RHEL-Like
1 前言
我们经常性的要配置服务器,那么,一台服务器应当做哪些基本的配置?本章专门总结此问题。
2 最佳实践
2.1 基本配置
2.1.1 配置服务器名称
hostnamectl set-hostname xxx.cmdschool.org
2.1.2 配置网络地址
nmcli connection show nmcli con delete ens33 nmcli device nmcli con add ifname ens33 con-name ens33 type ethernet nmcli con modify ens33 ipv4.addresses "10.168.0.x/24" nmcli con modify ens33 ipv4.gateway 10.168.0.x nmcli con modify ens33 ipv4.dns "202.96.128.86 202.96.128.166" nmcli con modify ens33 ipv4.method manual nmcli con modify ens33 ipv6.method ignore nmcli con modify ens33 conconnect.autoconnect yes nmcli con modify ens33 connect.autoconnect yes nmcli con up ens33
2.1.3 配置国内源
mkdir /etc/yum.repos.d/backup mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup/ vi /etc/yum.repos.d/CentOS-Base.repo
加入如下配置,
[base] name=CentOS-$releasever - Base baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
2.1.4 安装epel源(可选)
yum install -y epel-release
2.1.5 更新系统版本(可选)
yum update -y
2.1.6 安装常见的工具包
yum install -y vim wget unzip bzip2 net-tools bind-utils telnet jq tree
2.1.7 配置时间同步服务
yum install -y chrony systemctl start chronyd.service systemctl enable chronyd.service
另外,时区也应该设置,
timedatectl set-timezone Asia/Shanghai
2.1.8 关闭SELinux(可选)
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
2.1.9 开放服务所需的端口(可选)
firewall-cmd --permanent --add-service http --add-service https firewall-cmd --reload firewall-cmd --list-all
注:具体开放哪些服务或端口需要根据不同的需求决定
没有评论