Rocky8.5 编译安装 Nginx Mariadb Asp.net Core6 (实测 笔记 Rocky 8.5 + Openssl 3.0.1+ Mariadb 10.6.7 + Nginx 1
nmcli命令修改IP
# nmcli
# vi /etc/sysconfig/network-scripts/ifcfg-ens192
# nmcli c reload //加载新的网卡配置信息
# nmcli c down ens192
# nmcli up ens192 //重启网卡
设置PUTTY远程登录时,不使用密码,使用密钥文件登录(如不需要,可忽略)
服务器上创建目录
mkdir -p /root/.ssh
在"客户机"生成对称密钥,把客户机上的公钥复制到服务器(公钥文件:id_rsa.pub)
[root@centos ~] ssh-keygen -m PEM -t rsa -b 4096
根据提示操作,生成公钥
上传到服务器指定目录(*** 或使用软件远程复制id_rsa.pub到服务器/root/.ssh中。)
scp id_rsa.pub root@192.168.1.10/root/.ssh
查看服务器上,公钥是否已经存在
cd /root/.ssh
ll
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入密钥到authorized_keys
cat id_rsa.pub >> authorized_keys
ll /root/.ssh
-rw-r--r-- 1 root root 394 12月 5 09:37 authorized_keys
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
导入后,删除公钥文件
rm id_rsa.pub
设置目录和文件读取权限
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
设置sshd配置文件
vim /etc/ssh/sshd_config
找到GSSAPICleanupCredentials,并且修改为以下内容
GSSAPICleanupCredentials yes
:wq 保存退出
重启sshd服务,让其生效
systemctl restart sshd
客户端设置PUTTY,进行远程登录
打开软件 PuTTYgen
点击load 选择之前客户机生成私钥文件id_rsa, 点击save private key 生成 pKey.ppk文件
打开软件 PuTTY
点击Session,在HostName(or IP address)输入服务器地址
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为root)
点击Connection下的SSH下的Auth,点击Browse 选择之前生成 pKeyppk文件
点击Session,在Saved Sessions中,输入需要保存的Session名称,点击保存
1.7.6 设置完成后,即可以远程连接到服务器
打开软件 PuTTY
点击Session,在"Default Settings"下,找到之前已经保存的Session,双击打开连接
如果显示 Authenticating with public key "xxxxx-xxxx"时,即表未成功
1.8 设置新用户,并且使用密码和证书双重认证远程登录。同时禁止root远程登录 (如不需要,可忽略)
1.8.1 root登录后,修改root密码 (安全建议:密码为15位,大小字母+数字+特殊字符)
passwd
1.8.2 添加新用户,并且设置密码
adduser vicowong
passwd vicowong
1.8.3 创建目录,复制密钥相关文件到用户目录,并且设置权限
mkdir /home/vicowong/.ssh -p
cp /root/.ssh/authorized_keys /home/vicowong/.ssh
chmod 700 /home/vicowong/.ssh
chmod 600 /home/vicowong/.ssh/authorized_keys
chown vicowong:vicowong /home/vicowong/.ssh -R
设置防火墙,设置远程连接端口(这里是26322)
systemctl enable firewalld && systemctl start firewalld
firewall-cmd --zone=public --add-port=26322/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
安装semanage(用于设置selinux策略)
yum install -y policycoreutils-python selinux-policy selinux-policy-targeted
查看当前 selinux 是否启用 即 Enforcing 状态 (否则有可能设置 selinux 策略不成功)
getenforce
查看当前 selinux 关于远程ssh连接端口的设置
semanage port -l | grep ssh
ssh_port_t tcp 22
添加新端口
semanage port -a -t ssh_port_t -p tcp 26322
--------------------------------------------------------------------------------------------
移除端口
semanage port -d -t ssh_port_t -p tcp 26322
-------------------------------------------------------------------------------------------
1.8.6 设置sshd配置文件
vim /etc/ssh/sshd_config
找到以下内容,并且进行修改
Port 26322
Protocol 2
ServerKeyBits 1024
PermitRootLogin no
AllowUsers vicowong
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication yes
AuthenticationMethods publickey,password
X11Forwarding no
MaxStartups 10:30:60
:wq 保存退出
# AuthorizedKeysFile
# PasswordAuthentication
# X11Forwarding
以上三个搜索,查看是否有重复设置
重启sshd服务,让其生效
systemctl restart sshd
使用新用户登录(重新打开一个新终端,原来的终端先不关,避免因设置不当导致没法连接远程)
打开软件 PuTTY,点击之前保存的Sessions,点击Load读取之前的配置
在Port框输入端口(当前账号为26322)
点击Connection下的DATA,在Auto-login username中输入登录账号(当前账号为vicowong)
点击Session 点击Save。保存当前修改。
点击Open,打开终端。
设置后,必须远程将进行密码和证书双重认证。
远程登录会以vicowong这个账号进行登录。安装维护需要root权限时,可以使用su实现
su root
一、编译 升级 gcc
cd /usr/local/src/
wget http://mirrors.concertpass.com/gcc/releases/gcc-11.2.0/gcc-11.2.0.tar.gz
tar zvxf gcc-11.2.0.tar.gz
cd gcc-11.2.0/
./contrib/download_prerequisites && ldconfig
mkdir gcc-build && cd gcc-build
../configure --enable-languages=c,c++ --disable-multilib --enable-checking=release --prefix=/opt/gcc
make -j8
make install
echo '/opt/gcc/lib64' > /etc/ld.so.conf.d/local-lib64.conf
ldconfig -v
mv /usr/bin/gcc /usr/bin/gcc.bak
mv /usr/bin/g++ /usr/bin/g++.bak
ln -s /opt/gcc/bin/gcc /usr/bin/gcc
ln -s /opt/gcc/bin/g++ /usr/bin/g++
update-alternatives --install /usr/bin/gcc gcc /opt/gcc/bin/gcc 999
gcc --version
shutdown -r now
二、编译 升级 内核
yum -y install gcc gcc-c++ make autoconf automake libtool ncurses-devel flex bison openssl openssl-devel bc elfutils-libelf-devel zlib zlib-devel pcre pcre-devel
cd /usr/local/src/
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.16.2.tar.xz
tar vxf linux-5.16.2.tar.xz
cd linux-5.16.2/
cp /boot/config-4.18.0-348.7.1.el8_5.x86_64 .config
vim .config
在.config文件中找到CONFIG_SYSTEM_TRUSTED_KEYS,CONFIG_DEBUG_INFO_BTF这两行,并将这两行注释。
make menuconfig
make -j8
make modules
make modules_install
make install
grubby --info=ALL | grep ^kernel
grubby --default-kernel
grubby --set-default=/boot/vmlinuz-5.16.2
grubby --remove-kernel /boot/vmlinuz-4.18.0-348.el8.0.2.x86_64
rpm -qa | grep kernel
yum remove kernel-core-4.18.0 kernel-devel-4.18.0 kernel-tools-libs-4.18.0 kernel-headers-4.18.0
删除内核,会删除gcc环境,重新安装GCC
yum installgcc gcc-c++ -y
------------------------------------------------------------------------------------------
YUM 方式升级内核 (快速)
http://elrepo.org/tiki/HomePage
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install kernel-ml
------------------------------------------------------------------------------------------
三、安装jemalloc(需要 bzip2 库解压)
cd /usr/local/src/
wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
tar xjf jemalloc-5.2.1.tar.bz2 && cd jemalloc-5.2.1
./configure && make && make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig -v
find / -name jemalloc
四、编译 升级 zlib
cd /usr/local/src/
wget http://zlib.net/zlib-1.2.11.tar.gz
tar zvxf zlib-1.2.11.tar.gz && cd zlib-1.2.11
./configure && make && make install
ldconfig -v
find / -name libz.so.1.2.11
ll /usr/local/lib
五、编译 升级 openssl,openssh
find / -name openssl
# /usr/bin/openssl
# /usr/include/openssl
yum remove openssl openssl-dev
rm -rf /usr/include/openssl
openssl-3.0.1 版本
编译时需要用到 Perl 的 Text::Template 模块和IPC::Cmd 模块
yum -y install perl-CPAN
cpan -i Text::Template
cpan -i IPC::Cmd
cd /usr/local/src
wget https://www.openssl.org/source/openssl-3.0.1.tar.gz
tar zvxf openssl-3.0.1.tar.gz && cd openssl-3.0.1
使用“ --prefix= ”指定头文件和库文件的存放路径,使用“--openssldir=”指定证书等文件存放的路径:
./config shared zlib --prefix=/opt/openssl3 --openssldir=/opt/openssl3
make update && make && make install
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
ln -s /opt/openssl3/bin/openssl /usr/bin/openssl
ln -s /opt/openssl3/include/openssl /usr/include/openssl
rm -rf /usr/lib64/libssl.so
rm -rf /usr/lib/libssl.so
ln -s /opt/openssl3/lib64/libssl.so /usr/lib64/libssl.so
ln -s /opt/openssl3/lib64/libssl.so /usr/lib/libssl.so
rm -rf /usr/lib64/libssl.so.3
rm -rf /usr/lib/libssl.so.3
ln -s /opt/openssl3/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /opt/openssl3/lib64/libssl.so.3 /usr/lib/libssl.so.3
rm -rf /usr/lib64/libcrypto.so
rm -rf /usr/lib/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so /usr/lib64/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so /usr/lib/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
# 根据需要引入库
export LD_LIBRARY_PATH=/opt/openssl3/lib64:$LD_LIBRARY_PATH
ldconfig -v | grep ssl
openssl version -a
openssl ciphers -v
ssh -V
------------------------------------------------------------------------------------------
openssl-1.1.1m 版本
cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
tar zvxf openssl-1.1.1m.tar.gz && cd openssl-1.1.1m
./config -shared --prefix=/opt/openssl --openssldir=/opt/openssl
make && make install
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
ln -s /opt/openssl/bin/openssl /usr/bin/openssl
ln -s /opt/openssl/include/openssl /usr/include/openssl
rm -rf /usr/lib64/libssl.so
rm -rf /usr/lib64/libcrypto.so
ln -s /opt/openssl/lib/libssl.so /usr/lib64/libssl.so
ln -s /opt/openssl/lib/libcrypto.so /usr/lib64/libcrypto.so
rm -rf /usr/lib/libssl.so
rm -rf /usr/lib/libcrypto.so
ln -s /opt/openssl/lib/libssl.so /usr/lib/libssl.so
ln -s /opt/openssl/lib/libcrypto.so /usr/lib/libcrypto.so
ldconfig -v | grep ssl
openssl version -a
openssl ciphers -v
------------------------------------------------------------------------------------------
安装 openssh
yum install pam*
cd /usr/local/src/
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
tar zvxf openssh-8.8p1.tar.gz && cd openssh-8.8p1/
./configure --with-zlib --with-md5-passwords --with-pam --without-openssl-header-check
make && make install
------------------------------------------------------------------------------------------
启用PAM,需要有一个控制文件,在/etc/ssh/sshd_config中打开UsePAM yes。
ll ./contrib/redhat/sshd.pam
ll /etc/pam.d/sshd
vim /etc/pam.d/sshd为
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
重启sshd服务后,登录成功
------------------------------------------------------------------------------------------
六、安装mariadb (要求openssl_1.1.1k,目前不兼容openssl3.0.1)
确保 openssl 版本
yum install openssl openssl-devel openssl*
yum reinstall openssl openssl-devel
openssl version
# OpenSSL 1.1.1k FIPS 25 Mar 2021
安装mariadb
yum install cmake git boost-devel libcurl-devel libxml2-devel libpmem-devel java-devel
groupadd mysql
useradd -g mysql mysql -s /sbin/nologin -M
mkdir -p /data/mysql
chown -R mysql:mysql /data/mysql
cd /usr/local/src
tar zvxf mariadb-10.6.5.tar.gz && cd mariadb-10.6.5
cmake . -DCMAKE_INSTALL_PREFIX=/opt/mysql -DMYSQL_DATADIR=/data/mysql -DMYSQL_USER=mysql -DMYSQL_TCP_PORT=3306 -DWITHOUT_TOKUDB=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DCMAKE_EXE_LINKER_FLAGS="-ljemalloc" -DINSTALL_DOCDIR=share/doc/mariadb -DINSTALL_DOCREADMEDIR=share/doc/mariadb -DINSTALL_MANDIR=share/man -DINSTALL_MYSQLSHAREDIR=share/mysql -DINSTALL_MYSQLTESTDIR=share/mysql/test -DINSTALL_PLUGINDIR=lib/mysql/plugin -DINSTALL_SBINDIR=sbin -DINSTALL_SCRIPTDIR=bin -DINSTALL_SQLBENCHDIR=share/mysql/bench -DINSTALL_SUPPORTFILESDIR=share/mysql -DWITH_EXTRA_CHARSETS=complex -DWITH_EMBEDDED_SERVER=ON -DCMAKE_BUILD_TYPE=Release -DWITH_SAFEMALLOC=OFF
make -j8 && make install
ln -s /opt/mysql/lib/lib* /usr/lib/
ln -s /opt/mysql/bin/mysql /bin
ln -s /opt/mysql/bin/mysqldump /bin
ln -s /opt/mysql/bin/mysqlbinlog /bin
vim /etc/my.cnf
[client]
port = 3306
default-character-set = utf8mb4
socket = /tmp/mysql.sock
[mysqld]
port = 3306
datadir = /data/mysql
max_connections=1000
character-set-server = utf8mb4
ssl
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 256M
max_allowed_packet = 1M
table_open_cache = 256
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 16M
thread_concurrency = 8
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
cd /opt/mysql/
./bin/mysql_install_db --basedir=/opt/mysql --datadir=/data/mysql --user=mysql --defaults-file=/etc/my.cnf
./bin/mysqld_safe --datadir=/data/mysql
./bin/mysql_secure_installation
查看数据库状态
mysql -u root -p
MariaDB [(none)]> status;
MariaDB [(none)]> show engines;
MariaDB [(none)]> SHOW VARIABLES LIKE '%have%ssl%';
增加远程访问用户,
root是用户名,%是主机名或IP地址,这里的%代表任意主机或IP地址,也可指定唯一的IP地址
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
解决本地账号,没需密码就可以登录问题
仅保留mysql.user 表下的 mariadb.sys@localhost 和 root@% 这两个用户对应的记录,其它记录删除
MariaDB [(none)]> exit;
vim /etc/systemd/system/mysqld.service
[Unit]
Description=MySQL Community Server
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
Alias=mysql.service
[Service]
User=mysql
Group=mysql
LimitNOFILE=65535
LimitNPROC=65535
# Execute pre and post scripts as root
PermissionsStartOnly=true
# Needed to create system tables etc.
# Start main service
ExecStart=/opt/mysql/bin/mysqld_safe
# Don't signal startup success before a ping works
# Give up if ping don't get an answer
TimeoutSec=30
Restart=always
PrivateTmp=false
systemctl enable mysqld.service
systemctl list-unit-files|grep enabled|grep mysql
systemctl daemon-reload
systemctl start mysqld
ystemctl status mysqld
ps -ef|grep mysqld
lsof -n | grep jemalloc
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
shutdown -r now
------------------------------------------------------------------------------------------
YUM安装mariadb (自动安装openssl_1.1.1k)
确定当前版本
openssl version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
Repo仓库地址
https://mariadb.org/download/?t=repo-config&d=CentOS+8+%28x86_64%29&v=10.6&r_m=aliyun
vim /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.6 CentOS repository list - created 2022-01-25 12:48 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://mirrors.aliyun.com/mariadb/yum/10.6/centos8-amd64
module_hotfixes=1
gpgkey = https://mirrors.aliyun.com/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
##保存退出
用户\用户组 列表文件
cat /etc/passwd|grep mysql
cat /etc/group|grep mysql
安装mariadb
yum install MariaDB-server -y
查看安装目录
ll /usr/bin/mysql*
查看默认存放地址
ll /var/lib/mysql
mv /var/lib/mysql /data/mysql
查看、修改 配置文件
cat /etc/my.cnf.d/server.cnf
cp /etc/my.cnf /etc/my.cnf.bak
vim /etc/my.cnf
[client]
port = 3306
default-character-set = utf8mb4
socket = /tmp/mysql.sock
[mysqld]
port = 3306
datadir = /data/mysql
max_connections=1000
character-set-server = utf8mb4
ssl
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 256M
max_allowed_packet = 1M
table_open_cache = 256
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 16M
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
保存退出
systemctl enable mysqld
systemctl start mysqld
systemctl status mysqld
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
ps -ef|grep mysqld
lsof -n | grep jemalloc
查看数据库状态
mysql -u root -p
MariaDB [(none)]> status;
MariaDB [(none)]> show engines;
MariaDB [(none)]> SHOW VARIABLES LIKE '%have%ssl%';
增加远程访问用户,
root是用户名,%是主机名或IP地址,这里的%代表任意主机或IP地址,也可指定唯一的IP地址
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
解决本地账号,没需密码就可以登录问题
仅保留mysql.user 表下的 mariadb.sys@localhost 和 root@% 这两个用户对应的记录,其它记录删除
MariaDB [(none)]> exit;
shutdown -r now
openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
ln -s /opt/openssl3/bin/openssl /usr/bin/openssl
ln -s /opt/openssl3/include/openssl /usr/include/openssl
openssl version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
------------------------------------------------------------------------------------------
七、安装nginx
cd /usr/local/src
wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz/download -O pcre-8.45.tar.gz
tar zvxf pcre-8.45.tar.gz && cd pcre-8.45
./configure && make && make install
pcre-config --version
---------------------------------------------------------------------------------
cd /usr/local/src
wget https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.39/pcre2-10.39.tar.gz
tar zvxf pcre2-10.39.tar.gz && cd pcre2-10.39
./configure && make && make install
pcre2-config --version
---------------------------------------------------------------------------------
groupadd www
useradd -g www www -s /sbin/nologin -M
mkdir -p /data/www/web
chmod +w /data/www/web
chown -R www:www /data/www/web
cd /usr/local/src/
wget http://nginx.org/download/nginx-1.20.2.tar.gz
tar zvxf nginx-1.20.2.tar.gz && cd nginx-1.20.2
vim src/core/nginx.h
#define nginx_version 1000000
#define NGINX_VERSION "1.0.0"
#define NGINX_VER "IIS"
./configure --prefix=/opt/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-ld-opt="-ljemalloc" \
--with-http_v2_module \
--with-zlib=/usr/local/src/zlib-1.2.11 \
--with-openssl=/usr/local/src/openssl-3.0.1 \
--with-pcre
make && make install
vim /opt/nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log logs/error.log crit;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /opt/nginx/conf/vhosts/*.conf;
}
mkdir -p /opt/nginx/conf/vhosts
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
server_name localhost;
set $root /data/www/web;
root $root;
location / {
index index.html index.htm;
}
}
vim /data/www/web/index.html
index.html
vim /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/opt/nginx/logs/nginx.pid
ExecStartPre=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf -t
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl list-unit-files|grep enabled|grep nginx
systemctl start nginx.service
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
/opt/nginx/sbin/nginx -V
ps -ef|grep nginx
lsof -n | grep jemalloc
八、安装 dotnet core6
yum update -y
rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm
yum install libunwind libicu -y
yum install dotnet-sdk-6.0
shutdown -r now
dotnet --info
mkdir -p /data/www/Core2
cd /data/www/Core2
复制编译好的代码到 /data/www/Core2
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
}
}
systemctl restart nginx
systemctl status nginx
安装 Supervisor (低于 3.3.3 会有安全漏洞)
yum install python2 unzip -y
cd /usr/local/src
wget https://files.pythonhosted.org/packages/b2/40/4e00501c204b457f10fe410da0c97537214b2265247bc9a5bc6edd55b9e4/setuptools-44.1.1.zip
unzip setuptools-44.1.1.zip && cd setuptools-44.1.1
python2 setup.py build && python2 setup.py install
cd /usr/local/src
wget https://files.pythonhosted.org/packages/b3/41/2806c3c66b3e4a847843821bc0db447a58b7a9b0c39a49b354f287569130/supervisor-4.2.4.tar.gz
tar zvxf supervisor-4.2.0.tar.gz && cd supervisor-4.2.0
python2 setup.py install
---------------------------------------------------------------------------------------
如提示
pkg_resources.DistributionNotFound: The 'meld3>=1.0.0' distribution was not found and is required by supervisor
wget https://files.pythonhosted.org/packages/00/3b/023446ddc1bf0b519c369cbe88269c30c6a64bd10af4817c73f560c302f7/meld3-2.0.0.tar.gz
tar zvxf meld3-2.0.0.tar.gz && cd meld3-2.0.0
python2 setup.py install && ldconfig
-----------------------------------------------------------------------------------------
配置Supervisor
mkdir -p /etc/supervisor/conf.d
echo_supervisord_conf > /etc/supervisor/supervisord.conf
vim /etc/supervisor/supervisord.conf
查找
;[include]
;files = relative/directory/*.ini
修改为
[include]
files=conf.d/*.conf
查找 [unix_http_server] 下账号和密码设置,设置密码 (使用 supervisorctl 强制输入密码,增强安全性)
username=supervisor_user
password=supervisor_userpwd
:wq 保存退出
假设有一个 asp.net core mvc项目 Core2。编译发布后目录包含Core2.dll
并且运行dotnet Core2.dll 能够正常运行网站项目
cd /data/www/Core2
dotnet Core2.dll
vim /etc/supervisor/conf.d/Core2.conf
输入以下内容
[program:Core2]
command=dotnet Core2.dll --urls="http://[*]:5000"; 运行的命令
directory=/data/www/Core2/ ; 命令执行目录
autorestart=true ; 自动重启
stderr_logfile=/var/log/Core2.err.log ; 错误日志
stdout_logfile=/var/log/Core2.out.log ; 输出日志
environment=ASPNETCORE_ENVIRONMENT=Production ; 环境变量
user=www ; 进程执行的用户身份
stopsignal=INT
:wq 保存退出
supervisord -c /etc/supervisor/supervisord.conf
配置 Supervisor 开机启动
vim /etc/systemd/system/supervisord.service
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
ExecStop=/usr/bin/supervisorctl shutdown
ExecReload=/usr/bin/supervisorctl reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
:wq 保存退出
systemctl enable supervisord && systemctl restart supervisord
systemctl status supervisord
supervisorctl
安装libgdiplus组件,支持 core 图片生成
yum install automake autoconf libtool glib2-devel cairo-devel libjpeg* libtiff*
cd /usr/local/src
wget https://github.com/mono/libgdiplus/archive/6.0.5.tar.gz
tar zvxf libgdiplus-6.0.5.tar.gz && cd libgdiplus-6.0.5
./autogen.sh && make && make install
ln -s /usr/local/lib/libgdiplus.so /usr/lib64/gdiplus.dll
*************************************************************
//假设使用以下没有的字体
string[] fonts = { "Verdana", "Microsoft Sans Serif", "Comic Sans MS", "Arial", "宋体" };
把windows下font目录的相应字体上传到服务器 /usr/share/fonts/chinese
yum install mkfontscale fontconfig -y
mkdir -p /usr/share/fonts/chinese
cd /usr/share/fonts/chinese
复制字体
cp /usr/local/src/TrueType/* ./
mkfontscale && mkfontdir && fc-cache -fv
fc-list | grep times.ttf
fc-list :lang=zh
shutdown -r now
*************************************************************
九、安装redis
yum install tcl -y
cd /usr/local/src
wget http://download.redis.io/releases/redis-6.2.6.tar.gz
tar zvxf redis-6.2.6.tar.gz && cd redis-6.2.6/
make && make PREFIX=/opt/redis install
groupadd redis
useradd -g redis redis -s /sbin/nologin -M
mkdir -p /opt/redis/logs
cp redis.conf /opt/redis
ll /opt/redis
chown -R redis:redis /opt/redis
vim /opt/redis/redis.conf
找到相关的行,修改
#bind 127.0.0.1
protected-mode no
requirepass redispwd
daemonize no
supervised no
pidfile /opt/redis/redis_6379.pid
logfile /opt/redis/redis_6379.log
dir /opt/redis
vim /usr/lib/systemd/system/redis.service
[Unit]
Description=Redis Server
After=network.target
[Service]
Type=simple
PIDFile=/opt/redis/redis_6379.pid
ExecStart=/opt/redis/bin/redis-server /opt/redis/redis.conf
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
User=redis
[Install]
WantedBy=multi-user.target
systemctl enable redis && systemctl daemon-reload && systemctl start redis
systemctl status firewalld
firewall-cmd --zone=public --add-port=6379/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
**************************************************************************************************
指定IP可以访问
[root@centos ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
显示所有规则
[root@centos ~]# firewall-cmd --list-all
移除指定IP可以访问
[root@centos ~]# firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
**************************************************************************************************
安装完成后,打开客户端
[root@centos ~]# /opt/redis/bin/redis-cli -h 127.0.0.1 -p 6379
输入以下命令,测试写入及读取
127.0.0.1:6379 > auth redispwd
127.0.0.1:6379 > set name abc123
127.0.0.1:6379 > get name
退出
127.0.0.1:6379 >quit
十、测试工具 wrk、bombardier、iftop
wrk 安装及使用
cd /usr/local/src
yum install git -y
git clone https://github.com/wg/wrk.git
cd wrk
make
ln -s /usr/local/src/wrk/wrk /usr/local/bin
wrk -t 2 -c 50 -d 20 --latency http://localhost:5000
bombardier 安装及使用
ln -s /usr/local/src/bombardier /bin
bombardier -c 125 -n 10000 http://localhost:5000/api/values/5
iftop安装及使用
yum install epel-release
yum install iftop
十一、源码管理工具gitosis
yum install git unzip python2 -y
git --version
# git version 2.27.0
cd /usr/local/src
wget https://files.pythonhosted.org/packages/b2/40/4e00501c204b457f10fe410da0c97537214b2265247bc9a5bc6edd55b9e4/setuptools-44.1.1.zip
unzip setuptools-44.1.1.zip && cd setuptools-44.1.1
python2 setup.py build && python2 setup.py install
cd /usr/local/src
git clone git://github.com/res0nat0r/gitosis.git
cd gitosis
python2 setup.py install
# Finished processing dependencies for gitosis==0.2
配置参考原来