布置centos7 java生产环境 升级gcc+Mysql + Nginx +java+maven+Docker+redis+chromium+Supervisor+git +nuxt3
布置centos7 java生产环境 升级gcc+Mysql + Nginx +java+maven+Docker+redis+chromium+Supervisor+git +nuxt3
设置静态IP、DNS地址(网络设备名称有可能不一样,这里是ifcfg-enp0s3,如使用DHCP获取动态IP,可忽略)
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
找到BOOTPROTO,并且修改(设为静态网址)
BOOTPROTO="static"
在最后添加三行内容(添加本机IP,子网掩码,网关)
IPADDR="192.168.1.10"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
:wq 保存退出
[root@localhost ~]# shutdown -r now
添加以下几个DNS地址
nameserver 192.168.1.1
nameserver 8.8.8.8
更新系统,显示系统版本(使用阿里云源)
[root@localhost ~]# yum install wget -y
[root@localhost ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost ~]# yum clean all && yum makecache
[root@localhost ~]# yum update -y
更新完成后重启,查看内核版本
[root@localhost ~]# shutdown -r now
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@localhost ~]# fdisk -l
[root@localhost ~]# df -hT
已挂载设备的uuid
[root@localhost ~]# blkid
查看核数
[root@localhost ~]# cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
安装基本软件包
[root@localhost ~]# yum install vim wget lsof net-tools gcc gcc-c++ bzip2 firewalld openssl-devel mlocate -y
把 /usr/local/src 目录,转到 /data 下
[root@localhost ~]# mkdir -p /data
[root@localhost ~]# mv /usr/local/src /data
[root@localhost ~]# ln -s /data/src /usr/local/src
[root@localhost ~]# vim /etc/vimrc
在末尾添加以下内容
set nocompatible
set number
filetype on
set history=1000
set background=dark
syntax on
set autoindent
set smartindent
set tabstop=2
set shiftwidth=2
set showmatch
set guioptions-=T
set vb t_vb=
set ruler
set nohls
set incsearch
if has("vms")
set nobackup
else
set backup
endif
:wq 保存退出
升级 gcc
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# tar zvxf gcc-12.1.0.tar.gz && cd gcc-12.1.0
下载依赖文件,并且刷新 (可以事先下载复制进去)
https://gcc.gnu.org/pub/gcc/infrastructure/
**************************************************************************************************************
cp ../isl-0.24.tar.bz2 ./
cp ../mpc-1.2.1.tar.gz ./
cp ../mpfr-4.1.0.tar.bz2 ./
cp ../gmp-6.2.1.tar.bz2 ./
**************************************************************************************************************
[root@localhost gcc-12.1.0]# ./contrib/download_prerequisites && ldconfig
[root@localhost gcc-12.1.0]# mkdir gcc-build && cd gcc-build
[root@localhost gcc-build]# ../configure --enable-languages=c,c++ --disable-multilib --enable-checking=release --prefix=/opt/gcc
# --prefix=/opt/gcc 指定安装目录(如指定/usr,则覆盖原默认目录,编译后不需要重建软连接)
# --enable-languages,说明你要让你的gcc支持那些语言
# --disable-multilib不生成编译为其他平台可执行代码的交叉编译器
# --disable-checking生成的编译器在编译过程中不做额外检查,也可以使用
# --enable-checking=xxx来增加一些检查
编译、安装
[root@localhost gcc-build]# make -j10 && make install
**************************************************************************************************************
[root@localhost gcc-build] ldconfig
如提示“ldconfig: /opt/gcc/lib64/libstdc++.so.6.0.30-gdb.py is not an ELF file”
或
出现 /sbin/ldconfig: /opt/gcc/lib64/libstdc++.so.6.0.30-gdb.py 不是 ELF 文件 - 它起始的魔数错误。
[root@localhost src]# mv /opt/gcc/lib64/libstdc++.so.6.0.30-gdb.py /opt/gcc/lib64/bak.libstdc++.so.6.0.30-gdb.py
----------------------------
**************************************************************************************************************
[root@localhost gcc-build]# echo '/opt/gcc/lib64' > /etc/ld.so.conf.d/local-lib64.conf
[root@localhost gcc-build]# ldconfig -v
[root@localhost gcc-build]# mv /usr/bin/gcc /usr/bin/gcc.bak
[root@localhost gcc-build]# mv /usr/bin/g++ /usr/bin/g++.bak
[root@localhost gcc-build]# ln -s /opt/gcc/bin/gcc /usr/bin/gcc
[root@localhost gcc-build]# ln -s /opt/gcc/bin/g++ /usr/bin/g++
[root@localhost gcc-build]# update-alternatives --install /usr/bin/gcc gcc /opt/gcc/bin/gcc 999
重启,查看版本,检查是否成功更新
[root@localhost ~]# shutdown -r now
[root@localhost ~]# gcc --version
[root@localhost ~]# g++ --version
设置PUTTY远程登录时,不使用密码,使用密钥文件登录(如不需要,可忽略)
服务器上创建目录
[root@localhost ~]# mkdir -p /root/.ssh
在"客户机"生成对称密钥,把客户机上的公钥复制到服务器(公钥文件:id_rsa.pub)
[root@centos ~] ssh-keygen -m PEM -t rsa -b 4096
根据提示操作,生成公钥
上传到服务器指定目录(*** 或使用软件远程复制id_rsa.pub到服务器/root/.ssh中。)
[root@centos ~] scp id_rsa.pub root@192.168.1.10/root/.ssh
查看服务器上,公钥是否已经存在
[root@localhost .ssh]# cd /root/.ssh
[root@localhost .ssh]# ll
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入密钥到authorized_keys
[root@localhost .ssh]# cat id_rsa.pub >> authorized_keys
[root@localhost .ssh]# ll /root/.ssh
-rw-r--r-- 1 root root 394 12月 5 09:37 authorized_keys
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入后,删除公钥文件
[root@localhost .ssh]# rm id_rsa.pub
设置目录和文件读取权限
[root@localhost .ssh]# chmod 700 /root/.ssh
[root@localhost .ssh]# chmod 600 /root/.ssh/authorized_keys
设置sshd配置文件
[root@localhost .ssh]# vim /etc/ssh/sshd_config
找到GSSAPICleanupCredentials,并且修改为以下内容
GSSAPICleanupCredentials yes
:wq 保存退出
重启sshd服务,让其生效
[root@localhost .ssh]# systemctl restart sshd
客户端设置PUTTY,进行远程登录
打开软件 PuTTYgen
点击load 选择之前客户机生成私钥文件id_rsa, 点击save private key 生成 pKey.ppk文件
打开软件 PuTTY
点击Session,在HostName(or IP address)输入服务器地址
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为root)
点击Connection下的SSH下的Auth,点击Browse 选择之前生成 pKeyppk文件
点击Session,在Saved Sessions中,输入需要保存的Session名称,点击保存
1.7.6 设置完成后,即可以远程连接到服务器
打开软件 PuTTY
点击Session,在"Default Settings"下,找到之前已经保存的Session,双击打开连接
如果显示 Authenticating with public key "xxxxx-xxxx"时,即表未成功
设置新用户,并且使用密码和证书双重认证远程登录。同时禁止root远程登录 (如不需要,可忽略)
root登录后,修改root密码 (安全建议:密码为15位,大小字母+数字+特殊字符)
passwd
添加新用户,并且设置密码
[root@localhost ~]# adduser lixin
[root@localhost ~]# passwd lixin
创建目录,复制密钥相关文件到用户目录,并且设置权限
[root@localhost ~]# mkdir /home/lixin/.ssh -p
[root@localhost ~]# cp /root/.ssh/authorized_keys /home/vicowong/.ssh
[root@localhost ~]# chmod 700 /home/lixin/.ssh
[root@localhost ~]# chmod 600 /home/lixin/.ssh/authorized_keys
[root@localhost ~]# chownlixin:lixin /home/lixin/.ssh -R
设置防火墙,设置远程连接端口(这里是26322)
[root@localhost ~]# systemctl enable firewalld && systemctl start firewalld
[root@localhost ~]# firewall-cmd --zone=public --add-port=26322/tcp --permanent
[root@localhost ~]# firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
安装semanage(用于设置selinux策略)
[root@localhost ~]# yum install -y policycoreutils-python selinux-policy selinux-policy-targeted
查看当前 selinux 是否启用 即 Enforcing 状态 (否则有可能设置 selinux 策略不成功)
[root@localhost ~]# getenforce
查看当前 selinux 关于远程ssh连接端口的设置
[root@localhost ~]# semanage port -l | grep ssh
ssh_port_t tcp 22
添加新端口
[root@localhost ~]# semanage port -a -t ssh_port_t -p tcp 26322
--------------------------------------------------------------------------------------------
移除端口
[root@localhost ~]# semanage port -d -t ssh_port_t -p tcp 26322
-------------------------------------------------------------------------------------------
设置sshd配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config
以下三个搜索,查看是否有重复设置
#PermitRootLogin yes
#PasswordAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#X11Forwarding yes
添加
Port 26322
Protocol 2
ServerKeyBits 1024
PermitRootLogin no
AllowUsers vicowong
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication yes
AuthenticationMethods publickey,password
X11Forwarding no
MaxStartups 10:30:60
:wq 保存退出
重启sshd服务,让其生效
[root@localhost ~]# systemctl restart sshd
使用新用户登录(重新打开一个新终端,原来的终端先不关,避免因设置不当导致没法连接远程)
打开软件 PuTTY,点击之前保存的Sessions,点击Load读取之前的配置
在Port框输入端口(当前账号为26322)
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为lixin)
点击Session 点击Save。保存当前修改。
点击Open,打开终端。
设置后,必须远程将进行密码和证书双重认证。
远程登录会以lixin这个账号进行登录。安装维护需要root权限时,可以使用su实现
[root@localhost ~]# su root
安装mysql
数据备份
https://blog.csdn.net/zhou920786312/article/details/123354503
查看 yum 已安装 mysql 相关的包
[root@localhost ~]# yum list installed mysql*
查看 远程yum 已安装 mysql 相关的包
[root@localhost ~]# yum search mysql
[root@localhost ~]# groupadd mysql
[root@localhost ~]# useradd -g mysql mysql -s /sbin/nologin -M
[root@localhost ~]# cd /data/src
[root@localhost src]# tar -xvf mysql-8.0.28-1.el7.x86_64.rpm-bundle.tar
[root@localhost src]# rpm -ivh mysql-community-common-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# rpm -ivh mysql-community-client-plugins-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# rpm -e mariadb-libs --nodeps
[root@localhost src]# rpm -ivh mysql-community-libs-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# rpm -ivh mysql-community-client-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# yum -y install openssl-devel
[root@localhost src]# rpm -ivh mysql-community-devel-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# rpm -ivh mysql-community-icu-data-files-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# yum install net-tools -y
[root@localhost src]# yum install -y perl-Module-Install.noarch libaio
[root@localhost src]# rpm -ivh mysql-community-server-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# rpm -ivh mysql-community-libs-compat-8.0.28-1.el7.x86_64.rpm
[root@localhost src]# vim /etc/selinux/config
设置 SELINUX=disabled
[root@localhost src]# shutdown -r now
[root@localhost ~]# mkdir /data/data
[root@localhost ~]# mkdir /data/data/mysql
修改mysql配置文件
[root@localhost ~]# vim /etc/my.cnf
datadir = /data/data/mysql
user = mysql
初始化mysql
[root@localhost ~]# mysqld --initialize --console
启动mysql
[root@localhost ~]# systemctl start mysqld.service
[root@localhost ~]# systemctl status mysqld.service
[root@localhost nginx]# netstat -tlnp
防火墙添加3306端口(不远程连接数据,可忽略)
[root@localhost ~]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
[root@localhost ~]# firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
[root@localhost ~]# firewall-cmd --list-all
查看原始密码
[root@localhost ~]# cat /var/log/mysqld.log
使用原始密码登录
[root@localhost ~]# mysql -uroot -p
修改root密码(必需是大写小写特殊符号数字才能修改成功)
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'Lixin_.123';
mysql> flush privileges;
mysql> exit;
[root@localhost ~]# mysql -uroot -pLixin_.123
mysql> use mysql;
mysql> select user,host,plugin from user;
mysql> update user set Host='%' where User='root';
mysql> flush privileges;
如果需要降低密码强度(0或low代表最低要求):
mysql> install plugin validate_password soname 'validate_password.so';
mysql> select plugin_name, plugin_status from information_schema.plugins where plugin_name like 'validate%';
mysql> SHOW VARIABLES LIKE 'validate_password%';
要根据时面的字段名根据(字段名会变的)
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 1 |
| validate_password_check_user_name | ON |
| validate_password_dictionary_file | |
| validate_password_length | 6 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
mysql> set global validate_password_policy=LOW;
mysql> set global validate_password.length=6;
mysql> ALTER USER 'root'@'%' IDENTIFIED BY '123456';
mysql> flush privileges;
mysql> exit;
免密码登陆修改密码
+--------------------------------------+-------+
[root@localhost ~]# vi /etc/my.cnf
添加skip-grant-tables
mysql> use mysql;
mysql> flush privileges;
mysql> ALTER USER 'root'@'%' IDENTIFIED BY '123456';
+--------------------------------------+-------+
编译安装Nginx
相关网址
https://sourceforge.net/projects/pcre/files/pcre/
https://nginx.org/en/download.html
https://www.openssl.org/source/
http://www.zlib.net/fossils/
https://github.com/jemalloc/jemalloc/releases/tag/5.3.0
安装依赖
[root@localhost ~]# cd /usr/local/src/
[root@localhost ~]# tar zvxf zlib-1.2.12.tar.gz && cd zlib-1.2.12
[root@localhost zlib-1.2.12]# ./configure && make && make install
[root@localhost zlib-1.2.12]# yum install zlib-devel openssl-devel -y
[root@localhost zlib-1.2.12]# cd /usr/local/src/
[root@localhost src]# tar zvxf pcre-8.45.tar.gz
[root@localhost src]# cd pcre-8.45
[root@localhost pcre-8.45.]# ./configure && make -j10 && make install
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# tar zvxf openssl-3.0.3.tar.gz && cd openssl-3.0.3
[root@localhost openssl-3.0.3]# yum install perl-ExtUtils-CBuilder perl-ExtUtils-MakeMake -y
[root@localhost openssl-3.0.3]# ./config shared zlib --prefix=/usr && make -j10 && make install
*****************************************************************************************************************
#更新软连接 (如编译指定不是/usr目录则需要添加软连接,如指定/ --prefix=/opt/openssl )
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl/ /usr/include/openssl_bak
ln -s /opt/openssl/bin/openssl /usr/bin/openssl
ln -s /opt/openssl/include/openssl/ /usr/include/openssl
echo "/opt/openssl/lib" >> /etc/ld.so.conf
*****************************************************************************************************************
#查看最新版本
[root@localhost openssl-3.0.3]# ldconfig -v | grep ssl
[root@localhost openssl-3.0.3]# openssl version
[root@localhost openssl-3.0.3]# cd /usr/local/src/
[root@localhost src]# tar xjf jemalloc-5.3.0.tar.bz2
[root@localhost src]# cd jemalloc-5.3.0
[root@localhost jemalloc-5.3.0]# ./configure && make -j10 && make install
[root@localhost jemalloc-5.3.0]# echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
[root@localhost jemalloc-5.3.0]# ldconfig
创建www用户和组,创建www虚拟主机使用的目录,以及Nginx使用的日志目录,并且赋予他们适当的权限
[root@localhost openssl-3.0.3]# groupadd www
[root@localhost openssl-3.0.3]# useradd -g www www -s /sbin/nologin -M
[root@localhost openssl-3.0.3]# mkdir -p /data/www/web
[root@localhost openssl-3.0.3]# chmod +w /data/www/web
[root@localhost openssl-3.0.3]# chown -R www:www /data/www/web
安装nginx
[root@localhost src]# cd /usr/local/src/
[root@localhost src]# tar zvxf nginx-1.22.0.tar.gz
[root@localhost src]# cd nginx-1.22.0
[root@localhost nginx-1.22.0]# ./configure --prefix=/opt/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-ld-opt="-ljemalloc" \
--with-http_v2_module \
--with-zlib=/usr/local/src/zlib-1.2.12 \
--with-pcre=/usr/local/src/pcre-8.45 \
--with-openssl=/usr/local/src/openssl-3.0.3
[root@localhost nginx-1.22.0]# make -j10 && make install
配置nginx,以支持静态网页访问
[root@localhost nginx-1.22.0]# vim /opt/nginx/conf/nginx.conf
打开配置文件,删除原所有内容,添加以下新内容:
user www www;
worker_processes auto;
error_log logs/error.log crit;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /opt/nginx/conf/vhosts/*.conf;
}
:wq 保存退出 ( 保存前先 gg=G 格式化)
创建网站配置文件目录
[root@localhost nginx-1.22.0]# mkdir -p /opt/nginx/conf/vhosts
创建网站配置文件
[root@localhost nginx-1.22.0]# vim /opt/nginx/conf/vhosts/web.conf
添加以下内容
server {
listen 80;
server_name 192.168.0.235;
set $root /data/www/web;
root $root;
location / {
index index.html index.htm;
}
}
:wq 保存退出 ( 保存前先 gg=G 格式化)
建立测试首页
[root@localhost nginx-1.22.0]# vim /data/www/web/index.html
<html>
<head><title>nginx index.html</title></head>
<body>
<h1>index.html</h1>
</body>
</html>
保存,退出
测试和运行
[root@localhost nginx-1.22.0]# cd /opt/nginx
[root@localhost nginx]# ldconfig
[root@localhost nginx]# ./sbin/nginx -c /opt/nginx/conf/nginx.conf -t
如果显示下面信息,即表示配置没问题
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
启动nginx
[root@localhost nginx]# ./sbin/nginx -c /opt/nginx/conf/nginx.conf
查看jemalloc是否生效,需要先启动nginx
[root@localhost nginx]# lsof -n | grep jemalloc
nginx 1892 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1893 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1894 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1895 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1896 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1897 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1898 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
nginx 1899 www mem REG 253,0 4956728 4279215 /usr/local/lib/libjemalloc.so.2
查看端口情况
[root@localhost nginx]# netstat -tlnp
查看进程情况
[root@localhost nginx]# ps -axu | grep nginx
防火墙添加80端口
[root@localhost nginx]# firewall-cmd --zone=public --add-port=80/tcp --permanent
[root@localhost nginx]# firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
浏览器打开
http://192.168.0.235
显示出欢迎内容,则表示成功
作为服务,开机后启动
[root@localhost nginx]# vim /etc/systemd/system/nginx.service
增加以下内容
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/opt/nginx/logs/nginx.pid
ExecStartPre=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf -t
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
:wq 保存退出
启动服务
[root@localhost nginx]# systemctl enable nginx.service
[root@localhost nginx]# systemctl list-unit-files|grep enabled|grep nginx
[root@localhost nginx]# systemctl start nginx.service
[root@localhost nginx]# systemctl status nginx.service -l
[root@localhost nginx]# ps -ef|grep nginx
[root@localhost nginx]# lsof -n | grep jemalloc
安装java
[root@localhost nginx-1.22.0]# yum -y install java-11-openjdk*
[root@localhost nginx-1.22.0]# yum -y install java-1.8.0-openjdk*
[root@localhost nginx-1.22.0]# java -version
安装maven
[root@localhost nginx-1.22.0]# cd /data/src
[root@localhost src]# tar -xf apache-maven-3.8.5-bin.tar.gz -C /opt
设置环境变量,将下面的添加到 /etc/profile 最后:
[root@localhost nginx]# vim /etc/profile
export PATH=$PATH:/opt/apache-maven-3.8.5/bin
保存关闭后,执行命令立即生效:
[root@localhost src]# source /etc/profile
需要java安装完之后执行
[root@localhost src]# mvn -v
换源找到我们安装的目录,在conf文件中找到settings.xml 将如下代码粘贴到mirros节点里面
[root@localhost src]# vim /opt/apache-maven-3.8.5/conf/settings.xml
<mirror>
<id>aliyunmaven</id>
<mirrorOf>*</mirrorOf>
<name>阿里云公共仓库</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
设置本地依赖地址找到我们安装的目录,粘贴到mirros节点里面
[root@localhost src]# vim /opt/apache-maven-3.8.5/conf/settings.xml
<localRepository>/data/repository</localRepository>
安装redis
安装依赖
[root@centos ~]# yum install tcl -y
[root@centos ~]# groupadd redis
[root@centos ~]# useradd -g redis redis -s /sbin/nologin -M
[root@centos ~]# cd /usr/local/src
[root@centos ~]# tar -zxvf redis-6.0.9.tar.gz && cd redis-6.0.9
[root@localhost redis-6.0.9]# make -j8 && make PREFIX=/opt/redis install
[root@localhost redis-6.0.9]# mkdir -p /opt/redis/logs
[root@localhost redis-6.0.9]# cp redis.conf /opt/redis
[root@localhost redis-6.0.9]# ll /opt/redis
[root@localhost redis-6.0.9]# chown -R redis:redis /opt/redis
[root@localhost redis-6.0.9]# vim /opt/redis/redis.conf
找到相关的行,修改
#bind 127.0.0.1
protected-mode no
requirepass redispwd
daemonize no
supervised no
pidfile /opt/redis/redis_6379.pid
logfile /opt/redis/redis_6379.log
dbfilename dump.rdb
dir /opt/redis
保存,退出
[root@localhost redis-6.0.9]# vim /usr/lib/systemd/system/redis.service
[Unit]
Description=Redis Server
After=network.target
[Service]
Type=simple
PIDFile=/opt/redis/redis_6379.pid
ExecStart=/opt/redis/bin/redis-server /opt/redis/redis.conf
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
User=redis
[Install]
WantedBy=multi-user.target
保存,退出
[root@localhost redis-6.0.9]# systemctl enable redis && systemctl daemon-reload && systemctl start redis
[root@localhost redis-6.0.9]# systemctl status firewalld
配置打开端口
[root@localhost redis-6.0.9]# iptables -L --line-numbers|grep ACCEPT
[root@localhost redis-6.0.9]# firewall-cmd --zone=public --add-port=6379/tcp --permanent
**************************************************************************************************
指定IP可以访问
[root@localhost redis-6.0.9]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
显示所有规则
[root@localhost redis-6.0.9]# firewall-cmd --list-all
移除指定IP可以访问
[root@localhost redis-6.0.9]# firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
**************************************************************************************************
[root@localhost redis-6.0.9]# firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
安装完成后,打开客户端
[root@localhost redis-6.0.9]# /opt/redis/bin/redis-cli -h 127.0.0.1 -p 6379
输入以下命令,测试写入及读取
127.0.0.1:6379 > auth redispwd
127.0.0.1:6379 > set name abc123
127.0.0.1:6379 > get name
127.0.0.1:6379 > quit
Docker 安装
卸载旧版本
[root@localhost redis-6.0.9]# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安装 Docker Engine-Community
使用 Docker 仓库进行安装
在新主机上首次安装 Docker Engine-Community 之前,需要设置 Docker 仓库。之后,您可以从仓库安装和更新 Docker。
设置仓库安装所需的软件包。yum-utils 提供了 yum-config-manager ,并且 device mapper 存储驱动程序需要 device-mapper-persistent-data 和 lvm2。
[root@localhost redis-6.0.9]# yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
使用以下命令来设置稳定的仓库
[root@localhost redis-6.0.9]# yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装 Docker Engine-Community
[root@localhost redis-6.0.9]# yum install -y docker-ce docker-ce-cli containerd.io
[root@centos ~]# systemctl start docker
Docker 安装完默认未启动。并且已经创建好 docker 用户组,但该用户组下没有用户。
Docker 镜像加速
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
安装 Chromium
相关网址 https://wpcademy.com/how-to-install-chromium-on-centos-7/
[root@localhost redis-6.0.9]# yum clean all
[root@localhost redis-6.0.9]# yum install -y epel-release
[root@localhost redis-6.0.9]# yum -y update
[root@localhost redis-6.0.9]# yum install -y chromium
安装 java 项目
源码打包命令
mvn -T 10 clean package -DskipTest=true
启动命令
nohup java -jar -javaagent:/data/repository/org/springframework/spring-instrument/5.3.9/spring-instrument-5.3.9.jar -javaagent:/data/repository/org/aspectj/aspectjweaver/1.9.7/aspectjweaver-1.9.7.jar -Dspring.profiles.active=prod -Dserver.port=8080 -Dconfig.serverId=0 ./NenFou-Backend.jar > nohup.log 2>&1 &
[root@centos ~]# cd /data/www
管理后台h5页面
[root@centos www]# mkdir nf-admin-h5-80
管理后台接口
[root@centos www]# mkdir nf-admin-api-8084
微信公众号
[root@centos www]# mkdir nf-wx-officia
微信移动端接口(微信小程序和公众号)
[root@centos www]# mkdir nf-mobile-api-8080
[root@centos www]# mkdir nf-mobile-api-8081
安装 Node
[root@centos ~]# yum install python3 -y
[root@centos ~]# cd /usr/bin
[root@centos ~]# ll python*
[root@centos ~]# python -V
[root@centos ~]# python3 -V
[root@centos ~]# mv python python.bak
[root@centos ~]# ln -s /usr/bin/python3 /usr/bin/python
[root@centos ~]# python -V
[root@centos ~]# vim /usr/bin/yum
改为 #!/usr/bin/python2
[root@centos ~]# vim /usr/libexec/urlgrabber-ext-down
改为 #!/usr/bin/python2
[root@centos ~]# cd /data/src
[root@localhost src]# tar -xf node-v16.15.1-linux-x64.tar.xz -C /opt
[root@localhost src]# ln -s /opt/node-v16.15.1-linux-x64/bin/npm /usr/local/bin/
[root@localhost src]# ln -s /opt/node-v16.15.1-linux-x64/bin/node /usr/local/bin/
[root@localhost src]# node -v
[root@localhost src]# npm -v
[root@localhost src]# npm config set registry https://registry.npm.taobao.org
[root@localhost src]# npm config get registry
[root@localhost src]# npm install -g cnpm --registry=https://registry.npm.taobao.org
[root@localhost src]# ln -s /opt/node-v16.15.1-linux-x64/bin/cnpm /usr/local/bin/
Nuxt3项目启动
[root@localhost src]# npm install -g pm2
给pm2程序添加一个软链接。
首先,我们需要找到pm2程序所在路径,通过find / -name pm2
找到pm2安装后的所在路径
/opt/node-v16.15.1-linux-x64/lib/node_modules/pm2
/opt/node-v16.15.1-linux-x64/lib/node_modules/pm2/pm2
/opt/node-v16.15.1-linux-x64/lib/node_modules/pm2/lib/templates/logrotate.d/pm2
/opt/node-v16.15.1-linux-x64/lib/node_modules/pm2/bin/pm2
/opt/node-v16.15.1-linux-x64/bin/pm2
[root@localhost src]# ln -s /opt/node-v16.15.1-linux-x64/bin/pm2 /usr/local/bin
[root@localhost src]# npm cache clear --force
[root@localhost src]# npm install
[root@localhost src]# npm run build
[root@localhost src]# pm2 start .output/server/index.mjs --name=nuxt_app
[root@localhost src]# pm2 --version
安装 Supervisor (低于 3.3.3 会有安全漏洞)
https://pypi.org/project/supervisor/
https://pypi.org/project/setuptools/
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# yum install unzip -y
[root@localhost src]# unzip setuptools-44.1.1.zip && cd setuptools-44.1.1
[root@localhost cd setuptools-44.1.1]# python2 setup.py build && python2 setup.py install
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# tar zvxf supervisor-4.2.4.tar.gz && cd supervisor-4.2.4
[root@localhost supervisor-4.2.0]# python2 setup.py install
---------------------------------------------------------------------------------------
如提示
pkg_resources.DistributionNotFound: The 'meld3>=1.0.0' distribution was not found and is required by supervisor
wget https://files.pythonhosted.org/packages/00/3b/023446ddc1bf0b519c369cbe88269c30c6a64bd10af4817c73f560c302f7/meld3-2.0.0.tar.gz
tar zvxf meld3-2.0.0.tar.gz && cd meld3-2.0.0
python2 setup.py install && ldconfig
-----------------------------------------------------------------------------------------
配置Supervisor
[root@localhost supervisor-4.2.0]# mkdir -p /etc/supervisor/conf.d
[root@localhost supervisor-4.2.0]# echo_supervisord_conf > /etc/supervisor/supervisord.conf
[root@localhost supervisor-4.2.0]# vim /etc/supervisor/supervisord.conf
查找
;[include]
;files = relative/directory/*.ini
修改为
[include]
files=conf.d/*.conf
查找 [unix_http_server] 下账号和密码设置,设置密码 (使用 supervisorctl 强制输入密码,增强安全性)
username=supervisor_user
password=supervisor_userpwd
:wq 保存退出
假设有一个 java项目
cd /data/www/java
nohup java -jar -javaagent:/data/repository/org/springframework/spring-instrument/5.3.9/spring-instrument-5.3.9.jar -javaagent:/data/repository/org/aspectj/aspectjweaver/1.9.7/aspectjweaver-1.9.7.jar -Dspring.profiles.active=prod -Dserver.port=8080 -Dconfig.serverId=0 ./NenFou-Backend.jar > nohup.log 2>&1 &
[root@localhost supervisor-4.2.0]# vim /etc/supervisor/conf.d/java.conf
输入以下内容
[program:java]
command=nohup java -jar -javaagent:/data/repository/org/springframework/spring-instrument/5.3.9/spring-instrument-5.3.9.jar -javaagent:/data/repository/org/aspectj/aspectjweaver/1.9.7/aspectjweaver-1.9.7.jar -Dspring.profiles.active=prod -Dserver.port=8080 -Dconfig.serverId=0 ./NenFou-Backend.jar > nohup.log 2>&1 &; 运行的命令
directory=/data/www/java/ ; 命令执行目录
autorestart=true ; 自动重启
stderr_logfile=/var/log/java.err.log ; 错误日志
stdout_logfile=/var/log/java.out.log ; 输出日志
environment=ASPNETCORE_ENVIRONMENT=Production ; 环境变量
user=www ; 进程执行的用户身份
stopsignal=INT
:wq 保存退出
[root@localhost supervisor-4.2.0]# supervisord -c /etc/supervisor/supervisord.conf
配置 Supervisor 开机启动
[root@localhost supervisor-4.2.0]# vim /etc/systemd/system/supervisord.service
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
ExecStop=/usr/bin/supervisorctl shutdown
ExecReload=/usr/bin/supervisorctl reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
:wq 保存退出
[root@localhost supervisor-4.2.0]# systemctl enable supervisord && systemctl restart supervisord
[root@localhost supervisor-4.2.0]# systemctl status supervisord
[root@localhost supervisor-4.2.0]# supervisorctl
> version # 查看当前版本
> status # 查看程序状态
> stop java # 关闭 usercenter 程序
> start java # 启动 usercenter 程序
> restart java # 重启 usercenter 程序
> reread # 读取有更新(增加)的配置文件,不会启动新添加的程序
> update # 重启配置文件修改过的程序
> reload
> exit # 退出
安装git
wget https://www.kernel.org/pub/software/scm/git/git-2.9.5.tar.gz
https://blog.csdn.net/u012069313/article/details/123206297
https://blog.csdn.net/feengg/article/details/82700498
yum 安装
[root@localhost ~]# vim /etc/yum.repos.d/CentOS-Base.repo
最后添加
[wandisco-git]
name=Wandisco GIT Repository
baseurl=http://opensource.wandisco.com/centos/7/git/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://opensource.wandisco.com/RPM-GPG-KEY-WANdisco
[root@localhost yum.repos.d]# rpm --import http://opensource.wandisco.com/RPM-GPG-KEY-WANdisco
[root@localhost yum.repos.d]# yum install git -y
[root@localhost ~]# git --version
源码安装
[root@localhost ~]# cd /data/src/
[root@localhost src]# tar -xzvf git-2.9.5.tar.gz
[root@localhost git-2.9.5]# yum remove git -y
[root@localhost src]# cd git-2.9.5
[root@localhost git-2.9.5]# make prefix=/opt/git all
[root@localhost git-2.9.5]# make prefix=/opt/local/git install
[root@localhost git-2.9.5]# vim /etc/profile
[root@localhost git-2.9.5]# source /etc/profile
[root@localhost git-2.9.5]# vim /etc/profile
添加这一条: export PATH="/opt/git/bin:$PATH"
[root@localhost git-2.9.5]# git --version
源码安装 expect
yum -y install expect
编译安装RabbitMQ
相关网址
https://frxcat.fun/middleware/RabbitMQ/RabbitMQ_install/
[root@iZ7xv4e2r4on8l7ff2vummZ ~]# cd /data/src/
[root@iZ7xv4e2r4on8l7ff2vummZ src]# r
pm -ivh erlang-21.3-1.el7.x86_64.rpm
[root@iZ7xv4e2r4on8l7ff2vummZ src]# erl -v
[root@iZ7xv4e2r4on8l7ff2vummZ src]# yum install socat -y
[root@iZ7xv4e2r4on8l7ff2vummZ src]# rpm -ivh
rabbitmq-server-3.8.8-1.el7.noarch.rpm
[root@iZ7xv4e2r4on8l7ff2vummZ src]# systemctl start rabbitmq-server
[root@iZ7xv4e2r4on8l7ff2vummZ src]# rabbitmq-plugins enable rabbitmq_management
通过 http://ip:15672
访问,ip 为 Linux 的 ip。rabbitmq
有一个默认的账号密码 guest
,但是登录该账号密码会出现权限问题
编译安装nacos
相关网址
https://blog.csdn.net/weixin_45413091/article/details/121611394
[root@iZ7xv4e2r4on8l7ff2vummZ ~]# cd /data/src/
[root@iZ7xv4e2r4on8l7ff2vummZ src]# tar -zxvf nacos-server-2.0.3.tar.gz
[root@iZ7xv4e2r4on8l7ff2vummZ src]# cp -rf ./nacos /opt/
[root@iZ7xv4e2r4on8l7ff2vummZ src]# cd /opt/nacos/bin/ && vim start.out
查看
https://blog.csdn.net/oRanXiaoLuo/article/details/121957352
[root@iZ7xv4e2r4on8l7ff2vummZ src]# vim /usr/lib/systemd/system/nacos.service
[Unit]
Description=nacos
After=network.target
[Service]
Type=forking
ExecStart=/opt/nacos/bin/startup.sh -m standalone #启动
ExecReload=/opt/nacos/bin/shutdown.sh
ExecStop=/opt/nacos/bin/shutdown.sh #停止
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@iZ7xv4e2r4on8l7ff2vummZ src]# systemctl restart nacos.service && systemctl nacos.service
启动服务:systemctl start vsftpd.service
关闭服务:systemctl stop vsftpd.service
重启服务:systemctl restart vsftpd.service
显示服务的状态:systemctl status vsftpd.service
在开机时启用服务:systemctl enable vsftpd.service
在开机时禁用服务:systemctl disable vsftpd.service
查看服务是否开机启动:systemctl is-enabled vsftpd.service
查看已启动的服务列表:systemctl list-unit-files|grep enabled
查看启动失败的服务列表:systemctl --failed