Web服务器初始化脚本

    xiaoxiao2021-04-16  241

    #!/bin/bash # set environment yum groupinstall "Development tools" -y yum install lrzsz ntpdate sysstat -y yum install wget openssl-devel kernel-devel -y yum install subversion -y # install nginx function nginx_install () { mkdir -p /home/tar/ cd /home/tar if [ -f pcre-8.37.tar.gz ] ;then tar zxf pcre-8.37.tar.gz else wget http://ncu.dl.sourceforge.net/project/pcre/pcre/8.37/pcre-8.37.tar.gz tar zxf pcre-8.37.tar.gz fi if [ -f zlib-1.2.8.tar.gz ] ;then tar zxf zlib-1.2.8.tar.gz else wget http://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.8/zlib-1.2.8.tar.gz tar zxf zlib-1.2.8.tar.gz fi if [ -f openssl-1.0.2c.tar.gz ] ;then wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz tar zxf openssl-1.0.2c.tar.gz else tar zxf openssl-1.0.2c.tar.gz fi if [ -f tengine-2.1.0.tar.gz ] ;then wget http://tengine.taobao.org/download/tengine-2.1.0.tar.gz tar zxf tengine-2.1.0.tar.gz else tar zxf tengine-2.1.0.tar.gz fi cd tengine-2.1.0 sed -i 's/1.6.2/1.2.1/g;s/2.1.0/1.2.1/g;s/Tengine/Weyes-Web/g;s/nginx\//Weyes-Web\//g' src/core/nginx.h ./configure --with-http_ssl_module --with-pcre=/home/tar/pcre-8.37 --with-zlib=/home/tar/zlib-1.2.8 --with-openssl=/home/tar/openssl-1.0.2c make && make install } # install php function php_install () { rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 yum install yum-priorities -y rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh http://rpms.famillecollet.com/remi-release-16.rpm rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm yum --enablerepo=remi install php php-cli php-common php-gd php-ldap php-mbstring php-mcrypt php-mysql php-pdo php-imap php-odbc php-xml php-xmlrpc php-fpm php-soap php-bcmath php-redis mysql-libs libpng-devel libgd-devel libjpeg-devel zlib-devel libxml2-devel gd-2 apr-util-devel } # install redis yum --enablerepo=remi list redis # set iptables function set_iptables () { iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -X iptables -Z iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 20 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 123 -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 161 -j ACCEPT iptables -A INPUT -p tcp --dport 199 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p tcp --dport 50000:50500 -j ACCEPT service iptables save service iptables restart } # Security configuration function set_env () { # chkconfig off chkconfig auditd off chkconfig ip6tables off chkconfig mdmonitor off chkconfig iscsi off chkconfig iscsid off chkconfig lvm2-monitor off # del user userdel adm userdel lp userdel shutdown userdel halt userdel uucp userdel operator userdel games userdel gopher # set date echo "* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org >/dev/null 2>&1" >> /etc/crontab service crond restart # set ulimit echo "* hard nofile" >> /etc/security/limits.conf echo "* soft nofile" >> /etc/security/limits.conf echo "* hard nproc" >> /etc/security/limits.conf echo "* soft nproc" >> /etc/security/limits.conf echo "fs.file-max=65535" >> /etc/sysctl.conf # set sysctl echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_tw_buckets = 5000" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf echo "net.core.netdev_max_backlog = 10240" >> /etc/sysctl.conf echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf echo "net.ipv4.tcp_mem = 786432 2097152 3145728" >> /etc/sysctl.conf echo "net.ipv4.tcp_rmem = 4096 4096 16777216" >> /etc/sysctl.conf echo "net.ipv4.tcp_wmem = 4096 4096 16777216" >> /etc/sysctl.conf } nginx_install >> /home/log/Web_install.log php_install >> /home/log/Web_install.log set_iptables >> /home/log/Web_install.log set_env >> /home/log/Web_install.log

    最新回复(0)