Aliyun Server CentOS Server initialization settings

Take the Aliyun server as an example

One, mounted hard disk

1, disk partition

Fdisk-l #查看设备, you can generally see the device named/dev/xvdb

Fdisk/dev/xvdb #对磁盘进行分区

Enter N #创建新分区

Enter P #创建主分区

Enter 1 #创建第一个主分区

Enter the W #保存并执行以上命令 to create the partition

After the above command has been completed, use Fdisk-l to see a similar

/DEV/XVDB1 of the partition

Indicates that the partition was successful.

2. Disk format

MKFS.EXT4/DEV/XVDB1 #对分区进行格式化

Description: EXT4 is the centos6.x default partition format, centos5.x please use ext3

After the format is complete (depending on the size of the partition, the time required for formatting is different, please wait patiently), mount the partition

3, mount the disk

For example: To mount the/DEV/XVDB1 to the/data directory

Mkdir-p/data #创建目录

Mount/dev/xvdb1/data #挂载

Df-h #查看挂载结果

Vi/etc/fstab #设置开机自动挂载, enter the following code on the last line

/dev/xvdb1/data EXT4 Defaults 0 0

: wq! #保存退出

Mount-a #使分区设置立即生效

Second, create swap partitions

Note: The default Aliyun service does not have a swap partition, 512M cloud Server installed PHP 5.6 will be prompted with insufficient memory, installation failed!

It is strongly recommended that you increase the swap partition regardless of the amount of memory.

Increase the 1024M swap space on the 512M Aliyun service

Specific actions:

1, DD If=/dev/zero of=/tmp/swap bs=1m count=2048 #创建1024M的文件块

2, Mkswap/tmp/swap #创建swap文件

3, Swapon/tmp/swap #激活swap文件

4, Swapon-s #查看swap

5, modify the/etc/fstab file, add the following content, let the system boot automatically start

Vi/etc/fstab #在最后添加下面代码

/tmp/swap Swap default 0 0

: wq! #保存退出

System Yun-wei Www.111cn.net warm reminder: qihang01 original Content © Copyright, reproduced please specify the source and the original link

Third, System kernel optimization

1, CentOS 5.x CentOS 6.x CentOS 7.x

Vi/etc/security/limits.conf #在最后一行添加以下代码

* Soft Nproc Unlimited

* Hard Nproc Unlimited

* Soft Nofile 655350

* Hard Nofile 655350

: wq! #保存退出

2, CentOS 5.x CentOS 6.x CentOS 7.x

Vi/etc/profile #在最后一行添加以下代码

Ulimit-shn 655350

Ulimit-shu Unlimited

Ulimit-shd Unlimited

ULIMIT-SHM Unlimited

ULIMIT-SHS Unlimited

Ulimit-sht Unlimited

ULIMIT-SHV Unlimited

: wq! #保存退出

Source/etc/profile #使配置立即生效

Ulimit-a #查看设置

3, CentOS 6.x (CentOS 5.x and CentOS 7.x do not need to set this)

Vi/etc/security/limits.d/90-nproc.conf #在最后一行添加以下代码

* Soft Nproc Unlimited

* Hard Nproc Unlimited

* Soft Nofile 655350

* Hard Nofile 655350

: wq! #保存退出

4, CentOS 5.x CentOS 6.x CentOS 7.x

Sed-i "S/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf '

Echo-e "net.core.somaxconn = 262144" >>/etc/sysctl.conf

Echo-e "Net.core.netdev_max_backlog = 262144" >>/etc/sysctl.conf

Echo-e "Net.core.wmem_default = 8388608" >>/etc/sysctl.conf

Echo-e "Net.core.rmem_default = 8388608" >>/etc/sysctl.conf

Echo-e "Net.core.rmem_max = 16777216" >>/etc/sysctl.conf

Echo-e "Net.core.wmem_max = 16777216" >>/etc/sysctl.conf

Echo-e "Net.ipv4.netfilter.ip_conntrack_max = 131072" >>/etc/sysctl.conf

Echo-e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >>/etc/sysctl.conf

Echo-e "net.ipv4.route.gc_timeout =" >>/etc/sysctl.conf

Echo-e "Net.ipv4.ip_conntrack_max = 819200" >>/etc/sysctl.conf

Echo-e "Net.ipv4.ip_local_port_range = 10024 65535" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_retries2 = 5" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_fin_timeout = >>/etc/sysctl.conf"

Echo-e "net.ipv4.tcp_syn_retries = 1" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_synack_retries = 1" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_timestamps = 0" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_tw_recycle = 1" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_tw_len = 1" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_tw_reuse = 1" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_keepalive_time =/etc/sysctl.conf" >>

Echo-e "Net.ipv4.tcp_keepalive_probes = 3" >>/etc/sysctl.conf

Echo-e "NET.IPV4.TCP_KEEPALIVE_INTVL =" >>/etc/sysctl.conf

Echo-e "net.ipv4.tcp_max_tw_buckets = 36000" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_max_orphans = 3276800" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_max_syn_backlog = 262144" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_wmem = 8192 131072 16777216" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_rmem = 32768 131072 16777216" >>/etc/sysctl.conf

Echo-e "Net.ipv4.tcp_mem = 94500000 915000000 927000000" >>/etc/sysctl.conf

/sbin/sysctl-p #使配置立即生效

Cat/var/log/secure #查看系统设置是否正确, no error prompt stating correct settings

Iv. system security Settings

1, create the ordinary account

Useradd Osyunwei #创建普通账号

passwd 123456 #设置密码

2. Disable Root Direct login

Vi/etc/ssh/sshd_config #编辑

Find Permitrootlogin and change the following yes to No

: wq! #保存退出

3, open the firewall

Yum install iptables #安装防火墙 Yum install wget install the download tool first

Chkconfig iptables on #设置开机启动

Vi/etc/sysconfig/iptables #编辑, add the following code

# Firewall configuration written by System-config-firewall

# Manual Customization of this file is not recommended.

*filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

-A input-m state--state established,related-j ACCEPT

-A input-p icmp-j ACCEPT

-A input-i lo-j ACCEPT

-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT

-A input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT

-A input-s 192.168.1.1/24-m state--state new-m tcp-p TCP--dport 3306-j ACCEPT

-A input-j REJECT--reject-with icmp-host-prohibited

-A forward-j REJECT--reject-with icmp-host-prohibited

COMMIT

# Iptables for osyunwei.com Date 2015/05/22

Service Iptables Start #启动防火墙

Note:-s 192.168.1.1/24 says only this IP segment is allowed to access 3306 ports and can be modified according to requirements

4. Modify SSH default port

Change SSH default remote connection port 22 to 222

Vi/etc/ssh/sshd_config

Add Port 222 under #port 22

: wq! #保存退出

Vi/etc/ssh/ssh_config

Add Port 222 under #port 22

: wq! #保存退出

/etc/init.d/sshd Restart #重启sshd服务

Vi/etc/sysconfig/iptables #编辑

Change the 22 port to 222

: wq! #保存退出

/etc/init.d/iptables restart #重启防火墙 to make configuration effective

V. Modify the host name

This sets the host name: Www.111cn.net

1, hostname "www.111cn.net" #设置主机名为www. 111cn.net

2,

Vi/etc/sysconfig/network #编辑配置文件CentOS 5.x CentOS 6.x

Hostname= www.111cn.net #修改localhost. Localdomain for Www.111cn.net

: wq! #保存退出

Vi/etc/hostname #编辑配置文件CentOS 7.x

Www.111cn.net #修改localhost. Localdomain for Www.111cn.net

: wq! #保存退出

3, Vi/etc/hosts #编辑配置文件

127.0.0.1 www.111cn.net localhost #修改localhost. Localdomain for Www.111cn.net

: wq! #保存退出

Vi. Synchronization System Time

Yum install-y NTP #安装ntp

Ntpdate cn.pool.ntp.org #执行时间同步

Hwclock--SYSTOHC #系统时钟和硬件时钟同步

ECHO-E "0 0 * * */usr/sbin/ntpdate cn.pool.ntp.org >/dev/null" >>/var/spool/cron/root #添加计划任务

Service Crond Restart #重启服务

Installation of the basic software package

Yum install-y apr* autoconf automake bison cloog-ppl compat* cpp Curl curl-devel fontconfig fontconfig-devel freetype fre etype* freetype-devel gcc gcc-c++ gtk+-devel gd gettext

Gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg* Libsepol-devel Libselinux-devel Libstdc++-devel libtool*

Libgomp libxml2 libxml2-devel libxpm* libtiff libtiff* libx* make MPFR ncurses* ntp OpenSSL openssl-devel patch Pcre-devel Perl php-common php-gd policycoreutils ppl telnet

T1lib t1lib* nasm nasm* wget zlib-devel