1)
準(zhǔn)備好環(huán)境
1.1創(chuàng)建虛擬機(如果是引用過來得虛擬機,只需修改虛擬機的配置文件)
選擇所在的iso文件
設(shè)定好配置纤子,由于所有的配置都放在一個server上吻贿,相對應(yīng)的配置設(shè)定得高
配置好網(wǎng)絡(luò)
配置好root密碼
1.2配置static ip
重啟后可以配置static ip:
First check your Gateway IP in NAT Settings of Virtual Network Editor
Below is the only network I have in VM:? by command: nmcli d
cd /etc/sysconfig/network-scripts
yum install vim
vim ifcfg-ens33
restart network: systemctl restart network(service network restart), ip:192.168.16.139
connect by SSH
connect by WinSCP
1.3 Install Java
We need jar to unzip war file, so we should not use open jdk
[root@s132-148-87-25 ROOT]# rpm -qa|grep java???
[root@s132-148-87-25 ROOT]# rpm -e --nodepsjava-1.8.0-openjdk-headless-1.8.0.201.b09-2.el7_6.x86_64
[root@s132-148-87-25 ROOT]# rpm -e --nodepsjava-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64
If you do not see any openjdk, then go ahead:
[root@s132-148-87-25 ROOT]# mkdir /usr/local/src/java
put unzipped java under this folder
config java environment
[root@s132-148-87-25 lib]# vim /etc/profile
?????????????? #set java environment
?????????????? JAVA_HOME=/usr/local/src/java/jdk1.7.0_55
?????????????? CLASSPATH=.:$JAVA_HOME/lib.tools.jar
?????????????? PATH=$JAVA_HOME/bin:$PATH
?????????????? export JAVA_HOME CLASSPATH PATH
[root@s132-148-87-25 lib]# source /etc/profile
[root@localhost ~]# java -version
-bash: /usr/local/src/java/jdk1.7.0_55/bin/java: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory
[root@localhost ~]# yum install glibc.i686
1.4 Install Tomcat
Tomcat port
tomcat10080的端口:8005, 10080, 9009
tomcat10081的端口:8006, 10081, 9010
tomcat10082的端口:8007, 10082, 9011
tomcat10083的端口:8008, 10083, 9012
tomcat10084的端口:8009, 10084, 9013
tomcat10085的端口:8010, 10085, 9014
tomcat10086的端口:8011, 10086, 9015
tomcat10087的端口:8012, 10087, 9016
tomcat10088的端口:8013, 10088, 9017
tomcat10089的端口:8014, 10089, 9018
tomcat10090的端口:8015, 10090, 9019
tomcat10091的端口:8016, 10091, 9020
tomcat11080的端口:8205, 11080, 8309
tomcat11081的端口:8206, 11081, 8310
tomcat11082的端口:8207, 11082, 8311
tomcat11083的端口:8208, 11083, 8312
tomcat11084的端口:8209, 11084, 8313
tomcat11085的端口:8210, 11085, 8314
tomcat11086的端口:8211, 11086, 8315
tomcat11087的端口:8212, 11087, 8316
tomcat11088的端口:8213, 11088, 8317
tomcat11089的端口:8214, 11089, 8318
tomcat11090的端口:8215, 11090, 8319
tomcat11091的端口:8216, 11091, 8320
All servers are under /usr/local
[root@localhost java]# mkdir /usr/local/samemart-tomcats
[root@localhost java]# mkdir /usr/local/samemart-servers
[root@localhost ~]# mv apache-tomcat-7.0.47 /usr/local/samemart-tomcats/
[root@localhost samemart-tomcats]# mkdir tomcat10081
[root@localhost samemart-tomcats]# cd apache-tomcat-7.0.47/
[root@localhost apache-tomcat-7.0.47]# mv conf/ webapps/temp/ logs/ work/ -t ../tomcat10081/
[root@localhost samemart-tomcats]# cd tomcat10081/
[root@localhost tomcat10081]# vim conf/server.xml?? //update port
root@localhost samemart-tomcats]# cp -r tomcat10081/tomcat10082/?????? //copy tomcat instance
[root@localhost samemart-tomcats]# vim tomcat10082/conf/server.xml?? //update port
1.5 Install MySQL
//安裝Mysql原包
[root@s132-148-87-25 ~]# yum localinstall mysql-community-release-el6-5.noarch.rpm
//在線安裝MySQL 5.6
[root@localhost ~]# yum install mysql-community-server
//啟動mysql
[root@localhost ~]# service mysqld start
//將mysql設(shè)置為開機啟動
chkconfig mysqld
//給root用戶設(shè)置密碼
[root@localhost ~]# /usr/bin/mysqladmin -uroot password 'iHai1221'
//遠程連接授權(quán)
[root@localhost mysql]# mysql -uroot -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'iHai1221' WITH GRANT OPTION;
mysql> show databases;
//運程連接巍糯,導(dǎo)入數(shù)據(jù)庫
/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT????????????????? //open 3306 port
yum install iptables-services?????????????? //install iptables
service iptables save?????????????????????????? //save iptables
#centOS6下查看iptables
service iptables status
/etc/rc.d/init.d/iptables save?????????? //同service iptables save
/etc/init.d/iptables status? //查看16.131的iptable (centOS中用[root@localhost ~]# iptables -L)
********
加入下面的幾行,22是默認(rèn)存在的傲隶;這里要把21端口也加進去,不加入會導(dǎo)致nginx服務(wù)啟動之后訪問不了主界面
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
22端口是供ssh訪問的窃页,80跺株,8080端口是http服務(wù)訪問的,以后用到https脖卖,也需要打開443端口的訪問權(quán)限帖鸦。
---------------------
原文:https://blog.csdn.net/XIANZHIXIANZHIXIAN/article/details/78891657
********
systemctl status firewalld
systemctl status iptables
(開放端口,對于驗證mysql的3306端口胚嘲,以及solr的8080端口都有效)
disable iptables
最后重啟防火墻使配置生效
#systemctl restart iptables.service
設(shè)置防火墻開機啟動
#systemctl enable iptables.service
[root@localhost ~]#service iptables stop? /永久關(guān)閉:chkconfig iptables off
[root@localhost ~]# iptables -L
程序員→軟件工程師→架構(gòu)師→系統(tǒng)分析師(技術(shù)路線)
程序員→軟件工程師→項目主管Project Leader→項目經(jīng)理PM→項目總監(jiān)director→CIO
在CentOS6下
# filter用于一般的ip數(shù)據(jù)包過濾作儿,包含input鏈、output鏈和forward鏈馋劈;
nat表的作用轉(zhuǎn)發(fā)ip數(shù)據(jù)包攻锰,包含prerouting鏈晾嘶、postrouting鏈和output鏈。
forward:通過防火墻轉(zhuǎn)發(fā)數(shù)據(jù)娶吞;
input:外部訪問本機應(yīng)用程序垒迂;
output:本機應(yīng)用程序向外部發(fā)起的訪問;
prerouting:定義數(shù)據(jù)包在進入防火墻且在控制規(guī)則生效之前妒蛇;
postrouting:定義數(shù)據(jù)包進入防火墻在向外轉(zhuǎn)發(fā)之前机断。
INPUT:與想要進入我們?Linux?本機的封包有關(guān);
#–A:參數(shù)就看成是添加一條規(guī)則
–dport:就是目標(biāo)端口绣夺,當(dāng)數(shù)據(jù)從外部進入服務(wù)器為目標(biāo)端口
–sport:數(shù)據(jù)從服務(wù)器出去吏奸,則為數(shù)據(jù)源端口使用
–j:就是指定是 ACCEPT接收,或者 DROP 拒絕
–s:指定IP
#–p:指定協(xié)議陶耍,我們常用的tcp 協(xié)議
PREROUTING:在進行路由判斷之前所要進行的規(guī)則(DNAT/REDIRECT)
mangle?(破壞者)
https://blog.51cto.com/evolution/648181 實例簡釋iptables + l7-filter配置及使用
SNAT?主要是應(yīng)付內(nèi)部?LAN?連接到?Internet?的使用方式奋蔚,如果要實現(xiàn)SNAT主要會用到POSTROUTING鏈,
DNAT?則主要用在內(nèi)部主機想要架設(shè)可以讓?Internet?存取的服務(wù)器啦烈钞,如果要實現(xiàn)主要涉及到PREROUTING鏈https://yq.aliyun.com/articles/483315/#
192.168.102.230 對外IP
要實現(xiàn)內(nèi)網(wǎng)訪問外網(wǎng)泊碑,那就是SNAT啦
?#?iptables?-t?nat?-A?POSTROUTING?-s?192.168.111.0/24?-o?eth1?-j?SNAT?--to-source?192.168.102.230
?# iptables?-t?nat?-L?-nv?--line-number
#?iptables?-t?nat?-A?PREROUTING?-p?tcp?--dport?80?-i?eth1?-j?DNAT?--to-destination?192.168.113.80
外網(wǎng)用戶訪問http://192.168.102.230(對外公開ip)得到的是‘這里是內(nèi)網(wǎng)站點’ 實際上訪問的是192.168.113.80(內(nèi)部站點或DMZ)
#?iptables?-t?nat?-A?PREROUTING?-p?tcp?--dport?80?-i?eth1?-j?DNAT?--to-destination?192.168.113.80
要實現(xiàn)外網(wǎng)訪問內(nèi)網(wǎng)資源那就是DNAT啦 #如果訪問192.168.16.141將會導(dǎo)到127.0.0.1
iptables?-t?nat?-A?PREROUTING?-p?tcp?--dport?80?-i?eth0 -j?DNAT?--to-destination?127.0.0.1
CentOS開放IP及端口&移除端口
[root@localhost ~]# iptables -A INPUT -s 192.168.16.0/24 -m tcp -p tcp --dport 9004 -j ACCEPT
[root@localhost ~]# /etc/init.d/iptables status?????? # 查看端口狀態(tài)
[root@localhost ~]# iptables -D INPUT 2???????? # 上面可以看到端口num編號,然后按編號刪除:????????
在CentOS7下
firewall-cmd --permanent --add-port=4369/tcp
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
firewall-cmd --reload?????????? //reload生效毯欣,同systemctl restart firewalld
firewall-cmd?--list-ports
systemctl status firewalld
yum install firewalld
systemctl unmask firewalld #實現(xiàn)取消服務(wù)的鎖定
systemctl enable firewalld
systemctl start firewalld
區(qū)域就是firewalld預(yù)先準(zhǔn)備了幾套防火墻策略集合
https://blog.51cto.com/andyxu/2137046? #允許192.168.16.132訪問本機的9004端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.16.132" port protocol="tcp" port="9004-9008" accept"
firewall-cmd?--permanent?--remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="11300" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --zone=internal --list-all
[root@localhost ~]# systemctl restart firewalld? //重啟生效
[root@localhost ~]# firewall-cmd --list-all
iptables?用于過濾數(shù)據(jù)包馒过,屬于網(wǎng)絡(luò)層防火墻。
firewall?能夠允許哪些服務(wù)可用酗钞,那些端口可用...屬于更高一層的防火墻沉桌。
切換到iptables首先應(yīng)該關(guān)掉默認(rèn)的firewalld,然后安裝iptables服務(wù)算吩。
我記得唯一的方案是:后端服務(wù)器只給前端服務(wù)器開放一些端口留凭,這個是可以做到的;防止api的url被暴露
RabbitMQ的安裝
systemctl stop firewalld
systemctl disable firewalld
hostname localhost
systemctl start rabbitmq-server??????? v.s.?????? /sbin/service rabbitmq-server start
