> [升级ssh](#ssh)
> [配置ntp](#ntp)
> [设置linux蜜罐](#linux蜜罐)
> [安装jdk](#jdk)
> [安装nginx](#nginx)
>
> [离线nginx安装](#nginx离线)
> [安装postgres](#postgres)
> [安装mysql](#mysql)
> [安装es](#es)
> [安装nacos](#nacos)
> [安装redis](#redis)
> [安装minio](#minio)
# 升级ssh
```shell
# 关闭子系统
# 运行以下命令
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# 必要依赖:
yum -y install zlib zlib-devel
yum install -y openssl-devel
yum -y install pam-devel
# 解压并设置权限
tar -zxf openssh-9.0p1.tar.gz
chmod -R 775 openssh-9.0p1
chown -R root:root openssh-9.0p1
cd openssh-9.0p1
# 编译安装:
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--with-zlib \
--with-pam \
--without-openssl-header-check \
--with-ssl-dir=/usr/local/ssl \
--with-privsep-path=/var/lib/sshd
make
rpm -e --nodeps `rpm -qa | grep openssh`
rm -rf /etc/ssh/*
make install
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig sshd on
chkconfig --add sshd
systemctl enable sshd
systemctl restart sshd
```
# 配置ntp
```shell
# 设置时区为 Asia/Shanghai
timedatectl set-timezone Asia/Shanghai
# 查看时区
timedatectl
# 下载 ntp 服务
# 服务端
yum -y install ntp
# 客户端(通过 [ntpdate 服务端主机名] 来同步时间)
yum -y install ntpdate
# 服务端配置
# 确保ntp服务启动
ps -ef|grep ntpd
# 服务端配置 /etc/ntp.conf
#使用本地的时间
server 127.127.1.0
#服务器的层级。作为局域网的时间同步s
fudge 127.127.1.0 stratum 10
#在客户端向服务端请求时间同步
ntpdate -u ip/主机
```
# 设置linux蜜罐
```shell
# 注意:需要先将你的SSH登录改到非22端口,并放行22端口(如果此前关闭了的话)
vim /etc/ssh/sshd_config
vim /etc/ssh/ssh_config
Port = 非22端口
# 重启 sshd
systemctl restart sshd
# 安装endlessh:
yum -y install endlessh
# 修改蜜罐端口号
vim /etc/endlessh/config
Port 22 #注意是空格不是等号!
# 允许绑定小于1024的端口号
setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
# 取消注释 AmbientCapabilities, 添加注释 PrivateUsers
vim /usr/lib/systemd/system/endlessh.service
# 取消注释和添加注释:
AmbientCapabilities=CAP_NET_BIND_SERVICE
# 将 PrivateUsers 注释掉
#PrivateUsers=true
# 设置成开机运行并开启:
systemctl enable endlessh
systemctl start endlessh
# 查看状态:
systemctl status endlessh
netstat -tulpn | grep endlessh
```
# 安装jdk
```shell
# 解压jdk
tar -zxf 下载好的jdk.tar.gz
# 重命名
mv 已经解压的文件名 ~/jdk
# 添加环境变量并生效
echo '
export JAVA_HOME=~/jdk
export PATH=$PATH:$JAVA_HOME/bin
' >> ~/.bashrc && source ~/.bashrc
# 查看 java 版本
java -version
```
# 安装nginx
```shell
# 在线安装
0. 增加nginx依赖
sudo yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
1. 添加源
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
2. 安装Nginx通过yum search nginx看看是否已经添加源成功。如果成功则执行下列命令安装Nginx
sudo yum -y install nginx
3. 查找安装路径
whereis nginx
路径:
nginx:
/usr/sbin/nginx
/usr/lib64/nginx
/etc/nginx
/usr/share/nginx
/usr/share/man/man8/nginx.8.gz
4. 启动、关闭nginx
/usr/sbin/nginx
/usr/sbin/nginx -s stop
/usr/sbin/nginx -s quit
/usr/sbin/nginx -s reload
> ./nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。
> ./nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。
5. 查询nginx进程
ps -e | grep nginx
ps aux|grep nginx
6. 修改nginx默认端口
vim /etc/nginx/conf.d/default.conf
7. 重启 nginx
/usr/sbin/nginx -s quit
/usr/sbin/nginx
8. 重新加载配置文件
/usr/sbin/nginx -s reload
9. 启动Nginx并设置开机自动运行:
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
```
## 离线nginx安装
```shell
# 依赖 gcc openssl-devel pcre-devel zlib-devel
yum -y install gcc openssl-devel pcre-devel zlib-devel glibc.i686
# 创建用户和用户组。为了方便nginx运行而不影响linux安全
# 创建组:
groupadd -r nginx
# 创建用户:-M 表示不创建用户的家目录。
useradd -r -g nginx -M nginx
# 解压并进入 nginx 解压的目录
# 安装 Nginx 之前检查系统的配置
# /usr/html 存放 html 页面的目录
./configure \
--prefix=/usr \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-pcre
# 编译并安装
make && make install
```
# 安装postgres
```shell
# 下载最新软件源
sudo yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo yum -y install centos-release-scl-rh
sudo yum -y install llvm-toolset-7-clang
# 安装 PostgreSQL:
sudo yum -y install postgresql12*
# 修改默认存储目录
vim /usr/lib/systemd/system/postgresql-12.service
# 更改 Environment=PGDATA=
Environment=PGDATA=/data/
# 初始化数据库
sudo /usr/pgsql-12/bin/postgresql-12-setup initdb
# 添加远程访问权限
vim /data/pg_hba.conf
host 数据库 用户名 0.0.0.0/0 md5
vim /data/postgresql.conf
listen_addresses = '*'
max_connections = 700
# 启动并设置为开机自启
sudo systemctl enable postgresql-12
sudo systemctl start postgresql-12
```
# 安装mysql
```shell
# 修改 yum 源为阿里云镜像
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# 没网则进入/etc/yum.repos.d/CentOS-Base.repo文件把所有的 http 改为 https
# 停止服务运行
systemctl stop mariadb && systemctl status mariadb
# 开始卸载
yum -y remove MariaDB && yum -y remove MariaDB-*
# 删除残留
mv /var/lib/mysql /tmp/var/lib/mysql
mv /var/lib/mysql/mysql /tmp/var/lib/mysql/mysql
mv /usr/lib64/mysql /tmp/usr/lib64/mysql
mv /usr/share/mysql /tmp/usr/share/mysql
# 配置yum源为国内地址
vim /etc/yum.repos.d/Mariadb.repo
# 录入以下内容
# MariaDB 10.6 CentOS repository list - created 2023-09-08 03:09 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
# rpm.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# baseurl = https://rpm.mariadb.org/10.6/centos/$releasever/$basearch
baseurl = https://mirrors.neusoft.edu.cn/mariadb/yum/10.6/centos/$releasever/$basearch
module_hotfixes = 1
# gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
gpgkey = https://mirrors.neusoft.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck = 1
# 清除yum源缓存数据,并生成新的yum源数据缓存
yum clean all && yum makecache all
# 开始安装
yum -y install MariaDB-server MariaDB-client
# 启动mariadb
systemctl start mariadb
# 设置开机自启
systemctl enable mariadb
# 设置字符集,字符集的设置在/etc下:
# 进入my.cnf
vim /etc/my.cnf
# 添加如下内容:
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8mb4_general_ci
character-set-server = utf8mb4
lower_case_table_names=1
# 进入client.cnf
vim /etc/my.cnf.d/client.cnf
# 添加如下内容:
[client]
default-character-set=utf8mb4
# 进入mysql-clients.cnf
vim /etc/my.cnf.d/mysql-clients.cnf
# 在[mysql]标签下添加如下内容:
default-character-set=utf8mb4
# 接着重启服务:
systemctl restart mariadb
# 开放 3306 端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent
--zone # 作用域
--add-port=80/tcp # 添加端口,格式为:端口/通讯协议
--permanent # 永久生效,没有此参数重启后失效
# 重启防火墙
firewall-cmd --reload
# 开启远程登陆
```
```sql
-- mysql 8.0 以上
create user 用户名@'%' identified by '密码';
grant all privileges on *.* to 用户名@'%' with grant option;
-- mysql 8.0 以下
grant all privileges on *.* to '用户名'@'%' identified by '密码' with grant option;
-- by后面的就是远程登录密码,远程登录密码可以和用户密码不一样
-- 修改密码
UPDATE user SET password=PASSWORD('密码')WHERE user='root';
set password=password('密码');
-- 删除其它host并且用户为空
delete from mysql.user where user = '';
-- 刷新权限
FLUSH PRIVILEGES;
```
```shell
# 重启服务:
systemctl restart mariadb
# 停止服务
systemctl stop mariadb
# 检查服务状态
systemctl status mariadb
# 开机自启
systemctl enable mariadb
```
# 安装es
```shell
# 配置 limits.conf
echo '
* soft nofile 200000
* hard nofile 200000
* soft nproc 200000
* hard nproc 200000
' > /etc/security/limits.conf
# 创建 es 用户
groupadd es && useradd -g es es
# 解压 es 并重命名
# 解压
tar -xf elasticsearch-8.2.2-linux-x86_64.tar.gz
# 重命名
mv elasticsearch-8.2.2 elasticsearch
# 授权
chown -R es:es ~/elasticsearch && chmod -R 775 ~/elasticsearch
# 配置 elasticsearch.yml
# 编辑 elasticsearch.yml
vim ~/elasticsearch/config/elasticsearch.yml
# 集群名称
cluster.name: xwkjcluster
# 节点名称, 各个节点不一样
node.name: 主机1
# 数据路径
path.data: /用户目录/elasticsearch/data
# 日志路径
path.logs: /用户目录/elasticsearch/logs
# 主机 ip, 默认只能访问本地
network.host: 0.0.0.0
# 集群主要设置,要保证各个节点能 ping 通
discovery.seed_hosts: ["主机1", "主机2", "主机3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: false
# 主节点设置
cluster.initial_master_nodes: ["主机1"]
# 不获取 ego 信息
ingest.geoip.downloader.enabled: false
# 分发到其它节点
scp -r ~/elasticsearch 主机名:~/
# 启动 es
su - es -c "/用户目录/elasticsearch/bin/elasticsearch"
# 后台启动
su - es -c "nohup /用户目录/elasticsearch/bin/elasticsearch > ~/es.log 2>&1 &"
```
# 安装nacos
```shell
# 解压 nacos
tar -xf 下载好的nacos.tar.gz
# 重命名
mv 解压的nacos ~/nacos
# 配置环境变量使其生效
echo '
export NACOS_HOME=~/nacos
export PATH=$PATH:$NACOS_HOME/bin
' >> ~/.bashrc && source ~/.bashrc
# 复制 cluster.conf 副本
cp ~/nacos/conf/cluster.conf.example ~/nacos/conf/cluster.conf
# 编辑 cluster.conf
vim ~/nacos/conf/cluster.conf
# 注释掉示例并写上自己的集群ip及端口
# 修改数据源配置文件 application.properties
vim ~/nacos/conf/application.properties
# 找到### If use MySQL as datasource: 并取消对应配置注释
#*************** Config Module Related Configurations ***************#
### If use MySQL as datasource:
spring.datasource.platform=mysql
### Count of DB:
db.num=1
### Connect URL of DB:
db.url.0=jdbc:mysql://127.0.0.1:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC
db.user.0=nacos
db.password.0=nacos
### Connection pool configuration: hikariCP
db.pool.config.connectionTimeout=30000
db.pool.config.validationTimeout=10000
db.pool.config.maximumPoolSize=20
db.pool.config.minimumIdle=2
```
```sql
-- 在mysql创建数据库nacos
create database nacos;
-- 创建用户
grant all privileges on nacos.* to 'naocs'@'%' identified by 'naocs' with grant option;
-- 在mysql中执行nacos/conf/nacos-mysql.sql脚本
use nacos;
source /用户目录/nacos/conf/nacos-mysql.sql;
```
```shell
# 复制 nacos 到其它节点
scp -r ~/.bashrc ~/nacos 主机名:~/
# 启动3台服务器的nacos
source ~/.bashrc&&startup.sh
# 登陆测试,默认的账号密码 nacos:nacos
http://主机1:8848/nacos
http://主机2:8848/nacos
http://主机3:8848/nacos
```
# 安装redis
```shell
# 同上,解压并重命名,不再赘述
# 进入 redis 文件夹
cd ~/redis
# 编译
make
# 创建文件夹
mkdir -p ~/redis/pid
# 编辑 redis.conf
cp ~/redis/redis.conf ~/
vim ~/redis.conf
# 设置 redis 密码
requirepass xxx
# 设置 redis 默认绑定的地址
# 0.0.0.0 路由所有地址
bind 0.0.0.0
# 设置端口号 默认 6379
port 6379
# 设置是否后台启动 默认 否
daemonize yes
# 设置 redis 进程地址
pidfile /用户目录/redis/pid/redis.pid
# 配置环境变量
echo '
export PATH=$PATH:~/redis/src
' >> ~/.bashrc && source ~/.bashrc
# 启动
redis-server ~/redis.conf
```
# 安装minio
```shell
# 下载 minio / 或者使用当前 git 上的
wget https://dl.min.io/server/minio/release/linux-amd64/minio
# 授权
chmod +x minio
# 设置环境变量
echo '
export MINIO_ROOT_USER=admin
echo export MINIO_ROOT_PASSWORD=password
' >> ~/.bashrc && source ~/.bashrc
# 运行
mkdir ~/data
nohup ~/minio server ~/data --console-address ":9001" >> minio.log 2>&1 &
```