购买了阿里云的ECS服务器,系统为64位的CentOS 6.5,记录一下初始化和配置过程。
基础配置
# 添加用户和更改主机名
groupadd tlanyan
useradd -s /bin/bash -g tlanyan tlanyan
hostname tlanyan-server
echo 'hostname tlanyan-server' >> /etc/rc.local
# 添加软件源和常用软件
yum install epel-release
yum install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
vim /etc/yum.repos.d/remi.repo # 将 remi和php56的 enabled=0 改成 enabled=1
yum update
yum install tmux wget unzip python-devel
安装vim 7.4
yum remove vim-* # 此操作会移除sudo # 安装vim依赖 yum install ncurses ncurses-devel lua lua-devel bzip2 wget -O vim-7.4.tar.bz2 ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2 tar -xvf vim-7.4.tar.bz2 cd vim74 ./configure --with-features=huge --enable-luainterp=dynamic --enable-pythoninterp=dynamic --enable-fail-if-missing make -j4 make install
安装最新版git
wget -O git-maint.zip https://github.com/git/git/archive/maint.zip unzip git-maint.zip cd git-maint # 安装依赖 yum install gcc gcc-c++ openssl-devel curl-devel expat-devel perl-ExtUtils-MakeMaker gettext gettext-libs gettext-devel make prefix=/usr install
配置ssh
vim /etc/ssh/sshd_config # 以下是sshd_config的内容编辑 ClientAliveInterval 60 ClientAliveCountMax = 3 PermitRootLogin no # 重启sshd service sshd restart
安装denyhosts
yum install denyhosts
chkconfig denyhosts on
service denyhosts start
安装nginx
# 添加nginx源 echo '[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/$basearch/ gpgcheck=0 enabled=1'>/etc/yum.repos.d/nginx.repo echo 'y' | yum install nginx chkconfig nginx on
安装mysql
yum install mysql-server chkconfig mysqld on
安装php
yum install php56-php-bcmath php56-php-cli php56-php-common php56-php-fpm php56-php-gd php56-php-mbstring php56-php-mcrypt php56-php-mysqlnd php56-php-opcache php56-php-pdo php56-php-pear php56-php-pecl-jsonc php56-php-pecl-redis php56-php-pecl-zip php56-php-tidy php56-php-xml chkconfig php56-php-fpm on
安装redis
yum install redis chkconfig redis on
配置nginx
vim /etc/nginx/nginx.conf # 以下编辑nginx.conf的内容 server_tokens off; sendfile on; tcp_nopush on; # 开启压缩 gzip on; gzip_disable "msie6"; gzip_min_length 1k; gzip_buffers 16 64k; gzip_comp_level 3; gzip_types text/plain application/x-javascript text/css application/xml application/javascript text/javascript image/gif image/jpeg image/png text/xml application/json; # 开启文件缓存 open_file_cache max=10000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; # 接下来是配置各个vhost ... # 重启nginx service nginx restart
配置redis
# 配置第一个redis为session缓存 vim /etc/redis.conf # 以下是redis.conf的内容 database 1 # 注释掉 save 900 1 等内容,添加 save "" service redis restart # 单独配置redis为缓存 cp /etc/redis.conf /etc/redis-cache.conf vim /etc/redis-cache.conf # 编辑redis-cache.conf内容,注意更改pid, log file, lock file 等 ... cp /etc/init.d/redis /etc/init.d/redis-cache vim /etc/init.d/redis-cache # 编辑redis-cache内容,主要是配置文件等 chkconfig redis-cache on service redis-cache start
配置mysql
vim /etc/my.cnf # 以下为编辑mysql的配置 # 增加慢查询日志 long_query_time=3 slow-query-log=true slow-query-log-file=/var/lib/mysql/slow.log # 增加二进制日志 log_bin=/var/lib/mysql/mysql-bin.log server-id=xx # 当多个mysql主备时,server-id需唯一 # 启动服务器,设置root密码 service mysqld start mysqladmin -uroot password 'your password' # 设置root密码
配置php/fpm
vim /opt/remi/php56/root/etc/php.ini # 配置php.ini的内容,error信息、时区等 ... vim /opt/remi/php56/root/etc/php-fpm.d/www.conf # 配置www池的内容,主要是listen端口、session等。下面配置使用redis缓存session php_value[session.save_handler] = redis php_value[session.save_path] = 'tcp://127.0.0.1:6379' chkconfig php56-php-fpm on service php56-php-fpm start
配置iptables
chkconfig iptables on iptables -P INPUT ACCEPT # 此步很重要,否则清空后会导致悲剧需要重启 iptables -F # 清空所有默认的规则 iptables -X # 清空所有自定义规则 iptables -Z # 计数器置 0 iptables -A INPUT -i lo -j ACCEPT # 本地连接 iptables -A INPUT -p tcp --dport 22 -j ACCEPT # ssh iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # 允许ping iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT # 允许对外请求的返回包 # 其他一些规则 ... # 丢弃其他所有请求 iptables -P INPUT DROP iptables -P FORWARD DROP # 查看当前规则 iptables -L -n # 没有问题的话保存 service iptables save