Linux server setup configuration, development efficiency – Centos

Time:2024-5-10

Hi everyone, I’m BitTorrent. I recently whored out a Centos cloud server for daily development, and I’d like to document the process of building and configuring it.
I have a previous post based on Ubuntu:Linux server setup and configuration, development efficiency skyrocketed – Ubuntu Chapter
As with personal computers, everyone has their own preferences and needs. All the terminals I personally use followthe main road is simpleThe basic idea. The implication is that the software should not be loaded as much as possible, and should be simplified as much as possible. Everything original biochemistry, only care about making it work focused, do not want too many fancy things.

I. Security reinforcement

Before you walk in the jungle, you must get the protection work done. Otherwise, it is easy to be attacked, and then the backup migration is not worth it. Let’s update the system first:

sudo yum clean all
sudo yum update -y
sudo reboot

Everyone knows that the default port for ssh on Linux servers is 22 and the super administrator account is root, so let’s change these defaults and disallow password logins and only authenticate with a secret key:

yum list installed | grep openssh-server
// If not installed
yum install openssh-server
vim /etc/ssh/sshd_config

Change the relevant configuration to the following:

Port 666
PasswordAuthentication no
UseDNS no
PubkeyAuthentication yes

Before we let the configuration take effect, let’s upload the public key of the computer we have at hand. (Otherwise you won’t be able to access it yourself later, so don’t ask me how I know.)

vim ~/.ssh/authorized_keys

Create a boot boot and reboot to put the configuration into effect.

systemctl enable sshd.service
systemctl restart sshd

In addition to this, cloud servers require a second line of protection with the system’s own firewall on top of the cloud vendor’s firewall. centos comes with Firewall and Ubuntu comes with ufw.

firewall-cmd --state
systemctl start firewalld.service
// Startup
systemctl enable firewalld.service
// Open/cancel firewall ports
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=80/tcp --permanent
// View current firewall rules
firewall-cmd --list-ports
// Load the firewall configuration.
firewall-cmd --reload      
systemctl restart firewalld.service

II. Native software

We install software that we use frequently and don’t switch changes randomly, by installing it natively.

// Java
yum -y install java-11-openjdk

// Maven
yum -y install maven

// Toggle the default Java version
update-alternatives --config java

// Node
curl -fsSL https://rpm.nodesource.com/setup_16.x | sudo bash -
yum -y install nodejs

// Nginx
sudo yum -y install nginx
sudo systemctl enable nginx
sudo service nginx start # Starts the nginx service
sudo service nginx stop # Stop the nginx service
sudo service nginx restart # Restarts the nginx service
sudo service nginx reload # reload configuration

In fact, these software can be installed via containers as well, but my personal need is to automate the most basic deployments via Gitlab Runner on this server, so I need these software primitives.

sudo yum install gitlab-runner

Gitlab Runner can be registered to Gitlab, through the script to realize the automatic deployment of applications to the server. For example, I could have a Runner on this server that listens to a branch in my Gitlab, and once the code is updated, it will automatically deploy the update on this server. For more information on how to automate server deployment, see my article here:Quickly automate Gitlab deployments based on the Gitlab Runner.

III. Container software

Below we install Docker, the cornerstone of containers, which can be directly referred to as theofficial website

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Since I’m a VSP on this machine, the large capacity disks I mounted to the/datadirectory. The directory that comes with your Centos system is very small, and Docker puts the container storage path in the/var/lib/docker. We’ll have tons of containers to use later thatThere’s a risk of the system disk filling up.. So you need to change the Docker default storage path:

// Copy the original directory to the location you want to switch to.
cp -a /var/lib/docker /data/docker/
// Backup
mv -u /var/lib/docker /var/lib/docker.bak
// Shut down Docker
sudo systemctl stop docker
// Create a soft connection
sudo ln -fs /store/software/docker /var/lib/docker
// Reboot to take effect
sudo systemctl start docker
# or
sudo service docker start

Then you can have fun deploying containers, this piece of actually everyone according to their own needs on the line, common Docker commands can refer to my article:Docker Practical Command Manual
Here are the containers I need for this Centos:
Gitlab, seeofficial website

// Set the Gitlab container to map local paths.
export GITLAB_HOME=/data/software/gitlab
sudo docker run --detach \
  --hostname baidu.com \
  --publish 8001:8001 --publish 8003:80 --publish 8002:22 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab \
  --volume $GITLAB_HOME/logs:/var/log/gitlab \
  --volume $GITLAB_HOME/data:/var/opt/gitlab \
  --shm-size 256m \
  gitlab/gitlab-ce:latest

Here is a description of the three ports, 8001 is https, 8003 is port 80, and 8002 is the ssh port. 8003 is the one we use for debugging when we first start the container, and the default accountrootPassword Execute the following command to view it.

docker exec-it Container name or container ID grep 'Password:' /etc/gitlab/initial_root_password

Then go into the container and configure https certificates, mail service, feature configuration, etc.

docker exec -it gitlab /bin/bash

compiler/etc/gitlab/gitlab.rbfile, remember we mapped the https and ssh ports, it is here that we need to change to 8001, 8002, so that the user in the web page to copy directly when these two addresses.All Gitlab configurations go through this file, leaving the other files untouched.

// Make the gitlab.rb configuration file effective, and if there are errors you can see a very clear log of the changes you made.
gitlab gitlab-ctl reconfigure
// Restart gitlab
gitlab gitlab-ctl restart
// Go to the console and test that the mail service is available.
gitlab-rails console
Notify.test_email(' recipient email ', 'title', 'body').deliver_now

Also, since Gitlab is usually too memory-intensive, try the official recommendations for memory optimization:Running in a memory-constrained environment

MongoDB:

docker run -d --name mongo --restart=always -p 8016:27017\
      -e MONGO_INITDB_ROOT_USERNAME=admin \
      -e MONGO_INITDB_ROOT_PASSWORD=123456 \
      mongo --auth

Zendo:

docker run -it \
    -v /data/software/zentao:/data \
    -p 8018:80 \
    -e MYSQL_INTERNAL=false \
    -e ZT_MYSQL_HOST=172.18.56.66 \
    -e ZT_MYSQL_PORT=8004 \
    -e ZT_MYSQL_USER=root \
    -e ZT_MYSQL_PASSWORD=123456! \
    -e ZT_MYSQL_DB=zentao \
    -e PHP_MAX_EXECUTION_TIME=300 \
    -e PHP_POST_MAX_SIZE=512M \
    -e PHP_UPLOAD_MAX_FILESIZE=512M \
    -d hub.zentao.net/app/zentao:18.5

IV. Summary

This is a documented article of a cloud server I just installed over the weekend, I hope to give me a like if it helps you. Leave a comment if you have any questions~

Tags: , , , , , , ,

Recommended Today

ImportError: cannot import name ‘Literal‘ from ‘typing‘ (D:\Anaconda\envs\tensorflow\lib\typing.py)

Reporting Errors Background: I downgraded python 3.8 to 3.7 in my original newly created anaconda environment (mine is named tensorflow) because the tensorflow-gpu version needs to be installed. The following error occurs when importing the seaborn package: ImportError: cannot import name ‘Literal’ from ‘typing’ (D:\Anaconda\envs\tensorflow\lib\typing.py) Cause analysis: This is due to the fact that ‘Literal’ […]