1.更換yum/dnf 源
## 添加源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
## 清理緩存
dnf clean all
## 重建緩存
dnf makecache
dnf repolist
? 若執(zhí)行上述無(wú)效,執(zhí)行
cd /etc/yum.repos.d
## 備份
cp CentOS-Base.repo CentOS-Base.repo.bak
cp CentOS-AppStream.repo CentOS-AppStream.repo.bak
cp CentOS-Extras.repo CentOS-Extras.repo.bak
## 修改repo文件
sed -i 's/mirrorlist=/#mirrorlist=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/#baseurl=/baseurl=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/http:\/\/mirror.centos.org/https:\/\/mirrors.aliyun.com/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
2.卸載阿里云盾
## 卸載阿里云盾監(jiān)控
wget http://update.aegis.aliyun.com/download/uninstall.sh
sh uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sh quartz_uninstall.sh
## 刪除目錄殘留
pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*
rm -rf /usr/local/share/aliyun-assist*
3.安裝常用軟件
## 安裝epel源
dnf install http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
## 安裝常用軟件
dnf -y install htop
4.設(shè)置系統(tǒng)語(yǔ)言
# 查看字符集
locale -a
# 若沒(méi)有指定字符安裝
dnf install -y langpacks-zh_CN
# 設(shè)置語(yǔ)言為中文
sed -i 's/LANG=en_US.UTF-8/LANG=zh_CN.UTF-8/' /etc/locale.conf
# 加載配置生效
source /etc/locale.conf
5.添加swap文件
dd if=/dev/zero of=/swapfile bs=1M count=4096 &>/dev/null
mkswap -f /swapfile &>/dev/null
chmod 600 /swapfile
swapon /swapfile &>/dev/null
echo "/swapfile swap swap default 0 0" >> /etc/fstab
6.添加DNS地址
cat >> /etc/resolv.conf << EOF
nameserver 114.114.114.114
nameserver 223.5.5.5
EOF
7.配置sshd
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's@PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
# 關(guān)閉歡迎打印
sed -i 's/#PrintMotd yes/PrintMotd no/' /etc/ssh/sshd_config
sed -i 's/#PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config
# 重啟ssh服務(wù)
systemctl restart sshd.service
8.修改歡迎打印
vi /etc/motd
# 修改內(nèi)容保存即可
9.美化控制臺(tái)顏色
## 修改.bashrc文件
cat >> .bashrc << EOF
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "
EOF
# 使配置生效
source .bashrc
10.卸載cockpit
# cockpit為web管理控制臺(tái),若不使用卸載即可
dnf -y remove cockpit
11.安裝Docker
## 卸載舊版本
yum remove docker docker-client \
docker-client-latest docker-common \
docker-latest docker-latest-logrotate \
docker-logrotate docker-selinux \
docker-engine-selinux docker-engine
## 安裝依賴組件
dnf install -y yum-utils device-mapper-persistent-data lvm2
## 添加yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache
## 安裝Docker
yum -y install docker-ce
# 若執(zhí)行安裝命令報(bào)錯(cuò),需要單獨(dú)安裝依賴
dnf install http://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
dnf -y update
dnf install docker-ce docker-ce-cli
# 設(shè)置docker開(kāi)機(jī)自啟動(dòng)
systemctl enable docker
systemctl start docker
# 驗(yàn)證安裝
docker version
# 配置Docker鏡像加速器
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://tueulghe.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
]
}
# 重新載入配置
systemctl daemon-reload
systemctl restart docker
## 開(kāi)啟遠(yuǎn)程訪問(wèn)(若需要)
vi /usr/lib/systemd/system/docker.service #修改docker服務(wù)配置文件
# 在ExecStart=/usr/bin/dockerd 后添加
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
12.安裝docker-compose
# 下載compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 文件及目錄授權(quán)
sudo chmod +x /usr/local/bin/docker-compose
# 驗(yàn)證安裝
docker-compose --version
13.安裝redis
## 創(chuàng)建目錄及配置文件
mkdir -p /home/redis/conf
touch /home/redis/conf/redis.conf
## 編輯配置文件
vim /home/redis/conf/redis.conf
## 啟動(dòng)容器
docker run -d \
--name redis \
-p 6379:6379 \
--restart always \
--privileged=true \
-v /home/redis/data:/data \
-v /etc/localtime:/etc/localtime \
-v /home/redis/conf/redis.conf:/etc/redis/redis.conf \
redis redis-server /etc/redis/redis.conf \
--appendonly yes --requirepass "password"
14.安裝MySQL
## 創(chuàng)建目錄及配置文件
mkdir -p /home/mysql/conf
touch /home/mysql/conf/my.cnf
## 編輯配置文件
vim /home/mysql/conf/my.cnf
## 啟動(dòng)容器
docker run -d \
--name mysql \
--restart=always \
-p 3306:3306 \
-v /home/mysql/logs:/logs \
-v /home/mysql/conf/my.cnf:/etc/mysql/my.cnf \
-v /etc/localtime:/etc/localtime \
-v /home/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=password mysql
## 連接MySQL
docker exec -it mysql mysql -uroot -p
## 新增賬號(hào)
CREATE USER '賬號(hào)'@'作用域' IDENTIFIED BY '密碼'; -- 作用域: % 表示可以任意主機(jī)登錄, localhost 本機(jī)
## 賬號(hào)授權(quán)
GRANT ALL ON *.* TO '賬號(hào)'@'作用域';
## 修改密碼插件(mysql_native_password)
ALTER USER '賬號(hào)'@'作用域' IDENTIFIED WITH mysql_native_password BY '密碼';
## 刷新權(quán)限
FLUSH PRIVILEGES;
15.安裝php
## 創(chuàng)建目錄及配置文件
mkdir -p /home/php
touch /home/php/php.ini
## 修改配置
vim /home/php/php.ini
## 啟動(dòng)php容器
docker run \
-p 9000:9000 \
--name php -idt \
--restart=always \
--privileged=true \
-v /home/nginx/data:/www \
-v /etc/localtime:/etc/localtime \
-v /home/php/conf/php.ini:/usr/local/etc/php/php.ini php:fpm
## 配置插件(若需要)
# php 添加 pdo_mysql 組件支持MySQL數(shù)據(jù)庫(kù)操作
docker exec -it php docker-php-ext-install pdo pdo_mysql
16.安裝nginx
## 創(chuàng)建目錄及配置文件
mkdir -p /home/nginx/conf
touch /home/nginx/conf/nginx.conf
## 修改配置
vim /home/nginx/conf/nginx.conf
## 啟動(dòng)容器
docker run -d \
-p 80:80 \
-p 443:443 \
--name nginx \
--link php:php \
--restart=always \
--privileged=true \
-v /home/nginx/conf:/etc/nginx \
-v /etc/localtime:/etc/localtime \
-v /home/nginx/logs:/var/log/nginx \
-v /home/nginx/conf/ssl:/etc/nginx/ssl \
-v /home/nginx/data:/usr/share/nginx/html \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf nginx
## 添加域名及SSL支持
## 在在掛載目錄 /home/nginx/conf/vhost/ 下創(chuàng)建虛擬主機(jī)(vhost) [domain].conf配置文件
mkdir -p /home/nginx/conf/vhost
touch /home/nginx/conf/vhost/domain.conf (文件名稱不定,最好保持域名一致)
## 配置Vhost 文件
vim /home/nginx/conf/vhost/domain.conf
## 導(dǎo)入SSL證書至 /home/nginx/conf/ssl 目錄下,需自行通過(guò)運(yùn)營(yíng)商申請(qǐng)證書文件
## 這里使用acme.sh生成證書
wget -O - https://get.acme.sh | sh
.acme.sh/acme.sh --issue --alpn -d domain.com
## 導(dǎo)入證書到nginx目錄
.acme.sh/acme.sh --install-cert -d domain.com --key-file /home/nginx/conf/ssl/domian.com.key --fullchain-file /home/nginx/conf/ssl/domain.com.crt --reloadcmd "docker exec -it nginx nginx -s reload"
