一、原始环境
LNMP
NGINX
1,通过源安装(推荐):
Nginx官方提供了最新Yum源(1.16版),
执行命令添加源:
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
执行下列命令安装Nginx
sudo yum install -y nginx
启动Nginx
sudo systemctl start nginx.service
设置开机自动运行
sudo systemctl enable nginx.service
检查安装是否成功,在浏览器中输入服务器的地址,本机安装则输入127.0.0.1,回车:
会显示:welcome to nginx!
2,编译安装(新手不推荐)
看这篇:https://www.cnblogs.com/liaoxianfu/p/0ec6427a9b5fa9063022fac1c2561395.html
pid
pkill -9 nginx
nginx -c /etc/nginx/nginx.conf
nginx -s reload安装php7.2和php-fpm
常用路径
/etc/php.ini
redis: https://blog.51cto.com/u_12179846/3190462
$ wget https://github.com/phpredis/phpredis/archive/4.0.2.tar.gz
$ tar -zxvf phpredis-4.0.2.tar.gz
$ cd phpredis-4.0.2
$ /usr/local/php/bin/phpize # php安装后的路径
$ ./configure --with-php-config=/usr/local/php/bin/php-config
$ make && make install
echo 'extension=redis.so' >> /usr/local/php/etc/php.ini
/etc/init.d/php-fpm restart
php -m | grep redis
安装7.3
1,yum安装
执行如下两个命令添加php最新的yum源:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# 可以下载放到服务器
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# 如果不行
rpm -qa |grep webtatic
rpm -e webtatic-release-7-3.noarch
yum -y remove php*
yum -y install php72w php72w-cli php72w-fpm php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-mysqlnd php72w-opcache php72w-pdo php72w-xml
php -v
php -m
service php-fpm start
service php-fpm status
systemctl enable php-fpm.service
systemctl list-dependencies | grep php-fpm先清理旧php版本:yum -y remove php*
安装php72w和php-fpm等拓展件:yum -y install php72w php72w-cli php72w-fpm php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-mysqlnd php72w-opcache php72w-pdo php72w-xml
验证php是否安装成功:php -v
验证对应的扩展是否安装成功:php -m
设置php-fpm并检测php-fpm的运行状态
启动php-fpmservice php-fpm start
检查启动是否成功service php-fpm status
设置开机自启动systemctl enable php-fpm.service
检查开机自启动是否设置成功systemctl list-dependencies | grep php-fpm
2,配置php-fpm使nginx能够解析php
配置文件为:/etc/php-fpm.d/www.conf
输入ps -aux|grep nginx: worker process
出现的进程用户名应该是:nginx(有的是www-data)
修改vim /etc/php-fpm.d/www.conf
使
user = nginx
group = nginx
修改完后应重启php-fpm使修改后的配置生效。
停止systemctl stop php-fpm.service
重启systemctl restart php-fpm.service
3,配置nginx解析php
编辑配置文件:vim /etc/nginx/conf.d/default.conf
修改server{ }里面内容如下:
location / {
root /var/www/html;
index index.html index.htm index.php;
}去掉下面这段前面的注释号#,和修改对应的内容(注意)
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#注意下面这一行不同之处,需要修改:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}重载配置文件nginx:使配置生效
nginx -s reload
不行的话:
nginx -s stop
nginx -c /etc/nginx/nginx.conf
# 4,测试
在网站根目录,一般为/var/www/html
新建文件index.php:vim index.php
内容如下:
<?php
phpinfo();
?>在浏览器输入:服务器ip(或本机测试ip 127.0.0.1)/index.php
会显示php的相关信息,表示成功。
5、错误
403
一是缺少索引文件,二是权限问题,三是SELinux状态。
server {
listen 80;
server_name localhost;
index index.php index.html;
root / var/www;
}chmod -R 755 / var/www
/usr/sbin/sestatus -v
#临时 setenforce 0
vim /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled
reboot安装MySQL
查看文章(https://blog.csdn.net/qq_38591756/article/details/82958333**)**
数据库远程连接(https://blog.csdn.net/CatEatApple/article/details/82736779**)**
复制下载链接:https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
本次下载目录为:/home/目录,因此进入:cd /home
执行下载命令:
wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm2.安装mysql源
下载完成后使用下面命令安装源:
yum localinstall mysql80-community-release-el7-1.noarch.rpm3.检查是否安装成功
yum repolist enabled | grep "mysql.*-community.*"
4.修改安装版本(非必须)
如果需要安装指定版本的mysql,可以修改vim /etc/yum.repos.d/mysql-community.repo源,改变默认安装的mysql版本。
例如要安装5.7版本,将5.7源的enabled=0改成enabled=1,将8.0的enabled=1改成enabled=0即可,如下(本次未做修改,直接安装最新版8.0.12)
安装mysql
yum install mysql-community-server
# error
## Error:Unable to find a match
yum module disable mysql
## No package available.
## Error: Nothing to do
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum localinstall mysql57-community-release-el7-11.noarch.rpm
yum install mysql-community-server
# Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'
service mysqld start上面方法不行
https://www.cnblogs.com/xxoome/p/8313453.html
# 手册:https://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/
# centos7.6中 7可以
# https://dev.mysql.com/downloads/repo/yum/
wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
yum localinstall mysql80-community-release-el7-3.noarch.rpm
yum repolist all | grep mysql
# 没有命令 yum -y install yum-utils
yum-config-manager --enable mysql57-community
# 也可以手动修改
# 注意不能有原文件 rm -rf /var/lib/mysql
yum module disable mysql
yum install -y mysql-community-server --nogpgcheck完成后修改配置,貌似本地程序会连接不上
vim /etc/my.cnf
validate_password=off
bind-address=0.0.0.0
max_connections=1000
skip-name-resolve启动mysql服务
1.启动
systemctl start mysqld
或者
service mysqld start2.查看启动状态
systemctl status mysqld
或者
service mysqld status
3.设置开机启动
systemctl enable mysqld
systemctl daemon-reload4. 配置及部分命令
最大连接数
show global status like 'Max_used_connections';
set GLOBAL max_connections=256;
5. 修改登录密码
忘记密码:https://blog.csdn.net/qq_32077121/article/details/118578215
mysql安装完成之后,在/var/log/mysqld.log文件中给root生成了一个默认密码。通过下面的方式找到root默认密码,然后登录mysql进行修改:
grep 'temporary password' /var/log/mysqld.log
本地MySQL客户端登录
mysql -uroot -p
mysql -uroot -p';*H!j?ba*6ov'密码是上一步查询出来的。输入后回车。
然后修改密码:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'TestBicon@123';或者
set password for 'root'@'localhost'=password('TestBicon@123');注意:mysql5.7默认安装了密码安全检查插件(validate_password),默认密码检查策略要求密码必须包含:大小写字母、数字和特殊符号,并且长度不能少于8位。否则会提示ERROR 1819 (HY000): Your password does not satisfy the current policy requirements错误,如下图所示:
通过msyql环境变量可以查看密码策略的相关信息(执行这一步需要先修改默认密码,即执行完上一步修改才可以,否则会报错:ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.):
show variables like '%password%';
validate_password_policy:密码策略,默认为MEDIUM策略
validate_password_dictionary_file:密码策略文件,策略为STRONG才需要
validate_password_length:密码最少长度
validate_password_mixed_case_count:大小写字符长度,至少1个
validate_password_number_count :数字至少1个
validate_password_special_char_count:特殊字符至少1个
上述参数是默认策略MEDIUM的密码检查规则。
修改密码策略:
在/etc/my.cnf文件添加validate_password_policy配置,指定密码策略:
选择0(LOW),1(MEDIUM),2(STRONG)其中一种,选择2需要提供密码字典文件。
validate_password_policy=0
如果不需要密码策略,添加my.cnf文件中添加如下配置禁用即可:
validate_password = off貌似不行
重新启动mysql服务使配置生效:systemctl restart mysqld
redis
redis-server /usr/local/bin/myConfig/redis.conf
编译安装https://www.cnblogs.com/heqiuyong/p/10463334.html
Java
下载jdk
# ubantu /usr/lib/jvm/java-8-openjdk-amd64
sudo apt install openjdk-8-jdk
java -version
卸载:
sudo apt-get autoremove default-jdk
如果不能卸载干净,用下面的方法,亲测成功
jdk彻底卸载:
(1) apt-get update
(2) apt-cache search java | awk '{print($1)}' | grep -E -e '^(ia32-)?(sun|oracle)-java' -e '^openjdk-' -e '^icedtea' -e '^(default|gcj)-j(re|dk)' -e '^gcj-(.*)-j(re|dk)' -e 'java-common' | xargs sudo apt-get -y remove
(3) apt-get -y autoremove
2、清除配置信息: dpkg -l | grep ^rc | awk '{print($2)}' | xargs sudo apt-get -y purge
3、清除java配置及缓存: bash -c 'ls -d /home/*/.java' | xargs sudo rm -rf
4、手动清除JVMs: rm -rf /usr/lib/jvm/*在官网下的太慢
华为仓库:https://repo.huaweicloud.com/java/jdk/
wget https://repo.huaweicloud.com/java/jdk/8u201-b09/jdk-8u201-linux-i586.tar.gz
选择自己心仪的版本下载,下载tar.gz的解压就能用,传输到linux上,上传路径为/usr/java
使用tar -zxvf yourName.tar.gz解压
tar -zxvf jdk-8u201-linux-i586.tar.gz配置环境
vim /etc/profile,该JDK在所有用户中生效:
文本末尾添加,G 可跳转到文本末尾,注意把JAVA_HOME的版本换成自己的
vim /etc/profile
export JAVA_HOME=/usr/java/jdk1.8.0_201
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATHyum install glibc.i686 -y
yum install -y libc6-i386
source /etc/profile #让环境生效
java -version
vim Test.java
public class Test{
public static void main(String[] args){
System.out.print("???");
}
}
javac Test.java
java Test测试
java -version
报错1
yum install glibc.i686 -y
再测试就行了
报错2
bin/java: No such file or directory
yum install -y libc6-i386
测试
在/tmp目录vim Test.java
public class Test{
public static void main(String[] args){
System.out.print("???");
}
}保存后
javac Test.java
java Test
会输出???,就成功了
部署Springboot应用
# 在后台运行
nohup java -jar -Xms212M -Xmx248M study-0.0.1-SNAPSHOT.jar > study.log &
nohup java -jar -Xms212M -Xmx248M ruoyi-modules-system.jar > system.log &
nohup java -jar -Xms212M -Xmx248M ruoyi-auth.jar > auth.log &
# 需要添加注册ip,否则找不到服务
nohup java -jar -Xms212M -Xmx248M ruoyi-modules-system.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > system.log &
nohup java -jar -Xms212M -Xmx248M ruoyi-auth.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > auth.log & Tomcat
下载tomcat
官网:https://tomcat.apache.org/download-90.cgi
选择自己心仪的版本下载传输到linux。
# 下载tomcat
wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.64/bin/apache-tomcat-9.0.64.tar.gz如果链接不行,就浏览浏览器访问https://downloads.apache.org/tomcat/tomcat-9
选择一个版本,进入bin目录,右键选择一个,复制链接替换上面wget的地址
# 解压对应下载的文件夹
tar -zxvf apache-tomcat-9.0.64.tar.gz使用
进入tomcat的bin目录
bash startup.sh 即可运行
bash shutdown.sh关闭tomcat
通过地址栏访问
注意查看云主机是否开放了8080端口
这样就成功了
将请求交给tomcat
vim /etc/nginx/conf.d/default.conf 此处为yum安装的nginx的路径
default.conf末尾添加
server {
listen 80;
server_name test.yourDomain.cn;
server_name_in_redirect on;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://localhost:8080;#转向tomcat处理
}
}将server_name 换成自己的域名
这时nginx -t 进行测试nginx配置是否报错
nginx -s reload 使nginx配置生效
修改Tomcat默认访问路径
如果想修改tomcat的默认访问路径
vim /usr/java/apache-tomcat-9.0.34/conf/server.xml 此处为自己具体tomcat的安装位置
在<host>区间中添加<Context/>如下,docBase修改为自己想绑定的目录
reloadable监视在 WEB-INF/classes 和 WEB-INF/lib 目录下class文件的改动
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="serverName" reloadable="true"/>
</Host>再重启tomcat访问即可
Nacos
https://github.com/alibaba/nacos/releases/tag/1.1.4
centos
wget https://github.com/alibaba/nacos/releases/download/1.1.4/nacos-server-1.1.4.tar.gz
wget https://github.91chifun.workers.dev/https://github.com//alibaba/nacos/releases/download/1.1.4/nacos-server-1.1.4.tar.gz
sh startup.sh -m standalone
jenkins
# docker安装 https://www.jenkins.io/zh/doc/book/installing/#%E5%AE%89%E8%A3%85docker
docker run -u root --rm -d -p 9000:8080 -p 50000:50000 -v jenkins-data:/var/jenkins_home -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean
# java 不可用,没有编译
#yum -y install java-1.8.0-openjdk
# system安装
#wget https://mirrors.tuna.tsinghua.edu.cn/jenkins/redhat-stable/jenkins-2.249.1-1.1.noarch.rpm
#yum install -y jenkins-2.249.1-1.1.noarch.rpm
# 新版本 https://mirrors.aliyun.com/jenkins/redhat/jenkins-2.302-1.1.noarch.rpm?spm=a2c6h.25603864.0.0.6cb6fad6iK9Nkm
wget https://mirrors.aliyun.com/jenkins/redhat/jenkins-2.294-1.1.noarch.rpm
yum install -y jenkins-2.294-1.1.noarch.rpm
# 修改端口,找到文件中JENKINS_PORT=“8080” ,如果是新版本jenkins的配置文件在/etc/sysconfig/jenkins
vi /etc/sysconfig/jenkins
# 如果不是 install java8
vi /etc/init.d/jenkins
# candidates /usr/bin/java 改为java地址 which java
vim /etc/sysconfig/jenkins
#修改配置
$JENKINS_USER="root"
chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins
service jenkins restart
ps -ef | grep jenkins
systemctl start jenkins
# mk?
cd /var/lib/jenkins/updates
# 配置镜像
sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
cat /var/lib/jenkins/secrets/initialAdminPassword
systemctl restart jenkins.service
# 没tomcat的操作权限,给jenkins 所有者和群组
chown -R jenkins:jenkins tomcat9
插件
Maven Integration 全局:新增maven、配置、java
gitee 使用账号密码凭证
GitHub Branch Source
Git Parameter
Publish Over SSH
docker build step
Role-based Authorization Strategy 角色
ssh
Email Extension
docker ?
clean package -Dmaven.test.skip=truebash
export BUILD_ID=dontKillMe
# module
#module_array=("psedu-modules-system" "psedu-base" "psedu-exam" "psedu-modules-file" "psedu-modules-gen")
#module_path_array=("psedu-system" "psedu-base" "psedu-exam" "psedu-file" "psedu-gen")
#module_array=("psedu-base" "psedu-modules-system")
#module_path_array=("psedu-base" "psedu-system")
#module_array=("psedu-modules-system")
#module_path_array=("psedu-system")
module_array=("psedu-base" "psedu-exam" "psedu-modules-system")
module_path_array=("psedu-base" "psedu-exam" "psedu-system")
#module_array=("psedu-modules-system")
#module_path_array=("psedu-system")
for index in ${!module_array[@]}
do
module_name=${module_array[$index]}
module_path=${module_path_array[$index]}
cp -rf psedu-modules/${module_path}/target/${module_name}.jar /opt/project/${module_name}.jar
# 删除已有的
id=$(ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}')
echo ${id}
if [ ! -n "$id" ]; then
echo "未运行"
else
echo "运行中"
kill -9 `ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}'` &>/dev/null
fi
nohup java -javaagent:/opt/apache-skywalking-apm-bin/bin/agent/skywalking-agent.jar \
-Dskywalking.agent.service_name=${module_name} \
-Dskywalking.collector.backend_service=119.91.100.120:11800 \
-jar -Xms212M -Xmx248M /opt/project/${module_name}.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > /opt/project/${module_name}.log &
done
# root目录
#root_module_array=("psedu-auth" "psedu-gateway" "psedu-visual-monitor")
#root_module_path_array=("psedu-auth" "psedu-gateway" "psedu-visual/psedu-monitor")
#root_module_array=("psedu-gateway")
#root_module_path_array=("psedu-gateway")
#root_module_array=("psedu-visual-monitor")
#root_module_path_array=("psedu-visual/psedu-monitor")
root_module_array=("psedu-auth" "psedu-gateway" "psedu-visual-monitor")
root_module_path_array=("psedu-auth" "psedu-gateway" "psedu-visual/psedu-monitor")
for index in ${!root_module_array[@]}
do
module_name=${root_module_array[$index]}
module_path=${root_module_path_array[$index]}
cp -rf ${module_path}/target/${module_name}.jar /opt/project/${module_name}.jar
# 删除已有的
id=$(ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}')
echo ${id}
if [ ! -n "$id" ]; then
echo "未运行"
else
echo "运行中"
kill -9 `ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}'` &>/dev/null
fi
nohup java -javaagent:/opt/apache-skywalking-apm-bin/bin/agent/skywalking-agent.jar \
-Dskywalking.agent.service_name=${module_name} \
-Dskywalking.collector.backend_service=119.91.100.120:11800 \
-jar -Xms212M -Xmx248M /opt/project/${module_name}.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > /opt/project/${module_name}.log &
done# 需要在脚本开始时添加export BUILD_ID=dontKillMe。
# 原因:因为Jenkins执行完当前任务之后需要执行下一个任务,此时Jenkins会直接把tomcat进程杀掉
export BUILD_ID=dontKillMe
cp -rf target/library.war /opt/tomcat9/webapps/
sh /opt/tomcat9/bin/startup.sh
netstat -anp | grep 8080
kill -9 `ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}'` &>/dev/null
export BUILD_ID=dontKillMe
#module_array=("ruoyi-modules-system" "psedu-base" "psedu-exam")
#module_path_array=("ruoyi-system" "psedu-base" "psedu-exam")
module_array=("psedu-base")
module_path_array=("psedu-base")
for index in ${!module_array[@]}
do
module_name=${module_array[$index]}
module_path=${module_path_array[$index]}
cp -rf ruoyi-modules/${module_path}/target/${module_name}.jar /opt/project/${module_name}.jar
kill -9 `ps -ef|grep ${module_name}|grep -v grep|awk '{print $2}'` &>/dev/null
nohup java -jar -Xms212M -Xmx248M /opt/project/${module_name}.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > ${module_name}.log &
done
#cp -rf ruoyi-modules/ruoyi-system/target/ruoyi-modules-system.jar /opt/project/ruoyi-modules-system.jar
#cd /opt/project
#bash stop-system.sh
#nohup java -jar -Xms212M -Xmx248M ruoyi-modules-system.jar --spring.cloud.nacos.discovery.ip=101.200.169.229 > system.log & 其他
# 工程目录
cd /var/lib/jenkins/workspace/psedu
# 端口号 8080
vim /etc/sysconfig/jenkins
# 删除进程脚本
kill -9 `ps -ef|grep ruoyi-modules-system|grep -v grep|awk '{print $2}'`
kill -9 `ps -ef|grep ruoyi-modules-system|grep -v grep|awk '{print $2}'` &>/dev/null升级
Manage Jenkins管理jenkins首页,点击download下载相关包
rpm -ql jenkins
查看war存放位置
将已下载的war包上传至/usr/lib/jenkins/
systemctl restart jenkins
maven
第一步:上传或下载安装包
# 很慢
wget https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
# mv apache-maven-3.6.3-bin.tar.gz /usr/local
cd /usr/local
tar -zxvf /usr/local/apache-maven-3.6.3-bin.tar.gz
ln -s /usr/local/apache-maven-3.6.3 /usr/local/maven
#ln -s /opt/apache-maven-3.6.3 /usr/local/maven
# 注意java
# ln -s /usr/java/jdk1.8.0_201/bin/java /usr/bin/javacd apache-maven-3.6.3/conf
vim settings.xml
<!-- 阿里云中央仓库 -->
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>central</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror># 环境变量
vim /etc/profile
export MAVEN_HOME=/usr/local/maven
export PATH=$PATH:$MAVEN_HOME/bin
# 环境生效
source /etc/profile
mvn –vzookeeper
yum -y install java-1.8.0-openjdk
wget https://dlcdn.apache.org/zookeeper/zookeeper-3.5.9/apache-zookeeper-3.5.9-bin.tar.gz
tar -zxvf apache-zookeeper-3.5.9-bin.tar.gz
# 会默认启动8080的管理控制台,需要在zoo.cfg中添加
# admin.serverPort=没有被占用的端口号
./zkServer.sh start
./bin/zkCli.sh -server 127.0.0.1:2181
ls /sentinel
1.8 https://github.com/alibaba/Sentinel/releases
nohup java -Dserver.port=8718 -Dcsp.sentinel.dashboard.server=localhost:8718 -Dproject.name=sentinel-dashboard -Dcsp.sentinel.api.port=8719 -jar /opt/sentinel-dashboard-1.8.0.jar> sentinel.log &
-Dspring.cloud.sentinel.transport.dashboard=localhost:8718
二、Docker
初始化
c/c++
yum -y install gcc
yum -y install gcc-c++下载
# https://www.runoob.com/docker/ubuntu-docker-install.html
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
# 用1.2
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
# centos docker
curl -sSL https://get.daocloud.io/docker | sh
apt install -y docker.io
# 该脚本可以将 --registry-mirror 加入到你的 Docker 配置文件 /etc/docker/daemon.json 中。适用于 Ubuntu14.04、Debian、CentOS6 、CentOS7、Fedora、Arch Linux、openSUSE Leap 42.1,其他版本可能有细微不同。更多详情请访问文档。
/etc/docker/daemon.json 逗号
# OR 1.2
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
# 阿里云镜像
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker相关
yum install -y docker-ce docker-ce-cli containerd.io
# 配置镜像加速器
mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://st53edx2.mirror.aliyuncs.com"]
}
EOF
# 2
# 检测
docker version
systemctl enable docker # 自启动
sudo systemctl start docker # 启动
# 测试
docker run hello-worldcentos8
#1、更新yum
sudo yum -y update
#2、centos8默认使用podman代替docker,所以需要containerd.io,那我们就安装一下就好了
yum install https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.6-3.3.fc30.x86_64.rpm
#3、安装其他依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#4、安装docker,出现了错误
yum install -y docker-ce docker-ce-cli containerd.io
Error:
Problem 1: problem with installed package podman-2.2.1-7.module_el8.3.0+699+d61d9c41.x86_64
(try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
#因为centos8默认使用podman代替docker,直接安装docker会产生冲突,因此:
yum erase podman buildah
yum install -y docker-ce docker-ce-cli containerd.io
docker -vcompose
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.1.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-composeLNMP
https://github.com/ydtg1993/server
下载
docker pull php:7.2-fpm
docker pull nginx
docker pull mysql:5.7
docker pull redis:3.2
docker images# 注:
-i 表示允许我们对容器进行操作
-t 表示在新容器内指定一个为终端
-d 表示容器在后台执行
/bin/bash 这将在容器内启动bash shell
-p 为容器和宿主机创建端口映射
--name 为容器指定一个名字
-v 将容器内路径挂载到宿主机路径
--privileged=true 给容器特权,在挂载目录后容器可以访问目录以下的文件或者目录
--link可以用来链接2个容器,使得源容器(被链接的容器)和接收容器(主动去链接的容器)之间可以通过别名通信,解除了容器之间通信对容器IP的依赖mysql
docker run --name mydb -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -d mysql:5.7
# 注:-MYSQL_ROOT_PASSWORD=123456 给mysql设置初始密码redis
docker run --name myredis1 -p 6379:6379 -d redis:3.2 --requirepass "mypassword";
docker run --name myredis1 -p 6379:6379 -d -v /root/redis/redis.conf:/etc/redis/redis.conf redis:5.0.9-alpine3.11 redis-server /etc/redis/redis.confredis.conf
exec /bin/sh
# bind 127.0.0.1
tcp-keepalive 10
appendonly no
requirepass root
timeout 30php 扩展
从https://pecl.php.net/package/redis 里面找到自己安装的Redis对应版本的redis
wget https://pecl.php.net/get/redis-4.0.1.tgz
tar -zxvf redis-4.0.1.tgz
cd redis-4.0.1
/usr/bin/phpize
./configure --with-php-config=/usr/bin/php-config
make && make install
# php.d文件夹下创建新文件redis.ini,在redis.ini里加入extension=redis.so这行.
systemctl restart php-fpm
php -m # 发现redis扩展加载上了
# phpinfo();php
docker run -d -p 9000:9000 \
-v /server/www:/var/www/html \
-v /server/php:/usr/local/etc/php\
--link mydb:mydb \
--link myredis:myredis \
--privileged=true \
--name myphp php:7.2-fpm
# 注: 如果不需要搭建本地数据库或者redis可以省去--link mydb:mydb --link myredis:myredis
# 注意-v 挂载一个空文件夹是会覆盖容器中的内容,所以配置文件要事先准备好nginx
docker run --name mynginx -d -p 80:80 \
-v /server/www:/usr/share/nginx/html \
-v /server/nginx:/etc/nginx \
-v /server/logs/nginx.logs:/var/log/nginx \
--link myphp:myphp \
--privileged=true nginx
# 有tomcat
docker run --name mynginx -d -p 80:80 \
-v /server/www:/usr/share/nginx/html \
-v /server/nginx:/etc/nginx \
-v /server/logs/nginx.logs:/var/log/nginx \
--link myphp:myphp \
--link mytomcat:mytomcat \
--privileged=true nginx
#注:
# -v语句冒号后是容器内的路径 我将nginx的网页项目目录 配置目录 日志目录分别挂载到了我事先准备好的/server目录下
# --link myphp:myphp 将nginx容器和php容器连接 通过别名myphp就不再需要去指定myphp容器的ip了
docker run --name lostNginx -d -p 9091:80 \
-v /home/mingyue/lost:/usr/share/nginx/html \
-v /server/nginx:/etc/nginx \
-v /home/mingyues/nginx.logs:/var/log/nginx \
--privileged=true nginx扩展
# 进入php
docker exec -it myphp /bin/bash
# mysql
docker-php-ext-install pdo pdo_mysql
# redis好像下面两个都不行,全部no试试
## redis
docker-php-ext-install redis
## pecl安装redis
pecl install redis && docker-php-ext-enable redis
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& echo "extension=redis.so" > /usr/local/etc/php/conf.d/redis.ini
# 装完扩展 exit退出容器 重启容器
docker restart myphp问题
数据库使用mydb(原来127.0.0.1), 无验证码
gd库
# cat /etc/debian_version ## 10.7
# 更新软件源
apt update
# 安装各种库
apt install -y libwebp-dev libjpeg-dev libpng-dev libfreetype6-dev
# 解压源码
docker-php-source extract
# 进入gd源码文件夹
cd /usr/src/php/ext/gd
# 准备编译
docker-php-ext-configure gd --with-webp-dir=/usr/include/webp --with-jpeg-dir=/usr/include --with-png-dir=/usr/include --with-freetype-dir=/usr/include/freetype2
# 编译安装
docker-php-ext-install gd
# 检查扩展是否安装成功
php -m | grep gd
# 退出php容器终端
exit
# 重启php容器
docker restart myphpnignx
server {
listen 80;
server_name localhost;
charset utf-8;
location / {
root /usr/share/nginx/html/tp_blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/tp_blog/public$fastcgi_script_name;
include fastcgi_params;
}
}
# dockerTest
server {
listen 80;
server_name dockertest.mingyuefusu.cn;
charset utf-8;
location / {
root /usr/share/nginx/html/blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/blog/public$fastcgi_script_name;
include fastcgi_params;
}
}
vim
apt-get install vim
# 错误
apt-get update
apt-get install vimapt下载慢
sed -i s@/archive.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list
apt-get clean
apt-get update
apt-get upgradeMySQL
安装
docker run -p 3306:3306 --name mysql \
-v /mydata/mysql/log:/var/log/mysql \
-v /mydata/mysql/data:/var/lib/mysql \
-v /mydata/mysql/conf:/etc/mysql \
-e MYSQL_ROOT_PASSWORD=root \
-d mysql:5.7
docker update mysql --restart=always配置
# pwd
mkdir -p /mydata/mysql/conf
vim /mydata/mysql/conf/my.cnf
# cat my.cnf
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
bind-address=0.0.0.0
max_connections=1000
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
skip-name-resolve数据迁移
# 导出
#1、导出数据和表结构:
#mysqldump -u用户名 -p密码 数据库名 > 数据库名.sql
/usr/local/mysql/bin/ mysqldump -uroot -p abc > abc.sql
#敲回车后会提示输入密码
#2、只导出表结构
#mysqldump -u用户名 -p密码 -d 数据库名 > 数据库名.sql
/usr/local/mysql/bin/ mysqldump -uroot -p -d abc > abc.sql
#注:/usr/local/mysql/bin/ ---> mysql的data目录
# 导入
create database abc;
use abc;
set names utf8mb4;
mysql>source /home/abc/abc.sql;
# or
mysql -uroot -p abc < abc.sql权限使用
# (1 )打开cmd,登录到mysql
mysql -u root -p
# (2) 输入授权语句:
## 赋予所用权限给 myuser 账户从任何iP( * )以 mypassword 为密码登录
GRANT ALL PRIVILEGES ON *.* TO 'mingyue'@'%'IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
## 赋予所用权限给myuser账户从192.168.1.3以123为密码登录
GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'192.168.1.3'IDENTIFIED BY '123' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'mingyue'@'%'IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
# (3) 生效
FLUSH PRIVILEGES;
GRANT ALL ON swzl.* TO 'swzl'@'%'Redis
docker pull redis启动
mkdir -p /mydata/redis/conf
touch /mydata/redis/conf/redis.conf
echo "appendonly yes" >> /mydata/redis/conf/redis.conf # 持久化
cat >> /server/redis/conf/redis.conf << EOF
appendonly yes
requirepass mingyuefusu!
timeout 30
EOF
docker run -p 6379:6379 --name redis \
-v /var/data/redis/data:/data \
-v /var/data/redis/conf/redis.conf:/etc/redis/redis.conf \
-d redis redis-server /etc/redis/redis.conf
docker run -p 6379:6379 --name redis \
-v /mydata/redis/data:/data \
-v /mydata/redis/conf/redis.conf:/etc/redis/redis.conf \
-d redis redis-server /etc/redis/redis.conf连接到docker的redis
docker exec -it redis redis-cli
set key1 v1
get key1设置redis容器在docker启动的时候启动
docker update redis --restart=alwaysTomcat
启动
docker run -it -p 8080:8080 -v /server/webapps:/usr/local/tomcat/webapps --name mytomcat tomcat:9.0 /bin/bash
# docker run --rm -e JAVA_OPTS='-Xmx512m' tomcat:8 # 限制内存大小# nginx连接tomcat和php
docker run --name mynginx -d -p 80:80 -v /server/www:/usr/share/nginx/html -v /server/nginx:/etc/nginx -v /server/logs/nginx.logs:/var/log/nginx --link myphp:myphp --link mytomcat:mytomcat --privileged=true nginxnginx转发
server {
listen 80;
server_name library.mingyuefusu.cn;
server_name_in_redirect on;
#root /usr/java/apache-tomcat-9.0.34/webapps/ROOT/WEB-INF;
#root /var/www/java;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass mytomcat:8080;#转向tomcat处理
}
}
Nginx
使用
随便启动一个nginx实例,只是为了复制出配置
docker run -p 80:80 --name nginx -d nginx:1.10将容器内的配置文件拷贝到/mydata/nginx/conf/ 下
mkdir -p /mydata/nginx/html mkdir -p /mydata/nginx/logs mkdir -p /mydata/nginx/conf docker container cp nginx:/etc/nginx/* /mydata/nginx/conf/ #由于拷贝完成后会在config中存在一个nginx文件夹,所以需要将它的内容移动到conf中 mv /mydata/nginx/conf/nginx/* /mydata/nginx/conf/ rm -rf /mydata/nginx/conf/nginx终止原容器:
docker stop nginx执行命令删除原容器:
docker rm nginx创建新的Nginx,执行以下命令
docker run -p 80:80 --name nginx \ -v /mydata/nginx/html:/usr/share/nginx/html \ -v /mydata/nginx/logs:/var/log/nginx \ -v /mydata/nginx/conf/:/etc/nginx \ -d nginx:1.10设置开机启动nginx
docker update nginx --restart=always
创建“/mydata/nginx/html/index.html”文件,测试是否能够正常访问
echo '<h2>hello nginx!</h2>' >index.html
配置
server {
server_name example.com;
location /mail/ {
proxy_pass http://example.com:protmail/;
}
location /com/ {
proxy_pass http://example.com:portcom/main/;
}
location / {
proxy_pass http://example.com:portdefault;
}
}- 将
http://example.com/mail/下的请求转发到http://example.com:portmail/ - 将
http://example.com/com/下的请求转发到http://example.com:portcom/main/ - 将其它所有请求转发到
http://example.com:portdefault/
如果代理服务器地址中是带有URI的,此URI会替换掉 location 所匹配的URI部分。
而如果代理服务器地址中是不带有URI的,则会用完整的请求URL来转发到代理服务器。
http://example.com/mail/index.html->http://example.com:portmail/index.htmlhttp://example.com/com/index.html->http://example.com:portcom/main/index.htmlhttp://example.com/mail/static/a.jpg->http://example.com:portmail/static/a.jpghttp://example.com/com/static/b.css->http://example.com:portcom/main/static/b.csshttp://example.com/other/index.htm->http://example.com:portdefault/other/index.htm
ElasticSearch
(1)下载ealastic search和kibana
# 版本要对应
docker pull elasticsearch:7.6.2
docker pull kibana:7.6.2(2)配置
mkdir -p /mydata/elasticsearch/config
mkdir -p /mydata/elasticsearch/data
echo "http.host: 0.0.0.0" >/mydata/elasticsearch/config/elasticsearch.yml
chmod -R 777 /mydata/elasticsearch/
# if /server
mkdir -p /server/elasticsearch/config
mkdir -p /server/mydata/elasticsearch/data
echo "http.host: 0.0.0.0" >/server/elasticsearch/config/elasticsearch.yml
chmod -R 777 /server/elasticsearch/(3)启动Elastic search
docker run --name elasticsearch -m 300M --memory-swap -1 -p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms64m -Xmx128m" \
-v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-d elasticsearch:7.6.2
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip
unzip elasticsearch-analysis-ik-7.6.2.zip -d /server/elasticsearch/plugins/ik # 解压到ik目录,mv移动到plugins
# docker exec -it elasticsearch /bin/bash
# cd /usr/share/elasticsearch/bin
# elasticsearch-plugin list
# 显示ik成功
# 重启容器
# if /server
docker run --name elasticsearch -m 1000M --memory-swap -1 -p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms640m -Xmx900m" \
-v /server/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /server/mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-v /server/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-d elasticsearch:7.6.2
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip
unzip elasticsearch-analysis-ik-7.6.2.zip -d /server/elasticsearch/plugins/ik # 解压到ik目录,mv移动到plugins
# docker exec -it elasticsearch /bin/bash
# cd /usr/share/elasticsearch/bin
# elasticsearch-plugin list
# 显示ik成功
# 重启容器设置开机启动elasticsearch
docker update elasticsearch --restart=always(4)启动kibana:
# 内存太小无法启动
docker run --name kibana -m 600M --memory-swap -1 -e ELASTICSEARCH_HOSTS=http://112.124.15.81:9200 -p 5601:5601 -d kibana:7.6.2
docker run --name kibana -e ELASTICSEARCH_HOSTS=http://172.17.0.3:9200 -p 5601:5601 -d kibana:7.6.2设置开机启动kibana
docker update kibana --restart=alwaysNacos
# 内存要求比较高,1G
docker pull nacos/nacos-server:1.4.1
docker run --env MODE=standalone \
-m 1000M --memory-swap -1 \
--name nacos \
-d -p 8848:8848 \
nacos/nacos-server:1.4.1
docker run --env MODE=standalone \
--name nacos \
-d -p 8848:8848 \
nacos/nacos-server:1.4.1
# --memory-swap -1 不限制容器能使用的 swap 分区
docker run \
--name nacos-quick \
-e SPRING_DATASOURCE_PLATFORM=mysql \
-e MYSQL_SERVICE_HOST= \
-e MYSQL_SERVICE_DB_NAME=ry_config \
-e MYSQL_SERVICE_USER=psedu \
-e MYSQL_SERVICE_PASSWORD='342hses2d34t8s3!eW' \
-e MODE=standalone \
-p 8849:8848 \
-p 9849:9849 \
-p 9848:9848 \
-d nacos/nacos-server:2.0.3图床
docker-compose up -d
vim docker-compose.yaml
已有数据库
chmod -R 777 /mydata/image/images
version: '3'
services:
chevereto:
image: nmtan/chevereto
restart: always
networks:
- private
environment:
CHEVERETO_DB_HOST: 106.55.143.232
CHEVERETO_DB_USERNAME: mingyue
CHEVERETO_DB_PASSWORD: mingyuefusu!
CHEVERETO_DB_NAME: chevereto
CHEVERETO_DB_PREFIX: chv_
volumes:
- /mydata/image/images:/var/www/html/images:rw
ports:
- 8080:80
networks:
private:
volumes:
database:
chevereto_images:version: '3'
services:
db:
image: mariadb
volumes:
- /mydata/image/databaseG:/var/lib/mysql:rw
restart: always
networks:
- private
environment:
MYSQL_ROOT_PASSWORD: chevereto_root
MYSQL_DATABASE: chevereto
MYSQL_USER: chevereto
MYSQL_PASSWORD: chevereto
chevereto:
depends_on:
- db
image: nmtan/chevereto
restart: always
networks:
- private
environment:
CHEVERETO_DB_HOST: db
CHEVERETO_DB_USERNAME: chevereto
CHEVERETO_DB_PASSWORD: chevereto
CHEVERETO_DB_NAME: chevereto
CHEVERETO_DB_PREFIX: chv_
volumes:
- /mydata/image/images:/var/www/html/images:rw
ports:
- 8080:80
networks:
private:
volumes:
database:
chevereto_images:nginx
server {
listen 80 ;
server_name static.mingyuefusu.top;
return 301 https://$server_name$request_uri;
}
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name static.mingyuefusu.top;
#证书文件名称
ssl_certificate /etc/nginx/conf.d/ssl/static.mingyuefusu.top_bundle.crt;
#私钥文件名称
ssl_certificate_key /etc/nginx/conf.d/ssl/static.mingyuefusu.top.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:9001;
}
}
rabbitmq
# for RabbitMQ 3.9, the latest series
docker run -it --rm --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.9-management
# for RabbitMQ 3.8,
# https://www.rabbitmq.com/versions.html
docker run -it --rm --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.8-management一条龙
设置网络
A
- 地址范围:0.0.0.0到127.255.255.255,前缀0
- 保留地址:127.0.0.0到127.255.255.255,循环测试
- 私有地址:10.0.0.0到10.255.255.255
B
- 地址范围:128.0.0.0到191.255.255.255,前缀10
- 保留地址:169.254.0.0到169.254.255.255
- 私有地址:172.16.0.0到172.31.255.255
C
地址范围:192.0.0.0到223.255.255.255,前缀110
私有地址:192.168.0.0到192.168.255.255
| 名称 | ip | |
|---|---|---|
| gateway | 192.168.0.1 | |
| nginx | 192.168.0.2 | |
| tomcat | 192.168.0.3 | |
| mysql | 192.168.0.4 | |
| php | 192.168.0.5 | |
| redis | 192.168.0.6 | |
| elasticsearch | 192.168.0.7 | |
| kibana | 192.168.0.8 | |
| rabbitMq | 192.168.0.9 |
# 创建网络
docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 mynetCV命令
docker network inspect mynet
docker update mynginx --restart=always
docker update mytomcat --restart=always
docker update mydb --restart=always
docker update myphp --restart=always
docker update myredis --restart=alwaysTomcat
docker pull tomcat:9.0
docker run -d -p 8080:8080 \
--rm \
--ip 192.168.0.3 --net mynet \
-v /server/webapps:/usr/local/tomcat/webapps \
--name mytomcat \
tomcat:9.0
docker update mytomcat --restart=always
# docker run --rm -e JAVA_OPTS='-Xmx512m' tomcat:8 # 限制内存大小Nginx
# 用于获取配置文件
docker run -p 80:80 --name nginx -d nginx
mkdir -p /server/html
# mkdir -p /server/nginx/logs
mkdir -p /server/nginx/conf
docker cp nginx:/etc/nginx /server/nginx # 复制配置文件
mv /server/nginx/* /server/nginx/conf
# mv /server/nginx/conf/nginx/* /server/nginx/conf
# rm -rf /mydata/nginx/conf/nginx
docker rm -f nginx # 结束获取
docker run -d -p 80:80 \
-p 443:443 \
--ip 192.168.0.2 --net mynet \
-v /server/www:/usr/share/nginx/html \
-v /server/nginx/conf:/etc/nginx \
-v /server/nginx/logs:/var/log/nginx \
--privileged=true --name mynginx \
nginx
docker update mynginx --restart=alwaysMySQL
安装
# pwd
mkdir -p /server/mysql/conf
cd /server/mysql/conf
vim my.cnf
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
skip-name-resolvedocker run -p 3306:3306 --name mysql \
--ip 192.168.0.4 --net mynet \
-v /server/mysql/log:/var/log/mysql \
-v /server/mydata/mysql/data:/var/lib/mysql \
-v /server/mysql/conf:/etc/mysql \
-e MYSQL_ROOT_PASSWORD=root \
--name mydb \
-d mysql:5.7# (1 )打开cmd,登录到mysql
mysql -u root -p
show warnings; # 可能有报错
# (2) 创建用户
CREATE USER 'mingyue'@'%' IDENTIFIED BY 'mingyue';
# (3) 授权
GRANT ALL PRIVILEGES ON *.* TO 'mingyue'@'%';
#授予用户所需的特权,并:
ALTER USER 'mingyue'@'%' IDENTIFIED BY 'mingyue'
# (4) 生效
FLUSH PRIVILEGES;
# 其他 5.7.6开始,不可以
# CREATE USER 'username'@'host' IDENTIFIED BY 'password'; host从任意远程主机登陆,使用通配符%
# (2) 输入授权语句:
# 授权phplamp用户拥有phplamp数据库的所有权限。
grant all privileges on phplampDB.* to phplamp@localhost identified by '1234';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'root' WITH GRANT OPTION; # 赋予所用权限给root账户从任何iP以mypassword为密码登录操作.所有数据库
GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'192.168.1.3'IDENTIFIED BY '123' WITH GRANT OPTION; # 赋予所用权限给myuser账户从任何192.168.1.3以123为密码登录
一. 创建用户
命令:
CREATE USER 'username'@'host' IDENTIFIED BY 'password';说明:
- username:你将创建的用户名
- host:指定该用户在哪个主机上可以登陆,如果是本地用户可用localhost,如果想让该用户可以从任意远程主机登陆,可以使用通配符
% - password:该用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器
例子:
CREATE USER 'dog'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'pig'@'192.168.1.101_' IDENDIFIED BY '123456';
CREATE USER 'pig'@'%' IDENTIFIED BY '123456';
CREATE USER 'pig'@'%' IDENTIFIED BY '';
CREATE USER 'pig'@'%';二. 授权
命令:
GRANT privileges ON databasename.tablename TO 'username'@'host'说明:
- privileges:用户的操作权限,如
SELECT,INSERT,UPDATE等,如果要授予所的权限则使用ALL - databasename:数据库名
- tablename:表名,如果要授予该用户对所有数据库和表的相应操作权限则可用
*表示,如*.*
例子:
GRANT SELECT, INSERT ON test.user TO 'pig'@'%';
GRANT ALL ON *.* TO 'pig'@'%';注意:
用以上命令授权的用户不能给其它用户授权,如果想让该用户可以授权,用以下命令:
GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;三.设置与更改用户密码
命令:
SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');如果是当前登陆用户用:
SET PASSWORD = PASSWORD("newpassword");例子:
SET PASSWORD FOR 'pig'@'%' = PASSWORD("123456");四. 撤销用户权限
命令:
REVOKE privilege ON databasename.tablename FROM 'username'@'host';说明:
privilege, databasename, tablename:同授权部分
例子:
REVOKE SELECT ON *.* FROM 'pig'@'%';注意:
假如你在给用户'pig'@'%'授权的时候是这样的(或类似的):GRANT SELECT ON test.user TO 'pig'@'%',则在使用REVOKE SELECT ON *.* FROM 'pig'@'%';命令并不能撤销该用户对test数据库中user表的SELECT 操作。相反,如果授权使用的是GRANT SELECT ON *.* TO 'pig'@'%';则REVOKE SELECT ON test.user FROM 'pig'@'%';命令也不能撤销该用户对test数据库中user表的Select权限。
具体信息可以用命令SHOW GRANTS FOR 'pig'@'%'; 查看。
五.删除用户
DROP USER 'username'@'host';六.远程连接
use mysql
update user set host =’%'where user =‘root’ and host =‘localhost’;
flush privileges;
# 或者
GRANT ALL PRIVILEGES ON *.* TO 'mingyuefusu'@'%' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
# 修改密码
SET PASSWORD FOR root@'%'=PASSWORD('123qwe'); #rootPHP
docker run -d -p 9000:9000 \
--ip 192.168.0.5 --net mynet \
--privileged=true \
--name myphp php:7.2-fpm
docker cp myphp:/usr/local/etc/php /server/php
cp /server/php/php.ini-development /server/php/php.ini
docker rm -f myphp
docker run -d -p 9000:9000 \
--ip 192.168.0.5 --net mynet \
--name mingphp \
registry.cn-shenzhen.aliyuncs.com/mingyuefusu/mingphp:1.0
docker run -d -p 9000:9000 \
--ip 192.168.0.5 --net mynet \
-v /server/www:/var/www/html \
-v /server/php:/usr/local/etc/php\
--privileged=true \
--name myphp php:7.2-fpm开启扩展
cat >> ./test.txt <#!/bin/bash
# 进入php
docker exec -it myphp /bin/bash
# mysql
docker-php-ext-install pdo pdo_mysql
# redis好像下面两个都不行,全部no试试
## redis
docker-php-ext-install redis
## pecl安装redis
pecl install redis && docker-php-ext-enable redis
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& echo "extension=redis.so" > /usr/local/etc/php/conf.d/redis.ini
# gd库
# 更新软件源
## 太慢,是debian,https://blog.csdn.net/qq_40016971/article/details/107887486
# cat /etc/debian_version
sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
apt update
# 安装各种库
apt install -y libwebp-dev libjpeg-dev libpng-dev libfreetype6-dev
# 解压源码
docker-php-source extract
# 进入gd源码文件夹
cd /usr/src/php/ext/gd
# 准备编译
docker-php-ext-configure gd --with-webp-dir=/usr/include/webp --with-jpeg-dir=/usr/include --with-png-dir=/usr/include --with-freetype-dir=/usr/include/freetype2
# 编译安装
docker-php-ext-install gd
# 检查扩展是否安装成功
php -m | grep gd
# 退出php容器终端
exit
# 重启php容器
docker restart myphpRedis
docker pull redis启动
mkdir -p /server/redis/conf
touch /server/redis/conf/redis.conf
#echo "appendonly yes" >> /server/redis/conf/redis.conf # 持久化
cat >> /server/redis/conf/redis.conf << EOF
appendonly yes
requirepass mingyuefusu!
timeout 30
EOF
docker run -p 6379:6379 --name myredis \
--ip 192.168.0.6 --net mynet \
-v /server/mydata/redis/data:/data \
-v /server/redis/conf/redis.conf:/etc/redis/redis.conf \
-d redis:3.2 redis-server /etc/redis/redis.conf连接到docker的redis
docker exec -it myredis redis-cli
set key1 v1
get key1设置redis容器在docker启动的时候启动
docker update redis --restart=alwaysElasticSearch
(1)下载ealastic search和kibana
# 版本要对应
docker pull elasticsearch:7.6.2
docker pull kibana:7.6.2(2)配置
mkdir -p /server/elasticsearch/config
mkdir -p /server/mydata/elasticsearch/data
echo "http.host: 0.0.0.0" >/server/elasticsearch/config/elasticsearch.yml
chmod -R 777 /server/mydata/elasticsearch/data(3)启动Elastic search
docker run --name elasticsearch \
-m 600M --memory-swap -1 \
--ip 192.168.0.7 --net mynet \
-p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms64m -Xmx512m" \
-v /server/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /server/mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-v /server/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-d elasticsearch:7.6.2
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip
unzip elasticsearch-analysis-ik-7.6.2.zip -d /server/elasticsearch/plugins/ik # 解压到ik目录,mv移动到plugins
# docker exec -it elasticsearch /bin/bash
# cd /usr/share/elasticsearch/bin
# elasticsearch-plugin list
# 显示ik成功
# 重启容器设置开机启动elasticsearch
docker update elasticsearch --restart=always(4)启动kibana:
docker run --name kibana \
--ip 192.168.0.8 --net mynet \
-m 700M --memory-swap -1 \
-e ELASTICSEARCH_HOSTS=http://47.105.84.91:9200 \
-p 5601:5601 -d kibana:7.6.2设置开机启动kibana
docker update kibana --restart=alwaysrabbitMq
# for RabbitMQ 3.9, the latest series
docker run \
--ip 192.168.0.9 --net mynet \
-it --rm -d \
--name rabbitmq \
-p 5672:5672 \
-p 15672:15672 rabbitmq:3.9-management
# for RabbitMQ 3.8,
# https://www.rabbitmq.com/versions.html
docker run -it --rm --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.8-management
docker update rabbitmq --restart=alwayswebfunny
前端监控,要钱
https://www.webfunny.cn/des.html
minio
docker run -p 9000:9000 \
--name minio \
-e "MINIO_ACCESS_KEY=284908631@qq.com" \
-e "MINIO_SECRET_KEY=mingyuefusu!sxowng," \
-v /mnt/data:/data \
-v /mnt/config:/root/.minio \
minio/minio server /data
docker run -p 9000:9000 --name minio \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
-v F:\minio\data:/data \
-v F:\minio\config:/root/.minio \
minio/minio server /dataoracle
安装:https://barrymao.top/articles/65
使用:https://blog.csdn.net/he_jian1/article/details/41869189
docker run -d -it -p 1521:1521 --name oracle11g --restart=always registry.cn-hangzhou.aliyuncs.com/helowin/oracle_11g
docker exec -it oracle11g bash
# 密码helowin
su root
vi /etc/profile
> G
export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_2
export ORACLE_SID=helowin
export PATH=$ORACLE_HOME/bin:$PATH
source /etc/profile
ln -s $ORACLE_HOME/bin/sqlplus /usr/bin
# 切换到oracle用户
su - oracle
sqlplus /nolog
conn /as sysdba
# 修改sys、system用户密码
alter user system identified by YOUR_PASSWORD;
alter user sys identified by YOUR_PASSWORD;
alter profile default limit PASSWORD_LIFE_TIME UNLIMITED;
# 创建用户
create user YOUR_NAME identified by YOUR_PASSWORD;
grant connect,resource,dba to YOUR_NAME;
create user mingyue identified by mingyue;
grant connect,resource,dba to mingyue;
修改sid为ORCL
# 查看原镜像中设置的SID
sqlplus / as sysdba
> select instance from v$thread;
## helowin
# 关闭数据库
shutdown immediate;
exit;
# 修改oracle用户的ORACLE_SID环境变量
vi /home/oracle/.bash_profile
export ORACLE_SID=ORCL
source /home/oracle/.bash_profile
# 进入到$ORACLE_HOME/dbs目录,修改文件名
cd $ORACLE_HOME/dbs
mv hc_helowin.dat hc_ORCL.dat
mv lkhellowin lkORCL
mv orapwhelowin orapwORCL
mv spfilehellowin.ora spfileORCL.ora
mv inithelowin.ora initORCL.ora
# 重建口令文件(orapwORCL文件)
orapwd file=$ORACLE_HOME/dbs/orapwORCL password=123456 entries=5 force=y
# 启动数据库,检查SID名称
sqlplus / as sysdba
> startup
> select instance from v$thread;
## ORCLpostgresql
https://blog.csdn.net/qq_44732146/article/details/124795972
cd /root/docker/
mkdir postgresql
mkdir data
docker run --name postgres \
-e POSTGRES_PASSWORD=123456 \
-p 5432:5432 \
-v /root/docker/postgresql/data:/var/lib/postgresql/data \
-d postgres
docker exec -it postgres psql -U postgres -d postgres
select * from pg_tables;建议使用datagrip,可能navicat无法连接
srs
入门学习:https://www.jianshu.com/p/f304b3d18713
docker pull registry.cn-hangzhou.aliyuncs.com/ossrs/srs:3
docker run --rm -it -p 1935:1935 -p 1985:1985 -p 8080:8080 \
registry.cn-hangzhou.aliyuncs.com/ossrs/srs:3 ./objs/srs -c conf/srs.conf
# 8080端口访问
export CANDIDATE="119.91.100.120"
docker run --rm --env CANDIDATE=$CANDIDATE \
-p 1935:1935 -p 8080:8080 -p 1985:1985 -p 8000:8000/udp \
registry.cn-hangzhou.aliyuncs.com/ossrs/srs:4 \
objs/srs -c conf/rtc.confserver {
listen 80;
#SSL 访问端口号为 443
listen 443 ssl http2;
#填写绑定证书的域名
server_name live.mingyuefusu.top;
#证书文件名称
ssl_certificate /etc/nginx/conf.d/ssl/live.mingyuefusu.top_bundle.crt;
#私钥文件名称
ssl_certificate_key /etc/nginx/conf.d/ssl/live.mingyuefusu.top.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# For SRS homepage, console and players
# http://r.ossrs.net/console/
# http://r.ossrs.net/players/
location ~ ^/(console|players)/ {
proxy_pass http://127.0.0.1:8080/$request_uri;
}
# For SRS streaming, for example:
# http://r.ossrs.net/live/livestream.flv
# http://r.ossrs.net/live/livestream.m3u8
location ~ ^/.+/.*\.(flv|m3u8|ts|aac|mp3)$ {
proxy_pass http://127.0.0.1:8080$request_uri;
}
# For SRS backend API for console.
# For SRS WebRTC publish/play API.
location ~ ^/(api|rtc)/ {
proxy_pass http://127.0.0.1:1985$request_uri;
}
}四、备份
nginx
单独
80转443
server {
listen 80;
server_name dangxiao1.mingyuefusu.top;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 80;
server_name www.mingyuefusu.cn;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /var/www/tpblog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/tpblog/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name test.mingyuefusu.cn;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /var/www/html/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/html/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name blog.mingyuefusu.cn;
location / {
root /var/www/blog;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name wx.mingyuefusu.cn;
location / {
root /var/www/wx/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/wx/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name nav.mingyuefusu.cn;
location / {
root /var/www/nav;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/nav;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name design.mingyuefusu.cn;
server_name_in_redirect on;
#root /usr/java/apache-tomcat-9.0.34/webapps/ROOT/WEB-INF;
#root /var/www/java;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://localhost:8080;#转向tomcat处理
}
}
server {
listen 80;
server_name shop.mingyuefusu.cn;
server_name_in_redirect on;
location / {
root /var/www/shop;
index index.html index.htm index.php;
}
}
server {
listen 80;
server_name recruit.mingyuefusu.cn;
location / {
root /var/www/ticknet_recruit/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/ticknet_recruit/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name art.mingyuefusu.cn;
location / {
root /var/www/artsign/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /var/www/artsign/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name nginx01.mingyuefusu.cn;
server_name_in_redirect on;
#root /usr/java/apache-tomcat-9.0.34/webapps/ROOT/WEB-INF;
#root /var/www/java;
location ~ .$ #所有页面均交由tomcat处理
{
proxy_pass http://121.89.163.222;#转向tomcat处理
}
}
docker
server {
listen 80;
server_name dockertest.mingyuefusu.cn;
charset utf-8;
location / {
root /usr/share/nginx/html/blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/blog/public$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /var/www/html/tp_blog/public$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name localhost;
charset utf-8;
location / {
root /usr/share/nginx/html/tp_blog/public;
index index.html index.htm index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=$1 last;
break;
}
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass myphp:9000;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /var/www/html/blog/public$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /var/www/html/tp_blog/public$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name dangxiao.mingyuefusu.top;
location / {
root /var/www/dangxiao;
index index.html index.htm;
}
}五、服务器
交换分区
交换分区:https://blog.csdn.net/zstack_org/article/details/53258588
sudo fallocate -l 4G /swapfile
ls -lh /swapfile
sudo chmod 600 /swapfile # root 可读
sudo mkswap /swapfile # 告知系统将该文件用于swap
sudo swapon /swapfile # 启用
free -h
# 永久生效
sudo vim /etc/fstab
## (文件末尾行)添加
/swapfile swap swap sw 0 0
# 更改Swap配置,使用频率
cat /proc/sys/vm/swappiness
sudo sysctl vm.swappiness=10
## 配置永久生效
sudo vim /etc/sysctl.conf
### 末尾添加
vm.swappiness = 10swapon failed: Invalid argument
dd if=/dev/zero of=/swapfile bs=1024 count=4194304
mkswap /swapfile
swapon /swapfile
free -m
yum list installed | grep xfs常用软件
HTOP
yum -y install epel-release
yum -y install htopF1 : 查看htop使用说明
F2 : 设置
F3 : 搜索进程
F4 : 过滤器,按关键字搜索
F5 : 显示树形结构
F6 : 选择排序方式
F7 : 减少nice值,这样就可以提高对应进程的优先级
F8 : 增加nice值,这样可以降低对应进程的优先级
F9 : 杀掉选中的进程
F10 : 退出htop
/ : 搜索字符
h : 显示帮助
l :显示进程打开的文件: 如果安装了lsof,按此键可以显示进程所打开的文件
u :显示所有用户,并可以选择某一特定用户的进程
s : 将调用strace追踪进程的系统调用
t : 显示树形结构
H :显示/隐藏用户线程 ##
I :倒转排序顺序
K :显示/隐藏内核线程
M :按内存占用排序
P :按CPU排序
T :按运行时间排序
上下键或PgUP, PgDn : 移动选中进程
左右键或Home, End : 移动列表
Space(空格) : 标记/取消标记一个进程。命令可以作用于多个进程,例如 "kill",将应用于所有已标记的进程内网穿透Frp
frp
来源:https://blog.csdn.net/u013144287/article/details/78589643
1、公网服务器与内网服务器都需要下载frp进行安装
2、下载地址是https://github.com/fatedier/frp/releases,下载linux版本frp-0.35.1.tar.gz
3、新建目录mkdir -p /usr/local/frp,上传frp_0.13.0_linux_amd64.tar.gz至linux服务器该目录下
4、解压tar -zxvf frp-0.35.1.tar.gz
5、进入解压目录cd frp-0.35.1,这里主要关注4个文件,分别是frpc、frpc.ini和frps、frps.ini,前者两个文件是客户端所关注文件,后者两个文件是服务端所关注两个文件。
6、配置服务端(公网服务器),首先删掉frpc、frpc.ini两个文件,然后再进行配置,vi ./frps.ini,
开机自启:https://blog.csdn.net/gdali/article/details/108864769
windows远程:https://blog.csdn.net/Jialins_blog/article/details/122680408
网络用户设置:https://blog.csdn.net/qq_38922435/article/details/96402085
win远程断网解决:
打开【设置】【网络和 Internet】【状态】【更改适配器选项】
wlan状态,无线属性
即使未广播也连接
【安全】【高级设置】
- 为此网络启用单一登录,用户登录前立即执行
- 用户身份验证(可行)
外网
[common]
#与客户端绑定的进行通信的端口
bind_port = 7000
#访问客户端web服务自定义的端口号
vhost_http_port = 6081
token = myfs保存然后启动服务./frps -c ./frps.ini,这是前台启动,后台
cd /root/software/frp_0.35.1_linux_amd64
启动命令为
nohup ./frps -c ./frps.ini > ./frp_web.log &
nginx
server {
listen 80;
server_name test.mingyuefusu.cn test.mingyuefusu.top;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:6081;
}
}内网
7、配置客户端(内网服务器),首先删掉frps、frps.ini两个文件,然后再进行配置,vi ./frpc.ini
[common]
#公网服务器ip
server_addr = 47.105.84.91
#与服务端bind_port一致
server_port = 7000
token = myfs
#公网通过ssh访问内部服务器
[ssh]
#连接协议
type = tcp
#内网服务器ip
local_ip = 192.168.3.48
#ssh默认端口号
local_port = 22
#自定义的访问内部ssh端口号
remote_port = 6000
#公网访问内部web服务器以http方式
[web]
#访问协议
type = http
#内网web服务的端口号
local_port = 8081
#所绑定的公网服务器域名,一级、二级域名都可以,ip也行
custom_domains = home.mingyuefusu.cn
# 自定义用户名
http_user =
# 自定义密码
http_pwd = 前台启动执行./frpc -c ./frpc.ini
后台启动为nohup ./frpc -c ./frpc.ini &
限速
但是新安装的frp后,内网客户端至外网速度受限在600kb/s,这是由于默认带宽限制,可将设置修改如下:
[common]
tcp_mux = false #关闭tcp_mux,服务器端同样关闭
[ftp]
type = tcp
local_ip = 0.0.0.0
local_port = 990
remote_port = 990
bandwidth_limit = 1000MB #添加带宽上限设置修改后能够达到内网和公网的绝对顶速。
systemd-journald
vim /etc/systemd/journald.conf
# Storage改为none
systemctl restart systemd-journald
#日志存储到磁盘
Storage=persistent # volatitle内存DNS
yum install bind-utils
nslookup nginx-demo
deepin
47.105.84.91:6000
vim /etc/rc.local
#!/bin/bash
# rc.local config file created by use
/home/ming/software/frp_0.35.1_linux_amd64/frpc -c /home/ming/software/frp_0.35.1_linux_amd64/frpc.ini &
exit 0sudo chmod +x /etc/rc.local
脚本
部署
# 测试环境部署脚本
set -e
# 构建测试版本
npm run stage
# cd 到构建输出的目录下
cd dist
scp -r * mingyue@49.123.0.28:/var/www/lostsudo用户
# 查看组
cat /etc/group
groups # 查看本人的组 [mingyue] 查看明月的组
# 添加sudo用户组
groupadd sudo
visudo
vim sudoers # tab
myuser ALL=(ALL) ALL # 用户
%sudo ALL=(ALL) ALL # 用户组
groupadd sudo
# 添加用户
useradd -m mingyue
passwd mingyue
# 添加用户到用户组
sudo usermod -a -G sudo mingyue
# 添加用户并添加到 sudo用户组
sudo useradd -m -G sudo zhengmiao
sudo useradd -m -s /bin/bash -G sudo zhengmiao # 默认命令模式
# 修改密码
sudo passwd zhengmiao权限问题
sudo chmod g+w lost_admin
chown xiaoming abc:改变abc的所有者为xiaoming
chgrp root abc:改变abc所属的组为root
chown root ./abc:改变abc这个目录的所有者是root
chown ‐R root ./abc:改变abc这个目录及其下面所有的文件和目录的所有者是root常用命令
切换bash
chsh
# 输入 /bin/bash
# 配置文件批量
vi /etc/passwd
打开 /etc/passwd 文件, 你将看到所有用户及其使用的 Shell, 会有很多行类似这样的内容, 每行是一个用户.
zhao.wuz:x:1003:33::/home/zhao.wuz:/bin/sh
这里只需要件 /bin/sh 改成 /bin/bash 即可.
zhao.wuz:x:1003:33::/home/zhao.wuz:/bin/bash
添加用户时指定 Shell
在添加用户时可以通过以下命令指定 Shell.
# useradd -s /bin/bash {用户昵称} 添加时指定删除包依赖
rpm -qa|grep mysql
# 卸载上一步得到的两个rpm包
yum remove mysql-libs-5.1.73-8.el6_8.x86_64
yum remove mysql80-community-release-el7-1.noarch端口占用
netstat -anp | grep 3306
文档过滤
tail -n500 /var/log/mysqld.log|grep -E 'Warning|ERROR'云盘
kodcloud
https://kodcloud.com/download/
防火墙
ufw
sudo ufw status
sudo ufw enable|disableng
systemctl status firewalld.service 查看防火墙状态
2.框中(active(running))显示防火墙处于激活状态
3.输入:systemctl stop firewalld.service执行停止运…
4.输入:systemctl status firewalld.service 框中(…
5.禁止防火墙自启动:“systemctl disable firewalld….
sudo ufw allow 8080
sudo ufw delete allow 8080
sudo ufw allow from 192.168.1.1 # 允许该ipfirewall
systemctl status firewalld
firewall-cmd --state
firewall-cmd --permanent --remove-port=8080/tcp
#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload
# 开启
service firewalld start
# 重启
service firewalld restart
# 关闭
service firewalld stop
# 查询、开放、关闭端口
firewall-cmd --list-all
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
# 开放80端口
firewall-cmd --permanent --add-port=80/tcp
# 移除端口
iptables
# 查看防火墙状态
service iptables status
# 停止防火墙
service iptables stop
# 启动防火墙
service iptables start
# 重启防火墙
service iptables restart
# 永久关闭防火墙
chkconfig iptables off
# 永久关闭后重启
chkconfig iptables on
2、开启80端口
vim /etc/sysconfig/iptables
# 加入如下代码
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
保存退出后重启防火墙
service iptables restart服务器性能
磁盘速度
yum install -y hdparm
hdparm -tT /dev/vda1网速
https://www.speedtest.net/zh-Hans/apps/cli
# centos
curl -s https://install.speedtest.net/app/cli/install.rpm.sh | sudo bash
yum install -y speedtest
# ubantu
curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash
sudo apt-get install speedtest
# 使用
speedtest时区
# 修改时区为上海
date -s "2021-11-07 23:09:30"挖矿
kthreaddk
(7条消息) 【服务器】挖矿病毒 kdevtmpfsi(一针见效)_非凡的世界的博客-CSDN博客_kdevtmpfs
(7条消息) 服务器中kdevtmpfsi挖矿病毒 及其解决方法_郑德帅的博客-CSDN博客
netstat -natp
ps -aux | grep kinsing
ps -aux | grep kdevtmpfsi
kill -9
find / -name kdevtmpfsi
find / -name kinsing
rm -rf kdevtmpfsi
rm -rf /etc/kinsing
rm -rf /var/tmp/kinsing
crontab -e六、devops
下载
参考:https://juejin.cn/post/6844903653728321544?share_token=7c507d93-f007-413c-a8ac-c97f2f25785e
# docker
docker run \
--name devops-jenkins \
--user=root -p 8080:8080 \
--restart=always \
-p 50000:50000 \
-v /opt/data/jenkins_home:/var/jenkins_home \
-d jenkins/jenkins:lts
# 镜像仓库
docker run \
--name devops-registry \
--restart=always \
-p 5000:5000 \
-v /opt/devdata/registry:/var/lib/registry \
-d registry
# maven太慢
<!-- 阿里云中央仓库 -->
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>central</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
docker cp b255:/var/jenkins_home/tools/hudson.tasks.Maven_MavenInstallation/maven3.8.2/conf/settings.xml ./
# 设置docker主机可以被远程访问
vim /usr/lib/systemd/system/docker.service
# vim /lib/systemd/system/docker.service
在ExecStart=/usr/bin/docker daemon 后添加
-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
如:
ExecStart=/usr/bin/docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
#
--tlsverify --tlscacert=/opt/docker-cert/jenkins-ca.pem --tlscert=/opt/docker-cert/jenkins-master-cert.pem --tlskey=/opt/docker-cert/jenkins-master-key.pem -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock
systemctl daemon-reload
systemctl restart docker注意
# error
## 码云需要账号密码当做凭证
## 关闭csrf
docker exec -u root -it jenkins bash
vi /usr/local/bin/jenkins.sh
#找到exec java那行(大概是在第37行),添加-Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
#最终的效果如下
exec java -Duser.home="$JENKINS_HOME" -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
docker restart jenkins
# 重启jenkins服务(jenkins地址后加上/restart)
## 没有vim
apt-get update
apt-get instatll vim编码
## 编码
docker exec -it 容器ID /bin/bash
set LC_ALL="C.UTF-8"
### 全局变量添加LANG = C.UTF-8仓库https
// 客户端push、pull的时候采用https协议,而registry未使用https导致的。
// 修改 /etc/docker/daemon.json 文件(如果没有就创建新的),并写入如下内容:
vim /etc/docker/daemon.json
{
"insecure-registries":[
"192.168.0.110:5000"
]
}tls/ssl
https://blog.csdn.net/ChineseYoung/article/details/83107353
mkdir -p /usr/local/ca
cd /usr/local/ca/
# passwd
openssl genrsa -aes256 -out ca-key.pem 4096
# 密码、国家、省、市、组织名称
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
# 服务器外网地址
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
# ip echo subjectAltName = IP:$HOST,IP:0.0.0.0 >> extfile.cnf
# 域名 echo subjectAltName = DNS:$HOST,IP:0.0.0.0 >> extfile.cnf
echo subjectAltName = IP:192.168.1.106,IP:0.0.0.0 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
# passwd
openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth >> extfile.cnf
# passwd
openssl x509 -req -days 3650 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \-CAcreateserial -out cert.pem -extfile extfile.cnf
rm -v client.csr server.csr
cp server-*.pem /etc/docker/
cp ca.pem /etc/docker/
vim /lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock
systemctl daemon-reload
systemctl restart docker
ca.pem cert.pem key.pem使用
jenkins添加密钥
Client Key: client-key.pem
Client Certificate: client-cert.pem
Server CA Certificate: ca.pem
cp jenkins-client-key.pem key.pem
cp jenkins-client-cert.pem cert.pem
cp jenkins-ca.pem ca.pem
docker cp ../docker-cert devops-jenkins:docker-cert/删除镜像
打开镜像的存储目录,如有-V操作打开挂载目录也可以,删除镜像文件夹
$ docker exec <容器名> rm -rf /var/lib/registry/docker/registry/v2/repositories/<镜像名>
1
2.执行垃圾回收操作,注意2.4版本以上的registry才有此功能
$ docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml
插件
Maven Integration
gitee
GitHub Branch Source
Git Parameter
Publish Over SSH
docker-build-step
Role-based Authorization Strategy 角色
ssh
Email Extension
配置
添加远程ssh凭证
添加docker builder
tcp://127.0.0.1:2375
jenkins用户权限
useradd -m -G docker jenkins
sudo gpasswd -a username docker
# sudo usermod -a -G docker mingyue
newgrp docker webHooks
jenkins中项目build triggers 添加gitee webhook触发,生成密码,将触发地址和密码填入码云中
构建后
# 构建
docker build -f renren-fast/Dockerfile -t lost:1.1 .
# 上传
docker tag lost:1.1 localhost:5000/lost:1.1
docker push localhost:5000/lost:1.1远程主机拉取镜像
docker pull localhost:5000/lost:1.1
docker rm lost
docker run -v /etc/localtime:/etc/localtime -d -p 8083:8083 --name --restart=always lost:1.1 lost
# 要记得定时删除以前的镜像
docker images | grep localhost:5000/test | awk '{ print $3 }'