以Centos7为例。由于系统是新购买的,所以这里(未使用docker)进行了ssh端口修改,防火墙配置,磁盘挂载,创建用户,JDK,Mysql,Redis,Nginx等安装。
一、磁盘挂载
[root@iZuf69k182ad10go3ll24pZ ~]# fdisk -l //查看磁盘信息
[root@iZuf69k182ad10go3ll24pZ ~]# fdisk /dev/sdb //开始格式化 a). n //表示设定新的硬盘分割区 b). p //表示设置的是主要分割区 c). 1 //或者回车默认选择1 d). 2048 //或者回车默认 e). 回车默认 f). w //保存
[root@iZuf69k182ad10go3ll24pZ ~]# fdisk -l //查看刚分配的盘符,如/dev/sdb1
[root@iZuf69k182ad10go3ll24pZ ~]# mkfs -t ext4 /dev/sdb1 //格式化, 这里指定文件类型为ext4, 默认ext2,比较不建议
[root@iZuf69k182ad10go3ll24pZ ~]# mkdir /data/svdb //创建要挂载目录 [root@iZuf69k182ad10go3ll24pZ ~]# mount /dev/sdb1 /data/svdb //挂载 [root@iZuf69k182ad10go3ll24pZ ~]# df -HT //查看挂载情况
二、修改SSH端口
[root@iZuf69k182ad10go3ll24pZ ~]# vim /etc/ssh/sshd_config //修改配置
端口添加完,wq!保存退出。建议22端口先留着,等新端口测试通过之后再屏蔽。
[root@iZuf69k182ad10go3ll24pZ ~]# systemctl restart sshd.service //重启
三、防火墙配置
[root@iZuf69k182ad10go3ll24pZ ~]# firewall-cmd --state //查看防火墙状态
[root@iZuf69k182ad10go3ll24pZ ~]# systemctl start firewalld //开启防火墙,如果已开启,忽略这一步
[root@iZuf69k182ad10go3ll24pZ ~]# systemctl enable firewalld //设置开机自启
[root@iZuf69k182ad10go3ll24pZ ~]# firewall-cmd --zone=public --permanent --add-port=22212/tcp //开启ssh新添加的22212端口
[root@iZuf69k182ad10go3ll24pZ ~]# systemctl restart firewalld //重启防火墙
[root@iZuf69k182ad10go3ll24pZ ~]# firewall-cmd --list-ports //查看防火墙开放端口
服务器安全组端口记得也要放行。
四、添加用户
[root@iZuf69k182ad10go3ll24pZ ~]# useradd -d /data/svdb/kuria -m kuria //添加用户名为kuria的用户,并指定访问根目录为/data/svdb/kuria
[root@iZuf69k182ad10go3ll24pZ ~]# passwd kuria //设置密码
[root@iZuf69k182ad10go3ll24pZ ~]# chown -R kuria:kuria /data/svdb/kuria //文件夹授权
[root@iZuf69k182ad10go3ll24pZ ~]# chmod 760 /data/svdb/kuria //用户授760权限
五、安装JDK
[root@iZuf69k182ad10go3ll24pZ ~]# rpm -qa | grep java //查看已安装的jdk
[root@iZuf69k182ad10go3ll24pZ ~]# rpm -e --nodeps java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64 //如果系统默认安装了openJDK,将其卸载。如果没有则忽略此步
SFTP上传jdk包,或者通过wget下载。
[root@iZuf69k182ad10go3ll24pZ software]# tar -zxvf jdk-8u131-linux-x64.tar.gz //解压
[root@iZuf69k182ad10go3ll24pZ software]# vim /etc/profile //配置环境变量
[root@iZuf69k182ad10go3ll24pZ software]# source /etc/profile //环境变量生效
[root@iZuf69k182ad10go3ll24pZ software]# java -version //查看版本 java version "1.8.0_131" Java(TM) SE Runtime Environment (build 1.8.0_131-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
六、安装Mysql 5.7
卸载centos7自带的mariadb
[mysql@iZuf69k182ad10go3ll24pZ ~]$ rpm -qa | grep mariadb mariadb-libs-5.5.60-1.el7_5.x86_64 [mysql@iZuf69k182ad10go3ll24pZ ~]$ rpm -e mariadb-libs-5.5.60-1.el7_5.x86_64 --nodeps
下载mysql官方Yum Repository
[mysql@iZuf69k182ad10go3ll24pZ ~]$ wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
使用yum安装
[mysql@iZuf69k182ad10go3ll24pZ ~]$ yum -y install mysql57-community-release-el7-10.noarch.rpm
查看mysql源是否安装成功,如下就是成功了
[root@iZuf69k182ad10go3ll24pZ mysql]# yum repolist enabled | grep "mysql.*-com*" mysql-connectors-community/x86_64 MySQL Connectors Community 153 mysql-tools-community/x86_64 MySQL Tools Community 110 mysql57-community/x86_64 MySQL 5.7 Community Server 424
这里可以修改默认安装的版本
[root@iZuf69k182ad10go3ll24pZ mysql]# vim /etc/yum.repos.d/mysql-community.repo
如图,默认安装的版本设置enabled=1,其他设置为0即可,这里默认安装5.7,配置不改。
接下来,安装mysql服务
[root@iZuf69k182ad10go3ll24pZ mysql]# yum install mysql-community-server
启动Mysql
[root@iZuf69k182ad10go3ll24pZ mysql]# systemctl start mysqld.service //启动mysql [root@iZuf69k182ad10go3ll24pZ mysql]# systemctl status mysqld.service //查看状态 ● mysqld.service - MySQL Server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2020-06-09 09:41:39 CST; 12s ago Docs: man:mysqld(8) http://dev.mysql.com/doc/refman/en/using-systemd.html Process: 13302 ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid $MYSQLD_OPTS (code=exited, status=0/SUCCESS) Process: 13252 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS) Main PID: 13306 (mysqld) CGroup: /system.slice/mysqld.service └─13306 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid Jun 09 09:41:35 iZuf69k182ad10go3ll24pZ systemd[1]: Starting MySQL Server... Jun 09 09:41:39 iZuf69k182ad10go3ll24pZ systemd[1]: Started MySQL Server.
开机自启
[root@iZuf69k182ad10go3ll24pZ mysql]# systemctl enable mysqld [root@iZuf69k182ad10go3ll24pZ mysql]# systemctl daemon-reload
安装完后,会默认生成一个root密码,存储路径为:/var/log/mysqld.log。通过以下命令查看root密码
[root@iZuf69k182ad10go3ll24pZ mysql]# grep 'temporary password' /var/log/mysqld.log 2020-06-09T01:41:37.293069Z 1 [Note] A temporary password is generated for root@localhost: 7#fTVZgkr1e4
进入mysql,修改默认密码。
注:由于Mysql5.7默认安装了密码安全检查插件,这里设置的新密码必须含有大小写和特殊符号,不然会提示密码过于简单。还有这里的alert user命令需要使用大写。
[root@iZuf69k182ad10go3ll24pZ mysql]# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.30 Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'new passwd'; Query OK, 0 rows affected (0.00 sec) mysql>
修改mysql端口,添加port=3313,lower_case_table_names=1忽略大小写,以及更改mysql目录。开放新端口,防火墙也需要配置。
[root@iZuf69k182ad10go3ll24pZ mysql]# systemctl stop mysqld.service //关闭数据库 [root@iZuf69k182ad10go3ll24pZ mysql]# vim /etc/my.cnf [mysqld] port=3313 lower_case_table_names=1 character-set-server=utf8 max_connections=200 basedir=/data/xvdb/mysql/mysql_data datadir=/data/xvdb/mysql/mysql_data/data socket=/data/xvdb/mysql/mysql_data/data/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 log-error=/data/xvdb/mysql/mysql_data/mysqld.log pid-file=/var/run/mysqld/mysqld.pid sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
修改mysql目录
[root@iZuf69k182ad10go3ll24pZ mysql]# mkdir /data/xvdb/mysql/mysql_data //新建文件夹 [root@iZuf69k182ad10go3ll24pZ mysql]# chmod 777 /data/xvdb/mysql/mysql_data //授权 [root@iZuf69k182ad10go3ll24pZ mysql]# rm -fr /data/xvdb/mysql/mysql_data/ [root@iZuf69k182ad10go3ll24pZ mysql]# cp -R /var/lib/mysql /data/xvdb/mysql/mysql_data //拷贝原有数据文件到新目录 [root@iZuf69k182ad10go3ll24pZ mysql]# mv /var/lib/mysql /var/lib/mysql_bak //备份原有数据文件 [root@iZuf69k182ad10go3ll24pZ mysql]# chown -R mysql:mysql /data/xvdb/mysql/mysql_data/ [root@iZuf69k182ad10go3ll24pZ mysql]# vim /etc/my.cnf
重启Mysql.
为了安全,这里Mysql不对外进行开放, 将使用堡垒机访问。如果要远程可以访问,最好新建远程账户:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'kuria'@'%' IDENTIFIED BY 'Kuria123312%' WITH GRANT OPTION;
隧道配置两种方式:
1、借助于Xshell:
2、使用navicat:
最后navicat连接信息:
七、安装Redis
[root@iZuf69k182ad10go3ll24pZ software]# wget http://download.redis.io/releases/redis-5.0.7.tar.gz //下载redis包 [root@iZuf69k182ad10go3ll24pZ software]# tar -zxvf redis-5.0.7.tar.gz //解压 [root@iZuf69k182ad10go3ll24pZ software]# cd redis-5.0.7 [root@iZuf69k182ad10go3ll24pZ redis-5.0.7]# make MALLOC=libc //编译 [root@iZuf69k182ad10go3ll24pZ redis-5.0.7]# make install //安装,这里默认安装到/usr/local/bin目录下,建立软连接到统一redis目录 [root@iZuf69k182ad10go3ll24pZ redis-5.0.7]# mkdir sbin [root@iZuf69k182ad10go3ll24pZ redis-5.0.7]# ln -s /usr/local/bin/redis-* ./sbin/ [root@iZuf69k182ad10go3ll24pZ sbin]# ./redis-server ../redis.conf
redis配置修改
#这里开启,默认只能本机连接,如果要外部可以连接,这里注释,或者改成0.0.0.0 bind 127.0.0.1 #修改端口 port 6379 #no改为yes daemonize yes #这里注释打开,配置密码。默认没有密码 requirepass 123456 #这里notify-keyspace-events ''改为notify-keyspace-events Ex, 开启key过期事件监听 notify-keyspace-events Ex
八、Nginx安装
[root@iZuf69k182ad10go3ll24pZ conf]# wget http://nginx.org/download/nginx-1.14.0.tar.gz //下载Nginx包 [root@iZuf69k182ad10go3ll24pZ conf]# yum install gcc-c++ [root@iZuf69k182ad10go3ll24pZ conf]# yum install -y pcre pcre-devel [root@iZuf69k182ad10go3ll24pZ conf]# yum install -y zlib zlib-devel [root@iZuf69k182ad10go3ll24pZ conf]# yum install -y openssl openssl-devel //安装依赖 [root@iZuf69k182ad10go3ll24pZ conf]# tar -zxvf nginx-1.14.0.tar.gz //解压 [root@iZuf69k182ad10go3ll24pZ conf]# cd nginx-1.14.0 [root@iZuf69k182ad10go3ll24pZ conf]# ./configure --prefix=/data/xvdb/nginx --with-http_stub_status_module --with-http_ssl_module && make && make install //编译安装,--prefix后为指定编译安装目录。默认为/usr/local/nginx. --with-http_ssl_module为添加ssl模块 [root@iZuf69k182ad10go3ll24pZ conf]# cd /data/xvdb/nginx/sbin [root@iZuf69k182ad10go3ll24pZ sbin]#./nginx -c ../conf/nginx.conf //指定配置文件启动nginx
nginx配置https:
server { listen 443 ssl; server_name mall.xxx.com; root html; index index.html index.htm; ssl_certificate /data/nginx/ssl/shop/4029788_mall.xxx.com.pem; ssl_certificate_key /data/nginx/ssl/shop/4029788_mall.xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /data/kuliya/kuria-ui; index /index.html; try_files $uri $uri/ /index.html; } location /api { proxy_pass http://127.0.0.1:30002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /upload { root /data/kuliya/kuria; autoindex on; } }
完。