背景
去年购买BWH的海外VPS服务器到期,不得不说BWH的服务器真是贵,所以最近新换了个服务商的VPS服务器。在这几分享下新购服务器后基本操作,以下centos7操作系统为例
具体操作
1.使用ROOT创建普通用户
useradd xiaoming
passwd xiaoming
2.修改sshd监听端口并禁止ROOT用户直接登录
vi /etc/ssh/sshd_config
PermitRootLogin no
Port 2222
# SELinux的策略
yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 2222
# 防火墙放通 2222端口
firewall-cmd --permanent --zone=public --add-port=2222/tcp
firewall-cmd --reload
# 重启ssh服务
systemctrl restart sshd
3.使用iptables替换firewall
# 禁用firwall
systemctl stop firewalld.service
systemctl disable firewalld.service
# 安装iptables
yum install iptables-services -y
systemctl enable iptables
systemctl start iptables
#编辑防火墙配置文件
vim /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# 重启iptables
systemctl restart iptables
4.关闭非业务端口服务关闭(25端口)
systemctl stop postfix
systemctl disable postfix
5.安装nginx
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx
6.安装docker
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动Docker
systemctl start docker
# 停止Docker
systemctl stop docker
# 重启
systemctl restart docker
# 设置开机自启
systemctl enable docker
# 执行docker ps命令,如果不报错,说明安装启动成功
docker ps