安装部署
本文档详细介绍 IPAM 系统的各种安装部署方式。
系统要求
最低配置
| 组件 | 要求 |
|---|---|
| CPU | 2核 |
| 内存 | 4GB |
| 磁盘 | 20GB |
| 网络 | 内网访问 |
推荐配置
| 组件 | 要求 |
|---|---|
| CPU | 4核+ |
| 内存 | 8GB+ |
| 磁盘 | 50GB+ SSD |
| 网络 | 千兆以太网 |
部署方式
1. 二进制部署
构建后端
bash
# 克隆代码
git clone https://gitee.com/liumou_site/ipam-go.git
cd ipam-go
# 构建 Linux 版本
GOOS=linux GOARCH=amd64 go build -o ipam-server main.go
# 构建 Windows 版本
GOOS=windows GOARCH=amd64 go build -o ipam-server.exe main.go构建前端
bash
cd frontend
pnpm install
pnpm build部署目录结构
/opt/ipam/
├── ipam-server # 后端可执行文件
├── config.toml # 配置文件
├── frontend/
│ └── dist/ # 前端构建产物
└── logs/ # 日志目录2. Docker 部署
Dockerfile
dockerfile
FROM golang:1.25-alpine AS builder
WORKDIR /app
COPY . .
RUN go mod tidy && go build -o ipam-server main.go
FROM node:25-alpine AS frontend-builder
WORKDIR /app
COPY frontend/ .
RUN npm install -g pnpm && pnpm install && pnpm build
FROM alpine:latest
RUN apk add --no-cache ca-certificates
WORKDIR /app
COPY --from=builder /app/ipam-server .
COPY --from=frontend-builder /app/dist ./frontend/dist
EXPOSE 8080
CMD ["./ipam-server"]Docker Compose
yaml
version: '3.8'
services:
db:
image: mariadb:10.11
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASE: ipam
MYSQL_USER: ipam_user
MYSQL_PASSWORD: ipam_password
volumes:
- db_data:/var/lib/mysql
networks:
- ipam-network
app:
build: .
ports:
- "8080:8080"
volumes:
- ./config.toml:/app/config.toml
- ./logs:/app/logs
depends_on:
- db
networks:
- ipam-network
volumes:
db_data:
networks:
ipam-network:
driver: bridge3. systemd 服务部署
创建服务文件
bash
sudo tee /etc/systemd/system/ipam.service > /dev/null <<EOF
[Unit]
Description=IPAM Server
After=network.target mysql.service
[Service]
Type=simple
User=ipam
Group=ipam
WorkingDirectory=/opt/ipam
ExecStart=/opt/ipam/ipam-server
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
EOF启动服务
bash
# 创建用户
sudo useradd -r -s /bin/false ipam
# 设置权限
sudo chown -R ipam:ipam /opt/ipam
# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable ipam
sudo systemctl start ipam
# 查看状态
sudo systemctl status ipamNginx 反向代理
配置示例
nginx
server {
listen 80;
server_name ipam.example.com;
# 重定向到 HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name ipam.example.com;
# SSL 证书
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# 前端静态文件
location / {
root /opt/ipam/frontend/dist;
try_files $uri $uri/ /index.html;
expires 1d;
}
# API 代理
location /api {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}数据库配置
MySQL/MariaDB
sql
-- 创建数据库
CREATE DATABASE ipam CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-- 创建用户
CREATE USER 'ipam_user'@'%' IDENTIFIED BY 'strong_password';
-- 授权
GRANT ALL PRIVILEGES ON ipam.* TO 'ipam_user'@'%';
FLUSH PRIVILEGES;性能优化
ini
# my.cnf
[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
max_connections=200
innodb_buffer_pool_size=512M
innodb_log_file_size=128M
query_cache_type=1
query_cache_size=64M备份策略
自动备份脚本
bash
#!/bin/bash
# backup.sh
BACKUP_DIR="/backup/ipam"
DATE=$(date +%Y%m%d_%H%M%S)
DB_NAME="ipam"
DB_USER="ipam_user"
DB_PASS="password"
# 创建备份目录
mkdir -p $BACKUP_DIR
# 备份数据库
mysqldump -u$DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DIR/ipam_db_$DATE.sql
# 备份配置文件
tar czf $BACKUP_DIR/ipam_config_$DATE.tar.gz /opt/ipam/config.toml
# 保留最近 30 天的备份
find $BACKUP_DIR -name "*.sql" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete定时任务
bash
# 每天凌晨 2 点执行备份
0 2 * * * /opt/ipam/backup.sh >> /var/log/ipam_backup.log 2>&1监控与日志
日志配置
toml
[log]
level = "info"
format = "json"
output = "file"
filename = "logs/ipam.log"
max_size = 100
max_backups = 10
max_age = 30日志轮转
bash
# /etc/logrotate.d/ipam
/opt/ipam/logs/*.log {
daily
rotate 30
compress
delaycompress
missingok
notifempty
create 0644 ipam ipam
}安全建议
- 修改默认密码:首次登录后立即修改所有默认账户密码
- 使用 HTTPS:生产环境必须使用 HTTPS
- 防火墙配置:仅开放必要的端口
- 定期更新:及时更新系统和依赖
- 访问控制:限制管理后台访问IP
- 审计日志:启用操作审计功能
故障排查
服务无法启动
bash
# 检查日志
journalctl -u ipam -f
# 检查端口占用
netstat -tlnp | grep 8080
# 检查配置文件
cat /opt/ipam/config.toml数据库连接失败
bash
# 测试数据库连接
mysql -u ipam_user -p -h localhost ipam
# 检查数据库服务
systemctl status mysql