==============安装centos 7.0=======================
选择最小安装,将相关的"调试工具"、“兼容性程序库”、“开发工具”选中。
此操作是为了减少后期安装或编译相关服务时出现依赖、或环境的问题。
硬盘分区,可根据个人的习惯而定,不清楚的可以直接选择系统自动分区,
由于个人的习惯,本人的分区如下,仅供参考:
/boot 500M 用于启动Linux的核心文件
swap 5120M(5G) Linux下的交换分区,又称为虚拟内存,一般是物理内存的2倍,但不建议超过8G
/ 51200M(50G) 所有系统的文件等,都在该分区下
/home 剩下的空间 用户主目录,新建的用户的目录将会出现在这里
systemctl stop firewalld //停止系统默认的防火墙
systemctl mask firewalld //屏蔽服务(让它不能启动)
reboot //重启让selinux配置生效
=================管理工具安装======================
安装ifconfig、ntsysv、updatedb、lrzsz(上传下载)、wget(远程http下载)功能
yum install -y chkconfig net-tools telnet ntsysv mlocate lrzsz wget lsof setuptool system-config-securitylevel-tui system-config-network-gui system-config-network-tui system-config-date tcpdump
yum install -y vim nano //安装编辑器
==============更新Centos 7.0 repo源=====================
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum clean all
yum makecache
yum install -y python-pip
pip install --upgrade pip
pip install requests
=====安装nginx yum安装的第三方repo源文件(使用编译安装则不需要)=======
mkdir /root/software
cd /root/software
wget https://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -ivh epel-release-7-11.noarch.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
=====安装mysql yum安装的第三方repo源文件(使用编译安装则不需要)=======
cd /root/software //进入源文件集中文件夹
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm //下载
yum localinstall -y mysql57-community-release-el7-8.noarch.rpm //通过rpm安装得到repo源
yum repolist enabled | grep "mysql.-community." //检查mysql源是否安装成功
=================各种环境的预装======================
yum install -y make cmake gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers gd gd-devel perl expat expat-devel nss_ldap unixODBC-devel libxslt-devel libevent-devel libtool-ltdl bison libtool zip unzip gmp-devel //安装各种环境所需要的插件
yum install -y pcre pcre-devel //安装PCRE(可与预装环境同步进行)
yum update -y //升级补丁
=======================安装mysql及初始设置mysql=======================
yum install -y bison-devel libaio-devel //预装mysql环境
yum install -y perl-Data-Dumper //预装mysql所需环境
yum install -y mysql-server //安装mysqld
service mysqld start //启动mysql
systemctl enable mysqld.service //开机自启动
-------------------------配置mysql支持UTF-8-------------------------
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
lower_case_table_names=1
character-set-server=utf8
max_connections=500
innodb_log_file_size=60M
innodb_buffer_pool_size=128M
symbolic-links=0
[client]
default-character-set=utf8
socket=/var/lib/mysql/mysql.sock
service mysqld restart //重启mysql
=================MySQL运维小知识======================
MySQL高占用CPU、内存,有可能是由于进程未能及时释放,可以通过简单的设置,可以有效的解决这个问题。
mysql -uroot -p
mysql> show global variables like '%timeout';
mysql> set global interactive_timeout=100;
-----------------上述的,在重启mysqld.service后失效-----------------------------------
vi /etc/my.cnf
[mysqld]
interactive_timeout=20
wait_timeout=20
------------------------------上述,任何时候都生效-------------------------
-----------------------------mysql创建远程用户并授权---------------------------
mysql -uroot -p
mysql> create user root identified by '123456';
mysql> grant all privileges on . to 'root'@'%'identified by '123456' with grant option;
mysql> flush privileges;
-----------------------------mysql创建数据库-----------------------------
mysql> CREATE DATABASE lottery DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
----------------------------mysql修改指定用户的密码-------------------------------
update mysql.user set password=password('新密码') where User="test" and Host="localhost";
---------------------------mysql删除指定用户-------------------------------------
delete from user where User='test' and Host='localhost';
chmod 777 /var/lib/php/session //设置文件夹属性
chkconfig php-fpm on
=============安装yum nginx============
yum install -y automake autoconf libtool make
yum install -y nginx
chkconfig nginx on
cd /etc/nginx
mkdir vhost //放虚拟主机配置文件的位置
vi nginx.conf
-------------在server{}中添加如下内容---------------------------~~~~在server的root下添加如下内容,默认首页文件名~
index index.php default.php index.html index.htm;~~在server中添加支持PHP的语句~~~
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
---------------------在http{}的最后,添加如下内容---------------------------
include vhost/*.conf; //添加完成后保存退出
nginx -t //检查nginx.conf及vhost下的配置文件是否正确
service php-fpm start //启动PHP-FPM
service nginx restart //重启nginx服务
------------------虚拟主机配置示例------------------------------
server {
listen 808;
server_name 10.17.162.113:808;
root /home/website/phpmyadmin/wwwroot;
location / {
index index.php index.html index.shtml;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/website/phpmyadmin/wwwroot$fastcgi_script_name;
include fastcgi_params;
}
#log...
}
------------------Nginx 反向代理转发(无条件访问HTTPS)---------------------------
server {
listen 80;
server_name huizhong.itrxm.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name huizhong.itrxm.com;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/huizhong.itrxm.com-certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/huizhong.itrxm.com-private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass https://10.17.162.113:6443;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
-------------------------------Nginx访问TomCat WebApps下某个目录---------------
server {
listen 80;
server_name hhcphb.itrxm.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /HBH5/ {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://59.188.14.217:8080/HBH5/;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#root html;
#index index.html;
proxy_next_upstream off;
proxy_buffer_size 32k;
proxy_buffers 64 32k;
proxy_busy_buffers_size 1m;
proxy_temp_file_write_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
注:若输入javac显示:bash: javac: 未找到命令… 则说明配置失败,检查环境变量路径是否正确。
================Tomcat安装=============
mkdir /opt/tomcat
sudo groupadd tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat/tomcat tomcat
mkdir /root/software //创建专用于存放下载的软件,个人习惯,也可放在/usr/local下等。
cd /root/software
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz
sudo tar -zxvf apache-tomcat-7.0.82.tar.gz -C /opt/tomcat/tomcat --strip-components=1
cd /opt/tomcat/tomcat
chmod -R 754 bin/
chgrp -R tomcat /opt/tomcat/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/
=================创建服务启动文件==================
sudo vi /etc/systemd/system/tomcat.service
-------------------------------内容如下----------------------------------------------------
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/tomcat
Environment=CATALINA_BASE=/opt/tomcat/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
systemctl daemon-reload //重载一下服务单元
systemctl enable tomcat.service
systemctl start tomcat.service
===========安装haveged(进程守护)====================
sudo yum install -y haveged
sudo systemctl start haveged.service
sudo systemctl enable haveged.service
访问 http://[Your-Host-IP]:8080 预览是否正常。
sudo systemctl restart tomcat.service
shift
touch “$CATALINA_OUT”
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start \
“$CATALINA_OUT” 2>&1 “&”
fi
改为:
shifttouch "$CATALINA_OUT" 注释掉
if [ “$1” = “-security” ] ; then
if [ $have_tty -eq 1 ]; then
echo “Using Security Manager”
fi
shift
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Djava.security.manager \
-Djava.security.policy==”\”$CATALINA_BASE/conf/catalina.policy\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
else
eval “\”$_RUNJAVA\”” “\”$LOGGING_CONFIG\”” $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
-Djava.endorsed.dirs=”\”$JAVA_ENDORSED_DIRS\”” -classpath “\”$CLASSPATH\”” \
-Dcatalina.base=”\”$CATALINA_BASE\”” \
-Dcatalina.home=”\”$CATALINA_HOME\”” \
-Djava.io.tmpdir=”\”$CATALINA_TMPDIR\”” \
org.apache.catalina.startup.Bootstrap “$@” start 2>&1 | /usr/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &
fi
====================tomcat日志分割定期删除catalina.out=============
每天晚上11点50切割日志文件,同时删除超过30天的日志
log_path=/opt/tomcat/logs
d=date +%Y-%m-%d
d90=date -d'30 day ago' +%Y-%m-%d
cd ${log_path} && cp catalina.out $log_path/cron/catalina.out.$d.log
echo > catalina.out
rm -rf $log_path/cron/catalina.out.${d90}.log
添加权限
chmod 777 /shell/log.sh
编辑crontab
crontab -e
50 23 * sh /shell/log.sh
----------------------另一种方法---------------------------
crontab -e
systemctl start tomcat7.service
===============配置访问同一个项目下不同的文件夹===========
先将原本的<host>配置注释掉,然后新增如下内容:
<Host name="hhcp.itrxm.com" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/tomcat/tomcat/webapps/ROOT" debug="0" reloadable="true" />
</Host>
<Host name="hhcphb.itrxm.com" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/data/tomcat/tomcat/webapps/HBH5" debug="0" reloadable="true" />
</Host>
================SSL环境搭建==================================
在nginx的conf中,进行做对应的修改
server {
listen 80;
server_name 域名地址;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name x;
ssl on;
ssl_certificate /etc/nginx/vhost/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/vhost/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 16m;
client_body_buffer_size 128k;
proxy_pass http://IP地址:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream off;
proxy_connect_timeout 30;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
在tomcat 中的server.xml中修改:
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
修改为:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/tomcat/tomcat/conf/cert/201802031124.pfx" //绝对路径,否则容易出错
keystoreType="PKCS12"
keystorePass="201802031124"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
并新加节点:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
重启tomcat服务
systemctl restart tomcat.service
注:没有若只有key及crt文件的证书,可以进入
https://www.myssl.cn/tools/merge-pfx-cert.html
中进行生成一个pfx文件的证书,并设置一个密码。
=================通过VisualVM对Tomcat性能监控==================
JMX下载地址:http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.81/bin/extras/catalina-jmx-remote.jar
catalina-jmx-remote.jar包下载完成后放到Tomcat的lib目录下
chmod 0400 jmxremote.password //密码文件应该是只读的,只能由Tomcat运行用户
systemctl restart tomcat.service
至此,整套环境及系统搭建部署完毕。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。