CentOS 7.2基本配置

ssh配置

/etc/ssh/sshd_config

去掉#Port 22的注释

增加Port xxx,修改防火墙,重启后删除Port 22


安装iptables

关闭 firewalld

systemctl stop firewalld.service
systemctl disable firewalld.service

安装 iptables

yum install iptables-services

配置 iptables

vim /etc/sysconfig/iptables
systemctl restart iptables.service
systemctl enable iptables.service

安装Nginx并配置SSL

首先获取Nginx的rmp包

wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

安装rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm

安装Nginx yum install nginx -y

设置开机自启动systemctl enable nginx.service

修改/etc/nginx/conf.d/default.conf 禁止非域名访问

listen 80; 改为 listen 80 default;

删除 server_name localhost;

生成SSL证书

如图,上传for Nginx.zip至服务器,解压。

新建文件夹mkdir /etc/nginx/ssl

修改/etc/nginx/conf.d/server.conf

server {
    listen 80;
+   listen 443 ssl;
    server_name example.com;
+   ssl_certificate    /etc/nginx/ssl/server.crt;
+   ssl_certificate_key    /etc/nginx/ssl/server.key;
    ...
    location / {
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_set_header Host $http_host;
+       proxy_set_header X-Forwarded-Proto $scheme;
        ...
    }
}

这时nginx就配置完了,service nginx restart重启nginx即可开启SSL。

记得要更改防火墙规则,开放443端口。


配置 acme.sh

curl https://get.acme.sh | sh

生成证书

acme.sh --issue --dns dns_xx -d *.xx.com --keypath /etc/nginx/ssl/all-xx.com/xx.com.key --fullchainpath /etc/nginx/ssl/all-xx.com/xx.com.crt --reloadcmd "sudo systemctl restart nginx" --force


配置MariaDB

vim /etc/yum.repos.d/MariaDB.repo 添加 MariaDB 源

# MariaDB 10.1 CentOS repository list - created 2017-01-24 16:20 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

安装 yum install MariaDB-server MariaDB-client -y


配置PHP7

REMI上已经有了最新的php7.0.9,可以通过yum直接安装。

获取并安装rpm源

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm

rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm

yum-config-manager --enable remi-php71

如果提示 -bash: yum-config-manager: 未找到命令

则使用yum -y install yum-utils安装yum-utils包

yum update

yum install php

安装php-fpm

yum install php-fpm

systemctl start php-fpm && systemctl enable php-fpm

安装组件

yum install php-mysqlnd php-gd libjpeg* php-libjpeg* php-ldap php-pear php-xml php-xmlrpc php-pdo

yum install phpunit

配置全局Composer

curl -sS https://getcomposer.org/installer | php

mv composer.phar /usr/local/bin/composer


安装FFmpeg

yum install epel-release

rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

yum install ffmpeg ffmpeg-devel

查看FFmpeg版本

ffmpeg -version

FFmpeg路径

which ffmpeg & which ffprobe


安装Node.js

curl -sL https://rpm.nodesource.com/setup_12.x | sudo bash -

yum install nodejs

yum install gcc-c++ make

Install yarn

curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo

yum install yarn


配置Apache

yum install httpd

启动Apache

systemctl start httpd.service

添加开机启动Apache

systemctl enable httpd.service

配置http-vhosts启用Apache反向代理

vi /etc/httpd/conf.d/httpd-vhosts.conf

<VirtualHost server:port>
    ServerName domain name
    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPass / http://127.0.0.1:port/
    ProxyPassReverse / http://127.0.0.1:port/
</VirtualHost>

安装MariaDB10.x

vim /etc/yum.repos.d/MariaDB.repo

# MariaDB 10.1 CentOS repository list - created 2017-01-10 03:32 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum install MariaDB-server MariaDB-client