跳至主要內容

supervisor安装配置

游鹄君2026年3月12日大约 4 分钟linuxlinux

supervisor安装配置

安装

yum install -y supervisor
echo_supervisord_conf
echo_supervisord_conf > /etc/supervisord.conf

调整配置

[include]
files = /etc/supervisord.d/*.conf
[supervisord]
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisord.pid
user=root

注意需要确保

mkdir -p /var/run/

检查日志目录权限

ls -ld /var/log/supervisor

检查配置

supervisord -c /etc/supervisord.conf -n -e debug

启动

服务器宿主机

systemctl status supervisord
systemctl enable supervisord
systemctl start supervisord
systemctl restart supervisord

docker容器

后台启动

supervisord -c /etc/supervisord.conf
ps -ef|grep supervisor[d]

配置自启动

cat > /root/init.sh << EOF
#!/bin/bash
echo "[$(date)] 开始启动supervisor..." >> /root/init.log
/usr/bin/supervisord -n -c /etc/supervisord.conf >> /root/init.log 2>&1
echo "[$(date)] supervisor启动完成/退出" >> /root/init.log
EOF
cd && chmod +x ./init.sh

如果后续想把「自启 supervisord」写到 Dockerfile 里,推荐用 CMD 指令(Docker 官方推荐的容器入口方式):

# Dockerfile 最后加这行,容器启动时自动运行 supervisord
CMD ["supervisord", "-c", "/etc/supervisord.conf", "-n"]

supervisor 管理命令

提示

因为docker容器内systemctl无法使用

supervisorctl status
supervisorctl reread
supervisorctl update

提示

all 可以自行更换服务名称

supervisorctl stop all
supervisorctl start all
supervisorctl restart all

配置supervisor管理服务(示例)

提示

注意docker容器默认sshd是未启动的,想要开启需要配置秘钥,最好再配置root密码

前提

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
&& ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
&& ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
passwd root

docker中镜像默认没安装sshd服务端,所以需要安装一下

rpm -qa | grep openssh

如果输出里只有 openssh-clients,没有 openssh-server,那就是没装服务端

yum install -y openssh-server

修改sshd_config配置

#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
PermitRootLogin yes
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
PasswordAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
# problems.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

提示

注意为了安全考虑可以做如下配置

# 只允许特定 IP 开启这个认证
Match Address ip1 ip2
    ChallengeResponseAuthentication yes

测试配置

sshd -t
ssh root@127.0.0.1 -p 22

为生成私人秘钥做准备

cd ~/.ssh/
touch authorized_keys
chmod 600 authorized_keys
chmod 700 ~/.ssh

配置示例

/etc/supervisord.d/lnmp-service.conf

# 配置SSH服务
[program:sshd]
process_name=%(program_name)s_%(process_num)02d
command=/usr/sbin/sshd -D  # 前台运行,supervisord能管理
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/sshd.log
stderr_logfile=/var/log/supervisor/sshd.error.log
user=root

# 配置 Nginx 服务
[program:nginx]
process_name=%(program_name)s_%(process_num)02d
command=nginx -g "daemon off;"
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/nginx.log
stderr_logfile=/var/log/supervisor/nginx.error.log
user=root

# 配置 PHP-FPM 服务
[program:php-fpm]
process_name=%(program_name)s_%(process_num)02d
command=/usr/local/php/sbin/php-fpm -F 
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/php-fpm.log
stderr_logfile=/var/log/supervisor/php-fpm.error.log
user=root

# 配置 mysql 服务
[program:mysql]
process_name=%(program_name)s_%(process_num)02d
# 核心修改:用 mysqld 前台运行,替代 mysqld_safe 后台模式
command=/usr/local/mysql/bin/mysqld --user=mysql --datadir=/usr/local/mysql/var --pid-file=/usr/local/mysql/var/$(hostname).pid --console
autostart=true
autorestart=true
# 日志目录确保存在且有权限
stdout_logfile=/var/log/supervisor/mysql.log
stderr_logfile=/var/log/supervisor/mysql.error.log
# 确保日志文件权限正确
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=10
# 启动前等待(避免和其他服务冲突)
startsecs=10
# 失败后重试次数
startretries=3
user=root

docker操作详解

游鹄君的博客
Copyright © 2026 游鹄君