CentOS 7 备忘

服务器版本
命令备忘
关于安全
常用软件编译备忘
- Java
- Python
- OpenResty
- Redis
软件安装
- Supervisor: A Process Control System
- Kafka: A distributed streaming platform
Https 证书申请
目前工作流

在这里记录一下服务器的管理

服务器版本

cat /etc/redhat-release
# => CentOS Linux release 7.8.2003 (Core)
uname -m
# => x86_64

命令备忘

# 修改 hostname
hostnamectl set-hostname xxx

关于安全

*只允许*密钥登陆, 而不是密码登陆
创建一个普通用户执行命令和启动服务, 而不是用 root
程序依赖的开发环境, 自己指定版本, 而不是使用包管理安装

常用软件编译备忘

编译到未来部署的目录, 打成压缩包, 然后每个服务器都可以直接使用

Java

下载: https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html
无需编译, 直接下载 (如果从第三方下载, 记得校验 checksum)

Python

下载: https://www.python.org/downloads/source/
编译: https://devguide.python.org/setup/#compile-and-build
执行过程

sudo yum install yum-utils
sudo yum-builddep python3
wget https://www.python.org/ftp/python/3.9.0/Python-3.9.0.tgz
# or wget http://npm.taobao.org/mirrors/python/3.9.0/Python-3.9.0.tgz
tar xf Python-3.9.0.tgz
cd Python-3.9.0
./configure --with-ensurepip=install --prefix=/data/app/Python-3.9.0
./configure --prefix=../dist/Python-3.9.0
make
make install

OpenResty

下载: https://openresty.org/en/download.html
编译: https://openresty.org/en/installation.html
执行过程

wget https://openresty.org/download/openresty-1.19.3.1.tar.gz
tar xf openresty-1.19.3.1.tar.gz
cd openresty-1.19.3.1
./configure -j2 --prefix=/data/app/openresty-1.19.3.1
make -j2
make install

Redis

下载 & 编译: https://redis.io/download
(阿里云最高支持 5.0, 所以暂时不用最新版)
执行过程

https://download.redis.io/releases/redis-5.0.10.tar.gz
tar xf redis-5.0.10.tar.gz
make
make PREFIX=../dist/redis-5.0.10 install
cp redis.conf dist/redis-5.0.10

软件安装

Supervisor: A Process Control System

http://supervisord.org/index.html
配置目录

/etc/supervisor/
├── conf.d
│   └── redis.conf
└── supervisord.conf

安装过程

# 安装
pip3 install supervisor
# 准备
mkdir -p /etc/supervisor/conf.d/
# 生成配置
echo_supervisord_conf > /etc/supervisor/supervisord.conf

# 注意需要修改用户名

# 以下命令来源: https://stackoverflow.com/a/57162682
cat <<EOT >> /etc/supervisor/supervisord.conf
[include]
files = /etc/supervisor/conf.d/*.conf
EOT

# 创建 systemctl service
cat <<EOT > /lib/systemd/system/supervisord.service
[Unit]
Description=Supervisor process control system for UNIX
Documentation=http://supervisord.org
After=network.target

[Service]
ExecStart=$(which supervisord) -n
ExecStop=$(which supervisorctl) shutdown
ExecReload=$(which supervisorctl) reload
KillMode=process
Restart=on-failure
RestartSec=50s

[Install]
WantedBy=multi-user.target
EOT

# 启动服务
systemctl start supervisord

# 开启启动
systemctl enable supervisord

完整配置
http://supervisord.org/configuration.html#programx-section

Kafka: A distributed streaming platform

快速开始: https://kafka.apache.org/quickstart, 页面很详细, 就不额外补充了

Https 证书申请

# 泛域名申请方式
certbot certonly --preferred-challenges dns --manual  -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory
# 只展示要用的文件
tree /etc/letsencrypt
/etc/letsencrypt
├── live
│   └── exmaple.com-0001
│       ├── fullchain.pem
│       └── privkey.pem
├── options-ssl-nginx.conf
└── ssl-dhparams.pem

Nginx 配置

server {
    server_name example.com;

    ...

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/exmaple.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/exmaple.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}