
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
该容器提供ESET PROTECT的Server组件。Web控制台组件请参见https://hub.docker.com/r/esetnederland/eset-protect-console%E9%A1%B5%E9%9D%A2%E3%80%82%E6%BA%90%E4%BB%A3%E7%A0%81%E5%8F%AF%E5%9C%A8https://github.com/UnauthorizedAccessBV/ESET-Protect-Docker-Server%E8%8E%B7%E5%8F%96%E3%80%82
首先,创建数据库容器:
shelldocker run --name docker.xuanyuan.run/mysql -e MYSQL_ROOT_PASSWORD=eraadmin -d mysql \ --default-authentication-plugin=mysql_native_password \ --innodb-log-file-size=100M \ --innodb-log-files-in-group=2 \ --max-allowed-packet=30M \ --bind-address=* \ --log_bin_trust_function_creators=1
然后,创建服务器容器:
shelldocker run --name eset-protect-server --link mysql --rm --tty --interactive --publish 2222:2222 --env DB_ADMIN_USERNAME=root --env DB_ADMIN_PASSWORD=eraadmin docker.xuanyuan.run/esetnederland/eset-protect-server
可选地,创建控制台容器:
shelldocker run --rm --tty --interactive --publish 8080:8080 --link eset-protect-server docker.xuanyuan.run/esetnederland/eset-protect-console
将以下内容复制到名为docker-compose.yml的文件中:
yamlversion: '3' services: mysql: image: docker.xuanyuan.run/mysql:8.0.17 command: | --default-authentication-plugin=mysql_native_password --innodb-log-file-size=100M --innodb-log-files-in-group=2 --max-allowed-packet=30M --bind-address=* --log_bin_trust_function_creators=1 restart: unless-stopped environment: - MYSQL_ROOT_USER=root - MYSQL_ROOT_PASSWORD=eraadmin volumes: - mysql:/var/lib/mysql eset-protect-server: image: docker.xuanyuan.run/esetnederland/eset-protect-server depends_on: - mysql restart: unless-stopped environment: - DB_ADMIN_USERNAME=root - DB_ADMIN_PASSWORD=eraadmin volumes: - eset-protect-server-config:/config - eset-protect-server-data:/data - eset-protect-server-logs:/logs ports: - 2222:2222 eset-protect-console: image: docker.xuanyuan.run/esetnederland/eset-protect-console depends_on: - eset-protect-server restart: unless-stopped volumes: - eset-protect-console:/config ports: - 8080:8080 volumes: mysql: eset-protect-server-config: eset-protect-server-data: eset-protect-server-logs: eset-protect-console:
然后运行:
shelldocker-compose up
现在可通过浏览器访问http://127.0.0.1:8080,使用凭据Administrator / eraadmin登录。
可通过以下环境变量进行配置:
| 变量名称 |
|---|
| AD_CDN_INCLUDE |
| AD_SERVER |
| AD_USER_NAME |
| AD_USER_PASSWORD |
| CERT_AUTH_COMMON_NAME |
| CERT_AUTH_PASSWORD |
| CERT_AUTH_PATH |
| CERT_COUNTRY |
| CERT_HOSTNAME |
| CERT_LOCALITY |
| CERT_ORGANIZATION |
| CERT_ORGANIZATIONAL_UNIT |
| CERT_STATE |
| CERT_VALIDITY |
| CERT_VALIDITY_UNIT |
| CONSOLE_PORT |
| DB_ADMIN_PASSWORD |
| DB_ADMIN_USERNAME |
| DB_DRIVER |
| DB_HOSTNAME |
| DB_NAME |
| DB_PORT |
| DB_TYPE |
| DB_USER_PASSWORD |
| DB_USER_USERNAME |
| DISABLE_IMP_PROGRAM |
| ENABLE_IMP_PROGRAM |
| LICENSE_KEY |
| LOCALE |
| PEER_CERT_PASSWORD |
| PRODUCT_GUID |
| SERVER_CERT_PASSWORD |
| SERVER_CERT_PATH |
| SERVER_PORT |
| SERVER_ROOT_PASSWORD |
| SKIP_CERT |
同样的设置也可通过以下Docker Secrets配置:
| 变量名称 |
|---|
| ad-cdn-include |
| ad-server |
| ad-user-name |
| ad-user-password |
| cert-auth-common-name |
| cert-auth-password |
| cert-auth-path |
| cert-country |
| cert-hostname |
| cert-locality |
| cert-organization |
| cert-organizational-unit |
| cert-state |
| cert-validity |
| cert-validity-unit |
| console-port |
| db-admin-password |
| db-admin-username |
| db-driver |
| db-hostname |
| db-name |
| db-port |
| db-type |
| db-user-password |
| db-user-username |
| disable-imp-program |
| enable-imp-program |
| license-key |
| locale |
| peer-cert-password |
| product-guid |
| server-cert-password |
| server-cert-path |
| server-port |
| server-root-password |
| skip-cert |
该容器使用以下卷:
以下Compose文件使用现有数据库部署服务栈,并以Traefik作为反向代理:
shell# 通用设置 HOSTNAME=esetprotect.domain.nl # Let's Encrypt设置 ACME_EMAIL=user@domain.nl # 密码 SERVER_ROOT_PASSWORD=eraadmin CERT_AUTH_PASSWORD=eraadmin # 证书设置 CERT_AUTH_COMMON_NAME=ESET Protect Server Certification Authority CERT_COUNTRY=NL CERT_LOCALITY=Sliedrecht CERT_ORGANIZATION=ESET Nederland CERT_ORGANIZATIONAL_UNIT=IT CERT_STATE=ZH # 数据库设置 DB_HOSTNAME=db.domain.nl DB_PORT=3306 DB_NAME=era_db DB_USER_USERNAME=era_db_user DB_USER_PASSWORD=eraadmin # 控制台设置 HSTS_ENABLE=true REMOTE_ADDRESS_SOURCE=x-forwarded-for-last
yamlversion: '3' services: traefik: image: docker.xuanyuan.run/traefik:2.2 restart: unless-stopped command: #- --api.insecure=true # 取消注释以在8080端口启用仪表盘 - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.http.address=:80 - --entrypoints.https.address=:443 - --entrypoints.em-agent.address=:2222 - --certificatesResolvers.le.acme.email=${ACME_EMAIL} - --certificatesResolvers.le.acme.httpChallenge.entryPoint=http - --certificatesResolvers.le.acme.storage=/etc/traefik/acme.json #- --providers.file.directory=/etc/traefik/dynamic # 取消注释以使用动态配置 ports: - 80:80 - 443:443 - 2222:2222 - 8080:8080 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - traefik:/etc/traefik eset-protect-server: image: docker.xuanyuan.run/esetnederland/eset-protect-server:latest restart: unless-stopped environment: - CERT_AUTH_COMMON_NAME=${CERT_AUTH_COMMON_NAME} - CERT_AUTH_PASSWORD=${CERT_AUTH_PASSWORD} - CERT_COUNTRY=${CERT_COUNTRY} - CERT_HOSTNAME=${HOSTNAME} - CERT_LOCALITY=${CERT_LOCALITY} - CERT_ORGANIZATION=${CERT_ORGANIZATION} - CERT_ORGANIZATIONAL_UNIT=${CERT_ORGANIZATIONAL_UNIT} - CERT_STATE=${CERT_STATE} - DB_HOSTNAME=${DB_HOSTNAME} - DB_PORT=${DB_PORT} - DB_NAME=${DB_NAME} - DB_USER_USERNAME=${DB_USER_USERNAME} - DB_USER_PASSWORD=${DB_USER_PASSWORD} - SERVER_ROOT_PASSWORD=${SERVER_ROOT_PASSWORD} volumes: - eset-protect-server-config:/config - eset-protect-server-data:/data - eset-protect-server-logs:/logs labels: - traefik.enable=true - traefik.tcp.routers.em-agent.rule=HostSNI(`*`) - traefik.tcp.routers.em-agent.entrypoints=em-agent - traefik.tcp.routers.em-agent.service=em-agent - traefik.tcp.routers.em-agent.tls=true - traefik.tcp.routers.em-agent.tls.passthrough=true - traefik.tcp.services.em-agent.loadbalancer.server.port=2222 eset-protect-console: image: docker.xuanyuan.run/esetnederland/eset-protect-console:latest restart: unless-stopped environment: - HSTS_ENABLE=${HSTS_ENABLE} - REMOTE_ADDRESS_SOURCE=${REMOTE_ADDRESS_SOURCE} volumes: - eset-protect-console:/config labels: - traefik.enable=true - traefik.http.routers.eset-protect-console.rule=Host(`${HOSTNAME}`) - traefik.http.routers.eset-protect-console.entrypoints=http - traefik.http.routers.eset-protect-console.middlewares=eset-protect-console-redirect - traefik.http.routers.eset-protect-console-secure.rule=Host(`${HOSTNAME}`) - traefik.http.routers.eset-protect-console-secure.entrypoints=https - traefik.http.routers.eset-protect-console-secure.tls=true - traefik.http.routers.eset-protect-console-secure.tls.certresolver=le # - traefik.http.routers.eset-protect-console-secure.tls.options=intermediate@file # 取消注释以使用中级SSL配置,需动态配置文件 - traefik.http.routers.eset-protect-console-secure.middlewares=eset-protect-console-secure-headers,eset-protect-console-secure-redirect - traefik.http.middlewares.eset-protect-console-redirect.redirectscheme.scheme=https - traefik.http.middlewares.eset-protect-console-secure-headers.headers.customFrameOptionsValue=SAMEORIGIN - traefik.http.middlewares.eset-protect-console-secure-headers.headers.sslredirect=true - traefik.http.middlewares.eset-protect-console-secure-headers.headers.stsSeconds=63072000 - traefik.http.middlewares.eset-protect-console-secure-redirect.redirectregex.regex=^(https:\/\/[^:\/]+(:\\d+)?)\/$ - traefik.http.middlewares.eset-protect-console-secure-redirect.redirectregex.replacement=${1}/era/webconsole/ - traefik.http.middlewares.eset-protect-console-secure-redirect.redirectregex.permanent=true volumes: traefik: eset-protect-server-config: eset-protect-server-data: eset-protect-server-logs: eset-protect-console:
若需在Qualys SSL服务器测试中获得A级评分,取消上述配置中“动态配置”和“中级SSL”相关行的注释,并将以下内容写入/etc/traefik/dynamic/ssl.toml(或直接写入其卷):
toml[tls.options] [tls.options.modern] minVersion = "VersionTLS13" [tls.options.intermediate] minVersion = "VersionTLS12" cipherSuites = [ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" ] [tls.options.default] minVersion = "VersionTLS12"
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务