ubuntu-安装docker、中间件
1、基本命令
# 查看ubuntu版本
lsb_release -a
# 修改密码
sudo passwd ubuntu
# 修改远程端口
vim /etc/ssh/sshd_config
sudo service ssh restart
# 查看可挂载的磁盘
lsblk
# 修改时区
sudo timedatectl set-timezone Asia/Shanghai
# 模糊查找文件
find / -name 'ip2region*.xdb'
# 模糊查找路径
find / -path '*/folders/jv'
# 基础软件安装
sudo apt install iputils-ping -y
sudo apt install net-tools -y
sudo apt install vim -y
sudo apt install ufw -y
sudo apt install openjdk-11-jdk -y
sudo apt install ffmpeg -y // FFmpeg 多媒体处理工具
# 查找名为 easy-rsa 的文件夹
sudo find / -type d -name "easy-rsa"
# 查找名为 ffmpeg 相关的服务
ps aux | grep ffmpeg
2、防火墙
sudo ufw status
sudo ufw enable
sudo ufw disable
#开通端口
sudo ufw allow 53306/tcp
#关闭端口
sudo ufw delete allow 53306/tcp
3、设置固定ip
# 查看当前网络
ip a
# 修改配置文件
vim /etc/netplan/xxxx.yaml
network:
version: 2
ethernets:
enp1s0:
dhcp4: no
addresses: [192.168.8.23/24]
routes:
- to: default
via: 192.168.8.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
# 应用配置
sudo netplan apply
4、安装docker
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce
sudo systemctl start docker
sudo systemctl enable docker # 设置开机启动
sudo docker --version # 查看 Docker 版本
#配置国内镜像:
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://y8yh50dy.mirror.aliyuncs.com",
"https://docker.m.daocloud.io"
],
"insecure-registries": [
"39.100.100.999:51001"
]
}
#验证镜像是否可访问:curl -I https://docker.m.daocloud.io
#重启docker:
sudo systemctl daemon-reload
sudo systemctl restart docker
#进入容器
docker pull hello-world:latest
sudo docker run hello-world
docker exec -it 容器名称 bash
# 卸载:
# 0.停止docker
systemctl stop docker.socket
systemctl disable docker.socket
systemctl stop docker
systemctl disable docker
# 1. 查找 Docker 相关的包并卸载
dpkg -l | grep -i docker
sudo apt remove --purge -y <package-name>
# 2. 检查和删除 Docker 二进制文件
sudo rm /usr/local/bin/docker
sudo rm /usr/local/bin/dockerd
# 3. 清理 Docker 残留的配置和数据目录
sudo rm -rf /var/lib/docker
sudo rm -rf /etc/docker
sudo rm -rf /var/lib/containerd
sudo rm -rf /run/docker
# 4. 检查 /usr/bin 目录中的 Docker 可执行文件
sudo rm -f /usr/bin/docker
sudo rm -f /usr/bin/dockerd
# 5. 清除 APT 缓存
sudo apt autoremove -y
sudo apt autoclean
# 6. 验证卸载是否成功,收入命令:docker --version。如果系统返回 docker: command not found,则表示 Docker 已被完全卸载。
docker --version
5、安装nginx
sudo apt install nginx -y
sudo systemctl restart nginx
sudo systemctl status nginx
cp /etc/nginx/nginx.conf /etc/nginx/nginx_bak.conf
vim /etc/nginx/nginx.conf
6、安装mysql
sudo systemctl status mysql
sudo systemctl restart mysql
# 修改mysql默认端口,以及设置远程可连接
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
# port = 53306
# mysqlx = 0 // 禁用MySQL 8.0 中引入的新的X Protocol 端口
# bind-address = 0.0.0.0
sudo netstat -tulnp | grep mysql
# mysql设置向导
sudo mysql_secure_installation
# 设置msyql root@localhost密码
sudo mysql -u root -p
alter user 'root'@'localhost' IDENTIFIED BY 'Root@123';
flush privileges;
# 设置mysql在宿主机上也需要密码验证
select user,host,plugin from mysql.user;
update mysql.user set plugin = 'mysql_native_password' where user = 'root';
# 创建mysql数据库及用户
create database db_dianchi;
create user 'test'@'%' identified by '12345678';
alter user 'test'@'%' identified by '12345678';
grant all privileges on db_dianchi.* to 'test'@'%';
flush privileges;
7、安装OpenVPN
sudo apt update && sudo apt upgrade -y
sudo apt install openvpn easy-rsa -y
# 创建CA证书
make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
# 证书、密钥、Diffie-Hellman文件
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
# 创建用户证书
./easyrsa gen-req zhangsan nopass
./easyrsa sign-req client zhangsan
# 配置 - 进入到pki/父级目录
sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key pki/dh.pem /etc/openvpn/
sudo cp pki/issued/zhangsan.crt pki/private/zhangsan.key /etc/openvpn/
sudo vim /etc/openvpn/server.conf
----加入内容:
port 52001
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
# 允许用户使用用户名和密码进行认证
auth-user-pass-verify /etc/openvpn/check-user.sh via-env
verify-client-cert none
username-as-common-name
sudo vim /etc/openvpn/check-user.sh
----加入内容:
#!/bin/bash
USERNAME=$1
PASSWORD=$2
case "$USERNAME" in
zhangsan)
[[ "$PASSWORD" == "zhangsan123" ]] && exit 0 || exit 1
;;
lisi)
[[ "$PASSWORD" == "lisi123" ]] && exit 0 || exit 1
;;
*)
exit 1
;;
esac
sudo chmod +x /etc/openvpn/check-user.sh
# 启动服务
sudo ufw allow 52001/udp
sudo ufw enable
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
sudo systemctl status openvpn@server
# 查看错误日志
sudo cat /var/log/openvpn.log
# 客户端配置 zhangsan.ovpn
client
dev tun
proto udp
remote [your_server_ip] 52001
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth-user-pass
verb 3
<ca>
# 将ca.crt文件内容粘贴到此处
</ca>
<cert>
# 将zhangsan.crt文件内容粘贴到此处
</cert>
<key>
# 将zhangsan.key文件内容粘贴到此处
</key>
# 卸载
sudo systemctl stop openvpn@server
sudo systemctl disable openvpn@server
sudo apt remove --purge openvpn easy-rsa -y
sudo rm -rf /etc/openvpn
sudo rm -rf ~/easy-rsa
sudo rm -rf /root/easy-rsa # 如果在这里生成了文件
sudo apt autoremove -y
8、设置开机启动程序:
# 添加文件:/etc/systemd/system/cdp5-base.service [Unit] Description=Java Application: cdp5-base After=network.target [Service] User=ubuntu Group=root WorkingDirectory=/publish/ ExecStart=java -jar cdp5-base.jar Restart=always RestartSec=5s StandardOutput=append:/publish/cdp5-base.log StandardError=append:/publish/cdp5-base-error.log [Install] WantedBy=multi-user.target sudo systemctl daemon-reload sudo systemctl enable cdp5-base.service
sudo systemctl daemon-reload
sudo systemctl enable cdp5-base.service
