为了在CentOS7上使用Nginx和MariaDB来操作Rails4的设置

2 年 ago
雅, 悟
6 minutes

安装 CentOS-7-x86_64-Minimal-1511.iso

在途中创建root密码和管理员用户(madoka)。之后,

    • # は Linux(サーバ : server.com)での root の作業

 

    • % は Mac(ローカル)での madoka の作業

 

    $ は Linux(サーバ : server.com)での madoka の作業

假设。

将Linux更新到最新版本

% ssh madoka@server
$ sudo yum -y update

创建用户的骨架

% ssh madoka@server
$ sudo mkdir /etc/skel/.ssh
$ sudo chmod 700 /etc/skel/.ssh
$ sudo touch /etc/skel/.ssh/authorized_keys
$ sudo chmod 600 /etc/skel/.ssh/authorized_keys

管理者用户(Madoka)的设置

为了使用密码登录做好准备。

% scp ~/.ssh/id_rsa.pub madoka@server:~/
% ssh madoka@server
$ cat id_rsa.pub >> .ssh/authorized_keys
$ rm id_rsa.pub

根据每个人的环境和喜好来改变Madoka的外观(根据个人情况进行适当的修改)。

% scp ~/.tcshrc madoka@server:~/
% ssh madoka@server
$ chsh
新しいシェル [/bin/bash]: /bin/tcsh
パスワード:
シェルを変更しました。

不同种类的设置

安装与SELinux相关的软件

% ssh madoka@server
$ sudo yum -y install policycoreutils-gui
$ sudo yum -y install policycoreutils-restorecond
$ sudo yum -y install star
$ sudo yum -y install selinux-policy-minimum
$ sudo yum -y install selinux-policy-mls
$ sudo yum -y install iptstate
$ sudo yum -y install firewalld
$ sudo yum -y install setools

星星能够保存安全上下文(tar不能)。

$ star -H=exustar -xattr -cvz -f /tmp/log.tar gz var/log/maillog*

在cp命令中加上–preserve=context选项。

$ cp --preserve=context /etc/passowrd .

SSH配置

    ポートの確認
$ sudo semanage port -l | grep ssh
    ssh で 22 番ポート以外を使う場合
$ sudo semanage port -a -t ssh_port_t -p tcp 9022
    ポートを削除する場合
$ sudo semanage port -d -t ssh_port_t -p tcp 9022
    ssh での認証の修正
$ sudo vi /etc/ssh/sshd_config
PermitRootLogin no          # root でのログインは不可
PasswordAuthentication no   # password による認証は不可

一直同期(初期阶段已安装)

ntpd已经过时。

    インストールする場合
$ sudo yum -y install chrony
    手動で起動する場合
$ sudo systemctl start chronyd
    自動設定
$ sudo systemctl enable chronyd
$ systemctl list-unit-files -t service | grep chronyd
    動作確認
$ sudo chronyc sources

安装各种命令

$ sudo yum -y install screen wget git emacs
$ sudo yum -y groupinstall "Development Tools"
$ sudo yum install -y openssl-devel readline-devel zlib-devel mysql-devel

如果您在VMWare上运行server.com,则需要安装open-vm-tools。

VMwareTools 已被官方不再推荐使用

$ sudo yum -y install open-vm-tools
$ sudo reboot
    動作確認
$ ps -ef | grep vmtools
$ systemctl status vmtoolsd.service

madoka 用户的 git 设置

$ git config --global user.name "Kaname Madoka"
$ git config --global user.email "madoka@mitakihara.com"
$ git config --global core.editor "emacs"
$ git config --global color.ui auto
$ git config --global core.excludesfile ~/.gitignore_global
    改行コードを変換するための設定

如果只希望将提交时的CRLF转换为LF,而不需要其他自动转换的话,可以输入以下代码:
提交时的CRLF 到 LF 转换是必要的, 但不需要其他的自动转换。

$ git config --global core.autocrlf input
$ emacs ~/.gitignore_global
.zip
.DS_Store
Thumbs.db
/nbproject/

安装Nginx

安装和配置epel仓库

$ sudo yum -y install epel-release
$ sudo vi /etc/yum.repos.d/epel.repo
[epel]部分の「enabled=1」を「enabled=0」に変更

安装Nginx软件包

$ sudo yum -y install --enablerepo=epel nginx

服务注册

    サービスの確認
$ systemctl list-unit-files -t service | grep nginx
nginx.service                               disabled
    自動起動のための設定
$ sudo systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
$ systemctl list-unit-files -t service | grep nginx
nginx.service                               enabled

启动服务

$ sudo systemctl start nginx
$ systemctl -l status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since 月 2016-05-16 19:21:17 JST; 31s ago
  Process: 1741 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 1739 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 1737 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 1744 (nginx)
   CGroup: /system.slice/nginx.service
           ├─1744 nginx: master process /usr/sbin/ngin
           └─1745 nginx: worker proces

 5月 16 19:21:17 server.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
 5月 16 19:21:17 server.com nginx[1739]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 5月 16 19:21:17 server.com nginx[1739]: nginx: configuration file /etc/nginx/nginx.conf test is successful
 5月 16 19:21:17 server.com systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
 5月 16 19:21:17 server.com systemd[1]: Started The nginx HTTP and reverse proxy server.
    動作確認
$ ps -ef | grep nginx
root       1744      1  0 19:21 ?        00:00:00 nginx: master process /usr/sbin/nginx
nginx      1745   1744  0 19:21 ?        00:00:00 nginx: worker process

防火墙的设置

$ sudo firewall-cmd --get-default-zone
public

$ sudo firewall-cmd --list-services --zone=public
dhcpv6-client ssh

$ sudo firewall-cmd --add-service http --zone=public --permanent
success

$ sudo firewall-cmd --add-service https --zone=public --permanent
success

$ sudo firewall-cmd --reload
success

$ sudo firewall-cmd --list-services --zone=public
dhcpv6-client http ssh

动作检查

$ wget -O - -q http://localhost
% wget -O - -q http://server.com

确认nginx的安装情况。

$ sudo semanage fcontext -l | grep nginx
/etc/nginx(/.*)?                                   all files          system_u:object_r:httpd_config_t:s0
/var/run/nginx.*                                   all files          system_u:object_r:httpd_var_run_t:s0
/var/lib/nginx(/.*)?                               all files          system_u:object_r:httpd_var_lib_t:s0
/var/log/nginx(/.*)?                               all files          system_u:object_r:httpd_log_t:s0
/var/opt/rh/rh-nginx18/log(/.*)?                   all files          system_u:object_r:httpd_log_t:s0
/etc/opt/rh/rh-nginx18/nginx(/.*)?                 all files          system_u:object_r:httpd_config_t:s0
/usr/lib/systemd/system/nginx.*                    regular file       system_u:object_r:httpd_unit_file_t:s0
/var/opt/rh/rh-nginx18/lib/nginx(/.*)?             all files          system_u:object_r:httpd_var_lib_t:s0
/var/opt/rh/rh-nginx18/run/nginx(/.*)?             all files          system_u:object_r:httpd_var_run_t:s0
/usr/sbin/nginx                                    regular file       system_u:object_r:httpd_exec_t:s0

$ cd /etc/nginx
$ ls -lZ
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.d
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 fastcgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 koi-utf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 koi-win
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 mime.types
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 nginx.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 scgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 uwsgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 win-utf

修改 nginx.conf 文件。

虚拟主机的设置存储在 /etc/nginx/conf.d/*.conf 中的各个文件中。
如果不需要使用,可以将扩展名改为 *.stop 等。

File Edit Options Buffers Tools Conf Help
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

对配置文件进行语法检查

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

确认Nginx是否已启动

$ sudo systemctl restart nginx
$ systemctl status nginx

动作检查

$ wget -O - -q http://localhost
% wget -O - -q http://server.com

安装和配置MariaDB

安装软件包

$ sudo yum -y install mariadb-server mariadb

修改配置文件

[mysqld]
max_allowed_packet = 128M

如果不进行这个设置,在传输大约1M大小的文件时,MySQL会出现错误并陷入困境或者挂起。

[mysqld]
character-set-server = utf8

[mysql]
default-character-set = utf8
show-warnings

确认启动

$ sudo systemctl start mariadb.service
$ systemctl status mariadb

设置自动启动

$ sudo systemctl enable mariadb.service
$ systemctl list-unit-files -t service | grep mariadb
mariadb.service                             enabled

执行 mysql_secure_installation

$ sudo mysql_secure_installation
...
Enter current password for root (enter for none):  [enter]
...
Set root password? [Y/n] [Y]
New password: 
Re-enter new password: 
...
Remove anonymous users? [Y/n] [Y]
...
Disallow root login remotely? [Y/n] [Y]
...
Remove test database and access to it? [Y/n] [Y]
...
Reload privilege tables now? [Y/n] [Y]
广告
将在 10 秒后关闭
bannerAds