robin/waf-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
e9093baffb0481f2e3d2565db6435962f5de693b
waf-platform/deploy/clickhouse/README.md
robin e9093baffb 引入lumberjack和fluentbit自动分发
2026-02-13 22:36:17 +08:00

112 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ClickHouse + Fluent Bit 使用手册Ubuntu 22.04 / Amazon Linux 2023
## 1. 支持范围
- Ubuntu 22.04
- Amazon Linux 2023AWS
安装脚本:`install_clickhouse_linux.sh`(自动识别上述系统)。
## 2. 安装 ClickHouse
```bash
cd /path/to/waf-platform/deploy/clickhouse
chmod +x install_clickhouse_linux.sh
sudo ./install_clickhouse_linux.sh
```
可选:安装时初始化 `default` 用户密码:
```bash
sudo CLICKHOUSE_DEFAULT_PASSWORD='YourStrongPassword' ./install_clickhouse_linux.sh
```
## 3. 开启 HTTPS默认仅 crt+key
脚本默认生成 `server.crt + server.key`(带 SAN并启用 8443
```bash
cd /path/to/waf-platform/deploy/clickhouse
chmod +x configure_clickhouse_https.sh
sudo CH_HTTPS_PORT=8443 \
CH_CERT_CN=clickhouse.example.com \
CH_CERT_DNS=clickhouse.example.com \
CH_CERT_IP=<CLICKHOUSE_IP> \
./configure_clickhouse_https.sh
```
使用已有证书:
```bash
sudo SRC_CERT=/path/to/server.crt \
SRC_KEY=/path/to/server.key \
CH_HTTPS_PORT=8443 \
./configure_clickhouse_https.sh
```
## 4. 初始化日志表(含优化)
```bash
cd /path/to/waf-platform/deploy/clickhouse
chmod +x init_waf_logs_tables.sh
sudo CH_HOST=127.0.0.1 \
CH_PORT=9000 \
CH_USER=default \
CH_PASSWORD='YourStrongPassword' \
CH_DATABASE=default \
./init_waf_logs_tables.sh
```
说明:
- `init_waf_logs_tables.sql` 已内置主要优化(`CODEC``LowCardinality`、跳数索引)。
- `optimize_schema.sql` 主要用于历史表补齐优化,不是首次建表必需步骤。
## 5. 平台侧配置EdgeAdmin
在 ClickHouse 设置页配置:
- HostClickHouse 地址
- Port`8443`
- Database`default`
- Scheme`https`
当前实现说明:
- 前端不再提供 `TLS跳过校验``TLS Server Name` 配置项。
- 后端固定 `TLSSkipVerify=true`(默认不校验证书)。
保存后点击“测试连接”。
## 6. Fluent Bit 配置方式
推荐平台托管模式(在线安装/升级 Node、DNS 时自动下发):
- `/etc/fluent-bit/fluent-bit.conf`
- `/etc/fluent-bit/.edge-managed.env`
- `/etc/fluent-bit/.edge-managed.json`
检查状态:
```bash
sudo systemctl status fluent-bit --no-pager
sudo cat /etc/fluent-bit/.edge-managed.json
```
## 7. 验证与排障
查看 Fluent Bit 日志:
```bash
sudo journalctl -u fluent-bit -f
```
查看写入:
```sql
SELECT count() FROM default.logs_ingest;
SELECT count() FROM default.dns_logs_ingest;
```
常见错误:
- `connection refused`8443 未监听或网络未放行。
- `legacy Common Name`:证书缺 SAN需重签。
Reference in New Issue View Git Blame Copy Permalink