阿里云软件源配置说明
本教程所用centos:http://mirrors.aliyun.com/help/centos https://opsx.alibaba.com/mirror
--源配置
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache生成缓存
--centos7 安装
https://www.cnblogs.com/yaohong/p/7240387.html
http://blog.csdn.net/jcxch/article/details/48632761
http://blog.csdn.net/ldpxxx/article/details/25948435
--jdk
rpm -qa | grep jdk sudo yum remove xxx(上个命令查找到) wget http://learning.happymmall.com/jdk/jdk-7u80-linux-x64.rpm --aliyun用官网下载的比较快 wget http://download.oracle.com/otn/java/jdk/7u80-b15/jdk-7u80-linux-x64.rpm?AuthParam=1499055182_01e4d2b4fa7768d55a1cc2cc87ca2407 sudo rpm -ivh jdk-7u80-linux-x64.rpm //默认是/usr/java下 配置环境变量 sudo vim /etc/profile export JAVA_HOME=/usr/java/jdk1.7.0_80 export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export MAVEN_HOME=/developer/apache-maven-3.0.5 export NODE_HOME=/usr/local/node-v4.4.7-linux-x64 export RUBY_HOME=/usr/local/ruby export CATALINA_HOME=/developer/apache-tomcat-7.0.73 export PATH=$PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin:$MAVEN_HOME/bin:$NODE_HOME/bin:/usr/local/bin:$RUBY_HOME/bin export LC_ALL=en_US.UTF-8 source /etc/profile java -version
--tomcat
wget http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.73/bin/apache-tomcat-7.0.73.tar.gz wget http://learning.happymmall.com/tomcat/apache-tomcat-7.0.73.tar.gz tar -zxvf apache-tomcat-7.0.73.tar.gz vim apache-tomcat-7.0.73/conf/server.xml <Connector URIEncoding="UTF-8" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> ./startup.sh tailf logs/catalina.out tail -500f logs/catalina.out
--maven
wget http://learning.happymmall.com/maven/apache-maven-3.0.5-bin.tar.gz wget https://archive.apache.org/dist/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz mvn -version
--vsftpd
http://www.linuxidc.com/Linux/2017-04/142699.htm
rpm -qa | grep vsftpd //查看是否安装 sudo yum -y install vsftpd cd / mkdir product cd product useradd ftpuser -d /product/ftpfile -s /sbin/nologin chown -R ftpuser.ftpuser ./ftpfile/ passwd ftpuser 123456 cd /etc/vsftpd/ vim chroot_list ftpuser vim /etc/selinux/config SELINUX=disabled setsebool -P ftp_home_dir 1 mv vsftpd.conf vsftpd.conf.bak wget http://learning.happymmall.com/vsftpdconfig/vsftpd.conf vim vsftpd.conf ... cd /product/ftpfile mkdir img chown ftpuser img/ chgrp ftpuser img/ ll | grep ftp //查看当前文件夹的组 用户 chmod g+w img/ service vsftpd start service vsftpd restart -- 开机启动vsftpd ftp服务 chkconfig vsftpd on yum install ftp ftp 47.94.213.186 passive exit
注: 从2.3.5之后,vsftpd增强了安全检查,如果用户被限定在了其主目录下,则该用户的主目录不能再具有写权限了!如果检查发现还有写权限,就会报该错误。
要修复这个错误,可以用命令chmod a-w /home/user去除用户主目录的写权限,注意把目录替换成你自己的。
或者你可以在vsftpd的配置文件中增加下列两项中的一项:
allow_writeable_chroot=YES
vsftpd出现553 Could not create file 解决方法,以Linux系统centos版本为例:
1、首先确保FTP目录文件是可写的,ls查看,如果不是修改权限。
ls -l
chmod 777 FTP目录
2、使用以下命令。
#查看ftpd_disable_trans ftp_home_dir allow_ftpd_full_access 是否为on。
getsebool -a|grep ftp
#如果不是则使用
setsebool allow_sftpd_full_access on
setsebool ftpd_disable_trans on
setsebool ftp_home_dir on
3、一般执行以上命令后就可以了,如果还不行请查看FTP的配置文件,如果配置文件没有问题可以先远程连接服务器在FTP目录下随便创建一个文件,使用ftp刷新下目录,问题即可解决。
--nginx
cd /developer/setup wget http://learning.happymmall.com/nginx/linux-nginx-1.10.2.tar.gz wget http://nginx.org/download/nginx-1.10.3.tar.gz --nginx安装依赖命令 yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel tar -zxvf linux-nginx-1.10.2.tar.gz ./configure make make install whereis nginx cd /usr/local/nginx/conf vim nginx.conf include vhost/*.conf; --有分号 mkdir vhost wget http://learning.happymmall.com/nginx/linux_conf/vhost/admin.happymmall.com.conf wget http://learning.happymmall.com/nginx/linux_conf/vhost/happymmall.com.conf wget http://learning.happymmall.com/nginx/linux_conf/vhost/img.happymmall.com.conf wget http://learning.happymmall.com/nginx/linux_conf/vhost/s.happymmall.com.conf cd /usr/local/nginx/sbin ./nginx
--mysql
http://www.linuxidc.com/Linux/2016-09/135288.htm
查看有没有安装mysql rpm -qa | grep mysql-server yum -y install mysql-server vim /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql character-set-server=utf8 default-character-set=utf8 mysql的自启动 chkconfig mysqld on chkconfig --list chkconfig --list mysqld service mysqld restart mysql -u root select user,host,password from mysql.user; set password for root@localhost = password('rootpassword'); set password for root@127.0.0.1 = password('rootpassword'); set password for root@iz2ze2van3ny7c9xebojxwz = password('rootpassword'); delete from mysql.user where user=''; select user,host,password from mysql.user; insert into mysql.user(user,host,password) values ("liuzhipeng","localhost",password("liuzhipengpassword")); flush privileges; ---root 重新登录 mysql -u root -prootpassword create database `mmall` default character set utf8 COLLATE utf8_general_ci; show databases; --赋予mmall所有权限到liuzhipeng grant all privileges on mmall.* to liuzhipeng@localhost identified by 'liuzhipengpassword' with grant option; flush privileges; exit cd /developer wget http://learning.happymmall.com/mmall.sql ---root 重新登录 use mmall source /developer/mmall.sql show tables; select * from mmall_product G; insert into mysql.user(user,host,password) values("liuzhipeng","%",password("liuzhipengpassword")); grant all privileges on mmall.* to 'liuzhipeng'@'%' identified by 'liuzhipengpassword' with grant option; delete from mysql.user where host='%'; flush privileges; show processlist; select user,host,password from mysql.user; select * from mysql.user G; mysql -h 47.94.213.186 -P 3306 -u liuzhipeng -pliuzhipengpassword
ERROR 2003 (HY000): Can't connect to MySQL server on '47.94.213.186' (10060)
如下图所示,链接远程的数据库提示Can't connect to MySQL server (10060)。
遇到这个问题,我们首先做一个分析,导致这种状况出现的几种原因:
a、bind-address 对于连接的ip做了一个限定
b、数据库用户只能在指定的ip上连接
c、网络,防火墙可能导致的问题
aliyun的安全组
阿里云防火墙
--git
--git安装依赖命令 sudo yum -y install zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel perl-ExtUtils-CBuilder perl-ExtUtils- MakeMaker wget xxxxx.tar.gz tar -zxvf git-v2.8.0.tar.gz cd git-v2.8.0 make prefix=/usr/local/git all make prefix=/usr/local/git install whereis git vim /etc/profile export PATH=$PATH:$JAVA_HOME/bin:/usr/local/git/bin:$CATALINA_HOME/bin:$MAVEN_HOME/bin:$ NODE_HOME/bin:/usr/local/bin:$RUBY_HOME/bin source /etc/profile git --version git config --global user.name porters git config --global user.email 1906846616@qq.com git config --global core.autocrlf false //忽略win和linux的换行符转换 git config --global core.quotepath off //避免中文乱码 git config --global gui.encoding utf-8 ssh-keygen -t rsa -C "1906846616@qq.com" --一路回车 eval `ssh-agent` ssh-add ~/.ssh/id_rsa cat ~/.ssh/id_rsa.pub ...
--线上防火墙
http://www.linuxidc.com/Linux/2015-05/117473.htm
==================================centos7:=======================================
禁用/停止自带的firewalld服务
#停止firewalld服务
sudo systemctl stop firewald.service
#禁用firewalld服务
systemctl mask firewalld
#禁止firewall开机启动
systemctl disable firewalld.service
firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
======================================================================================
#先检查是否安装了iptables
service iptables status
#安装iptables
yum install -y iptables
#升级iptables
yum update iptables
#安装iptables-services、iptables-devel
sudo yum install iptables-services iptables-devel
#注册iptables服务#相当于以前的chkconfig iptables on
systemctl enable iptables.service
--设置开机自启动
systemctl start iptables.service
#查看状态
systemctl status iptables.service
==========================================
#开启转发功能
(1) 在 /etc/sysctl.conf 中添加 net.ipv4.ip_forward=1
(2) sudo sysctl -p 同步内核参数
(3) 继续查看内核参数 less /proc/sys/net/ipv4/ip_forward 如果为1 则配置生效
===========================================
#查看iptables现有规则
iptables -L -n
#先允许所有,不然有可能会杯具
iptables -P INPUT ACCEPT
#清空所有默认规则
iptables -F
#清空所有自定义规则
iptables -X
#所有计数器归0
iptables -Z
#允许本机lo通信 允许来自于lo接口的数据包(本地访问)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
--配置允许SSH登陆端口进入
iptables -A INPUT -p tcp -s 192.168.0.0/24 -j ACCEPT
#开放22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#开放21端口(FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#开放80端口(HTTP)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#开放443端口(HTTPS)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
--允许所有的ping操作
iptables -A INPUT -p tcp -s 192.168.0.0/24 -j ACCEPT
#允许ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
--设置默认的访问规则
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#允许接受本机请求之后的返回数据 RELATED,是为FTP设置的
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#其他入站一律丢弃
iptables -P INPUT DROP
#所有出站一律绿灯
iptables -P OUTPUT ACCEPT
#所有转发一律丢弃
iptables -P FORWARD DROP
--允许关联的状态包通过
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--开放特定的端口,以80为例
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
其他规则设定
#如果要添加内网ip信任(接受其所有TCP请求)
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT
#过滤所有非以上规则的请求
iptables -P INPUT DROP
#要封停一个IP,使用下面这条命令:
iptables -I INPUT -s ***.***.***.*** -j DROP
#要解封一个IP,使用下面这条命令:
iptables -D INPUT -s ***.***.***.*** -j DROP
解决vsftpd在iptables开启后,无法使用被动模式的问题
1.首先在/etc/sysconfig/iptables-config中修改或者添加以下内容
#添加以下内容,注意顺序不能调换
IPTABLES_MODULES="ip_conntrack_ftp"
IPTABLES_MODULES="ip_nat_ftp"
2.重新设置iptables设置
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
===================================================================
以下为完整设置脚本
#!/bin/sh
iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
service iptables save
systemctl restart iptables.service
==================================================================
--保存配置
service iptables save
--重启
systemctl restart iptables.service
#查看iptables配置文件
sudo vim /etc/sysconfig/iptables
cd /etc/sysconfig/ ll | grep ipt //查找 iptables -P OUTPUT ACCEPT service iptables save mv iptables iptables.baks wget http://learning.happymmall.com/env/iptables 修改一下 service iptables restart
--其他
win:(本机访问拦截 --->47.94.213.186) C:WindowsSystem32driversetc 47.94.213.186 www.sundaysmall.com 47.94.213.186 admin.sundaysmall.com 47.94.213.186 img.sundaysmall.com 47.94.213.186 s.sundaysmall.com 47.94.213.186 www.mmall.com 47.94.213.186 admin.mmall.com 47.94.213.186 img.mmall.com 47.94.213.186 s.mmall.com linux: cd /etc ll | grep host vim /etc/hosts nginx: listen 47.94.213.186; autoindex on; server_name mmall.com www.mmall.com; ... location / { proxy_pass http://127.0.0.1:8080; } 或者 location / { proxy_pass http://127.0.0.1:8080/; } location / { root /product/ftpfile/img/; add_header Access-Control-Allow-Origin *; } location / { root /product/front/; add_header Access-Control-Allow-Origin *; } --在aliyun验证 ping www.mmal.com 负载均衡 upstream tomcat_server_pool{ server 192.168.101.5:8080 weight=10; server 192.168.101.6:8080 weight=10; } server { listen 80; server_name aaa.test.com; location / { proxy_pass http://tomcat_server_pool; index index.jsp index.html index.htm; } } ---自动化发布脚本 cd /developer wget http://learning.happymmall.com/deploy/deploy.sh vim deploy.sh mkdir git-repository sudo chown -R liuzhipeng /developer/ sudo chown u+w -R /developer/ sudo chown u+r -R /developer/ sudo chown u+x -R /developer/ cd git-repository git clone git@git.oschina.net:porters/mmall.git sh ./deploy.sh