==============安裝centos 7.0=======================
選擇最小安裝,將相關的"調試工具"、“兼容性程序庫”、“開發(fā)工具”選中。
此操作是為了減少后期安裝或編譯相關服務時出現(xiàn)依賴、或環(huán)境的問題。
硬盤分區(qū),可根據(jù)個人的習慣而定,不清楚的可以直接選擇系統(tǒng)自動分區(qū),
由于個人的習慣,本人的分區(qū)如下,僅供參考:
/boot 500M 用于啟動Linux的核心文件
swap 5120M(5G) Linux下的交換分區(qū),又稱為虛擬內(nèi)存,一般是物理內(nèi)存的2倍,但不建議超過8G
/ 51200M(50G) 所有系統(tǒng)的文件等,都在該分區(qū)下
/home 剩下的空間 用戶主目錄,新建的用戶的目錄將會出現(xiàn)在這里
成都創(chuàng)新互聯(lián)公司是一家集網(wǎng)站建設,鯉城企業(yè)網(wǎng)站建設,鯉城品牌網(wǎng)站建設,網(wǎng)站定制,鯉城網(wǎng)站建設報價,網(wǎng)絡營銷,網(wǎng)絡優(yōu)化,鯉城網(wǎng)站推廣為一體的創(chuàng)新建站企業(yè),幫助傳統(tǒng)企業(yè)提升企業(yè)形象加強企業(yè)競爭力。可充分滿足這一群體相比中小企業(yè)更為豐富、高端、多元的互聯(lián)網(wǎng)需求。同時我們時刻保持專業(yè)、時尚、前沿,時刻以成就客戶成長自我,堅持不斷學習、思考、沉淀、凈化自己,讓我們?yōu)楦嗟钠髽I(yè)打造出實用型網(wǎng)站。
systemctl stop firewalld //停止系統(tǒng)默認的防火墻
systemctl mask firewalld //屏蔽服務(讓它不能啟動)
reboot //重啟讓selinux配置生效
=================管理工具安裝======================
安裝ifconfig、ntsysv、updatedb、lrzsz(上傳下載)、wget(遠程http下載)功能
yum install -y chkconfig net-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump
yum install -y vim nano //安裝編輯器
==============更新Centos 7.0 repo源=====================
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean all
yum makecache
yum install -y python-pip
pip install --upgrade pip
pip install requests
=====安裝nginx yum安裝的第三方repo源文件(使用編譯安裝則不需要)=======
mkdir /root/software
cd /root/software
wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -ivh epel-release-7-11.noarch.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
=====安裝MySQL yum安裝的第三方repo源文件(使用編譯安裝則不需要)=======
cd /root/software //進入源文件集中文件夾
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm //下載
yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通過rpm安裝得到repo源
yum repolist enabled | grep "mysql.-community." //檢查mysql源是否安裝成功
=================各種環(huán)境的預裝======================
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel //安裝各種環(huán)境所需要的插件
yum install -y pcre pcre-devel //安裝PCRE(可與預裝環(huán)境同步進行)
yum update -y //升級補丁
=======================安裝mysql及初始設置mysql=======================
yum install -y bison-devel libaio-devel //預裝mysql環(huán)境
yum install -y perl-Data-Dumper //預裝mysql所需環(huán)境
yum install -y mysql-server //安裝mysqld
service mysqld start //啟動mysql
systemctl enable mysqld.service //開機自啟動
-------------------------配置mysql支持UTF-8-------------------------
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
lower_case_table_names=1
character-set-server=utf8
max_connections=500
innodb_log_file_size=60M
innodb_buffer_pool_size=128M
symbolic-links=0
[client]
default-character-set=utf8
socket=/var/lib/mysql/mysql.sock
service mysqld restart //重啟mysql
=================MySQL運維小知識======================
MySQL高占用CPU、內(nèi)存,有可能是由于進程未能及時釋放,可以通過簡單的設置,可以有效的解決這個問題。
mysql -uroot -p
mysql> show global variables like '%timeout';
mysql> set global interactive_timeout=100;
-----------------上述的,在重啟mysqld.service后失效-----------------------------------
vi /etc/my.cnf
[mysqld]
interactive_timeout=20
wait_timeout=20
------------------------------上述,任何時候都生效-------------------------
-----------------------------mysql創(chuàng)建遠程用戶并授權---------------------------
mysql -uroot -p
mysql> create user root identified by '123456';
mysql> grant all privileges on . to 'root'@'%'identified by '123456' with grant option;
mysql> flush privileges;
-----------------------------mysql創(chuàng)建數(shù)據(jù)庫-----------------------------
mysql> CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
----------------------------mysql修改指定用戶的密碼-------------------------------
update mysql.user set password=password('新密碼') where User="test" and Host="localhost";
---------------------------mysql刪除指定用戶-------------------------------------
delete from user where User='test' and Host='localhost';
chmod 777 /var/lib/php/session //設置文件夾屬性
chkconfig php-fpm on
=============安裝yum nginx============
yum install -y automake autoconf libtool make
yum install -y nginx
chkconfig nginx on
cd /etc/nginx
mkdir vhost //放虛擬主機配置文件的位置
vi nginx.conf
-------------在server{}中添加如下內(nèi)容---------------------------~~~~在server的root下添加如下內(nèi)容,默認首頁文件名~
index index.php default.php index.html index.htm;~~在server中添加支持PHP的語句~~~
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
---------------------在http{}的最后,添加如下內(nèi)容---------------------------
include vhost/*.conf; //添加完成后保存退出
nginx -t //檢查nginx.conf及vhost下的配置文件是否正確
service php-fpm start //啟動PHP-FPM
service nginx restart //重啟nginx服務
------------------虛擬主機配置示例------------------------------
server {
listen 808;
server_name 10.17.162.113:808;
root /home/website/phpmyadmin/wwwroot;
location / {
index index.php index.html index.shtml;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/website/phpmyadmin/wwwroot$fastcgi_script_name;
include fastcgi_params;
}
#log...
}
------------------Nginx 反向代理轉發(fā)(無條件訪問HTTPS)---------------------------
server {
listen 80;
server_name huizhong.itrxm.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name huizhong.itrxm.com;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass https://10.17.162.113:6443;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
-------------------------------Nginx訪問TomCat WebApps下某個目錄---------------
server {
listen 80;
server_name hhcphb.itrxm.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /HBH5/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
注:若輸入javac顯示:bash: javac: 未找到命令… 則說明配置失敗,檢查環(huán)境變量路徑是否正確。
================Tomcat安裝=============
mkdir /opt/tomcat
sudo groupadd tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat/tomcat tomcat
mkdir /root/software //創(chuàng)建專用于存放下載的軟件,個人習慣,也可放在/usr/local下等。
cd /root/software
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz
sudo tar -zxvf apache-tomcat-7.0.82.tar.gz -C /opt/tomcat/tomcat --strip-components=1
cd /opt/tomcat/tomcat
chmod -R 754 bin/
chgrp -R tomcat /opt/tomcat/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/
=================創(chuàng)建服務啟動文件==================
sudo vi /etc/systemd/system/tomcat.service
-------------------------------內(nèi)容如下----------------------------------------------------
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/tomcat
Environment=CATALINA_BASE=/opt/tomcat/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
systemctl daemon-reload //重載一下服務單元
systemctl enable tomcat.service
systemctl start tomcat.service
===========安裝haveged(進程守護)====================
sudo yum install -y haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service
訪問 http://[Your-Host-IP]:8080 預覽是否正常。
sudo systemctl restart tomcat.service
shift
touch “$CATALINA_OUT”
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
fi
改為:
shifttouch "$CATALINA_OUT" 注釋掉
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
fi
====================tomcat日志分割定期刪除catalina.out=============
每天晚上11點50切割日志文件,同時刪除超過30天的日志
log_path=/opt/tomcat/logs
d=date +%Y-%m-%d
d90=date -d'30 day ago' +%Y-%m-%d
cd ${log_path} && cp catalina.out $log_path/cron/catalina.out.$d.log
echo > catalina.out
rm -rf $log_path/cron/catalina.out.${d90}.log
添加權限
chmod 777 /shell/log.sh
編輯crontab
crontab -e
50 23 * sh /shell/log.sh
----------------------另一種方法---------------------------
crontab -e
systemctl start tomcat7.service
===============配置訪問同一個項目下不同的文件夾===========
先將原本的
================SSL環(huán)境搭建==================================
在nginx的conf中,進行做對應的修改
server {
listen 80;
server_name 域名地址;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name x;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://IP地址:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
在tomcat 中的server.xml中修改:
修改為:
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/tomcat/tomcat/conf/cert/201802031124.pfx" //絕對路徑,否則容易出錯
keystoreType="PKCS12"
keystorePass="201802031124"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
并新加節(jié)點:
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
重啟tomcat服務
systemctl restart tomcat.service
注:沒有若只有key及crt文件的證書,可以進入
https://www.myssl.cn/tools/merge-pfx-cert.html
中進行生成一個pfx文件的證書,并設置一個密碼。
=================通過VisualVM對Tomcat性能監(jiān)控==================
JMX下載地址:http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar
catalina-jmx-remote.jar包下載完成后放到Tomcat的lib目錄下
chmod 0400 jmxremote.password //密碼文件應該是只讀的,只能由Tomcat運行用戶
systemctl restart tomcat.service
至此,整套環(huán)境及系統(tǒng)搭建部署完畢。