CentOS CI/CD Deployment Guide |
您所在的位置:网站首页 › centos firewall-cmd › CentOS CI/CD Deployment Guide |
|
This is the 7th day of my participation in the Gwen Challenge in November. Check out the details: The Last Gwen Challenge in 2021. Dear, hello, everyone. I am "Front-end Xiaoxin". ? has been engaged in front-end development and Android development for a long time Pre-instructions: The deployment environment is Aliyun ECS server and CentOS8 operating system. Install OpenJDK, Git, Jenkins, Nexus, Docker Basic environment Preparation: Install Java: yum install -y java Copy the code Install Git: yum install -y git Copy the code Install Nexus3 (port 8081) : Create a directory:mkdir /usr/local/nexus. Change directory:cd /usr/local/nexus. Download the installation package:Wget HTTP: / / https://dependency-fe.oss-cn-beijing.aliyuncs.com/nexus-3.29.0-02-unix.tar.gz. Decompress the installation package:Tar ZXVF. / nexus - 3.29.0-02 - Unix. Tar. Gz. CD to the bin directory on nexus:./nexus runor./nexus startFor initial installation./nexus runYou can view the startup log, and start it through start if there is no problem. Initial account password: Account: admin. Password: Run the commandcat /sonatype-work/nexus3/admin.passwordLook at it. Install Jenkins (port 8080) : Import Jenkins installation source: sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key Copy the code Jenkins installation:yum install jenkins. Start the Jenkins:service jenkins start. View password:cat /var/lib/jenkins/secrets/initialAdminPassword. Replacement plugin source: sed -i 's/http:\/\/updates.jenkins-ci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' /var/lib/jenkins/updates/default.json sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' /var/lib/jenkins/updates/default.json Copy the code Install the Docker: Installing a Front Moduledevice-mapper-persistent-dataandlvm2: yum install -y yum-utils device-mapper-persistent-data lvm2 Copy the code Switch acceleration address: sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Copy the code Install the Docker:yum install docker-ce -y. Start the Docker: systemctl start docker systemctl enable docker Copy the code Configure the address for accelerating the image: cr.console.aliyun.com/cn-beijing/... sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json -'EOF' { "registry-mirrors": ["https://k1ffccuv.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker Copy the code Unix Socket permission problem: Sudo groupAdd docker # add docker user group sudo gpasswd -a Jenkins docker # add docker user group sudo gpasswd -a Jenkins docker # add docker user group sudo Service Jenkins restartCopy the code Other notes: Check port connectivity:telnet ip port. Port inaccessible: Check the access configuration of ali Cloud Console security group and allow the corresponding port. The firewall inside the server generally does not intercept. If blocked by Firewalld:Firewall-cmd --zone=public --add-port= port/TCP --permanent. If intercepted by iptables:Iptables -I INPUT -p TCP --dport Port -j ACCEPT. Check port listening status:netstat -anpt | grep port. Aliyun ECS server CentOS7 firewall Firewalld Settings: Firewalld Settings: Logging In as root1.Ensure that the server system is up to date [root]@localhost~]# yum -y update2.Restart the server@localhost ~]# reboot 3.Install firewall [root]@localhost ~]# yum install firewalld 4.Set the firewall service to be enabled at startup [root]@localhost ~]# systemctl enable firewalld.service 4.Check firewall status [root]@localhost ~]# systemctl status firewalld 5.Start the firewall [root@localhost ~]# systemctl start firewalld 6.increase80Port-to-firewall rule [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp 7.increase3306Port-to-firewall rule [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=3306/tcp 8.increase21Port-to-firewall rule [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=21/tcp 9.increase33000Port-to-firewall rule [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=33000-33003/tcp 10.Set HTTP protocol services to be allowed [root]@localhost ~]# firewall-cmd --permanent --zone=public --add-service=http 11.Make the latest firewall configuration rules take effect [root]@localhost ~]# firewall-cmd --reload 12.Restart the firewall service [root]@localhost ~]# systemctl restart firewalld.service Copy the code Basic use of Firewalld: Make the latest firewall configuration rules effective [root]@localhost~]# firewall-cmd --reload # Check whether SSH protocol service is allowed@localhost ~]# firewall-cmd --zone=public--query-service= SSH # check whether HTTP service is allowed@localhost ~]# firewall-cmd --zone=public--query-service= HTTP@localhost~]# systemctl start firewalld@localhost~]# systemctl status firewalld@localhost~]# systemctl disable firewalld # disable [root@localhost~]# systemctl stop firewalld@localhost~]# systemctl start firewalld@localhost~]# systemctl stop firewalld@localhost~]# systemctl restart firewald. service # display the status of a service [root]@localhost~]# systemctl status firewalld. Service # Start a service at startup [root@localhost~]# systemctl enable firewalld. Service # Disable a service at startup [root@localhost~]# systemctl disable firewalld.service@localhost~]# systemctl is-enabled firewalld. Service # View the list of started services [root@localhost~] # systemctl list - unit - files | grep enabled # check failed the list of services start [root@localhost~]# systemctl --failed@localhost~]# firewall-cmd --version # View help [root@localhost~]# firewall-cmd --help # display status [root@localhost~]# firewall-cmd --state # Check all open ports [root@localhost ~]# firewall-cmd --zone=public--list-ports # update firewall rule root@localhost~]# firewall-cmd --reload # check zone information [root@localhost~]# firewall-cmd --get-active-zones # check the zones of the specified interface@localhost ~]# firewall-cmd --get-zone-of-interface=eth0 # reject all packets [[email protected] ~]# firewall-cmd --panic-on # cancel reject status [[email protected] ~]# firewall-cmd --panic-off # check whether to reject packets [[email protected] ~]# firewall-cmd --query-panic # permanent [[email protected] ~]# firewall-cmd --permanent --zone=public --add-port=80/ TCP # Enable the latest firewall Settings to take effect [[email protected] ~]# firewall-cmd --reload # check port 80 [[email protected] ~]# firewall-cmd --zone=public --query-port=80/ TCP # delete port 80 [[email protected] ~]# firewall-cmd --permanent --zone=public --remove-port=80/ TCP # Delete port 21 [[email protected] ~]# Firewall-cmd --permanent --zone=public --remove-port=21/ TCP # Delete HTTP service [[email protected] ~]# firewall-cmd --permanent TCP [[email protected] ~]# firewall-cmd --permanent --zone=public --remove-service= HTTP Udp [[email protected] ~]# firewall-cmd --permanent --zone=public --add-port=3306/udp # View current zone [[email protected] ~]# firewall-cmd --get-default-zone # View current service [[email protected] ~]# firewall-cmd --zone=public --list-services # install firewall-config, Run the following command as root user [[email protected] ~]# yum install firewall-config # check the firewall version [[email protected] ~]# firewall-cmd --version [ro[email protected] ~]# firewall-cmd --helpCopy the codeWelcome to follow my public account "Front-end Xiaoxin students", the first time to push original technical articles. |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |