购买了阿里云的ECS服务器,系统为64位的CentOS 6.5,记录一下初始化和配置过程。

基础配置

# 添加用户和更改主机名
groupadd tlanyan
useradd -s /bin/bash -g tlanyan tlanyan
hostname tlanyan-server
echo 'hostname tlanyan-server' >> /etc/rc.local
    
# 添加软件源和常用软件
yum install epel-release
yum install http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
vim /etc/yum.repos.d/remi.repo     # 将 remi和php56的 enabled=0 改成 enabled=1
yum update
yum install tmux wget unzip python-devel

安装vim 7.4

yum remove vim-*    # 此操作会移除sudo
# 安装vim依赖
yum install ncurses ncurses-devel lua lua-devel bzip2
wget -O vim-7.4.tar.bz2 ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
tar -xvf vim-7.4.tar.bz2
cd vim74
./configure --with-features=huge --enable-luainterp=dynamic --enable-pythoninterp=dynamic --enable-fail-if-missing
make -j4
make install

安装最新版git

wget -O git-maint.zip https://github.com/git/git/archive/maint.zip
unzip git-maint.zip
cd git-maint
# 安装依赖
yum install gcc gcc-c++ openssl-devel curl-devel expat-devel perl-ExtUtils-MakeMaker gettext gettext-libs gettext-devel 

make prefix=/usr install

配置ssh

vim /etc/ssh/sshd_config
# 以下是sshd_config的内容编辑
ClientAliveInterval 60
ClientAliveCountMax = 3
PermitRootLogin no

# 重启sshd
service sshd restart

安装denyhosts

yum install denyhosts
    chkconfig denyhosts on
    service denyhosts start

安装nginx

# 添加nginx源
echo '[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1'>/etc/yum.repos.d/nginx.repo

echo 'y' | yum install nginx
chkconfig nginx on

安装mysql

yum install mysql-server
chkconfig mysqld on

安装php

yum install php56-php-bcmath php56-php-cli php56-php-common php56-php-fpm php56-php-gd php56-php-mbstring php56-php-mcrypt php56-php-mysqlnd php56-php-opcache php56-php-pdo php56-php-pear php56-php-pecl-jsonc php56-php-pecl-redis php56-php-pecl-zip php56-php-tidy php56-php-xml
chkconfig php56-php-fpm on

安装redis

yum install redis
chkconfig redis on

配置nginx

vim /etc/nginx/nginx.conf
# 以下编辑nginx.conf的内容
server_tokens off;
sendfile on;
tcp_nopush on;
# 开启压缩
gzip  on;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml application/javascript text/javascript image/gif image/jpeg image/png text/xml application/json;

# 开启文件缓存
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# 接下来是配置各个vhost
...
# 重启nginx
service nginx restart

配置redis

# 配置第一个redis为session缓存
vim /etc/redis.conf
# 以下是redis.conf的内容
database 1
# 注释掉 save 900 1 等内容,添加
save ""

service redis restart

# 单独配置redis为缓存
cp /etc/redis.conf /etc/redis-cache.conf
vim /etc/redis-cache.conf
# 编辑redis-cache.conf内容,注意更改pid, log file, lock file 等
...
cp /etc/init.d/redis /etc/init.d/redis-cache
vim /etc/init.d/redis-cache
# 编辑redis-cache内容,主要是配置文件等
chkconfig redis-cache on
service redis-cache start

配置mysql

vim /etc/my.cnf
# 以下为编辑mysql的配置
# 增加慢查询日志
long_query_time=3
slow-query-log=true
slow-query-log-file=/var/lib/mysql/slow.log

# 增加二进制日志
log_bin=/var/lib/mysql/mysql-bin.log
server-id=xx  # 当多个mysql主备时,server-id需唯一

# 启动服务器,设置root密码
service mysqld start
mysqladmin -uroot password 'your password' # 设置root密码

配置php/fpm

vim /opt/remi/php56/root/etc/php.ini
# 配置php.ini的内容,error信息、时区等
...
vim /opt/remi/php56/root/etc/php-fpm.d/www.conf
# 配置www池的内容,主要是listen端口、session等。下面配置使用redis缓存session
php_value[session.save_handler] = redis
php_value[session.save_path] = 'tcp://127.0.0.1:6379'

chkconfig php56-php-fpm on
service php56-php-fpm start

配置iptables

chkconfig iptables on
iptables -P INPUT ACCEPT # 此步很重要,否则清空后会导致悲剧需要重启
iptables -F    # 清空所有默认的规则
iptables -X    # 清空所有自定义规则
iptables -Z    # 计数器置 0
iptables -A INPUT -i lo -j ACCEPT   # 本地连接
iptables -A INPUT -p tcp --dport 22 -j ACCEPT  # ssh
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # 允许ping
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT  # 允许对外请求的返回包
# 其他一些规则
...
# 丢弃其他所有请求
iptables -P INPUT DROP
iptables -P FORWARD DROP

# 查看当前规则
iptables -L -n
# 没有问题的话保存
service iptables save