RHCE实验详解
目录
实验分析
环境拓扑结构
项目需求
主机环境描述
实验步骤
一、密钥互信和主机名更改
二、DNS
三、NGINX
四、MARIADB
五、NFS
六、NTP
七、论坛服务
结果展示及痛点解答
实验分析
环境拓扑结构
项目需求
1. 172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点,该站点在任何路由可达 的主机上被访问,页面内容显示为 "Hello,Welcome to www.exam.com !",并提供 content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所 有主机使用。
2. 172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器,对外提供 NTP 服 务,并设置本服务器为 3 层。
3. 172.25.250.103 主机提供的MySQL 数据库服务,要求使用需求1中提供的仓库进行安装,并将数据 库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。
4. 172.25.250.104 主机提供 NFS 服务,该服务将导出本地的 /bbs 目录作为论坛数据目录,该导出指 定只能论坛所在主机使用,并且开机自动挂载。
5. 172.25.250.105 主机提供 DNS 服务,该服务需要提供对项目中所有主机名的正向和反向解析,并 要求所有服务器的 DNS 配置为该 DNS 服务器。
6. 172.25.250.106 主机提供基于 Discuz 的论坛服务,该论坛服务使用 172.25.250.103 主机提供的数 据库 bbs,使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录,并开机挂载。并使用 172.25.250.101 主机提供的网络仓库,172.25.250.102 主机提供的 NTP 服务,172.25.250.105 主 机提供的 DNS 服务。
7. 所有服务器的防火墙服务和 SELinux 服务必须开启。
8. 所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。
9. 根据所有服务的相关代码,编写一键部署shell脚本,最基础的功能为 通过执行该脚本实现所有上面 所有需求,要求脚本必须在 servera.exam.com 主机上运行,并支持多次运行。
主机环境描述
| 主机名 | 主机地址 | 需要提供的服务 |
| content.exam.com | 172.25.250.101 | 提供基于 httpd/nginx 的 YUM仓库服务 |
| ntp.exam.com | 172.25.250.102 | 提供基于Chronyd 的 NTP 服务 |
| mysql.exam.com | 172.25.250.103 | 提供基于 MySQL 的数据库服务 |
| nfs.exam.com | 172.25.250.104 | 提供基于 NFS 的网络文件系统服务 |
| dns.exam.com | 172.25.250.105 | 提供基于 NFS 的网络文件系统服务 |
| bbs.exam.com | 172.25.250.106 | 提供基于 Discuz 的论坛服务 |
注意:
172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。 172.25.250.106 由 serverb.exam.com 服务器进行提供。
实验步骤
一、密钥互信和主机名更改
#!/bin/bash
#密钥互信
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs=$(ls /mnt/GPL) &> /dev/null
if [ $xs == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
ls /root/.ssh/id_rsa &> /dev/null
yz=$(echo $?)
if [ $yz -eq 0 ]
then
echo "互信已经完成"
else
ssh-keygen -t ed25519 -C "comment" -f /root/.ssh/id_rsa -N ''
fi
mkdir -p /root/.ssh &> /dev/null
chmod 700 /root/.ssh &> /dev/null
touch /root/.ssh/authorized_keys &> /dev/null
chmod 600 /root/.ssh/authorized_keys &> /dev/null
if ! command -v sshpass &> /dev/null
then
yum install -y sshpass &> /dev/null
fi
sshpass -p "redhat" ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.250.106
yz1=$(echo $?)
if [ $yz1 -eq 0 ]
then
echo "连接中......."
else
echo "互信失败"
exit 1
fi
ssh root@172.25.250.106 <<'ALLEOF'
hostnamectl set-hostname serverb.exam.com
nmcli connection modify ens160 ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160
echo "Modified successfully"
ALLEOF
ls /root/.ssh/authorized_keys &> /dev/null
yz2=$(echo $?)
if [ $yz2 -eq 0 ]
then
echo "互信完成OK"
else
scp root@172.25.250.106:/root/.ssh/id_rsa.pub /root/.ssh/authorized_keys &> /dev/null
echo "密钥发送"
fi
hostnamectl set-hostname servera.exam.com &> /dev/null注意:密钥互信的前提是两台主机可以互相登录并且之前没有做过互信,互信使用了sshpass来免密登录,所以需要提前配置仓库下载,密码是106主机上的登录密码,请自行确认密码是否有误。
二、DNS
#!/bin/bash
#dns
nmcli connection modify ens160 +ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection modify ens160 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
if [ $? -eq 0 ]
then
echo "网卡配置成功"
else
echo "网卡配置失败"
exit 2
fi
nmcli connection up ens160 &> /dev/null
pzdns=$(dig | grep SERVER: | awk -F# '{ print $1 }' | awk -F: '{ print $2 }')
if [ "$pzdns" == " 172.25.250.105" ]
then
echo "dns成功修改为172.25.250.105"
else
echo "dns修改失败"
fi
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs2=$(ls /mnt/GPL) &> /dev/null
if [ $xs2 == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
dnf install bind -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep bind &> /dev/null
if [ $? -eq 0 ]
then
echo "bind下载成功"
else
echo "bind下载不成功"
fi
else
echo "bind下载失败"
fi
systemctl enable named &> /dev/null
systemctl start named &> /dev/null
if [ $? -eq 0 ]
then
BINDSTAT=$(systemctl is-active named)
if [ $BINDSTAT == "active" ]
then
echo "bind启动成功"
else
echo "bind启动失败"
fi
fi
cat > /etc/named.conf <<EOF
options {
listen-on port 53 { 172.25.250.105; };
directory "/var/named";
};
zone "exam.com" IN {
type master;
file "named.exam";
};
zone "172.25.250.in-addr.arpa" IN {
type master;
file "named.fanxiang";
};
EOF
cat > /var/named/named.exam <<EOF
\$TTL 1D
@ IN SOA @ admin.exam.com. (
0
1D
1D
2D
1D)
IN NS ns.exam.com.
IN MX 10 mail.exam.com.
ns IN A 172.25.250.99
content IN A 172.25.250.101
www IN A 172.25.250.101
ntp IN A 172.25.250.102
mysql IN A 172.25.250.103
dns IN A 172.25.250.105
nfs IN A 172.25.250.104
bbs IN A 172.25.250.106
EOF
cat > /var/named/named.fanxiang <<EOF
\$TTL 1D
@ IN SOA @ admin.exam.com. (1
1
1
1
1)
IN NS dns.exam.com.
105 IN PTR dns.exam.com.
101 IN PTR www.exam.com.
101 IN PTR content.exam.com.
102 IN PTR ntp.exam.com.
103 IN PTR mysql.exam.com.
104 IN PTR nfs.exam.com.
106 IN PTR bbs.exam.com.
EOF
systemctl enable named --now &> /dev/null
fhq_dns=`firewall-cmd --list-services | grep -o dns`
if [ -z $fhq_dns ]
then
firewall-cmd --permanent --add-service=dns &> /dev/null
firewall-cmd --reload &> /dev/null
else
echo "dns防火墙配置成功"
fi
systemctl restart named &> /dev/null
if [ $? -eq 0 ]
then
echo "dns重启成功,dns配置完成"
else
echo "dns重启失败"
fi注意:网卡配置时,查看自己的网卡名称是否为ens160,不是则更改;在DNS配置文件写入时,对于定义变量的$,在其前面要加上\防止它不能写入。
三、NGINX
#NGINX
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs3=$(ls /mnt/GPL) &> /dev/null
if [ $xs3 == "/mnt/GPL" ]
then
echo "挂载成功,本地源配置成功"
else
echo "挂载失败"
exit 2
fi
dnf install nginx -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep nginx &> /dev/null
if [ $? -eq 0 ]
then
echo "nginx下载成功"
else
echo "nginx下载不成功"
fi
else
echo "nginx下载失败"
fi
systemctl enable nginx &> /dev/null
systemctl start nginx &> /dev/null
if [ $? -eq 0 ]
then
NGINXSTAT=$(systemctl is-active nginx)
if [ $NGINXSTAT == "active" ]
then
echo "nginx启动成功"
else
echo "nginx启动失败"
fi
else
echo "nginx启动失败"
fi
cat > /etc/nginx/nginx.conf << EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user \$time_local "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 172.25.250.101;
server_name www.exam.com;
root /www;
index index.html index.htm;
location / {
try_files \$uri \$uri/ =404;
allow all;
}
location /www/ {
deny all;
allow all;
internal;
}
location /www/yum/ {
allow all;
deny all;
allow all;
}
}
}
EOF
echo "Hello,Welcome to www.exam.com!" > /www/index.html
systemctl start firewalld.service &> /dev/null
fhq_nginx=`firewall-cmd --list-services | grep -o http`
if [ -z $fhq_nginx ]
then
firewall-cmd --permanent --add-service=http &> /dev/null
firewall-cmd --reload &> /dev/null
echo "nginx的防火墙配置成功"
else
echo "nginx的防火墙配置成功"
fi
chcon_http=`ls -Zl /www/index.html | awk '{print $5}' | awk -F: '{print $3}'`
if [ "$chcon_http" = "httpd_sys_content_t" ]
then
echo "标签修改成功"
else
chcon -t httpd_sys_content_t /www/index.html
fi
yum="/www/yum"
if [ -d $yum ]
then
echo "yum文件已经存在,不需要创建了"
else
mkdir -p /www/yum &> /dev/null
echo "yum文件已经创建"
fi
systemctl restart nginx &> /dev/null
NGPAGE=$(curl -s 172.25.250.101)
if [ "$NGPAGE" == "Hello,Welcome to www.exam.com!" ]
then
echo "nginx服务完成"
else
echo "nginx服务出现错误"
fi
mount=`df -h | grep /dev/sr0 | awk '{print $6}'`
if [ $mount = /www/yum ]
then
echo "挂载成功"
elif [ -z $mount ]; then
umount /dev/sr0 /mnt &> /dev/null
mount /dev/sr0 /www/yum &> /dev/null
else
umount /dev/sr0 &> /dev/null
mount /dev/sr0 /www/yum &> /dev/null
fi
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
dnf install -y vim net-tools bash-com* &> /dev/null
if [ $? -eq 0 ]
then
echo "yum源配置成功"
else
echo "yum源配置失败"
fi四、MARIADB
#MARIADB
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs4=$(ls /mnt/GPL) &> /dev/null
if [ $xs4 == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
yum install mariadb-server -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep mariadb &> /dev/null
if [ $? -eq 0 ]
then
echo "mariadb下载成功"
else
echo "mariadb下载不成功"
fi
else
echo "mariadb下载失败"
fi
systemctl enable mariadb &> /dev/null
systemctl start mariadb &> /dev/null
if [ $? -eq 0 ]
then
MARSTAT=$(systemctl is-active mariadb)
if [ $MARSTAT == "active" ]
then
echo "mariadb启动成功"
else
echo "mariadb启动失败"
fi
fi
mysql -u root -predhat << EOF
use mysql;
grant all privileges on *.* to 'root'@'%' identified by 'redhat';
CREATE DATABASE IF NOT EXISTS bbs;
FLUSH PRIVILEGES;
\q;
EOF
if ! firewall-cmd --quiet --query-port=3306/tcp
then
firewall-cmd --permanent --add-port=3306/tcp
echo "3306端口已成功添加到防火墙规则"
else
echo "3306端口已经在防火墙规则中,无需重复添加"
fi
if ! firewall-cmd --quiet --query-service=mysql
then
firewall-cmd --permanent --add-service=mysql
echo "MYSQL服务已成功添加到防火墙规则"
else
echo "MYSQL服务已经在防火墙规则中,无需重复添加"
fi
firewall-cmd --reload &>/dev/null注意:在下载mariadb之前请确保主机没有关于mysql的服务,如果有的话可能导致mariadb无法下载和启动;由于mariadb是默认不开启远程登录的,所以需要在数据库开启远程登录。
五、NFS
#NFS
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs5=$(ls /mnt/GPL) &> /dev/null
if [ $xs5 == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
dnf install nfs-utils -y &> /dev/null
if [ $? -eq 0 ]
then
rpm -qa | grep nfs &> /dev/null
if [ $? -eq 0 ]
then
echo "nfs下载成功"
else
echo "nfs下载不成功"
fi
else
echo "nfs下载失败"
fi
systemctl enable nfs-server &> /dev/null
systemctl start nfs-server
if [ $? -eq 0 ]
then
NFSSTAT=$(systemctl is-active nfs)
if [ $NFSSTAT == "inactive" ]
then
echo "nfs启动成功"
else
echo "nfs启动失败"
fi
fi
cs="/bbs"
if [ -d $cs ]
then
echo "nfs文件已经存在,不需要创建了"
else
mkdir /bbs &> /dev/null
echo "nfs文件已经创建"
fi
chmod 777 /bbs/ -R
cat > /etc/exports << EOF
/bbs 172.25.250.106(rw)
EOF
systemctl start firewalld.service &> /dev/null
fhq_nfs=`firewall-cmd --list-services | grep -o nfs`
if [ -z $fhq_nfs ]
then
firewall-cmd --permanent --add-service=mountd &> /dev/null
firewall-cmd --permanent --add-service=rpc-bind &> /dev/null
firewall-cmd --permanent --add-service=nfs &> /dev/null
firewall-cmd --reload &> /dev/null
echo "nfs的防火墙配置成功"
else
echo "nfs的防火墙配置成功"
fi
systemctl restart nfs-server
if [ $? -eq 0 ]
then
echo "nfs重启成功"
else
echo "nfs重启失败"
fi六、NTP
#NTP
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt &> /dev/null
xs6=$(ls /mnt/GPL) &> /dev/null
if [ $xs6 == "/mnt/GPL" ]
then
echo "挂载成功"
else
echo "挂载失败"
exit 2
fi
rpm -qa | grep chrony &> /dev/null
if [ $? -eq 0 ]
then
echo "chrony已经可以使用"
else
dnf install chrony -y &> /dev/null
if [ $? -eq 0 ]
then
echo "chrony下载成功"
else
echo "chrony下载不成功"
fi
fi
systemctl enable chrony &> /dev/null
systemctl start chrony &> /dev/null
if [ $? -eq 0 ]
then
CHRONYSTAT=$(systemctl is-active named)
if [ $CHRONYSTAT == "inactive" ]
then
echo "chrony启动成功"
else
echo "chrony启动失败"
fi
fi
if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
echo "chrony——pool 2.rhel.pool.ntp.org iburst已被注释,无需修改"
else
sudo sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
echo "chrony——已成功注释pool 2.rhel.pool.ntp.org iburst"
fi
chrony_server="server 172.25.250.102 iburst"
if grep -q "$chrony_server" /etc/chrony.conf
then
echo "chrony——server 172.25.250.102 iburst已存在,无需添加"
else
sudo sed -i '$a'"$chrony_server" /etc/chrony.conf
echo "chrony——server 172.25.250.102 iburst已成功添加!"
fi
chrony_allow="allow 172.25.250.0/24"
if grep -q "$chrony_allow" /etc/chrony.conf
then
echo "chrony——allow 172.25.250.0/24已存在,无需添加"
else
sudo sed -i '$a'"$chrony_allow" /etc/chrony.conf
echo "chrony——allow 172.25.250.0/24已成功添加"
fi
chrony_stratum="local stratum 3"
if grep -q "$chrony_stratum" /etc/chrony.conf
then
echo "chrony——local stratum 3已存在,无需添加"
else
sudo sed -i '$a'"$chrony_stratum" /etc/chrony.conf
echo "chrony——local stratum 3已成功添加"
fi
sudo sed -i '/^#log measurements statistics tracking/s/^#//' /etc/chrony.conf
systemctl restart chronyd.service
if [ $? -eq 0 ]
then
echo "chrony重启成功"
else
echo "chrony重启失败"
fi
systemctl enable --now cockpit.socket
fhq_ntp=`firewall-cmd --list-services | grep -o ntp`
if [ -z $fhq_ntp ]
then
firewall-cmd --permanent --add-service=ntp &> /dev/null
firewall-cmd --reload &> /dev/null
echo "ntp的防火墙配置成功"
else
echo "ntp的防火墙配置成功"
fi
ssh root@172.25.250.106 << ALLEOF
if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
echo "chrony——pool 2.rhel.pool.ntp.org iburst已被注释,无需修改"
else
sudo sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
echo "chrony——已成功注释pool 2.rhel.pool.ntp.org iburst"
fi
chrony_server="server 172.25.250.102 iburst"
if grep -q "\$chrony_server" /etc/chrony.conf
then
echo "chrony——server 172.25.250.102 iburst已存在,无需添加"
else
sudo sed -i '\$a'"\$chrony_server" /etc/chrony.conf
echo "chrony——server 172.25.250.102 iburst已成功添加"
fi
sudo sed -i '/^#log measurements statistics tracking/s/^#//' /etc/chrony.conf
fhq_ntp1=`firewall-cmd --list-services | grep -o ntp`
if [ -z \$fhq_ntp1 ]
then
firewall-cmd --permanent --add-service=ntp &> /dev/null
firewall-cmd --reload &> /dev/null
echo "ntp的防火墙配置成功"
else
echo "ntp的防火墙配置成功"
fi
ALLEOF
七、论坛服务
#luntan
ssh root@172.25.250.106 << ALLEOF
rm -rf /etc/yum.repos.d/*
cat << EOFA > /etc/yum.repos.d/base.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
enabled=1
gpgcheck=0
[Appstream]
name=AppStream
baseurl=/mnt/AppStream
enabled=1
gpgcheck=0
EOFA
mount /dev/sr0 /mnt & > /dev/null
dnf install chrony nfs-utils bind bind-utils php* unzip nginx -y &> /dev/null
mkdir -p /var/www/html/bbs & > /dev/null
mount 172.25.250.104:/bbs /var/www/html/bbs & > /dev/null
echo '172.25.250.104:/bbs /var/www/html/bbs nfs defaults 0 0' >> /etc/fstab
mount -a & > /dev/null
systemctl restart nfs-server & > /dev/null
cd /var/www/html/bbs
if [ -d "upload" ]
then
echo "Discuz压缩包已解压"
else
rm -rf *
unzip /root/Discuz_X3.5_SC_UTF8_20230520.zip
cd
chmod -R 777 /var/www/html/bbs
fi
rm -rf /etc/nginx/conf.d/* & > /dev/null
cat > /etc/nginx/conf.d/php-fpm.conf << 'EOFA'
upstream php-fpm {
server unix:/run/php-fpm/www.sock;
}
EOFA
cat > /etc/nginx/conf.d/vhost.conf << 'EOFR'
server {
listen 80;
server_name bbs.exam.com; # 替换为你的域名
root /var/www/html/bbs; # Discuz源码目录
index index.php index.html index.htm;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
EOFR
cat >> /etc/resolv.conf << EOFC
search localdomain
nameserver 172.25.250.105
EOFC
firewall-cmd --permanent --add-service=http &> /dev/null
if [ $? -eq 0 ]
then
echo "HTTP service added to firewall successfully."
else
echo "Failed to add HTTP service to firewall."
exit 1
fi
firewall-cmd --reload &> /dev/null
if [ $? -eq 0 ]
then
echo "Firewall reloaded successfully."
else
echo "Failed to reload firewall."
exit 1
fi
setsebool -P httpd_use_nfs 1 &> /dev/null
if [ $? -eq 0 ]
then
echo "SELinux boolean httpd_use_nfs set successfully."
else
echo "Failed to set SELinux boolean httpd_use_nfs."
exit 1
fi
setsebool -P httpd_can_network_connect_db 1 &> /dev/null
if [ $? -eq 0 ]
then
echo "SELinux boolean httpd_can_network_connect_db set successfully."
else
echo "Failed to set SELinux boolean httpd_can_network_connect_db."
exit 1
fi
systemctl restart nginx.service
ALLEOF注意:在远程登录时写入文件时\无法再使得$可以正常写入,于是需要将写入文件时结尾的EOFR加上单引号,来避免这种情况;请确保论坛服务的压缩包在106的主机上。
结果展示及痛点解答
一、若出现404错误则首先查看论坛的nginx服务配置是否正确,检查/etc/nginx/conf.d/目录下面的是否除了php和配置文件有其他文件。
二、若出现数据库连接拒绝访问,则检查mariadb是否支持远程登录。
三、若站点安装之后需要重新安装,由于安装锁定,则请到服务器上删除./data/install.lock,才能重新安装。
四、若在安装时关闭安装界面,则会使得安装失败并且报错,则请恢复快照或者执行三步骤。
五、若nginx由于80端口被占用无法启动,使用fuser -n tcp 80 查看占用端口,并杀死再重新启动。
六、若第一次运行出现了服务无法运行,无法启动请再次运行。
若遇到不可解决问题请留言 ......