CentOS 7 基础环境搭建

在CentOS 7 初步服务配置之后，离一个正式部署应用的环境依然还有很多事情需要做。例如，nginx，jdk，redis，开发环境等，接下来，我们尝试在CentOS 7下编译安装nginx，redis，jdk。

开发环境包

如果需要一个简单的编译环境，在完成更新之后，可安装这些包：

sudo yum install make automake gcc gcc-c++ kernel-devel
# debain 系
sudo apt install make automake gcc gcc-c++ kernel-devel

想要大而全，我们可以直接批量安装开发工具集：

group install 安装过程中可能存在
Warning: Group development does not have any packages to install.
Maybe run: yum groups mark install (see man yum)
No packages in any requested group available to install or updateMaybe run: yum groups mark install (see man yum)
Error: No packages in any requested group available to install or update.
相关的报错，具体安装见下操作。

sudo yum clean all 
sudo yum groups list
sudo yum groups install "Development Tools"
# 也许需要用上这几行命令
sudo yum groups list hidden
sudo yum groups info 'Development Tools'
sudo yum groups install "Development Tools"
# 或者是下面的
sudo yum groupinstall "Development Tools" --setopt=group_package_types=mandatory,default,optional
# 再或者
yum groups mark install "Development Tools"
yum groups mark convert "Development Tools"
yum groupinstall "Development Tools"
# 安装完了，再补上下面的
sudo yum install make automake gcc gcc-c++ kernel-devel

anyway，这个已经是70+程序包的大集合了。绝对的是超大包。

再补充一个阿里云的EPEL源。操作见下：

wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
yum makecache

对于debain系的。可以运行下面命令：

sudo apt install build-essential

编译安装nginx

默认安装

这个实践我们可以查看nginx默认安装相关的模块，默认安装之前，同样需要安装nginx相关的依赖。

1、linux内核版本

uname -a
Linux haproxy-node-b 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

2、GCC编译器
GCC（GNU Compiler Collection）可用来编译C语言程序。Nginx不会直接提供二进制可执行程序,只能下载源码进行编译。

3、PCRE库
PCRE（Perl Compatible Regular Expressions，Perl兼容正则表达式）是由Philip Hazel开发的函数库，目前为很多软件所使用，该库支持正则表达式。

4、zlib库
zlib库用于对HTTP包的内容做gzip格式的压缩，如果我们在nginx.conf里配置了gzip on，并指定对于某些类型（content-type）的HTTP响应使用gzip来进行压缩以减少网络传输量。

5、OpenSSL开发库
如果我们的服务器不只是要支持HTTP，还需要在更安全的SSL协议上传输HTTP，那么就需要拥有OpenSSL了。另外，如果我们想使用MD5、SHA1等散列函数，那么也需要安装它。
上面几个库都是Nginx 基础功能所必需的，为简单起见我们可以通过yum 命令统一安装。

yum install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel pcre pcre-devel -y

6、安装nginx

nginx 下载官网链接，目前的稳定版版本已经到了1.22.1。使用命令下载：

wget https://nginx.org/download/nginx-1.22.1.tar.gz

下载完成后，解压源码程序包，默认安装

tar -zxvf nginx-1.22.1.tar.gz -C /usr/local/src/
cd /usr/local/src/nginx-1.22.1/
# 编译参数默认安装
[root@haproxy-node-b nginx-1.22.1]# ./configure 
checking for OS
 + Linux 3.10.0-1160.80.1.el7.x86_64 x86_64
checking for C compiler ... found
 + using GNU C compiler
 + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
checking for gcc -pipe switch ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
.............省略........................
checking for zlib library ... found
creating objs/Makefile

Configuration summary
  + using system PCRE library
  + OpenSSL library is not used
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

make && make install

默认安装可以查看编译模块信息：

[root@haproxy-node-b sbin]# ./nginx -V
nginx version: nginx/1.20.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
configure arguments:

编译安装

如果有对nginx的其它模块需求，可以在编译过程中添加具体的编译参数。程序目录中使用./configure --help查看nginx的编译参数。

重新编译后，执行mark，mark install覆盖安装。在重新编译安装前，建议对之前的配置文件进行备份。

在重新编译参数后，编译过程如遇到依赖问题，直接yum安装对应的程序包即可。重新编译安装过的程序，安装后，再次查看编译的模块信息，如下：

[root@haproxy-node-b nginx]# ./sbin/nginx -V
nginx version: nginx/1.20.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_geoip_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module

编译引用指定模块

通过查看nginx的编译参数，我们可以看到，可以手动指定模块的引用。以下实践编译安装OpenSSL,Pcre,Zlib。再指定nginx编译模块路径。

编译安装OpenSSL

OpenSSL最新的稳定版本是支持到2026年9月7日的3.0系列。这也是一个长期支持(LTS)版本。之前的LTS版本（1.1.1 系列）也可用并支持到2023年9月11日。

下载OpenSSL

[root@haproxy-node-b tools]# wget https://www.openssl.org/source/openssl-3.0.7.tar.gz
--2022-11-25 16:29:45--  https://www.openssl.org/source/openssl-3.0.7.tar.gz
Resolving www.openssl.org (www.openssl.org)... 23.76.66.203, 2600:1417:e800:186::c1e, 2600:1417:e800:182::c1e
Connecting to www.openssl.org (www.openssl.org)|23.76.66.203|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15107575 (14M) [application/x-gzip]
Saving to: ‘openssl-3.0.7.tar.gz’

100%[======================================>] 15,107,575  7.42MB/s   in 1.9s   

2022-11-25 16:29:47 (7.42 MB/s) - ‘openssl-3.0.7.tar.gz’ saved [15107575/15107575]

即便是OpenSSL的3.0.0版本，也是存在漏洞的。在3.0.2版本解决了openssl出现拒绝服务漏洞【CVE-2022-0778】。

CentOS 7 系统默认的OpenSSL版本为：

openssl version -a
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(8x,char) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic

编译和安装OpenSSL

yum install perl-IPC-Cmd pcre pcre-devel -y

cd /usr/local/src/openssl-3.0.7/
./config --prefix=/usr/local/openssl3 --openssldir=/usr/local/openssl3 shared zlib
make
make install

配置链接库

1、在目录/etc/ld.so.conf.d下创建一个名为openssl-3.conf的文件：

cd /etc/ld.so.conf.d/
vim openssl-3.conf
# 文件内容
/usr/local/openssl3/lib64

2、创建软链接

ln -s /usr/local/openssl3/lib64/libssl.so.3 /usr/lib64/
ln -s /usr/local/openssl3/lib64/libcrypto.so.3 /usr/lib64/

如果已存在(file exist),则进行覆盖。

ln -s /usr/local/openssl3/lib64/libssl.so.3 /usr/lib64/
ln -s /usr/local/openssl3/lib64/libcrypto.so.3 /usr/lib64/

配置环境变量

备份原有的openssl版本。

mv /usr/bin/openssl /usr/bin/openssl.backup

创建环境变量

vim /etc/profile.d/openssl.sh
# 变量内容
#Set OPENSSL_PATH
OPENSSL_PATH="/usr/local/openssl3/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
# 重新引用环境变量
source /etc/profile.d/openssl.sh

检查OpenSSL位置

[root@haproxy-node-b ~]# which openssl
/usr/local/openssl3/bin/openssl

再次检查系统配置

[root@haproxy-node-b ~]# openssl version -a
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
built on: Fri Nov 25 12:48:28 2022 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/openssl3"
ENGINESDIR: "/usr/local/openssl3/lib64/engines-3"
MODULESDIR: "/usr/local/openssl3/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa32035f8bffff:0x7a9

手动编译OpenSSL升级结束。

安装PCRE

下载PCRE

PCRE源码托管在sourcefouge上，直接搜索下载即可。

wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.zip
unzip pcre-8.45.zip 
mv pcre-8.45 /usr/local/src/

编译安装PCRE

解压的源码在/usr/local/src/目录下。

cd /usr/local/src/pcre-8.45/
./configure

# 默认的编译路径
# By default, `make install' will install all the files in `/usr/local/bin', `/usr/local/lib' etc. 

make 
make install

编译安装zlib

下载zlib，最新的版本，zlib-1.2.13

wget https://zlib.net/zlib-1.2.13.tar.gz
tar -zxvf zlib-1.2.13.tar.gz -C /usr/local/src/

编译安装zlib

cd /usr/local/src/zlib-1.2.13/
./configure
make 
make install

指定模块路径安装nginx

以上，PCRE，OpenSSL,Zlib的模块源码均在/usr/local/src目录下，我们在编译nginx的时候，指定对应的模块路径即可。操作如下：

[root@haproxy-node-b nginx-1.20.2]# ./configure \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_geoip_module \
> --with-http_flv_module \
> --with-http_mp4_module \
> --with-http_gzip_static_module \
> --with-pcre=/usr/local/src/pcre-8.45 \
> --with-zlib=/usr/local/src/zlib-1.2.13
> --with-openssl=/usr/local/src/openssl-3.0.7

# 输出示例：

checking for OS
 + Linux 3.10.0-1160.80.1.el7.x86_64 x86_64
checking for C compiler ... found
 + using GNU C compiler
 + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
.............省略...............
Configuration summary
  + using PCRE library: /usr/local/src/pcre-8.45
  + using OpenSSL library: /usr/local/src/openssl-3.0.7
  + using zlib library: /usr/local/src/zlib-1.2.13

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

# 编译安装
make 
make install

再次查看对比之前默认安装，编译安装，和手动指定模块安装输出的编译结果：

[root@haproxy-node-b nginx]# ./sbin/nginx -V
nginx version: nginx/1.20.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 3.0.7 1 Nov 2022
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_geoip_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-pcre=/usr/local/src/pcre-8.45 --with-zlib=/usr/local/src/zlib-1.2.13 --with-openssl=/usr/local/src/openssl-3.0.7

至此编译安装nginx结束了。

nginx 自启动配置

在/usr/local/sbin下创建软链接指向nginx的安装目录。

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

nginx常用的控制命令

运行nginx程序相关的控制命令：

# 测试配置文件
[root@haproxy-node-b ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# 默认启动nginx服务
[root@haproxy-node-b ~]# nginx 
[root@haproxy-node-b ~]# ps aux | grep nginx
root     15930  0.0  0.0  22956   900 ?        Ss   23:37   0:00 nginx: master process nginx
nobody   15931  0.0  0.0  23412  1608 ?        S    23:37   0:00 nginx: worker process
root     15933  0.0  0.0 112812   980 pts/0    S+   23:37   0:00 grep --color=auto nginx
# 停止nginx服务
[root@haproxy-node-b ~]# nginx -s stop
[root@haproxy-node-b ~]# ps aux | grep nginx
root     15937  0.0  0.0 112812   976 pts/0    S+   23:38   0:00 grep --color=auto nginx
# 优雅停止
[root@haproxy-node-b ~]# nginx -s quit
# 指定配置文件启动
[root@haproxy-node-b ~]# nginx -c /usr/local/nginx/conf/nginx.conf
# 热装配配置文件
root@haproxy-node-b ~]# nginx -s reload
# 重新打开nginx日志文件
nginx -s reopen

nginx启动时，会生成两种类型的进程，一个是主进程（Master），一个（windows版本的目前只有一个）和多个工作进程（Worker）。主进程并不处理网络请求，主要负责调度工作进程，也就是图示的三项：加载配置、启动工作进程及非停升级。所以，nginx启动以后，查看操作系统的进程列表，我们就能看到至少有两个nginx进程。

systemctl nginx 自启动配置

配置启动服务

vim /usr/lib/systemd/system/nginx.service
配置项：
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
# 更新systemd服务
systemctl daemon-reload

# 启动nginx
[root@haproxy-node-b system]# systemctl start nginx
# 查看nginx服务状态
[root@haproxy-node-b system]# systemctl status nginx
● nginx.service - nginx - high performance web server
   Loaded: loaded (/etc/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-11-25 23:59:16 CST; 1min 54s ago
     Docs: https://nginx.org/en/docs/
  Process: 16168 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 16169 (nginx)
   CGroup: /system.slice/nginx.service
           ├─16169 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
           └─16170 nginx: worker process

Nov 25 23:59:16 haproxy-node-b systemd[1]: Starting nginx - high performance web server...
Nov 25 23:59:16 haproxy-node-b systemd[1]: Started nginx - high performance web server.
# 停止nginx服务
systemctl stop nginx
# 重新装载nginx服务
systemctl restart nginx
# 自启动nginx服务
[root@haproxy-node-b system]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /etc/systemd/system/nginx.service.

# 取消自启动服务
systemctl disable nginx

安装JDK

官网下载JDK环境，官网下载链接,我们部署的选择JAVA 8的最新版本。下载JDK需要登录ORACLE的账号。

1、解压缩jdk

我们可以在/usr/local下创建jdk的环境目录。把jdk解压到环境目录中。

mkdir /usr/local/java
tar -zxvf jdk-8u351-linux-x64.tar.gz -C /usr/local/java

2、配置环境变量

在/etc/profile.d，创建jdk.sh文件。

cd /etc/profile.d/
vim java.sh
# 配置内容
# set java environment
export JAVA_HOME=/usr/local/java/jdk1.8.0_351
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${java_home}/lib:${JRE_HOME}/lib
export JAVA_PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin
export PATH=${JAVA_HOME}/bin:$PATH

3、重新引用环境变量

[root@haproxy-node-b profile.d]# source /etc/profile
[root@haproxy-node-b profile.d]# java -version
java version "1.8.0_351"
Java(TM) SE Runtime Environment (build 1.8.0_351-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.351-b10, mixed mode)

JDK环境搭建完毕。