Centos7服务器开发环境搭建
MySQL5.7 + Java8 + Tomcat + Redis + DenyHosts + Python3 + Go
一、安装wget
yum remove wget
yum install -y wget
二、配置DenyHosts
一款非常有用的工具DenyHosts可以阻止试图猜测SSH登录口令。DenyHosts是用Python写的一个程序,它会分析SSHD的日志文件(Redhat为/var/log/secure等),当发现同一IP在进行多次SSH密码尝试时就会记录IP到/etc/hosts.deny文件,从而达到自动屏蔽该IP的目的。
1、下载
wget http://imcat.in/down/DenyHosts-2.6.tar.gz
或
DenyHosts官网:http://denyhosts.sourceforge.net/
2、解压
tar -zxvf DenyHosts-2.6.tar.gz
3、安装配置
cd DenyHosts-2.6
python setup.py install
cp denyhosts.cfg-dist denyhosts.cfg //配置文件
cp daemon-control-dist daemon-control //启动文件
chmod 700 daemon-control
4、配置denyhosts.cfg
SECURE_LOG = /var/log/secure #ssh日志文件
# format is: i[dhwmy]
# Where i is an integer (eg. 7)
# m = minutes
# h = hours
# d = days
# w = weeks
# y = years
#
# never purge:
PURGE_DENY = 5d #过多久后清除已阻止IP
HOSTS_DENY = /etc/hosts.deny #将阻止IP写入到hosts.deny
BLOCK_SERVICE = sshd #阻止服务名
PURGE_THRESHOLD = #定义了某一IP最多被解封多少次。某IP暴力破解SSH密码被阻止/解封达到了PURGE_THRESHOLD次,则会被永久禁止;
DENY_THRESHOLD_INVALID = 1 #允许无效用户登录失败的次数
DENY_THRESHOLD_VALID = 10 #允许普通用户登录失败的次数
DENY_THRESHOLD_ROOT = 5 #允许root登录失败的次数
WORK_DIR = /usr/local/share/denyhosts/data #将deny的host或ip纪录到Work_dir中
DENY_THRESHOLD_RESTRICTED = 1 #设定 deny host 写入到该资料夹
LOCK_FILE = /var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
HOSTNAME_LOOKUP=NO #是否做域名反解
ADMIN_EMAIL = #设置管理员邮件地址
DAEMON_LOG = /var/log/denyhosts #DenyHosts日志位置
5、启动自启动服务
#如果/usr/share/denyhosts/没有daemon-control和denyhosts.cfg,将DenyHosts-2.6/下配置好的复制过去
[root@VM-12-15-centos DenyHosts-2.6]# cp denyhosts.cfg /usr/share/denyhosts/denyhosts.cfg
[root@VM-12-15-centos DenyHosts-2.6]# cp daemon-control /usr/share/denyhosts/daemon-control
[root@VM-12-15-centos DenyHosts-2.6]# cd /usr/share/denyhosts/
[root@VM-12-15-centos denyhosts]# chown root daemon-control
[root@VM-12-15-centos denyhosts]# chmod 700 denyhosts.cfg
[root@VM-12-15-centos denyhosts]# cd /opt/DenyHosts-2.6/
[root@VM-12-15-centos DenyHosts-2.6]# ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
[root@VM-12-15-centos DenyHosts-2.6]# chkconfig --add denyhosts
[root@VM-12-15-centos DenyHosts-2.6]# chkconfig denyhosts on
[root@VM-12-15-centos DenyHosts-2.6]# service denyhosts start
6、查看攻击IP记录
vim /etc/hosts.deny
三、配置MySQL5.7数据库
1、下载MySQL5.7 linux版本
2、检查工作
-
检查是否安装过mysql
[root@VM-12-15-centos opt]# rpm -qa|grep mariadb mariadb-libs-5.5.68-1.el7.x86_64 #执行卸载命令:rpm -e --nodeps mariadb-libs -
检查mysql依赖环境
[root@VM-12-15-centos opt]# rpm -qa|grep libaio libaio-0.3.109-13.el7.x86_64 [root@VM-12-15-centos opt]# rpm -qa|grep net-tools net-tools-2.0-0.25.20131004git.el7.x86_64 #如果没有以上依赖,则需要手动安装
3、安装MySQL
-
解压到/usr/local目录下
tar -zxvf mysql-5.7.29-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ -
重命名mysql
[root@VM-12-15-centos opt]# cd /usr/local/ [root@VM-12-15-centos local]# mv mysql-5.7.29-linux-glibc2.12-x86_64/ mysql -
安装依赖库
cd mysql yum install -y libaio #没有依赖需要手动安装 yum -y install numactl -
创建mysql用户与用户组
[root@VM-12-15-centos mysql]# mkdir data [root@VM-12-15-centos mysql]# groupadd mysql [root@VM-12-15-centos mysql]# useradd -r -s /sbin/nologin -g mysql mysql -d /usr/local/mysql/ -
mysql相关目录授权
[root@VM-12-15-centos mysql]# mkdir /usr/local/mysql/log [root@VM-12-15-centos mysql]# mkdir -p /var/lib/mysql/ [root@VM-12-15-centos mysql]# mkdir -p /var/run/mysqld/ [root@VM-12-15-centos mysql]# touch /usr/local/mysql/log/mysqld.log [root@VM-12-15-centos mysql]# chmod 666 /usr/local/mysql/log/mysqld.log [root@VM-12-15-centos mysql]# chown -R mysql:mysql /usr/local/mysql [root@VM-12-15-centos mysql]# chown -R mysql:mysql /var/run/mysqld/ [root@VM-12-15-centos mysql]# chown -R mysql:mysql /var/lib/mysql/ -
初始化命令
cd /usr/local/mysql/bin ./mysqld --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ -
如果初始化遇到如下问题
2021-04-03T15:23:29.620855Z 0 [ERROR] Fatal error: Can't open and lock privilege tables: Table 'mysql.user' doesn't exist 2021-04-03T15:23:29.620863Z 0 [ERROR] Fatal error: Failed to initialize ACL/grant/time zones structures or failed to remove temporary table files. 2021-04-03T15:23:29.620881Z 0 [ERROR] Aborting那么如下操作
# 删除已经初始化的数据,重新初始化 rm -rf /usr/local/mysql/data ./mysql_install_db --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ ./mysqld --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ -
查看安装成功后的root密码
[root@VM-12-15-centos ~]# cat /root/.mysql_secret # Password set for user 'root@localhost' at 2021-04-03 23:24:31 ;jfb!xXVMhpx #这个就是密码 -
杀死当前mysql进程
[root@VM-12-15-centos ~]# netstat -apn | grep 3306 tcp6 0 0 :::3306 :::* LISTEN 14507/./mysqld [root@VM-12-15-centos ~]# kill -9 14507 -
修改基本配置
vim /usr/local/mysql/support-files/mysql.server 将basedir与datadir的值按照如下修改后保存并退出 basedir=/usr/local/mysql datadir=/usr/local/mysql/data mysqld_pid_file_path=/var/run/mysqld/mysqld.pid -
为脚本创建软链接
[root@VM-12-15-centos ~]# ln -s /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@VM-12-15-centos ~]# ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql -
添加my.cnf基本配置
vim /etc/my.cnf # my.cnf基本配置如下: [mysqld] basedir=/usr/local/mysql datadir=/usr/local/mysql/data socket=/tmp/mysql.sock user=mysql port=33068 character-set-server = utf8mb4 collation-server = utf8mb4_unicode_ci init_connect='SET NAMES utf8mb4' symbolic-links=0 max_connections=200 default-storage-engine=INNODB lower_case_table_names=1 max_allowed_packet=32M explicit_defaults_for_timestamp=true [mysqld_safe] log-error=/usr/local/mysql/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid -
修改mysqld执行权限
[root@VM-12-15-centos etc]# chmod 755 /etc/rc.d/init.d/mysqld # 修改mysql开机启动 [root@VM-12-15-centos etc]# chkconfig mysqld on -
启动MySQL
service mysqld start #开启 service mysqld stop #停止 service mysqld restart #重启 -
修改密码
mysql -u root -p # 输入刚刚的密码;jfb!xXVMhpx alter user 'root'@'localhost' identified by '你的密码'; # 密码设置的难一点,不然会报太简单了。 # 修改密码另一种方式 set password for 'root'=password('密码'); # 还有一种 建议使用这种 update user set authentication_string = password("密码") where user="root"; -
允许远程访问
grant all privileges on *.* to 'root'@'%' identified by 'root用户的密码'; flush privileges;
四、安装Java8
# 解压
[root@VM-12-15-centos opt]# tar -zxvf jdk-8u231-linux-x64.tar.gz
# 配置环境变量
[root@VM-12-15-centos opt]# vim /etc/profile
# 使环境变量立即生效
[root@VM-12-15-centos opt]# source /etc/profile
# 检查是否配置完成
[root@VM-12-15-centos opt]# java -version
java version "1.8.0_231"
Java(TM) SE Runtime Environment (build 1.8.0_231-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.231-b11, mixed mode)
五、安装Tomcat
# 解压
[root@VM-12-15-centos opt]# tar -zxvf apache-tomcat-9.0.33.tar.gz
# 运行Tomcat
[root@VM-12-15-centos opt]# cd apache-tomcat-9.0.33/bin/
[root@VM-12-15-centos bin]# ./startup.sh
Using CATALINA_BASE: /opt/apache-tomcat-9.0.33
Using CATALINA_HOME: /opt/apache-tomcat-9.0.33
Using CATALINA_TMPDIR: /opt/apache-tomcat-9.0.33/temp
Using JRE_HOME: /opt/jdk1.8.0_231
Using CLASSPATH: /opt/apache-tomcat-9.0.33/bin/bootstrap.jar:/opt/apache-tomcat-9.0.33/bin/tomcat-juli.jar
Tomcat started.
(可选)如果在浏览器中打开Tomcat网页过慢,可以选择安装熵服务
# 安装前
[root@VM-12-15-centos bin]# cat /proc/sys/kernel/random/entropy_avail
1274
# 安装rngd(熵服务)
yum install rng-tools
# 启动服务
systemctl start rngd
cp /usr/lib/systemd/system/rngd.service /etc/systemd/system
vim /etc/systemd/system/rngd.service
修改ExecStart=/sbin/rngd -f -r /dev/urandom
# 重新载入服务
systemctl daemon-reload
# 再次查看,此时打开Tomcat网站速度明显变快
[root@VM-12-15-centos bin]# cat /proc/sys/kernel/random/entropy_avail
3092
六、安装Redis
# 解压
[root@VM-12-15-centos opt]# tar -zxvf redis-6.2.1.tar.gz
[root@VM-12-15-centos opt]# cd /opt/redis-6.2.1/
安装依赖
[root@VM-12-15-centos redis-6.2.1]# yum install gcc
[root@VM-12-15-centos redis-6.2.1]# yum install gcc-c++
# 执行make命令
[root@VM-12-15-centos redis-6.2.1]# make
[root@VM-12-15-centos redis-6.2.1]# make install
修改配置文件
# 拷贝一份redis.conf
[root@VM-12-15-centos redis-6.2.1]# mkdir /opt/myRedis
[root@VM-12-15-centos redis-6.2.1]# cp redis.conf /opt/myRedis/
# 修改备份的redis.conf,并用此配置文件运行redis-server
[root@VM-12-15-centos redis-6.2.1]# vim /opt/myRedis/redis.conf
# 修改以下配置
#bind 127.0.0.1 -::1 #注释掉此行允许所有ip访问
protected-mode no #如果为yes,在没有设置密码且没有bing ip时只允许本记访问
daemonize yes #将no修改为yes,使服务在后台启动
port 12345 #默认6379,为了安全建议修改端口号
requirepass pwd #建议使用密码,pwd修改为你的密码
以修改过的redis.conf启动服务
[root@VM-12-15-centos redis-6.2.1]# cd /opt/myRedis/
[root@VM-12-15-centos myRedis]# redis-server redis.conf
# 本机登录redis客户端
[root@VM-12-15-centos myRedis]# redis-cli -p 12345
127.0.0.1:12345> auth pwd
OK
七、安装Python3
安装依赖
[root@VM-12-15-centos opt]# yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc
# 注: 这一步很重要,如果不安装相关依赖包,在使用pip安装python包时会报找不到SSL错误
下载python3安装包
wget https://www.python.org/ftp/python/3.7.13/Python-3.7.13.tgz
或
官网下载:https://www.python.org/downloads/source/
解压安装包
[root@VM-12-15-centos opt]# tar -zxvf Python-3.7.13.tgz -C /usr/local/lib
编译安装
[root@VM-12-15-centos opt]# cd /usr/local/lib/Python-3.7.13/
[root@VM-12-15-centos Python-3.7.13]# ./configure --with-ssl --prefix=/usr/local/lib/python3.7
[root@VM-12-15-centos Python-3.7.13]# make && make install
创建python3.7软链接
[root@VM-12-15-centos Python-3.7.13]# ln -s /usr/local/lib/python3.7/bin/python3.7 /usr/bin/python3
[root@VM-12-15-centos Python-3.7.13]# ln -s /usr/local/lib/python3.7/bin/pip3.7 /usr/bin/pip3
[root@VM-12-15-centos Python-3.7.13]# pip3 install --upgrade pip
安装成功
[root@VM-12-15-centos Python-3.7.13]# python3
Python 3.7.13 (default, Jun 3 2022, 00:13:43)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
八、安装Go
下载Go的安装包
wget https://dl.google.com/go/go1.18.3.linux-amd64.tar.gz
或
官网下载:https://golang.google.cn/dl/
解压安装包
[root@VM-12-15-centos opt]# tar -zxvf go1.18.3.linux-amd64.tar.gz -C /usr/local/lib
配置环境变量
[root@VM-12-15-centos opt]# vim /etc/profile
# Go
export GOROOT=/usr/local/lib/go
# go install的包放置位置
export GOPATH=/usr/local/lib/gopath
export PATH=$GOROOT/bin:$GOPATH/bin:$PATH
[root@VM-12-15-centos opt]# source /etc/profile
安装成功
[root@VM-12-15-centos opt]# go version
go version go1.18.3 linux/amd64
[root@VM-12-15-centos opt]# vim hello.go
package main
import "fmt"
func main() {
fmt.Printf("Hello, world!\n")
}
[root@VM-12-15-centos opt]# go run hello.go
Hello, world!
九、可选部分
-
开启防火墙
systemctl status firewalld.service # 查看防火墙状态 systemctl start firewalld.service # 开启防火墙 systemctl stop firewalld.service # 关闭防火墙 systemctl restart firewalld.service # 重启防火墙 systemctl enable firewalld.service # 设置开机自启防火墙 systemctl status firewalld.service # 设置开机不自动启动防火墙firewall-cmd --zone=public --add-port=12345/tcp --permanent # 开放12345端口 firewall-cmd --zone=public --remove-port=12345/tcp --permanent # 关闭12345端口 firewall-cmd --reload # 配置立即生效 firewall-cmd --zone=public --list-ports # 查看开放的端口启动防火墙后,添加防火墙规则
[root@VM-12-15-centos ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) [root@VM-12-15-centos ~]# systemctl start firewalld.service [root@VM-12-15-centos ~]# firewall-cmd --zone=public --add-port=12345/tcp --permanent # 说明 # 开放12345端口 # --zone作用域 # --add-port=12345/tcp 添加端口,格式为:端口/通讯协议 # --permanent 永久生效,没有此参数重启后规则失效 # 重新读取防火墙规则使规则生效 [root@VM-12-15-centos ~]# firewall-cmd --reload # 或者重启防火墙,也会使规则生效 [root@VM-12-15-centos ~]# systemctl restart firewalld.service # 开机自启防火墙 [root@VM-12-15-centos ~]# systemctl enable firewalld.service -
修改SSH登录端口
为了防止22端口一直被恶意登录,建议将SSH服务的端口修改为不常用端口。
# 首选需要在阿里云或者腾讯云开放12345端口 [root@VM-12-15-centos ~]# cd /etc/ssh/ [root@VM-12-15-centos ssh]# vim sshd_config # 修改Port的值 Port 22 # 先保留22端口登录,测试可以用12345端口登录后注释掉即可 Port 12345 # 修改端口为你想要的端口 # 测试可以使用12345端口登录后,可以将22端口注释掉,同时在阿里云或者腾讯云中删除22端口的放行规则!如果服务器开启了防火墙,那么还需进行如下操作,否则无法登录服务器!!!
# 将SSH服务的端口加入防火墙放行规则 [root@VM-12-15-centos ~]# firewall-cmd --zone=public --add-port=12345/tcp --permanent [root@VM-12-15-centos ~]# firewall-cmd --reload最后,重启SSH服务(修改配置文件后都需要重启服务)
[root@VM-12-15-centos ~]# systemctl restart sshd.service -
安装熵服务
如果发现Tomcat服务器中部署的项目在浏览器中浏览比较慢,可以尝试增加熵服务。
# 安装熵服务前服务器熵池中的值 [root@VM-12-15-centos ~]# cat /proc/sys/kernel/random/entropy_avail 56 # 安装rngd(熵服务) [root@VM-12-15-centos ~]# yum install rng-tools # 启动熵服务 [root@VM-12-15-centos ~]# systemctl start rngd # 修改配置,将/sbin/rngd -f修改为/sbin/rngd -f -r /dev/urandom [root@VM-12-15-centos ~]# cp /usr/lib/systemd/system/rngd.service /etc/systemd/system [root@VM-12-15-centos ~]# vim /etc/systemd/system/rngd.service [Service] ExecStart=/sbin/rngd -f -r /dev/urandom #此行修改 # 重新载入服务 [root@VM-12-15-centos ~]# systemctl restart rngd # 再次查看熵池中的值 [root@VM-12-15-centos ~]# cat /proc/sys/kernel/random/entropy_avail 3125 # 此时熵值为3000左右,访问Tomcat的速度就会变快
