Linux
– 常用命令
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
| yum install -y bash-completion
free -h
cat /etc/redhat-release cat /proc/version uname -a
dmidecode -s system-manufacturer
yum install epel-release -y yum -y install htop
yum -y install telnet net-tools sysstat
htop
lscpu
cat /proc/cpuinfo
cat /proc/cpuinfo| grep "physical id"| sort| uniq| wc -l
cat /proc/cpuinfo| grep "cpu cores"| uniq
cat /proc/cpuinfo| grep "processor"| wc -l
getenforce sestatus
vi /etc/selinux/config
setenforce 0
setenforce 1
rsync -av --remove-source-files --exclude='_install' --exclude='1.sh' --exclude='oper' --exclude='oper_bk' --exclude='oper_bk_0721' --exclude='oper_bk0801' --exclude='r_bk' /dockerdata/nginx/html/api/ ~/test/
ps aux|head -1;ps aux|grep -v PID|sort -rn -k +3|head ps auxw|head -1;ps auxw|sort -rn -k3|head -10
ps aux|head -1;ps aux|grep -v PID|sort -rn -k +4|head ps auxw|head -1;ps auxw|sort -rn -k4|head -10
ps auxw|head -1;ps auxw|sort -rn -k5|head -10
snmpwalk -v3 -u snmpv3User -l authNoPriv -a MD5 -A zmsj1234 192.168.101.7
snmpwalk -v2c -c 团体字 ip
|
1 2 3 4 5 6 7 8 9 10 11
| echo "vm.swappiness=1">>/etc/sysctl.conf sysctl -p
swapoff -a && swapon -a
sync echo 3> /proc/sys/vm/drop_caches
|
– Linux磁盘挂载
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| [root@orcl:/opt/linux_scripts] NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 7.3G 0 loop /media/cdrom sr0 11:0 1 1024M 0 rom vda 252:0 0 50G 0 disk ├─vda1 252:1 0 1G 0 part /boot └─vda2 252:2 0 49G 0 part ├─uos-root 253:0 0 494G 0 lvm / └─uos-swap 253:1 0 5G 0 lvm [SWAP] vdb 252:16 0 450G 0 disk └─vdb1 252:17 0 450G 0 part └─uos-root 253:0 0 494G 0 lvm / vdc 252:32 0 500G 0 disk
pvcreate /dev/vdc vgextend uos /dev/vdc lvextend -l +100%FREE /dev/mapper/uos-root xfs_growfs /dev/mapper/uos-root
|
– 防火墙
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
| systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
systemctl start firewalld
systemctl enable firewalld
systemctl restart firewalld
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-port
|
– 查看网络连接、端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
| //端口 netstat -tunlp |grep xxx 查看网络连接 -t (tcp) 仅显示tcp相关选项 -u (udp)仅显示udp相关选项 -n 拒绝显示别名,能显示数字的全部转化为数字 -l 仅列出在Listen(监听)的服务状态 -p 显示建立相关链接的程序名 -a (all) 显示所有选项,默认不显示LISTEN相关。 -r 显示路由信息,路由表 -e 显示扩展信息,例如uid等 -s 按各个协议进行统计 -c 每隔一个固定时间,执行该netstat命令 lsof -i:端口号 用于查看某一端口的占用情况,比如查看9092端口使用情况,lsof -i:9095
|
– 设置linux默认不启动图形界面
返回结果:
multi-user.target 相当于init 3,命令行模式;
graphical.target 相当于init 5,图形界面模式。
1 2 3 4 5
| systemctl set-default multi-user.target
systemctl set-default graphical.target
|
– Linux启动提示“/dev/mapper/ao-root:unexpected inconsistency;RUN fsck MANUALLY”解决办法
1 2
| fsck -y /dev/mapper/ao-root
|
Docker
- Docker安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
| yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl start docker systemctl enable docker
docker info
systemctl status docker
systemctl restart docker
systemctl stop docker
|
配置镜像加速器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
| sudo mkdir -p /etc/docker
tee /etc/docker/daemon.json << EOF { "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "3" } } EOF
sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://uxs8f4rt.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
systemctl stop docker
cp -a /var/lib/docker /www
vi /etc/docker/daemon.json
{ "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/www/docker" }
systemctl daemon-reload systemctl start docker
|
- Docker Compose安装
1 2 3 4 5 6 7 8
| curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version
|
- Docker使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
| docker pull centos:7.9.2009
docker images
docker image rm hello-world
docker run -it --name centos7.9 -p 8888:8888 -p 80:80 centos:7.9.2009 bash
docker ps
docker ps -a
docker container stop 802
docker container restart 802
docker exec -it 802 bash
docker container rm 802
docker container rm -f 802
yum reinstall glibc-common -y
localedef -i zh_CN -f UTF-8 zh_CN.UTF-8 echo LANG="zh_CN.UTF-8" > /etc/locale.conf
|
Python
- python安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
| yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc make libffi-devel
wget http://npm.taobao.org/mirrors/python/3.9.16/Python-3.9.16.tgz
tar -zxvf Python-3.9.16.tgz cd Python-3.9.16
./configure prefix=/usr/local/python3 make && make install
ln -s /usr/local/python3/bin/python3.9 /usr/bin/python39 ln -s /usr/local/python3/bin/pip3.9 /usr/bin/pip39
pip39 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
python39 -m pip install --upgrade pip
|
Nginx
- ssl证书生成配置
1 2 3 4 5 6
| mkdir -p /etc/nginx/ssl/ openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
- nginx限制访问host
1 2 3 4
| if ($host != "116.63.163.39") { return 403; }
|
- nginx常用配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
| server { listen 80; listen 443 ssl http2 ; server_name www.yangchao.me; index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/web; add_header Cross-Origin-Embedder-Policy require-corp; add_header Cross-Origin-Opener-Policy same-origin; add_header Cross-Origin-Resource-Policy same-origin; add_header Clear-Site-Data "cache, cookies"; add_header Content-Security-Policy "default-src 'self'"; add_header Referrer-Policy strict-origin-when-cross-origin; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Content-Type-Options "nosniff"; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } ssl_certificate /www/server/panel/vhost/cert/web/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/web/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri;
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) { return 404; }
location ^~ / { proxy_pass http://127.0.0.1:5000; proxy_set_header Host 127.0.0.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; set $static_fileG0ZQTXEv 0; if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) { set $static_fileG0ZQTXEv 1; expires 1m; } if ( $static_fileG0ZQTXEv = 0 ) { add_header Cache-Control no-cache; } }
access_log /var/log/nginx/web.log; error_log /var/log/nginx/web.error.log; }
|
- supervisor守护nginx
1 2 3 4 5 6 7 8 9
| [program:nginx] command=/usr/bin/nginx -g 'daemon off;' directory=/usr/bin/ autostart=true autorestart=true redirect_stderr=true priority=10 stdout_logfile=/var/log/supervisor/nginx.log stderr_logfile=/var/log/supervisor/nginx.err.log
|
MySQL
1 2 3 4 5 6 7 8 9 10 11 12 13 14
|
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO `root`@`%` IDENTIFIED BY `password` WITH GRANT OPTION; FLUSH PRIVILEGES;
或
use mysql; update user set Host='%' where User='root'; FLUSH PRIVILEGES;
SELECT user, host FROM mysql.user;
|