腾讯云部署
本文档介绍如何在腾讯云服务器(CVM)上部署 PocketBase,并配置 COS 对象存储。
购买 CVM 实例
Section titled “购买 CVM 实例”推荐配置:
| 配置项 | 入门级 | 生产级 |
|---|---|---|
| 实例规格 | 1核2GB | 2核4GB |
| 操作系统 | Ubuntu 22.04 | Ubuntu 22.04 |
| 系统盘 | 40GB SSD | 40GB SSD |
| 带宽 | 1Mbps | 3Mbps |
# 使用 SSH 密钥登录ssh -i /path/to/key.pem ubuntu@your-cvm-ip
# 或使用密码登录ssh ubuntu@your-cvm-ipsudo apt update && sudo apt upgrade -y
# 安装常用工具sudo apt install -y curl wget vim git ufw fail2ban htop# 启用 UFWsudo ufw enable
# 允许 SSHsudo ufw allow 22/tcp
# 允许 HTTP 和 HTTPSsudo ufw allow 80/tcpsudo ufw allow 443/tcp
# 查看状态sudo ufw status# 设置时区为中国上海sudo timedatectl set-timezone Asia/Shanghai安装 PocketBase
Section titled “安装 PocketBase”# 创建应用目录sudo mkdir -p /opt/pocketbasecd /opt/pocketbase
# 下载最新版本PB_VERSION=$(curl -s https://api.github.com/repos/pocketbase/pocketbase/releases/latest | grep 'tag_name' | cut -d\" -f4)wget https://github.com/pocketbase/pocketbase/releases/download/${PB_VERSION}/pocketbase_${PB_VERSION}_linux_amd64.zip
# 解压unzip pocketbase_${PB_VERSION}_linux_amd64.ziprm pocketbase_${PB_VERSION}_linux_amd64.zip
# 添加执行权限chmod +x pocketbase
# 测试运行./pocketbase serve配置 Systemd 服务
Section titled “配置 Systemd 服务”创建服务文件
Section titled “创建服务文件”sudo vim /etc/systemd/system/pocketbase.service[Unit]Description=PocketBase ServiceAfter=network.target
[Service]Type=simpleUser=ubuntuGroup=ubuntuWorkingDirectory=/opt/pocketbaseExecStart=/opt/pocketbase/pocketbase serve --http=127.0.0.1:8090Restart=alwaysRestartSec=5sStandardOutput=journalStandardError=journalSyslogIdentifier=pocketbase
# 安全加固NoNewPrivileges=truePrivateTmp=trueProtectSystem=strictProtectHome=trueReadWritePaths=/opt/pocketbase/pb_data
# 资源限制LimitNOFILE=65535MemoryLimit=512M
[Install]WantedBy=multi-user.target# 重新加载 systemdsudo systemctl daemon-reload
# 启用服务sudo systemctl enable pocketbase
# 启动服务sudo systemctl start pocketbase
# 查看状态sudo systemctl status pocketbase
# 查看日志sudo journalctl -u pocketbase -f配置 Nginx 反向代理
Section titled “配置 Nginx 反向代理”安装 Nginx
Section titled “安装 Nginx”sudo apt install nginx -y配置 SSL(使用 Certbot)
Section titled “配置 SSL(使用 Certbot)”# 安装 Certbotsudo apt install certbot python3-certbot-nginx -y
# 获取证书(替换为你的域名)sudo certbot --nginx -d your-domain.com -d www.your-domain.com
# 自动续期sudo certbot renew --dry-run配置 Nginx
Section titled “配置 Nginx”sudo vim /etc/nginx/sites-available/pocketbaseserver { listen 443 ssl http2; server_name your-domain.com www.your-domain.com;
# SSL 证书 ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# SSL 配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
# 安全头部 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff always; add_header X-Frame-Options SAMEORIGIN always; add_header X-XSS-Protection "1; mode=block" always;
# 文件上传大小 client_max_body_size 10M;
# 日志 access_log /var/log/nginx/pocketbase-access.log; error_log /var/log/nginx/pocketbase-error.log;
# 反向代理 location / { proxy_pass http://127.0.0.1:8090; proxy_http_version 1.1;
# WebSocket 支持 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
# 标准头部 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port;
# 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; }}
# HTTP 重定向到 HTTPSserver { listen 80; server_name your-domain.com www.your-domain.com; return 301 https://$server_name$request_uri;}# 创建符号链接sudo ln -s /etc/nginx/sites-available/pocketbase /etc/nginx/sites-enabled/
# 测试配置sudo nginx -t
# 重启 Nginxsudo systemctl restart nginx在腾讯云控制台配置安全组规则:
| 协议类型 | 端口范围 | 授权对象 | 描述 |
|---|---|---|---|
| SSH | 22/22 | 0.0.0.0/0 | 远程连接(建议限制 IP) |
| HTTP | 80/80 | 0.0.0.0/0 | Web 访问 |
| HTTPS | 443/443 | 0.0.0.0/0 | 安全 Web 访问 |
注意: 不要开放 8090 端口到公网。
腾讯云 COS 集成
Section titled “腾讯云 COS 集成”- 登录腾讯云控制台
- 进入对象存储 COS
- 创建存储桶,选择公有读私有写
- 记录存储桶名称和区域
获取访问密钥
Section titled “获取访问密钥”- 进入「访问管理」->「API 密钥管理」
- 创建密钥或使用现有密钥
- 记录 SecretId 和 SecretKey
配置 COS 存储
Section titled “配置 COS 存储”创建扩展配置:
package main
import ( "log"
"github.com/pocketbase/pocketbase" "github.com/pocketbase/pocketbase/plugins/s3storage")
func main() { app := pocketbase.New()
// 配置腾讯云 COS s3storage.Register(app, s3storage.Config{ AuthToken: "your_secret_id", AuthSecret: "your_secret_key", Bucket: "your-bucket-1234567890", Region: "ap-guangzhou", Endpoint: "https://cos.ap-guangzhou.myqcloud.com", ForcePathStyle: false, })
if err := app.Start(); err != nil { log.Fatal(err) }}环境变量配置
Section titled “环境变量配置”COS_SECRET_ID=your_secret_idCOS_SECRET_KEY=your_secret_keyCOS_BUCKET=your-bucket-1234567890COS_REGION=ap-guangzhou// 使用环境变量import "os"
s3storage.Register(app, s3storage.Config{ AuthToken: os.Getenv("COS_SECRET_ID"), AuthSecret: os.Getenv("COS_SECRET_KEY"), Bucket: os.Getenv("COS_BUCKET"), Region: os.Getenv("COS_REGION"), Endpoint: "https://cos." + os.Getenv("COS_REGION") + ".myqcloud.com",})备份到 COS
Section titled “备份到 COS”#!/bin/bashBACKUP_DATE=$(date +%Y%m%d_%H%M%S)BACKUP_FILE="pocketbase_backup_${BACKUP_DATE}.tar.gz"PB_DATA_DIR="/opt/pocketbase/pb_data"COS_BUCKET="cos://your-bucket/backups"
# 安装 COSCLIwget https://github.com/tencentyun/coscli/releases/download/v0.11.0-beta/coscli-linux -O /usr/local/bin/cosclichmod +x /usr/local/bin/coscli
# 配置 COSCLIcoscli config init
# 创建备份tar -czf /tmp/${BACKUP_FILE} -C ${PB_DATA_DIR} .
# 上传到 COScoscli cp /tmp/${BACKUP_FILE} ${COS_BUCKET}/${BACKUP_FILE}
# 清理本地临时文件rm /tmp/${BACKUP_FILE}
echo "Backup completed: ${BACKUP_FILE}"# 添加到 crontabcrontab -e
# 每天凌晨 3 点备份0 3 * * * /opt/scripts/backup-to-cos.sh >> /var/log/pb-backup.log 2>&1使用云数据库备份
Section titled “使用云数据库备份”腾讯云提供自动备份功能:
- 进入云服务器控制台
- 选择「备份」->「创建备份」
- 设置自动备份策略(如每天凌晨 2 点)
启用 BBR
Section titled “启用 BBR”echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.confecho "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.confsudo sysctl -p调整文件描述符限制
Section titled “调整文件描述符限制”sudo vim /etc/security/limits.conf
# 添加以下内容* soft nofile 65535* hard nofile 65535腾讯云云监控
Section titled “腾讯云云监控”- 在 CVM 控制台启用云监控
- 安装监控插件:
sudo apt install tencent-cloud-monitor -ysudo systemctl start stargatesudo systemctl enable stargate自定义监控脚本
Section titled “自定义监控脚本”#!/bin/bash# 检查 PocketBase 服务状态if ! systemctl is-active --quiet pocketbase; then echo "PocketBase is not running!" systemctl restart pocketbasefi
# 检查磁盘空间DISK_USAGE=$(df -h /opt/pocketbase | awk 'NR==2 {print $5}' | sed 's/%//')if [ $DISK_USAGE -gt 80 ]; then echo "Disk usage is ${DISK_USAGE}%"fiQ: 域名解析如何配置?
Section titled “Q: 域名解析如何配置?”在腾讯云 DNS 控制台:
- 添加 A 记录
- 主机记录:
@和www - 记录值:你的 CVM 公网 IP
Q: 如何更新 PocketBase?
Section titled “Q: 如何更新 PocketBase?”sudo systemctl stop pocketbasecd /opt/pocketbasecp -r pb_data pb_data.backupPB_VERSION=$(curl -s https://api.github.com/repos/pocketbase/pocketbase/releases/latest | grep 'tag_name' | cut -d\" -f4)wget https://github.com/pocketbase/pocketbase/releases/download/${PB_VERSION}/pocketbase_${PB_VERSION}_linux_amd64.zipunzip -o pocketbase_${PB_VERSION}_linux_amd64.ziprm pocketbase_${PB_VERSION}_linux_amd64.zipsudo systemctl start pocketbaseQ: 如何查看日志?
Section titled “Q: 如何查看日志?”# PocketBase 日志sudo journalctl -u pocketbase -f
# Nginx 日志sudo tail -f /var/log/nginx/pocketbase-access.logsudo tail -f /var/log/nginx/pocketbase-error.logQ: 内存不足如何处理?
Section titled “Q: 内存不足如何处理?”# 创建 2GB Swapsudo fallocate -l 2G /swapfilesudo chmod 600 /swapfilesudo mkswap /swapfilesudo swapon /swapfileecho '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab