作为IT工程师,我将为您提供一套完整的CentOS上搭建Web服务器的自动化部署方案,涵盖从基础环境配置到自动化脚本实现的全过程。
#!/bin/bash
# 系统初始化脚本 init_system.sh
# 更新系统
yum update -y
# 安装基础工具
yum install -y epel-release
yum install -y vim wget curl git net-tools htop
# 关闭SELinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 配置防火墙
systemctl start firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
systemctl enable firewalld
# 设置时区
timedatectl set-timezone Asia/Shanghai
#!/bin/bash
# Nginx安装脚本 install_nginx.sh
# 添加Nginx官方源
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
EOF
# 安装Nginx
yum install -y nginx
# 配置Nginx
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
# 启动并设置开机自启
systemctl start nginx
systemctl enable nginx
#!/bin/bash
# Apache安装脚本 install_httpd.sh
# 安装Apache
yum install -y httpd
# 配置Apache
sed -i 's/^#ServerName www.example.com:80/ServerName localhost/' /etc/httpd/conf/httpd.conf
# 启动并设置开机自启
systemctl start httpd
systemctl enable httpd
#!/bin/bash
# MySQL安装脚本 install_mysql.sh
# 添加MySQL官方源
rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
# 安装MySQL服务器
yum install -y mysql-community-server
# 启动MySQL
systemctl start mysqld
systemctl enable mysqld
# 获取临时密码
temp_password=$(grep 'temporary password' /var/log/mysqld.log | awk '{print $NF}')
# 安全配置
mysql_secure_installation <<EOF
y
${temp_password}
your_new_password
your_new_password
y
y
y
y
EOF
#!/bin/bash
# PHP安装脚本 install_php.sh
# 安装Remi源
yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php74
# 安装PHP及相关扩展
yum install -y php php-fpm php-mysqlnd php-gd php-mbstring php-xml php-curl php-zip
# 配置PHP-FPM
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php.ini
systemctl start php-fpm
systemctl enable php-fpm
# playbook.yml
---
- hosts: webservers
become: yes
tasks:
- name: Install EPEL repository
yum:
name: epel-release
state: present
- name: Install Nginx
yum:
name: nginx
state: present
- name: Start and enable Nginx
service:
name: nginx
state: started
enabled: yes
- name: Install PHP
yum:
name:
- php
- php-fpm
- php-mysqlnd
state: present
- name: Start and enable PHP-FPM
service:
name: php-fpm
state: started
enabled: yes
- name: Configure Nginx for PHP
template:
src: nginx_php.conf.j2
dest: /etc/nginx/conf.d/default.conf
notify: Restart Nginx
# Dockerfile
FROM centos:7
RUN yum install -y epel-release && \
yum install -y nginx php-fpm php-mysqlnd && \
yum clean all
COPY nginx.conf /etc/nginx/nginx.conf
COPY www /usr/share/nginx/html
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
// Jenkinsfile
pipeline {
agent any
stages {
stage('Checkout') {
steps {
git 'https://github.com/your-repo/web-app.git'
}
}
stage('Build') {
steps {
sh 'composer install --no-dev'
}
}
stage('Deploy') {
steps {
sshagent(['web-server-ssh-key']) {
sh """
rsync -avz --delete ./ user@webserver:/var/www/html/
ssh user@webserver "sudo systemctl restart nginx php-fpm"
"""
}
}
}
}
}
#!/bin/bash
# ELK安装脚本 install_elk.sh
# 安装Java
yum install -y java-11-openjdk
# 添加Elasticsearch源
cat > /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
# 安装ELK组件
yum install -y elasticsearch kibana logstash
# 启动服务
systemctl daemon-reload
systemctl enable elasticsearch kibana logstash
systemctl start elasticsearch kibana logstash
#!/bin/bash
# 安全加固脚本 security_hardening.sh
# 1. 配置SSH安全
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd
# 2. 安装并配置Fail2Ban
yum install -y fail2ban
systemctl enable fail2ban
systemctl start fail2ban
# 3. 配置Nginx安全头
cat >> /etc/nginx/nginx.conf <<EOF
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
EOF
# 4. 定期更新
(crontab -l 2>/dev/null; echo "0 3 * * * yum update -y && systemctl reboot") | crontab -
#!/bin/bash
# 自动化测试脚本 test_deployment.sh
# 测试HTTP服务
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://localhost)
if [ "$HTTP_STATUS" -eq 200 ]; then
echo "Web服务测试通过"
else
echo "Web服务测试失败,状态码: $HTTP_STATUS"
exit 1
fi
# 测试PHP
PHP_TEST=$(curl -s http://localhost/info.php | grep "PHP Version")
if [ -z "$PHP_TEST" ]; then
echo "PHP测试失败"
exit 1
else
echo "PHP测试通过"
fi
# 测试MySQL连接
mysql -u root -p"your_password" -e "SHOW DATABASES;" > /dev/null
if [ $? -eq 0 ]; then
echo "MySQL连接测试通过"
else
echo "MySQL连接测试失败"
exit 1
fi
这套自动化部署方案提供了从基础环境配置到完整Web服务器栈的自动化实现,您可以根据实际需求选择不同组件(Nginx/Apache, MySQL/PostgreSQL等)的组合。通过脚本化、Ansible或Docker等工具,可以实现快速、一致的部署,大大提高运维效率。
建议在生产环境实施前,先在测试环境验证所有脚本和配置,并根据实际业务需求调整相关参数。