Web服务器初始化脚本

2022-04-26 01:46:04

#!/bin/bash


#  set environment
yum groupinstall "Development tools" -y
yum install lrzsz ntpdate sysstat -y
yum install wget openssl-devel kernel-devel  -y 
yum install subversion -y


#  install nginx
function nginx_install ()
{
mkdir -p /home/tar/
cd /home/tar
if [ -f pcre-8.37.tar.gz ] ;then
   tar zxf pcre-8.37.tar.gz
else
   wget http://ncu.dl.sourceforge.net/project/pcre/pcre/8.37/pcre-8.37.tar.gz
   tar zxf pcre-8.37.tar.gz
fi

if [ -f zlib-1.2.8.tar.gz ] ;then
   tar zxf zlib-1.2.8.tar.gz
else
   wget http://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.8/zlib-1.2.8.tar.gz
   tar zxf zlib-1.2.8.tar.gz
fi

if [ -f openssl-1.0.2c.tar.gz ] ;then
   wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
   tar zxf openssl-1.0.2c.tar.gz
else
   tar zxf openssl-1.0.2c.tar.gz
fi

if [ -f tengine-2.1.0.tar.gz ] ;then  
   wget http://tengine.taobao.org/download/tengine-2.1.0.tar.gz
   tar zxf  tengine-2.1.0.tar.gz
else
   tar zxf  tengine-2.1.0.tar.gz
fi

cd tengine-2.1.0
sed -i 's/1.6.2/1.2.1/g;s/2.1.0/1.2.1/g;s/Tengine/Weyes-Web/g;s/nginx\//Weyes-Web\//g' src/core/nginx.h
./configure --with-http_ssl_module --with-pcre=/home/tar/pcre-8.37 --with-zlib=/home/tar/zlib-1.2.8 --with-openssl=/home/tar/openssl-1.0.2c
make && make install

}

# install php 
function php_install ()
{
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
yum install yum-priorities -y
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/remi-release-16.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

yum --enablerepo=remi install php php-cli php-common php-gd php-ldap  php-mbstring php-mcrypt php-mysql php-pdo php-imap php-odbc php-xml php-xmlrpc php-fpm  php-soap php-bcmath php-redis mysql-libs libpng-devel  libgd-devel libjpeg-devel zlib-devel libxml2-devel  gd-2  apr-util-devel


}

# install redis

yum --enablerepo=remi list redis


#  set iptables

function set_iptables ()
{
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F
iptables -X
iptables -Z

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 123 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j ACCEPT
iptables -A INPUT -p tcp --dport 199 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 50000:50500 -j ACCEPT


service iptables save
service iptables restart

}

#  Security configuration

function set_env ()
{
# chkconfig off
chkconfig auditd off
chkconfig ip6tables off
chkconfig mdmonitor off
chkconfig iscsi off
chkconfig iscsid off
chkconfig lvm2-monitor off

# del user
userdel adm
userdel lp
userdel shutdown
userdel halt
userdel uucp
userdel operator
userdel games
userdel gopher

# set date
echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org >/dev/null 2>&1"  >> /etc/crontab
service crond restart

# set ulimit

echo "* hard nofile" >> /etc/security/limits.conf 
echo "* soft nofile" >> /etc/security/limits.conf 
echo "* hard nproc" >> /etc/security/limits.conf 
echo "* soft nproc" >> /etc/security/limits.conf 
echo "fs.file-max=65535" >> /etc/sysctl.conf

# set sysctl
 
echo "net.ipv4.tcp_syncookies = 1"  >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf 
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 5000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 10240" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf 
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 786432 2097152 3145728" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 4096 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 4096 16777216" >> /etc/sysctl.conf

}


nginx_install  >> /home/log/Web_install.log
php_install  >> /home/log/Web_install.log
set_iptables  >> /home/log/Web_install.log
set_env >> /home/log/Web_install.log
上一篇:提前突击了这近200道大数据面试题,果然头条、京东都给了Offer


下一篇:python代码如何利用阿里云发送邮件