軟體選擇 選最小型安裝 關閉新式防火牆 systemctl stop firewalld.service systemctl disable firewalld.service 設定 selinux vi /etc/sysconfig/selinux 關閉 selinux SELINUX=disabled 設定防火牆 vi firewall.sh 變更權限 chmod +x firewall.sh 啟動防火牆 ./firewall.sh start 確認規則 iptables -L 新增使用者 useradd 新使用者 passwd 新使用者 在線初始安裝 yum -y install bind bind-chroot bind-utils yum -y install postfix cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-ntlm cyrus-sasl-md5 cyrus-sasl-plain dovecot yum -y install mariadb mariadb-server mariadb-devel yum -y install samba samba-client samba-common samba-common-libs samba-common-tools yum -y install wget nmap telnet traceroute crontabs mlocate logwatch ftp vsftpd bzip2-* git openssl-* boost-* 設定系統環境變數 vi /etc/profile export LD_LIBRARY_PATH=/usr/local/lib export LD_RUN_PATH=/usr/local/lib 安裝編譯所需要的函式庫 yum -y groupinstall "Development Tools" yum -y install gcc gcc-c++ make automake autoconf kernel-devel ncurses-devel curl gd file patch mlocate diffutils libzip tcl tcl-devel curl-devel gd-devel gettext-devel glibc-devel glib2-devel libstdc++-devel libjpeg-devel libpng-devel libxslt-devel libxml2-devel pcre-devel zlib-devel bison pam-devel 重新開機 reboot 安裝 Make https://www.gnu.org/software/make/ lynx https://ftp.gnu.org/gnu/make/make-4.4.1.tar.gz tar zxf make-4.4.1.tar.gz cd make-4.4.1 ./configure && make && make install && make clean 安裝 M4 https://www.gnu.org/software/m4/m4.html lynx https://ftp.gnu.org/gnu/m4/m4-1.4.19.tar.gz tar zxf m4-1.4.19.tar.gz cd m4-1.4.19 ./configure && make && make install && make clean 安裝 Autoconf https://www.gnu.org/software/autoconf/autoconf.html lynx https://ftp.gnu.org/gnu/autoconf/autoconf-2.71.tar.gz tar zxf autoconf-2.71.tar.gz cd autoconf-2.71 ./configure && make && make install && make clean 安裝 Automake https://www.gnu.org/software/automake/ lynx https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz tar zxf automake-1.16.5.tar.gz cd automake-1.16.5 ./configure && make && make install && make clean 安裝 Libtool https://www.gnu.org/software/libtool/ lynx https://ftpmirror.gnu.org/libtool/libtool-2.4.6.tar.gz tar zxf libtool-2.4.6.tar.gz cd libtool-2.4.6 ./configure && make && make install && make clean 安裝 Bison https://www.gnu.org/software/bison/ lynx https://ftp.gnu.org/gnu/bison/bison-3.8.2.tar.gz tar zxf bison-3.8.2.tar.gz cd bison-3.8.2 ./configure && make && make install && make clean 登出再登入 下載 screen https://www.gnu.org/software/screen/ lynx https://ftp.gnu.org/gnu/screen/screen-4.8.0.tar.gz 安裝 screen tar zxf screen-4.8.0.tar.gz cd screen-4.8.0 ./configure && make && make install && make clean 執行位置 /usr/bin/screen 創建會話 /usr/bin/screen -S lnmp 恢復會話 /usr/bin/screen -r lnmp 安裝 BIND* https://www.isc.org/downloads/ lynx https://downloads.isc.org/isc/bind9/9.16.40/BIND9.16.40.x64.zip tar zxf bind-9.11.18.tar.gz cd bind-9.11.18 ./configure --without-python make depend make make install make clean 設定 bind /usr/sbin/rndc-confgen -a -c /etc/rndc.key /usr/sbin/rndc-confgen > /etc/rndc.conf vi /etc/rndc.key vi /etc/rndc.conf vi /etc/named.conf 將 127.0.0.1 改為 any listen-on port 53 { any; }; 將 localhost 改為 any allow-query { any; }; 註解掉 ipv6 #listen-on-v6 port 53 { ::1; }; 設定域名 vi /etc/named.rfc1912.zones 最下面加入 zone "網域名稱" IN { type master; file "網域名稱設定檔"; allow-update { none; }; }; 多數網域設定檔快速方法 先把檔案傳到 /var/named/chroot/var/named 再做權限變更 chown root.named named.* chmod 640 named.* 然後移動檔案至 /var/named mv named.* /var/named 啟動 named systemctl start named 開機啟動 systemctl enable named 編輯 dovecot 設定檔 vi /etc/dovecot/dovecot.conf protocols = imap pop3 啟動 pop3 systemctl start dovecot 開機啟動 systemctl enable dovecot 啟動 saslauthd systemctl start saslauthd 開機啟動 systemctl enable saslauthd 編輯 postfix 設定檔 vi /etc/postfix/main.cf 郵件主機名稱 myhostname = 主機名稱 郵件主機網域名稱 mydomain = 網域名稱 郵件主機發信來源 myorigin = $myhostname 要監聽的網路介面 inet_interfaces = all 要收信的網域名稱 mydestination = /etc/postfix/local-host-names 帳號對照表 virtual_alias_maps = hash:/etc/postfix/virtual 設定信任網域 mynetworks_style = host 規定信任的用戶端 mynetworks = 127.0.0.0/8, 192.168.0.0/24, hash:/etc/postfix/access 規範可以幫忙 relay 的下一部 MTA 主機位址 relay_domains = $mydestination 啟動 SMTP 認證 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_client_restrictions = permit_sasl_authenticated smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated vi /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = no auth_mechanisms = plain login vi /etc/dovecot/conf.d/10-mail.conf mail_location = mbox:~/mail:INBOX=/var/mail/%u vi /etc/dovecot/conf.d/10-master.conf service auth 區塊 #unix_listener auth-userdb unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postdrop } 設定接收的網域 vi /etc/postfix/local-host-names 設定郵件帳號對應 vi /etc/postfix/virtual 轉換對照表 postmap /etc/postfix/virtual postmap /etc/postfix/access 啟動服務 systemctl start postfix 開機啟動 systemctl enable postfix 重新開機 reboot 下載 jemalloc https://github.com/jemalloc/jemalloc/releases lynx https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 安裝 jemalloc tar jxf jemalloc-5.3.0.tar.bz2 cd jemalloc-5.3.0 ./configure --prefix=/usr/local/jemalloc && make && make install && make clean 下載 rar https://www.rarlab.com/download.htm lynx https://www.rarlab.com/rar/rarlinux-x64-6.0.0.tar.gz 安裝 rar tar zxf rarlinux-x64-6.0.0.tar.gz cd rar make 執行位置 /usr/local/bin/rar /usr/local/bin/unrar 下載 7-zip https://sourceforge.net/projects/p7zip/ 安裝 7-zip tar jxf p7zip_16.02_src_all.tar.bz2 cd p7zip_16.02 cp makefile.linux_amd64 makefile.machine make all make test make install make clean 執行位置 /usr/local/bin/7za 下載 libevent https://github.com/libevent/libevent/releases lynx https://github.com/libevent/libevent/releases/download/release-2.1.12-stable/libevent-2.1.12-stable.tar.gz 安裝 libevent tar zxf libevent-2.1.12-stable.tar.gz cd libevent-2.1.12-stable ./configure --prefix=/usr/local/libevent && make && make install && make clean 下載 memcached https://memcached.org/ lynx https://www.memcached.org/files/memcached-1.6.20.tar.gz 安裝 memcached tar zxf memcached-1.6.20.tar.gz cd memcached-1.6.20 ./configure --prefix=/usr/local/memcached --with-libevent=/usr/local/libevent && make && make install && make clean 啟動 memcached /usr/local/memcached/bin/memcached -u daemon -d -l 127.0.0.1 -p 11211 -m 256 -t 4 下載 redis https://redis.io/download 安裝 redis tar zxf redis-5.0.14.tar.gz cd redis-5.0.14 make make test make install cd utils ./install_server.sh 啟動 redis /usr/local/bin/redis-server /etc/redis/6379.conf 命令列 /usr/local/bin/redis-cli 性能測試 /usr/local/bin/redis-benchmark -n 10000 下載 curl https://curl.haxx.se/download.html lynx https://curl.se/download/curl-8.0.1.tar.gz 安裝 curl tar zxf curl-8.0.1.tar.gz cd curl-8.0.1 ./configure --prefix=/usr/local/curl --with-openssl && make && make install && make clean 執行位置 /usr/local/curl/bin/curl 下載 rsync https://github.com/WayneD/rsync/tags https://github.com/WayneD/rsync/archive/refs/tags/v3.1.3.tar.gz 安裝 rsync tar zxf rsync-3.1.3.tar.gz cd rsync-3.1.3 ./configure --prefix=/usr/local/rsync && make && make install && make clean 執行位置 /usr/local/rsync/bin/rsync 下載 GMP https://gmplib.org/ lynx https://gmplib.org/download/gmp/gmp-6.1.2.tar.bz2 安裝 GMP tar jxf gmp-6.1.2.tar.bz2 cd gmp-6.1.2 ./configure --prefix=/usr/local/gmp && make && make install && make clean 下載 apr http://apr.apache.org/download.cgi lynx https://dlcdn.apache.org//apr/apr-1.7.4.tar.gz 安裝 apr tar zxf apr-1.7.4.tar.gz cd apr-1.7.4 ./configure --prefix=/usr/local/apr && make && make install && make clean 下載 apr-util http://apr.apache.org/download.cgi lynx https://dlcdn.apache.org//apr/apr-util-1.6.3.tar.gz 安裝 apr-util tar zxf apr-util-1.6.3.tar.gz cd apr-util-1.6.3 ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/bin/apr-1-config && make && make install && make clean 下載 sqlite https://www.sqlite.org/download.html lynx https://www.sqlite.org/2024/sqlite-autoconf-3460000.tar.gz 安裝 sqlite tar zxf sqlite-autoconf-3460000.tar.gz cd sqlite-autoconf-3460000 ./configure --prefix=/usr/local/sqlite3 && make && make install && make clean 執行位置 /usr/local/sqlite3/bin/sqlite3 下載 subversion https://subversion.apache.org/download.cgi lynx https://dlcdn.apache.org/subversion/subversion-1.14.2.tar.gz 安裝 subversion tar jxf subversion-1.9.12.tar.bz2 cd subversion-1.9.12 ./configure --prefix=/usr/local/subversion --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-sqlite=/usr/local/sqlite3 && make && make install && make clean 下載 ImageMagick https://github.com/ImageMagick/ImageMagick/releases lynx https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.1-8.tar.gz 安裝 ImageMagick tar zxf ImageMagick-7.1.1-8.tar.gz cd ImageMagick-7.1.1-8 ./configure --prefix=/usr/local/ImageMagick && make && make install && make clean 執行位置 /usr/local/ImageMagick/bin/magick 下載 cmake https://github.com/Kitware/CMake/releases lynx https://github.com/Kitware/CMake/releases/download/v3.19.8/cmake-3.19.8.tar.gz 安裝 cmake tar zxf cmake-3.19.8.tar.gz cd cmake-3.19.8 ./configure && make && make install && make clean 下載 MariaDB https://github.com/MariaDB/server/releases lynx https://github.com/MariaDB/server/archive/refs/tags/mariadb-10.1.48.tar.gz 安裝 MariaDB tar zxf server-mariadb-10.1.48.tar.gz cd server-mariadb-10.1.48 /usr/local/bin/cmake . -LH /usr/local/bin/cmake . -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci && make && make install && make clean 切換到目的目錄 cd /usr/local/mysql 新增 mysql 使用者和群組並禁止登入 useradd -r -s /sbin/nologin mysql 變更擁有者 chown -R mysql . 變更群組 chgrp -R mysql . 安裝預設資料 scripts/mysql_install_db --user=mysql 執行測試 cd mysql-test perl mysql-test-run.pl 變更程式擁有者為 root chown -R root . 變更資料擁有者為 mysql chown -R mysql data 複製設定檔 cp support-files/my-huge.cnf /etc/my.cnf 複製啟動檔 cp support-files/mysqld_multi.server /etc/init.d/mysql.server cp support-files/mysql.service /usr/lib/systemd/system/mysql.service 編輯設定檔 vi /etc/my.cnf character-set-server = utf8 collation-server = utf8_general_ci default_storage_engine = MyISAM #default_storage_engine = InnoDB 啟動 MariaDB /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data & 當啟動失敗後,直接刪除 /usr/local/mysql ,然後重新流程,再啟動 啟用 MariaDB 服務 systemctl start mysql.service systemctl enable mysql.service 設定 root 帳號密碼 /usr/local/mysql/bin/mysqladmin -u root password '新密碼' /usr/local/mysql/bin/mysql_secure_installation 登入 MariaDB /usr/local/mysql/bin/mysql -u root -p use mysql; delete from user where Host <> 'localhost' or User <> 'root'; exit; 下載 postgresql https://www.postgresql.org/ftp/source/ lynx https://ftp.postgresql.org/pub/source/v15.3/postgresql-15.3.tar.gz 安裝 PostgreSQL tar zxf postgresql-15.3.tar.gz cd postgresql-15.3 ./configure --prefix=/usr/local/pgsql --without-readline && make world && make install-world && make clean 新增使用者 postgres useradd postgres 建立資料目錄 mkdir /usr/local/pgsql/data 變更資料擁有者 chown postgres /usr/local/pgsql/data 切換使用者 su - postgres 初始化資料 /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data 編輯設定檔 vi /usr/local/pgsql/data/postgresql.conf vi /usr/local/pgsql/data/pg_ident.conf vi /usr/local/pgsql/data/pg_hba.conf 啟動 pgsql (須用 postgres 使用者啟動) /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start 指令說明 /usr/local/pgsql/bin/pg_ctl --help 停止 pgsql (須用 postgres 使用者啟動) /usr/local/pgsql/bin/pg_ctl stop -D /usr/local/pgsql/data 重啟 pgsql (須用 postgres 使用者啟動) /usr/local/pgsql/bin/pg_ctl restart -D /usr/local/pgsql/data 登入 PostgreSQL /usr/local/pgsql/bin/psql 設定 postgres 密碼 alter role postgres with password '新密碼'; 登出 PostgreSQL \q 登出 postgres 使用者 exit 重新開機 reboot 下載 oniguruma https://github.com/kkos/oniguruma lynx https://github.com/kkos/oniguruma/releases/download/v6.9.8/onig-6.9.8.tar.gz 安裝 oniguruma tar zxf onig-6.9.8.tar.gz cd onig-6.9.8 ./configure --prefix=/usr/local/oniguruma && make && make install && make clean 下載 nghttp2 https://github.com/nghttp2/nghttp2/releases lynx https://github.com/nghttp2/nghttp2/releases/download/v1.53.0/nghttp2-1.53.0.tar.gz 安裝 nghttp2 tar zxf nghttp2-1.53.0.tar.gz cd nghttp2-1.53.0 ./configure --prefix=/usr/local/nghttp2 --with-boost && make && make install && make clean 下載 httpd https://httpd.apache.org/download.cgi lynx https://dlcdn.apache.org/httpd/httpd-2.4.59.tar.gz 安裝 httpd tar zxf httpd-2.4.59.tar.gz cd httpd-2.4.59 ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre --enable-mods-shared=all --enable-mpms-shared=all --enable-static-support --enable-http2 --with-nghttp2=/usr/local/nghttp2 && make && make install && make clean 下載 nginx http://nginx.org/ lynx http://nginx.org/download/nginx-1.24.0.tar.gz 安裝 nginx tar zxf nginx-1.24.0.tar.gz cd nginx-1.24.0 ./configure --prefix=/usr/local/nginx --with-threads --with-pcre --with-http_ssl_module --with-http_v2_module && make && make install && make clean 設定 nginx vi /usr/local/nginx/conf/nginx.conf vi /usr/local/nginx/conf/fastcgi.conf vi /usr/local/nginx/conf/fastcgi_params vi /usr/local/nginx/conf/uwsgi_params 測試 nginx /usr/local/nginx/sbin/nginx -t 啟動 nginx /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf 停止 nginx /usr/local/nginx/sbin/nginx -s stop /usr/local/nginx/sbin/nginx -s quit 重啟 nginx /usr/local/nginx/sbin/nginx -s reload 預設目錄 /usr/local/nginx/html 下載 php https://www.php.net/downloads.php lynx https://www.php.net/distributions/php-8.2.20.tar.gz 安裝 php tar zxf php-8.2.20.tar.gz cd php-8.2.20 # 自訂版(請自行依當時情況更動) ./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-zts --enable-bcmath --without-bz2 --enable-calendar --enable-cgi --enable-cli --enable-ctype --with-curl=/usr/local/curl --enable-dom --without-enchant --enable-exif --enable-fileinfo --enable-filter --enable-ftp --enable-fpm --with-fpm-user=nobody --with-fpm-group=nobody --with-gettext --with-gmp=/usr/local/gmp --with-iconv --without-imap --disable-intl --enable-mbstring --disable-mbregex --with-mhash --enable-mysqlnd --with-mysqli=mysqlnd --with-mysql-sock --disable-opcache --with-openssl --enable-pcntl --without-pear --with-pdo-mysql=mysqlnd --with-pdo-pgsql --with-pgsql=/usr/local/pgsql --without-sqlite3 --without-pdo-sqlite --enable-phar --enable-posix --enable-session --enable-shmop --enable-simplexml --enable-soap --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-tokenizer --enable-xml --enable-xmlreader --with-xsl --with-zlib make make test make install make clean 複製 PHP 設定檔 cp php.ini-production /usr/local/php8/etc/php.ini 複製 php-fpm 設定檔 cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf 編輯設定檔 vi /usr/local/php8/etc/php.ini vi /usr/local/php8/etc/php-fpm.conf vi /usr/local/php8/etc/php-fpm.d/www.conf 啟動 php-fpm /usr/local/php8/sbin/php-fpm -c /usr/local/php8/etc/php.ini -y /usr/local/php8/etc/php-fpm.conf 顯示系統執行程序 ps -A 刪除 php-fpm 程序 killall -KILL php-fpm 下載 php imagick https://github.com/mkoppanen/imagick/releases lynx https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz 安裝 imagick tar zxf imagick-3.7.0.tar.gz cd imagick-3.7.0 /usr/local/php8/bin/phpize ./configure --with-php-config=/usr/local/php8/bin/php-config --with-imagick=/usr/local/ImageMagick && make && make install && make clean vi /usr/local/php8/etc/php.ini extension=imagick.so 下載 phpredis https://github.com/phpredis/phpredis/releases lynx https://github.com/phpredis/phpredis/archive/refs/tags/5.3.7.tar.gz 安裝 phpredis tar zxf phpredis-5.3.7.tar.gz cd phpredis-5.3.7 /usr/local/php8/bin/phpize ./configure --with-php-config=/usr/local/php8/bin/php-config && make && make install && make clean vi /usr/local/php8/etc/php.ini extension=redis.so 設定執行權限 chmod +x /etc/rc.d/rc.local 設定開機啟動 vi /etc/rc.d/rc.local #啟動 firewall /usr/local/bin/firewall.sh start #啟動 memcached /usr/local/memcached/bin/memcached -u daemon -d -l 127.0.0.1 -p 11211 -m 256 -t 4 #啟動 redis /usr/local/bin/redis-server /etc/redis/6379.conf #啟動 mysql /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data & #啟動 nginx /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf #啟動 php-fpm /usr/local/php8/sbin/php-fpm -c /usr/local/php8/etc/php.ini -y /usr/local/php8/etc/php-fpm.conf #啟動 subversion /usr/local/subversion/bin/svnserve -d -r /home/subversion 設定 sshd vi /etc/ssh/sshd_config LoginGraceTime 2m PermitRootLogin yes StrictModes yes MaxAuthTries 6 MaxSessions 10 PermitEmptyPasswords no PasswordAuthentication yes 重新啟動 systemctl restart sshd 關閉 PHP 版本顯示 vi +/expose_php /usr/local/php8/etc/php.ini expose_php = Off 下載 FFmpeg https://github.com/FFmpeg/FFmpeg/releases lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n4.2.9.tar.gz lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n4.3.6.tar.gz lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n4.4.4.tar.gz lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n5.0.3.tar.gz lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n5.1.3.tar.gz lynx https://github.com/FFmpeg/FFmpeg/archive/refs/tags/n6.0.tar.gz 安裝 FFmpeg tar zxf FFmpeg-n4.4.4.tar.gz cd FFmpeg-n4.4.4 ./configure --prefix=/usr/local/ffmpeg --disable-asm && make && make install && make clean 執行位置 /usr/local/ffmpeg/bin/ffmpeg
新增時間 2024-06-13
最後更新 2024-06-13