Rocky9 編譯安裝 Nginx Mariadb Asp.net Core6 (實測 筆記)
一、檢視硬體資訊
檢視物理cpu個數、核心數量、執行緒數
grep 'physical id' /proc/cpuinfo | sort -u | wc -l
grep 'core id' /proc/cpuinfo | sort -u | wc -l
grep 'processor' /proc/cpuinfo | sort -u | wc -l
檢視cpu資訊
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
檢視記憶體和硬碟
free -h && df -h
檢視IP地址
ip addr
檢視dns配置檔案
cat /etc/resolv.conf
使用者和使用者組 列表檔案
cat /etc/group | grep mysql
cat /etc/passwd | grep mysql
檢視可以登入系統的使用者
cat /etc/passwd | grep -v /sbin/nologin | cut -d : -f 1
把 /usr/local/src 目錄,轉到 /data 下
mkdir -p /data
mv /usr/local/src /data
ln -s /data/src /usr/local/src
主機名設定、檢視
hostnamectl --static set-hostname tRocky
hostname
=====================================================
bombardier、iftop
bombardier 安裝及使用
ln -s /usr/local/src/bombardier /bin
bombardier -c 125 -n 10000 http://localhost:5000
iftop安裝及使用
yum install epel-release
yum install iftop
=====================================================
二、基礎設定
Rocky9 換源
cd /etc/yum.repos.d
mkdir backup
cp rocky* backup/
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/rocky*.repo
dnf makecache
安裝基本軟體包
dnf install vim wget lsof gcc gcc-c++ tar bzip2 firewalld openssl-devel mlocate make -y
配置Vim顯示格式
vim /etc/vimrc,開啟檔案在末尾新增以下內容
set nocompatible
set number
filetype on
set history=1000
set background=dark
syntax on
set autoindent
set smartindent
set tabstop=2
set shiftwidth=2
set showmatch
set guioptions-=T
set vb t_vb=
set ruler
set nohls
set incsearch
if has("vms")
set nobackup
else
set backup
endif
:wq 儲存退出
VIM格式化使用方法(開啟檔案後,輸入以下命令,第二個G是shift+g)
gg=G
三、chrony來實現時間同步(預設不再支援ntp軟體包)
設定時區
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
加入開啟啟動
systemctl enable chronyd && systemctl start chronyd
設定NTP同步時間,設定時區
timedatectl set-ntp true
timedatectl set-timezone Asia/Shanghai
檢視配置檔案
cat /etc/chrony.conf
檢視和更改系統的時間和日期
timedatectl
修改時間
date -s '2000-1
同步時間
systemctl restart chronyd && chronyc sources -v
設定定時任務,自動執行
mkdir -p /data/crond
新增以下內容 (每天 02:00同步一次,並且日誌記錄到 /data/crond/ntpdate.log)(或者crontab -e 開啟後新增)
echo "00 02 * * * systemctl restart chronyd && chronyc sources -v 1>>/data/crond/ntpdate.log 2>&1" >> /var/spool/cron/root
四、設定網路(使用新的NetworkManager,棄用了原本的 network)
檢視配置檔案(不建議直接修改)
cat /etc/NetworkManager/system-connections/enp0s3.nmconnection
顯示當前網路設定、當前網路連線
nmcli
nmcli d
nmcli c show
常用命令(enp0s3 為網路連線名稱、c 為connection 簡寫 、m 為 modify 簡寫)
nmcli c m enp0s3 ipv4.address 192.168.0.10/24 # 修改 IP 地址和子網掩碼
nmcli c m enp0s3 ipv4.gateway 192.168.0.1 # 修改預設閘道器
nmcli c m enp0s3 ipv4.method manual # 修改為靜態配置,預設是 auto
nmcli c m enp0s3 ipv6.method disabled # 將 IPv6 禁用
nmcli c m enp0s3 connection.autoconnect yes # 開機啟動
nmcli c m enp0s3 ipv4.dns 8.8.8.8 # 修改 DNS
nmcli c m enp0s3 +ipv4.dns 8.8.8.8 # (+號,表示新增DNS)
nmcli c m enp0s3 -ipv4.dns 8.8.8.8 # (-號,表示刪除 DNS)
nmcli connection add type ethernet ifname enp0s3 # 新建網路連線
nmcli c delete enp0s3 # 刪除網路連線
nmcli c reload # 重新載入一下配置檔案
nmcli c down enp0s3 # 停止網路連線
nmcli c up enp0s3 # 啟用網路連線
五、設定PUTTY遠端登入時,不使用密碼,使用金鑰檔案登入(如不需要,可忽略)
伺服器上建立目錄
mkdir -p /root/.ssh
在"客戶機"生成對稱金鑰,把客戶機上的公鑰複製到伺服器(公鑰檔案:id_rsa.pub)
[root@centos ~] ssh-keygen -m PEM -t rsa -b 4096
根據提示操作,生成公鑰
上傳到伺服器指定目錄(*** 或使用軟體遠端複製id_rsa.pub到伺服器/root/.ssh中。)
scp id_rsa.pub [email protected]/root/.ssh
檢視伺服器上,公鑰是否已經存在
cd /root/.ssh
ll
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
匯入金鑰到authorized_keys
cat id_rsa.pub >> authorized_keys
ll /root/.ssh
-rw-r--r-- 1 root root 394 12月 5 09:37 authorized_keys
-rw-r--r-- 1 root root 394 12月 5 09:33 id_rsa.pub
匯入後,刪除公鑰檔案
rm id_rsa.pub
設定目錄和檔案讀取許可權
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
設定sshd配置檔案
vim /etc/ssh/sshd_config
找到GSSAPICleanupCredentials,並且修改為以下內容
GSSAPICleanupCredentials yes
:wq 儲存退出
重啟sshd服務,讓其生效
systemctl restart sshd
客戶端設定PUTTY,進行遠端登入
開啟軟體 PuTTYgen
點選load 選擇之前客戶機生成私鑰檔案id_rsa, 點選save private key 生成 pKey.ppk檔案
開啟軟體 PuTTY
點選Session,在HostName(or IP address)輸入伺服器地址
點選Connection下的DATA,在Auto-login username中輸入登入賬號(當前賬號為root)
點選Connection下的SSH下的Auth,點選Browse 選擇之前生成 pKeyppk檔案
點選Session,在Saved Sessions中,輸入需要儲存的Session名稱,點選儲存
1.7.6 設定完成後,即可以遠端連線到伺服器
開啟軟體 PuTTY
點選Session,在"Default Settings"下,找到之前已經儲存的Session,雙擊開啟連線
如果顯示 Authenticating with public key "xxxxx-xxxx"時,即表未成功
1.8 設定新使用者,並且使用密碼和證書雙重認證遠端登入。同時禁止root遠端登入 (如不需要,可忽略)
1.8.1 root登入後,修改root密碼 (安全建議:密碼為15位,大小字母+數字+特殊字元)
passwd
1.8.2 新增新使用者,並且設定密碼
adduser vicowong
passwd vicowong
1.8.3 建立目錄,複製金鑰相關檔案到使用者目錄,並且設定許可權
mkdir /home/vicowong/.ssh -p
cp /root/.ssh/authorized_keys /home/vicowong/.ssh
chmod 700 /home/vicowong/.ssh
chmod 600 /home/vicowong/.ssh/authorized_keys
chown vicowong:vicowong /home/vicowong/.ssh -R
設定防火牆,設定遠端連線埠(這裡是26322)
systemctl enable firewalld && systemctl start firewalld
firewall-cmd --zone=public --add-port=26322/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
安裝semanage(用於設定selinux策略)
yum install -y policycoreutils-python selinux-policy selinux-policy-targeted
檢視當前 selinux 是否啟用 即 Enforcing 狀態 (否則有可能設定 selinux 策略不成功)
getenforce
檢視當前 selinux 關於遠端ssh連線埠的設定
semanage port -l | grep ssh
ssh_port_t tcp 22
新增新埠
semanage port -a -t ssh_port_t -p tcp 26322
--------------------------------------------------------------------------------------------
移除埠
semanage port -d -t ssh_port_t -p tcp 26322
-------------------------------------------------------------------------------------------
1.8.6 設定sshd配置檔案
vim /etc/ssh/sshd_config
找到以下內容,並且進行修改
Port 26322
Protocol 2
ServerKeyBits 1024
PermitRootLogin no
AllowUsers vicowong
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication yes
AuthenticationMethods publickey,password
X11Forwarding no
MaxStartups 10:30:60
:wq 儲存退出
# AuthorizedKeysFile
# PasswordAuthentication
# X11Forwarding
以上三個搜尋,檢視是否有重複設定
重啟sshd服務,讓其生效
systemctl restart sshd
使用新使用者登入(重新開啟一個新終端,原來的終端先不關,避免因設定不當導致沒法連線遠端)
開啟軟體 PuTTY,點選之前儲存的Sessions,點選Load讀取之前的配置
在Port框輸入埠(當前賬號為26322)
點選Connection下的DATA,在Auto-login username中輸入登入賬號(當前賬號為vicowong)
點選Session 點選Save。儲存當前修改。
點選Open,開啟終端。
設定後,必須遠端將進行密碼和證書雙重認證。
遠端登入會以vicowong這個賬號進行登入。安裝維護需要root許可權時,可以使用su實現
su root
=================================================================================
一、編譯 升級 gcc
cd /usr/local/src/
wget http://mirrors.concertpass.com/gcc/releases/gcc-12.2.0/gcc-12.2.0.tar.gz
tar zvxf gcc-12.2.0.tar.gz && cd gcc-12.2.0/
./contrib/download_prerequisites && ldconfig
mkdir gcc-build && cd gcc-build
../configure --enable-languages=c,c++ --disable-multilib --enable-checking=release --prefix=/opt/gcc
make -j8
make install
echo '/opt/gcc/lib64' > /etc/ld.so.conf.d/local-lib64.conf
ldconfig -v
mv /usr/bin/gcc /usr/bin/gcc.bak
mv /usr/bin/g++ /usr/bin/g++.bak
ln -s /opt/gcc/bin/gcc /usr/bin/gcc
ln -s /opt/gcc/bin/g++ /usr/bin/g++
update-alternatives --install /usr/bin/gcc gcc /opt/gcc/bin/gcc 999
gcc --version
shutdown -r now
二、編譯 升級 核心
yum -y install gcc gcc-c++ make autoconf automake libtool ncurses-devel flex bison openssl openssl-devel bc elfutils-libelf-devel zlib zlib-devel pcre pcre-devel
cd /usr/local/src/
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.82.tar.xz
tar vxf linux-5.15.82.tar.xz && cd linux-5.15.82/
cp /boot/config-5.14.0-162.6.1.el9_1.x86_64 .config
=======================================================================
vim .config
在.config檔案中找到CONFIG_SYSTEM_TRUSTED_KEYS,CONFIG_DEBUG_INFO_BTF這兩行,並將這兩行註釋。
=======================================================================
make menuconfig
make -j8
make modules
make modules_install
make install
grubby --info=ALL | grep ^kernel
grubby --default-kernel
grubby --set-default=/boot/vmlinuz-5.16.2
grubby --remove-kernel /boot/vmlinuz-4.18.0-348.el8.0.2.x86_64
rpm -qa | grep kernel
yum remove kernel-core-4.18.0 kernel-devel-4.18.0 kernel-tools-libs-4.18.0 kernel-headers-4.18.0
刪除核心,會刪除gcc環境,重新安裝GCC
yum installgcc gcc-c++ -y
三、安裝jemalloc(需要 bzip2 庫解壓)
cd /usr/local/src/
wget https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2
tar xjf jemalloc-5.3.0.tar.bz2 && cd jemalloc-5.3.0
./configure && make && make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig -v
find / -name jemalloc
四、編譯 升級 zlib
cd /usr/local/src/
wget http://zlib.net/zlib-1.2.13.tar.gz
tar zvxf zlib-1.2.13.tar.gz && cd zlib-1.2.13
./configure && make && make install
ldconfig -v
find / -name libz.so.1.2.13
ll /usr/local/lib
四、編譯 openssl3
find / -name openssl
編譯時需要用到 Perl 的 Text::Template 模組和IPC::Cmd 模組
yum -y install perl-CPAN
cpan -i Text::Template
cpan -i IPC::Cmd
cd /usr/local/src
wget https://www.openssl.org/source/openssl-3.0.7.tar.gz
tar zvxf openssl-3.0.7.tar.gz && cd openssl-3.0.7
"--prefix=/usr"標頭檔案和庫檔案路徑,"--openssldir=/usr"證書等檔案路徑:
./config shared zlib --prefix=/opt/openssl3 --openssldir=/opt/openssl3
make update && make && make install
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
ln -s /opt/openssl3/bin/openssl /usr/bin/openssl
ln -s /opt/openssl3/include/openssl /usr/include/openssl
rm -rf /usr/lib64/libssl.so
rm -rf /usr/lib/libssl.so
ln -s /opt/openssl3/lib64/libssl.so /usr/lib64/libssl.so
ln -s /opt/openssl3/lib64/libssl.so /usr/lib/libssl.so
rm -rf /usr/lib64/libssl.so.3
rm -rf /usr/lib/libssl.so.3
ln -s /opt/openssl3/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /opt/openssl3/lib64/libssl.so.3 /usr/lib/libssl.so.3
rm -rf /usr/lib64/libcrypto.so
rm -rf /usr/lib/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so /usr/lib64/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so /usr/lib/libcrypto.so
ln -s /opt/openssl3/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
# 根據需要引入庫
export LD_LIBRARY_PATH=/opt/openssl3/lib64:$LD_LIBRARY_PATH
ldconfig -v | grep ssl
openssl version -a
openssl ciphers -v
四、編譯 openssh
yum install zlib* pam*
cd /usr/local/src/
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz
tar zvxf openssh-8.8p1.tar.gz && cd openssh-8.8p1/
./configure --with-zlib --with-md5-passwords --with-pam --without-openssl-header-check
make && make install
ssh -V
OpenSSH_9.1p1, OpenSSL 3.0.1 14 Dec 2021
五、安裝nginx
cd /usr/local/src
wget https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.41/pcre2-10.41.tar.gz
tar zvxf pcre2-10.41.tar.gz && cd pcre2-10.41
./configure && make && make install
pcre2-config --version
groupadd www
useradd -g www www -s /sbin/nologin -M
mkdir -p /data/www/web
chmod +w /data/www/web
chown -R www:www /data/www/web
cd /usr/local/src/
wget http://nginx.org/download/nginx-1.22.1.tar.gz
tar zvxf nginx-1.22.1.tar.gz && cd nginx-1.22.1
vim src/core/nginx.h
#define nginx_version 1000000
#define NGINX_VERSION "1.0.0"
#define NGINX_VER "IIS"
./configure --prefix=/opt/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-ld-opt="-ljemalloc" \
--with-http_v2_module \
--with-pcre \
--with-zlib=/usr/local/src/zlib-1.2.13 \
--with-openssl
make && make install
vim /opt/nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log logs/error.log crit;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /opt/nginx/conf/vhosts/*.conf;
}
mkdir -p /opt/nginx/conf/vhosts
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
server_name localhost;
set $root /data/www/web;
root $root;
location / {
index index.html index.htm;
}
}
vim /data/www/web/index.html
<html>
<head><title>nginx index.html</title></head>
<body>
<h1>index.html</h1>
</body>
</html>
vim /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/opt/nginx/logs/nginx.pid
ExecStartPre=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf -t
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl list-unit-files|grep enabled|grep nginx
systemctl start nginx.service
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
檢視nginx版本
/opt/nginx/sbin/nginx -V
ps -ef|grep nginx
lsof -n | grep jemalloc
六、安裝 dotnet core6
-------------------------------------------------
刪除 dotnet-sdk-6.0
dnf remove dotnet-sdk-6.0
rm -rf /usr/share/dotnet
rm -rf /usr/bin/dotnet
rm -rf /etc/yum.repos.d/microsoft-prod.repo
dnf clean all
dnf upgrade
shutdown -r now
dnf install dotnet-sdk-6.0
-------------------------------------------------
dnf install dotnet-sdk-6.0
dotnet --info
mkdir -p /data/www/netcore6
複製編譯好的程式碼到 /data/www/netcore6
vim /opt/nginx/conf/vhosts/web.conf
server {
listen 80;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
}
}
systemctl restart nginx
systemctl status nginx
安裝 python3-setuptools
yum install python-setuptools unzip -y
安裝 Supervisor (低於 3.3.3 會有安全漏洞)
cd /usr/local/src
wget https://files.pythonhosted.org/packages/b3/41/2806c3c66b3e4a847843821bc0db447a58b7a9b0c39a49b354f287569130/supervisor-4.2.4.tar.gz
tar zvxf supervisor-4.2.0.tar.gz && cd supervisor-4.2.0
python setup.py install
find / -name supervisor
配置Supervisor
mkdir -p /etc/supervisor/conf.d
echo_supervisord_conf > /etc/supervisor/supervisord.conf
vim /etc/supervisor/supervisord.conf
查詢
;[include]
;files = relative/directory/*.ini
修改為
[include]
files=conf.d/*.conf
查詢 [unix_http_server] 下賬號和密碼設定,設定密碼 (使用 supervisorctl 強制輸入密碼,增強安全性)
username=supervisor_user
password=supervisor_userpwd
:wq 儲存退出
假設有一個 asp.net core mvc專案 netcore6
cd /data/www/netcore6
dotnet netcore6.dll
vim /etc/supervisor/conf.d/netcore6.conf
輸入以下內容
[program:netcore6]
command=dotnet netcore6.dll --urls="http://[*]:5000"; 執行的命令
directory=/data/www/netcore6/ ; 命令執行目錄
autorestart=true ; 自動重啟
stderr_logfile=/var/log/netcore6.err.log ; 錯誤日誌
stdout_logfile=/var/log/netcore6.out.log ; 輸出日誌
environment=ASPNETCORE_ENVIRONMENT=Production ; 環境變數
user=www ; 程序執行的使用者身份
stopsignal=INT
:wq 儲存退出
配置 Supervisor 開機啟動
vim /etc/systemd/system/supervisord.service
[Unit]
Description=Supervisor daemon
[Service]
Type=forking
ExecStart=supervisord -c /etc/supervisor/supervisord.conf
ExecStop=supervisorctl shutdown
ExecReload=supervisorctl reload
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
:wq 儲存退出
systemctl enable supervisord && systemctl restart supervisord && systemctl status supervisord
檢視supervisor執行狀態
supervisorctl status
安裝libgdiplus元件,支援 core 圖片生成
dnf install automake autoconf libtool glib2-devel cairo-devel libjpeg* libtiff*
cd /usr/local/src
wget https://github.com/mono/libgdiplus/archive/6.0.5.tar.gz
tar zvxf libgdiplus-6.0.5.tar.gz && cd libgdiplus-6.0.5
./autogen.sh && make && make install
ln -s /usr/local/lib/libgdiplus.so /usr/lib64/gdiplus.dll
安裝字型
dnf install mkfontscale fontconfig -y
//假設把windows下font目錄的相應字型上傳到伺服器 /usr/local/src/TrueType
mkdir -p /usr/share/fonts/chinese
cd /usr/share/fonts/chinese
cp /usr/local/src/TrueType/* ./
mkfontscale && mkfontdir && fc-cache -fv
fc-list | grep times.ttf
fc-list :lang=zh
shutdown -r now
七、安裝redis
dnf install tcl -y
cd /usr/local/src
wget http://download.redis.io/releases/redis-stable.tar.gz
tar zvxf redis-stable.tar.gz && cd redis-stable/
make && make PREFIX=/opt/redis install
groupadd redis
useradd -g redis redis -s /sbin/nologin -M
mkdir -p /opt/redis/logs
cp redis.conf /opt/redis
ll /opt/redis
chown -R redis:redis /opt/redis
vim /opt/redis/redis.conf
找到相關的行,修改
#bind 127.0.0.1
protected-mode no
requirepass redispwd
daemonize no
supervised no
pidfile /opt/redis/redis_6379.pid
logfile /opt/redis/redis_6379.log
dir /opt/redis
vim /usr/lib/systemd/system/redis.service
[Unit]
Description=Redis Server
After=network.target
[Service]
Type=simple
PIDFile=/opt/redis/redis_6379.pid
ExecStart=/opt/redis/bin/redis-server /opt/redis/redis.conf
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
User=redis
[Install]
WantedBy=multi-user.target
systemctl enable redis && systemctl daemon-reload && systemctl start redis
systemctl status firewalld
firewall-cmd --zone=public --add-port=6379/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
**************************************************************************************************
指定IP可以訪問
[root@centos ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
顯示所有規則
[root@centos ~]# firewall-cmd --list-all
移除指定IP可以訪問
[root@centos ~]# firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.25" port protocol="tcp" port="6379" accept"
**************************************************************************************************
檢視當前版本
/opt/redis/bin/redis-server -v
/opt/redis/bin/redis-cli -v
安裝完成後,開啟客戶端
[root@centos ~]# /opt/redis/bin/redis-cli -h 127.0.0.1 -p 6379
輸入以下命令,測試寫入及讀取
127.0.0.1:6379 > auth redispwd
127.0.0.1:6379 > set name abc123
127.0.0.1:6379 > get name
退出
127.0.0.1:6379 >quit
八、安裝 mariadb 資料庫
dny install mariadb-server
systemctl enable mariadb && systemctl restart mariadb && systemctl status mariadb
mysql_secure_installation
mkdir /data/mysql_data
chown -R mysql:mysql /data/mysql_data
cp -a /var/lib/mysql /data/mysql_data
vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
datadir=/data/mysql_data/mysql
character-set-server=utf8mb4
collation-server=utf8mb4_general_ci
ssl
max_connections=1000
systemctl restart mariadb
mysql -u root -p
MariaDB [(none)]> status;
MariaDB [(none)]> show engines;
MariaDB [(none)]> SHOW VARIABLES LIKE '%have%ssl%';
增加遠端訪問使用者,
root是使用者名稱,%是主機名或IP地址,這裡的%代表任意主機或IP地址,也可指定唯一的IP地址
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
解決本地賬號,沒需密碼就可以登入問題
僅保留mysql.user 表下的 mariadb.sys@localhost 和 root@% 這兩個使用者對應的記錄,其它記錄刪除
MariaDB [(none)]> exit;
ps -ef|grep mysqld
lsof -n | grep jemalloc
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload && iptables -L --line-numbers|grep ACCEPT
======================================================================
配置MariaDB慢查詢
touch /data/mysql_data/slow_query_log.log
chown mysql:mysql /data/mysql_data/slow_query_log.log
在[mysqld]標籤下新增如下內容
slow_query_log=on
slow_query_log_file=/data/mysql_data/slow_query_log.log
long_query_time=2
資料備份與恢復
匯出當前資料庫的所有db,到一個檔案中
mysqldump -u root -p --all-databases > /data/AllMysql.dump
匯入資料
mysql -uroot -p < /data/AllMysql.dump
mysql -u root -p
> source /data/AllMysql.dump
======================================================================