linux多合一记录
添加swap
dd if=/dev/zero of=/swapfile bs=1M count=2048
mkswap /swapfile
chmod 0600 /swapfile
swapon /swapfile
——————————————————————————————————–
删除sanp
apt remove snap*
umount /snap/core18/2409 /snap/core20/1518 /snap/oracle-cloud-agent/38 /snap/lxd/22923 /snap/snapd/16010 /run/snapd/ns/lxd.mnt /snapd/ns
rm -rfv /snap/ /run/snapd /etc/systemd/system/snap*
——————————————————————————————————–
系统日志
journalctl –vacuum-time=3d && journalctl –vacuum-size=32M
——————————————————————————————————–
postgresql
postgresql 加固防挖矿病毒—————————————————————————–
cd /var/spool/cron/crontabs
touch postgres
chmod 0000 postgres
chattr +i postgres
postgresql.conf 设置数据库的监听地址和端口
pg_hba.conf 设置数据库的远程访问策略
postgresql.conf 设置 如下:————————————————————————————-
cat >> /var/lib/pgsql/14/data/postgresql.conf <<“EOF”
listen_addresses = ‘*’ #监听启动在本机的所有IP地址上,也可以指定某个特定的IP地址
port=5432 #监听的服务端口
unix_socket_directories=’/var/lib/pgsql/14/data’
logging_collector = on #后面几个参数都是监听的日志情况
log_directory = ‘pg_log’
log_filename = ‘postgresql-%a.log’
log_truncate_on_rotation = on
EOF
pg_hba.conf 访问策略的设置如下:—————————————————————————–
cat << EOF > /var/lib/pgsql/14/data/pg_hba.conf
local all all trust
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 md5 #有时需要把md更换为password,并重启数据库才可以远程通过navicat连接成,
EOF
pg远程连接设置如下:——————————————————————————————-
psql -U postgres -h192.168.101.89 -p5432 -d postgres
-U:用来设置连接pg的用户名
-h:用来设置PG数据库服务器监听的IP地址
-p:用来设置监听端口信息
-d:用来设置psql远程连接的database
db_url postgresql://$username:$password@$hostip:$port/$dbname
——————————————————————————————————————–
UFW防火墙
ufw version #查看版本信息
ufw enable #启用防火墙
ufw disable #禁用防火墙
ufw reload #重载防火墙
ufw reset #重新设置防火墙 (注意:这将禁用UFW并删除之前定义的任何规则)
ufw verbose #查看防火墙策略
默认情况下,UFW默认策略设置为阻止所有传入流量并允许所有传出流量,你可以使用以下命令来设置自己的默认策略:
# ufw default allow outgoing
# ufw default deny incoming可以使用以下命令随时拒绝指定端口任何传入和传出的流量:
ufw deny 80
ufw deny 21<br>如果要删除HTTP允许的规则,只需在原始规则前加上delete即可,如下所示:
ufw delete allow http
ufw delete deny 21
ufw allow from 192.168.29.36
ufw deny from 192.168.29.36
ufw deny from 192.168.0.4 to any port 22
ufw deny from 192.168.0.10 to any port 22
ufw allow from 192.168.0.0/24 to any port 22——————————————————————————————————————-
定时任务
yum install crontabs
systemctl enable crond &&systemctl start crond
(设为开机启动)
systemctl start crond(启动crond服务)
systemctl status crond (查看状态)
vi /etc/crontab
即:
分钟(0-59) 小时(0-23) 日(1-31) 月(11-12) 星期(0-6,0表示周日) 用户名 要执行的命令
*/30 * * * root /usr/local/mycommand.sh (每天,每30分钟执行一次 mycommand命令)3 * * * root /usr/local/mycommand.sh (每天凌晨三点,执行命令脚本,PS:这里由于第一个的分钟没有设置,那么就会每天凌晨3点的每分钟都执行一次命令)
0 3 * * * root /var/log/clean.sh (这样就是每天凌晨三点整执行一次命令脚本)
*/10 11-13 * * * root /usr/local/mycommand.sh (每天11点到13点之间,每10分钟执行一次命令脚本,这一种用法也很常用)
10-30 * * * * root /usr/local/mycommand.sh (每小时的10-30分钟,每分钟执行一次命令脚本,共执行20次)
10,30 * * * * * root /usr/local/mycommand.sh (每小时的10,30分钟,分别执行一次命令脚本,共执行2次)
加载任务,使之生效:crontab /etc/crontab
——————————————————————————————————————–
自动化脚本
#!/bin/bash
# 这里可替换为jar包名字
APP_NAME=portalcenter-1.5.0-SNAPSHOT.jar
# 使用说明,用来提示输入参数
usage() {
# echo "Usage: sh 执行脚本.sh [start|stop|restart|status|log|backup]"
echo "===============面板命令行=================="
echo "(start) 启动服务 (restart) 重启服务"
echo "(stop) 停止服务 (status) 服务状态"
echo "(0) 取消"
echo "================================================="
exit 1
}
# 检查程序是否在运行
is_exist() {
pid=`ps -ef|grep $APP_NAME|grep -v grep|awk '{print $2}' `
#pid=`netstat -tunlp | grep 8111|grep -v grep|awk '{print $7}' |sed -e "s/\/java//g"`
# 如果不存在返回1,存在返回0
if [ -z "${pid}" ]; then
return 1
else
return 0
fi
}
#启动方法
start() {
is_exist
if [ $? -eq "0" ]; then
echo "${APP_NAME} is already running. pid=${pid} ."
else
# 后台启动jar包,且控制环境变量,根据实际情况修改吧。
# nohup java -Dspring.profiles.active=prod -jar $APPFILE_PATH $APP_NAME >/dev/null 2>error.log &
# 如果错误信息也不想要的话
nohup java -jar -Dloader.path=./lib $APPFILE_PATH $APP_NAME --spring.config.location:application.yml >nohup.out 2>&1 &
# nohup java -Dspring.profiles.active=prod -jar $APP_NAME > $APP_NAME.log 2>&1 &
fi
}
# 停止方法
stop() {
is_exist
if [ $? -eq "0" ]; then
kill -9 $pid
else
echo "${APP_NAME} is not running"
fi
}
# 输出运行状态
status() {
is_exist
if [ $? -eq "0" ]; then
echo "${APP_NAME} is running. Pid is ${pid}"
else
echo "${APP_NAME} is NOT running."
fi
}
# 重启
restart() {
stop
start
}
# 日志
log() {
# 输出实时日志
tail -n 100 -f /srv/geodmss/loadBalance/server8112/nohup.out
}
# 根据输入参数,选择执行对应方法,不输入则执行使用说明
case "$1" in
"start")
start
;;
"stop")
stop
;;
"status")
status
;;
"restart")
restart
;;
"log")
log
;;
*)
usage
;;
esac
# nohup ./program >/dev/null 2>log &
# 如果错误信息也不想要的话:
# nohup ./program >/dev/null 2>&1 &
MYSQL
Linux下MySQL免安装版的安装、配置及开机启动
由于CentOS7默认预装MariaDB,分别执行如下命令,将其卸载
#查看系统自带的mariadb
rpm -qa|grep mariadb
#卸载自带的mariadb
rpm -e --nodeps mariadb-libs-5.5.44-2.el7.centos.x86_64
#删除etc目录下的my.cnf
rm /etc/my.cnf查看和创建mysql用户和组
# 检查mysql组和用户是否存在,如无则创建
cat /etc/group | grep mysql
cat /etc/passwd | grep mysql
#创建mysql用户组
# 创建mysql用户组
groupadd mysql
# 创建一个用户名为mysql的用户,并加入mysql用户组
useradd -g mysql mysql
# 可修改密码
passwd mysql安装包并解压
cd /usr/local
# 解压缩
tar -zxvf /home/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
# 文件夹重命名
mv mysql-5.7.31-linux-glibc2.12-x86_64 mysql更改所属的组和用户
chown -R mysql mysql/
chgrp -R mysql mysql/
cd mysql/
mkdir data
chown -R mysql:mysql data在/etc创建my.cnf文件
# 进入/etc文件夹下
cd /etc
# 创建my.cnf文件
touch my.cnf
# 编辑my.cnf
vim my.cnf 在my.cnf添加如下内容
[mysqld]
#
# # Remove leading # and set to the amount of RAM for the most important data
# # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# # innodb_buffer_pool_size = 128M
#
# # Remove leading # to turn on a very important data integrity option: logging
# # changes to the binary log between backups.
# # log_bin
#
# # These are commonly set, remove the # and set as required.
# # basedir = .....
# # datadir = .....
# # port = .....
# # server_id = .....
# # socket = .....
lower_case_table_names=1
# # Remove leading # to set options mainly useful for reporting servers.
# # The server defaults are faster for transactions and fast SELECTs.
# # Adjust sizes as needed, experiment to find the optimal values.
# # join_buffer_size = 128M
# # sort_buffer_size = 2M
# # read_rnd_buffer_size = 2M
# #设置服务端使用的字符集为utf-8
character-set-server=utf8
# # 绑定IPv4地址
bind-address = 0.0.0.0
# # 设置mysql的端口号
port = 3306
max_allowed_packet=1024M
#host_cache_size=0
#可以允许多少个错误连接
max_connect_errors = 10
#使用–skip-external-locking MySQL选项以避免外部锁定。该选项默认开启
#–skip-external-locking
#external-locking = FALSE
# # 允许最大连接数
max_connections=2000
# # 创建新表时将使用的默认存储引擎
default-storage-engine=INNODB
# # 设置mysql以及数据库的默认编码
sql-mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
# # 设置时区为东八区(必须放到mysqld 下,放入其它位置无效)
default-time-zone = '+8:00'
[mysql]
default-character-set=utf8
[mysql.server]
default-character-set=utf8
# # 设置客户端默认字符集
执行安装
# 进入mysql
cd /usr/local/mysql/
# 安装mysql
bin/mysql_install_db --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/如果出现如下提示:
error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory
解决办法:执行如下命令安装对应软件包即可
yum install -y libaio //安装后在初始化就OK了
如果出现如下提示:
error while loading shared libncurses.so.5
yum install libncurses* //安装后在初始化就OK了
安装mysql出现了3个warning信息。修改系统的max_open_files限制即可
解决办法:编辑/etc/security/limits.conf ,最后面增加两行
* hard nofile 65535
* soft nofile 65535编写启动脚本
cp ./support-files/mysql.server /etc/init.d/mysqld
chown 777 /etc/my.cnf
chmod +x /etc/init.d/mysqld启动mysql
/etc/init.d/mysqld restart
如果出现错误提示:MySQL manager or server PID file could not be found! [FAILED]
解决办法:杀死相关进程,重启mysql
# 1、查看进程
ps aux|grep mysql
# 2、杀死进程(以实际查询出来的进程号为准)
kill -9 10031
kill -9 10220
# 3、重启mysql
/etc/init.d/mysqld restart获取mysql初始密码
cat /root/.mysql_secret修改密码
mysql -uroot -p
set PASSWORD = PASSWORD('root');
flush privileges;添加远程访问权限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
FLUSH PRIVILEGES;ES 7设置密码
①在es安装目录config文件夹下找到elasticsearch.yml,在尾部添加下面代码 保存:
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
到ES的bin目录运行.\elasticsearch-setup-passwords interactive
然后手动设置密码多个用户的密码,设置完回车NGINX编译
yum install git gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl-devel wget vim curl unzip hg libxml2-devel libxslt-devel glib2-devel libicu-devel libpng-devel gd-devel -y
./auto/configure –prefix=/usr/local/nginx –sbin-path=/usr/local/nginx/sbin/nginx –conf-path=/usr/local/nginx/conf/nginx.conf –pid-path=/usr/local/nginx/logs/nginx.pid –user=nobody –with-http_gzip_static_module –with-http_stub_status_module –with-file-aio –with-select_module –with-http_auth_request_module –with-http_random_index_module –with-http_secure_link_module –with-http_realip_module –with-http_gunzip_module –with-http_v2_module –with-http_ssl_module –with-http_flv_module –with-http_mp4_module –with-http_dav_module –with-http_ssl_module –with-http_stub_status_module –with-http_auth_request_module –with-http_dav_module –with-http_slice_module –with-threads –with-http_addition_module –with-http_image_filter_module –with-http_sub_module –with-http_xslt_module –with-stream –with-stream_ssl_module –with-stream_realip_module –with-mail –with-mail_ssl_module –with-pcre=../pcre2-10.40 –with-zlib=../zlib-1.2.12 –with-openssl=../openssl-OpenSSL_1_1_1q –add-module=../nginx-module-vts-0.1.18/ –add-module=../ngx_brotli/ –add-module=../nginx-rtmp-module-1.2.2
下载nginx源码、下载nginx-module-vts-0.1.18、nginx-rtmp-module-1.2.2、openssl-OpenSSL_1_1_1q 、zlib-1.2.12、/pcre2-10.40
配置如下
user www;
worker_processes 1;
#error_log /dev/null;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 256;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+ass text/javascript application/javascript;
gzip_vary on;
gzip_proxied any ;
gzip_disable "MSIE[1-6]1.";
brotli on;
brotli_comp_level 6;
brotli_buffers 16 8k;
brotli_min_length 20;
brotli_types text/plain text/css application)json application/x-javascript text/xml application/xml application/xmI+rss text/javascript application/javascript image/svg+xml;
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_host on;
server {
listen 80;
server_name localhost;
#
location /status {
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
}
vhost_traffic_status off;
#charset koi8-r;
if ($time_iso8601 ~ "(\d{4})-(\d{2})-(\d{2})") {
set $time $1$2$3;
}
access_log /var/myweb/logs/access_${time}.log;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# }
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name demo.com;
ssl_certificate /root/.ssh/cert.pem;
ssl_certificate_key /root/.ssh/cert.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
access_log /dev/null;
location / {
root html;
index index.html index.htm;
}
}
}
nginx服务 cat /etc/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true
[Install]
WantedBy=multi-user.target
CentOS8设置阿里云镜像
mkdir /etc/yum.repos.d.bak
mv /etc/yum.repos.d/* /etc/yum.repos.d.bak/
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's/releasever\//releasever-stream\//g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecacheelasticsearch 安装
首先在/etc/yum.repos.d/ 目录下创建一个名为elasticsearch.repo的文件
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md然后执行 sudo yum install –enablerepo=elasticsearch elasticsearch 命令。等待安装完成。yum安装的elasticsearch,在 /etc/elasticsearch 包含一个默认的运行时设置。
集群配置参照以下配置
cluster.name: es-cluster
#集群名称同集群需一致
node.name: node_101_101
network.host: 192.168.101.101
network.publish_host: 192.168.101.101
#节点名称及IP host可为0.0.0.0
#xpack.security.transport.ssl.enabled: true
http.port: 9500
transport.tcp.port: 9501
node.master: true
node.data: true
path.data: /usr/local/src/esSrc/elasticsearch-7.10.2/data
path.logs: /usr/local/src/esSrc/elasticsearch-7.10.2/logs
#存储地址及日志地址
path.repo: ["/usr/local/src/esSrc/elasticsearch-7.10.2/reposity"]
# 使用 head 插件需要这打开这两个配置
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"
http.max_content_length: 200mb
# # 可以选举的主节点 以下IP为集群服务器IP
cluster.initial_master_nodes: ["192.168.101.89","192.168.101.101","192.168.240.177","192.168.37.25"]
discovery.seed_hosts: ["192.168.101.89","192.168.101.101","192.168.240.177","192.168.37.25"]
gateway.recover_after_nodes: 2
network.tcp.keep_alive: true
network.tcp.no_delay: true
transport.tcp.compress: true
# #集群内同时启动的数据任务个数,默认是2个
cluster.routing.allocation.cluster_concurrent_rebalance: 16
# #添加或删除节点及负载均衡时并发恢复的线程个数,默认4个
cluster.routing.allocation.node_concurrent_recoveries: 16
# #初始化数据恢复时,并发恢复线程的个数,默认4个
cluster.routing.allocation.node_initial_primaries_recoveries: 16
bootstrap.system_call_filter: falseelasticsearch-head安装配置
运行elasticsearch-head是一款开源软件,被托管在github上面,需要通过git获取。使用elasticsearch-head会用到grunt,而grunt需要npm包管理器,所以nodejs是必须要安装的。
[root@psql_master ~]# yum install npm git
elasticsearch5.0之后,elasticsearch-head不做为插件放在其plugins目录下了。安装elasticsearch-head依赖包。使用git拷贝elasticsearch-head到本地。
[root@psql_master ~]# cd /usr/local/
[root@psql_master ~]# npm install -g grunt-cli
[root@psql_master ~]# git clone git://github.com/mobz/elasticsearch-head.git
[root@psql_master ~]# cd elasticsearch-head/
修改elasticsearch-head配置,修改Gruntfile.js。
[root@psql_master ~]# cd /usr/local/elasticsearch-head/
[root@psql_master ~]# vim Gruntfile.js
在connect–>server–> options下面添加: hostname:’ *’,允许所有IP可以访问。
修改elasticsearch-head默认连接地址。
[root@psql_master ~]# cd /usr/local/elasticsearch-head/_site/
[root@psql_master ~]# vim app.js
将this.base_uri = this.config.base_uri II this.prefs.get(“app-base_uri”) II “http://localhost:9200”;中的localhost修改成es服务器ip。
配置elasticsearch允许跨域访问,在elasticsearch配置文件末尾添加如下内容,重新启动elasticsearch服务。由于之前在集群配置中已经加入了配置,因此可忽略。
[root@psql_master ~]# vim /etc/elasticsearch/elasticsearch.yml 启动elasticsearch服务及elasticsearch-head。 [root@psql_master ~]# systemctl restart elasticsearch [root@psql_master ~]# cd /usr/local/elasticsearch-head/node_modules/grunt/bin/ [root@psql_master ~]# ./grunt server 可以看到head插件默认占用9100端口,浏览器输入:http://127.0.0.1:9100/即可显示head插件界面。
postgresql yum
yum -y install epel-release
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
/usr/pgsql-12/bin/postgresql-12-setup initdb
sudo systemctl enable postgresql-12
sudo systemctl start postgresql-12centos8 gdal 安装错误
错误:
问题: conflicting requests
- nothing provides libdap.so.25()(64bit) needed by gdal-3.0.4-10.el8.x86_64
- nothing provides libdapclient.so.6()(64bit) needed by gdal-3.0.4-10.el8.x86_64
- nothing provides libdapserver.so.7()(64bit) needed by gdal-3.0.4-10.el8.x86_64
(尝试添加 '--skip-broken' 来跳过无法安装的软件包 或 '--nobest' 来不只使用软件包的最佳候选)
解决方式:
sudo yum install dnf-plugins-core
dnf -y config-manager --set-enabled PowerTools
sudo yum config-manager --set-enabled powertools
yum --enablerepo=mysql57-community install mysql-community-server -y
yum install gdal-devel geos-devel openssl-devel libpqxx-devel proj-devel gtk3-devel wxGTK3-devel libcanberra-gtk3docker-ce安装
[root@localhost ~]# getenforce #关闭selinux
Disabled
[root@localhost ~]# iptables -F #清空规则
[root@localhost ~]# systemctl stop firewalld #关闭防火墙
[root@localhost ~]# cat <<EOF > /etc/sysctl.d/docker.conf #开启流量转发
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
EOF
[root@localhost ~]# modprobe br_netfilter #加载参数,配置文件
[root@localhost ~]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
[root@localhost ~]# curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum list docker-ce --showduplicates | sort -r
[root@localhost ~]# yum -y install docker-ce
添加阿里的源
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repoyum install docker-ce
docker 加速器地址
https://7lnprq8s.mirror.aliyuncs.com
https://p0pgcdb3.mirror.aliyuncs.com
Windows
1. 安装/升级Docker客户端
推荐安装1.10.0以上版本的Docker客户端,参考文档docker-ce
2. 配置镜像加速器
针对Docker客户端版本大于 1.10.0 的用户
您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://7lnprq8s.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart dockerMInio安装
通过docker拉取minio镜像
[root@localhost ~]# docker pull minio/minio
创建minio目录用于外部挂载的配置文件和存储文件,根据实际情况填写路径。
[root@localhost ~]# mkdir -p /home/minio/config
[root@localhost ~]# mkdir -p /home/minio/data
创建Minio容器并运行。
[root@localhost ~]# docker run -p 9000:9000 -p 9090:9090 --name minio -d --restart=always -e "MINIO_ACCESS_KEY=admin" -e "MINIO_SECRET_KEY=admin123" -v /home/minio/data:/data -v /home/minio/config:/root/.minio minio/minio server /data --console-address ":9090" -address ":9000"
9090端口指的是minio的客户端端口
MINIO_ACCESS_KEY :账号(账号长度必须大于等于5)
MINIO_SECRET_KEY :密码(密码长度必须大于等于8位)
访问IP地址及端口,输入设置的用户名额密码后即可进入minio。
问题一
刚开始我遇到一个这个问题,应该是说设置的账号密码长度有问题,正常账号应该不低于3位,密码不低于8位,不然容器会启动不成功。
问题二
假如不设置客户端端口,就会有以下警告。
问题三
一切都正常了,而且客户端也能打开,但是通过程序连接minio上传的时候报错了,错误信息: ……..time is too
系统时区与硬件时区不一致导致的
timedatectl // 查看时区配置
安装ntpdate工具
yum -y install ntp ntpdate
设置系统时间与网络时间同步
ntpdate cn.pool.ntp.org
将系统时间写入硬件时间
hwclock --systohcnginx输出时间
添加配置
location = /time {
add_header Content-Type 'text/html; charset=utf-8';
default_type application/json;
add_header 'Access-Control-Allow-Origin' '*';
autoindex_localtime on;
add_header 'Access-Control-Allow-Credentials' 'true';
return 200 '{"currentTime":$time_iso8601, "timestamp":$msec}';
}
访问127.0.0.1/time 即可:
{"currentTime":2022-08-11T11:34:55+08:00, "timestamp":1660188895.709}
python 访问:
>>> from urllib.request import urlopen
>>> print(urlopen("http://lxuxl.com/time").read())
b'{"currentTime":2022-08-11T11:45:48+08:00, "timestamp":1660189548.304}'FFmpeg 安装
apt install libx265-dev libx264-dev pkg-config libsdl2-dev clang libfdk_aac2 libspeex-dev make
git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg
./configure --prefix=/usr/local/ffmpeg --enable-gpl --enable-nonfree --enable-libfdk-aac --enable-libx264 --enable-libx265 --disable-optimizations --enable-libspeex --enable-shared --enable-pthreads --enable-version3 --enable-hardcoded-tables --cc=clang --enable-openssl --disable-x86asm
make&&make install
vi /etc/profile
添加
export PATH=$PATH:/usr/local/ffmpeg/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ffmpeg/lib
source /etc/profileCentos6安装docker
首先升级glibc
yum install glibc-2.14.1-6.x86_64.rpm glibc-common-2.14.1-6.x86_64.rpm glibc-headers-2.14.1-6.x86_64.rpm glibc-devel-2.14.1-6.x86_64.rpm nscd-2.14.1-6.x86_64.rpm glibc-static-2.14.1-6.x86_64.rpm glibc-utils-2.14.1-6.x86_64.rpm
然后安装docker
rpm -ivh ./docker-engine-1.7.0-1.el6.x86_64.rpm –force –nodeps