Ubuntu1804（Server版）安裝及使用

1 系統安裝操做步驟

OS Version:1804
鏡像下載：http://cdimage.ubuntu.com/releases/

1.1 選擇安裝語言：

1.2 安裝界面選擇第一項進行系統安裝

1.3 選擇安裝過程當中使用的語言，也是系統安裝完後使用的默認語言

1.4 選擇地區，這裏先選擇最後一項other，而後回車再選擇Asia，最後選擇China

1.5 選擇語言環境

1.6 鍵盤佈局檢查，選擇NO

1.7 選擇美式鍵盤

1.8 確認使用美式鍵盤

1.9 配置主機名

1.10 建立一個普通用戶和爲其設置密碼

1.11 確認時區

1.12 選擇磁盤分區的方法，這裏選手動分區

1.13 選擇磁盤

1.14 確認對磁盤分區

1.15 對磁盤分區

1.16 建立新分區

1.17 指定分區大小，這裏將磁盤的所有大小劃分給該分區

1.18 選擇分區類型，這裏選主分區

1.19 分區完成

1.20 完成分區並寫入數據

1.21 確認寫入磁盤

1.22 是否使用代理，這裏不填

1.23 是否自動更新，這裏選擇默認，不自動更新

1.24 選擇安裝組件，選擇對應須要安裝的組件，而後按空格鍵，這裏選擇OpenSSH Server

1.25 將GRUB引導加載程序安裝到主引導記錄

1.26 完成安裝，確認重啓服務器

1.27 登陸系統

2 系統基礎配置

官方文檔：https://help.ubuntu.com/

2.1 更改主機名

# cat /etc/hostname 
hechunping

2.2 更改網卡名稱爲eth*

# sed -i '/GRUB_CMDLINE_LINUX=/s/"$/net.ifnames=0 biosdevname=0"/' /etc/default/grub
# update-grub
Sourcing file `/etc/default/grub'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-55-generic
Found initrd image: /boot/initrd.img-4.15.0-55-generic
done
# reboot
# sed -i 's/ens33/eth0/' /etc/netplan/01-netcfg.yaml

2.3 配置root遠程登陸

# 默認狀況下，ubuntu不容許root⽤⼾遠程ssh，若是有實際場景須要容許root⽤⼾遠程ssh，則須要設置root密碼，而且編輯/etc/ssh/sshd_config⽂件修改以下：
~$ sudo vim /etc/ssh/sshd_config
32 #PermitRootLogin prohibit-password #默認爲禁⽌登陸
33 PermitRootLogin yes #改成容許登陸

57 #PasswordAuthentication yes
58 PasswordAuthentication yes #打開密碼認證，其實默認就是容許經過密碼認證登陸

~$ sudo su - root #切換到root⽤⼾環境
~# passwd #設置密碼
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
~# systemctl restart sshd #重啓ssh服務並測試root⽤⼾遠程ssh鏈接

2.4 網絡配置

官方文檔：https://netplan.io/

Ubuntu 從 17.10 開始，已放棄在 /etc/network/interfaces ⾥固定IP的配置，⽽是改爲 netplan ⽅式，配置⽂件是：/etc/netplan/01-netcfg.yaml

# ubuntu 17.04及以前的靜態IP配置⽅式：
~# cat /etc/network/interfaces
root@hechunping:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto eth0 #⽹卡⾃啓動，寫⾃⼰要配置IP的實際⽹卡名稱
iface eth0 inet static #配置靜態IP，寫⾃⼰要配置IP的實際⽹卡名稱
address 172.18.3.12 #IP地址
netmask 255.255.0.0 #掩碼
gateway 172.18.0.1 #⽹關
dns-nameservers 223.6.6.6 #DNS
dns-nameservers 223.5.5.5
#重啓⽹絡服務
~# /etc/init.d/networking restart
~# systemctl restart networking.service

2.4.1 單網卡靜態IP地址

root@hechunping:~# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [192.168.7.132/24]
      gateway4: 192.168.7.2
      nameservers:
        addresses: [223.6.6.6]
root@hechunping:~# netplan apply

2.4.2 配置多網卡靜態IP

# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6]
    eth1:
      dhcp4: no
      addresses: [192.168.7.34/24]
      routes:
        - to: 172.20.0.0/16
          via: 192.168.7.2
# netplan apply

2.4.3 單網卡橋接

# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
  bridges:
    br0:
      dhcp4: no
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6]
      interfaces:
        - eth0
# netplan apply

2.4.4 多網卡橋接

將br0和br1分別橋接到eth0和eth1。
# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
  bridges:
    br0:
      dhcp4: no
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6]
      interfaces:
        - eth0
    br1:
      dhcp4: no
      addresses: [192.168.7.34/24]
      routes:
        - to: 172.20.0.0/16
          via: 192.168.7.2
      interfaces:
        - eth1
root@hechunping:~# netplan apply

2.4.5 雙網卡綁定

須要提早安裝好bridge命令，兩塊網卡使用同一種網絡模式
# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6,223.5.5.5]
      parameters:
        mode: active-backup
        mii-monitor-interval: 100
# poweroff
# netplan apply

2.4.6 雙網卡綁定+橋接

⽹卡綁定⽤於提供⽹卡接⼝冗餘以及⾼可⽤和端⼝聚合功能，橋接⽹卡再給須要橋接設備的服務使⽤。

# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      parameters:
        mode: active-backup
        mii-monitor-interval: 100
  bridges:
    br0:
      dhcp4: no
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6,223.5.5.5]
      interfaces:
        - bond0
# netplan apply

2.4.7 內外多網卡綁定

多⽹絡狀況下實現⽹卡綁定。這裏使用橋接(eth0,eth1)和NAT(eth2,eth3)兩種網絡模式
# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
    eth2:
      dhcp4: no
    eth3:
      dhcp4: no
  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6,223.5.5.5]
      parameters:
        mode: active-backup
        mii-monitor-interval: 100

    bond1:
      interfaces:
        - eth2
        - eth3
      addresses: [192.168.7.34/24]
      parameters:
        mode: active-backup
        mii-monitor-interval: 100
      routes:
        - to: 172.20.0.0/16
          via: 192.168.7.2
# netplan apply

2.4.8 內外多網卡綁定+橋接

# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
    eth2:
      dhcp4: no
    eth3:
      dhcp4: no
  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      parameters:
        mode: active-backup
        mii-monitor-interval: 100

    bond1:
      interfaces:
        - eth2
        - eth3
      parameters:
        mode: active-backup
        mii-monitor-interval: 100
  bridges:
    br0:
      dhcp4: no
      addresses: [172.20.7.34/16]
      gateway4: 172.20.0.1
      nameservers:
        addresses: [223.6.6.6,223.5.5.5]
      interfaces:
        - bond0
    br1:
      dhcp4: no
      addresses: [192.168.7.34/24]
      routes:
        - to: 172.20.0.0/16
          via: 192.168.7.2
      interfaces:
        - bond1
# netplan apply

3 軟件包管理

3.1 修改軟件倉庫地址

阿⾥雲倉庫地址：https://developer.aliyun.com/mirror
中科⼤：http://mirrors.ustc.edu.cn/help/ubuntu.html
清華⼤學：https://mirror.tuna.tsinghua.edu.cn/help/ubuntu/
華爲：https://mirrors.huaweicloud.com/

###### 清華源配置 ######
Ubuntu 的軟件源配置文件是 /etc/apt/sources.list。將系統自帶的該文件作個備份，將該文件替換爲下面內容，便可使用 TUNA 的軟件源鏡像。
# cd /etc/apt/
# cp -p sources.list sources.list.bak
# vim sources.list
# 默認註釋了源碼鏡像以提升 apt update 速度，若有須要可自行取消註釋
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

# 預發佈軟件源，不建議啓用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# apt update #更新本地軟件包列表索引，修改了apt倉庫後必須執⾏

###### 阿里源配置 ######
# sed -i 's/cn.archive.ubuntu/mirrors.aliyun/' /etc/apt/sources.list
# apt update #更新本地軟件包列表索引，修改了apt倉庫後必須執⾏

3.2 apt工具使用

apt list #apt列出倉庫軟件包，等於yum list
apt search NAME #搜索安裝包
apt show apache2 #查看某個安裝包的詳細信息
apt install apache2 #在線安裝軟件包
apt remove apache2 #卸載單個軟件包可是保留配置⽂件
apt autoremove apache2 #刪除安裝包並解決依賴關係
apt update #更新本地軟件包列表索引，修改了apt倉庫後必須執⾏
apt purge apache2 #卸載單個軟件包刪除配置⽂件
apt upgrade #升級全部已安裝且可升級到新版本的軟件包
apt full-upgrade #升級整個系統，必要時能夠移除舊軟件包。
apt edit-sources #編輯source源⽂件
apt-cache madison nginx #查看倉庫中軟件包有哪些版本能夠安裝
apt install nginx=1.14.0-0ubuntu1.6 #安裝軟件包的時候指定安裝具體的版本

3.3 dpkg安裝包管理

rpm：RPM(Red Hat Package Manager)，是基於Red hat的Linux Distribution的包管理系統，同時也指rpm包本⾝，RPM⽤於rpm包的管理（諸如安裝、卸載、升級等）
"dpkg "是"Debian Packager "的簡寫,爲 "Debian"專⻔開發的套件管理系統，⽅便軟件的安裝、更新及移除。全部源⾃「Debian」的「Linux 」發⾏版都使⽤ 「dpkg」，例如 「Ubuntu」、「Knoppix 」等。

dpkg -i gitlab-ce_11.9.8-ce.0_amd64.deb #安裝某個軟件包
dpkg -r gitlab-ce #刪除某個軟件包保留配置⽂件
dpkg -r -P gitlab-ce #刪除某個軟件包不保留配置⽂件
dpkg -I gitlab-ce_11.9.8-ce.0_amd64.deb #查看軟件包信息
dpkg -c gitlab-ce_11.9.8-ce.0_amd64.deb #查看軟件包內的⽂件及⽬錄內容
dpkg -l #列出本機已經安裝的全部軟件

3.4 設置oracle JDK環境

# pwd
/usr/local/src
解壓⼆進制⽂件並設置軟鏈接：
# tar xf jdk-8u212-linux-x64.tar.gz
# ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
配置環境變量：
# vim /etc/profile
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
從新導⼊環境變量並驗證：
# source /etc/profile
# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)

3.5 安裝OpenJDK

# apt install openjdk-8-jdk

3.6 安裝常⽤系統命令

# apt purge ufw lxd lxd-client lxcfs lxc-common
# apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip

3.7 系統資源限制優化

#cat /etc/security/limits.conf
#root帳⼾的資源軟限制和硬限制
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
#其餘帳⼾的資源軟限制和硬限制
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000

3.8e 內核參數優化

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2