阿里云安装环境:
[^注意]: 购买镜像 为 CentOS 7.7 64位
// 更新所有安装包
yum update
// 如果没有安装其他依赖先安装依赖
yum install gcc gcc-c++ autoconf automake
// (安装依赖zlib、openssl和pcre)
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel
//update最新版本系统软件
apt-get update
// 编译缺失关联软件
yum install gcc build-essential
// 运行下面命令 配置,安装对应插件
yum -y install gcc gcc-c++ autoconf automake make
yum -y install pcre-devel
yum -y install openssl openssl-devel
nginx安装:
// 下载地址
https://nginx.org/download/
// 1. 下载“nginx-1.9.9.tar.gz”,移动到/usr/local/下。
cd /usr/local/
ll
// 解压
tar -zxvf nginx-1.9.9.tar.gz
//进入目录
cd nginx-1.9.9
// 在 nginx-1.9.9 目录下运行下面命令
./configure --prefix=/usr/local/nginx
make
make install
//cd到刚才配置的安装目录/usr/loca/nginx/
./sbin/nginx -t
//启动nginx
cd /usr/local/nginx/sbin
./nginx //启动nginx
// 访问ecs公网地址
// 访问不了
firewall-cmd --query-port=80/tcp
firewall-cmd --add-port=80/tcp --permanent
// 重启防火墙
systemctl restart firewalld
// 再次访问
// 配置nginx 开机启动
vim /etc/rc.d/rc.local
// 在配置文件中的这一行下面添加
touch /var/lock/subsys/local
// 开机启动
/usr/local/nginx/sbin/nginx
docker安装:
本次使用的安装方式:
// 查看内核 , 内核版本, 返回值大于3.10
uname -r
// 使用命令安装docker
sudo wget -qO- https://get.docker.com | sh
// 安装好了查看版本
docker version
// 启动docker
service docker start
// 查看docker 安装位置(要启动docker后才能查看到,不然会报异常)
docker info
// 添加到开机启动
systemctl start docker
systemctl enable docker
第二种安装方式:
// 需要把yum 包更新到最新
yum update
// 安装需要的依赖包 yum-util提供yum-config-manager功能,另外两个是devicemapper驱动依赖的。
yum install -y yum-utils device-mapper-persistent-data lvm2
// 设置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
// 安装docker,出现输入的界面都输入y
yum install -y docker-ce
// 查看安装版本
docker -v
// 启动并加入开机启动
systemctl start docker
systemctl enable docker
阿里云官方安装方式:
添加yum源。
yum update
yum install epel-release -y
yum clean all
yum list
安装并运行Docker。
yum install docker-io -y
systemctl start docker
检查安装结果。
docker info
在ecs上安装本地的redis:
cd /usr/local/
ll
// 下载安装包
wget http://download.redis.io/releases/redis-4.0.9.tar.gz
// 解压
tar xzf redis-4.0.9.tar.gz //解压
// 进入解压文件夹
cd redis-4.0.9
//编译
make
// 安装
make install
// 启动客户端
src/redis-server
// 启动服务端(另开连接)
src/redis-cli
// 测试
ping
PONG
在ecs上将redis 设置为开机启动
// 查看redis 进程是否启动
pgrep redis
// 杀死该进程
kill -s 9 进程端口
方法一:(当前使用的)
// 进入 cd /usr/local/redis 目录下,修改 redis.conf 文件中
[root@liukai-ecs-01 local]# cd /usr/local/redis
[root@liukai-ecs-01 redis]# vim redis.conf
...
# By default Redis does not run as a daemon. Use "yes" if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# 将 no 改为 yes,表示以后台方式启动服务
daemonize yes
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
# 将 no 改为 systemd,表示以 CentOS systemd 系统服务方式启动
supervised systemd
//==================================================
进入 /etc/systemd/system 目录,创建 redis-server.service 文件
[root@liukai-ecs-01 redis]# cd /etc/systemd/system
[root@liukai-ecs-01 system]# vim redis-server.service
# example systemd service unit file for redis-server
#
# In order to use this as a template for providing a redis service in your
# environment, _at the very least_ make sure to adapt the redis configuration
# file you intend to use as needed (make sure to set "supervised systemd"), and
# to set sane TimeoutStartSec and TimeoutStopSec property values in the unit"s
# "[Service]" section to fit your needs.
#
# Some properties, such as User= and Group=, are highly desirable for virtually
# all deployments of redis, but cannot be provided in a manner that fits all
# expectable environments. Some of these properties have been commented out in
# this example service unit file, but you are highly encouraged to set them to
# fit your needs.
#
# Please refer to systemd.unit(5), systemd.service(5), and systemd.exec(5) for
# more information.
[Unit]
Description=Redis data structure server
Documentation=https://redis.io/documentation
#Before=your_application.service another_example_application.service
#AssertPathExists=/var/lib/redis
[Service]
#ExecStart=/usr/local/bin/redis-server --supervised systemd --daemonize yes
## Alternatively, have redis-server load a configuration file:
#ExecStart=/usr/local/bin/redis-server /path/to/your/redis.conf 注意:此处填写redis路径
ExecStart=/usr/local/bin/redis-server /usr/local/redis-4.0.9/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always
LimitNOFILE=10032
NoNewPrivileges=yes
#OOMScoreAdjust=-900
#PrivateTmp=yes
#Type=notify
# 注意 notify 会失败,换成 forking 方式启动,让主进程复制一个子进程的方式执行
Type=forking
#TimeoutStartSec=100
#TimeoutStopSec=100
UMask=0077
#User=root
#Group=root
#WorkingDirectory=/var/lib/redis
[Install]
WantedBy=multi-user.target
//==============================================================================================
重新加载系统服务文件
[root@liukai-ecs-01 system]# systemctl daemon-reload
以系统服务方式启动 redis-server
[root@liukai-ecs-01 system]# systemctl start redis-server.service
查看服务状态
[root@liukai-ecs-01 system]# systemctl status redis-server.service
● redis-server.service - Redis data structure server
Loaded: loaded (/etc/systemd/system/redis-server.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2020-05-13 21:43:35 CST; 38min ago
Docs: https://redis.io/documentation
Main PID: 16153 (redis-server)
CGroup: /system.slice/redis-server.service
└─16153 /usr/local/bin/redis-server 127.0.0.1:6379
5月 13 21:43:35 liukai-ecs-01 systemd[1]: Starting Redis data structure server...
5月 13 21:43:35 liukai-ecs-01 redis-server[16152]: 16152:C 13 May 2020 21:43:35.196 # oO0OoO0OoO0...0Oo
5月 13 21:43:35 liukai-ecs-01 redis-server[16152]: 16152:C 13 May 2020 21:43:35.196 # Redis versi...ted
5月 13 21:43:35 liukai-ecs-01 redis-server[16152]: 16152:C 13 May 2020 21:43:35.196 # Configurati...ded
5月 13 21:43:35 liukai-ecs-01 redis-server[16152]: 16152:C 13 May 2020 21:43:35.196 # WARNING sup...it.
5月 13 21:43:35 liukai-ecs-01 redis-server[16152]: 16152:C 13 May 2020 21:43:35.196 # systemd sup...und
5月 13 21:43:35 liukai-ecs-01 systemd[1]: Started Redis data structure server.
Hint: Some lines were ellipsized, use -l to show in full.
查看 redis 是否启动
[root@liukai-ecs-01 ~]# ps -ef | grep redis
root 519 1 0 22:24 ? 00:00:00 /usr/local/bin/redis-server 127.0.0.1:6379
root 1046 1028 0 22:25 pts/0 00:00:00 grep --color=auto redis
设置开机启动启动 redis 服务
[root@liukai-ecs-01 system]# systemctl enable redis-server.service
方法二:
通过配置 /etc/init.d 启动
// /usr/local/redis/utils目录下,有个 redis_init_script 脚本
// 将 redis_init_script 脚本拷贝到 /etc/init.d 目录中
[root@liukai-ecs-01 redis] /usr/local/redis/utils
[root@liukai-ecs-01 ~] cp redis_init_script /etc/init.d/
# 将文件修改为 redis_6379,6379 是 redis 的默认端口号
[root@liukai-ecs-01 init.d] cd /etc/init.d/
[root@liukai-ecs-01 init.d] mv redis_init_script redis_6379
// 创建两个目录:
// /etc/redis(存放 redis 的配置文件)
// /var/redis/6379(存放 redis 的持久化文件)
[root@liukai-ecs-01 init.d] mkdir /etc/redis
[root@liukai-ecs-01 init.d] mkdir /var/redis/
[root@liukai-ecs-01 init.d] mkdir /var/redis/6379
// 修改 redis 配置文件 redis.conf
// 该文件默认在 redis 安装目录下,拷贝到 /etc/redis 目录中,修改名称为 6379.conf
[root@liukai-ecs-01 init.d] cp /usr/local/redis-3.2.8/redis.conf /etc/redis/
[root@liukai-ecs-01 init.d] cd /etc/redis/
[root@liukai-ecs-01 init.d] mv redis.conf 6379.conf
// 这里为什么要这样修改呢?是因为 redis_init_script 脚本中的 conf 配置指定了该目录下的 端口号.conf 文件
PIDFILE=/var/run/redis_${REDISPORT}.pid
CONF="/etc/redis/${REDISPORT}.conf"
// 修改 redis.conf(6379.conf) 中的部分配置为生产环境
daemonize yes // 让redis以daemon进程运行
pidfile /var/run/redis_6379.pid // 设置redis的pid文件位置
port 6379 // 设置 redis的监听端口号
dir /var/redis/6379 //设置持久化文件的存储位置
// 启动 redis
# 执行 redis_6379 脚本
[root@liukai-ecs-01 init.d] cd /etc/init.d
# 如果没有执行权限的话,修改执行权限 ,可以使用 chmod u+x redis_6379
# chmod 777 redis_6379
[root@liukai-ecs-01 init.d] ./redis_6379 start
// 确认 redis 进程是否启动,ps -ef | grep redis
// 让 redis 跟随系统启动自动启动
// 使用 chkconfig 命令开启该文件的系统服务,
// 可以在 redis_6379 配置文件中上面添加 chkconfig 的注释信息
// 如下,不要在 #!/bin/sh 上面添加
#!/bin/sh
#
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.
# chkconfig: 2345 90 10
# description: Redis is a persistent key-value database
// 添加完成之后,使用以下命令开启随系统启动
chkconfig redis_6379 on
处理警告:
// 配置完开机自动启动 Redis 服务之后,通过 redis-cli 登录发现有以下的警告:
2007:M 13 May 2020 23:19:49.615 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
2531:M 13 May 2020 23:29:58.615 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add "vm.overcommit_memory = 1" to /etc/sysctl.conf and then reboot or run the command "sysctl vm.overcommit_memory=1" for this to take effect.
2531:M 13 May 2020 23:29:58.615 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command "echo never > /sys/kernel/mm/transparent_hugepage/enabled" as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
第1个警告 (WARNING: The TCP backlog setting of 511 …)解决办法
方法1: 临时设置生效: sysctl -w net.core.somaxconn = 1024
方法2: 永久生效: 修改/etc/sysctl.conf文件,增加一行 net.core.somaxconn= 1024 ,然后执行命令 sysctl -p
补充:
net.core.somaxconn是linux中的一个kernel参数,表示socket监听(listen)的backlog上限。
backlog是socket的监听队列,当一个请求(request)尚未被处理或建立时,他会进入backlog。
而socket server可以一次性处理backlog中的所有请求,处理后的请求不再位于监听队列中。
当server处理请求较慢,以至于监听队列被填满后,新来的请求会被拒绝。
所以说net.core.somaxconn限制了接收新 TCP 连接侦听队列的大小。
对于一个经常处理新连接的高负载 web服务环境来说,默认的 128 太小了。大多数环境这个值建议增加到 1024 或者更多。
第2个警告 (WARNING overcommit_memory is set to 0! …)同样也有两个解决办法
方法1: 临时设置生效: sysctl -w vm.overcommit_memory = 1
方法2: 永久生效: 修改/etc/sysctl.conf文件,增加一行 vm.overcommit_memory = 1 然后执行命令 sysctl -p
补充:
overcommit_memory参数说明:
设置内存分配策略(可选,根据服务器的实际情况进行设置)
/proc/sys/vm/overcommit_memory
可选值:0、1、2。
0, 表示内核将检查是否有足够的可用内存供应用进程使用;如果有足够的可用内存,内存申请允许;否则,内存申请失败,并把错误返回给应用进程。
1, 表示内核允许分配所有的物理内存,而不管当前的内存状态如何。
2, 表示内核允许分配超过所有物理内存和交换空间总和的内存
注意:redis在dump数据的时候,会fork出一个子进程,理论上child进程所占用的内存和parent是一样的,比如parent占用的内存为8G,这个时候也要同样分配8G的内存给child,如果内存无法负担,往往会造成redis服务器的down机或者IO负载过高,效率下降。所以这里比较优化的内存分配策略应该设置为 1(表示内核允许分配所有的物理内存,而不管当前的内存状态如何)。
第三个警告(WARNING you have Transparent Huge Pages (THP)),一样的道理,两种解决办法:
// 方法1: 临时设置生效: echo never > /sys/kernel/mm/transparent_hugepage/enabled
// 方法2: 永久生效: 在 /etc/init.d/redis_6379 写入代码,然后重新启动 redis。
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
配置访问白名单:
################################ NETWORK #####################################
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# bind 127.0.0.1
// 保护模式关闭
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode no
// 设置密码
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
requirepass 你的密码
配置服务器开放接口
// 查看防火墙状态
firewall-cmd --state
// 在running 状态下,向firewall 添加需要开放的端口
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=6379/tcp
firewall-cmd --permanent --zone=public --add-port=3306/tcp
// 加载配置
firewall-cmd --reload
// 查看开启的端口
firewall-cmd --permanent --zone=public --list-ports
docker 部署报错
// 【Docker】启动container的时候出现iptables: No chain/target/match by that name
service docker restart
// 或
systemctl restart docker
// 查看项目是否挂机了
netstat -unlpt | grep docker
docker日志查看:
// 查看镜像
docker image ls
// 查看所有容器ID
sudo docker ps
// 查看指定容器ID 的日志
docker logs --since 30m 容器ID
// 查看某时间段日志:
docker logs -t --since="2020-06-05T13:23:37" --until "2020-06-06T13:00:00" 容器ID
// 查看实时日志
docker logs -f 容器ID
2496
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
