1)
准备好环境
1.1创建虚拟机(如果是引用过来得虚拟机,只需修改虚拟机的配置文件)
选择所在的iso文件
设定好配置,由于所有的配置都放在一个server上,相对应的配置设定得高
配置好网络
配置好root密码
1.2配置static ip
重启后可以配置static ip:
First check your Gateway IP in NAT Settings of Virtual Network Editor
Below is the only network I have in VM: by command: nmcli d
cd /etc/sysconfig/network-scripts
yum install vim
vim ifcfg-ens33
restart network: systemctl restart network(service network restart), ip:192.168.16.139
connect by SSH
connect by WinSCP
1.3 Install Java
We need jar to unzip war file, so we should not use open jdk
[root@s132-148-87-25 ROOT]# rpm -qa|grep java
[root@s132-148-87-25 ROOT]# rpm -e --nodepsjava-1.8.0-openjdk-headless-1.8.0.201.b09-2.el7_6.x86_64
[root@s132-148-87-25 ROOT]# rpm -e --nodepsjava-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64
If you do not see any openjdk, then go ahead:
[root@s132-148-87-25 ROOT]# mkdir /usr/local/src/java
put unzipped java under this folder
config java environment
[root@s132-148-87-25 lib]# vim /etc/profile
#set java environment
JAVA_HOME=/usr/local/src/java/jdk1.7.0_55
CLASSPATH=.:$JAVA_HOME/lib.tools.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH
[root@s132-148-87-25 lib]# source /etc/profile
[root@localhost ~]# java -version
-bash: /usr/local/src/java/jdk1.7.0_55/bin/java: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
[root@localhost ~]# yum install glibc.i686
1.4 Install Tomcat
Tomcat port
tomcat10080的端口:8005, 10080, 9009
tomcat10081的端口:8006, 10081, 9010
tomcat10082的端口:8007, 10082, 9011
tomcat10083的端口:8008, 10083, 9012
tomcat10084的端口:8009, 10084, 9013
tomcat10085的端口:8010, 10085, 9014
tomcat10086的端口:8011, 10086, 9015
tomcat10087的端口:8012, 10087, 9016
tomcat10088的端口:8013, 10088, 9017
tomcat10089的端口:8014, 10089, 9018
tomcat10090的端口:8015, 10090, 9019
tomcat10091的端口:8016, 10091, 9020
tomcat11080的端口:8205, 11080, 8309
tomcat11081的端口:8206, 11081, 8310
tomcat11082的端口:8207, 11082, 8311
tomcat11083的端口:8208, 11083, 8312
tomcat11084的端口:8209, 11084, 8313
tomcat11085的端口:8210, 11085, 8314
tomcat11086的端口:8211, 11086, 8315
tomcat11087的端口:8212, 11087, 8316
tomcat11088的端口:8213, 11088, 8317
tomcat11089的端口:8214, 11089, 8318
tomcat11090的端口:8215, 11090, 8319
tomcat11091的端口:8216, 11091, 8320
All servers are under /usr/local
[root@localhost java]# mkdir /usr/local/samemart-tomcats
[root@localhost java]# mkdir /usr/local/samemart-servers
[root@localhost ~]# mv apache-tomcat-7.0.47 /usr/local/samemart-tomcats/
[root@localhost samemart-tomcats]# mkdir tomcat10081
[root@localhost samemart-tomcats]# cd apache-tomcat-7.0.47/
[root@localhost apache-tomcat-7.0.47]# mv conf/ webapps/temp/ logs/ work/ -t ../tomcat10081/
[root@localhost samemart-tomcats]# cd tomcat10081/
[root@localhost tomcat10081]# vim conf/server.xml //update port
root@localhost samemart-tomcats]# cp -r tomcat10081/tomcat10082/ //copy tomcat instance
[root@localhost samemart-tomcats]# vim tomcat10082/conf/server.xml //update port
1.5 Install MySQL
//安装Mysql原包
[root@s132-148-87-25 ~]# yum localinstall mysql-community-release-el6-5.noarch.rpm
//在线安装MySQL 5.6
[root@localhost ~]# yum install mysql-community-server
//启动mysql
[root@localhost ~]# service mysqld start
//将mysql设置为开机启动
chkconfig mysqld
//给root用户设置密码
[root@localhost ~]# /usr/bin/mysqladmin -uroot password 'iHai1221'
//远程连接授权
[root@localhost mysql]# mysql -uroot -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'iHai1221' WITH GRANT OPTION;
mysql> show databases;
//运程连接,导入数据库
/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT //open 3306 port
yum install iptables-services //install iptables
service iptables save //save iptables
#centOS6下查看iptables
service iptables status
/etc/rc.d/init.d/iptables save //同service iptables save
/etc/init.d/iptables status //查看16.131的iptable (centOS中用[root@localhost ~]# iptables -L)
********
加入下面的几行,22是默认存在的;这里要把21端口也加进去,不加入会导致nginx服务启动之后访问不了主界面
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
22端口是供ssh访问的,80,8080端口是http服务访问的,以后用到https,也需要打开443端口的访问权限。
---------------------
原文:https://blog.csdn.net/XIANZHIXIANZHIXIAN/article/details/78891657
********
systemctl status firewalld
systemctl status iptables
(开放端口,对于验证mysql的3306端口,以及solr的8080端口都有效)
disable iptables
最后重启防火墙使配置生效
#systemctl restart iptables.service
设置防火墙开机启动
#systemctl enable iptables.service
[root@localhost ~]#service iptables stop /永久关闭:chkconfig iptables off
[root@localhost ~]# iptables -L
程序员→软件工程师→架构师→系统分析师(技术路线)
程序员→软件工程师→项目主管Project Leader→项目经理PM→项目总监director→CIO
在CentOS6下
# filter用于一般的ip数据包过滤,包含input链、output链和forward链;
nat表的作用转发ip数据包,包含prerouting链、postrouting链和output链。
forward:通过防火墙转发数据;
input:外部访问本机应用程序;
output:本机应用程序向外部发起的访问;
prerouting:定义数据包在进入防火墙且在控制规则生效之前;
postrouting:定义数据包进入防火墙在向外转发之前。
INPUT:与想要进入我们 Linux 本机的封包有关;
#–A:参数就看成是添加一条规则
–dport:就是目标端口,当数据从外部进入服务器为目标端口
–sport:数据从服务器出去,则为数据源端口使用
–j:就是指定是 ACCEPT接收,或者 DROP 拒绝
–s:指定IP
#–p:指定协议,我们常用的tcp 协议
PREROUTING:在进行路由判断之前所要进行的规则(DNAT/REDIRECT)
mangle (破坏者)
https://blog.51cto.com/evolution/648181 实例简释iptables + l7-filter配置及使用
SNAT 主要是应付内部 LAN 连接到 Internet 的使用方式,如果要实现SNAT主要会用到POSTROUTING链,
DNAT 则主要用在内部主机想要架设可以让 Internet 存取的服务器啦,如果要实现主要涉及到PREROUTING链https://yq.aliyun.com/articles/483315/#
192.168.102.230 对外IP
要实现内网访问外网,那就是SNAT啦
# iptables -t nat -A POSTROUTING -s 192.168.111.0/24 -o eth1 -j SNAT --to-source 192.168.102.230
# iptables -t nat -L -nv --line-number
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to-destination 192.168.113.80
外网用户访问http://192.168.102.230(对外公开ip)得到的是‘这里是内网站点’ 实际上访问的是192.168.113.80(内部站点或DMZ)
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to-destination 192.168.113.80
要实现外网访问内网资源那就是DNAT啦 #如果访问192.168.16.141将会导到127.0.0.1
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to-destination 127.0.0.1
CentOS开放IP及端口&移除端口
[root@localhost ~]# iptables -A INPUT -s 192.168.16.0/24 -m tcp -p tcp --dport 9004 -j ACCEPT
[root@localhost ~]# /etc/init.d/iptables status # 查看端口状态
[root@localhost ~]# iptables -D INPUT 2 # 上面可以看到端口num编号,然后按编号删除:
在CentOS7下
firewall-cmd --permanent --add-port=4369/tcp
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
firewall-cmd --reload //reload生效,同systemctl restart firewalld
firewall-cmd --list-ports
systemctl status firewalld
yum install firewalld
systemctl unmask firewalld #实现取消服务的锁定
systemctl enable firewalld
systemctl start firewalld
区域就是firewalld预先准备了几套防火墙策略集合
https://blog.51cto.com/andyxu/2137046 #允许192.168.16.132访问本机的9004端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.16.132" port protocol="tcp" port="9004-9008" accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="11300" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --zone=internal --list-all
[root@localhost ~]# systemctl restart firewalld //重启生效
[root@localhost ~]# firewall-cmd --list-all
iptables 用于过滤数据包,属于网络层防火墙。
firewall 能够允许哪些服务可用,那些端口可用...属于更高一层的防火墙。
切换到iptables首先应该关掉默认的firewalld,然后安装iptables服务。
我记得唯一的方案是:后端服务器只给前端服务器开放一些端口,这个是可以做到的;防止api的url被暴露
RabbitMQ的安装
systemctl stop firewalld
systemctl disable firewalld
hostname localhost
systemctl start rabbitmq-server v.s. /sbin/service rabbitmq-server start
