Featured image of post 分享新购VPS服务器基本操作

分享新购VPS服务器基本操作

背景

去年购买BWH的海外VPS服务器到期,不得不说BWH的服务器真是贵,所以最近新换了个服务商的VPS服务器。在这几分享下新购服务器后基本操作,以下centos7操作系统为例

具体操作

1.使用ROOT创建普通用户

useradd xiaoming
passwd xiaoming

2.修改sshd监听端口并禁止ROOT用户直接登录

vi /etc/ssh/sshd_config

PermitRootLogin no
Port 2222

# SELinux的策略
yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 2222 

# 防火墙放通 2222端口
firewall-cmd --permanent --zone=public --add-port=2222/tcp
firewall-cmd --reload
# 重启ssh服务
systemctrl restart sshd

3.使用iptables替换firewall

# 禁用firwall
systemctl stop firewalld.service
systemctl disable firewalld.service
# 安装iptables
yum install iptables-services -y
systemctl enable iptables
systemctl start iptables
 
#编辑防火墙配置文件
vim /etc/sysconfig/iptables 

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# 重启iptables
systemctl restart iptables

4.关闭非业务端口服务关闭(25端口)

systemctl stop postfix
systemctl disable postfix

5.安装nginx

rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx

6.安装docker

yum install -y yum-utils 
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动Docker    
systemctl start docker
# 停止Docker    
systemctl stop docker
# 重启    
systemctl restart docker
# 设置开机自启    
systemctl enable docker
# 执行docker ps命令,如果不报错,说明安装启动成功    
docker ps
Licensed under CC BY-NC-SA 4.0
最后更新于 2024-05-03 08:30 EDT