Centos7 Docker 安装 Graylog
惯例
什么是 Graylog?
Graylog 是与 ELK 可以相提并论的一款集中式日志管理方案,支持数据收集、检索、可视化 Dashboard
Graylog 架构
Graylog 负责接收来自各种设备和应用的日志,并为用户提供 Web 访问接口。
Elasticsearch 用于索引和保存 Graylog 接收到的日志。
MongoDB 负责保存 Graylog 自身的配置信息。
开始部署
安装 Docker 并把 Docker 数据目录转移到 /data 下
[root@dev-of-runfa-34 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
[root@dev-of-runfa-34 ~]# yum -y install docker-ce.x86_64
[root@dev-of-runfa-34 ~]# mkdir /data
[root@dev-of-runfa-34 ~]# systemctl start docker.service
[root@dev-of-runfa-34 ~]# systemctl stop docker.service
[root@dev-of-runfa-34 ~]# mv /var/lib/docker /data/docker
[root@dev-of-runfa-34 ~]# ln -sf /data/docker /var/lib/docker
[root@dev-of-runfa-34 ~]# ll /var/lib/docker
lrwxrwxrwx 1 root root 12 6月 26 17:13 /var/lib/docker -> /data/docker
[root@dev-of-runfa-34 ~]# systemctl start docker.service
[root@dev-of-runfa-34 ~]# systemctl enable docker.service
安装 docker-compose
[root@dev-of-runfa-34 ~]# yum -y install python-pip
[root@dev-of-runfa-34 ~]# pip install --upgrade pip
[root@dev-of-runfa-34 ~]# pip install docker-compose
[root@dev-of-runfa-34 ~]# docker-compose -v
docker-compose version 1.24.1, build 4667896
创建相关目录
[root@dev-of-runfa-34 ~]# mkdir -p /data/graylog-mongo
[root@dev-of-runfa-34 ~]# mkdir -p /data/graylog-elasticsearch
[root@dev-of-runfa-34 ~]# mkdir -p /data/graylog/config
[root@dev-of-runfa-34 ~]# mkdir -p /data/graylog/data
[root@dev-of-runfa-34 ~]# mkdir -p /data/docker/docker-compose
[root@dev-of-runfa-34 ~]# chmod -R 777 /data/graylog
[root@dev-of-runfa-34 ~]# chmod -R 777 /data/graylog-mongo
[root@dev-of-runfa-34 ~]# chmod -R 777 /data/graylog-elasticsearch
编写 docker-compose.yml
[root@dev-of-runfa-34 ~]# cd /data/docker/docker-compose/
[root@dev-of-runfa-34 docker-compose]# vim docker-compose.yml
version: '2'
services:
graylog-mongo:
restart: always
image: mongo:3
container_name: graylog-mongo
volumes:
- /data/graylog-mongo:/data/db
graylog-elasticsearch:
restart: always
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
container_name: graylog-elasticsearch
volumes:
- /data/graylog-elasticsearch:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
graylog:
restart: always
image: graylog/graylog:3.0
container_name: graylog
volumes:
- /data/graylog/config:/usr/share/graylog/data/config
# 配置文件这里挂载
- /data/graylog/data:/usr/share/graylog/data/journal
# 持久化数据
environment:
- GRAYLOG_HTTP_ENABLE_CORS=true
- GRAYLOG_HTTP_EXTERNAL_URI=http://10.18.193.34:9000/
# 改为宿主机 IP 地址
- GRAYLOG_PASSWORD_SECRET=gr8r3hbnvfs73b8wefhweufpokdnc
# 密码验证,随便改
- GRAYLOG_ROOT_USERNAME=admin
# 管理员名称
- GRAYLOG_ROOT_PASSWORD_SHA2=3830cd9a249f1f69bdd57c783d12fc569a3e11f2bd2418fa406dcb76a5215e1a
# 密码需要填写 SHA256 加密的密文,例如这里是 itsupport.0
# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
# Enter Password: itsupport.0
#- GRAYLOG_ELASTICSEARCH_HOSTS=http://graylog-elasticsearch:9200
# elasticsearch host 这里不需要
#- GRAYLOG_MONGODB_URI=mongodb://graylog-mongo/graylog
# mongo host 这里不需要
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
# 时区
# 其他配置请参考 graylog.conf 文件, 在需要覆盖的配置项前面加 "GRAYLOG_",换成大写
links:
- graylog-mongo:mongo
- graylog-elasticsearch:elasticsearch
depends_on:
- graylog-mongo
- graylog-elasticsearch
ports:
- 9000:9000
- 1514:1514
- 1514:1514/udp
- 12201:12201
- 12201:12201/udp
下载 Graylog 配置文件到本地
[root@dev-of-runfa-34 ~]# cd /data/graylog/config/
[root@dev-of-runfa-34 config]# wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.0/config/graylog.conf
[root@dev-of-runfa-34 config]# wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.0/config/log4j2.xml
[root@dev-of-runfa-34 config]# chmod -R 777 /data/graylog/config
运行 docker-compose
[root@dev-of-runfa-34 config]# cd ../../docker/docker-compose/
[root@dev-of-runfa-34 docker-compose]# docker-compose up -d
[root@dev-of-runfa-34 docker-compose]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6045/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 6306/master
tcp6 0 0 :::9000 :::* LISTEN 14915/docker-proxy
tcp6 0 0 :::12201 :::* LISTEN 14880/docker-proxy
tcp6 0 0 :::1514 :::* LISTEN 14931/docker-proxy
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 6045/sshd
tcp6 0 0 ::1:25 :::* LISTEN 6306/master
安装 nginx 做反向代理
[root@dev-of-runfa-34 ~]# mkdir -p /data/nginx/conf.d /data/nginx/logs /data/nginx/conf
[root@dev-of-runfa-34 ~]# vim /data/nginx/conf/nginx.conf
user nobody;
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_min_length 256;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
include /usr/local/nginx/conf/conf.d/*.conf;
}
[root@dev-of-runfa-34 ~]# vim /data/nginx/conf.d/www.conf
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name 10.18.193.34;
location /graylog/
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://10.18.193.34:9000;
}
}
[root@dev-of-runfa-34 ~]# chmod -R 755 /data/nginx
[root@dev-of-runfa-34 ~]# cd /data/docker/docker-compose/
[root@dev-of-runfa-34 docker-compose]# vim Dockerfile
FROM centos
#基于哪个镜像
MAINTAINER me [email protected]
#作者信息
RUN rpm --rebuilddb && yum install -y pcre-devel wget net-tools gcc zlib zlib-devel make openssl-devel curl
#使用 RUN 安装一些依赖的包
ADD http://nginx.org/download/nginx-1.16.0.tar.gz .
#使用 ADD 下载 nginx 源码包
RUN tar zxvf nginx-1.16.0.tar.gz
#使用 RUN 安装解包 nginx 源码包
RUN mkdir -p /usr/local/nginx
#RUN 创建 nginx 安装目录,-p 级联创建
RUN cd nginx-1.16.0 && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-threads --with-file-aio && make && make install
#编译安装 nginx,注意指定 nginx 的安装目录
EXPOSE 80
#把 80 端口暴露出来
ENTRYPOINT /usr/local/nginx/sbin/nginx && tail -f /etc/passwd
#容器启动时执行的命令,Dockerfile 有个特殊的地方,在执行完指定命令后会自动停止运行,所以加上"tail -f /etc/passwd"可以让其永远都执行不完,容器就不会停止运行了
[root@dev-of-runfa-34 docker-compose]# docker build -t centos_nginx .
[root@dev-of-runfa-34 ~]# docker run -itd --name nginx --hostname nginx --net=host -v /data/nginx/logs:/usr/local/nginx/logs -v /data/nginx/conf.d:/usr/local/nginx/conf/conf.d -v /data/nginx/conf/nginx.conf:/usr/local/nginx/conf/nginx.conf -v /etc/localtime:/etc/localtime:ro centos_nginx
测试
地址(下面两个地址一样的):
http://10.18.193.34/graylog/
http://10.18.193.34:9000/
REST API 地址(下面两个地址一样的):
http://10.18.193.34/graylog/api/
http://10.18.193.34:9000/api/
本文链接:
/archives/graylog_02
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Linux 小白鼠!
觉得文章不错,打赏一点吧,1分也是爱~
打赏
微信
支付宝
微信
支付宝