YAPI 部署 (centos)

邱秋 • 2021年07月18日 • 阅读:689 • centos yapi

环境

Node + mongodb

git

yum install git.

node

yum install nodejs

pm2

npm i -g pm2

mongodb 安装配配置

url : https://www.mongodb.com/try/download/community

# 下载
wget https://repo.mongodb.org/yum/redhat/8/mongodb-org/5.0/x86_64/RPMS/mongodb-org-server-5.0.0-1.el8.x86_64.rpm
# 安装
rpm -i mongodb-org-server-5.0.0-1.el8.x86_64.rpm
# 启动服务
systemctl start mongod.service

## 无法启动 给权限
chown -R mongod:mongod /var/lib/mongo
chown -R mongod:mongod /var/log/mongodb
chown mongod:mongod /tmp/*.sock 

yapi 安装配置

wget https://github.com/YMFE/yapi/archive/refs/tags/v1.9.3.tar.gz

tar -zxvf v1.9.3.tar.gz
mv yapi-1.9.3 yapi
cd yapi

cp config_example.json  config.json

把默认的数据库链接配置干掉

vi config.json

db:{
  - user:'test',
  - pass:'test'
}

初始化

# 初始化 依赖
npm install --production --registry https://registry.npm.taobao.org
# 初始化数据库
npm run install-server

# 启动
node server/app.js   
#or
pm2 start server/app.js --name yapi

禁止注册

{
  "port": "*****",
  "closeRegister":true
}

外网部署之后 1.9.2 以下版本有上传 提权漏洞,应该干掉注册

nginx 安装配置

yum install nginx
vi /etc/nginx/conf.d/yapi.conf

绑定域名做转发

server{
  server_name xxxx.com;
  #cache
  location ~* \.(?:jpg|jpeg|png|gif|ico|css|js)$ {
    proxy_pass http://127.0.0.1:3000;
    proxy_redirect  off;    
    proxy_set_header Host  $host;

    expires 365d;
    add_header Cache-Control "public"; 
  }
  location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://127.0.0.1:3000;
    proxy_redirect  off;
    proxy_set_header        HOST  $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_send_timeout      300;
    proxy_read_timeout      300;

    add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;
  }

  #https
  #listen 443 ssl;
  #ssl_certificate  /etc/nginx/cer/fullchain.crt;
  #ssl_certificate_key /etc/nginx/cer/private.pem;
  #ssl_protocols TLSv1.1 TLSv1.2;
  #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
  #ssl_prefer_server_ciphers on;
  #ssl_session_cache shared:SSL:10m;
  #ssl_session_timeout 10m;
}

#server{
#  if ($host = xxxx.com) {
#      return 301 https://$host$request_uri;
#  } 
#
#  server_name xxxx.com;
#  listen 80;
#  return 404;
#

完工!

我,秦始皇,打钱!