介绍
VoceChat 是一款支持独立部署的个人云社交媒体聊天服务。15MB 的大小可部署在任何的服务器上,部署简单,很少需要维护。前端可以内嵌到自己的网站下,数据完全由用户自己掌握,传输过程加密。VoceChat 从 Slack, Discord, RocketChat, Solid, Matrix 等产品和规范中博采众长,适用于团队内部交流,个人聊天服务,网站客服,网站内嵌社区的场景。
此文档记录使用k8s部署voce-chat,同时使用nfs作为持久化方案
部署过程
depoly文件示例
---
# 新建namespace app-vocechat
apiVersion: v1
kind: Namespace
metadata:
name: app-vocechat
---
# 新建pv,将共享存储挂载
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-vocechat-data-pv
labels:
type: nfs-vocechat-data-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /home/jiangwe/vocechat/data
server: k8s-master
---
# 新建pvc,将pv绑定
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-vocechat-data-pvc
namespace: app-vocechat
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
selector:
matchLabels:
type: nfs-vocechat-data-pv
---
# 新建app,开放3000端口,同时限制资源
apiVersion: apps/v1
kind: Deployment
metadata:
name: vocechat
namespace: app-vocechat
labels:
app: vocechat
createdBy: Apps
spec:
replicas: 1
selector:
matchLabels:
app: vocechat
template:
metadata:
labels:
app: vocechat
spec:
containers:
- name: vocechat
image: docker.m.daocloud.io/privoce/vocechat-server:latest
resources:
limits:
cpu: "4"
memory: "4G"
ports:
- containerPort: 3000
volumeMounts:
- name: data-volume
mountPath: /home/vocechat-server/data
volumes:
- name: data-volume
persistentVolumeClaim:
claimName: nfs-vocechat-data-pvc
---
# 新建services
apiVersion: v1
kind: Service
metadata:
name: vocechat-service
namespace: app-vocechat
spec:
selector:
app: vocechat
ports:
- protocol: TCP
port: 3000
targetPort: 3000
type: ClusterIP
提交至k8s
# 提交至k8s
kubectl apply -f depoly.yml
kubectl get pods -n app-vocechat -owide
此时即已支持提供外部访问,如果需要外网访问,可使用nginx反代至voce-chat(未使用ingress)
反代voce-chat
查看services信息
kubectl get svc -n app-vocechat
NGINX配置文件
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name chat.domain; # domain修改为自己的域名
if ($host != "chat.domain"){ # domain修改为自己的域名
return 404 ;
}
client_max_body_size 1024M;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_buffer_size 10240k;
proxy_buffers 16 10240k;
proxy_busy_buffers_size 20480k;
proxy_temp_file_write_size 20480k;
proxy_set_header Host $host:1443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /var/log/nginx/chat.domain/log/access.log; # domain修改为自己的域名
error_log /var/log/nginx/chat.domain/log/error.log; # domain修改为自己的域名
location ^~ /.well-known/acme-challenge {
allow all;
}
location / {
proxy_pass http://services:3000; # services修改为上一步获取到的services地址
}
ssl_certificate /etc/cert/.lego/certificates/_.domain.crt; # domain修改为自己的域名
ssl_certificate_key /etc/cert/.lego/certificates/_.domain.key; # domain修改为自己的域名
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 20m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host:$server_port$request_uri;
proxy_set_header X-Forwarded-Proto https;
#ssl_stapling on;
#ssl_stapling_verify on;
}
此时即可直接访问voce-chat
