一、概述
配置域名证书可以确保 MaxKB 服务的安全性和可访问性,本文将详细介绍如何为 MaxKB 配置域名证书。
二、配置步骤
1. 部署 MaxKB
创建基础目录
mkdir -p /fit2cloud/{apps,packages,scripts}
上传软件包
ls /fit2cloud/packages/maxkb-pro-v1.10.7-lts-offline.tar.gz
解压软件包
tar -xzvf /fit2cloud/packages/maxkb-pro-v1.10.7-lts-offline.tar.gz -C /fit2cloud/apps/
执行 MaxKB 安装脚本
root@maxkb:~# cd /fit2cloud/apps/maxkb-pro-v1.10.7-lts-offline/
root@maxkb:/fit2cloud/apps/maxkb-pro-v1.10.7-lts-offline# bash install.sh
======================= 开始安装 =======================
-f docker-compose.yml -f docker-compose-pgsql.yml
[MaxKB Log]: 拷贝配置文件模板文件 -> /opt/maxkb/conf
[MaxKB Log]: 根据安装配置参数调整配置文件
time: Fri May 23 02:04:44 AM UTC 2025
[MaxKB Log]: ... 离线安装 docker
[MaxKB Log]: ... 启动 docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /etc/systemd/system/docker.service.
[MaxKB Log]: docker 安装成功
[MaxKB Log]: 检测到 Docker Compose 已安装,跳过安装步骤
[MaxKB Log]: 加载镜像
Loaded image: 1panel/maxkb-pro:v1.10.7-lts
[MaxKB Log]: 启动服务
WARN[0000] /opt/maxkb/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
WARN[0000] /opt/maxkb/docker-compose-pgsql.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 3/3
✔ Network maxkb_maxkb-network Created0.3s
✔ Container pgsql Healthy16.3s
✔ Container maxkb Started12.0s
MaxKB 服务状态 : 正在启动
MaxKB 服务状态 : 正在启动
MaxKB 容器运行状态
time="2025-05-23T02:12:19Z" level=warning msg="/opt/maxkb/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion"
time="2025-05-23T02:12:19Z" level=warning msg="/opt/maxkb/docker-compose-pgsql.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion"
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
maxkb 1panel/maxkb-pro:v1.10.7-lts "bash -c 'rm -f /opt…" maxkb About a minute ago Up About a minute (healthy) 5432/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
pgsql 1panel/maxkb-pro:v1.10.7-lts "docker-entrypoint.s…" pgsql 2 minutes ago Up About a minute (healthy) 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp, 8080/tcp
Docker 目录及文件大小 :
12G /var/lib/docker
Docker 目录所在磁盘使用情况 :
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/ubuntu--vg-ubuntu--lv 52G 17G 33G 34% /
日志文件大小 :
80K /opt/maxkb/logs/
MaxKB 运行目录及文件大小 :
72M /opt
MaxKB 运行目录使用情况 :
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/ubuntu--vg-ubuntu--lv 52G 17G 33G 34% /
[MaxKB Log]: 服务启动成功!
======================= 安装完成 =======================
请通过以下方式访问:
URL: http://$LOCAL_IP:8080
2.Nginx 部署测试
创建目录
mkdir -p /fit2cloud/scripts/nginx/{cert,logs,conf}
上传证书
root@maxkb:~# ll /fit2cloud/scripts/nginx/cert/
total 20
drwxr-xr-x 2 root root 4096 May 23 02:18 ./
drwxr-xr-x 5 root root 4096 May 23 02:17 ../
-rw-r--r-- 1 root root 4128 May 23 02:18 server.crt # 证书文件
-rw-r--r-- 1 root root 227 May 23 02:18 server.key # 私钥文件
配置文件
sudo cat > /fit2cloud/scripts/nginx/conf/lb_http_server.conf <<'EOF'
server {
listen 80;
server_name maxkb.fit2cloud.com;
location / {
return 307 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
http2 on;
server_name maxkb.fit2cloud.com;
access_log /var/log/nginx/maxkb_access.log main;
server_tokens off;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
client_max_body_size 5000m;
# 流式输出
proxy_cache off;
proxy_buffering off;
chunked_transfer_encoding on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 600;
location / {
proxy_pass http://192.168.15.207:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
EOF
准备启动文件
cat > /fit2cloud/scripts/nginx/docker-compose.yml <<'EOF'
services:
web:
image: nginx:1.27.5
container_name: nginx
hostname: nginx
ulimits:
core: 0
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./logs:/var/log/nginx
- ./cert:/etc/nginx/cert
- ./conf:/etc/nginx/conf.d
EOF
启动 Nginx 容器
docker-compose -f /fit2cloud/scripts/nginx/docker-compose.yml up -d
[+] Running 2/2
✔ Network nginx_default Created 0.1s
✔ Container nginx Started
3. 测试访问
配置完成后,通过浏览器访问 ,如果页面正常显示且地址栏显示安全锁标志,说明域名证书配置成功。
三、注意事项
防火墙设置:确保服务器的防火墙允许 80 和 443 端口的流量。
MaxKB 配置文件:检查 MaxKB 的配置文件,确保服务监听在正确的主机地址,以便外部访问。