centos7
安装时按默认最小安装即可,安装完毕后,
进入/etc/sysconfig/network-scripts/
将ifcfg-enp0s3(以ifcfg开头的网卡名字),编辑
将 ONBOOT="no" ,改为 yes。重启
:关闭selinux:
vi /etc/selinux/config
将SELINUX=enforcing改为disable。
:关闭firewalld,关闭防火墙
systemctl disable firewalld
----------------------------------------------------
jdk8
上传至/root目录,
rpm -ivh jdk-8u231-linux-x64.rpm
安装完毕后,默认就配好了环境变量等,
运行javac -version ,和 java -version 可以查看验证
----------------------------------------------------
安装tomcat8.5
上传至 /root 目录
tar -xvf apache-tomcat-8.5.50.tar
mv apache-tomcat-8.5.50 tomcat
cp -rf tomcat /usr/local/
:配置自启动
vim /lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/tomcat/pid
ExecStart=/usr/local/tomcat/bin/catalina.sh start
ExecReload=/usr/local/tomcat/bin/catalina.sh restart
ExecStop=/usr/local/tomcat/bin/catalina.sh stop
[Install]
WantedBy=multi-user.target
在/usr/local/下面,建立tomcat的目录。确保路径真实有效。
在tomcat的bin/catalina.sh里面,添加
CATALINA_PID=/usr/local/tomcat/pid
# OS specific support. $var _must_ be set to either true or false. cygwin=false
....略..
创建软链接
ln -s /lib/systemd/system/tomcat.service /etc/systemd/system/multi-user.target.wants/tomcat.service
创建好了,重载一下
systemctl daemon-reload
设置开机自启
systemctl enable tomcat
-----------------------
:tomcat设置
tomcat 开启远程manger的办法
首先需要修改tomcat/conf/tomcat-users.xml的用户权限修改为:
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="1234" roles="admin-gui,manager-gui"/>
其次修改tomcat/webapps/host-manager/META-INF/context.xml和tomcat/webapps/manager/META-INF/context.xml,原始代码为:
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />
<Manager sessionAttributeValueClassNameFilter="java.lang.(?:Boolean|Integer|Long|Number|String)|org.apache.catalina.filters.CsrfPreventionFilter$LruCache(?:$1)?|java.util.(?:Linked)?HashMap"/>
</Context>
修改为:
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="^.*$" />
<Manager sessionAttributeValueClassNameFilter="java.lang.(?:Boolean|Integer|Long|Number|String)|org.apache.catalina.filters.CsrfPreventionFilter$LruCache(?:$1)?|java.util.(?:Linked)?HashMap"/>
</Context>
修改完成后不用重启tomcat,再进行远程访问,即可。
:改nio的链接模式为nio的执行器
<Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- 打开exec执行器,去掉注释 --> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> <!-- 将这段注释掉 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- A "Connector" using the shared thread pool--> <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
-----------------------------------------------------
nginx
上传至/root
tar xvf nginx-1.14.2.tar.gz
上传upstream至/root,
tar xvf nginx_upstream_check_module.tar.gz
###############
(或者,安装运行git,git clone)
yum install git
git clone https://github.com/yaoweibin/nginx_upstream_check_module.git
###############
安装patch
yum install patch
// 进入nginx源码目录,第一层
cd nginx-1.14.2
//打源码补丁
patch -p1 </root/nginx_upstream_check_module/check_1.14.0+.patch
// 以下为编译nginx所需的lib
yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
cd nginx-1.14.2
// 配置,安装目录为 /usr/nginx ,add-module 的目录为上面git后的目录
./configure --prefix=/usr/nginx --with-http_ssl_module --with-http_realip_module --add-module=/root/nginx_upstream_check_module/
在configure的摘要信息中,只有三个扩展,没有upstream的。另外配置了反向代理查看真实ip的模块
make install
cd /usr/nginx/sbin
./nginx
:配置nginx
vim /etc/init.d/nginx
编写脚本,注意三个地方(nginx执行文件所在目录,conf配置文件所在目录,pid文件需要和nignx的conf文件创建并保持一致),
#!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: NGINX is an HTTP(S) server, HTTP(S) reverse # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid #########################上面的pid文件,需要在服务器配置文件/usr/nginx/conf/nginx.conf中,去掉pid注释,并且配置为上面的这个目录。 # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 ######################## 需要修改为实际的安装目录的可执行文件 nginx="/usr/nginx/sbin/nginx" prog=$(basename $nginx) #######################需要修改为实际的配置服务器文件的所在位置 NGINX_CONF_FILE="/usr/nginx/conf/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=([^ ]*).*/1/g' -` if [ -n "$user" ]; then if [ -z "`grep $user /etc/passwd`" ]; then useradd -M -s /bin/nologin $user fi options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=`echo $opt | cut -d "=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done fi } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $prog -HUP retval=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac
建立pid文件。重要!
touch /var/run/nginx.pid
chmod 777 /etc/init.d/nginx
chkconfig --add /etc/init.d/nginx
chkconfig nginx on
systemctl daemon-reload
systemctl enable nginx
systemctl start nginx
编写 /usr/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;# 以下为 关键代码,需要改成和nginx启动脚本一致的目录文件
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
:配置反向代理
进入/usr/nginx/sbin 下,运行 ./nginx 看看报错信息
如果提示check_http_expert_alive 或 ip_hash 错误,删除前面多余的空格。
#keepalive_timeout 0; keepalive_timeout 65;
#gzip on;
upstream yiwiki {
server 127.0.0.1:8080;
server 112.126.56.244;
check interval=3000 rise=2 fall=5 timeout=2000 type=http;
check_http_expect_alive http_2xx http_3xx;
ip_hash;
}
server {
listen 80;
server_name localhost;
.......
:配置80口
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
:配置443 ssl 口
server {
listen 443 ssl;
server_name localhost;
# 在conf目录建立cert目录,拷贝证书文件至此
ssl_certificate cert/5089556_www.yiwiki.cn.pem;
ssl_certificate_key cert/5089556_www.yiwiki.cn.key;
# ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
# root html;
# index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Real-User $remote_user; # 存放用户的真实ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 每经过一个反向代理,就会把反向代理IP存放在X-Forwarded-For>里
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_pass http://yiwiki/;
}
#健康监控
location /status {
check_status;
}
}配置了nginx反向代理查看真实ip的模块,另外需要在java代码中,request.getHeader("X-Forwarder-For");获取真实ip
------------------------------------------------------
安装mysql57
上传mysql57-community-release-el7.rpm 至 /root
或 yum install http://repo.mysql.com/mysql57-community-release-el7.rpm
:安装mysql57的更新源
安装此步后,在yum中可以看到mysql57版本,否则yum中不出现57版本
rpm -ivh mysql57-community-release-el7.rpm
:安装mysql-server
yum install mysql-server
运行服务器
systemctl start mysqld
安装完毕后,第一次启动必须改密码,
cat /var/log/mysqld.log | grep password
查看到默认密码
复制后,用默认密码登陆
然后第一次登陆后,用alter user 改密码,默认8位数以上,有大小写,有标点
alter user root@localhost identified by 'xxxxxxxxx';
查看密码等级
show variables like 'validate_password%';
然后修改密码等级,
set global validate_password_policy = 0;
//只是检测密码位数,LOW,不在限制大小混等
初始化安全向导
mysql_secure_installation
然后加入自启动
systemctl enable mysqld
systemctl restart mysql
进入后 用status查看版本状态等。
修改vim /etc/my.cnf
# For advice on how to change settings please see # http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html [mysqld] # # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin # # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. # join_buffer_size = 128M # sort_buffer_size = 2M # read_rnd_buffer_size = 2M datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock character-set-server=utf8 collation-server=utf8_general_ci performance_schema_max_table_instances=400 table_definition_cache=400 table_open_cache=256 wait_timeout=5184000 # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION #default-character-set=utf8 这句话在5.6上没报错,但在5.7版本,报错。需要注释掉。 [mysql.server] default-character-set=utf8 [mysqld_safe] default-character-set = utf8 [client] default-character-set = utf8
show global variables like 'wait_timeout';
show variables like 'character%';
------------------------------------------
redis安装
:安装docker
yum install docker
更新阿里云docker镜像源
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://5dn8slzr.mirror.aliyuncs.com"]
}
做完之后,重新加载守护精灵进程
systemctl daemon-reload
systemctl restart docker
docker pull redis
设置随机自启动redis
systemctl enable docker
##docker run -p 6379:6379 --restart=always redis
##docker update --restart=no containerId //如果之前忘了加密码,可以把之前的禁用掉,然后再重写一个。后面的参数是容器id,另外如果之前的不重写禁用,会再启动时覆盖后面新配的容器端口。
docker run -p 6379:6379 --restart=always redis --requirepass "123456"