[ECS] Alibaba Cloud ECS installation and configuration of various environments

Beginners to ECS Cloud Server

1. Create an ECS instance resource

2. RAM user login (sub-user and sub-user password) to enter the ECS management console

3. View the instance, select a region to find the ECS instance resource, and click the ID to enter the management interface of an instance

4. Remote connection: ssh [email protected]

Quickly configure Linux cloud server

Create an ECS instance of Alibaba Cloud Linux 2.1903 LTS 64-bit system , taking the instance specification of ecs.s6-c1m1.small (1 vCPU, 1GiB) as an example . If the instance is no longer needed, it can be released. After release, the instance stops billing and the data cannot be recovered.

View fee bills: ECS management console top menu bar, fees, user center, bill details, detailed bills

Basic configuration:

configuration item	example	illustrate
payment model	pay as you go	The pay-as-you-go model operates relatively flexibly. For details, see Billing Overview. Note If you need to file for a website domain name, you must choose Subscription.
Region and Availability Zone	Region: East China 1 (Hangzhou) Availability Zone: Random allocation	After the instance is created, the region and availability zone cannot be changed directly, please choose carefully.
instance specification	Type family: shared standard s6 Instance type: ecs.s6-c1m1.small	You can go to the regions where ECS instances can be purchased to check the availability of instances in each region.
mirror image	Type: Public Image Version: Alibaba Cloud Linux 2.1903 LTS 64-bit	After the instance starts, the system disk will completely copy the mirrored operating system and application data.

Network and Security Group:

configuration item	example	illustrate
proprietary network	Default VPC	It is recommended to use the default VPC for the first time. If you want to create a VPC, click Go to the console below to create it .
switch	default switch	The default switch is recommended for first-time use. If you want to create a switch, click Go to console creation below .
Allocate public network IPv4 addresses	Select Assign Public IPv4 Address	When selected, a public network IPv4 address is automatically assigned.
Bandwidth Billing Mode	By usage traffic	According to the traffic mode, you only need to pay for the public network traffic you consume. For details, see Public Network Bandwidth Billing.
bandwidth peak	5 Mbps	none.
security group	default security group

System Configuration

configuration item	example	illustrate
login credentials	custom password	In this tutorial, choose a custom password and manually set a password for remote connection and login to the ECS instance.
login password	Ecs123456	When you select a custom password for the login credentials, you need to set this option and confirm the password. When connecting to the ECS instance, you need to enter the user name root and the password set here.
instance name	EcsQuickStart

Group settings remain default

Connect to VNC remotely

After the creation is successful, remotely connect to VNC : On the instance list page, find your instance resource, and click Remote Connection under the operation column on the right

1. In the Enter VNC Password dialog box, click Reset VNC Password

2. Connect to the ECS instance remotely, and enter the user name and password of the ECS instance .

Configure the Apache service

1. Run the following command to install the Apache service.

yum install -y httpd

2. Run the following command to start the Apache service.

systemctl start httpd

3. Execute the following command to set the Apache service to start automatically at startup.

systemctl enable httpd

4. Run the following command to check whether the Apache service is running.

systemctl status httpd
#回应是active(running)

5. On the current browser page, open a new webpage, enter the elastic IP address of the instance in the address bar , and press Enter.

http://<实例公网IP地址>
#出现Hello Apache

Resolve the domain name of the website

Accessing the Apache service directly through the public IP address of the instance will reduce the security of the server. If you already have a domain name or want to register a domain name for your Apache website, please see the steps below.

1. Register a domain name. For details, see Registering a Generic Domain Name.

2. If the website pointed to by the domain name is hosted on the node server of Alibaba Cloud in mainland China, you need to file the domain name.

For the first filing, please refer to the initial filing process, and for other situations, please refer to the overview of the ICP filing process.

3. Resolve the domain name and point the domain name to the public IP of the instance.

Domain name resolution is an essential part of using a domain name to access your website. For specific operation procedures, see Setting Domain Name Resolution.

4. Use the resolved domain name to access the Apache service, for example, https://ecs-quickstarts.info.

Quickly build an LNMP environment (Linux+Nginx+MySQL+PHP)

Based on CentOS 7.7

Install and configure MySQL 5.7.41

1. Execute the following command to download and install the official MySQL Yum Repository.

wget http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm

yum -y install mysql57-community-release-el7-10.noarch.rpm

yum -y install mysql-community-server --nogpgcheck

2. Execute the following command to start the MySQL database.

systemctl start mysqld.service

3. Execute the following command to check the running status of MySQL.

systemctl status mysqld.service

4. Execute the following command to view the initial MySQL password.

grep "password" /var/log/mysqld.log

5. Execute the following command to log in to the database.

mysql -uroot -p

6. Execute the following command to change the default MySQL password.

set global validate_password_policy=0;  #修改密码安全策略为低（只校验密码长度，至少8位）。
ALTER USER 'root'@'localhost' IDENTIFIED BY '12345678';

7. Execute the following command to grant remote management rights to the root user.

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '12345678';

8. Enter exit to exit the database.

Database optimization case

Other related MySQL indexes:

Check the SQL execution plan without indexing, and you can find that the values ​​of key and key_len are both null.

explain select * from test_tb where name='abc';

View the table structure of the test_tb table

show create table test_tb;

Create an index of the test_tb table, and look at the table structure of the test_tb table again, and you will find that there is one more in the table structureKEY `name` (`name`)

alter table test_tb add index(name);

Check the running SQL of the database

select * from `information_schema`.`PROCESSLIST`

Install Nginx 1.17.10

1. Install the plug-ins required for Nginx to run.

• Install gcc. gcc is a compiler under Linux, it can compile languages ​​such as C, C++, Ada, Object C and Java.

yum -y install gcc

• Install pcre. pcre is a perl library, Nginx's HTTP module uses pcre to parse regular expressions.

yum install -y pcre pcre-devel

• Install zlib. zlib is a library for file compression and decompression. Nginx uses zlib to perform gzip compression and decompression on HTTP packets.

yum install -y zlib zlib-devel

2. Download the Nginx installation package.

wget http://nginx.org/download/nginx-1.17.10.tar.gz

3. Unzip the Nginx installation package.

tar -zxvf nginx-1.17.10.tar.gz

4. Compile and install Nginx.

cd nginx-1.17.10
./configure
make && make install

5. Start Nginx.

cd /usr/local/nginx/
sbin/nginx

6. Test Nginx startup. Enter the public network address xx.xx.xx.xx of the ECS server in the address bar of the browser. If the following interface appears, the installation starts successfully.

Install PHP 5.4.16

1. Install PHP.

yum -y install php php-mysql php-fpm

2. Add support for PHP in the nginx.conf file.

vim /usr/local/nginx/conf/nginx.conf

After entering the Vim editor, press the i key to enter the editing mode, and add index.php in the root routing configuration of the server.

location / {
      root   html;
      index  index.html index.htm index.php;
}

And add the following configuration under the root route. in server{in}

if (!-e $request_filename) {
     rewrite ^/(.*)$ /index.php/$1 last;
}

location ~ .*\.php(\/.*)*$ {
     fastcgi_pass   127.0.0.1:9000;
     include       fastcgi.conf;
     fastcgi_index  index.php;
}

Press the ESC key, enter: wq to save and exit the Vim editor.

3. Restart the php-fpm service.

systemctl restart php-fpm

4. Restart the Nginx service.

/usr/local/nginx/sbin/nginx -s reload

5. Check the PHP installation.

a. Create a PHP probe file phpinfo.php in the root directory of the Nginx website.

echo "<?php phpinfo(); ?>" > /usr/local/nginx/html/phpinfo.php

b. Visit the PHP Probes page. Enter xx.xx.xx.xx/phpinfo.php in the address bar of the browser (please replace xx.xx.xx.xx with the public network address of the ECS server), and the following page appears, indicating that the PHP environment configuration is successful.

Quickly build a LAMP environment (Linux+Apache+MySQL+PHP)

Based on CentOS 7.7

Configure the Apache service

1. Run the following command to install the Apache service and its extension packages.

yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql

1. Run the following command to start the Apache service.

systemctl start httpd.service

1. On the current browser page, open a new webpage, enter the elastic IP address of the instance in the address bar , and press Enter.

http://<实例公网IP地址>

Install and configure MySQL 5.7.41

1. Execute the following command to download and install the official MySQL Yum Repository.

wget http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm

yum -y install mysql57-community-release-el7-10.noarch.rpm

yum -y install mysql-community-server --nogpgcheck

2. Execute the following command to start the MySQL database.

systemctl start mysqld.service

3. Execute the following command to check the running status of MySQL.

systemctl status mysqld.service

4. Execute the following command to view the initial MySQL password.

grep "password" /var/log/mysqld.log

5. Execute the following command to log in to the database.

mysql -uroot -p

6. Execute the following command to change the default MySQL password.

set global validate_password_policy=0;  #修改密码安全策略为低（只校验密码长度，至少8位）。
ALTER USER 'root'@'localhost' IDENTIFIED BY '12345678';

7. Execute the following command to grant remote management rights to the root user.

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '12345678';

8. Run the following command to view the MySQL version number.

mysql -V

Install PHP 5.4.16

PHP (PHP: Hypertext Preprocessor recursive abbreviation) Chinese name is: "Hypertext Preprocessor", is a widely used general-purpose open source scripting language, suitable for Web site development, it can be embedded in HTML. The programming paradigm is object-oriented, imperative programming.

1. Install the PHP environment.

yum -y install php php-mysql gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap

2. Execute the following command to create a PHP test page.

echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

3. Execute the following command to restart the Apache service.

systemctl restart httpd

4. In the address bar of the local browser, visit http://<ECS public network IP>/phpinfo.php, and the following page is displayed, indicating that the PHP language environment is installed successfully.

Install phpMyAdmin 4.0.10.20

phpMyAdmin is a MySQL database management tool, which is convenient and quick to manage the database through the web interface.

1. Execute the following command to create a phpMyAdmin data storage directory.

mkdir -p /var/www/html/phpmyadmin

2. Execute the following command to download the phpMyAdmin compressed package.

wget --no-check-certificate https://labfileapp.oss-cn-hangzhou.aliyuncs.com/phpMyAdmin-4.0.10.20-all-languages.zip

3. Execute the following commands to install unzip and decompress the phpMyAdmin compressed package.

yum install -y unzip
unzip phpMyAdmin-4.0.10.20-all-languages.zip

4. Execute the following command to copy the phpMyAdmin file to the data storage directory.

mv phpMyAdmin-4.0.10.20-all-languages/*  /var/www/html/phpmyadmin

5. In the address bar of the local browser, enter http://instance public network IP/phpmyadmin to access phpMyAdmin.

The phpMyAdmin login page appears on the return page, indicating that phpMyAdmin is installed successfully.

6. On the phpMyAdmin login page, enter the MySQL user name and password in turn, and click Execute .

Use cloud-native PolarDB and use LAMP to build a portal

Create a PolarDB database account

On the Alibaba Cloud console page, click Products and Services > ApsaraDB for PolarDB to enter the ApsaraDB for PolarDB management console. In the menu bar at the top of the cluster list page, switch the resource region, find your PolarDB instance, and click the instance ID . Create a database account and create a database.

Set database whitelist. To connect to the database, you need to set the database whitelist. In the left navigation bar, select Configuration and Management > Cluster Whitelist . In the IP list area of ​​the cluster whitelist page , click Configure . Change the default whitelist address 127.0.0.1 to 0.0.0.0/0 and click OK to make the whitelist address take effect.

Install the LAMP environment

Install the Apache service and its extensions

yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql

PbootCMS is a CMS system developed using PHP language, which needs to be installed in PHP environment.

Execute the following command to install PHP

yum -y install php php-mysql gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap

Execute the following commands to download and install MySQL

rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
wget http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql-community-server

Start the MySQL database

systemctl start mysqld

Use PbootCMS to build a portal website

Install Git

yum -y install git

Download the PbootCMS source code file, and fall back to the version compatible with the lower version of PHP. PbootCMS is a set of new kernel, permanent open source and free PHP enterprise website development and construction management system. The system uses the sqlite light database by default, and it can be used directly in the PHP space, and the databases such as mysql and pgsql are optional. && indicates that the next command will be executed only when the previous command is executed successfully.

cd ~ && git clone https://gitee.com/hnaoyun/PbootCMS.git && cd ~/PbootCMS/ && git checkout 43bd6e4481eb5d3516f1d33187c308b25de76af3 && cd ~

Copy the installation package to the wwwroot directory of Apache

cp -r PbootCMS/* /var/www/html/

Modify site root directory file permissions

chmod -R a+w /var/www/html

Import the initial data of CMS into the database, and initialize the table structure and data of the database pbootcms.

sql_file="/var/www/html/static/backup/sql/"$(ls /var/www/html/static/backup/sql/) &&
mysql -h数据库连接地址(公网地址) -uUserName -pPassWord -Dpbootcms < $sql_file

Modify the CMS system database configuration

cat > /var/www/html/config/database.php << EOF
<?php
return array(
    'database' => array(
        'type' => 'mysqli', // 数据库连接驱动类型: mysqli,sqlite,pdo_mysql,pdo_sqlite
        'host' => '数据库连接地址', // PolarDB数据库链接地址
        'user' => 'UserName', // PolarDB数据库的用户名
        'passwd' => 'PassWord', // PolarDB数据库的密码
        'port' => '3306', // 数据库端口
        'dbname' => 'pbootcms' //数据库名称
    )
);
EOF

On the left side of the cloud database PolarDB console page, click Products and Services > Cloud Server ECS in turn , enter the cloud server ECS management console to find the instance ID, on the instance details page, click Security Group , in the Access Rules area of ​​the Security Group page , make sure that the security group has opened port 80 for access, otherwise you cannot access the established portal website.

A security group is a virtual firewall with stateful inspection and data packet filtering capabilities, and is used to divide security domains in the cloud. By configuring security group rules, you can control the inbound and outbound traffic of one or more ECS instances in the security group.

Restart the Apache service

systemctl restart httpd

Enter http:///admin.php in the browser address bar to access the system background. The default account is admin and the password is 123456

Manually deploy the Java Web environment

Based on Alibaba Cloud Linux 2.1903 LTS 64-bit operating system

Prepare the compilation environment (close firewall and SELinux)

This step will guide you how to disable the firewall and SELinux on the ECS instance.

turn off firewall

1. Run the following command to view the current status of the firewall.

systemctl status firewalld

You can view the status of the current firewall in the returned result

1. Turn off the firewall. This step can be ignored if the firewall is turned off.

• If you want to temporarily turn off the firewall, you need to run the following command.

Note After temporarily disabling the firewall, if the Linux instance restarts, the firewall will be automatically enabled.

systemctl stop firewalld

• If you want to permanently disable the firewall, you need to run the following commands in sequence. Note If you want to restart the firewall, please refer to the official website of firewalld for information.

Run the following command to disable the firewall.

systemctl stop firewalld

Execute the following command to disable the firewall service when the instance is powered on.

systemctl disable firewalld

close SELinux

1. Run the following command to view the current status of SELinux.

getenforce

The following results are returned, and you can see that the current status of SELinux is Disabled.

• If the SELinux status parameter is Disabled, SELinux is off.
• If the SELinux status parameter is Enforcing, SELinux is enabled.

Turn off SELinux. This step can be ignored if SELinux is disabled. If you want to temporarily disable SELinux, run the following command.

setenforce 0

It means that this operation is only to temporarily disable SELinux, and SELinux will be enabled again after restarting Linux next time.

If you want to disable SELinux permanently, run the following command to open the SELinux configuration file.

vi /etc/selinux/config

In the /etc/selinux/config file, move the cursor to the SELINUX=enforcing line, press the i key to enter the edit mode, change it to SELINUX=disabled, then press the Esc key, then enter: wq and press Enter, save and close the SELinux configuration file . Restart the system for the settings to take effect.

Note If you want to re-enable SELinux, for details, see Enabling or Disabling SELinux.

Execute the following command to create a general user www to run Tomcat.

useradd www

Execute the following command to create the root directory of the website.

mkdir -p /data/wwwroot/default		#-p 确保目录名称存在，不存在的就建一个。

1. Execute the following command to set the user of the root directory of the website to www.

chown -R www.www /data/wwwroot     #-R : 处理指定目录以及其子目录下的所有文件

Install JDK1.8

1. Run the following command to find the JDK1.8 software package through the yum command.

yum -y list java*

1. Run the following command to install the JDK1.8 software package in the list.

yum -y install java-1.8.0-openjdk-devel.x86_64

1. Run the following command to check the JDK version.

java -version

Configure environment variables.

vim /etc/profile

Note that the value of JAVA_HOME is the path of the current JDK installation. In this example, run the command

find /usr/lib/jvm -name 'java-1.8.0-openjdk-1.8.0*', check the file path after JDK installation.

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.362.b08-1.1.al7.x86_64
PATH=$PATH:$JAVA_HOME/bin
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME CLASSPATH PATH

1. Press the Esc key, type :wq and press Enter to save and close the file.
2. Execute the following command to make the environment variable take effect immediately.

source /etc/profile

Install Apache Tomcat 8.5.72

Download the Tomcat 8 installation package.

wget --no-check-certificate https://labfileapp.oss-cn-hangzhou.aliyuncs.com/apache-tomcat-8.5.72.tar.gz

Decompress the Tomcat 8 installation package.

tar -zxvf apache-tomcat-8.5.72.tar.gz

Move the directory where Tomcat is located.

mv apache-tomcat-8.5.72 /usr/local/tomcat/

Set the owning user of the file to www.

chown -R www.www /usr/local/tomcat/

In the /usr/local/tomcat/ directory:

• bin: store some script files of Tomcat, including scripts for starting and shutting down Tomcat services.

• conf: stores various global configuration files of the Tomcat server, the most important of which are server.xml and web.xml.

• webapps: Tomcat's main web publishing directory, by default, the web application files are placed in this directory.

• logs: store the log files when Tomcat is executed.

Configure the server.xml file. Switch to the /usr/local/tomcat/conf/ directory.

cd /usr/local/tomcat/conf/

Rename the server.xml file.

mv server.xml server.xml_bk

Create a new server.xml file. Create and open the server.xml file.

vi server.xml

1. Press the i key and add the following.

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8006" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"/>
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
 type="org.apache.catalina.UserDatabase"
 description="User database that can be updated and saved"
 factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
 pathname="conf/tomcat-users.xml"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080"
 protocol="HTTP/1.1"
 connectionTimeout="20000"
 redirectPort="8443"
 maxThreads="1000"
 minSpareThreads="20"
 acceptCount="1000"
 maxHttpHeaderSize="65536"
 debug="0"
 disableUploadTimeout="true"
 useBodyEncodingForURI="true"
 enableLookups="false"
 URIEncoding="UTF-8"/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
  resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="/data/wwwroot/default" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="/data/wwwroot/default" debug="0" reloadable="false" crossContext="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>

Set JVM memory parameters, create and open /usr/local/tomcat/bin/setenv.sh file.

vi /usr/local/tomcat/bin/setenv.sh

Specify the JAVA_OPTS parameter to set the memory information and encoding format of the JVM.

JAVA_OPTS='-Djava.security.egd=file:/dev/./urandom -server -Xms256m -Xmx496m -Dfile.encoding=UTF-8'

Set Tomcat self-start script

Download the Tomcat autostart script file. This script comes from the community and is for reference only. If you run the wget command and the download fails, you can access https://raw.githubusercontent.com/oneinstack/oneinstack/master/init.d/Tomcat-init through your browser to directly get the script content.

wget https://raw.githubusercontent.com/oneinstack/oneinstack/master/init.d/Tomcat-init

#!/bin/bash
### BEGIN INIT INFO
# Provides:          tomcat
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: tomcat-server daemon
# Description:       tomcat-server daemon
### END INIT INFO
#
# chkconfig: - 95 15
# description: Tomcat start/stop/status script

#Location of JAVA_HOME (bin files)
export JAVA_HOME=

#Add Java binary files to PATH
export PATH=$JAVA_HOME/bin:$PATH

#CATALINA_HOME is the location of the configuration files of this instance of Tomcat
CATALINA_HOME=/usr/local/tomcat

#TOMCAT_USER is the default user of tomcat
TOMCAT_USER=www

#TOMCAT_USAGE is the message if this script is called without any options
TOMCAT_USAGE="Usage: $0 {
    
    \e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}"

#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop
SHUTDOWN_WAIT=20

tomcat_pid() {
    
    
  echo `ps -ef | grep java | grep $CATALINA_HOME/ | grep -v grep | tr -s " "|cut -d" " -f2`
}

start() {
    
    
  pid=$(tomcat_pid)
  if [ -n "$pid" ]; then
    echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m"
  else
    echo -e "\e[00;32mStarting tomcat\e[00m"
    if [ `user_exists $TOMCAT_USER` = "1" ]; then
      su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh
    else
      $CATALINA_HOME/bin/startup.sh
    fi
    status
  fi
  return 0
}

status() {
    
    
  pid=$(tomcat_pid)
  if [ -n "$pid" ]; then
    echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m"
  else
    echo -e "\e[00;31mTomcat is not running\e[00m"
  fi
}

stop() {
    
    
  pid=$(tomcat_pid)
  if [ -n "$pid" ]; then
    echo -e "\e[00;31mStoping Tomcat\e[00m"
    $CATALINA_HOME/bin/shutdown.sh

    let kwait=$SHUTDOWN_WAIT
    count=0;
    until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]
    do
      echo -n -e "\e[00;31mwaiting for processes to exit\e[00m\n";
      sleep 1
      let count=$count+1;
    done

    if [ $count -gt $kwait ]; then
      echo -n -e "\n\e[00;31mkilling processes which didn't stop after $SHUTDOWN_WAIT seconds\e[00m"
      kill -9 $pid
    fi
  else
    echo -e "\e[00;31mTomcat is not running\e[00m"
  fi

  return 0
}

user_exists() {
    
    
  if id -u $1 >/dev/null 2>&1; then
    echo "1"
  else
    echo "0"
  fi
}

case $1 in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  status)
    status
    ;;
  *)
    echo -e $TOMCAT_USAGE
    ;;
esac
exit 0

Execute the following command to move and rename Tomcat-init.

mv Tomcat-init /etc/init.d/tomcat

Run the following command to add executable permission to /etc/init.d/tomcat.

chmod +x /etc/init.d/tomcat

Set startup script JAVA_HOME.

Note that the JDK path information in the script must be consistent with the JDK path you installed, otherwise Tomcat will fail to start.

sed -i 's@^export JAVA_HOME=.*@export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.362.b08-1.1.al7.x86_64@' /etc/init.d/tomcat

Execute the following commands in sequence to set Tomcat to start automatically after booting.

chkconfig --add tomcat
chkconfig tomcat on

Execute the following command to start Tomcat

service tomcat start
# 多了org.apache.catalina.startup.Bootstrap进程

Deploy the test project and verify

Upload the Java Web project file War package to be deployed to the root directory of the website, and change the user of the file in the root directory of the website to www. You can use a remote connection tool that supports the file transfer function or build an FTP site to upload project files.

In this example, the root directory of the website is /data/wwwroot/default. Run the following command to directly create a Tomcat test page under the root directory of the website and access it.

Execute the following command to create a new test file.

echo Tomcat test > /data/wwwroot/default/index.jsp

Enter http://elastic IP:8080 in the address bar of the local browser to access.

Building a blog on the cloud based on ECS

Based on CentOS 7.7

Configure the Apache service

Run the following command to install the Apache service and its extension packages.

yum -y install httpd mod_ssl mod_perl mod_auth_mysql

Check whether Apache is installed successfully.

httpd -v

Start the Apache service, and in the address bar of the browser, visit http://ECS public network address

systemctl start httpd.service

Install the MariaDB database

Since WordPress is used to build a blog on the cloud, a MySQL database is required to store data.
Install MariaDB, an open source alternative to MySQL (MariaDB is compatible with MySQL), on the ECS instance, and create a blog database.

Install MariaDB Server

yum install -y mariadb-server

Start MariaDB Server

systemctl start mariadb

View the running status of MariaDB Server.

systemctl status mariadb	
#返回结果可看到active (running)时，表示MariaDB Server启动成功

Set the initial password of the database root user. (When the Enter Password prompt appears, press Enter directly)

mysqladmin -u root -p password

Connect to the database.

mysql -uroot -p

Create a WordPress database.

create database wordpress;

Create a WordPress database. create database wordpress;

Install PHP 5.4.16

PHP is a widely used general-purpose open source scripting language, suitable for Web site development, and it can be embedded in HTML.

Install PHP

yum -y install php php-mysql gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap

Execute the following command to create a PHP test page.

echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

Run the following command to restart the Apache service.

systemctl restart httpd

In the address bar of the browser, visit http://<ECS public network address>/phpinfo.php.

Install and configure WordPress

Install WordPress

yum -y install wordpress

Modify WordPress configuration files

Modify wp-config.php to point to an absolute path

# 进入/usr/share/wordpress目录。
cd /usr/share/wordpress
# 修改路径。
ln -snf /etc/wordpress/wp-config.php wp-config.php
# 查看修改后的目录结构。
ll

Move the wordpress files to the Apache root directory

# 在Apache的根目录/var/www/html下，创建一个wp-blog文件夹。
mkdir /var/www/html/wp-blog
mv * /var/www/html/wp-blog/

Modify the wp-config.php configuration file

sed -i 's/database_name_here/wordpress/' /var/www/html/wp-blog/wp-config.php
sed -i 's/username_here/root/' /var/www/html/wp-blog/wp-config.php
sed -i 's/password_here/123456789/' /var/www/html/wp-blog/wp-config.php

Check whether the configuration file information is modified successfully

cat -n /var/www/html/wp-blog/wp-config.php

#可看到 修改
    23  define( 'DB_NAME', 'wordpress' );
    25  /** MySQL database username */
    26  define( 'DB_USER', 'root' );
    28  /** MySQL database password */
    29  define( 'DB_PASSWORD', '123456789' );

Restart the Apache service

systemctl restart httpd

Test WordPress: In the address bar of the browser, visit http://<ECS public network address>/wp-blog/wp-admin/install.php.

On the WordPress configuration page, configure relevant information, and then click Install WordPress.
Parameter description:
Site Title: Site name. This example is Hello ABC.
Username: administrator username. This example is admin.
Password: access password. This example is Cm%c4(MKI3gQwGk8ap.
Your Email: email address, it is recommended to use a real and valid email address. If not, you can fill in a virtual email address, but you will not be able to receive information.

Build a cloud notebook based on Leanote and Mongodb

Install Mongodb

MongoDB is a high-performance database based on distributed file storage, belonging to NOSQL, written in C++ language, with stable operation and high performance. The supported data structure is very loose and similar to json and bson formats, which can store more complex data types. The query language it supports is very powerful, and can realize most of the functions of single-table query similar to relational databases, and supports indexing of data.

#1.配置MongoDB的yum源
vim /etc/yum.repos.d/mongodb-org-3.4.repo
#添加以下内容：
[mongodb-org-3.4]  
name=MongoDB Repository  
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/  
gpgcheck=1  
enabled=1  
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc

#2. 将服务器上的软件包信息在本地缓存,以提高搜索安装软件的速度
yum makecache

#3.安装MongoDB
yum -y install mongodb-org

#4. 查看mongo安装位置 
whereis mongod

#5. 修改mongo配置文件
vim /etc/mongod.conf
net:
  port: 27017
  bindIp: 0.0.0.0  # Listen to local interface only, comment to listen on all interfaces.
#修改配置文件的 bindIp, 默认是 127.0.0.1 只限于本机连接。所以安装完成后必须把这个修改为 0.0.0.0 ,否则无法通过远程连接，需要远程连接需要把服务器端口打开。

#6. 启动MongoDB
systemctl start mongod

#7. 查到mongodb的状态
systemctl status mongod

Install Leanote

#0. 创建/app目录，用于存放Leanote软件
mkdir /app
cd /app

#1.下载Leanote二进制安装包
wget https://nchc.dl.sourceforge.net/project/leanote-bin/2.6.1/leanote-linux-amd64-v2.6.1.bin.tar.gz

#2.解压安装包
tar -zxvf leanote-linux-amd64-v2.6.1.bin.tar.gz

#3.Leanote配置
#编辑文件/app/leanote/conf/app.conf，在文件中找到app.secret项，将该项的值改为任意字符串。
#根据Leanote官方文档，如不修改app.secret项的值，将会有安全隐患。
vim /app/leanote/conf/app.conf
#修改app.secret=任意字符串

#4.初始化数据库
mongorestore -h localhost -d leanote --dir /app/leanote/mongodb_backup/leanote_install_data/

#5.启动服务
nohup bash /app/leanote/bin/run.sh > /app/leanote/run.log 2>&1 &

According to the configuration file /app/leanote/conf/app.conf of Leanote, the port number used by the note service is 9000. Access http://<ECS public network address>:9000 in the browser to access cloud notes. The default management user is admin, and the password is abc123

Build a Node.js programming environment

Based on CentOS 7.7

Install and configure Node.js v12.4.0

Download the Node.js installation package.

wget https://npm.taobao.org/mirrors/node/v12.4.0/node-v12.4.0-linux-x64.tar.xz

Unzip the Node.js installation package.

tar -xvf node-v12.4.0-linux-x64.tar.xz

Rename the Node.js installation directory.

mv node-v12.4.0-linux-x64/ /usr/local/node

Configure Node.js, and add the Node.js executable file directory to the system environment variable.

echo "export PATH=$PATH:/usr/local/node/bin" >> /etc/profile

source /etc/profile

Check the node and npm versions respectively.

node -v
npm -v

Test the Node.js environment

Create a test file using the vim command.

vim HelloWorld.js

Copy the following code into the HelloWorld.js file.

var http = require('http');
http.createServer(function (request, response) {
    response.writeHead(
        200,
        {
            'Content-Type': 'text/plain'
        });
    response.end('Hello World\n');
}).listen(8080);
console.log('Server started');

Run the HelloWorld.js file.

node HelloWorld.js

4 Open the browser and enter http://<ECS public network address>:8080 in the address range to see the printed Hello World

Deploy the Linux host management system WDCP

WDCP (WDlinux Control Panel) is a Linux server and virtual host management system that controls and manages servers through the Web. In the background of WDCP, you can more conveniently use the Linux system as the website server system and manage the Linux server.

Deploy the Linux host management system WDCP

Check the instance ID we created, and find the corresponding instance in the ECS console instance list. Ordinary shutdown mode stops the instance. Next, change the operating system, click Change operating system. On the Change OS page, click Mirror Market, and then click Get More Options (including OS) from Mirror Market. In the Mirror Market dialog box, enter WDCPv3.0, and click Search. The example uses the image of the PHP operating environment (WDCPv3.0 panel multi-engine switching free version) , and you can enter the image page of the cloud market to obtain product information. Click Use. After replacing the operating system with the cloud market image, you can start using the WDCP host management system. In the example, the access address of the WDCP host management system is http://the public IP of the ECS instance:8080

Manually build an FTP site (Windows)

Based on Windows Server 2012 R2 Data Center Edition 64-bit operating system

Add IIS and FTP service roles

Instance for Workbench remote connection --> Window icon server management , select management , select add role and function , enter the server role by default and select add Web server (IIS) , the next step is to select role service and select IIS management console and FTP server to perform Install.

Create a Windows user for accessing the FTP site

说明：创建 Windows 用户，用于访问 FTP 站点时的身份验证。如果只需要匿名用户（即仅提供用户名 anonymous 或 ftp 的用户）访问 FTP 站点，可以跳过本步骤。

Window Icon Management Tools Select Computer Management , and select System Tools > Local Users and Groups > Users in the left navigation bar . In the Actions column on the right side of the page , click More Actions , then click New User .

说明：具体配置用户名：示例中创建一个用户名为 ftptest 的 Windows 用户。密码及确认密码：输入自定义密码信。密码须包括大小写字母和数字，否则提示无法通过密码策略。密码相关设置：选中密码永不过期。

Set permissions for shared files

说明：需创建一个文件夹作为 FTP 站点共享文件的入口，该文件夹需要开放访问、修改等权限。后续各客户端访问该 FTP 站点时，文件传输均基于该文件夹完成。

The Windows instance disk creates a folder for use by the FTP site. For example, create a folder named ftp under the C disk --> modify the attribute security tab, click Edit --> click Add , enter the object name ftptest, and then click Check Name . After checking the name is correct, click OK . ——>In the group or user name area, click the newly added user name ftptest , then set the authority in the authority area of ​​ftptest , and click OK . All permissions are allowed in the example. You can set the permissions to allow or deny according to the actual business requirements for permissions.

Add and set up FTP sites

Window Icon Server Manager Top Navigation Bar Tool Internet Information Services (IIS) Manager -> Left Navigation Bar Select Windows Instance Host Name Website , and then in the right operation column, click Add FTP Site -> In the pop-up dialog Set the site information in the box, and click Next . The specific configuration instructions are as follows: FTP site name: custom name. For example ftptest. Content directory: the shared folder required by FTP. The example corresponds to the ftp folder in the C drive --> set the IP address (default) and SSL certificate (none), and then click Next --> set authentication (basic) and authorization information (specify user ftptest), Set permissions (read, write), and then click Finish . After completion, you can view the successfully built FTP site in the IIS manager --> configure the firewall of the FTP site. In the IIS manager, double-click the FTP site name ftptest to enter the home page of the FTP site. Double-click FTP Firewall Support . In the text box under the external IP address of the firewall , enter the public IP address of the Windows instance, and click Apply on the right side of the page

说明：具体配置：
 
   - IP地址：保持默认配置。
   - SSL：不同配置项对应的说明如下。本示例中选择 无 ，即不需要SSL加密。如果您需要保证数据传输安全且已拥有SSL证书，请根据实际的数据传输安全要求，设置为 允许 或 需要 。
     -  无 ：不需要SSL加密。
     -  允许 ：允许FTP服务器支持与客户端的非SSL和SSL连接。
     -  需要 ：需要对FTP服务器和客户端之间的通信进行SSL加密。
   - 其他配置保持默认设置。

说明：具体配置项：

- 身份验证：不同选项的说明如下所示。本示例中仅选择 基本 ，后续将通过已创建的ftptest用户访问FTP站点。如果您对数据传输安全没有要求，可以设置为 匿名 ，使匿名用户支持直接访问FTP站点。
  -  匿名 ：允许任何仅提供用户名anonymous或ftp的用户访问内容。
  -  基本 ：需要用户提供有效用户名和密码才能访问内容。由于基本身份验证通过网络传输未加密的密码，因此请仅在清楚客户端和FTP服务器之间的连接是安全的情况下（例如，使用安全套接字层SSL时）使用此身份验证方法。
- 授权：允许访问的范围说明如下所示。本示例中选择**指定用户**，并在对应的文本框中输入ftptest。
  -  所有用户 ：所有用户（不论是匿名用户还是已标识的用户）均可访问FTP站点对应的共享文件夹。
  -  匿名用户 ：匿名用户可访问FTP站点对应的共享文件夹。
  -  指定角色或用户组 ：仅特定角色或用户组的成员才能访问FTP站点对应的共享文件夹。需要在对应的文本框中输入角色或用户组。
  -  指定用户 ：仅指定用户才能访问FTP站点对应的共享文件夹。需要在对应的文本框中输入用户名。
- 权限：选中 读取 和 写入 权限。

Set up security groups and firewalls

Note: After the FTP site is built in the Windows instance, you need to add inbound rules to the security group to which the instance belongs to allow port 21 required by the FTP server and the port range 1024~65535 that may be occupied by the passive mode of the FTP server.

There are two configuration methods: (1) In the security group to which the Windows instance belongs, add inbound rules to allow port 21 and ports 1024~65535.

For details, see Adding Security Group Rules . (2) Configure the firewall inside the Windows instance. The firewall inside a Windows instance is disabled by default. If your firewall is enabled, you need to allow TCP port 21 and port 1024~65535 for FTP service. For details, see Setting the Firewall for Remote Connection of ECS Instances .

Use the add port rule in the second method :

Window icon Run ——> input wf.msc, in the pop-up Advanced Security Winodws Firewall window, click Inbound Rules , and then click New Rule , in the pop-up New Inbound Rule Wizard window, select Port , next step . In the pop-up window, select TCP , then add **specific local ports ( port 21 and port 1024~65535 )** fill in: 21, 1024-65535, next step . In the pop-up window, select Allow the connection and click Next . Just use the default configuration, the next step . In the pop-up window, fill in the rule name. Click Finish --> View Windows Firewall Properties to confirm whether the firewall is enabled. If the firewall is not enabled, select Enabled (recommended) . Tip : It is recommended to enable all the firewalls under the domain configuration file , private configuration file and public configuration file tabs.

Client test access to FTP site

Windows folder directories, command line tools, browsers, or third-party FTP connection tools can be used to test FTP servers. The example will use the local Windows host as the client to test access to the FTP site through the folder directory. On the local physical host, open the folder directory, and in the folder path, enter ftp://the public IP address of the FTP site: 21 to access. In the pop-up login identity dialog box, complete the login information settings, and then click Login . In the example, use the ftptest user name and corresponding password information to log in to the FTP site. You can create a new test folder test. Log in to the Windows instance again, and check that the test folder has been added to the ftp folder of the C drive, indicating that the FTP site is successfully built and file data can be transferred.

ECS Data Management Practice - Backup and Recovery

Partition the created data disk in ECS and mount it to ECS so that the data disk can be used for file storage; then, the user creates a snapshot of the ECS data disk and uses the snapshot to roll back the disk.

Data Disk Partitioning and Mounting

Query the data disks in the current system

fdisk -l

Partition the data disk:

fdisk /dev/vdb

The parameters that need to be entered in the pop-up command line are:

Command (m for help) input n; #Create a new partition

Command action input p; #Partition type is the primary partition (if you want to add an extended partition, press e)

Partition number (1-4, default 1) input 1;

Enter the carriage return directly at the First cylinder and Last cylinder, and use the default configuration;

Command (m for help) enter w to make the above configuration take effect. #Enter w to save and exit

Execute the following command again to query the data disks in the current system. If you see the information showing the partition /dev/vdb1, it means that the data disk partition is successful.

fdisk -l

Format the data disk:

mkfs.ext3 /dev/vdb1

Create directory /alidata:

mkdir /alidata

Then, mount the disk

mount /dev/vdb1 /alidata

Check disk usage.

df -h

Data disk snapshot creation and rollback

Enter the data disk/alidata directory.

cd /alidata

Create a file test.txt on the data disk, and write content into the file:

>test.txt
echo “Hello Aliyun”>test.txt

On the management page of the ECS instance, click the cloud disk , and the interface displays the disk information mounted to the ECS instance: data disk system disk. Click Create Snapshot on the right side of the data disk . Customize a snapshot name in the pop-up page, for example: sl001-ss. When finished, click [OK].

Return to the remote login tool of ECS. In the command line of ECS, use the following command to delete the file test.txt just created to simulate the situation of accidental data deletion

rm -f test.txt

By means of snapshot rollback, the disk is restored to the point in time that contains the deleted data, thereby recovering the data. Rolling back disks requires ECS to be in a stopped state. Click [Snapshot of this instance] to enter the snapshot page of ECS. Then, in the snapshot list on the right, find the created data disk snapshot, and click [Rollback Disk] to roll back the disk data.

After the ECS instance starts successfully, log in to the ECS instance remotely again, and use the command again to mount the data disk to /alidata.

mount /dev/vdb1/alidata

You will see that the accidentally deleted data test.txt file has been restored.

ls /alidata

Deploy Hadoop environment

Build Hadoop 3.3.0 pseudo-distributed environment based on CentOS7.7

Install JDK 1.8

1. Download the JDK1.8 installation package.

wget https://download.java.net/openjdk/jdk8u41/ri/openjdk-8u41-b04-linux-x64-14_jan_2020.tar.gz

2. Unzip the downloaded JDK1.8 installation package.

tar -zxvf openjdk-8u41-b04-linux-x64-14_jan_2020.tar.gz

3. Move and rename the JDK package.

mv java-se-8u41-ri/ /usr/java8

4. Execute the following command to configure Java environment variables.

echo 'export JAVA_HOME=/usr/java8' >> /etc/profile
echo 'export PATH=$PATH:$JAVA_HOME/bin' >> /etc/profile
source /etc/profile

5. Execute the following command to check whether Java is successfully installed.

java -version

Install Hadoop

Install Hadoop 3.3.0

1. Execute the following command to download the Hadoop installation package. Example installation hadoop-3.3.0 version

wget --no-check-certificate https://mirrors.tuna.tsinghua.edu.cn/apache/hadoop/common/hadoop-3.3.0/hadoop-3.3.0.tar.gz

2. Execute the following command to decompress the Hadoop installation package to /opt/hadoop

tar -zxvf hadoop-3.3.0.tar.gz -C /opt/
mv /opt/hadoop-3.3.0 /opt/hadoop

3. Execute the following command to configure Hadoop environment variables.

echo 'export HADOOP_HOME=/opt/hadoop/' >> /etc/profile
echo 'export PATH=$PATH:$HADOOP_HOME/bin' >> /etc/profile
echo 'export PATH=$PATH:$HADOOP_HOME/sbin' >> /etc/profile
source /etc/profile 

4. Execute the following commands to modify the configuration files yarn-env.sh and hadoop-env.sh

echo "export JAVA_HOME=/usr/java8" >> /opt/hadoop/etc/hadoop/yarn-env.sh
echo "export JAVA_HOME=/usr/java8" >> /opt/hadoop/etc/hadoop/hadoop-env.sh

5. Execute the following command to test whether Hadoop is installed successfully.

hadoop version

Configure Hadoop 3.3.0

1. Modify the Hadoop configuration file core-site.xml.

vim /opt/hadoop/etc/hadoop/core-site.xml

Insert the following content inside the node.

    <property>
    	<!-- 指定 hadoop 数据的存储目录 -->
        <name>hadoop.tmp.dir</name>
        <value>file:/opt/hadoop/tmp</value>
    </property>
    <property>
    	<!-- 指定 NameNode 的地址 -->
        <name>fs.defaultFS</name>
        <value>hdfs://localhost:9000</value>
    </property>

2. Modify the Hadoop configuration file hdfs-site.xml.

vim /opt/hadoop/etc/hadoop/hdfs-site.xml

Insert the following content inside the node.

    <property>
        <name>dfs.replication</name>
        <value>1</value>
    </property>
    <property>
        <name>dfs.namenode.name.dir</name>
        <value>file:/opt/hadoop/tmp/dfs/name</value>
    </property>
    <property>
        <name>dfs.datanode.data.dir</name>
        <value>file:/opt/hadoop/tmp/dfs/data</value>
    </property>

3. Modify the start-dfs.sh and stop-dfs.sh files.

Find the two files start-dfs.sh and stop-dfs.sh in the /opt/hadoop/sbin directory, and add the following content at the top of the file:

HDFS_DATANODE_USER=root
HADOOP_SECURE_DN_USER=hdfs
HDFS_NAMENODE_USER=root
HDFS_SECONDARYNAMENODE_USER=root

4. Modify the start-yarn.sh and stop-yarn.sh files.

Find the two files start-yarn.sh and stop-yarn.sh in the /opt/hadoop/sbin directory, and add the following content at the top of the file:

YARN_RESOURCEMANAGER_USER=root
HADOOP_SECURE_DN_USER=yarn
YARN_NODEMANAGER_USER=root

Configuring SSH password-free login

1. Execute the following commands to create public and private keys. hit enter

ssh-keygen -t rsa

2. Execute the following command to add the public key to the authorized_keys file.

cd .ssh
cat id_rsa.pub >> authorized_keys

Start Hadoop

1. Execute the following command to initialize namenode.

hdfs namenode -format

2. Execute the following commands in sequence to start Hadoop.

start-dfs.sh
start-yarn.sh

3. Execute the jps command to view the started processes. If RM, NM, NN, SNN, DN, JPS are displayed, it means Hadoop started successfully.

4. Open the browser and visit http://ECS public network address: 8088 and http://ECS public network address: 9870 to view the Hadoop web page

Quickly build a Docker environment

Based on CentOS 7.7

Install Docker CE 23.0.1

Docker has two branch versions: Docker CE and Docker EE, namely the community edition and the enterprise edition.

Install Docker's dependent libraries

yum install -y yum-utils device-mapper-persistent-data lvm2

Add the software source information of Docker CE. Add aliyun docker-ce yum source

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

After the source is successfully added, use the yum list command to view the list of installation package versions supported in the current docker source.

yum list docker-ce --showduplicates | sort -r

Install Docker CE

yum makecache fast #将软件包信息提前在本地索引缓存，提高搜索安装软件速度,执行命令可提升yum安装速度
yum -y install docker-ce

Or select the required docker version and install it through the yum install command.

yum install -y docker-ce.x86_64 3:20.10.16-3.el7 

Start the Docker service, and use the docker version command to view the docker version number

systemctl start docker
docker version
# Docker Engine Community 23.0.1

Configure the docker service to start automatically at boot. (optional)

systemctl enable docker.service

Configure Alibaba Cloud Mirror Warehouse (Mirror Acceleration)

The default official remote warehouse of Docker is hub.docker.com. Due to network reasons, it may take a long time to download an official Docker image, or even the download fails. To this end, Alibaba Cloud Container Mirroring Service ACR provides an official mirroring site to speed up the download of official mirroring. The Alibaba Cloud mirror warehouse is used below.

Copy the address of the container image service console, open a new tab in the FireFox browser, paste it, and access the cloud container image service console.

https://cr.console.aliyun.com/

In the left navigation pane of the Container Registry console, select Image Tools > Image Accelerator .

In the Accelerator area of ​​the Mirrored Accelerator page, click Copy Accelerator Address

Switch to the terminal page. Execute the following command to configure Docker's custom image warehouse address. Please replace the mirror warehouse address https://kqh8****.mirror.aliyuncs.com in the command with the dedicated mirror acceleration address provided by Alibaba Cloud in the previous step.

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://****.mirror.aliyuncs.com"]
}
EOF

# tee命令用于读取标准输入的数据，并将其内容输出成文件
# >表示覆盖原文件内容(文件的日期也会自动更新)>>表示追加内容(会另起一行，文件的日期也会自动更新)

Reload the service configuration file.

systemctl daemon-reload

Restart the Docker service.

systemctl restart docker

After the service restarts, you can use the following command to test whether the docker operating environment is successfully installed. Successful execution indicates that the docker installation and configuration are successful.

docker run hello-world

Download the Ubuntu container image and start it

Use the docker search command to find the required container image in the image source

docker search ubuntu

After finding the name of the required container image, it is usually necessary to further search for the version list of the image in the docker image source. Since docker itself does not directly provide the function of viewing the version, create a simple script docker-tags that can view the image version

vi docker-tags

Add to the docker-tags script

curl -s -S "https://registry.hub.docker.com/v2/repositories/library/$1/tags/?page=$2" |
sed -e 's/,/\n/g' -e 's/\[/\\\[\n/g' |
grep -E '"name":|"count":' |
sed -e 's/"//g' -e "s/name:/$1:/g" -e "s/{count:/$1总版本数-/"

After editing the docker-tags script, you need to modify the file permissions through chmod before it can be executed. After the permissions are modified, you can use the docker-tags script to query the latest version information of the relevant image.

chmod 777 docker-tags
./docker-tags ubuntu

After finding the image version information, you can pull the image from the docker image source to the local. Pull the pulled version directly when pulling the image, or pull the latest version by default without specifying the version.

docker pull ubuntu:jammy
# docker pull ubuntu

Use the docker images command to view the local image that has been pulled

docker images

To start a container, you first need to create a container based on the image, use the docker create command, and use the downloaded ubuntu image to create a container.

Note: Because you want to create an ubuntu container that can run persistently, you need to add the -it parameter .

docker create -it ubuntu

After the container is successfully created, you can use the docker ps command to view existing containers

Note: If docker ps will only show running containers by default. If you want to view containers in all states, you need to add the -a parameter.

docker ps -a
# CONTAINER ID表示系统为容器创建的ID，IMAGE为容器的镜像名称。STATUS表示容器当前的状态。NAMES为容器的名称。使用默认的docker create命令所创建的容器并没有指定名称，因此docker会为容器生成一个随机的名字。如果用户想创建指定名称的容器，则可以使用-name参数。注意如果用户制定了容器名，则要注意容器不要重名，否则会创建失败
docker create -it --name ubuntu-1 ubuntu
docker ps -a

After the container is created, you can use the docker start command to start the container. After the container is started successfully, you can use the docker ps command to view changes in the container status. Here we should pay attention: the multiple containers created by the same image are not related.

docker start ubuntu-1
docker ps -a 

The above steps are the standard process for docker container creation. In actual operation, it is cumbersome to use standard steps to create a startup container, so docker provides a more convenient command docker run .

When using the docker run command, docker will automatically complete the work of downloading images, creating containers, and starting containers . Through the following command, you can download the container image of busybox, create a container named busyboxdebian-1, start the container and run all the functions in the background.

docker run -itd --name busybox-1 busybox	#许多Docker镜像使用BusyBox为您提供最小镜像。
docker ps -a 

Before operating the container, check the host operating system with

lsb_release -a

Host network information

ifconfig
# 出现docker 0

First create a new ubuntu container with docker run and start

docker run -itd --name ubuntu-2 ubuntu

After the container is created, use the docker exec command to start the bash console program on the ubuntu-2 container to operate the container.

docker exec -it ubuntu-2 bin/bash

The prompt line prompt changes after the command is executed. This indicates that the current user is already operating the operating system in the container.

At this time, check the status of the operating system through lsb_release. It will show that the command cannot be found, because the ubuntu installed through the container is a minimalist version, and no unnecessary commands are installed. Therefore, you need to use the apt-get command to install common commands first. This step may have a relatively large delay due to the influence of network speed.

apt-get update
apt-get install -y lsb-core net-tools vim --fix-missing

View the status and network status of the container operating system. Discovery and host information are different.

lsb_release -a
ifconfig

Want to fall back to the host OS from the container OS. Just enter the exit command.

When the user uses docker run to create a container, if the -d parameter is not used. After the container is successfully started, it will automatically enter the container operating system console. However, after this method enters the container operating system, if exit is used to exit, the container will be closed.

docker run -it --name temp ubuntu 
exit
docker ps -a 

Container Pause, Resume, Start, Stop, Delete

for started containers. We can use the docker pause/unpause command to pause/resume the container. When the container is suspended, the service in the container will be suspended, and the service will resume when the container is resumed.

Create new ubuntu container. After the creation is successful, enter the container console and install the necessary applications

docker run -itd --name ubuntu-3 ubuntu
docker exec -it ubuntu-3 /bin/bash
apt-get update
apt-get install -y python3 net-tools curl

Start a default python3 http server in the container. And set the server to run in the background. After the service starts, test the running status of the service through curl.

nohup python3 -m http.server 8000 &
curl 127.0.0.1:8000 

After successfully testing the http service inside the container, the next step is to test the http service in the host. Before that, we first display and record the ip address of the container through the ifconfig command. Then exit the container's console.

ifconfig
exit

In the host console, also use the curl command to access the http service in the container. It should be noted that: in the host, we need to access the service in the container through the IP address of the container.

curl [容器IP]:8000 

In addition to curl, you can also use the docker top command to view the specific processes running in the container.

docker top ubuntu-3

Use the docker pause command to suspend the running of the container. After the container is paused, use the docker top command to view the processes in the container. It is found that the process still exists, and then the http service is tested through curl, and it is found that there is no response, which proves that the service has stopped.

docker pause ubuntu-3
docker ps -a
curl [容器IP]:8000
Ctrl+C

Use the docker unpause command to resume the container operation, test the http service, and find that the access has been restored.

docker unpause ubuntu-3
curl [容器IP]:8000 

After the container is restarted, the applications running inside the container will be stopped. It is similar to restarting a physical machine.

Show running containers and running applications in containers

docker ps -a 
docker top ubuntu-3

The docker stop command stops the service and uses docker ps -a to view the container status. It is found that the status of the container has changed to Exited. Use docker start or docker restart to restart the container. After the container restarts, use docker top and curl to test the http service in the container, and find that the service no longer exists.

docker restart ubuntu-3
docker top ubuntu-3
curl [容器IP]:8000

Although docker stop will stop the service in the container, it will not release the system resources occupied by the container. Therefore, you can use the docker rm command to delete the container that is no longer needed. The docker rm command can use the CONTAINER ID or NAME as a parameter. If the status of the container is not stopped. You need to add the –force parameter to delete it.

docker rm --force [CONTAINER ID]
# 或者 docker rm --force ubuntu-3 

Management of container images

Download the image to the local docker through the mirror warehouse through docker pull. But this method needs to ensure that the server can access the external network and the access speed is guaranteed. If the user wishes to obtain an image when the network condition is not good, the method of saving and loading the image can be adopted . First of all, we can export one or more images inside docker into files through the docker save command. The following command exports the two images of nginx and hello-world to the images.tar file.

docker pull hello-world
docker pull nginx
docker save -o images.tar nginx hello-world 
ll images.tar

Delete the existing two images from within docker. Prepare for subsequent mirror reads. docker rmi : Delete one or more local images.

docker rmi hello-world
docker rmi nginx
docker images 

Import the two images in images.tar back into docker through the docker load command. It is possible to update the image without network access. It should be noted that if the relevant image already exists inside docker, the image in the file will be ignored.

docker load -i images.tar
docker images 

The image saving and loading inside docker can be realized through the method of docker save and docker load.

For the created container, you can use the method of exporting the snapshot of the container to realize backup or save.

First create a container ubuntu-3, and then create a text file in ubuntu-3. Here you can use the docker exec bash -c method to execute directly on the host command line.

docker run -itd --name ubuntu-3 ubuntu
docker exec ubuntu-3 bash -c "echo snapshot > snapshot.txt"
docker exec ubuntu-3 bash -c "cat snapshot.txt"

Use the docker export command to export the container to a file in the form of a snapshot.

docker export ubuntu-3 > ubuntu-snapshot.tar
ll ubuntu-snapshot.tar

For container snapshot files. It can be imported into docker through the docker import command. Special attention is paid to the fact that docker import imports snapshots in the form of images rather than containers. That is to say, the imported snapshot cannot be run directly, but the container needs to be created again based on the snapshot image before it can be used.

docker import ubuntu-snapshot.tar ubuntu-snapshot:latest
docker images

Create a new container using the imported snapshot image. And verify that the container created by the snapshot contains the files created in the previous container.

docker run -itd --name snapshot ubuntu-snapshot /bin/bash
docker exec snapshot cat snapshot.txt

Install Nginx service using Docker

View the available versions of Nginx in the Docker mirror warehouse

docker search nginx

Pull the latest version of Nginx image

docker pull nginx:latest

View local mirror

docker images

run container

docker run --name nginx-test -p 8080:80 -d nginx

Command parameter description:

• –name nginx-test: container name
• -p 8080:80: Port mapping, mapping the local port 8080 to port 80 inside the container
• -d nginx: set the container to run in the background all the time

# 查看运行中的容器
docker ps -a

Open a new tab in the browser, and enter http://<ECS public network address>:8080 in the address bar to access the Nginx service

Enter the Docker container system that starts nginx

docker exec -it nginx-test /bin/bash

Customize Dockerfile and build image

Dockerfile is a text file used to build a mirror, and the text content contains instructions and instructions for building a mirror.

Write a Dockerfile file, the file name is Dockerfile, and the content is as follows:

FROM centos:centos7
MAINTAINER myname <[email protected]>
# 安装工具包
RUN yum install -y gcc-c++  pcre pcre-devel zlib zlib-devel openssl openssl-devel
# 安装nginx1.14.2
RUN useradd -M -s /sbin/nologin nginx
COPY ./nginx-1.14.2.tar.gz /opt/
WORKDIR /opt/
RUN tar zxvf nginx-1.14.2.tar.gz
RUN mkdir -p /usr/local/nginx
RUN cd nginx-1.14.2 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module  --with-http_sub_module && make && make install
RUN rpmkeys --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 && yum -y update && yum clean all
# 设置启动脚本
RUN mkdir -p /opt/work/bin
COPY ./start.sh /opt/work/bin
WORKDIR /opt/work/bin
RUN chmod -R 755 /opt/work/bin
# 定义要暴露的端口
EXPOSE 80
# 启动nginx脚本
CMD ["./start.sh"]

Build a custom mirror and download the required nginx-1.14.2 source package

wget http://nginx.org/download/nginx-1.14.2.tar.gz

Create a start.sh file with the following content:

 #!/bin/bash 
/usr/local/nginx/sbin/nginx -g "daemon off;"

Build a mirror (note that there is a "dot" after the command) The docker build command is used to create a mirror using a Dockerfile.

docker build -t my-nginx-server . 

docker images

Start the container

docker run -p 8080:80 --name my_nginx2 -d my-nginx-server

docker ps -a

Build ELK based on Docker (Elasticsearch, Logstash, Kibana)

Download the required mirror

docker pull elasticsearch

docker pull kibana

docker pull logstash

docker pull nginx

docker images

Deploy Elasticsearch

Modify the JVM heap size. By default, the heap size used by Elasticsearch's JVM is 2GB. You can modify the default parameters of ES's jvm

find /var/lib/docker/overlay2/ -name jvm.options
# 修改相应的配置文件
# -Xms2g 改为 -Xms1g
# -Xmx2g 改为 -Xmx1g

Adjust vm.max_map_count size

vim /etc/sysctl.conf
# 末尾添上 vm.max_map_count=262144
sysctl -p	#从指定的文件加载系统参数，如不指定即从/etc/sysctl.conf中加载

Start the elasticsearch container

docker run --name elasticsearch -v "$PWD/esdata":/usr/share/elasticsearch/data -p 9200:9200 -d elasticsearch

docker logs elasticsearch
curl http://localhost:9200

deploy logstash

Create logstash configuration file

mkdir -p /docker/config/logstash/

vim /docker/config/logstash/logstash.conf

Create a configuration file logstash.conf in the /docker/config/logstash/ directory, the content is as follows:

input {
     beats {
         port => 5044
         type => beats
     }
}

output {
     elasticsearch {
         hosts => ["elasticsearch:9200"]
     }
}

Start the logstash container

docker run --name logstash --link elasticsearch:elasticsearch -p 5044:5044 -d -v /docker/config/logstash:/config-dir logstash -f /config-dir/logstash.conf

docker logs logstash

Deploy nginx application

docker run -e TZ="Asia/Shanghai" -d -p 80:80 -v "$PWD/logs":/var/log/nginx --name nginx nginx

deploy filebeat

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.2-x86_64.rpm

rpm -ivh filebeat-7.4.2-x86_64.rpm

vim /etc/filebeat/filebeat.yml
grep -Ev '#|^

# 修改 filebeat.inputs中的enable为true，paths改为——root/logs/*.log
# output.logstash中hosts:["localhost:5044"]

Start the filebeat service

systemctl restart filebeat

systemctl enable filebeat

departmentkibana

docker run --name kibana --link elasticsearch:elasticsearch -p 5601:5601 -d kibana

docker ps -a

Visit kibana http://[ECS public network address]:5601/, create an Index pattern, and use Discover to view the collected log information.

Build Zabbix based on Docker

Download the image required for the experiment

docker pull mysql:5.7

docker pull zabbix/zabbix-server-mysql:centos-latest

docker pull zabbix/zabbix-web-nginx-mysql:latest

docker pull zabbix/zabbix-java-gateway:latest

docker images

Deploy Zabbbix

Create a Docker network

docker network create -d bridge zabbix
docker network ls

Start the mysql container

docker run -dit -p 3306:3306 --name zabbix-mysql --network zabbix -v /etc/localtime:/etc/localtime --restart always  -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix-password" -e MYSQL_ROOT_PASSWORD="root-password" mysql:5.7

docker run -dit -p 10051:10051 --mount source=zabbix-server-vol,target=/etc/zabbix -v /etc/localtime:/etc/localtime --name=zabbix-server --restart=always --network zabbix -e DB_SERVER_HOST="zabbix-mysql" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e  MYSQL_PASSWORD="zabbix-password" -e MYSQL_ROOT_PASSWORD="root-password" -e ZBX_JAVAGATEWAY="zabbix-java-gateway" zabbix/zabbix-server-mysql:centos-latest

docker run -dit -p 8080:8080 -v /etc/localtime:/etc/localtime --name zabbix-web --restart=always --network zabbix -e DB_SERVER_HOST="zabbix-mysql" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix-password" -e  MYSQL_ROOT_PASSWORD="root-password" -e ZBX_SERVER_HOST="zabbix-server" zabbix/zabbix-web-nginx-mysql:latest

Deploy a highly available architecture

Based on four ECS instances configured with CentOS 7.7, one load balancing SLB instance , one cloud database RDS MySQL , elastic public network IP and data transmission services (RDS+DTS data transmission+EIP) to deploy a multi-zone high-availability architecture.

Configure SLB instances (for mounting multiple ECS instances across availability zones)

Access the elastic public network IP console --> select

https://vpc.console.aliyun.com/eip/

Bind the EIP to the SLB instance :

On the EIP page, find your EIP instance, click Bind Resource under the Operation column , select SLB SLB instance as the instance type , and select your SLB SLB instance in the Select instance to bind area , click OK.

Wait until the IP status changes to Allocated, which means you have successfully assigned the EIP to your SLB instance.

Configure an SLB instance :

Access the load balancer management console

https://slbnew.console.aliyun.com/slb/overview

Select Traditional Load Balancer CLB (formerly SLB) > Instance Management . Find your load balancing SLB instance, and click to start configuration .

On the Protocol & Listening tab, select HTTP for the load balancing protocol , enter 80 for the listening port , click Modify on the right side of Advanced Configuration , select Round Robin (RR) for the scheduling algorithm , use default values ​​for other configurations, and click Next . On the Backend Server tab, select the default server group , and click Continue to add . In Select Server in the My Server panel , select all your ECS instances and click Next . In the configuration port and weight of my server panel , keep the default configuration and click Add . On the Backend Server tab, set the port of all servers to 80, and click Next . The health check tab and the configuration audit tab keep the default configurations. In the load balancing service configuration wizard dialog box, wait for the configuration to succeed.

When the health check status is normal, it means that the backend ECS instance can process the requests forwarded by load balancing normally. Open a new tab in the FireFox browser and visit http://<IP address of the elastic public network>. Refresh the page several times. Since the scheduling algorithm is round robin, you can see that the request will be sent to each ECS instance in turn, indicating that the SLB has been configured successfully. Randomly select the ECS instance to stop, refresh http://<IP address of the elastic public network>, you can see that the request will be sent to the ECS instance with normal instance status in turn. It can be reflected that when the server ECS is down, the overall business scenario will not be affected.

Migrating a self-built database to an RDS instance

Use the data transfer service to migrate the self-built MySQL database on the ECS instance to the RDS instance.

Self-built MySQL database on ECS

Use the root user to log in to the database, the example is MySQL 5.7.36

mysql -uroot -p12345678

Modify the password security policy to low, only verify the password length, at least 8 characters

set global validate_password_policy=0; 

Create user dts for the database named bakery. The user created in the example is dts, and the password is 12345678.

grant all on *.*  to 'dts'@'%'  IDENTIFIED BY '12345678';
FLUSH PRIVILEGES;

mysql -udts -p12345678

There are customer tables, product tables and corresponding data in the test example database bakery.

Create account and data for RDS instance

Access the RDS management console

https://rdsnext.console.aliyun.com/

Click the instance list , find the RDS instance, click the instance ID , on the left, click Account Management , and create an account . For example, enter lab_user for the database account , select common account for the account type , and enter Passw0rd for the password. Database management, create a database , for example, enter lab_db for the database (DB) name , select lab_user (ordinary account) for the authorized account , and click Create . Go back to the account management page to authorize the database, and modify the permissions to authorize.

Use the data transfer service DTS to migrate the self-built database on the ECS instance to the RDS instance

Access the Data Transfer Console

https://dts.console.aliyun.com/

On the left console, click Data Migration , on the Data Migration page, select a region in the migration task list , and then click Configure Migration Task .

In the source database information area of ​​the source database and target database tab , configure the following parameter information, and click Test Connection .

Description of source library parameters:

• Task name : Custom setting data transfer DTS task name
• Instance type : select self-built database on ECS
• Instance region : select the region where the cloud server ECS instance is located
• ECS Instance ID : Select the ECS-1 instance ID of the cloud server
• Database type : select MySQL
• Port : Enter 3306
• Database account : enter dts
• Database password : enter 12345678

Target library parameter description:

• Instance type : select RDS instance
• Instance Region : Select the region where your RDS instance is located
• RDS instance ID : select your RDS instance ID
• Database account : enter lab_user
• Database password : enter Passw0rd

In the DTS server access authorization dialog box, click Next , click the Migration Type and List tab, click the bakery database in the migration object , and click the right icon. When the bakery database appears in the selected object, click Pre-check and start . In the pre-check dialog box, click Next

Go back to the data migration page, select a region in the migration task list , and click Refresh . Wait for 3-4 minutes, and the status of the migration task changes to Successful, indicating that the data migration is complete.

Verify the RDS instance :

Switch to the RDS management console tab, and click Login Database . Enter lab_user for the database account, Passw0rd for the database password, and click Test Connection to see two tables, such as customer and product, indicating that the data in the self-built database on the ECS instance has been successfully migrated to the RDS instance.