Shulou(Shulou.com)06/02 Report--

How to build the basic settings of the CentOS7 server, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Set up the yum source

Foreign yum source is used by default, and the speed is slow, so you can change it to domestic yum source.

Tencent CVM has been set to Tencent Cloud's own yum source by default. Both Base and Epel are available and can be used directly.

List of Centos images: https://www.centos.org/download/mirrors/

Epel source:

Https://mirrors.aliyun.com/epel/

Mysql source:

Http://centos.ustc.edu.cn/mysql-repo/

To install php, you need to use the remi source:

Official website https://rpms.remirepo.net/

Update the system

Update the system to the latest state first.

Cat / etc/redhat-release / / View the current version of yum update / / update settings vim comment color

The color of vim comments is very light and difficult to read. You can change the color of vim comments.

Create a new .vimrc file under the user's home directory

Vi / .vimrc

Add the following

Hi Comment ctermfg = blueSELinux

SELinux is an enhanced security system, but its use and configuration are complex. If you are not proficient in SELinux, it is recommended to close SELinux, otherwise you will encounter a lot of problems.

Centos7 enables SELinux by default. SELinux is disabled by default on the CentOS7 server in Tencent Cloud.

Check to see if SELinux is on

Getenforce

Turn off SELinux:

Open the SELinux configuration file

Vim / etc/selinux/config

Modify the following, and the configuration file will take effect the next time you restart

SELINUX=disabled

Temporarily shut down SELinux

Setenforce 0 time synchronization

After the system has been running for a long time, the inaccurate time may occur. Turn on time synchronization to keep the server's time accurate.

Yum install ntpsystemctl enable ntpd

View current time date

File handle

Sets the number of files that can be opened simultaneously. If this value is too small, it will affect server performance, such as opening a database connection requires opening a file.

The Centos7 default value is 1024. Tencent Cloud CentOS7 server is set to 100001 by default.

Execution

Ulimit-a

Where open files (- n) 1024 is the maximum value of the file handle.

Execution

Vi / etc/security/limits.conf

Modify

*-nofile 100001

Or

@ users soft nofile 100001@users hard nofile 100002@root soft nofile 100001@root hard nofile 100002

Restart the system after modification to see if the modification takes effect.

Firewalls

Opening the firewall is the basic measure to ensure the security of the server. Firewall is disabled by default on CentOS7 CVM in Tencent Cloud.

Tencent Cloud can use security groups, which is a virtual firewall provided by Tencent Cloud. Manage the security group through Tencent Cloud backend to avoid the failure to log in to the server because the firewall rules are not modified after the remote port is modified. It is also convenient to use, you can select the corresponding rule template, and then modify it slightly.

The common ports that need to be opened are: SSH port 22, FTP port 21, MySQL port 3306, HTTP port 80, HTTPS port 443.

# start systemctl start firewalld# turn off systemctl stop firewalld# View status systemctl status firewalld# disable boot start systemctl disable firewalld# allow boot enable systemctl enable firewalld# add firewall rule-permanent stands for permanent effect Invalid firewall-cmd after restart without this parameter-- zone=public-- add-port=80/tcp-- permanent# reload firewall rule firewall-cmd-- reload# view firewall rule firewall-cmd-- zone=public-- query-port=80/tcp# delete firewall rule firewall-cmd-- zone=public-- remove-port=80/tcp-- permanent# view all open ports firewall-cmd-- zone=public-- list-ports# display status firewall- Cmd-is it helpful for you to read the above content by state? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.