centos8.2 生产环境配置

一些琐事

精简命令行前缀

• echo $PS1

  PS1为linux中指定命令行前缀的环境变量，修改命令行前缀实际上就是修改PS1

• 在用户的根目录下文件`~/.bashrc``

  export PS1="[\u]~ "

• 重新加载bash的配置文件

  source ~/.bashrc

• 在root用户的环境下存在一个问题：source 命令未找到

  方法：切换到一个普通用户中执行sudo -s source /root/.bashrc 【加-s含义，sudo使用当前用户环境】

增删用户

• 增加用户
  • sudo adduser xxx 添加用户
  • sudo passwd xxx 设置用户密码
  • sudo usermod -aG wheel iplayio 设置用户为管理员
• 删除用户
  • sudo userdel xxx 删除用户
  • sudo userdel -r xxx 删除用户删除用户目录

yum源配置

• /etc/yum.repos.d/base.rep
• 清华centos镜像源 - https://mirrors.tuna.tsinghua.edu.cn/help/centos/

MySQL

安装

• yum install mysql-server

修改root密码

$ systemctl mysqld.service start
$ mysqladmin -u root password 'xxxxx'	

开启远程访问

$ mysql -u root -p
> use mysql;
> update user set host='%' where user='root';
> exit
$ systemctl restart mysqld.service

配置文件中的 bind ip

Redis

安装

• yum install redis

配置后台运行&配置访问密码

$ vi /etc/redis.conf
> daemonize yes
> requirepass xxx
> bind 0.0.0.0

JDK 1.8

• yum install java-1.8.0-openjdk.x86_64

Nginx

安装

• yum install nginx

配置

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {

    ##
    # Logging Settings
    ##
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;

    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    include /etc/nginx/conf.d/*.conf;

    ##
    # SSL Settings
    ##
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ##
    # Gzip Settings
    ##
    gzip on;

    ##
    # Virtual Host Configs
    ##
    server {
        listen 80;
        server_name localhost;

        location / {
            root /home/webapp/dist;
            index index.html;
        }
        location /sewage/api {
            proxy_pass http://localhost:8080;
        }
    }

    server {
        #SSL 访问端口号为 443
        listen 443 on;
        ssl on;
        #填写绑定证书的域名
        server_name sunhaojie.space;
        #证书文件名称
        ssl_certificate xxxx.crt;
        #私钥文件名称
        ssl_certificate_key xxxxx.key;
        ssl_session_timeout 5m;
        #请按照以下协议配置
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        location / {
            #网站主页路径
            root /etc/nginx/webapp/dist;
            index index.html;
        }

        location /sewage/api {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

stream {
    upstream redis {
        server 127.0.0.1:6379 max_fails=3 fail_timeout=30s;
    }
    upstream mysql {
	server 127.0.0.1:3306 max_fails=3 fail_timeout=30s;
    }

    server {
        listen 16379;
        proxy_connect_timeout 5s;
        proxy_timeout 300s;
        proxy_pass redis;
    }
    server {
        listen 13306;
        proxy_connect_timeout 5s;
        proxy_timeout 300s;
        proxy_pass mysql;
    }
}