| 知乎专栏 |
目录
![[注意]](/graphics/note.png) | 对初学Linux的爱好者忠告 |
|---|---|
|
玩Linux最忌reboot(重新启动)这是windows玩家坏习惯 Linux只要接上电源你就不要再想用reboot,shutdown,halt,poweroff命令,Linux系统和应用软件一般备有reload,reconfigure,restart/start/stop...不需要安装软件或配置服务器后使用reboot重新引导计算机 在Linux系统里SIGHUP信号被定义为刷新配置文件,有些程序没有提供reload参数,你可以给进程发送HUP信号,让它刷新配置文件,而不用restart.通过pkill,killall,kill 都可以发送HUP信号例如: pkill -HUP httpd |
CentOS 8 的后续版本,CentOS 替代方案
查看 U 盘设备
Neo-iMac:~ neo$ diskutil list
/dev/disk0 (internal, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *28.0 GB disk0
1: EFI EFI 314.6 MB disk0s1
2: Apple_APFS Container disk2 27.7 GB disk0s2
/dev/disk1 (internal, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *1.0 TB disk1
1: EFI EFI 209.7 MB disk1s1
2: Apple_APFS Container disk2 1000.0 GB disk1s2
/dev/disk2 (synthesized):
#: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme - +1.0 TB disk2
Physical Stores disk0s2, disk1s2
1: APFS Volume Macintosh HD - 数据 148.6 GB disk2s1
2: APFS Volume Preboot 269.0 MB disk2s2
3: APFS Volume Recovery 1.1 GB disk2s3
4: APFS Volume VM 2.2 GB disk2s4
5: APFS Volume Macintosh HD 15.7 GB disk2s5
6: APFS Snapshot com.apple.os.update-... 15.7 GB disk2s5s1
7: APFS Volume Data 2.1 GB disk2s7
/dev/disk3 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: *30.8 GB disk3
/dev/disk3 是 U 盘,使用下面命令将ISO镜像制作成启动盘
Neo-iMac:Data neo$ ls Rocky-8.5-x86_64-minimal.iso Neo-iMac:Data neo$ sudo dd if=Rocky-8.5-x86_64-minimal.iso of=/dev/rdisk3 bs=100m Password:
过程比较缓慢,请耐心等待
sudo dd if=Rocky-9.0-x86_64-minimal.iso of=/dev/rdisk4 bs=100m
Rocky Linux 安装过程与 CentOS 8 没有太大差异。
首次安装后初始化系统
cp /etc/dnf/dnf.conf{,.original}
echo "fastestmirror=true" >> /etc/dnf/dnf.conf
dnf makecache
Extra Packages for Enterprise Linux repository configuration
dnf -y upgrade dnf -y install epel-release
管理员常用工具
dnf install -y bzip2 tree psmisc \ telnet wget rsync vim-enhanced \ net-tools bind-utils
设置终端字符集(这样对 macOS 更友好),还可以解决 Failed to set locale, defaulting to C.UTF-8 问题
dnf install -y langpacks-en glibc-langpack-en localectl set-locale LANG=en_US.UTF-8 cat >> /etc/environment <<EOF LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LC_CTYPE=UTF-8 EOF
设置历史记录格式,可以看到命令的执行时间
cat >> /etc/profile.d/history.sh <<EOF # Administrator specific aliases and functions for system security export HISTSIZE=10000 export HISTFILESIZE=10000 export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " export TIME_STYLE=long-iso EOF source /etc/profile.d/history.sh
sysctl 优化
cat >> /etc/sysctl.conf <<EOF # add by netkiller net.ipv4.ip_local_port_range = 10000 65500 net.core.somaxconn = 1024 vm.max_map_count = 262144 # TCP BBR net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr EOF sysctl -p
确认 ulimit 已经优化
cat > /etc/security/limits.d/20-nofile.conf <<EOF root soft nofile 65535 root hard nofile 65535 docker soft nofile 65535 docker hard nofile 65535 EOF
设置时区
timedatectl set-timezone Asia/Shanghai
安装时间同步服务 chronyd 并确认工作正常
dnf install -y chrony systemctl enable chronyd systemctl start chronyd
zmodem 用来上传和下载文件(注意 macOS 的 Terminal.app 不支持)
dnf install -y lrzsz
优化 SSH
cp /etc/ssh/sshd_config{,.original}
vim /etc/ssh/sshd_config <<EOF > /dev/null 2>&1
:43,43s/PermitRootLogin yes/PermitRootLogin no/
:84,84s/GSSAPIAuthentication yes/GSSAPIAuthentication no/
:99,99s/#AllowTcpForwarding yes/AllowTcpForwarding no/
:106,106/X11Forwarding yes/X11Forwarding no/
:116,116s/#TCPKeepAlive yes/TCPKeepAlive yes/
:121,121s/#UseDNS no/UseDNS no/
:wq
EOF
禁止 root 登陆,开启 sudo
禁用普通用户,我们需要一个普通用户登陆,然后使用 sudo 暂时获得 root 权限,我不打算新建一个用户,发现系统里面内置了 operator 这个操作员用户符合我的需求。
usermod -s /bin/bash -aG wheel operator
PASSWORD=$(cat /dev/urandom | tr -dc [:alnum:] | head -c 32)
echo operator:${PASSWORD} | chpasswd
echo "operator password: ${PASSWORD}"
将 /usr/local/sbin:/usr/local/bin 路径加入到 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin,否则sudo找不到 /usr/local/sbin:/usr/local/bin 中的可执行文件。
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
systemctl restart sshd
cp /etc/sudoers{,.original}
sed -i '88s#$#:/usr/local/sbin:/usr/local/bin#' /etc/sudoers
visudo -c
[root@netkiller ~]# dnf search dotnet Last metadata expiration check: 0:30:16 ago on Mon 06 Jan 2025 11:11:05 AM CST. =============================================================== Name Matched: dotnet ================================================================ dotnet-apphost-pack-6.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 6.0 dotnet-apphost-pack-7.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 7.0 dotnet-apphost-pack-8.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 8.0 dotnet-apphost-pack-9.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 9.0 dotnet-host.x86_64 : .NET command line launcher dotnet-hostfxr-6.0.x86_64 : .NET command line host resolver dotnet-hostfxr-7.0.x86_64 : .NET command line host resolver dotnet-hostfxr-8.0.x86_64 : .NET command line host resolver dotnet-hostfxr-9.0.x86_64 : .NET command line host resolver dotnet-runtime-6.0.x86_64 : NET 6.0 runtime dotnet-runtime-7.0.x86_64 : NET 7.0 runtime dotnet-runtime-8.0.x86_64 : NET 8.0 runtime dotnet-runtime-9.0.x86_64 : NET 9.0 runtime dotnet-runtime-dbg-8.0.x86_64 : Managed debug symbols NET 8.0 runtime dotnet-runtime-dbg-9.0.x86_64 : Managed debug symbols NET 9.0 runtime dotnet-sdk-6.0.x86_64 : .NET 6.0 Software Development Kit dotnet-sdk-7.0.x86_64 : .NET 7.0 Software Development Kit dotnet-sdk-8.0.x86_64 : .NET 8.0 Software Development Kit dotnet-sdk-9.0.x86_64 : .NET 9.0 Software Development Kit dotnet-sdk-aot-9.0.x86_64 : Ahead-of-Time (AOT) support for the .NET 9.0 Software Development Kit dotnet-sdk-dbg-8.0.x86_64 : Managed debug symbols for the .NET 8.0 Software Development Kit dotnet-sdk-dbg-9.0.x86_64 : Managed debug symbols for the .NET 9.0 Software Development Kit dotnet-targeting-pack-6.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 6.0 dotnet-targeting-pack-7.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 7.0 dotnet-targeting-pack-8.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 8.0 dotnet-targeting-pack-9.0.x86_64 : Targeting Pack for Microsoft.NETCore.App 9.0 dotnet-templates-6.0.x86_64 : .NET 6.0 templates dotnet-templates-7.0.x86_64 : .NET 7.0 templates dotnet-templates-8.0.x86_64 : .NET 8.0 templates dotnet-templates-9.0.x86_64 : .NET 9.0 templates
[root@netkiller ~]# dnf search aspnetcore Last metadata expiration check: 0:31:08 ago on Mon 06 Jan 2025 11:11:05 AM CST. ======================================================== Name & Summary Matched: aspnetcore ========================================================= aspnetcore-targeting-pack-6.0.x86_64 : Targeting Pack for Microsoft.AspNetCore.App 6.0 aspnetcore-targeting-pack-7.0.x86_64 : Targeting Pack for Microsoft.AspNetCore.App 7.0 aspnetcore-targeting-pack-8.0.x86_64 : Targeting Pack for Microsoft.AspNetCore.App 8.0 aspnetcore-targeting-pack-9.0.x86_64 : Targeting Pack for Microsoft.AspNetCore.App 9.0 ============================================================= Name Matched: aspnetcore ============================================================== aspnetcore-runtime-6.0.x86_64 : ASP.NET Core 6.0 runtime aspnetcore-runtime-7.0.x86_64 : ASP.NET Core 7.0 runtime aspnetcore-runtime-8.0.x86_64 : ASP.NET Core 8.0 runtime aspnetcore-runtime-9.0.x86_64 : ASP.NET Core 9.0 runtime aspnetcore-runtime-dbg-8.0.x86_64 : Managed debug symbols for the ASP.NET Core 8.0 runtime aspnetcore-runtime-dbg-9.0.x86_64 : Managed debug symbols for the ASP.NET Core 9.0 runtime
[Unit] Description="Netkiller Service" Wants=network-online.target StartLimitIntervalSec=60 StartLimitBurst=5 [Service] WorkingDirectory=/srv/RCT/WD.Net.Web.Admin ExecStart=dotnet /srv/RCT/WD.Net.Web.Admin/bin/Release/net7.0/WD.Net.Web.Admin.dll --urls "http://*:8086" Restart=always RestartSec=10s StartLimitInterval=0 [Install] WantedBy=default.target
[root@netkiller ~]# systemctl start api.service [root@netkiller ~]# systemctl status api.service
配置文件中设置端口
dotnet YourApp.dll --urls "http://*:5002"
在 appsettings.json 或 appsettings.Production.json 中直接配置端口号:
示例:
{
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://localhost:5003"
}
}
}
}
[root@netkiller net7.0]# ss -lnt | egrep "8085|8086" LISTEN 0 512 *:8086 *:* LISTEN 0 512 *:8085 *:*