文章目录
1、环境准备
IP地址 | 系统版本 | 安装软件 |
---|---|---|
10.0.0.1 | CentOS Linux release 8.5.2111最小安装 | nginx,httpd |
10.0.0.2 | CentOS Linux release 8.5.2111最小安装 | httpd |
2、简单的系统优化
2.1打开文件数优化
[root@centos8 ~]# cat /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft noproc 65535
* hard noproc 65535
[root@centos8 ~]#
2.2内核参数优化
[root@centos8 ~]# cat /etc/sysctl.conf
fs.file-max = 999999
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 40960
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
# bbr config
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
2.3关闭防火墙,selinux
[root@centos8 ~]# sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/sysconfig/selinux
[root@centos8 ~]# systemctl stop firewalld && systemctl stop firewalld
[root@centos8 ~]# systemctl disable auditd.service
[root@centos8 ~]# rm -f /usr/lib/systemd/system/ctrl-alt-del.target
2.4优化history
[root@centos8 ~]# cat >> /etc/profile <<'EOF'
#设置history格式
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] [`whoami`] [`who am i|awk '{print $NF}'|sed -r 's#[()]##g'`]: "
#记录shell执行的每一条命令
export PROMPT_COMMAND='\
if [ -z "$OLD_PWD" ];then
export OLD_PWD=$PWD;
fi;
if [ ! -z "$LAST_CMD" ] && [ "$(history 1)" != "$LAST_CMD" ]; then
logger -t `whoami`_shell_dir "[$OLD_PWD]$(history 1)";
fi;
export LAST_CMD="$(history 1)";
export OLD_PWD=$PWD;'
EOF
2.5更新阿里云repo源&安装必要的软件
[root@centos8 ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
[root@centos8 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@centos8 ~]# yum clean all && yum makecache
[root@centos8 ~]# yum -y install net-tools telnet vim tree wget curl autofs bash-completion zip unzip
2.5加快ssh登录速度
[root@centos8 ~]# sed -i 's#^GSSAPIAuthentication yes$#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
[root@centos8 ~]# sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
3、开始配置
3.1创建基于centos8光盘的base源
- 创建
/mnt/ISO/
目录并上传镜像CentOS-8.5.2111-x86_64-dvd1.iso
- 将iso镜像文件挂载到
/mnt/cdrom
[root@centos8 ~]# mount -o loop /mnt/ISO/CentOS-8.5.2111-x86_64-dvd1.iso /mnt/cdrom
- 安装
httpd
软件,参看阿里云centos源创建目录并将iso
文件复制/var/www/html/centos
中
- 启动
httpd
,浏览器验证如图:
- 配置
base repo
[root@centos8 yum.repos.d]# cat base.repo
[BaseOS]
name=BaseOS
baseurl=http://10.1.1.10/centos/8/BaseOS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
enabled=1
gpgcheck=1
[AppStream]
name=AppStream
baseurl=http://10.1.1.10/centos/8/AppStream
- 生成缓存并验证
[root@centos8 yum.repos.d]# yum clean all && yum makecache
[root@centos8 yum.repos.d]# yum repolist -v # 查看repo是否生效
[root@centos8 yum.repos.d]# yum --disablerepo=\* --enablerepo=BaseOS install lrzsz # 安装一个软件试试
3.2、配置extras源和epel源
- 创建必要的目录
- 同步网络源,下载文件比较多,耐心等待
[root@centos8 yum.repos.d]# dnf reposync --repoid=extras --download-metadata -p /var/www/html/centos/extras # 先同步extras再同步epel
[root@centos8 yum.repos.d]# dnf reposync --repoid=extras --download-metadata -p /var/www/html/centos/epel
3. 同步完后, 在配置文件中添加配置并生成缓存验证即可
[extras]
name=extras
baseurl=http://10.1.1.10/centos/extras
[epel]
name=epel
baseurl=http://10.1.1.10/centos/epel
- 更新源
[root@centos8 yum.repos.d]# yum check-update # 检查更新
[root@centos8 yum.repos.d]# yum update # 执行更新
4.总结
centos7/8 在2024年就要停止维护了,搭建私有仓库非常有必要,在此总结一下以前在公司搭建私服的步骤备忘。