部署一臺服務器所需要的步驟
部署一臺服務器的整體思路
當你拿到一臺服務器之後第一件該做的就是看一下服務器的內存和磁盤的空間,然後再進行清理環境,下載你所需要的東西,然後就是打開防火墻iptables看一下規則,有規則的話就全部清理掉;然後就是配置epel源和zabbix源,下載密鑰,安裝zabbix客戶端還有同步數據所需要對的東西,以防萬一還是要看一下環境有沒有清理幹凈。之後配置zabbix文件還有實時同步的文件,然後重啟服務器之後,配置你所需要的貴規則,同步你所需要的數據資料,最後重啟服務器防火墻等,這臺服務器就配置完成啦。
第一步:看空間內存
# df -h
# free -m
第二步:配置源
# vim /etc/yum.repos.d/zabbix.repo添加下面文件
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://repo.zabbix.com/zabbix/3.2/rhel/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://repo.zabbix.com/non-supported/rhel/7/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=1
# vim /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
# wget http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpmv
# rpm -ivh zabbix-release-3.2-1.el7.noarch.rpm
弄好環境之後,就可以安裝zabbix
# yum install -y zabbix-agent iptables* rsync nginx
第三步:清理環境
# getenforce ——查看selinux的狀態
#vim /etc/selinux/config
把SELINUX=enforcing改成SELINUX=disabled
重啟後生效。
# systemctl status firewalld ——查看firewalld的狀態
# systemctl stop firewalld ——臨時關閉firewalld
# systemctl disable firewalld ——永久關閉firewalld
# systemctl status iptables ——查看防火墻iptables的狀態
# systemctl stop iptables ——臨時關閉防火墻
# systemctlt disable iptables ——永久關閉防火墻
# systemctl status NetworkManager ——查看刷新環境的狀態
# systemctl stop NetworkManager ——臨時關閉刷新環境
# systemctl disable NetworkManager ——永久關閉刷新環境
第四步:配置服務器文件
# vim /etc/rsyncd.conf添加下面內容
[ziliao]
path = /software
read only = false
uid=xiaoke
gid=xiaoke
# vim /etc/nginx/nginx.conf把include下的內容註釋掉,下面我已經註釋好了
include /etc/nginx/kis/*.conf;
# location / {
# }
# error_page 404 /404.html;
# location = /40x.html {
# }
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# vim /etc/zabbix/zabbix-agentd.conf修改一下幾項
Hostname=101.1.10 ——本機的IP
ServerActive=45.45.20.231 ——監控機的IP
ListenPort=10050 ——打開端口
Server=45.45.20.231 ——監控機的IP
# mkdir /software 存放網站的目錄
# mkdir /etc/nginx/kis 存放綁定域名配置文件的目錄
# mkdir /etc/nginx/conf 存放證書的目錄
# systemctl enable rsync ——開機自啟(下同)
# systemctl enable nginx
# systemctl enable zabbix-agend
第五步:添加規則
# systemctl start iptables
# iptables -F
# iptables -F -t nat
# iptables -F -t mangle
# iptables -A INPUT -p udp -m multiport --dport 53 -j ACCEPT ——yum install----通道
# iptables -A OUTPUT -p udp -m state --state established -j ACCEPT
# iptables -A OUTPUT -p udp -m state --state new,established -j ACCEPT
# iptables -A INPUT -p udp -m multiport --sport 53 -j ACCEPT
# iptables -A INPUT -p tcp -m multiport --dport 22 -j ACCEPT ——SSH服務
# iptables -A OUTPUT -p tcp -m state --state established -j ACCEPT
# iptables -A OUTPUT -p tcp -m state --state new,established -j ACCEPT
# iptables -A INPUT -p tcp -m multiport --sport 22 -j ACCEPT
# iptables -A INPUT -p tcp -m multiport --dport 80,443,10050,10051 -j ACCEPT ——nginx所需要端口
# iptables -A OUTPUT -p tcp -m state --state established -j ACCEPT
# iptables -A OUTPUT -p tcp -m state --state new,established -j ACCEPT
# iptables -A INPUT -p tcp -m multiport --sport 80,443,10050,10051 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A OUTPUT -p icmp -j ACCEPT
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# service iptables save
第六步:同步數據
# cd /software/
# systemctl start rsync
# systemctl restart iptables
# rsync -av 要同步的主機的IP(45.0.0.10)::ziliao
# bash 2軟連接到nginx配置.sh
# bash 6拷貝證書到linux下.sh
# nginx -t
第七步:所有服務器重啟
# systemctl restart nginx
# systemctl restart zabbix-agent
# systemctl restat rsync
# systemctl restart iptables
檢查一下端口有沒有起來
# lsof -i:443
# lsof -i:80
如果不放心的話可以檢查一下環境是否安全然後就可以了。
部署一臺服務器所需要的步驟