群晖安装NGINX有什么作用群晖 nginx

转载

deanyuancn 2024-03-04 01:43:36

文章标签 群晖安装NGINX有什么作用网络数据库 linux java 文章分类 运维

群晖部署postgres

In this tutorial I will walk you through a fairly complex production-level AWS deployment setup from scratch. I will assume very little prior knowledge about AWS and assume you are a beginner.

在本教程中，我将从头开始逐步完成一个相当复杂的生产级AWS部署设置。我将几乎没有关于AWS的先验知识，并且假设您是新手。

We will setup a React Express full stack app with a PSQL database. We will deploy the app to an AWS EC2 instance running an Amazon Linux AMI 2. The setup will use NGINX as a reverse proxy and PM2 as a cluster manager. The PSQL database will be deployed to AWS RDS.

我们将使用PSQL数据库设置一个React Express全栈应用程序。我们会将应用程序部署到运行Amazon Linux AMI 2的AWS EC2实例。设置将使用NGINX作为反向代理，并将PM2作为集群管理器。 PSQL数据库将部署到AWS RDS。

We will stay in the free tier so following along with this tutorial will not cost you anything.

我们将保持免费，因此按照本教程进行操作不会花费您任何费用。

Why learn AWS? AWS is currently the biggest cloud computing platform. Wordpress powers more smaller websites, but AWS is used by the vast majority of commercial high-traffic websites. Which means people with AWS skills are in huge demand.

为什么要学习AWS？ AWS是目前最大的云计算平台。 Wordpress支持更多较小的网站，但是绝大多数商业高流量网站都使用AWS。这意味着具有AWS技能的人员需求巨大。

You can watch a video version of this tutorial herehttps://www.youtube.com/playlist?list=PLMc67XEAt-yzxRboCFHza4SBOxNr7hDD5

您可以在此处观看本教程的视频版本https://www.youtube.com/playlist?list=PLMc67XEAt-yzxRboCFHza4SBOxNr7hDD5

Useful terminal commands: https://github.com/iqbal125/terminal_commands_fullstack

有用的终端命令： https : //github.com/iqbal125/terminal_commands_fullstack

Sample React/Express Project:https://github.com/iqbal125/react-express-sample

示例React / Express项目： https : //github.com/iqbal125/react-express-sample

(Theory)

How networking works in AWS cloud computing 网络在AWS云计算中的工作方式
AWS EC2 instance AWS EC2实例
public vs private IP addresses 公共IP地址与私有IP地址
IPv4 addresses IPv4地址
connecting to the public internet from a private network 从专用网络连接到公共互联网
AWS VPC conceptual overview AWS VPC概念概述
how subnetting works in AWS 子网划分在AWS中的工作方式
ssh ssh

(Practice)

Simple EBS deployment 简单的EBS部署
setting up the VPC and subnets 设置VPC和子网
Internet Gateways and Route Tables Internet网关和路由表
Security Groups setup 安全组设置
launching a cloud computer with AWS EC2 使用AWS EC2启动云计算机
setting up the database on AWS 在AWS上设置数据库
setting up the React build for production 设置用于生产的React构建
PM2 setup PM2设定
Nginx setup Nginx设置

(Theory)

Cloud Computing has drastically simplified deploying a web app. Websites like Digital Ocean and Heroku make it even easier by hiding away all the complexity and allow you to just deploy your app with a few simple steps.

云计算已大大简化了Web应用程序的部署。诸如Digital Ocean和Heroku之类的网站通过隐藏所有复杂性，使其变得更加轻松，并允许您通过几个简单的步骤即可部署您的应用程序。

Those tools are good but what we want is a robust, highly secure and highly performant cloud computing setup which means we will do it from scratch.

这些工具很好，但是我们想要的是一个健壮，高度安全和高性能的云计算设置，这意味着我们将从头开始。

The AWS setup will mainly involve networking which is why most of this tutorial will focus on networking concepts and setups.

AWS设置将主要涉及联网，这就是本教程大部分将重点介绍联网概念和设置的原因。

Everything else such as provisioning databases and Ec2 instances is easy to do on AWS, networking will be the biggest challenge.

设置数据库和Ec2实例等其他所有操作都可以在AWS上轻松完成，网络将是最大的挑战。

But don't worry if you don't have any networking experience. I will give you all the information you need to know.

但是，如果您没有任何网络经验，请不要担心。我将为您提供所有您需要了解的信息。

(How networking works in cloud computing )

It works in basically the same way networking works with hardware expect that everything that is hardware, (routers, switches, internet gateways) is virtualized in cloud computing.

它的工作原理基本上与使用硬件进行网络连接的方式相同，即硬件中的所有内容(路由器，交换机，互联网网关)都在云计算中进行了虚拟化。

Networking in cloud computing essentially determines how your virtual resources communicate with each other and the wider internet.

云计算中的网络从根本上决定了您的虚拟资源如何与彼此以及更广泛的Internet通信。

VPCs, IP addresses and subnets are the most important concepts to understand about networking in AWS.

VPC，IP地址和子网是了解有关AWS中网络的最重要概念。

This is essentially what we will be building.

这实质上就是我们将要建立的。

We will have a public and private subnet in our VPC. The public subnet will contain our web server and will be accessible over the internet. Our private subnet will contain our database but will not be accessible over the internet.

我们的VPC中将有一个公共子网和私有子网。公共子网将包含我们的Web服务器，并且可以通过Internet访问。我们的私有子网将包含我们的数据库，但无法通过Internet访问。

Our webserver and database will be able to communicate with each other through a route table.

我们的网络服务器和数据库将能够通过路由表相互通信。

We will see examples of both of these when we are setting up our project on the AWS console.

在AWS控制台上设置项目时，我们将看到这两个示例。

(public vs private ip addresses)

A public IP address is a the location of where your computer is in the wider internet. However, what we call the internet is just one of many networks.

公用IP地址是计算机在更广泛的Internet中的位置。但是，我们所说的互联网只是众多网络之一。

The same way you can have an IP address on the internet you can also have an IP address in another network that is not the internet.

您可以在Internet上拥有IP地址的方式与在非Internet的另一个网络中拥有IP地址的方式相同。

IP address is simply a way to identify a single computer on a network. Regardless of whether this network is the internet or not.

IP地址只是识别网络上一台计算机的一种方式。无论此网络是否为Internet。

So private IP addresses are just a way we can identify computers on our own network and public IP addresses are a way we can identify computers on the “internet” network.

因此，私有IP地址只是我们可以识别自己网络中计算机的一种方式，而公共IP地址是我们可以识别“互联网”网络中的计算机的一种方式。

(IPv4 )

IPv4 is the format in which IP addresses are written.

IPv4是写入IP地址的格式。

Example IPv4 address: 10.12.15.22

示例IPv4地址：10.12.15.22

Referred to as IPv4 since there are 4 bytes which can represent the address. Each byte contains 8 bits and is therefore referred to as an octet.

之所以称为IPv4，是因为有4个字节可以代表地址。每个字节包含8位，因此称为八位字节。

Since each octet contains 8 bits and each bit can be a 0 or 1, there is 2 ^ 8 = 256 different combinations. But we start at 0 so an octet can be a number between 0-255. Since we have 4 octets we have 256 ^ 4 = 4.3 billion different combinations and therefore IP addresses!

由于每个八位位组包含8位，并且每个位可以为0或1，因此存在2 ^ 8 = 256个不同的组合。但是我们从0开始，因此八位位组可以是0-255之间的数字。因为我们有4个八位位组，所以我们有256 ^ 4 = 43亿个不同的组合，因此还有IP地址！

A IPv4 address is resolved to human readable format: “https://google.com” through a DNS.

IPv4地址通过DNS解析为人类可读的格式：“ https://google.com ”。

There is also IPv6, but to keep things concise we will skip this, we will only need to know IPv4 for the purposes of this tutorial.

也有IPv6，但是为了简洁起见，我们将跳过这一点，出于本教程的目的，我们仅需了解IPv4。

More info about IPv6 can be found here:https://searchnetworking.techtarget.com/definition/IPv6-Internet-Protocol-Version-6

有关IPv6的更多信息，请参见： https : //searchnetworking.techtarget.com/definition/IPv6-Internet-Protocol-Version-6

(Connecting to a Public Network from a Private Network)

Done through an internet gateway

通过互联网网关完成

When a request is made by a computer in a private network a routing table checks to see if the destination is for a local computer or not.

当专用网络中的计算机发出请求时，路由表会检查目的地是否为本地计算机。

If not then the request is forwarded to the internet gateway which forwards it out of the private network and to an Internet Service Provider where then it is sent to the intended destination.

如果否，则将请求转发到Internet网关，后者将其转发出专用网络，再转发到Internet服务提供商，然后将其发送到预期的目的地。

The internet gateway also receives requests from the internet as well.

互联网网关也接收来自互联网的请求。

The internet gateway has its own public IP address, so a network can have 1 public ip address even if it has 1000s of private ip addresses.

Internet网关具有其自己的公共IP地址，因此，即使网络具有1000个私有IP地址，网络也可以具有1个公共IP地址。

The protocol used for sending and receiving data is called TCP. This is a pattern and blueprint that ensures data integrity and reliability.

用于发送和接收数据的协议称为TCP。这是确保数据完整性和可靠性的模式和蓝图。

(VPC and Subnetting)

VPC and Subnetting are by far the hardest things to understand and grasp in AWS, which is why I will dedicate a longer section to it.

到目前为止，VPC和子网划分是AWS中最难理解和掌握的东西，这就是为什么我将专门介绍更长的部分。

Virtual Private Cloud. A virtual location you can deploy AWS resources into. You can deploy web servers, databases, file servers and messaging services into a VPC and have all your resources contained in one virtual place.

虚拟私有云。您可以将AWS资源部署到的虚拟位置。您可以将Web服务器，数据库，文件服务器和消息服务部署到VPC中，并将所有资源包含在一个虚拟位置中。

Each resource has its own private IP address.

每个资源都有其自己的专用IP地址。

A subnet is short for sub network or a small part of your entire VPC. Subnetting is essentially a way to divide up your VPC for performance and security reasons.

子网是子网或整个VPC的一小部分的缩写。子网划分本质上是出于性能和安全性原因划分VPC的一种方法。

Example: To Deploy a database in a Subnet that is inaccessible by the internet. While another subnet that has the web servers will need to be accessible by the internet. Even though both of these subnets are separate they are still part of the same VPC.

示例：在Internet无法访问的子网中部署数据库。而具有Web服务器的另一个子网将需要Internet进行访问。即使这两个子网是分开的，它们仍然是同一VPC的一部分。

Subnetting in AWS is done with CIDR notation.

AWS中的子网划分是通过CIDR表示法完成的。

Example subnet CIDR notation: 10.11.12.0/24

子网CIDR表示法示例： 10.11.12.0/24

Subnet MaskThe subnet mask determines the number of ip addresses available to the subnet. The /24 is the subnet mask.

子网掩码子网掩码确定可用于该子网的IP地址的数量。 / 24是子网掩码。

A subnet mask is used as a way to divide your subnet into an approximate number of IP addresses

子网掩码用作将子网划分为大约IP地址数量的方法

network prefix: The unchanging beginning octets that identify a unique subnet or VPC.

网络前缀：标识唯一子网或VPC的不变的起始八位位组。

host address: The IP addresses available to use for the different resources in a subnet.

主机地址：可用于子网中不同资源的IP地址。

/24 means the first 24 bits are to be used as a network prefix and therefore are unusable. Since an IPv4 has 32 total bits we have 8 bits left which are known as the Host address. These are the usable IP addresses. Since 8 bits has 256 combinations our subnet can have any address that is between 10.11.12.0 and 10.11.12.255

/ 24表示前24位将用作网络前缀，因此不可用。由于IPv4总共有32位，因此剩下的8位被称为主机地址。这些是可用的IP地址。由于8位具有256种组合，因此我们的子网可以具有10.11.12.0和10.11.12.255之间的任何地址。

1s represent the network prefix and 0s represent the host address

1代表网络前缀，0代表主机地址

/24 = 255.255.255.0 = 11111111.11111111.11111111.00000000

/ 24 = 255.255.255.0 = 11111111.11111111.11111111.00000000

Same:

相同：

10.11.12.0/24

10.11.12.0/255.255.255.0

10.11.12.0/11111111.11111111.11111111.00000000

A subnet does not have to evenly divide into octets either.

子网也不必平均分成八位字节。

10.11.12.0 /19 means a subnet mask of 11111111.11111111.11100000.0000000

10.11.12.0 / 19表示11111111.11111111.11100000.0000000的子网掩码

If we go to a subnet calculator we can see how this works. A subnet calculator gives you the number of IP addresses available in a subnet. And it also gives you the minimum and maximum IP address.

如果我们使用子网计算器，我们可以看到它是如何工作的。子网计算器可为您提供子网中可用IP地址的数量。而且它还为您提供了最小和最大IP地址。

As you can see this subnet gives us 8190 total usable ip addresses.

如您所见，该子网为我们提供了8190个可用的IP地址。

The first 2 octets are all 1s so both the octets are used as the network prefix, and they can be any number between 0-255.

前两个八位位组全为1，因此两个八位位组均用作网络前缀，并且它们可以是0-255之间的任何数字。

But our third octet has only the partial network prefix and we have only 5 bits to use as our host address. This means that the second octet can only be a number between 0-31 since 2 ^ 5 = 32.

但是我们的第三个八位位组只有部分网络前缀，并且只有5位可以用作我们的主机地址。这意味着第二个八位位组只能是0-31之间的数字，因为2 ^ 5 = 32。

Our last octet is all 0, so as normal it can be any number between 0-255.

我们的最后一个八位位组全为0，因此通常它可以是0-255之间的任何数字。

All together this means that our subnet can be any address that is between

总之，这意味着我们的子网可以是介于

10.11.0.0 - 10.11.31.255

10.11.0.0-10.11.31.255

**Note: The first and last IP addresses are used as network and broadcast addresses which are special IP addresses with special functions. This is why the Host min is the second IP address and the Host Max is the second to last IP address.

**注意：第一个和最后一个IP地址用作网络和广播地址，它们是具有特殊功能的特殊IP地址。这就是为什么主机最小值是第二个IP地址，而主机最大值是倒数第二个IP地址的原因。

You can learn more about Network and broadcast addresses here:

您可以在此处了解有关网络和广播地址的更多信息：

https://www.computernetworkingnotes.com/ccna-study-guide/network-address-basic-concepts-explained-with-examples.html

To avoid all the complexity mentioned above, it is best to stick with Subnet Masks of either /8 /16 /24. Doing so will make sure there are no partial octets.

为避免上述所有复杂性，最好坚持使用/ 8/16/24的子网掩码。这样做将确保没有部分八位字节。

10.11.12.0/8 will have the entire last 3 octets available as IP addresses

10.11.12.0/8将使用整个最后3个八位字节作为IP地址

10.11.12.0/16 will have the entire last 2 octets available as IP addresses

10.11.12.0/16将使用整个最后2个八位字节作为IP地址

10.11.12.0/24 will have the entire last 1 octet available as IP addresses

10.11.12.0/24将把整个最后1个八位字节用作IP地址

Real ExampleVPC: 10.11.0.0/16

真实示例VPC： 10.11.0.0/16

Public Subnet 1: 10.11.1.0/24, any IP address between 10.11.1.0 and 10.11.1.255Public Subnet 2: 10.11.2.0/24, any IP address between 10.11.2.0 and 10.11.2.255

公用子网1： 10.11.1.0/24，在10.11.1.0和10.11.1.255之间的任何IP地址公用子网2： 10.11.2.0/24，在10.11.2.0和10.11.2.255之间的任何IP地址

Private Subnet 1: 10.11.3.0/24, any IP address between 10.11.3.0 and 10.11.3.255 Private Subnet 2: 10.11.4.0/24, any IP address between 10.11.4.0 and 10.11.4.255

私有子网1： 10.11.3.0/24，10.11.3.0和10.11.3.255之间的任何IP地址私有子网2： 10.11.4.0/24，10.11.4.0和10.11.4.255之间的任何IP地址

**Note: Not every single IP address will be available to your Subnet. A few addresses like the Network and Broadcast addresses and a few more utility addresses will be reserved by AWS.

**注意：并非每个IP地址都可用于您的子网。 AWS将保留一些地址，例如网络和广播地址，以及更多实用程序地址。

(AWS EC2 )

Is the "computing" in cloud computing. Is essentially a virtual computer. Has everything your computer at home does: CPU, RAM, Hard Drive etc.

是云计算中的“计算”。本质上是虚拟计算机。拥有您家里的计算机所能做的一切：CPU，RAM，硬盘驱动器等。

This will essentially be our web server and we will use the Amazon Linux AMI 2 as the operating system.

实际上，这将是我们的Web服务器，并且我们将使用Amazon Linux AMI 2作为操作系统。

There are also other Linux operating systems available such as Ubuntu and Red Hat.

还有其他可用的Linux操作系统，例如Ubuntu和Red Hat。

There are also Windows based operating systems available such as Windows Server. Windows systems allow you to use a Graphical UI if you prefer not working with the command line.

也有基于Windows的操作系统，例如Windows Server。如果您不喜欢使用命令行，则Windows系统允许您使用图形UI。

A single Ec2 computer is referred to as an instance.

单个Ec2计算机称为实例。

(SSH)

Secure shell: used to login to our Linux EC2 server from our home computer.

安全外壳：用于从家用计算机登录到我们的Linux EC2服务器。

You can use Putty for SSH if you prefer a graphical user interface.

如果您喜欢图形用户界面，则可以将Putty用于SSH。

I will use Git Bash. It is simpler to use but doesn’t have a GUI.

我将使用Git Bash。它使用起来更简单，但是没有GUI。

We will SSH with Private and Public Keys. Both these keys are generated by AWS.

我们将使用私钥和公钥进行SSH。这两个密钥都是由AWS生成的。

The private key will be stored on your own computer and will be used during the login process.

私钥将存储在您自己的计算机上，并将在登录过程中使用。

The public key will stored on amazon and allow for logins. The public key does not need to kept secret. The private key should be kept in a safe place on your computer, you will be out of luck if you accidentally delete it, since there is no way to get another one.

公钥将存储在亚马逊上并允许登录。公用密钥不需要保密。私钥应保存在计算机上的安全位置，如果不小心删除私钥，将会很不走运，因为无法获取另一个私钥。

(Practice)

Simple EBS deployment

简单的EBS部署

Before doing our complex deployment we can do a simple EBS deployment to get our feet wet.

在进行复杂的部署之前，我们可以做一个简单的EBS部署来弄湿我们的脚。

AWS Elastic Beanstalk is way to launch an app to the Cloud without having to first manually setup the underlying resources such as the VPC, web server and database. It is very easy and fast to get a running app on AWS ELB and a good way to get acquainted with AWS.

AWS Elastic Beanstalk是一种将应用程序启动到云的方法，而无需首先手动设置基础资源，例如VPC，Web服务器和数据库。在AWS ELB上获得正在运行的应用程序非常容易，快速，并且是熟悉AWS的好方法。

Go to the AWS home page and create a new account if you don't already have one.

如果您还没有账户，请转到AWS主页并创建一个新账户。

Then go on Services then ElasticBeanStalk under Compute.

然后进入服务，然后进入Compute下的ElasticBeanStalk。

Which will bring you to the EBS home page. After this go ahead and click on Create New Application and then give it a name and description.

这将带您进入EBS主页。之后，继续，单击“创建新应用程序”，然后为其提供名称和描述。

You can then click on Create New Environment and after that select Web Server Environment.

然后，您可以单击“创建新环境”，然后选择“ Web服务器环境”。

On this page select Node.js as the platform and use the Sample Application code, everything else can be left to default.

在此页面上，选择Node.js作为平台并使用示例应用程序代码，其他所有内容都可以保留为默认设置。

I havent had luck directly deploying the app from here, so let's click on Configure more options to set up the project some more.

我还没有从这里直接部署应用程序的运气，所以让我们单击“配置更多选项”以设置更多项目。

Click on the Network card on the bottom of the page and make sure the default VCP is used along with the default subnet being checked.

单击页面底部的网卡，并确保使用默认的VCP以及正在检查的默认子网。

Then click on the Instances card and make sure the default security groups box is checked.

然后单击“实例”卡，并确保选中了默认安全组复选框。

And that is it, we can now click on create environment to launch our app.

就是这样，我们现在可以单击创建环境以启动我们的应用程序。

If it worked you should be seeing successfully launched environment on your screen.

如果可行，您应该会在屏幕上看到成功启动的环境。

And if you click on the URL you can see your deployed app

如果您单击URL，则可以看到已部署的应用程序

Congrats on deploying an app to the AWS Cloud!

恭喜您将应用程序部署到AWS Cloud！

**Important: Make sure to clean up so you don't get charged for using AWS.

**重要提示：请确保进行清理，以免因使用AWS而收费。

To clean simply click on Terminate Environment under actions and this will delete the app along with all underlying resources.

要清洁，只需在操作下单击Terminate Environment，这将删除该应用程序以及所有基础资源。

We can now go over the complex setup.

现在，我们可以进行复杂的设置。

(VPC setup)

So first we can go to the VPC dashboard which is under the Network & Content Delivery section.

因此，首先我们可以转到“网络和内容交付”部分下的VPC仪表板。

Then you should now be on the VPC dashboard. You can create a VPC with the Launch VPC Wizard button, which is a little bit easier, but I will show how to set it up from scratch which is a little bit more difficult but will give you a better understanding of how a VPC works.

然后，您现在应该在VPC仪表板上。您可以使用“启动VPC向导”按钮来创建VPC，这有点简单，但是我将向您展示如何从头开始进行设置，这有点困难，但可以使您更好地了解VPC的工作方式。

First Click on the VPCs tab and click on the Create VPC button which will take you to a page that looks like this.

首先单击“ VPC”选项卡，然后单击“创建VPC”按钮，这将带您进入如下所示的页面。

We can name the VPC to VPC 3

我们可以将VPC命名为VPC 3

We can set the CIDR block to 10.11.0.0/16. If you remember from the VPC and Subnet Theory sections, this means that the first 2 octets are the network prefix and the last 2 octets are the Host Address, and are available for us to use.

我们可以将CIDR块设置为10.11.0.0/16。如果您还记得“ VPC和子网理论”部分，这意味着前2个八位位组是网络前缀，后2个八位位组是主机地址，可供我们使用。

Tenancy means if the VPC will be on its own dedicated hardware or not. There is a perception that Dedicated Tenancy is m0re secure or has better performance but there isn't any data to suggest this.

租期是指VPC是否将在其专用硬件上。人们普遍认为“专用租约”是安全的或具有更好的性能，但是没有任何数据可以表明这一点。

Default tenancy means your VPC will share the underlying hardware with other AWS users but will be isolated from them through software.

默认租赁意味着您的VPC将与其他AWS用户共享基础硬件，但将通过软件与他们隔离。

After this we can hit create VPC which will finish our VPC setup.

之后，我们可以点击创建VPC，这将完成我们的VPC设置。

(Subnets setup)

Next we will setup the subnets. We can start by clicking on the Subnets tab and click create subnet.

接下来，我们将设置子网。我们可以先单击“子网”选项卡，然后单击“创建子网”。

We will first create our Public Subnet Like so

我们将首先像这样创建我们的公共子网

The main thing to note is the IPv4 CIDR block, which is 10.11.1.0/24.

要注意的主要是IPv4 CIDR块，即10.11.1.0/24。

10.11 is our unchanging network prefix from our VPC. Which makes .1 also part of the network prefix since the subnet mask is /24 and .1 is also the identifier for this subnet.

10.11是我们VPC中不变的网络前缀。由于子网掩码为/ 24，因此.1也是网络前缀的一部分，而.1也是该子网的标识符。

The last octet then serves as the host address, which means this subnet can have any address between 10.11.1.0 - 10.11.1.255.

然后，最后一个八位位组用作主机地址，这意味着该子网可以具有10.11.1.0-10.11.1.255之间的任何地址。

And after this we can hit create which will create the subnet and list it under the subnets.

然后，我们可以点击create来创建子网并在子网下列出它。

Now for our Private subnet

现在进入我们的私有子网

It is setup in a similar way to public subnet, with the the main difference being it has a .2 instead of a .1 in the 3rd octet. Also we have to specify an availability zone to make this subnet work with our database.

它的设置方式类似于公共子网，主要区别在于它在第三个八位位组中使用.2而不是.1。另外，我们必须指定一个可用区域，以使该子网能够与我们的数据库一起使用。

So basically 10.11 is the network prefix we got from the VPC. .2 is the 3rd octet and the unique identifier for this subnet, and the last octet .0 is the available IP addresses between 0-255.

因此，基本上10.11是我们从VPC获得的网络前缀。 .2是该子网的第三个八位位组和唯一标识符，最后一个八位位组.0是0-255之间的可用IP地址。

So this means that this subnet can have any IP address from 10.11.2.0 - 10.11.2.255.

因此，这意味着该子网可以具有10.11.2.0-10.11.2.255中的任何IP地址。

If you compare this to our public subnet which has an IP address range of 10.11.1.0 -10.11.1.255, it should be much more clear what the pattern for setting up the subnet is.

如果将此与我们的IP地址范围为10.11.1.0 -10.11.1.255的公共子网进行比较，则应该更清楚地知道设置子网的模式是什么。

Deploying a database to AWS requires 2 subnets in different availability zones so you can setup the second one like so.

将数据库部署到AWS需要在不同的可用区域中有2个子网，因此您可以像这样设置第二个子网。

(Internet Gateways and Route Tables)

route tables are essentially routers and determine how and where traffic is directed.

路由表本质上是路由器，它确定流量的定向方式和位置。

Now we can create an internet gateway which we will attach to our public subnet.

现在，我们可以创建一个互联网网关，该网关将附加到我们的公共子网。

Since all internet gateways function in the same way we only need to set the name. Before we can attach this internet gateway to our subnet we first have to setup the route table.

由于所有Internet网关的功能均相同，因此我们只需要设置名称即可。在将此Internet网关附加到子网之前，我们首先必须设置路由表。

We can go to the route tables tab and click create route table

我们可以转到路由表标签，然后点击创建路由表

We just have to set the name and associate it with the VPC. We can associate it with VPC 3 and the just click create.

我们只需要设置名称并将其与VPC关联即可。我们可以将其与VPC 3关联，只需单击即可创建。

Once this is done we can now attach our internet gateway to this VPC. Let's go back to the internet gateway tab and hit the actions button and then click on attach to VPC.

完成此操作后，我们现在可以将Internet网关连接到该VPC。让我们返回到Internet网关选项卡并单击“操作”按钮，然后单击“附加到VPC”。

For the attach option just select VPC 3.

对于附加选项，只需选择VPC 3。

Next we can go back to our route table we setup and add a route. We can add the route like so.

接下来，我们可以返回到我们设置的路由表并添加一条路由。我们可以像这样添加路线。

This is saying that if a request is made the route table first checks to see if the route is for a local 10.11.0.0/16 route, if not then we forward that request to the internet gateway to all the other routes which is represented by 0.0.0.0/0.

这就是说，如果发出请求，则路由表首先检查该路由是否用于本地10.11.0.0/16路由，否则，我们将该请求转发到Internet网关到由表示的所有其他路由0.0.0.0/0。

Then we can click on the subnet associations tab and then on the edit subnet associations button.

然后，我们可以单击“子网关联”选项卡，然后单击“编辑子网关联”按钮。

We only want the public subnet associated with this route table so we only check that one, and then we can click save.

我们只希望与该路由表关联的公共子网，因此我们只检查该子网，然后单击“保存”。

And we cant forget about our Private subnets. Simply create another route table and associate the the private subnets to them in the same way we did for the public subnet. Do not add an internet gateway, just leave the route table for local targets.

我们不能忘记我们的专用子网。只需创建另一个路由表，然后将私有子网与私有子网相关联，就如同我们对公共子网所做的一样。不要添加Internet网关，只需将路由表留给本地目标即可。

(Security Groups)

security groups are essentially firewalls that filter incoming and outgoing traffic.

安全组本质上是过滤传入和传出流量的防火墙。

we need to now setup the security groups to work with this setup. Click on the security groups tab and click on create security group.

我们现在需要设置安全组以使用此设置。单击安全组选项卡，然后单击创建安全组。

Creating the security group is very easy we can just set the name and description then just associate it with our VPC 3.

创建安全组非常容易，我们只需设置名称和描述，然后将其与VPC 3关联即可。

After creating the security groups click on edit inbound rules.

创建安全组后，单击“编辑入站规则”。

Next we can setup the security rules like so

接下来，我们可以像这样设置安全规则

First we have SSH which how we log in to our Ec2 instance from our home computer. I have left the source to 0.0.0.0/0 because I dont want to put my personal IP address, but in a real app you will want to your own ip address here.

首先，我们有SSH，它是如何从家用计算机登录到Ec2实例的。我将源设置为0.0.0.0/0，因为我不想输入我的个人IP地址，但是在真实应用中，您将需要在此处输入自己的IP地址。

After that we have the normal port 80 and port 443 which allows normal traffic over the internet. ::/0 allows all IPv6 traffic along with IPv4.

之后，我们有了普通端口80和443，这允许通过Internet进行常规通信。 :: / 0允许所有IPv6通信以及IPv4。

(Launching a EC2 instance cloud computer )

First let's go the ec2 dashboard and click on launch instance. Then we can select the Amazon Linux AMI as the operating system.

首先让我们进入ec2仪表板，然后单击启动实例。然后，我们可以选择Amazon Linux AMI作为操作系统。

Then to stay in the free tier select the t.2 micro option for Instance type.

然后，要保留在免费套餐中，请为实例类型选择t.2 micro选项。

Then the for the 3rd step we have to configure the instance details which we can do like so.

然后，对于第三步，我们必须配置实例详细信息，我们可以像这样进行配置。

For network we can select our VPC 3 and for our subnet we can select our public subnet. Since this is our webserver we want it be in our public subnet attached to an internet gateway.

对于网络，我们可以选择VPC 3，对于子网，我们可以选择公共子网。由于这是我们的Web服务器，因此我们希望它位于连接到Internet网关的公共子网中。

Adding tags and adding storage can be left to the default.

添加标签和添加存储可以保留为默认值。

For security make sure to add the web server security group we setup in the last section.

为了安全起见，请确保添加我们在上一节中设置的Web服务器安全组。

Then on the final step we can just hit launch.

然后在最后一步，我们就可以启动了。

This will prompt a popup to offer us a keypair. We can good ahead and select create new key pair and then download the keypair.

这将提示弹出窗口为我们提供密钥对。我们可以提前选择创建新的密钥对，然后下载密钥对。

If done correctly you should be seeing this to your screen.

如果操作正确，您应该会在屏幕上看到它。

After this our instance is launched and available for us to ssh into. We can ssh into our instance with the command:

在此之后，我们的实例将启动并可供我们使用。我们可以使用以下命令将ssh放入实例：

ssh i- “keypair.pem” ec2-user@public-ip-address

(Database Setup)

Let's now setup the database. We can begin by going to the RDS tab under the database section, under services. Which will take us to the RDS database dashboard.

现在设置数据库。我们可以从服务下数据库部分下的RDS选项卡开始。这将带我们进入RDS数据库仪表板。

But before we can create a database we have to first create a subnet group. To begin we can go to the subnet groups tab and click create db subnet group.

但是在创建数据库之前，我们必须首先创建一个子网组。首先，我们可以转到“子网组”选项卡，然后单击“创建数据库子网组”。

A db subnet group is there to protect against any sort of complete server failure or accidental deletion which is why it expands 2 availability zones. On the low chance that a server completely fails on one availability zone, your database will still be fine. It is extremely unlikely that both servers will completely fail on 2 different availability zones at the same time.

db子网组在那里可以防止任何类型的服务器完全故障或意外删除，因此它扩展了2个可用区域。如果服务器在一个可用性区域上完全失败的可能性很小，则您的数据库仍然可以使用。两台服务器同时在两个不同的可用性区域完全失败的可能性很小。

We first set the name and description. Then we associate our VPC 3 with the subnet group. After this we can add our subnets.

我们首先设置名称和描述。然后，我们将VPC 3与子网组相关联。之后，我们可以添加我们的子网。

The subnets will be listed under the availability zone that we set them up in, in the previous section. Then we can just click create.

在上一部分中，子网将在我们设置它们的可用性区域下列出。然后，我们可以单击创建。

after creating the subnet group we are ready to create our actual database.

创建子网组后，我们准备创建实际的数据库。

We can first go ahead and select free tier eligible at the bottom.

我们可以先在底部选择符合条件的免费套餐。

We can then click next. We can leave everything else on the next page to the default settings. Be sure to remember the username and password you set here.

然后我们可以单击下一步。我们可以将下一页上的其他所有内容保留为默认设置。请务必记住您在此处设置的用户名和密码。

On the next page we can set the VPC to our VPC 3, the subnet group to the one we just setup.

在下一页上，我们可以将VPC设置为VPC 3，将子网组设置为我们刚刚设置的子网。

Make sure to also leave publicly accessible to no. For obvious security reasons we don't want our app to be available over the internet.

确保也不要公开访问。出于明显的安全原因，我们不希望我们的应用程序可通过Internet获得。

Everything else can be left to default. We will setup our Database security groups in a second.

其他所有内容都可以保留为默认值。我们将在一秒钟内设置数据库安全组。

Now we can click create database and we can create the database security groups while the database is being created.

现在，我们可以单击创建数据库，并且可以在创建数据库时创建数据库安全组。

We can go ahead and go to the security groups tab in the VPC dashboard and create a new security group as we saw previously. For inbound rules we can limit it to the CIDR range of our web server. With the port set to the defualt port 5432 of PSQL.

我们可以继续并转到VPC仪表板中的“安全组”选项卡，然后创建一个新的安全组，如我们先前所见。对于入站规则，我们可以将其限制为Web服务器的CIDR范围。将端口设置为PSQL的默认端口5432。

Click create and we are ready to add this to our database.

单击创建，我们准备将其添加到我们的数据库中。

To add this new security group we can go to the database from the database dashboard. Then click the modify button.

要添加此新的安全组，我们可以从数据库仪表板转到数据库。然后单击修改按钮。

After that we can just select the security group we just setup under the Networking and Security section.

之后，我们只需选择我们在“网络和安全”部分下设置的安全组即可。

A question you might now have is how do connect to our database if it is not public ally accessible over the internet.

您现在可能遇到的一个问题是，如果无法通过Internet公开访问数据库，该如何连接到我们的数据库。

The way we do it is we first ssh into our linux instance then connect to our database from that instance over the PSQL TCP port we setup on our route table.

为此，我们首先将ssh放入linux实例，然后通过在路由表上设置的PSQL TCP端口从该实例连接到数据库。

To test this we can go ahead and ssh into our ec2 instance in the same way we saw above. Then we can install psql with the command.

为了测试这一点，我们可以按照上面所看到的相同方式继续使用ssh进入ec2实例。然后，我们可以使用命令安装psql。

sudo amazon-linux-extras install postgresql9.6

After this we can connect to the psql database with the following command.

之后，我们可以使用以下命令连接到psql数据库。

psql -d name-of-db -h host-name -p port -U username

If you connected successfully you will see the name of your database followed by an arrow.

如果连接成功，您将看到数据库名称，后跟一个箭头。

(React and Node Project Setup)

Here I will go over a sample setup with React and node/express. The very first thing to do is run the npm run build command which will output a production build of your app in a directory called build.

在这里，我将介绍React和node / express的示例设置。首先要做的是运行npm run build命令，该命令将在名为build的目录中输出应用程序的生产版本。

**Note: Make sure that all the routes that are localhost in your build version are changed to the public IP. This will probably be true for authentication. Everything else can be left as is.

**注意：请确保您的构建版本中所有为localhost的路由均已更改为公共IP。对于身份验证可能是正确的。其他一切都可以保留。

Cut and paste this entire build directory into a node/express server. Then set a path to it as shown below.

将整个构建目录剪切并粘贴到节点/表达服务器中。然后如下所示设置它的路径。

....
//express server

app.use(express.static(path.join(__dirname, 'build')));

if(process.env.NODE_ENV === 'production') {
  app.get('/*', function (req, res) {
   	res.sendFile(path.join(__dirname, 'build', 'index.html'));
  });
}

....

The first function is how we serve the static files from our React app, (the JS, CSS PWA files).

第一个功能是我们如何从React应用程序中提供静态文件(JS，CSS PWA文件)。

The second function first checks to see if the environment is production then serves the main React HTML file.

第二个功能首先检查环境是否为生产环境，然后提供主React HTML文件。

This approach keeps our client side routing intact. For example, in our development build we can just use routes such as /post/22 and it will be correctly routed to http://localhost:3000/post/22.

这种方法使我们的客户端路由保持完整。例如，在我们的开发版本中，我们仅可以使用/ post / 22之类的路由，它将被正确地路由到http：// localhost：3000 / post / 22。

But because our React app is now in production being served by an express server, the the route /post/22 will point to http://publicip/build/post/22. In order to not rewrite our entire routing we use the path.join() and the above code to fix this.

但是由于我们的React应用现在正在由Express服务器提供服务，因此路由/ post / 22将指向http：// publicip / build / post / 22。为了不重写整个路由，我们使用path.join()和上面的代码来解决此问题。

After this, simply deploy the React Express project to a Github repo.

之后，只需将React Express项目部署到Github仓库。

And thats it, next we can deploy this React Express app to a Linux server.

就是这样，接下来我们可以将该React Express应用程序部署到Linux服务器。

(Deploying the project to AWS EC2 instance. )

Now we are ready to deploy our project. First SSH into your EC2 instance with Gitbash using the following command.

现在我们准备部署我们的项目。首先使用以下命令使用Gitbash SSH进入您的EC2实例。

ssh i- “keypair.pem” ec2-user@public-ip-address

The next thing we have to do is actually install git, with the command:

我们要做的下一步实际上是使用以下命令安装git：

sudo yum install git

then we can clone the project into the server with the command

然后我们可以使用以下命令将项目克隆到服务器中

sudo git clone link-to-repo

After doing this you should be able to see your project files by doing cd into the directory.

完成此操作后，您应该可以通过在目录中执行cd命令来查看您的项目文件。

We are not done yet, we still have to install node and npm, because we will want to install our dependencies of our project. We have to first install the node version manager which will then allow us to install node and npm. we can install nvm like so.

我们还没有完成，我们仍然必须安装node和npm，因为我们要安装我们项目的依赖项。我们必须先安装节点版本管理器，然后再允许我们安装node和npm。我们可以像这样安装nvm。

sudo curl https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash

This will install nvm which we can then use to install node and npm. To do so simply list out the versions of node available for download and install the latest stable.

这将安装nvm，然后我们可以使用它来安装node和npm。为此，只需列出可下载的节点版本并安装最新的稳定版。

list version of node commandnvm ls remote

节点命令的列表版本nvm ls remote

install commandnvm install version-of-node

安装命令nvm install version-of-node

But after installing npm and node if you go to run npm install on the project directory you will get a permission denied error.

但是在安装npm和node之后，如果要在项目目录上运行npm install，则会收到权限被拒绝的错误。

You can then run the command below to give write permission on the directory. The command below gives far more than just write permissions but configuring Linux permissions is far out of the scope of this tutorial.

然后，您可以运行以下命令来授予目录写权限。下面的命令不仅提供写权限，而且配置Linux权限远远超出了本教程的范围。

sudo chmod 777 on the directory

目录中的sudo chmod 777

Here is a link to a tutorial if you would like to know more about chmod. https://www.computerhope.com/unix/uchmod.htm

如果您想了解更多关于chmod的信息，那么这里是教程的链接。 https://www.computerhope.com/unix/uchmod.htm

After this your npm modules should install normally with the regular npm install command.

之后，您的npm模块应使用常规npm install命令正常安装。

Then you can simply run your app with the npm start command which will start your node server and serve your React project as static files.

然后，您可以简单地使用npm start命令运行您的应用程序，这将启动您的节点服务器并将React项目作为静态文件提供。

But the problem is that the project will only run on the non traditional ports like 5000 or 3000, or whichever port you were running on localhost. If you try to take the naive approach and just change the port to port 80 on the server you will get a permission denied error.

但是问题在于该项目只能在非传统端口(例如5000或3000)上运行，或者仅在本地主机上运行的任何端口上运行。如果您尝试采用幼稚的方法，而只是将端口更改为服务器上的端口80，则会收到权限被拒绝的错误。

To fix this we will use nginx.

为了解决这个问题，我们将使用nginx。

(nginx)

You might be wondering why we are using ngnix if we already have node. It is possible to use nginx as a http server but we will be using nginx as a reverse proxy instead, which will keep node as the actual http server.

您可能想知道如果我们已经有节点，为什么我们要使用ngnix。可以将nginx用作http服务器，但是我们将使用nginx作为反向代理，它将使节点保持为实际的http服务器。

The setup will look like this.

安装程序将如下所示。

The benefits of doing this are:

这样做的好处是：

nginx acts as an application level load balancer
Helps node with performance and reliability
Improves Security
Prevents DoS attacks

And here is a diagram that shows a regular proxy verses a reverse proxy.

这是一个显示常规代理与反向代理的关系图。

In a regular proxy a web client can send and receive data from multiple web servers. In a reverse proxy a single web server can send and receive data from multiple web clients.

在常规代理中，Web客户端可以从多个Web服务器发送和接收数据。在反向代理中，单个Web服务器可以从多个Web客户端发送和接收数据。

Now let's move onto our Ec2 instance and ssh into it.

现在，让我们进入Ec2实例并ssh进入它。

The very first thing we will need to do is install nginx. The Amazon Linux AMI 2 already comes with nginx so you can install it like so

我们需要做的第一件事是安装nginx。 Amazon Linux AMI 2已随附nginx，因此您可以像这样安装它

sudo amazon-linux-extras install nginx1.12

Then we can cd into the nginx directory with

然后我们可以使用以下命令进入nginx目录

cd /etc/nginx

Then we can edit the nginx configuration file with the command

然后我们可以使用以下命令编辑nginx配置文件

sudo nano nginx.conf

Which will open up the nginx.conf file in the sudo nano editor.

它将在sudo nano编辑器中打开nginx.conf文件。

Then we can add this code to the home location route

然后我们可以将此代码添加到家庭位置路线

Basically we are saying that set the react build as the root route. Then set the index.html file as the main index, finally on every subsequent request serve the same index.html file.

基本上，我们说的是将react build设置为根路由。然后将index.html文件设置为主索引，最后在每个后续请求上提供相同的index.html文件。

This is because React is a single page app and literally a single html file. So to make it possible to navigate within the React app we have to serve this same html file again in case of errors.

这是因为React是一个单页应用程序，实际上是一个html文件。因此，为了能够在React应用程序中导航，我们必须在出现错误的情况下再次提供相同的html文件。

Next we can also setup nginx to handle our API routes.

接下来，我们还可以设置nginx来处理我们的API路由。

This is mostly boiler plate code but the one property to note is the proxy_pass which is our public IP and the non standard port.

这主要是样板代码，但要注意的一个属性是proxy_pass，这是我们的公共IP和非标准端口。

This ip address is then going to be proxied to the regular port 80 which will allow us to access the website as normal.

然后，该IP地址将被代理到常规端口80，这将使我们能够正常访问该网站。

Copy and pastable version of the code:

复制和粘贴版本的代码：

server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  localhost;


        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                root /react-prod5/build;
                index index.html;                
                try_files $uri /index.html;

        }

        location /api/ {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://10.0.1.187:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;

        }

After this we can just save and exit the editor.

之后，我们可以保存并退出编辑器。

Now we also have to restart nginx for the changes to reflect.

现在我们还必须重新启动nginx才能反映所做的更改。

sudo systemctl restart nginx

This is all you need to do to have nginx as the reverse proxy. Your app will now be able to run on the normal Port 80.

这就是将nginx用作反向代理所需要做的全部工作。您的应用现在可以在正常的端口80上运行。

(PM2)

PM2 is a cluster manager and allows us to run our app automatically and also restart it automatically if it crashes.

PM2是一个集群管理器，它使我们能够自动运行我们的应用程序，并且在崩溃时也可以自动重启。

So let's ssh back into our instance and install PM2

因此，让我们重新回到实例并安装PM2

npm install pm2 -g

the -g flag is important because it installs PM2 globally. And this is crucial because this is what allows PM2 to do its job.

-g标志很重要，因为它会全局安装PM2。这至关重要，因为这正是PM2能够完成其工作的原因。

If you think about it, if PM2 was installed locally it would crash when our app crashed, so that wouldnt work. We install it globally so that it is outside our project and can restart our project if it crashes.

如果您考虑一下，如果PM2是在本地安装的，则在我们的应用程序崩溃时它将崩溃，因此将无法正常工作。我们在全球范围内安装它，以便它在我们的项目之外，并且在崩溃时可以重新启动我们的项目。

Then you can run PM2 on your project with

然后，您可以使用以下命令在您的项目上运行PM2

pm2 start app.js -i max

This will start the project with the max number of cores. This is important because node is single threaded and using all the cores will maximize performance.

这将以最大内核数启动项目。这一点很重要，因为节点是单线程的，并且使用所有内核将最大限度地提高性能。

If done successfully you should see a page that looks like this.

如果成功完成，您应该会看到一个如下所示的页面。

Here are a few other useful commands for PM2

这是PM2的其他一些有用命令

pm2 list: list all running processes

pm2 list ：列出所有正在运行的进程

pm2 stop app 0: stop app with id 0

pm2 stop app 0 ：停止ID为0的应用

pm2 delete app 0: delete app with id 0

pm2 delete app 0 ：删除ID为0的应用

pm2 restart app 0: restart app with id 0

pm2 restart app 0 ：重新启动ID为0的应用

pm2 start app.js -i max: start app.js with max number of threads available

pm2 start app.js -i max ：以最大可用线程数启动app.js

And this is it! Thanks for reading and Congrats if you made it through the entire tutorial - this is not easy stuff.

就是这样！感谢您的阅读和祝贺，如果您通读了整个教程，这不是一件容易的事。

Connect with me on Twitter for more updates on future tutorials: https://twitter.com/iqbal125sf
在Twitter上与我联系以获取未来教程的更多更新： https ： //twitter.com/iqbal125sf
翻译自: https://www.freecodecamp.org/news/production-fullstack-react-express/

群晖部署postgres

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。

上一篇：java哪些关键字能修饰类 java修饰方法的关键字

下一篇：python 读取视频文件 python读取mpp文件

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯