构建Tabby Web的Docker镜像
克隆Tabby Web源代码
1git clone https://github.com/Eugeny/tabby-web.git
修改Dockerfile中旧的ENV指令格式
1cd tabby-web/
2nano Dockerfile
分别修改第32、53、54、55 行
ENV PATH /root/.cargo/bin:$PATH–>ENV PATH=/root/.cargo/bin:$PATH
ENV APP_DIST_STORAGE file:///app-dist–>ENV APP_DIST_STORAGE=file:///app-dist
ENV DOCKERIZE_VERSION v0.6.1–>ENV DOCKERIZE_VERSION=v0.6.1
ENV DOCKERIZE_ARCH amd64–>ENV DOCKERIZE_ARCH=amd64
构建Docker镜像
1sudo docker buildx build -f Dockerfile -t tabby-web .
编辑docker-compose.yml
1services:
2 tabby:
3 image: tabby-web
4 restart: always
5 depends_on:
6 - db
7 volumes:
8 - ./data:/data
9 ports:
10 - 9091:80
11 environment:
12 - DATABASE_URL=mysql://root:123@db/tabby
13 - PORT=80
14 - DEBUG=False
15 - DOCKERIZE_ARGS="-wait tcp://db:3306 -timeout 60s"
16 - APP_DIST_STORAGE=file:///data
17 - SOCIAL_AUTH_GITHUB_KEY=
18 -SOCIAL_AUTH_GITHUB_SECRET=
19 db:
20 image: mariadb:10.7.1
21 restart: always
22 environment:
23 MARIADB_DATABASE: tabby
24 MARIADB_USER: user
25 MARIADB_PASSWORD: 123
26 MYSQL_ROOT_PASSWORD: 123
安装依赖
1docker-compose run tabby /manage.sh add_version 1.0.187-nightly.1
配置Gituhub OAuth
Homepage URL:前端页面域名
Authorization callback URL:http://前端页面域名/api/1/auth/social/complete/github/
Tabby Web的Nginx反向代理配置
1server {
2 server_name ssh.example.com;
3 location / {
4 proxy_pass http://127.0.0.1:9091;
5 }
6
7 listen 443 ssl; # managed by Certbot
8 ssl_certificate /etc/letsencrypt/live/ssh.example.com/fullchain.pem; # managed by Certbot
9 ssl_certificate_key /etc/letsencrypt/live/ssh.example.com/privkey.pem; # managed by Certbot
10 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
11 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
12
13
14
15 # 反向代理到 /admin/ 的请求
16 location /api/ {
17 proxy_pass http://127.0.0.1:9091/api/;
18 proxy_set_header Host $host;
19 proxy_set_header X-Real-IP $remote_addr;
20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
21 proxy_set_header X-Forwarded-Proto $scheme;
22
23 # 如果目标是 HTTPS,设置下面两行来忽略 SSL 验证
24 proxy_ssl_verify off;
25 }
26
27}
28server {
29 if ($host = ssh.example.com) {
30 return 301 https://$host$request_uri;
31 } # managed by Certbot
32
33
34 listen 80;
35 server_name ssh.example.com;
36 return 404; # managed by Certbot
37
38
39}
搭建Tabby Connection Gateway
docker-compose.yml:
1services:
2 eugeny:
3 command: --token-auth --host 0.0.0.0 --port 443 --certificate /custom/ssl/gateway.pem --private-key /custom/ssl/gateway.key
4 environment:
5 - TABBY_AUTH_TOKEN=
6 ports:
7 - 9000:443
8 image: 'ghcr.io/eugeny/tabby-connection-gateway:master'
9 volumes:
10 - /SSL证书:/custom/ssl/gateway.pem
11 - /私钥:/custom/ssl/gateway.key
网关的Nginx反向代理配置:
1server {
2 server_name 网关域名;
3 location /ws/ {
4 proxy_pass http://127.0.0.1:9000;
5 proxy_http_version 1.1;
6 proxy_set_header Upgrade $http_upgrade;
7 proxy_set_header Connection 'upgrade';
8 proxy_set_header Host $host;
9 proxy_cache_bypass $http_upgrade;
10 }
11
12 listen 443 ssl; # managed by Certbot
13 ssl_certificate /etc/letsencrypt/live/gateway.example.com/fullchain.pem; # managed by Certbot
14 ssl_certificate_key /etc/letsencrypt/live/gateway.example.com/privkey.pem; # managed by Certbot
15 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
16 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
17
18}
19server {
20 if ($host = gateway.example.com) {
21 return 301 https://$host$request_uri;
22 } # managed by Certbot
23
24
25 listen 80;
26 server_name gateway.example.com;
27 return 404; # managed by Certbot
28
29
30}
Tabby 设置的连接网关 URL:wss://