服务器信息
1
2
3192.168.15.21 nginx21
192.168.15.22 nginx22
192.168.15.183 vip查看系统版本
1
2[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)设置主机名
1
2
3
4
5
6
7
8
9//nginx21
[root@localhost ~]# hostname nginx21 && echo nginx21 | tee /etc/hostname
[root@localhost ~]# echo '192.168.15.21 nginx21' |tee -a /etc/hosts
[root@localhost ~]# $SHELL
//nginx22
[root@localhost ~]# hostname nginx22 && echo nginx22 | tee /etc/hostname
[root@localhost ~]# echo '192.168.15.22 nginx22' |tee -a /etc/hosts
[root@localhost ~]# $SHELL设置打开最大文件数
1
2
3[root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf
[root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf
[root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f设置yum源
1
2
3
4
5
6[root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
[root@[x] ~]# rpm --import http://yum.jwops.cn/epel/RPM-GPG-KEY-EPEL-7
[root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.jwops.cn/epel-7.repo
[root@[x] ~]# rpm --import http://yum.jwops.cn/centos/RPM-GPG-KEY-CentOS-7
[root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.jwops.cn/centos-7.repo
[root@[x] ~]# yum clean all && yum makecache安装基础依赖库和常用工具包
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34[root@[x] ~]# yum -y groupinstall "Development Tools"
[root@[x] ~]# yum -y install \
make cmake \
bison-devel \
bzip2-devel \
zlib zlib-devel \
openssl openssl-devel openssl-libs openssl-static \
pcre pcre-devel pcre-static \
ncurses ncurses-devel ncurses-libs \
curl-devel \
expat-devel \
gettext-devel \
openldap openldap-devel \
readline readline-devel readline-static \
libssh2 libssh2-devel \
unixODBC unixODBC-devel \
sqlite sqlite-devel \
tcl tcl-devel \
perl-Digest-SHA1 \
python-libs python-devel python2-pip python-crypto \
perl-libs \
perl-ExtUtils-MakeMaker \
GeoIP GeoIP-devel \
gperftools gperftools-devel gperftools-libs \
libatomic_ops-devel \
gtest gtest-devel \
gdk-pixbuf2 gdk-pixbuf2-deve \
libffi libffi-devel \
libcurl libcurl-devel \
http-parser http-parser-devel \
libxml2* \
libmcrypt* \
libtool-ltdl-devel*
[root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc关闭selinux
1
2[root@[x] ~]# setenforce 0
[root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config关闭防火墙
1
[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld
设置系统时区
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33[root@[x] ~]# ntpdate cn.pool.ntp.org
[root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
[root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak}
[root@[x] ~]# cat > /etc/ntp.conf <<EOF
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server cn.pool.ntp.org prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
EOF
[root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak}
[root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF
cn.pool.ntp.org
0.centos.pool.ntp.org
1.centos.pool.ntp.org
2.centos.pool.ntp.org
3.centos.pool.ntp.org
EOF
[root@[x] ~]# systemctl start ntpd && systemctl enable ntpd安装python,并设置python源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20[root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv
[root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh
[root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh
[root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh
[root@[x] ~]# source /etc/profile
[root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache
[root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里
[root@[x] ~]# pyenv install 2.7.13
[root@[x] ~]# pyenv local 2.7.13
[root@[x] ~]# mkdir ~/.pip
[root@[x] ~]# cat > ~/.pip/pip.conf <<EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/
[list]
format=columns
EOF设置开机启动文件权限
1
[root@[x] ~]# chmod +x /etc/rc.d/rc.local
创建常见目录
1
[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}
nginx安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63[root@[x] app]# useradd -s /sbin/nologin nginx
[root@[x] app]# tar xzf nginx-1.12.1.tar.gz
[root@[x] app]# cd nginx-1.12.1/
[root@[x] nginx-1.12.1]# ./configure \
--prefix=/mnt/app/nginx \
--user=nginx \
--group=nginx \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_ssl_preread_module \
--with-google_perftools_module \
--with-compat \
--with-pcre \
--with-libatomic
[root@[x] nginx-1.12.1]# make -j 32
[root@[x] nginx-1.12.1]# make -j 32 install
[root@[x] nginx-1.12.1]# mkdir -p /mnt/log/nginx
[root@[x] nginx-1.12.1]# chown -R nginx.nginx /mnt/log/nginx
[root@[x] nginx-1.12.1]# cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
Documentation=http://nginx.org/en/docs/
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStartPre=/mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf -t
ExecStart=/mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
EOF
[root@[x] nginx-1.12.1]# systemctl daemon-reload
[root@[x] nginx-1.12.1]# systemctl start nginx
[root@[x] nginx-1.12.1]# systemctl enable nginxkeepalived安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43[root@[x] ~]# yum -y install keepalived ipvsadm
[root@nginx21 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id HA_192.168.15.21
}
vrrp_instance VI_192.168.15.21 {
state MASTER
interface eth0
virtual_router_id 21
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 183
}
virtual_ipaddress {
192.168.15.183
}
}
EOF
[root@nginx22 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
router_id HA_192.168.15.22
}
vrrp_instance VI_192.168.15.22 {
state BACKUP
interface eth0
virtual_router_id 22
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 183
}
virtual_ipaddress {
192.168.15.183
}
}
EOF