Our goal:
- CentOS system
- nginx server
- asp.net core applications
- mysql server
- Tencent cloud server
Tools to prepare
[Xshell] - Tools Xshell in use windwos, the principle is to use SHH agreement allows us to connect to other computers, similar to the windows remote desktop connection, but now Tencent cloud for remote host ---------- --【Excuting an order】
[] WinSCP - when we write the asp.net core sites, publishing documents, you need to go on CentOS copy, then use WinSCP, when configured ip, again on the CentOS connect to another system, you can achieve two share computer files, copy files ---------- [copy]
[.Net core SDK] -. Net core development of web or webapp to run on CentOS, you need the environment, .net core network Quguan see, there are various versions of the download under linux installation -------- --- [] ------ CentOS install .net core
[Nginx] - it is a reverse proxy http server can forward
【installation】
curl -o nginx.rpm
http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh nginx.rpm
yum install nginx #安装[Configuration]
In the / etc / nginx in
CD / etc / nginx
Vim nginx.confContent:
the User nginx;
worker_processes 1;error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; client_max_body_size 2000m; #最大限制为2000M --万一你的web需要上传文件或者图片等大文件 keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }
Note that the last basis include, this is a bit like the C language, meaning that the configuration file is nested, a more detailed configuration to go inside to find /etc/nginx/conf.d/*.conf
cd /etc/nginx/conf.d/
vim default.conf
内容为下:
server {
listen 80;
server_name 118.24.112.238;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://localhost:5009;
proxy_http_version 1.1;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 81;
server_name 118.24.112.238;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Probably means that listens on port 80, 5009 rpm, 81 monitor port, switch 5000, the follow-up other pending additional knowledge
【重载】
nginx配置文件修改后,请一定不要忘记重载,新手很容易忘,
nginx -s reload
[Daemon]
nginx installation configurations are good, firewall port 80 open, dotnet netcore.dll run, the site open, forward port 80 to 5000, this is indeed released, but unlikely to be executed once each boot dotnet run, but you need to Configuring guard service Supervisor, (guard service - daemon) ====================== what guard service, has been allowed to run our web, own error handling he restarted
【installation】
yum install python-setuptools
easy_install supervisor #安装Supervisor[Configuration]
Supervisor的默认配置文件supervisord.conf 但是没有使用 自建了一个supervisor目录,
Cmd []: mkdir / etc / supervisor
then outputs the configuration file to the specified directory:
[cmd]: echo_supervisord_conf> /etc/supervisor/supervisord.conf # Supervisor configuration
wherein the end of the file supervisord.conf:
; [the include]
; Files = relative / Directory / .ini
modify ([Note] removed; without spaces)
[the include]
files = the conf.d / .conf
and CD / etc / Supervisor /
mkdir the conf.d
new file:
Vim zyhopsys.conf
Vim zyhopsys -admin.conf
file content was about:
[program: opadmin]
the command = command dotnet ZYH.Operation.Sys.Admin.dll # (note) to run the program
directory = / home / opadmin / # ( Note Note) corresponding storage directory of your project, this place is a lot of beginners mistake! ! !
autorestart = true # quits unexpectedly restart automatically
environment = ASPNETCORE_ENVIRONMENT = Production # process environment variables
stderr_logfile = / var / log / myproject.err.log ; # error log file
stdout_logfile = / var / log / myproject.out.log ; # Output log file
user identity user = root # processes executing
StopSignal = INT
autostart = to true
autorestart is to true =
startsecs. 1 =[Run] carrying profile
supervisord -c /etc/supervisor/supervisord.conf 这里稍微提一句:supervisord的启动顺讯 supervisord #默认去找$CWD/supervisord.conf,也就是当前目录 supervisord #默认$CWD/etc/supervisord.conf,也就当前目录下的etc目录 supervisord #默认去找/etc/supervisord.conf的配置文件 supervisord -c /home/supervisord.conf #到指定路径下去找配置文件 运行后:ps -ef | grep dotnet 可以查看自己的网站是否已运行,正常如下 root 1877 1817 0 16:40 pts/1 00:00:00 grep --color=auto dotnet root 4971 26752 0 13:57 ? 00:00:07 dotnet ZYH.Operation.Sys.Admin.dll root 4972 26752 0 13:57 ? 00:00:05 dotnet ZYH.Operation.Sys.Web.dll
[Reload]
supervisorctl reload #重新加载 每次重新部署 后,可以执行一下上面的命令
Set [boot]
-建立配置文件 打开目录 /usr/lib/systemd/system/ 新建文件 supervisord.service cd /usr/lib/systemd/system/ vim supervisord.service 内容: # dservice for systemd (CentOS 7.0+) # by ET-CS (https://github.com/ET-CS) [Unit] Description=Supervisor daemon [Service] Type=forking ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf ExecStop=/usr/bin/supervisorctl shutdown ExecReload=/usr/bin/supervisorctl reload KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target 执行命令: systemctl enable supervisord systemctl is-enabled supervisord #来验证是否为开机启动
[Firewall]
If you can not access the public network ip: That's because CentOs firewall blocked, we open the port.
firewall-cmd --zone = public --add- port = 80 / tcp --permanent # ( open 80 ports)
systemctl restart firewalld # (reboot the firewall for the configuration with immediate effect)firewall-cmd --zone = public --add- port = 80 / tcp --permanent # ( open 80 ports)
systemctl restart firewalld # (reboot the firewall for the configuration with immediate effect)- I use Tencent cloud host, and not by the above command mysql remote access
firewall-cmd --zone = public --add-port = 3306 / tcp --permanent # (open port 3306)
Finally, use iptables
【installation】
#先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables yum update iptables #安装iptables-services yum install iptables-services
[Stop] firewalld
#停止firewalld服务 systemctl stop firewalld #禁用firewalld服务 systemctl mask firewalld
[Iptables configuration]
vim /etc/sysconfig/iptables # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
- In summary, until now, we do not involve interaction with the database level, but the .net core publishing environment configuration experience on linux
CentOS的安装 远程执行终端Xshell 远程拷贝文件WinSCP .net core 环境的安装 服务器nginx的安装,配置,转发规则配置等 守护服务Supervisor的安装,自启动
Nexus, had previously been released, but our dynamic website, there must be a data source, we choose mysql, mysql installation experience, root account login, password,
# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm # rpm -ivh mysql-community-release-el7-5.noarch.rpm # yum install mysql-community-server
Permission to open, open port (similar to sqlserver1433 port) CentOS firewall -3306, and reboot the firewall, so that we will be able to remotely access mysql
centOS预装了mariadb(mysql之父为了mysql可能存在闭源风险而搞mysql分支)
安装完以后mariadb自动就被替换了,将不再生效。
【安装】
# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
# rpm -ivh mysql-community-release-el7-5.noarch.rpm
# yum install mysql-community-server
【重启mysql服务】
# service mysqld restart
【修改密码】
初次安装mysql,root账户没有密码。
直接 #mysql -u root
# mysql>show databases;
mysql>set password for 'root'@'localhost' =password('设置你的密码');
Query OK, 0 rows affected (0.00 sec)
不需要重启数据库即可生效。
【配置】
#vim /etc/my.cnf
内容如下:
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html
[client]
default-character-set=utf8
# 加上 免得有中文乱码
[mysql]
[mysqld]
character-set-server = utf8
# 加上 免得有中文乱码
innodb_log_file_size=640M
max_allowed_packet = 64M
#加上,当你有大量数据要往数据库中存储就需要这个配置,例如二进制文件
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
default-storage-engine=InnoDB
max_connections=151
# Recommended in standard MySQL setup
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
【远程连接设置】- 我就想在家,在公司,在任何地方都能进入我自己的数据库操作一下,navicat连一下
#把在所有数据库的所有表的所有权限赋值给位于所有IP地址的root用户。
mysql> grant all privileges on *.* to root@'%'identified by 'password';
#如果是新用户而不是root,则要先新建用户
mysql>create user 'username'@'%' identified by 'password';
【重载】
配置文件修改后,别忘记重启mysql
service mysqld restart
References: https: //www.cnblogs.com/zhaopei/p/netcore.html--- sense Xieyuan You farming life code