记录一次Linux综合环境搭建

2021-01-12

一,镜像有源文件配置

如果未安装vim 使用gedit进行编辑
进入 /etc/apt 备份sources.list
修改sources.list 删除原内容,添加如下镜像源

deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe

安装远程连接ssh

openssh sudo apt-get install openssh-server -y
sudo apt-get install vim -y

二,基本配置

1,网卡配置

增加一开网卡host-only,配置host-only 与NAT两种方式,host-only用于内网连接,NAT用于连接外网

具体配置方式参见

2,增加用户

sudo adduser neo
//输入密码
sudo usermod -G sudo neo
//设置使用root权限

三,安装DNS解析——bind9

安装命令

sudo apt-get install bind9 -y

安装部署一个 Bind9 的 DNS 服务器,实现对域 oasis.com 内的各类主机的域名解析。实现对mail.oasis.com,web.oasis.com,ns.oasis.com,race.oasis.com,shining.oasis.com,game.oasis.com 等域名的正向解析(所有域名对应的 IP 地址都指向 192.168.0.101)。同时提供对上述域名的反向域名解析功能。

配置步骤如下

sudo vim /etc/bind/named.conf.local
zone     "oasis.com"   {
type master;
file    "/etc/bind/forward.oasis.com";
};

zone     "0.168.192.in-addr.arpa"   {
type master;
file    "/etc/bind/reverse.oasis.com";
};

sudo cp db.empty forward.oasis.com
sudo vi forward.oasis.com
;

; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.oasis.com. root.oasis.com. (
2         ; Serial
604800         ; Refresh
86400         ; Retry
2419200         ; Expire
604800 )       ; Negative Cache TTL
;
@         IN    NS          ns.oasis.com.
@         IN    MX    5     mail.oasis.com.
ns        IN    A           192.168.0.101
mail      IN    A           192.168.0.101
web       IN    A           192.168.0.101
race      IN    A           192.168.0.101
shining   IN    A           192.168.0.101
game      IN    A           192.168.0.101

sudo cp db.empty reverse.oasis.com
sudo vi reverse.oasis.com

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.oasis.com. root.oasis.com (
2         ; Seriail
604820         ; Refresh
864500        ; Retry
2419270         ; Expire
604880 )       ; Negative Cache TTL
;
@       IN      NS      ns.oasis.com.

101     IN      PTR     ns.oasis.com.
101     IN      PTR     mail.oasis.com.
101     IN      PTR     web.oasis.com.
101     IN      PTR     race.oasis.com.
101     IN      PTR     shining.oasis.com.
101     IN      PTR     game.oasis.com.

sudo service bind9 restart

修改网卡,添加DNS服务器192.168.0.101
输入nslookup(查看域名服务器)

四,具体网址解析配置

1,安装nginx

sudo apt-get install nginx -y
sudo service nginx start
sudo ufw allow 80

建立网址主页

sudo mkdir -p /var/www/race.oasis.com/html
sudo vi /var/www/race.oasis.com/htm/index.html

<html>
   <head>
	<title>Welcome to race.oasis.com!</title>
   </head>
<body>
	<h1> race.oasis.com</h1>
</body>
</html>
sudo vi /etc/nginx/sites-available/race.oasis.com
server {
listen 80;
listen [::]:80;

root /var/www/race.oasis.com/html;
index index.html index.htm index.nginx-debian.html;

server_name race.oasis.com www.race.oasis.com;

location / {
        try_files $uri $uri/ =404;
	}
}
sudo ln -s /etc/nginx/sites-available/race.oasis.com /etc/nginx/sites-enabled/
//编辑配置位置释放server.....
sudo vi /etc/nginx/nginx.conf
http {
...
server_names_hash_bucket_size 64;
...
}

更新nginx 启动配置

sudo nginx -t
sudo systemctl restart nginx

2,增加SSL

配置 Nginx 服务器,使得网站支持 443 端口的 https 加密数据传输。并使得可以通过加密协议通道 https://race.oasis.com 来访问该网站。该方式产生的是本地的SSL浏览器一般不认,会显示有危险

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

sudo vi /etc/nginx/sites-available/race.oasis.com
server {
listen 80;
listen [::]:80;
listen 443 ssl;


root /var/www/race.oasis.com/html;
index index.html index.htm index.nginx-debian.html;

server_name race.oasis.com www.race.oasis.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
try_files $uri $uri/ =404;
}
}

sudo service nginx restart

3, 支持php

在 Nginx 服务器中安装 PHP FastCGI Process Manager 软件,让服务器实现对 PHP 语言的解析。为 http://shining.oasis.com 网站编写一个 index.php 首页文件。 该文件内容为

<?php
phpinfo();
?>

安装php

sudo apt-get install php-fpm php-mysql
sudo apt-get install php7.2
//修改配置
sudo vi /etc/php/7.2/fpm/php.ini
cgi.fix_pathinfo=0;
sudo systemctl restart php7.2-fpm.service

配置nginx解析

sudo vi /etc/nginx/sites-available/shining.oasis.com
server {
listen 80;
listen [::]:80;

root /var/www/shining.oasis.com/html;
index index.php index.htm index.nginx-debian.html;

server_name shining.oasis.com www.shining.oasis.com;
location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}

location ~ /\.ht {
deny all;
}

}
sudo ln -s /etc/nginx/sites-available/shining.oasis.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
sudo mkdir -p /var/www/shining.oasis.com/html
sudo vi /var/www/shining.oasis.com/html/index.php
<?php
phpinfo(INFO_LICENSE);
?>

sudo systemctl reload nginx
重载nginx进行检验

五,安装Java与tomcat

//安装jdk安装镜像默认的jdk
sudo apt-get install default-jdk(sudo apt-get install openjdk-8-jdk)
//安装tomcat 
sudo apt-get install tomcat8
sudo apt-get install tomcat8-docs tomcat8-examples tomcat8-admin
//允许tomcat默认端口
sudo ufw allow 8080
//重启tomcat
systemctl start tomcat8

配置解析tomcat

sudo vi /etc/nginx/sites-available/game.oasis.com
sudo ln -s /etc/nginx/sites-available/game.oasis.com /etc/nginx/sites-enabled/
server {
listen      80;
server_name game.oasis.com;

location / {
root    /var/www/game.oasis.com/html/;
proxy_pass http://127.0.0.1:8080; //代理
index   index.html index.htm;
}

}
//更新nginx配置
sudo systemctl reload nginx

邮件

sudo apt install mailutils //安装邮件系统

sudo vi /etc/postfix/main.cf

inet_interfaces = loopback-only //使得只能内网发送,如果发外网改为all

sudo systemctl restart postfix
//重启后发送测试信息
echo 'it is only a test' | mail -s "test eamil" neo@oasis.com

数据库

sudo apt-get install mysql-server //安装数据库
//登录数据库 
mysql -u root -p
//设置密码与建立数据库
set password for root@localhost = password('oracle');
create database zion;

/*
//修改数据库端口
/etc/mysql/mysql.conf.d/
编辑sudo vim  mysqld.cnf
port=3366加

mysql -u root -P 3366 -h localhost -D zion -poracle
*/

mysql -u root -h localhost -poracle

show global variables like 'port';
service mysql stop
service mysql start

配置防火墙

sudo ufw allow 22 25 80 443 110 143

在虚拟机上添加两块 100M 的新磁盘,把两个新磁盘做成 RAID1,实现对
数据的冗余备份存储。RAID 磁盘被 mount 到 /mnt/md0 节点下。

sudo fdisk -l
sudo mdadm --create --auto=yes /mnt/md1 --level=1 --raid-devices=2  /dev/{sdb,sdc}

mdadm --detail /mnt/md1

标题:记录一次Linux综合环境搭建
作者:raincat
地址:https://solo.cerumask.cn/articles/2021/01/12/1610461348530.html