Shulou(Shulou.com)06/01 Report--

= install centos 7.0 installation =

Select the minimum installation and select the relevant "debugging tools", "compatibility libraries" and "development tools".

The purpose of this operation is to reduce dependencies, or environmental problems when installing or compiling related services later.

Hard disk partition can be determined according to personal habits, if it is not clear, you can directly choose automatic partition of the system.

Due to my personal habits, my division is as follows, for reference only:

/ boot 500m core file for starting Linux

Swap partitions under swap 5120m (5G) Linux, also known as virtual memory, are generally twice the size of physical memory, but more than 8G is not recommended

/ 51200m (50g) all system files, etc., are under this partition

/ home the rest of the space user home directory, the new user's directory will appear here

= turn off unwanted security settings, use other security management =

Vi / etc/selinux/config / / close Selinux

SELINUX=disabled / / changed from enforcing to disabled

-or use the following command to shut down SELINUX--

Sed-I "s/SELINUX=enforcing/SELINUX=disabled/" / etc/selinux/config

Setenforce 0

Systemctl stop firewalld / / stop the system's default firewall

Systemctl mask firewalld / / blocking the service (so that it cannot be started)

Reboot / / restart to allow selinux configuration to take effect

= administrative tool installation =

Install ifconfig, ntsysv, updatedb, lrzsz (upload / download), wget (remote http download) functions

Yum install-y chkconfig net-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump

Yum install-y vim nano / / install the editor

= update Centos 7.0repo source =

Yum install-y epel-release

Rpm-ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

Rpm-Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm

Rpm-Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Yum clean all

Yum makecache

Yum install-y python-pip

Pip install-upgrade pip

Pip install requests

= install third-party repo source files for nginx yum installation (not required for compilation installation) =

Mkdir / root/software

Cd / root/software

Wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

Rpm-ivh epel-release-7-11.noarch.rpm

Rpm-ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

= install third-party repo source files for mysql yum installation (not required for compilation installation) =

Cd / root/software / / enter the folder in the source file set

Wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm / / download

Yum localinstall-y mysql57-community-release-el7-8.noarch.rpm / / get the repo source through rpm installation

Yum repolist enabled | grep "mysql.-community." / / check whether the MySQL source is installed successfully

= pre-installed in various environments =

Yum install-y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel / / install plug-ins required for various environments

Yum install-y pcre pcre-devel / / install PCRE (can be synchronized with the pre-installed environment)

Yum update-y / / upgrade patch

= install mysql and initially set up mysql===

Yum install-y bison-devel libaio-devel / / pre-installed mysql environment

Environment required for yum install-y perl-Data-Dumper / / pre-installed mysql

Yum install-y mysql-server / / install mysqld

Service mysqld start / / start mysql

Systemctl enable mysqld.service / / Boot self-start

After the grep 'temporary password' / var/log/mysqld.log / / mysql5.7 version, the initial password is no longer empty and is generated randomly by default. You can query it through this command.

Mysql-u root-p / / enter mysql

Alter user root@localhost identified by 'three or more eight-digit characters'; by default, you need to change the password before you can do anything else

Exit; / / exit mysql Management

-- set mysql regardless of case--

Vi / etc/my.cnf

[mysqld]

Lower_case_table_names=1 / / must be in [mysqld]

-configure mysql to support UTF-8-

[mysqld]

Datadir=/var/lib/mysql

Socket=/var/lib/mysql/mysql.sock

Lower_case_table_names=1

Character-set-server=utf8

Max_connections=500

Innodb_log_file_size=60M

Innodb_buffer_pool_size=128M

Symbolic-links=0

[client]

Default-character-set=utf8

Socket=/var/lib/mysql/mysql.sock

[mysqld_safe]

Open-files-limit = 8192

Log-error=/var/log/mysqld.log

Socket=/var/lib/mysql/mysql.sock

Pid-file=/var/run/mysqld/mysqld.pid

Service mysqld restart / / restart mysql

= small knowledge of MySQL operation and maintenance =

MySQL takes up a lot of CPU and memory, which may be due to the fact that the process is not released in time. This problem can be solved effectively through simple settings.

Mysql-uroot-p

Mysql > show global variables like'% timeout'

Mysql > set global interactive_timeout=100

-the above will expire after restarting mysqld.service--

Vi / etc/my.cnf

[mysqld]

Interactive_timeout=20

Wait_timeout=20

-- the above is effective at any time.

-- mysql creates remote users and authorizes--

Mysql-uroot-p

Mysql > create user root identified by '123456'

Mysql > grant all privileges on. To 'root'@'%'identified by' 123456 'with grant option

Mysql > flush privileges

-- mysql creates a database--

Mysql > CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci

-- mysql changes the password of the specified user--

Update mysql.user set password=password ('new password') where User= "test" and Host= "localhost"

-- mysql deletes the specified user--

Delete from user where User='test' and Host='localhost'

= install PHP environment = =

Yum install-y php56w php56w-cli php56w-common php56w-gd php56w-ldap php56w-mbstring php56w-mcrypt php56w-mysql php56w-pdo php56w-devel

Yum install-y traceroute net-snmp-devel vim sysstat tree mysql-devel ntpdate libjpeg* bind-utils

Yum install-y php56w-imap php56w-odbc php56w-pear php56w-xml php56w-xmlrpc php56w-mhash libmcrypt php56w-bcmath

Yum install-y php56w-fpm

Vi / etc/php-fpm.d/www.confuser = nginx / / defaults to apache. Users who modify the same as nginx need to install nginx before changing it.

Group = nginx / / defaults to apache. To modify a group that is consistent with nginx, you need to install nginx before you can change the location of vi / etc/php.inisession.save_path = "/ var/lib/php/session" / / set session, otherwise PHP will make errors.

Chmod 777 / var/lib/php/session / / set folder properties

Chkconfig php-fpm on

= install yum nginx=

Yum install-y automake autoconf libtool make

Yum install-y nginx

Chkconfig nginx on

Cd / etc/nginx

Mkdir vhost / / location where the virtual host configuration file is placed

Vi nginx.conf

-add the following to server {}

~ add the following content under the root of server. Default home page file name ~

Index index.php default.php index.html index.htm

~ add statements that support PHP in server ~ ~

Location ~ .php ${

Root html

Fastcgi_pass 127.0.0.1:9000

Fastcgi_index index.php

Fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name

Include fastcgi_params

}

-at the end of http {}, add the following-

Save and exit after include vhost/*.conf; / / add is completed

Nginx-t / / check whether the configuration files under nginx.conf and vhost are correct

Service php-fpm start / / start PHP-FPM

Service nginx restart / / restart the nginx service

-Virtual host configuration example--

Server {

Listen 808

Server_name 10.17.162.113:808

Root / home/website/phpmyadmin/wwwroot

Location / {

Index index.php index.html index.shtml

}

Location ~ .php ${

Fastcgi_pass 127.0.0.1:9000

Fastcgi_index index.php

Fastcgi_param SCRIPT_FILENAME / home/website/phpmyadmin/wwwroot$fastcgi_script_name

Include fastcgi_params

}

# log...

}

-Nginx reverse proxy forwarding (unconditional access to HTTPS)--

Server {

Listen 80

Server_name huizhong.itrxm.com

Rewrite ^ (. *) $https://$host$1 permanent

}

Server {

Listen 443

Server_name huizhong.itrxm.com

Ssl on

Ssl_certificate / etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt

Ssl_certificate_key / etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key

Ssl_session_timeout 5m

Ssl_protocols TLSv1

Ssl_ciphers HIGH:!aNULL:!MD5

Ssl_prefer_server_ciphers on

Location / {

Client_max_body_size 16m

Client_body_buffer_size 128k

Proxy_pass https://10.17.162.113:6443;

Proxy_set_header REMOTE-HOST $remote_addr

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

Proxy_set_header X-Forwarded-Proto https

Proxy_next_upstream off

Proxy_buffer_size 32k

Proxy_buffers 64 32k

Proxy_busy_buffers_size 1m

Proxy_temp_file_write_size 512k

Proxy_connect_timeout 30

Proxy_read_timeout 300

Proxy_send_timeout 300

}

}

-- Nginx accesses a directory under TomCat WebApps-

Server {

Listen 80

Server_name hhcphb.itrxm.com

# charset koi8-r

# access_log logs/host.access.log main

Location / {

Client_max_body_size 16m

Client_body_buffer_size 128k

Proxy_pass http://59.188.14.217:8080/HBH5/;

Proxy_set_header REMOTE-HOST $remote_addr

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

# root html

# index index.html

Proxy_next_upstream off

Proxy_buffer_size 32k

Proxy_buffers 64 32k

Proxy_busy_buffers_size 1m

Proxy_temp_file_write_size 512k

Proxy_connect_timeout 30

Proxy_read_timeout 300

Proxy_send_timeout 300

}

Location / HBH5/ {

Client_max_body_size 16m

Client_body_buffer_size 128k

Proxy_pass http://59.188.14.217:8080/HBH5/;

Proxy_set_header REMOTE-HOST $remote_addr

Proxy_set_header Host $host

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

# root html

# index index.html

Proxy_next_upstream off

Proxy_buffer_size 32k

Proxy_buffers 64 32k

Proxy_busy_buffers_size 1m

Proxy_temp_file_write_size 512k

Proxy_connect_timeout 30

Proxy_read_timeout 300

Proxy_send_timeout 300

}

}

= JAVA development environment installation =

Yum search java-1.7 / / search for the version of java-1.7

Yum install-y java-1.7.0-openjdk-devel.x86_64 / / install java-1.7.0 version of the development environment

Cd / usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64/ enter the installation directory

Vi / etc/profile / / Environment configuration

-at the end of the file, add--

The export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.161-2.6.12.0.el7_4.x86_64 / / version is different and the path is different. We should pay attention to this problem.

Export PATH=$JAVA_HOME/bin:$PATH

Export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarsource / etc/profile / / effective immediately

Javac / / run the test

-display the following to indicate that the configuration is successful-

[root@apisrv lib] # javac

Usage: javac

Where possible options include:

-g Generate all debugging info

-g:none Generate no debugging info

-g: {lines,vars,source} Generate only some debugging info

-nowarn Generate no warnings

-verbose Output messages about what the compiler is doing

-deprecation Output source locations where deprecated APIs are used

-classpath Specify where to find user class files and annotation processors

-cp Specify where to find user class files and annotation processors

-sourcepath Specify where to find input source files

-bootclasspath Override location of bootstrap class files

-extdirs Override location of installed extensions

-endorseddirs Override location of endorsed standards path

-proc: {none,only} Control whether annotation processing and/or compilation is done.

-processor [,...] Names of the annotation processors to run; bypasses default discovery process

-processorpath Specify where to find annotation processors

-parameters Generate metadata for reflection on method parameters

-d Specify where to place generated class files

-s Specify where to place generated source files

-h Specify where to place generated native header files

-implicit: {none,class} Specify whether or not to generate class files for implicitly referenced files

-encoding Specify character encoding used by source files

-source Provide source compatibility with specified release

-target Generate class files for specific VM version

-profile Check that API used is available in the specified profile

-version Version information

-help Print a synopsis of standard options

-Akey [= value] Options to pass to annotation processors

-X Print a synopsis of nonstandard options

-J Pass directly to the runtime system

-Werror Terminate compilation if warnings occur

@ Read options and filenames from file

Note: if you enter javac to display: bash: javac: no command found. Then the configuration failed and check whether the path of the environment variable is correct.

= Tomcat installation =

Mkdir / opt/tomcat

Sudo groupadd tomcat

Sudo useradd-s / bin/nologin-g tomcat-d / opt/tomcat/tomcat tomcat

Mkdir / root/software / / create software designed to store downloads, personal habits, can also be placed under / usr/local, etc.

Cd / root/software

Wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz

Sudo tar-zxvf apache-tomcat-7.0.82.tar.gz-C / opt/tomcat/tomcat-- strip-components=1

Cd / opt/tomcat/tomcat

Chmod-R 754 bin/

Chgrp-R tomcat/ opt/tomcat/tomcat

Chmod-R galler conf

Chmod gallex conf

Chown-R tomcat webapps/ work/ temp/ logs/

= create service startup file =

Sudo vi / etc/systemd/system/tomcat.service

-- the content is as follows-

[Unit]

Description=Apache Tomcat Web Application Container

After=syslog.target network.target

[Service]

Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre

Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid

Environment=CATALINA_HOME=/opt/tomcat/tomcat

Environment=CATALINA_BASE=/opt/tomcat/tomcat

Environment='CATALINA_OPTS=-Xms512M-Xmx1024M-server-XX:+UseParallelGC'

Environment='JAVA_OPTS=-Djava.awt.headless=true-Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/tomcat/bin/startup.sh

ExecStop=/bin/kill-15$ MAINPID

User=tomcat

Group=tomcat

[Install]

WantedBy=multi-user.target

Systemctl daemon-reload / / reload the service unit

Systemctl enable tomcat.service

Systemctl start tomcat.service

= install haveged (process daemon) =

Sudo yum install-y haveged

Sudo systemctl start haveged.service

Sudo systemctl enable haveged.service

Whether it is normal to access the http://[Your-Host-IP]:8080 preview.

= configure Tomcat management interface = =

Sudo vi / opt/tomcat/tomcat/conf/tomcat-users.xml

-enter the following in and-

Sudo systemctl restart tomcat.service

= catalina.out log split =

Yum install-y cronolog

Modify the bin/catalina.sh file marked red as the modified content

Shift

Touch "$CATALINA_OUT"

If ["$1" = "- security"]; then

If [$have_tty-eq 1]; then

Echo "Using Security Manager"

Fi

Shift

Eval "\" $_ RUNJAVA\ "" $LOGGING_CONFIG\ "" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS\ "

-Djava.endorsed.dirs= "\" $JAVA_ENDORSED_DIRS\ "- classpath"\ "$CLASSPATH\"\"

-Djava.security.manager\

-Djava.security.policy== "\" $CATALINA_BASE/conf/catalina.policy\ "\"

-Dcatalina.base= "\" $CATALINA_BASE\ "\"

-Dcatalina.home= "\" $CATALINA_HOME\ "\"

-Djava.io.tmpdir= "\" $CATALINA_TMPDIR\ "\"

Org.apache.catalina.startup.Bootstrap "$@" start\

"$CATALINA_OUT" 2 > & 1 "&"

Else

Eval "\" $_ RUNJAVA\ "" $LOGGING_CONFIG\ "" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS\ "

-Djava.endorsed.dirs= "\" $JAVA_ENDORSED_DIRS\ "- classpath"\ "$CLASSPATH\"\"

-Dcatalina.base= "\" $CATALINA_BASE\ "\"

-Dcatalina.home= "\" $CATALINA_HOME\ "\"

-Djava.io.tmpdir= "\" $CATALINA_TMPDIR\ "\"

Org.apache.catalina.startup.Bootstrap "$@" start\

"$CATALINA_OUT" 2 > & 1 "&"

Fi

Change to:

Shift

Touch "$CATALINA_OUT" commented out if ["$1" = "- security"]; then

If [$have_tty-eq 1]; then

Echo "Using Security Manager"

Fi

Shift

Eval "\" $_ RUNJAVA\ "" $LOGGING_CONFIG\ "" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS\ "

-Djava.endorsed.dirs= "\" $JAVA_ENDORSED_DIRS\ "- classpath"\ "$CLASSPATH\"\"

-Djava.security.manager\

-Djava.security.policy== "\" $CATALINA_BASE/conf/catalina.policy\ "\"

-Dcatalina.base= "\" $CATALINA_BASE\ "\"

-Dcatalina.home= "\" $CATALINA_HOME\ "\"

-Djava.io.tmpdir= "\" $CATALINA_TMPDIR\ "\"

Org.apache.catalina.startup.Bootstrap "$@" start 2 > & 1 | / usr/sbin/cronolog "$CATALINA_BASE" / logs/catalina.%Y-%m-%d.out > > / dev/null &

Else

Eval "\" $_ RUNJAVA\ "" $LOGGING_CONFIG\ "" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS\ "

-Djava.endorsed.dirs= "\" $JAVA_ENDORSED_DIRS\ "- classpath"\ "$CLASSPATH\"\"

-Dcatalina.base= "\" $CATALINA_BASE\ "\"

-Dcatalina.home= "\" $CATALINA_HOME\ "\"

-Djava.io.tmpdir= "\" $CATALINA_TMPDIR\ "\"

Org.apache.catalina.startup.Bootstrap "$@" start 2 > & 1 | / usr/sbin/cronolog "$CATALINA_BASE" / logs/catalina.%Y-%m-%d.out > > / dev/null &

Fi

= tomcat log split deletes catalina.out= periodically

Cut log files at 11: 50 every night and delete logs for more than 30 days

Log_path=/opt/tomcat/logs

D=date +% Y-%m-%d

D90=date-dudes 30 day ago' +% Y-%m-%d

Cd ${log_path} & & cp catalina.out $log_path/cron/catalina.out.$d.log

Echo > catalina.out

Rm-rf $log_path/cron/catalina.out.$ {d90} .log

Add permission

Chmod 777 / shell/log.sh

Edit crontab

Crontab-e

50 23 * sh / shell/log.sh

-- another way--

Crontab-e

5 find / usr/logs/-name ".20"-ctime + 7-exec rm-rf {}\

Systemctl start tomcat7.service

= configure access to different folders under the same project =

Comment out the original configuration first, and then add the following:

= SSL environment building = =

In the conf of nginx, make the corresponding modification

Server {

Listen 80

Server_name domain name address

Rewrite ^ (. *) $https://$host$1 permanent

}

Server {

Listen 443

Server_name x

Ssl on

Ssl_certificate / etc/nginx/vhost/ssl/certificate.crt

Ssl_certificate_key / etc/nginx/vhost/ssl/private.key

Ssl_session_timeout 5m

Ssl_protocols TLSv1

Ssl_ciphers HIGH:!aNULL:!MD5

Ssl_prefer_server_ciphers on

Location / {client_max_body_size 16m; client_body_buffer_size 128k; proxy_pass http://IP address: 8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for Proxy_set_header X-Forwarded-Proto https; proxy_next_upstream off; proxy_connect_timeout 30; proxy_read_timeout 300; proxy_send_timeout 300;}}

Modify in server.xml in tomcat:

Modified to:

And add new nodes:

Restart the tomcat service

Systemctl restart tomcat.service

Note: if there is no certificate with only key and crt files, you can enter

Https://www.myssl.cn/tools/merge-pfx-cert.html

To generate a certificate for a pfx file and set a password.

= Tomcat performance monitoring through VisualVM =

JMX download address: http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar

After the catalina-jmx-remote.jar package is downloaded, it is placed in the lib directory of Tomcat.

Vim catalina.sh

-- add the following under the comment

CATALINA_OPTS= "$CATALINA_OPTS-Dcom.sun.management.jmxremote

-Dcom.sun.management.jmxremote.port=7090

-Dcom.sun.management.jmxremote.ssl=false

-Djava.rmi.server.hostname= the IP address of the server being monitored

-Dcom.sun.management.jmxremote.authenticate=true

-Dcom.sun.management.jmxremote.password.file=/var/tomcat/tomcat/conf/jmxremote.password

-Dcom.sun.management.jmxremote.access.file=/var/tomcat/tomcat/conf/jmxremote.access "cd / var/tomcat/tomcat/conf

Vim jmxremote.accessmonitorRole readonly

ControlRole readwritevim jmxremote.password / / to be consistent with the permissions to run tomcat monitorRole 25DWd12 & D ^ W

ControlRole 25DWdl2 & D ^ W

The chmod 0400 jmxremote.password / / password file should be read-only and can only be run by Tomcat users

Systemctl restart tomcat.service

At this point, the whole environment and system have been built and deployed.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.