通用模板机安装手册

1、模板机环境

平台	IP	系统类型	适用场景
CentOS 6.7 64Bit	192.168.2.245	最小化	APP/DB/PX/HA

2、基础软件安装

2.1、安装EPEL源

1 2	[root@localhost ~]# yum install nss curl ca-certificates -y [root@localhost ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/e/epel-release-6-8.noarch.rpm

2.2、安装系统工具

1	[root@localhost ~]# yum install vim telnet wget nethogs htop glances dstat traceroute lrzsz goaccess ntpdate dos2unix openssl-devel tcpdump lrzsz fio nss curl ca-certificates socat -y

2.3、安装编译开发组件

1	[root@localhost ~]# yum groupinstall "Development Tools" -y

2.4、（可选）安装NGINX各项依赖组件

[root@localhost ~]# yum install pcre-devel zlib-devel libjpeg-devel libpng-devel freetype-devel   	openssl-devel curl curl-devel libxml2 libxml2-devel libjpeg libjpeg-devel libpng libpng-devel libmcrypt libmcrypt-devel openldap openldap-devel openssh-client -y

2.5、（可选）安装JAVA环境

[root@localhost ~]# wget http://192.168.1.231/soft/jdk-8u131-linux-x64.tar.gz
[root@localhost ~]# mkdir -pv /usr/java/
[root@localhost ~]# tar xzvf jdk-8u131-linux-x64.tar.gz -C /usr/java/
[root@localhost ~]# ln -s /usr/java/jdk1.8.0_131/bin/java /usr/sbin/
[root@localhost ~]# cat /etc/profile
JAVA_HOME=/usr/java/jdk1.8.0_131
export JAVA_HOME
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export CLASSPATH
PATH=$JAVA_HOME/bin:$PATH:$HOME/bin:$JAVA_HOME/bin
export PATH
export LANG=zh_CN.UTF-8

3、系统优化

3.1、防火墙

[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -X
[root@localhost ~]# iptables -Z
[root@localhost ~]# service iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]
[root@localhost ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Nov  5 15:28:54 2019
*filter
:INPUT ACCEPT [139:39694]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [113:27701]
COMMIT
# Completed on Tue Nov  5 15:28:54 2019

3.2、SELINUX

[root@localhost ~]# cat /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled

3.3、系统内核参数

[root@localhost ~]# cat /etc/sysctl.conf 
fs.file-max = 65535
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024    65000
net.ipv6.conf.all.disable_ipv6 = 1

3.4、解除Ulimit限制

[root@localhost ~]# sed -i "s/1024/65536/g" /etc/security/limits.d/90-nproc.conf
[root@localhost ~]# cat /etc/security/limits.d/90-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     65535
root       soft    nproc     unlimited

[root@localhost ~]# echo "* - nofile 65536" >> /etc/security/limits.conf
[root@localhost ~]# cat /etc/security/limits.conf
# End of file
* - nofile 65535