ' . $hostSystem . '</a></h1>';

$baseDir = dirname(__FILE__, 2);
$baseDir = str_replace('\\', '/', $baseDir);
$dirs = scandir($baseDir);
unset($dirs[0]);
unset($dirs[1]);
$dirList = [];
foreach ($dirs as $key => $dir) {
    if (!is_dir($baseDir . '/' . $dir . '/.git')) {
        unset($dirs[$key]);
    } else {
        $dirListItem = [
            'value' => $dir,
            'app_type' => '',
        ];
        if (file_exists($baseDir . '/' . $dir . '/src/public/index.php') || file_exists($baseDir . '/' . $dir . '/public/index.php')) {
            $dirListItem['app_type'] = 'laravel';
        } else if (is_dir($baseDir . '/' . $dir . '/src/runtime') || is_dir($baseDir . '/' . $dir . '/runtime')) {
            $dirListItem['app_type'] = 'hyperf';
        } else {
            $dirListItem['app_type'] = 'front';
        }
        $dirList[$dir] = $dirListItem;
    }
}
$dirs = array_values($dirs);
$requestMethod = empty($_SERVER['REQUEST_METHOD']) ? 'GET' : $_SERVER['REQUEST_METHOD'];
switch ($requestMethod) {
    case 'GET':
        echo '<form action="" method="POST">
<h3>选择需要执行的目录: </h3>
';
        $dirLists = [];
        foreach ($dirList as $dirListItem) {
            $dirLists[$dirListItem['app_type']][] = $dirListItem;
        }
        foreach ($dirLists as $appType => $dirList) {
            echo '<h2><font style="color: blue;">' . $appType . '</font></h2>';
            foreach ($dirList as $dirListItem) {
                echo '<label><input type="radio" name="dir" value="' . $dirListItem['value'] . '">' . $dirListItem['value'] . '</label>';
            }
        }
        echo '
<br><input type="submit" value="执行">
</form>
<style>
    label{
        font-weight: lighter;
    }
</style>';
        break;
    case 'POST':
        // 执行发布
        $request = $_REQUEST;
        $dir = empty($_POST['dir']) ? '' : $_POST['dir'];
        if (empty($dir)) {
            die('请选择目录');
        }
        if (empty($dirList[$dir])) {
            die('目录不在白名单中');
        }

        $cmd = [];

        $appType = $dirList[$dir]['app_type'];
        $startTTL = microtime(true);
        echo "<pre>";
        if ($hostSystem == 'windows') {
        } else {
            $da = [];

            $branch = 'develop';
            $branch = 'master';
            switch ($appType) {
                case 'hyperf':
                    $shell = 'sudo ' . dirname(__FILE__) . '/php_deploy_hyperf.sh ' . $dir . ' ' . $branch;
                    echo '<h3>' . $shell . '</h3>';
                    system($shell, $status);
                    break;
                case 'laravel':
                    $shell = 'sudo ' . dirname(__FILE__) . '/php_deploy_laravel.sh ' . $dir . ' ' . $branch;
                    echo '<h3>' . $shell . '</h3>';
                    system($shell, $status);
                    break;
                case 'front':
                    $shell = 'sudo ' . dirname(__FILE__) . '/php_deploy_front.sh ' . $dir . ' ' . $branch;
                    echo '<h3>' . $shell . '</h3>';
                    system($shell, $status);
                    break;
                default:
                    die('未能识别需要执行的代码类型');
            }
        }
        echo '用时: ' . intval((microtime(true) - $startTTL) * 1000) / 1000;
        echo '</pre>';
        if ($status) {
            echo "执行失败";
        } else {
            echo "执行成功";
        }
        break;
}

• vim 前端用到的发布文件 vim php_deploy_front.sh

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin:/root/.nvm/versions/node/v13.9.0/bin
export PATH
project_dir=/home/project
project_name=$1
echo $project_dir"/"$project_name
branch=$2

function gitPullCover(){
    project_name=$1
    branch=$2
    project_dir=$3
    self_path=$project_dir"/history/"$project_name;
    cp -rf $project_dir"/"$project_name $project_dir"/history/"
    history_path=$project_dir"/history/"$project_name
    covertimes=5;
    if [ ! -d $history_path ];then
      mkdir $history_path
      covertimes=20
    fi
    history_path=$self_path"_history"
    if [ ! -d $history_path ];then
      mkdir $history_path
    fi

    echo "覆盖"covertimes"版本"
    covertimes=5
    for vv in {5..1}
    do
        cd $self_path
        git checkout $branch
        git_hashcode=`git log -n $vv --pretty=format:"%H"`
        v2=0;
        for line in $git_hashcode
        do
            declare -i v2=$v2+1;
            if [ "$v2" -eq "$vv" ]
            then
                echo $line;
                git checkout $line
                git reset --hard
                cd ../
                echo "$self_path/* $history_path"
                cp -rf $self_path/* $history_path
            fi
        done
    done
    cd $self_path
    git checkout $branch
}

function gitPull(){
    cd $1
    echo `git log -n 1`
    git log -n 1
    git checkout .
    git pull origin $branch
}

function dockerReload(){
    cd $1"/src"
    docker-compose down && docker-compose up -d
}

gitPullCover $project_name $branch $project_dir

gitPull $project_dir"/"$project_name $branch

• vim 后端laravel用到的发布文件 vim php_deploy_laravel.sh

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin:/root/.nvm/versions/node/v13.9.0/bin
export PATH
project_dir=/home/project/"$1"
echo $project_dir
branch=$2

function gitPull(){
    cd $1
    echo `git log -n 1`
    git log -n 1
    git checkout .
    git pull origin $2
}

gitPull $project_dir $branch

• vim 后端hyperf框架用到的发布文件 vim php_deploy_hyperf.sh

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin:/root/.nvm/versions/node/v13.9.0/bin
export PATH
project_dir=/home/project/"$1"
echo $project_dir
branch=$2

function gitPull(){
    cd $1
    echo `git log -n 1`
    git log -n 1
    git checkout .
    git pull origin $branch
}

function dockerReload(){
    cd $1"/src"
    docker-compose down && docker-compose up -d
}

gitPull $project_dir

dockerReload $project_dir

• 如果无法执行, 检查是否权限问题, 是否开启发布的用户的 sudo 的免密登录

相同的文件内容的shell, 相同的权限, 出现部分情况下无法正确执行的情况

遇到过一起, window下创建的shell, 拷贝到linux下同php无法正确全部执行其中的shell内容, 后来打开看了发现, window下创建的脚本通过vim打开多个 xxx.sh" [dos] 12L, 330C 其中的 [doc] 导致脚本一些执行上的问题
通过cat -A xxx.sh 显示的换行符为 ^M$, linux下创建的文件换行符为 $
转换window换行符为linux sed -i 's/\r//' 文件名
即使解决了换行符问题, 还有新的编码问题出现, 所以脚本千万别在window机器下编写拷贝到linux机器中, 需要通过linux创建文件编辑, window拷贝内容粘贴进去最靠谱

设置普通用户输入sudo,免密进入root账户

方法一:
编辑并在用户相关的内容后面添加需要免密登录的帐号
vim /etc/sudoers
> admin ALL=(ALL) NOPASSWD: ALL

方法二: (未测试)
开始系统内部的wheel用户组,
在/etc/suoers 中编辑配置文件如下:
%wheel ALL=(ALL) NOPASSWD: ALL
比如新开账户为mike,
useradd mike|echo "1234546"|passwd mike
id mike(查看用户归属用户组)---uid 和 gid
uid=505(mike) gid=505(mike) groups=505(mike)
通过usermod 命令更改用户所属用户组

[root@backup ~]# usermod mike -g wheel
[root@backup ~]# id mike
uid=505(mike) gid=10(wheel) groups=10(wheel)

更改为wheel组下的 ,
然后在mike用户下再sudo su 切换既不用输入密码了

假设访问页面地址为： http://www.abc.com/test.jsp

www.abc.com 域名解析到ip: 192.168.0.1 则curl访问方式为如下：

curl -H "Host:www.abc.com"  "http://192.168.0.1/test.jsp"

• 实际测试http协议没问题, https协议就像下面一样了

[root@localhost ~]# curl -H "Host:wx.jiayuanshu.net"  "https://139.224.18.242"
curl: (60) Issuer certificate is invalid.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

• 解决办法, https时使用 --resolve 方法去实现

curl -H "Host:wx.jiayuanshu.net"  "http://139.224.18.242"
curl --resolve 139.224.18.242:443 "https://wx.jiayuanshu.net"

• 查询最近的20条日志

docker logs -f -t --tail=10 容器名

• 查询指定日期的最近的20条日志

docker logs -f -t --since="2017-05-31" --tail=10 容器名