CentOS test

Tanasan Piwbang

1. install CentOS (MEM:4GB,Disk:100GB)

2. disk Partition
(1) /boot 200MB
(2) /usr 50GB
(3) / 10GB

3. set TimeZone: Hongkong

4. create crontab : ntpdate 0.cn.pool.ntp.org every 5 min

5. create user test,password: abcd123456, home directory: /opt/test, user test can su - root, can exec sudo no need password.

6. SSH Service:
listen: 2222
root can not login.
ssh login can not use passwd. must use Certificate.
allow 192.168.88.200

7. modify system open file limit 65000

8. disabled icmp (system reboot disabled too)

9. write a script. check alive ip in internat network.

10. iptables INPUT DROP, allow http,ssh,https,nfs

11. disabled selinux (system reboot disabled too)

12. build local yum server.(URL: http://yourip )

(1) the host use local yum server http://yourip

13. tcpwapper: allow sshd: 192.168.88.200

14. install ftp servcie
tcpwapper: deny vsftpd: 192.168.88.200

15. install nfs service. share directory: /opt/share (rw)

16. install tomcat service .(can download on internet)
Listen: 8080 (HTTP)
Listen: 8081 (HTTPS)
Maxthread: 5000
AcceptCount: 5000
Install path: /opt/tomcatX
webapp path: /opt/webapps
JAVA_OPTS="-server -Xms1024m -Xmx1024m -Xss512k"

17. install nginx
(a) request limit 100/s
(b) /status ==> nginx status
Reverse proxy
(c) vhost1: http://www.dongruan1.com ==> tomcat HTTP 8080
(d) vhost2: https://www.dongruan2.com ==> tomcat HTTPS 8081
(e) deny 192.168.88.200 access: http://www.dongruan1.com/


18. reboot system. wait check.

บันทึกนี้เขียนที่ GotoKnow โดย  ใน Network System

คำสำคัญ (Tags)#centos

หมายเลขบันทึก: 644727, เขียน: 13 Feb 2018 @ 16:42 (), สัญญาอนุญาต: ครีเอทีฟคอมมอนส์แบบ แสดงที่มา-ไม่ใช้เพื่อการค้า-ไม่ดัดแปลง, อ่าน: คลิก


ความเห็น (0)