CentOS7下安装Redash

CentOS7下安装Redash

安装docker-ce  docker-compose

1、安装docker-ce

首先删除较旧版本的docker（如果有）：

yum remove docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce

下一步安装需要的软件包：

yum install -y yum-utils device-mapper-persistent-data lvm2

配置docker-ce repo：

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

最后安装docker-ce：

yum install docker-ce

修改默认存储路径

vim /usr/lib/systemd/system/docker.service 

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

修改为：

ExecStart=/usr/bin/dockerd --graph /data/docker  -H fd:// --containerd=/run/containerd/containerd.sock

2、安装

sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

安装Redash

mkdir /opt/redash

cd /opt/redash

#从GitHub下载源码

git clone https://github.com/getredash/redash.git

#创建docker-compose.production.yml文件,内容参考yml配置

# This is an example configuration for Docker Compose. Make sure to atleast update

# the cookie secret & postgres database password.

#

# Some other recommendations:

# 1. To persist Postgres data, assign it a volume host location.

# 2. Split the worker service to adhoc workers and scheduled queries workers.

version: '3.2'

services:

  server:

    image: redash/redash:8.0.0.b32245

    command: server

    depends_on:

      - postgres

      - redis

    ports:

      - "5000:5000"

    environment:

      PYTHONUNBUFFERED: 0

      REDASH_LOG_LEVEL: "INFO"

      REDASH_REDIS_URL: "redis://redis:6379/0"

      REDASH_DATABASE_URL: "postgresql://postgres@postgres/postgres"

      REDASH_COOKIE_SECRET: "XJ22k6vaXUk8"

      REDASH_WEB_WORKERS: 4   

      #邮箱 

      REDASH_MAIL_SERVER: "mail.yourdomain.com"

      REDASH_MAIL_PORT: 25

      REDASH_MAIL_USE_TLS: "false"

      REDASH_MAIL_USE_SSL: "false"

      REDASH_MAIL_USERNAME: "report@yourdomain.com"

      REDASH_MAIL_PASSWORD: "YourPassword"

      REDASH_MAIL_DEFAULT_SENDER: "report@yourdomain.com"

      REDASH_HOST: "https://redash.yourdomain.com"

    restart: always

  worker:

    image: redash/redash:8.0.0.b32245

    command: scheduler

    environment:

      PYTHONUNBUFFERED: 0

      REDASH_LOG_LEVEL: "INFO"

      REDASH_REDIS_URL: "redis://redis:6379/0"

      REDASH_DATABASE_URL: "postgresql://postgres@postgres/postgres"

      QUEUES: "queries,scheduled_queries,celery"

      WORKERS_COUNT: 2

    restart: always

  redis:

    image: redis:3.0-alpine

    ports:

     - "6379:6379"

    volumes: 

      - ./data/redis:/data

    restart: always

  postgres:

    image: postgres:9.5.6-alpine

    ports:

     - "15432:5432"

    volumes:

      - ./data/postgresql_data:/var/lib/postgresql/data

    restart: always

  nginx:

    image: redash/nginx:latest

    ports:

      - "88:80"

    depends_on:

      - server

    links:

      - server:redash

    restart: always

#创建db

docker-compose -f docker-compose.production.yml run --rm server create_db

#运行 redash  后台运行

docker-compose -f docker-compose.production.yml up -d

#如果配置邮箱预警可用以下命令检测 可以接受到邮件，如有问题可检测你的邮件配置

docker exec -it redash_server_1_5309d7faa1d5  python manage.py send_test_mail

注：如果无法正常发送邮件，是无法创建用户的，因为创建用户，需要发送激活邮件，才能正常创建用户

至此redhas安装完成

四、配置域名https访问

upstream redash {

  server 172.17.0.1:5000;

}



server {

  listen 80;

  server_name  redash.yourdomain.com;



  # Allow accessing /ping without https. Useful when placing behind load balancer.

  location /ping {

    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass       https://redash;

  }



  location / {

    # Enforce SSL.

    return 301 https://$host$request_uri;

  }

}





server {

  listen   443 ssl;

  server_name  redash.yourdomain.com;





  ssl_certificate     /usr/server/nginx/conf/key/2020_yourdomain.com.pem;

  ssl_certificate_key /usr/server/nginx/conf/key/2020_yourdomain.com.key;



  # Specifies that we don't want to use SSLv2 (insecure) or SSLv3 (exploitable)

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  # Uses the server's ciphers rather than the client's

  ssl_prefer_server_ciphers on;

  # Specifies which ciphers are okay and which are not okay. List taken from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";



  gzip on;

  gzip_types *;

  gzip_proxied any;



  location / {

   if ($whiteiplist = 0){

       return 403;

       }

    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

    proxy_redirect   off;

    proxy_pass       https://redash;

  }

access_log  /data/logs/nginx/redash.yourdomain.access.log  main;

}