系统优化-内核优化
centos7-常见优化
#################### 1. 关闭NetworkManager ##################################################
why you show stop NetworkManager
https://baijiahao.baidu.com/s?id=1615755481699209564&wfr=spider&for=pc
systemctl stop NetworkManager && systemctl disable NetworkManager
#################### 2. 开启时间同步 ############################################################
yum install chrony
systemctl start chronyd.service
systemctl enable chrconyd.service
[root@frp-manager ~]# chronyc sources -v
210 Number of sources = 4
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 0.centos.pool.ntp.org 3 6 55 26 +17ms[+1089us] +/- 131ms
^+ 1.centos.pool.ntp.org 2 6 17 29 +28ms[ +13ms] +/- 108ms
^+ 2.centos.pool.ntp.org 3 6 17 29 -29ms[ -45ms] +/- 141ms
^+ 3.centos.pool.ntp.org 2 6 17 29 -19ms[ -35ms] +/- 132ms
[root@frp-manager ~]#
[root@frp-manager ~]# timedatectl
Local time: Wed 2019-10-23 18:41:42 CST
Universal time: Wed 2019-10-23 10:41:42 UTC
RTC time: Wed 2019-10-23 10:41:44
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
https://www.cnblogs.com/djlsunshine/p/9823288.html
############################## 3. 关闭不必要的开机自启程序 ########################################
https://www.cnblogs.com/benjamin77/p/9341702.html
for i in abrt-ccpp abrt-oops abrt-vmcore abrt-xorg abrtd postfix; do
echo $i
systemctl stop $i
systemctl disable $i
done
############################## 4. 安装常用软件 ############################################################
yum install net-tools vim tree lrzsz wget unzip telnet nmap nc psmisc dos2unix bash-completion sysstat rsync
############################## 5. 关闭swap ############################################################
sed -i '/swap/s-^-#-g' /etc/fstab; mount -a; swapoff -a; free -h
############################## 6. 设置静态IP地址 ############################################################
https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-configure-static-ip-address-in-centos-7-rhel-7-fedora-26.html
cat /etc/sysconfig/network-scripts/ifcfg-eth0
192.168.1.120 node6
hostnamectl set-hostname node6; bash
sed -i 's#192.168.1.100#192.168.1.120#g' /etc/sysconfig/network-scripts/ifcfg-eth0
echo; echo; cat /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network
[root@centos7std ~]# cat init.sh
#!/bin/bash
NEWIP=192.168.1.126
NEWHOSTNAME=xcdh3
hostnamectl set-hostname $NEWHOSTNAME; hostname
sed -i "s#192.168.1.100#$NEWIP#g" /etc/sysconfig/network-scripts/ifcfg-eth0
cat /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR = “[Enter your static IP here]”
GATEWAY = “[Enter your Default Gateway]”
DNS1 = “[Your Domain Name System 1]”
DNS2 = “[Your Domain Name System 2]”
############################## 7. 配置主机名格式 ############################################################
echo "export PS1='[\u@\H \w]# '" >> /etc/profile && source /etc/profile
############################## 7. 更改字符集 ############################################################
cat << 'EOF' > /etc/locale.conf
export LANG="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
EOF
cat << 'EOF' >> /etc/profile
export LANG="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
EOF
source /etc/locale.conf && source /etc/profile
############################## 8. 开机自启动生效字符集 ######################################################################
cat << 'EOF' >> /etc/rc.d/rc.local
source /etc/locale.conf
systemctl restart chronyd.service
EOF
chmod +x /etc/rc.d/rc.local
echo; echo; cat /etc/rc.d/rc.local
############################## 9. Update or Upgrade CentOS Minimal Install ######################################################################
yum update && yum upgrade
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
配置修改主机名
永久修改主机名
hostnamectl set-hostname node1
bash
或者直接修改配置文件 永久生效
cat /etc/hostname
node1
临时修改主机名 (重启失效)
hostname node1
查看主机名
hostname OR hostnamectl
webmin
这是web界面版的linux系统管理工具,提供比如,图形界面创建用户,管理进程,查看文件,编辑文本文件,在线命令行的功能
http://www.webmin.com/
http://aws.as4k.top/chfs/shared/webmin-1.740-1.noarch.rpm
http://fs.as4k.com:7778/chfs/shared/soft/webmin-1.740-1.noarch.rpm
http://fs.as4k.com:7778/chfs/shared/soft/webmin-1.941-1.noarch.rpm
[root@10-255-20-218 webadmin]# rpm -ivh webmin-*.rpm
warning: webmin-1.740-1.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 11f63c51: NOKEY
Preparing... ################################# [100%]
Operating system is CentOS Linux
Updating / installing...
1:webmin-1.740-1 ################################# [100%]
Webmin install complete. You can now login to http://10-255-20-218:10000/
as root with your root password.
[root@10-255-20-218 webadmin]# netstat -lntup | grep 10000
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 30256/perl
udp 0 0 0.0.0.0:10000 0.0.0.0:* 30256/perl
rpm -ql webmin-1.740-1.noarch &> /tmp/tmp.txt
https://192.168.1.118:10000/ root 账号密码登陆
sysctl 内核参数优化
#################################### 基础使用 ############################################################
sysctl - configure kernel parameters at runtime
The parameters available are those listed under /proc/sys/
-a, --all
Display all values currently available.
--system
Load settings from all system configuration files. Files are read from directories in the following list in given order from top to bottom. Once a file of a given filename is loaded,
any file of the same name in subsequent directories is ignored.
/run/sysctl.d/*.conf
/etc/sysctl.d/*.conf
/usr/local/lib/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
/lib/sysctl.d/*.conf
/etc/sysctl.conf
-p[FILE], --load[=FILE]
Load in sysctl settings from the file specified or /etc/sysctl.conf if none given.
最常用的操作就是,把内核参数写入 /etc/sysctl.conf ,然后 sysctl -p 使其生效
可以使用 sysctl -a | grep name 过滤看看是否已更改成功
########################################## 常用内核参数 ##########################################################
cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
#开启IPv4转发。当服务器作为路由网关、反向代理与负载均衡(开启客户端IP透传时)必须开启。
echo 1 > /proc/sys/net/ipv4/ip_forward (当前系统生效,无需重启系统)
ulimit 增大文件描述符
csdn 114299840
Cockpit 在线终端 简单服务器监控
安装
https://cockpit-project.org/running.html#centos
yum install cockpit
==========================================================================================================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================================================================================================
Installing:
cockpit x86_64 195.6-1.el7.centos base 48 k
Installing for dependencies:
cockpit-bridge x86_64 195.6-1.el7.centos base 553 k
cockpit-system noarch 195.6-1.el7.centos base 1.6 M
cockpit-ws x86_64 195.6-1.el7.centos base 806 k
glib-networking x86_64 2.56.1-1.el7 base 145 k
gsettings-desktop-schemas x86_64 3.28.0-3.el7 base 606 k
json-glib x86_64 1.4.2-2.el7 base 134 k
Transaction Summary
==========================================================================================================================================================================================================
sudo systemctl enable --now cockpit.socket
systemctl status cockpit.socket
systemctl restart cockpit.socket
打开WEB界面访问9090端口即可
https://localhost:9090
proxy 代理
[root@as4k conf.d]# cat cockpit-8002.conf
server {
listen 8002 ssl;
server_name as4k.top;
ssl_certificate /root/xsh/as4k-top-cert/4011057_as4k.top.pem;
ssl_certificate_key /root/xsh/as4k-top-cert/4011057_as4k.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# Required to proxy the connection to Cockpit
proxy_pass https://127.0.0.1:9090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Pass ETag header from Cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
}
touch /etc/cockpit/cockpit.conf
[root@as4k conf.d]# cat /etc/cockpit/cockpit.conf
[WebService]
Origins = https://as4k.top:8002 wss://as4k.top:8002
ProtocolHeader = X-Forwarded-Proto
重启nginx 和 cockpit
https://blog.csdn.net/xys2015/article/details/112294941
参考资料
30 Things to Do After Minimal RHEL/CentOS 7 Installation
https://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation
Linux系统内核参数优化
https://www.cnblogs.com/eddie1127/p/11806372.html
limit资源限制ulimit 详解
https://blog.csdn.net/skiwnc/article/details/84100095
https://github.com/lidaohang/quick_location