1.更换yum/dnf 源
## 添加源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
## 清理缓存
dnf clean all
## 重建缓存
dnf makecache
dnf repolist
若执行上述无效,执行
cd /etc/yum.repos.d
## 备份
cp CentOS-Base.repo CentOS-Base.repo.bak
cp CentOS-AppStream.repo CentOS-AppStream.repo.bak
cp CentOS-Extras.repo CentOS-Extras.repo.bak
## 修改repo文件
sed -i 's/mirrorlist=/#mirrorlist=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/#baseurl=/baseurl=/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
sed -i 's/http:\/\/mirror.centos.org/https:\/\/mirrors.aliyun.com/g' CentOS-Base.repo CentOS-AppStream.repo CentOS-Extras.repo
2.卸载阿里云盾
## 卸载阿里云盾监控
wget http://update.aegis.aliyun.com/download/uninstall.sh
sh uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sh quartz_uninstall.sh
## 删除目录残留
pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*
rm -rf /usr/local/share/aliyun-assist*
3.安装常用软件
## 安装epel源
dnf install http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
## 安装常用软件
dnf -y install htop
4.设置系统语言
# 查看字符集
locale -a
# 若没有指定字符安装
dnf install -y langpacks-zh_CN
# 设置语言为中文
sed -i 's/LANG=en_US.UTF-8/LANG=zh_CN.UTF-8/' /etc/locale.conf
# 加载配置生效
source /etc/locale.conf
5.添加swap文件
dd if=/dev/zero of=/swapfile bs=1M count=4096 &>/dev/null
mkswap -f /swapfile &>/dev/null
chmod 600 /swapfile
swapon /swapfile &>/dev/null
echo "/swapfile swap swap default 0 0" >> /etc/fstab
6.添加DNS地址
cat >> /etc/resolv.conf << EOF
nameserver 114.114.114.114
nameserver 223.5.5.5
EOF
7.配置sshd
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's@PermitEmptyPasswords no@PermitEmptyPasswords no@' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
# 关闭欢迎打印
sed -i 's/#PrintMotd yes/PrintMotd no/' /etc/ssh/sshd_config
sed -i 's/#PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config
# 重启ssh服务
systemctl restart sshd.service
8.修改欢迎打印
vi /etc/motd
# 修改内容保存即可
9.美化控制台颜色
## 修改.bashrc文件
cat >> .bashrc << EOF
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "
EOF
# 使配置生效
source .bashrc
10.卸载cockpit
# cockpit为web管理控制台,若不使用卸载即可
dnf -y remove cockpit
11.安装Docker
## 卸载旧版本
yum remove docker docker-client \
docker-client-latest docker-common \
docker-latest docker-latest-logrotate \
docker-logrotate docker-selinux \
docker-engine-selinux docker-engine
## 安装依赖组件
dnf install -y yum-utils device-mapper-persistent-data lvm2
## 添加yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache
## 安装Docker
yum -y install docker-ce
# 若执行安装命令报错,需要单独安装依赖
dnf install http://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
dnf -y update
dnf install docker-ce docker-ce-cli
# 设置docker开机自启动
systemctl enable docker
systemctl start docker
# 验证安装
docker version
# 配置Docker镜像加速器
vi /etc/docker/daemon.json
{
"registry-mirrors": [
"https://tueulghe.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
]
}
# 重新载入配置
systemctl daemon-reload
systemctl restart docker
## 开启远程访问(若需要)
vi /usr/lib/systemd/system/docker.service #修改docker服务配置文件
# 在ExecStart=/usr/bin/dockerd 后添加
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
12.安装docker-compose
# 下载compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 文件及目录授权
sudo chmod +x /usr/local/bin/docker-compose
# 验证安装
docker-compose --version
13.安装redis
## 创建目录及配置文件
mkdir -p /home/redis/conf
touch /home/redis/conf/redis.conf
## 编辑配置文件
vim /home/redis/conf/redis.conf
## 启动容器
docker run -d \
--name redis \
-p 6379:6379 \
--restart always \
--privileged=true \
-v /home/redis/data:/data \
-v /etc/localtime:/etc/localtime \
-v /home/redis/conf/redis.conf:/etc/redis/redis.conf \
redis redis-server /etc/redis/redis.conf \
--appendonly yes --requirepass "password"
14.安装MySQL
## 创建目录及配置文件
mkdir -p /home/mysql/conf
touch /home/mysql/conf/my.cnf
## 编辑配置文件
vim /home/mysql/conf/my.cnf
## 启动容器
docker run -d \
--name mysql \
--restart=always \
-p 3306:3306 \
-v /home/mysql/logs:/logs \
-v /home/mysql/conf/my.cnf:/etc/mysql/my.cnf \
-v /etc/localtime:/etc/localtime \
-v /home/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=password mysql
## 连接MySQL
docker exec -it mysql mysql -uroot -p
## 新增账号
CREATE USER '账号'@'作用域' IDENTIFIED BY '密码'; -- 作用域: % 表示可以任意主机登录, localhost 本机
## 账号授权
GRANT ALL ON *.* TO '账号'@'作用域';
## 修改密码插件(mysql_native_password)
ALTER USER '账号'@'作用域' IDENTIFIED WITH mysql_native_password BY '密码';
## 刷新权限
FLUSH PRIVILEGES;
15.安装php
## 创建目录及配置文件
mkdir -p /home/php
touch /home/php/php.ini
## 修改配置
vim /home/php/php.ini
## 启动php容器
docker run \
-p 9000:9000 \
--name php -idt \
--restart=always \
--privileged=true \
-v /home/nginx/data:/www \
-v /etc/localtime:/etc/localtime \
-v /home/php/conf/php.ini:/usr/local/etc/php/php.ini php:fpm
## 配置插件(若需要)
# php 添加 pdo_mysql 组件支持MySQL数据库操作
docker exec -it php docker-php-ext-install pdo pdo_mysql
16.安装nginx
## 创建目录及配置文件
mkdir -p /home/nginx/conf
touch /home/nginx/conf/nginx.conf
## 修改配置
vim /home/nginx/conf/nginx.conf
## 启动容器
docker run -d \
-p 80:80 \
-p 443:443 \
--name nginx \
--link php:php \
--restart=always \
--privileged=true \
-v /home/nginx/conf:/etc/nginx \
-v /etc/localtime:/etc/localtime \
-v /home/nginx/logs:/var/log/nginx \
-v /home/nginx/conf/ssl:/etc/nginx/ssl \
-v /home/nginx/data:/usr/share/nginx/html \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf nginx
## 添加域名及SSL支持
## 在在挂载目录 /home/nginx/conf/vhost/ 下创建虚拟主机(vhost) [domain].conf配置文件
mkdir -p /home/nginx/conf/vhost
touch /home/nginx/conf/vhost/domain.conf (文件名称不定,最好保持域名一致)
## 配置Vhost 文件
vim /home/nginx/conf/vhost/domain.conf
## 导入SSL证书至 /home/nginx/conf/ssl 目录下,需自行通过运营商申请证书文件
## 这里使用acme.sh生成证书
wget -O - https://get.acme.sh | sh
.acme.sh/acme.sh --issue --alpn -d domain.com
## 导入证书到nginx目录
.acme.sh/acme.sh --install-cert -d domain.com --key-file /home/nginx/conf/ssl/domian.com.key --fullchain-file /home/nginx/conf/ssl/domain.com.crt --reloadcmd "docker exec -it nginx nginx -s reload"
