Update: 2019/09/21
系统版本 CentOS 7
服务器配置
安装常用软件
yum update
# 开发工具包
yum groupinstall -y "Development Tools"
yum install cmake ncurses-devel zlib* fiex* libxml* libmcrypt* libtool-ltdl-devel*
yum install openssl openssl-devel libcurl-devel libxslt libxslt-devel
yum install apr* autoconf automake bison bison-devel bzip2 bzip2* cloog-ppl cpp
yum install curl curl-devel fontconfig fontconfig-devel freetype freetype*
yum install freetype-devel gcc gcc-c++ gtk+-devel gd gettext gettext-devel
yum install glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel
yum install libcom_err-devel libpng libpng* libpng-devel libjpeg* libsepol-devel
yum install libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libX*
yum install libtiff libtiff* make mpfr ntp nasm nasm*
yum install patch pcre-devel perl yasm libmcrypt libmcrypt-devel
yum install policycoreutils ppl telnet t1lib t1lib* wget zlib-devel readline readline-devel
yum install libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libcurl
yum install mhash-devel bzip2 bzip2-devel readline-devel libedit-devel sqlite-devel gmp gmp-devel
# TAB补全增强工具
yum install bash-completion
# 拖拽上传文件
yum install lrzsz
关闭不用的服务
-
关闭 SELinux
/usr/sbin/sestatus -v #查看SELinux状态 getenforce #也可以用这个命令检查 setenforce 0 #临时关闭(不用重启机器) 0为permissive模式 1为enforcing模式 vi /etc/selinux/config #永久关闭,将SELINUX=enforcing改为SELINUX=disabled -
关闭防火墙
service iptables stop #停止服务 chkconfig iptables off #开机不再启动
更改 ssh 端口
不建议使用用户名+密码的方式登陆,容易被人扫描暴力破解
为了使用方便还是不设置密钥登陆,但是一定要更改下默认的 22 端口
# 更改配置项Port 8022
vi /etc/ssh/sshd_config
# 重启服务
service sshd restart
中文支持
# 查看系统拥有语言包,zh_CN.utf8是简体中文
locale -a
# 如果没有
yum install kde-l10n-Chinese
# 修改locale文件 LANG=zh_CN.UTF8
# 重启生效
vi /etc/locale.conf
Nginx
安装
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -zxvf nginx-1.14.2.tar.gz
cd nginx-1.14.2/
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
make
make install
configure 的过程可能会有下面的报错,安装好依赖就行了
the HTTP rewrite module requires the PCRE library
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz
tar -zxvf pcre-8.39.tar.gz
cd pcre-8.39
./configure
make
make install
the HTTP gzip module requires the zlib library
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make
make install
启动
# 启动
/usr/local/nginx/sbin/nginx
# 停止
/usr/local/nginx/sbin/nginx -s stop
# 更新配置
/usr/local/nginx/sbin/nginx -s reload
配置
配置文件/usr/local/nginx/conf/nginx.conf
# 禁止IP或其他域名直接访问
server {
listen 80 default;
server_name _;
types {
application/json *;
}
default_type application/json;
return 404 '{"status":404,"msg":"这里没有部署项目-_-|||"}';
}
# 静态内容
server {
listen 80;
server_name xxx.com;
location / {
root /www/xxx.com;
index index.html;
}
error_page 404 403 500 502 503 504 /404.html;
}
# 反向代理Tomcat
server {
listen 80;
server_name java.xxx.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
# 反向代理Tomcat单个应用
server {
listen 80;
server_name app1.xxx.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080/app1/;
}
location /app1 {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
# 反向代理PHP
server {
listen 80;
server_name php.xxx.com;
root /www/php.xxx.com/;
index index.html index.htm index.php;
# rewrite
location / {
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
# typecho 地址重写配置,显示不支持,强制开启就行了
location /typecho {
# 找不到时候重写成pathinfo
if (!-e $request_filename) {
rewrite ^/(.*)$ /typecho/index.php/$1 last;
break;
}
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#设置PATH_INFO,注意fastcgi_split_path_info已经自动改写了fastcgi_script_name变量
#后面不需要再改写SCRIPT_FILENAME,SCRIPT_NAME环境变量,所以必须在加载fastcgi.conf之前设置
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
#加载Nginx默认"服务器环境变量"配置
include fastcgi.conf;
}
}
Mysql
使用 RPM 方式安装,比较方便,不推荐编译安装
安装
wget https://repo.mysql.com//mysql57-community-release-el7-9.noarch.rpm
rpm -ivh mysql57-community-release-el7-9.noarch.rpm
yum install mysql-community-server
启动
systemctl start mysqld #启动 MySQL
systemctl stop mysqld #关闭 MySQL
systemctl restart mysqld #重启 MySQL
systemctl status mysqld #查看 MySQL 运行状态
systemctl enable mysqld #设置开机启动
systemctl disable mysqld #关闭开机启动
更改密码
启动后需要以 root 用户登入进去,然后更改密码,不然没有操作权限
# 获取默认的随机密码
grep 'temporary password' /var/log/mysqld.log
# 登陆
mysql -u root -p
# 允许设置简单密码,重启后改配置失效
set global validate_password_policy=0;
set global validate_password_length=4;
# 设置密码,由于安全策略,不要设置过于简单的密码
set password = password('Xxxxxxx');
# 新建root用户,允许远程访问,授予所有权限
grant all privileges on *.* to 'root'@'%' identified by '设置新用户密码';
flush privileges;
配置
配置编码为 utf8mb4,从而支持 emoji 表情
关闭密码强度校验插件
内存优化,由于内存较小,适当调整相关资源,关闭不需要的功能
配置文件位于/etc/my.cnf,追加如下内容
[client]
# 编码设置
default-character-set = utf8mb4
[mysql]
# 编码设置
default-character-set = utf8mb4
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
# 编码设置
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect='SET NAMES utf8mb4'
# 内存优化
performance_schema = OFF
performance_schema_max_table_instances = 600
table_definition_cache = 400
table_open_cache = 256
# 关闭密码校验插件
validate_password = OFF
配置信息查询
查看插件状态
show plugins;
查看启动后载入的配置信息
SHOW VARIABLES;
SHOW VARIABLES LIKE 'validate_password%';
JAVA
JDK 安装
官网有下载 rpm 包,这里下载的是 jdk-8u191-linux-x64.rpm
会安装到/usr/java/目录下
# 先查询是否已经安装了 openjdk,有就卸载
rpm -qa | grep java
# 本地下载然后上传到服务器
rpm -ivh jdk-8u191-linux-x64.rpm
环境变量配置
修改/etc/profile文件,后面追加如下内容
JAVA_HOME=/usr/java/jdk1.8.0_191-amd64
JRE_HOME=${JAVA_HOME}/jre
CLASSPATH=.:${JAVA_HOME}/lib:\${JRE_HOME}/lib
# PATH=${JAVA_HOME}/bin:$PATH
export JAVA_HOME JRE_HOME CLASSPATH
由于是 rpm 安装,${JAVA_HOME}/bin下的命令已经链接到了/usr/bin 下面,无需再设置PATH=${JAVA_HOME}/bin:$PATH
为了防止别的软件使用JAVA_HOME等化境变量,这个我们定义然后导出下就行了
修改完后 source 下立即生效
source /etc/profile
Tomcat 安装
直接去官方下载 zip 包,装好 Java 环境后直接就启动了
wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.41/bin/apache-tomcat-8.5.41.tar.gz
tar -zxvf apache-tomcat-8.5.41.tar.gz
mkdir -p /usr/local/tomcat
mv apache-tomcat-8.5.41 /usr/local/tomcat/
追加启动命令到/etc/rc.d/rc.local,方便开机自启
/usr/local/tomcat/apache-tomcat-8.5.41/bin/startup.sh
解决 centos7 没有足够的熵来用于产生随机数,导致 tomcat 启动超级慢
vim $JAVA_HOME/jre/lib/security/java.security
securerandom.source=file:/dev/random
# 改为
securerandom.source=file:/dev/urandom
启动 manager-gui,调整tomcat-users.xml添加访问用户,然后找到webapps/manager/META-INF/context.xml中注释掉仅允许内部 IP 访问的设置
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="user01" password="123456xxx" roles="admin-gui,manager-gui"/>
PHP
配置 PHP7 的源
yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
安装
yum install php70w php70w-common php70w-fpm php70w-opcache php70w-gd php70w-mysqlnd php70w-mbstring php70w-devel
CentOS 自带了 PHP5,安装 PHP7 的时候会遇到一些冲突,提示什么冲突就就删除什么,直到上面的命令可以执行
yum remove php-common-5.4.16-46.el7.x86_64
安装完毕后
# 查看版本
php -v
# 查看安装的模块
php -m
配置文件位于/etc/php.ini
#启动,restart-重启,stop-停止
systemctl start php-fpm
#开机启动
systemctl enable php-fpm
下面是一些常用的拓展,以后缺少什么就安装什么
# 安装包 提供的拓展
php70w mod_php, php70w-zts
php70w-bcmath
php70w-cli php-cgi, php-pcntl, php-readline
php70w-common php-api, php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif, php-fileinfo, php-filter, php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-json, php-libxml, php-openssl, php-pcre, php-pecl-Fileinfo, php-pecl-phar, php-pecl-zip, php-reflection, php-session, php-shmop, php-simplexml , php-sockets, php-spl, php-tokenizer, php-zend-abi, php-zip, php-zlib
php70w-dba
php70w-devel
php70w-embedded php-embedded-devel
php70w-enchant
php70w-fpm
php70w-gd
php70w-imap
php70w-interbase php_database, php-firebird
php70w-intl
php70w-ldap
php70w-mbstring
php70w-mcrypt
php70w-mysql php-mysqli, php_database
php70w-mysqlnd php-mysqli, php_database
php70w-odbc php-pdo_odbc, php_database
php70w-opcache php70w-pecl-zendopcache
php70w-pdo php70w-pdo_sqlite, php70w-sqlite3
php70w-pdo_dblib php70w-mssql
php70w-pear
php70w-pecl-apcu
php70w-pecl-imagick
php70w-pecl-memcached
php70w-pecl-mongodb
php70w-pecl-redis
php70w-pecl-xdebug
php70w-pgsql php-pdo_pgsql, php_database
php70w-phpdbg
php70w-process php-posix, php-sysvmsg, php-sysvsem, php-sysvshm
php70w-pspell
php70w-recode
php70w-snmp
php70w-soap
php70w-tidy
php70w-xml php-dom, php-domxml, php-wddx, php-xsl
php70w-xmlrpc
Golang
mkdir -p /usr/local/go
mkdir -p /usr/local/go/gopath
cd /usr/local/go
wget https://dl.google.com/go/go1.12.5.linux-amd64.tar.gz
tar -zxvf go1.12.5.linux-amd64.tar.gz
mv go go_1.12.5
配置环境变量/etc/profile后追加,然后source /etc/profile
# Golang 环境变量
GOROOT=/usr/local/go/go_1.11.10
GOPATH=/usr/local/go/gopath
GO111MODULE=on
GOPROXY=https://goproxy.io
PATH=$PATH:$GOROOT/bin:$GOPATH/bin
export GOROOT GOPATH GO111MODULE GOPROXY PATH
NodeJS
mkdir -p /usr/local/nodejs
cd /usr/local/nodejs
wget https://nodejs.org/dist/v10.16.0/node-v10.16.0-linux-x64.tar.xz
xz -d node-v10.16.0-linux-x64.tar.xz
tar -xvf node-v10.16.0-linux-x64.tar
配置环境变量/etc/profile后追加,然后source /etc/profile
# NodeJS 环境变量
NODE_HOME=/usr/local/nodejs/node-v10.16.0-linux-x64
NODE_GLOBAL_MODEL=/usr/local/nodejs/node_global
PATH=$PATH:$NODE_HOME/bin:$NODE_GLOBAL_MODEL/bin
export NODE_HOME PATH
配置
npm config set prefix "/usr/local/nodejs/node_global"
npm config set cache "/usr/local/nodejs/node_cache"
# 全局装个软件试一下
npm install -g hexo-cli
设置开机自启动脚本
开机启动后要执行的命令可以追加在rc.local后面,如下
# 开机启动,auto-start.sh记得给执行权限
/server-apps/auto-start.sh >/server-apps/auto-start.log 2>&1
以后在/server-apps/auto-start.sh中添加启动命令就成了。注意在 centos7 中,/etc/rc.d/rc.local的权限被降低了,所以需要chmod +x /etc/rc.d/rc.local
auto-start.sh
#!/bin/sh
# mysql
systemctl start mysqld
# nginx
/usr/local/nginx/sbin/nginx
# tomcat
/usr/local/tomcat/apache-tomcat-8.5.41/bin/startup.sh
# php
systemctl start php-fpm
