07 Nginx系统环境准备

07 Nginx系统环境准备

07.1 环境准备

虚拟机:VMware
操作系统版本:Centos7
命令行连接工具:Xshell、SecureCRT 
网络

07.2 确认centos的内核

  准备一个内核2.6及以上版本的操作系统,因为Linux2.6及以上内核才支持 epoll(Linux系统内核的一个函数、类似Java、Python中一个方法),而 Nginx 解决高并发压力需要用到 epoll

# 查询linux内核版本
[root@nginx-100 ~]# uname -a
Linux nginx-100 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

07.3 确认centos能联网

# 确定网络命令
[root@nginx-100 ~]# ping -c3 www.baidu.com
PING www.a.shifen.com (110.242.70.57) 56(84) bytes of data.
64 bytes from 110.242.70.57 (110.242.70.57): icmp_seq=1 ttl=128 time=18.5 ms
64 bytes from 110.242.70.57 (110.242.70.57): icmp_seq=2 ttl=128 time=14.1 ms
64 bytes from 110.242.70.57 (110.242.70.57): icmp_seq=3 ttl=128 time=13.4 ms

--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 13.460/15.360/18.501/2.239 ms

三种网络模式:

桥接模式:外部的PC电脑主机需通过网线与交换机连接(一旦网线断掉,内部的虚拟机将无法访问互联网)

image

仅主机模式:相当于主机与虚拟机之间有一个网线(虚拟机通过外部PC电脑上网)

image

NAT 模式:虚拟机与主机共用同一网络

image

07.4 确认关闭 firewalld防火墙

  建议关掉 firewalld 防火墙,防止对 Nginx 课程学习的实验干扰

# 临时关闭运行的防火墙,系统重新启动后,防火墙将重新打开
[root@nginx-100 ~]# systemctl stop firewalld
# 永久关闭防火墙,系统重新启动后,防火墙依然关闭
[root@nginx-100 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
# 查看防火墙状态
[root@nginx-100 ~]# systemctl status firewalld
'● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Mar 09 23:24:21 nginx-100 systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 09 23:24:21 nginx-100 systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 09 23:24:21 nginx-100 firewalld[16974]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure con...t now.
Mar 09 23:25:02 nginx-100 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Mar 09 23:25:03 nginx-100 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

07.5 确认关闭 selinux防火墙

  selinux(security-enhanced linux),美国安全局对于强制访问控制的实现,在 linux2.6内核以上的版本,selinux已成为内核中的一部分,可以说 selinux 是 linux 史上最杰出的新安全子系统之一,关闭 selinux,防止对 Nginx 课程学习的实验干扰

# 查看selinux 防火墙状态:sestatus、getenforce
[root@nginx-100 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@nginx-100 ~]# getenforce
Enforcing
# 修改配置文件
[root@nginx-100 ~]# vim /etc/selinux/config
......
#SELINUX=enforcing
SELINUX=disabled
......

重启服务器:reboot

再次连接终端,查看 selinux 已关闭

[root@nginx-100 ~]# sestatus
SELinux status:                 disabled
[root@nginx-100 ~]# getenforce
Disabled

 

———————————————————————————————————————————————————————————————————————————

                                                                                                                         无敌小马爱学习

posted on 2026-03-07 23:58  马俊南  阅读(4)  评论(0)    收藏  举报