服务器部署-必要软件安装

centos7初始化脚本

#!/bin/bash
# init centos7  ./centos7-init.sh 主机名

# 检查是否为root用户,脚本必须在root权限下运行
if [[ "$(whoami)" != "root" ]]; then
    echo "please run this script as root !" >&2
    exit 1
fi
echo -e "\033[31m the script only Support CentOS_7 x86_64 \033[0m"
echo -e "\033[31m system initialization script, Please Seriously. press ctrl+C to cancel \033[0m"

# 检查是否为64位系统,这个脚本只支持64位脚本
platform=`uname -i`
if [ $platform != "x86_64" ];then
    echo "this script is only for 64bit Operating System !"
    exit 1
fi

if [ "$1" == "" ];then
    echo "The host name is empty."
    exit 1
else
	hostnamectl  --static set-hostname  $1
	hostnamectl  set-hostname  $1
fi

cat << EOF
+---------------------------------------+
|   your system is CentOS 7 x86_64      |
|           start optimizing            |
+---------------------------------------+
EOF
sleep 1

# 安装必要支持工具及软件工具
yum_update(){
yum update -y
yum install -y nmap unzip wget vim lsof xz net-tools iptables-services ntpdate ntp-doc psmisc
}

# 设置时间同步 set time
zone_time(){
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
/usr/sbin/hwclock --systohc
/usr/sbin/hwclock -w
cat > /var/spool/cron/root << EOF
10 0 * * * /usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1
EOF
chmod 600 /var/spool/cron/root
/sbin/service crond restart
sleep 1
}

# 修改文件打开数 set the file limit
limits_config(){
cat > /etc/rc.d/rc.local << EOF
#!/bin/bash

touch /var/lock/subsys/local
ulimit -SHn 1024000
EOF

sed -i "/^ulimit -SHn.*/d" /etc/rc.d/rc.local
echo "ulimit -SHn 1024000" >> /etc/rc.d/rc.local

sed -i "/^ulimit -s.*/d" /etc/profile
sed -i "/^ulimit -c.*/d" /etc/profile
sed -i "/^ulimit -SHn.*/d" /etc/profile

cat >> /etc/profile << EOF
ulimit -c unlimited
ulimit -s unlimited
ulimit -SHn 1024000
EOF

source /etc/profile
ulimit -a
cat /etc/profile | grep ulimit

if [ ! -f "/etc/security/limits.conf.bak" ]; then
    cp /etc/security/limits.conf /etc/security/limits.conf.bak
fi

cat > /etc/security/limits.conf << EOF
* soft nofile 1024000
* hard nofile 1024000
* soft nproc  1024000
* hard nproc  1024000
hive   - nofile 1024000
hive   - nproc  1024000
EOF

if [ ! -f "/etc/security/limits.d/20-nproc.conf.bak" ]; then
    cp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak
fi

cat > /etc/security/limits.d/20-nproc.conf << EOF
*          soft    nproc     409600
root       soft    nproc     unlimited
EOF

sleep 1
}

# 优化内核参数 tune kernel parametres
sysctl_config(){
if [ ! -f "/etc/sysctl.conf.bak" ]; then
    cp /etc/sysctl.conf /etc/sysctl.conf.bak
fi

#add
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_wmem = 4096 16384 13107200
net.ipv4.tcp_rmem = 4096 87380 17476000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_forward = 1
net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_established = 180
vm.overcommit_memory = 1
vm.swappiness = 1
fs.file-max = 1024000
EOF

#reload sysctl
/sbin/sysctl -p
sleep 1
}

# 设置UTF-8   LANG="zh_CN.UTF-8"
LANG_config(){
echo "LANG=\"en_US.UTF-8\"">/etc/locale.conf
source  /etc/locale.conf
}


#关闭SELINUX disable selinux
selinux_config(){
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
sleep 1
}

#日志处理
log_config(){
setenforce 0
systemctl start systemd-journald
systemctl status systemd-journald
}


# 关闭防火墙
firewalld_config(){
/usr/bin/systemctl stop  firewalld.service
/usr/bin/systemctl disable  firewalld.service
}


# SSH配置优化 set sshd_config
sshd_config(){
if [ ! -f "/etc/ssh/sshd_config.bak" ]; then
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
fi

cat >/etc/ssh/sshd_config<<EOF
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
UseDNS no
X11Forwarding yes
UsePrivilegeSeparation sandbox
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server
EOF
/sbin/service sshd restart
}


# 关闭ipv6  disable the ipv6
ipv6_config(){
echo "NETWORKING_IPV6=no">/etc/sysconfig/network
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
echo "127.0.0.1   localhost   localhost.localdomain">/etc/hosts
#sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-enp0s8


for line in $(ls -lh /etc/sysconfig/network-scripts/ifcfg-* | awk -F '[ ]+' '{print $9}')
do
if [ -f  $line ]
        then
        sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' $line
                echo $i
fi
done
}


# 设置历史命令记录格式 history
history_config(){
export HISTFILESIZE=10000000
export HISTSIZE=1000000
export PROMPT_COMMAND="history -a"
export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "
##export HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"HOSTNAME\":\"\$HOSTNAME\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""
cat >>/etc/bashrc<<EOF
alias vi='vim'
HISTDIR='/var/log/command.log'
if [ ! -f \$HISTDIR ];then
touch \$HISTDIR
chmod 666 \$HISTDIR
fi
export HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"IP\":\"\$(ip a | grep -E '192.168|172' | head -1 | awk '{print \$2}' | cut -d/ -f1)\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""
export PROMPT_COMMAND='history 1|tail -1|sed "s/^[ ]\+[0-9]\+  //"|sed "s/$/\"}/">> /var/log/command.log'
EOF
source /etc/bashrc
}

# 服务优化设置
service_config(){
/usr/bin/systemctl enable NetworkManager-wait-online.service
/usr/bin/systemctl start NetworkManager-wait-online.service
/usr/bin/systemctl stop postfix.service
/usr/bin/systemctl disable postfix.service
chmod +x /etc/rc.local
chmod +x /etc/rc.d/rc.local
#ls -l /etc/rc.d/rc.local
}

# VIM设置
vim_config(){
cat > /root/.vimrc << EOF
set history=1000

EOF

#autocmd InsertLeave * se cul
#autocmd InsertLeave * se nocul
#set nu
#set bs=2
#syntax on
#set laststatus=2
#set tabstop=4
#set go=
#set ruler
#set showcmd
#set cmdheight=1
#hi CursorLine   cterm=NONE ctermbg=blue ctermfg=white guibg=blue guifg=white
#set hls
#set cursorline
#set ignorecase
#set hlsearch
#set incsearch
#set helplang=cn
}


# done
done_ok(){
touch /var/log/init-ok
cat << EOF
+-------------------------------------------------+
|               optimizer is done                 |
|   it's recommond to restart this server !       |
|             Please Reboot system                |
+-------------------------------------------------+
EOF
}

# main
main(){
    yum_update
    zone_time
    limits_config
    sysctl_config
    LANG_config
    selinux_config
    log_config
    firewalld_config
    sshd_config
    ipv6_config
    history_config
    service_config
    vim_config
    done_ok
}
main

centos7安装mysql8

1.查看是否已经安装了mysql

rpm -qa|grep mysql #无输出说明没有安装

2.下载rpm

2.1 手动下载

打开网址:MySQL Yum存储库
图片
选择linux7,点击下载

2.2 wget下载

wget https://dev.mysql.com/get/mysql80-community-release-el7-10.noarch.rpm

3.安装mysql源

rpm -ivh mysql80-community-release-el7-10.noarch.rpm

4.安装mysql

yum install -y mysql mysql-server

5.启动停止重启mysql

systemctl start mysqld.service
systemctl stop mysqld.service
systemctl restart mysqld.service

设置mysql服务开机自启动

systemctl enable mysqld.service

停止mysql服务开机自启动

systemctl disable mysqld.service

6.mysql配置

6.1 查找初始密码

grep 'temporary password' /var/log/mysqld.log

6.2 登录MySQL

mysql -u root -p'初始密码'

6.3 修改root密码

alter user 'root'@'localhost' identified by 'Su#2023Gjj';

6.4 配置外部访问

use mysql;

update user set host = '%' where user = 'root';

flush privileges;

6.5 大小写问题

vi /etc/my.cnf

lower_case_table_names=1

7.卸载mysql

7.1 yum list命令检查是否安装了Mysql

yum list | grep mysql

7.2 卸载Mysql

yum remove mysql

7.3 删除依赖

查看命令

rpm -qa | grep -i mysql

删除依赖:例

yum remove mysql80-community-release-el7-10.noarch

7.4 删除mysql文件目录

使用 rm -rf 文件或目录 依次删除mysql文件目录,可使用:find / -name mysql 查看相关的文件目录
例:

rm -rf /usr/share/mysql
rm -rf /var/lib/mysql

7.5 更新Yum缓存

yum clean all

centos7安装jdk8

1.卸载centos7自带的jdk

通过以下命令查看是否已经安装jdk

yum list installed |grep java

如果安装了则通过以下命令删除

yum -y remove #名称

2.安装jdk

通过以下命令查找能够安装的jdk版本

yum -y list java*

通过以下命令安装jdk1.8

yum install java-1.8.0-openjdk.x86_64 java-1.8.0-openjdk-devel.x86_64

通过以下命令查看jdk是否安装完成

[root@iZ8vbgtssw7pxe6ylremfzZ ~]# java -version
java version "1.8.0_261"
Java(TM) SE Runtime Environment (build 1.8.0_261-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.261-b12, mixed mode)
[root@iZ8vbgtssw7pxe6ylremfzZ ~]# 

linux 使用yum命令后,将 OpenSDK 安装到/usr/lib/jvm/ 目录,使用如下命令查看

[root@iZ8vbgtssw7pxe6ylremfzZ ~]# ls /usr/lib/jvm/
java        java-1.8.0-openjdk                               java-openjdk  jre-1.8.0          jre-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64
java-1.8.0  java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64  jre           jre-1.8.0-openjdk  jre-openjdk

3.配置环境变量

vi /etc/profile

将下面的三行粘贴到 /etc/profile 中:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin

保存关闭后,执行以下命令,让设置立即生效

source /etc/profile

输入以下命令,来确认这三个变量是否设成了我们想要的

echo $JAVA_HOME
echo $CLASSPATH
echo $PATH

centos7安装nginx

1.安装前准备

对于nginx编译安装需要先安装编译 的工具,然后再安装nginx依赖

yum -y install gcc gcc-c++ autoconf automake make      
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

2.下载nginx

2.1手动下载

下载地址

2.2wget下载

wget -c https://nginx.org/download/nginx-1.25.1.tar.gz

2.3解压

tar -xf nginx-1.25.1.tar.gz 

3.配置nginx

#配置nginx
#--prefix 指定安装的目录
#/usr/local/nginx 是安装目录,不能和自己下载的文件目录重了
#./configure --prefix=/usr/local/nginx

#带ssl  stub_status模块 添加strem模块 –with-stream,这样就能传输tcp协议了
#http_stub_status_module  状态监控
#http_ssl_module    配置https
#stream  配置tcp得转发
#http_gzip_static_module 压缩
#http_sub_module  替换请求
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream

如下:

cd nginx-1.25.1/

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream

4.安装nginx

make && make install

5.启动nginx

cd /usr/local/nginx/sbin
./nginx

6.重载配置

cd /usr/local/nginx/sbin
./nginx -s reload

centos7安装maven

1.下载

1.1通过官网下载

Maven官网:http://maven.apache.org/
Maven下载地址:http://maven.apache.org/download.cgi
图片.png

将下载好的包通过ftp上传到服务器。

1.2.wget下载

这里使用了华中科技大学开源镜像站,网上有很多,自行选择。

wget http://mirrors.hust.edu.cn/apache/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz

2.解压

tar zxf apache-maven-3.9.4-bin.tar.gz

3.配置环境变量

cd /etc
ll
vi profile
#按i进入编辑状态
#添加maven的环境变量
export M2_HOME=/usr/local/apache-maven-3.9.4
export PATH=$PATH:$M2_HOME/bin
#编辑完成按Esc退出编辑状态,然后按:wq保存退出。
#保存退出后运行下面的命令使配置生效
source /etc/profile

验证

mvn -v

配置成功

centos7安装redis

1.普通安装,非最新版本

yum install redis

2.yum安装最新redis

如果要安装最新的redis,需要安装Remi的软件源,官网地址

yum install -y http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

yum --enablerepo=remi install redis -y

3.启动redis

service redis start
# 或者
systemctl start redis
# 设置开机启动
systemctl enable redis

也可以如下的手动启动redis

redis --port 6379 # 通过6379端口启动redis服务,默认127.0.0.1端口

4.查看redis版本

chkconfig redis on
或者
redis-cli --version

5.设置redis 远程连接和密码

输入命令进入编辑模式编辑redis的配置文件

vi /etc/redis.conf

找到参数 protected-mode 参数更改为no,默认是打开的,远程访问要关闭

找到参数 bind 127.0.0.1 设置为bind 0.0.0.0,默认只能本地访问

设置连接端口,默认6379

取消requirepass注释,设置密码 requirepass "123456"

开启守护进程,redis可以后台运行 :daemonize no 改为 daemonize yes

centos7安装git

方式一:ius源

安装git需要第三方ius源

Red Hat Enterprise Linux, Oracle Linux, CentOS, Scientific Linux, et al.
RHEL and derivatives typically ship older versions of git. You can download a tarball and build from source, or use a 3rd-party repository such as the IUS Community Project to obtain a more recent version of git.

1.安装ius源

ius源官方:https://ius.io/setup

安装命令

yum install \
https://repo.ius.io/ius-release-el7.rpm \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2.查看ius源最新的git版本

地址:https://repo.ius.io/7/x86_64/packages/g/
图片

3.删除老版本,并安装新版本git

 yum remove git
 yum install git236
 git --version

方式二:源码包安装Git

1.下载源码包

git源码包官方下载地址
https://mirrors.edge.kernel.org/pub/software/scm/git/

我下载的是git-2.39.0.tar.gz,下载目录放在了/usr/local

wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.39.0.tar.gz

2.解压源码包

tar -zxvf git-2.39.0.tar.gz

3.安装需要的依赖

# 安装依赖
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker

4.检查是否安装过git

如果已经安装编译源码所需依赖的时候,yum自动帮你安装了git,这时候你需要先卸载这个旧版的git

yum -y remove git

5.编译安装

我选择安装在/usr/local/git目录下

cd /usr/local
mkdir git

# 进入文件目录
cd git-2.39.0

# 编译
make prefix=/usr/local/git all

# 安装git至/usr/local/git路径
make prefix=/usr/local/git install

6.配置环境变量

vim /etc/profile 
# 按i进入编辑模式,增加下方代码
export PATH=$PATH:/usr/local/git/bin
# 增加后按esc退出编辑模式,输入:wq保存退出
# 使配置文件生效
source /etc/profile

7.查看git是版本

[root@localhost ~]# git --version
git version 2.39.0
posted @ 2023-09-16 11:11  leepandar  阅读(41)  评论(0编辑  收藏  举报