/ * ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------ Write in front: I see many netizens's questions are related to server configuration, build a reliable and safe application development The server is the foundation of web programming, especially for friends who have developed JSP on Linux.
This document is the crystallization of my multi-year server configuration. I haven't been modified by my N before publishing (the last big revision is just released in RH7.2, and then because I have not found a mistake because I didn't find any mistakes, I didn't have it. Upgrade), the document is reprinted by the antenna network at the end of 2001 (http://www.yesky.com/20020206/217592.shtml), then reproduced by LinuxBYE.NET, CNJSP.com and other Linux and Java communities, after the time test I have never been discovered by you so far.
Documentation is not ideal in the web page, if you want to get PDF of this document, or have any comments, you can mail to Roczhao@msn.com
Documents are long and distributed, this is the third, the following is the text: ------------------------------- --------------------------------------- * /
Configuration steps
Step 1 Redhat 7.2 Install
My advice:
1. Establish a separate partition for / home because / home is the store of user data. This document also puts the software installation file in this directory, so do this when you reinstall the system next time When it is, you can keep the partition, and the data is guaranteed;
2, use the custom installation and select 'everything' option, which is especially suitable for beginners, otherwise you may not find a package or a command in the back installation; but if you are configured the Internet server, You should only choose the required package, and try to streamline enough security;
3. When selecting the language, it is recommended to select the Simplified Chinese (P.R.china) option so that when you configure the server, there is no need for any statement in the program code, and Chinese will be supported without garbled;
4. Use gnome as the login manager, use KDE as the default session, set the default to X, so the purpose is to facilitate remote control;
5, IP: 192.168.1.2, this is my IP I used in this document, this can be set.
6. I don't involve the setting of the firewall. After the system installation is complete, you can use the ntsysv or the chkconfig command to disable both iptables and ipchains, otherwise it will cause Telnet and remote logins.
Of course, if you are familiar with the firewall settings, you can process it.
-------------------------------------------------- ------------------------------------------
Step 2 x setup
## This step is completed, restart the server, then you can use the remote control software such as Extra! X to make server configuration on the Microsoft platform on the Microsoft platform using Extra! X, which can control the server side and client at the same time, do not have to run Between two machines. If you cannot perform remote control according to the settings below, you are very likely that your firewall policy does not allow this, disable iptables and ipchains. Vi /etc/x11/gdm/gdm.conf // Enable remote control
[xdmcp]
Enable = 1
Vi / etc / x11 / gdm / sessions / default // Settings Default session
EXEC / ETC / X11 / XDM / XSession KDE
Vi / etc / x11 / xdm / xaccess // set broadcast object
192.168.1. *
-------------------------------------------------- ------------------------------------------
Step 3 Services Setup
Shell> NTSYSV
Run the ntsysv command to enable Named, Telnet, and WU_FTPD services, disable httpd, mysqld, iptables, and Ipchains services and other unwanted services, and then reboot the server with the Reboot.
-------------------------------------------------- ------------------------------------------
Step 4 DNS Setup
vi /etc/named.conf
1 Create a standard area
## You can name it according to your preferences, here I use the suffix is .loc, mainly to avoid conflicts with the domain name already registered with the Internet, you can decide your suffix.
## Add the following text to /etc/named.conf
Zone yesgo.loc {
TYPE MASTER;
File "yesgo.loc";
}
Zone 1.168.192.in-addr.arpa {
TYPE MASTER;
File "192.168.1";
}
2 Create a domain name library file
Touch /var/named/yesgo.loc
Touch /var/named/192.168.1
## Edit the positive domain name library file, build hostname and host alias
vi /var/named/yesgo.loc
@ In soa ns.yesgo.loc. Root.ns.yesgo.loc.
2001050801; Serial
28800; Refresh
14400; RETRY
3600000; EXPIRE
86400); Minimum
IN ns ns.yesgo.loc.
IN mx 0 ns.yesgo.loc.
NS in a 192.168.1.2
FTP in cname ns.yesgo.loc.
Mail in cname ns.yesgo.loc.
Pop in cname ns.yesgo.loc.
SMTP in cname ns.yesgo.loc.
## Edit the reverse domain name library file, build a hostname pointer
Vi /var/named/192.168.1
@ In soa ns.yesgo.loc. Root.ns.yesgo.loc. (2001050801; Serial
28800; Refresh
14400; RETRY
3600000; EXPIRE
86400); Minimum
IN ns ns.yesgo.loc.
IN mx 0 ns.yesgo.loc.
2 in ptr ns.yesgo.loc.
3 restart DNS service
/etc/rc.d/init.d/named restart
4 domain query
## Test whether the domain name is resolved, this is an interactive command line, you can enter a domain name or IP address for forward and reverse query
Nslookup -sil
-------------------------------------------------- ------------------------------------------
Step 5 kde setup
This step is possible because you can use the default interface directly without going to pay attention to it. The general approach is to set the overall setting according to the KDE configuration wizard, and then use the KDE Control Center for detailed configuration, not more here. What you need to be added is that you can set the default session through the Windows Manager in KDE Control Panel, of course, can also be achieved by profiles.
-------------------------------------------------- ------------------------------------------
Step 6 ftp setup
Vi / etc / shells
## Add a row to / etc / shells, will use the command and telnet service as the shell of the FTP user
/ dev / null
## Increase the ftpchroot group, the user in this group will use its own home directory as an FTP root directory
GroupAdd ftpchroot
## Add FTP user, which can only use FTP services, and with its own home directory as root directory
UserAdd src -s / dev / null -g ftpchroot / / This account is used to store package
Passwd SRC
/ *
I am used to putting the software package into a custom / home / src directory, the main purpose is also the above-mentioned data preservation and software uploading problem, if the / usr / local / src directory, these two points can be achieved but inconvenient If you are used to putting the software to / usr / local / src, you can delete the / usr / local / src then build a symbolic connection for / home / src.
* /
RM -R -F / USR / local / src
LN -S / Home / SRC / USR / local / src
-------------------------------------------------- ------------------------------------------
Step 7 MySQL, Apache and PHP Unistall
Using the Package Manager or RPM command to uninstall Mysql, Apache, and PHP. It is recommended that beginners use the Package Manager to find these three keywords, to uninstall all related packages. We will then compile these software.
-------------------------------------------------- ------------------------------------------
Step 8 MySQL Install
1 Prepare users
## Note, what you said here, refer to the launch user of MySQL services, this user is a user of the Linux system, not MySQL users. It is necessary to make it, Linux and MySQL have their own user mechanisms. They have the highest permission user root. After the mysql installation is only one user, root, the password is empty, you can use mysqladmin -u root -p password instruction To change its password. Userdel mysql
UserAdd MySQL -S / dev / null
Passwd mysql
2 Install MySQL
CD / Home / SRC
TAR XVZF MY * // Unpack
CD MY *
./configure --prefix = / usr / local / mysql // configuration
Make // Compile
Make install // installation
./scripts/mysql_install_db // Construction Library
3 Modify the folder permissions
## The following modifies the relevant folder permissions, otherwise the mysql service can not start, or you have no write permission to the database.
Chown -r root / usr / local / mysql
chgrp -r mysql / usr / local / mysql
chown -r root / usr / local / mysql / bin
chgrp -r mysql / usr / local / mysql / bin
Chown -r root / usr / local / mysql / var
chgrp -r mysql / usr / local / mysql / var
CHMOD 770 / USR / local / mysql / var
Chown -r root / usr / local / mysql / var / mysql
Chgrp -r mysql / usr / local / mysql / var / mysql
CHMOD 770 / USR / local / mysql / var / mysql
chown -r root / usr / local / mysql / var / mysql / *
Chgrp -r mysql / usr / local / mysql / var / mysql / *
CHMOD 770 / USR / local / mysql / var / mysql / *
Chmod 770 /usr/local/mysql/lib/mysql/libmysqlclient.a
4 reload dynamic library
## Because we use custom compilation and installation, it is different from the library position that is originally defined by the system. Now we re-specify it and reload
vi /etc/ld.so.conf
# Add below one line
/ usr / local / mysql / lib
Shell> ldconfig // Re-load dynamic library
5 test mysql
CD / usr / local / mysql
./bin/safe_mysqld --user = mysql & // Start MySQL service
mysqladmin -u root -p password 'your_password' // Change user password
MySQL -P // starts using
6 Create a startup script
## Create a MySQL service, enabling it automatically when the system starts
CD /etc/rc.d/init.d
Touch mysqld
VI mysqld
## The contents of the file are as follows:
#! / bin / bash
#Start mysql servicecd / usr / local / mysql
./bin/safe_mysqld - -user = mysql &
## Change the permissions of this script, otherwise the system starts to start failure due to no permission
Chown -r root /etc/rc.d/init.d/mysqld
CHMOD 700 / Etc/rc.d/init.d/mysqld
## Connect this service to the init 5, if you use the init 3 to start the machine, connect to RC3.D, 60 represent the order of the startup, S is capitalized
ln -s /etc/rc.d/init.d/mysqld /etc/rc.d/rc5.d/s60mysqld
-------------------------------------------------- ------------------------------------------
Step 9 Apache Install
1 Install apache
CD / Home / SRC
TAR XVZF APA * // Unpack
CD APA *
./configure --prefix = / usr / local / apache --enable-module = so // Set compilation parameters
Make // Compile
Make install // installation
