Bootstrap

Debian12使用文档

1、系统安装与升级

  • Debian官方下载首页:https://www.debian.org/download
  • Debian12版本下载地址:https://www.debian.org/releases/bookworm/debian-installer/
  • Debian当前最新版下载地址:https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/
  • Debian12.4.0版本下载地址:https://cdimage.debian.org/debian-cd/12.4.0-live/amd64/iso-hybrid/
  • Debian12官方安装手册:https://www.debian.org/releases/bookworm/amd64/

2、环境配置

2.1 安装wget命令

如果已安装wget,终端将会输出wget: missing URL,否则将提示你wget command not found

先运行命令sudo apt udpate更新软件源列表缓存,然后运行命令sudo apt install wget安装wget命令,安装完成后,请再次运行命令wget验证安装是否正确。

sudo apt update
sudo apt install wget

2.2 安装vim

安装vim:sudo apt-get install vim

2.2.1 vim编辑文件支持中文

问题:在Linux系统下,使用cat查看含有中文的文本文件正常,但是使用vim打开却是乱码

解决方法:

  • 方法一:在文件中设定。在vim的退出模式下 :set encoding=utf8

  • 方法二:修改 /etc/vim/vimrc 文件,在 /etc/vim/vimrc 文件末尾加上

# vim编辑文件支持中文
## 该选项是vim写入文件时采用的编码类型
set fileencodings=utf-8,ucs-bom,gb18030,gbk,gb2312,cp936
## 该选项代表输出到客户终端(Term)采用的编码类型。
set termencoding=utf-8
## 该选项使用于缓冲的文本(你正在编辑的文件),寄存器,Vim 脚本文件等等。可以把 ‘encoding’ 选项当作是对 Vim 内部运行机制的设定
set encoding=utf-8

参考网址:

  1. https://blog.csdn.net/Artisan_w/article/details/132300118

2.3 开启root远程连接

在Debian服务器上安装配置SSH服务器
  1. 安装SSH

注意:如果使用的是WSL安装的ubuntu/debian,那么你需要先卸载:sudo apt-get remove openssh-server,然后重新安装:sudo apt-get install openssh-server

安装完成后 SSH 服务默认开启,也可通过如下命令手动启动:

sudo systemctl start ssh.service
  1. 安装vim:sudo apt-get install vim

  2. 在Linux上建立SSH安全连接的设置:vim /etc/ssh/sshd_config

#PermitRootLogin prohibit-password
## yes=允许root用户登录, no=禁止root用户登录
PermitRootLogin yes

#PasswordAuthentication yes
PasswordAuthentication yes

其它配置:

# 禁止使用空密码登录
PermitEmptyPasswords no
# 限制登录/访问尝试次数
MaxAuthTries 5
# 使用SSH Version 2
Protocol 2
# 更改默认SSH端口:默认SSH连接端口是22,因此需要更改默认端口以确保SSH安全性。
port 6000
# 关闭TCP端口转发和X11转发
X11Forwarding no
AllowTcpForForwarding no
# 设置空闲超时时间间隔:在通过SSH远程连接服务器后,可以设置一个空闲超时时间间隔,在定义的一段不活动时间(例如:120秒)后,连接将被终止。
ClientAliveInterval 120
# 使用SSH密钥连接

设置完毕后,按ESC键,输入:wq保存退出即可。

4.重启SSH服务器

sudo /etc/init.d/ssh restart
或
sudo systemctl restart sshd.service

参考网址:

  1. https://blog.csdn.net/u013541325/article/details/128519316
  2. https://blog.csdn.net/m0_55905467/article/details/133840086

2.4 让Debian支持ll命令

ll并不是linux下一个基本的命令,它实际上是ls -l的一个别名。

Debian/Ubuntu默认不支持命令ll,必须用 ls -l,这样使用起来不是很方便。

如果要使用此命令,可以作如下修改:

让root用户支持ll命令

进入root用户根目录,使用 vim 编辑.bashrc配置文件

root@debian:~# cd
root@debian:~# 
root@debian:~# vim .bashrc

找到如下内容:

# You may uncomment the following lines if you want `ls' to be colorized:
# export LS_OPTIONS='--color=auto'
# eval "$(dircolors)"
# alias ls='ls $LS_OPTIONS'
# alias ll='ls $LS_OPTIONS -l'
# alias l='ls $LS_OPTIONS -lA'

将上面ll那一行的#注释去掉,然后执行 source .bashrc 命令使配置生效

让普通用户支持ll命令

进入当前用户目录,使用vim 编辑.bashrc配置文件

wywuzh@debian:~$ vim .bashrc

找到.bashrc配置文件如下几行:

# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'

将上面ll那一行的#注释去掉,如果还想使用la命令,也可以将la那一行前面的#注释去掉。保存然后重启就好了。

参考网址

  1. https://blog.csdn.net/weixin_40517703/article/details/104367332
  2. https://blog.51cto.com/u_14286115/3326421
  3. https://blog.csdn.net/weixin_42118716/article/details/108192826

2.5 安装防火墙

2.5.1 iptables、firewalld、ufw介绍

iptables、firewalld、ufw都不是防火墙,他们都只是管理防火墙的工具、服务而已!

iptables、firewalld、ufw 都是Linux系统中常用的防火墙软件,它们之间的区别如下:

  • iptables: iptables 是Linux系统中最原始、最基础、最底层的防火墙软件,它可以直接配置Linux内核中的网络规则,控制网络数据包的流动。由于iptables配置比较复杂,需要对网络协议和规则有深入的了解,所以对于普通用户来说使用较为困难。
  • firewalld:firewalld 是Red Hat公司在RHEL7中引入的一种新型防火墙软件,它是iptables的高级封装,提供了更加友好的界面以及更加简单的配置方式。firewalld支持动态添加或删除规则,可以在运行时实时更新防火墙规则,并且支持多种网络接口的管理和控制。
  • ufw:ufw (Uncomplicated Firewall) 是Ubuntu中的一种简单易用的防火墙软件,它是iptables的又一种高级封装,提供了更加易于使用的命令行界面和配置文件。ufw配置简单,支持多种规则类型,例如允许、拒绝、限制等,可以快速地配置常见的网络服务和端口。

总的来说,iptables是最基础的防火墙软件,需要对网络协议和规则有深入的了解;firewalld是iptables的高级封装,提供了更加友好的界面和更加简单的配置方式;ufw是iptables的又一种高级封装,提供了更加易于使用的命令行界面和配置文件。选择哪种防火墙软件取决于用户的需求和经验水平。

2.5.2 安装防火墙iptables

iptables是Linux系统中常用的防火墙软件,可以用于保护服务器安全。

如果安装了ufw,那么在开始手动配置iptables前,需要卸载ufw。"使用ufw"和"手动配置iptables"可能会发生冲突,因此只能选择其中一个,放弃另一个

root@debian:~# apt remove ufw
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'ufw' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

安装iptables防火墙

root@debian:~# apt install iptables-persistent
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  netfilter-persistent
The following NEW packages will be installed:
  iptables-persistent netfilter-persistent
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 16.4 kB of archives.
After this operation, 89.1 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 netfilter-persistent all 1.0.20 [7384 B]
Get:2 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 iptables-persistent all 1.0.20 [9000 B]
Fetched 16.4 kB in 0s (96.7 kB/s)            
Preconfiguring packages ...
Selecting previously unselected package netfilter-persistent.
(Reading database ... 163007 files and directories currently installed.)
Preparing to unpack .../netfilter-persistent_1.0.20_all.deb ...
Unpacking netfilter-persistent (1.0.20) ...
Selecting previously unselected package iptables-persistent.
Preparing to unpack .../iptables-persistent_1.0.20_all.deb ...
Unpacking iptables-persistent (1.0.20) ...
Setting up netfilter-persistent (1.0.20) ...
Created symlink /etc/systemd/system/iptables.service -> /lib/systemd/system/netfilter-persistent.service.
Created symlink /etc/systemd/system/ip6tables.service -> /lib/systemd/system/netfilter-persistent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/netfilter-persistent.service -> /lib/systemd/system/netfilter-persistent.service.
Setting up iptables-persistent (1.0.20) ...
Processing triggers for man-db (2.11.2-2) ...

查看防火墙状态

root@debian:~# systemctl status iptables
* netfilter-persistent.service - netfilter persistent configuration
     Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/netfilter-persistent.service.d
             `-iptables.conf
     Active: active (exited) since Thu 2023-12-07 21:13:57 CST; 12h ago
       Docs: man:netfilter-persistent(8)
   Main PID: 3562 (code=exited, status=0/SUCCESS)
        CPU: 5ms

Dec 07 21:13:57 debian systemd[1]: Starting netfilter-persistent.service - netfilter persistent configuration...
Dec 07 21:13:57 debian netfilter-persistent[3564]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Dec 07 21:13:57 debian netfilter-persistent[3565]: Warning: skipping IPv4 (no rules to load)
Dec 07 21:13:57 debian netfilter-persistent[3564]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Dec 07 21:13:57 debian netfilter-persistent[3566]: Warning: skipping IPv6 (no rules to load)
Dec 07 21:13:57 debian netfilter-persistent[3566]: /usr/share/netfilter-persistent/plugins.d/25-ip6tables: 39: cannot open /etc/iptables/r>Dec 07 21:13:57 debian netfilter-persistent[3566]: Error: IPv6 rules failed test load. New rules NOT loaded
Dec 07 21:13:57 debian systemd[1]: Finished netfilter-persistent.service - netfilter persistent configuration.

注意事项:

  1. 在debian系统中,iptables本身并不是一个进程,因而没有reload/restart等说法。
iptables的基本概念

iptables是Linux系统中的一种防火墙软件,它可以用于过滤网络数据包,保护服务器安全。iptables的基本概念包括:

  • 链(Chain):链是iptables中的一种规则集合,用于过滤网络数据包。iptables中有五种默认链:INPUTOUTPUTFORWARDPREROUTINGPOSTROUTING
  • 规则(Rule):规则是iptables中的一种过滤规则,用于过滤网络数据包。规则由匹配条件和动作组成,匹配条件可以是源IP地址、目标IP地址、端口号等,动作可以是允许通过、拒绝通过等。
  • 表(Table):表是iptables中的一种规则集合,用于管理链和规则。iptables中有四种默认表:filternatmangleraw
iptables的使用方法

在Debian系统中,可以使用iptables命令进行防火墙配置。iptables命令的基本语法如下:

iptables [-t 表名] 命令 [链名] [规则]

其中:-t选项用于指定表名,命令可以是-A(添加规则)、-D(删除规则)、-I(插入规则)、-P(设置默认策略)等,链名可以是INPUTOUTPUTFORWARD等,规则可以是匹配条件和动作。

在使用iptables命令进行防火墙配置时,需要注意以下几点:

  • 需要使用root权限进行操作。
  • 需要注意规则的顺序,规则的匹配顺序是从上到下。
  • 需要注意规则的动作,动作可以是ACCEPT(允许通过)、DROP(拒绝通过)等。
iptables的常用命令

查看和修改iptables规则:

  • iptables -L:列出当前所有规则;
  • iptables -L -n:列出所有防火墙规则,并显示端口号;
  • iptables -L -v:列出所有防火墙规则,并显示端口号;
  • iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT:允许来自于192.168.1.0/24网段的数据包通过;
  • iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT:允许发往192.168.1.0/24网段的数据包通过;
  • iptables -D INPUT -s 192.168.1.0/24 -j ACCEPT:删除来自于192.168.1.0/24网段的允许规则。

清空iptables规则:

  • iptables -F:清空所有规则;
  • iptables -X:删除所有用户自定义链;
  • iptables -Z:将所有计数器归零。

保存和恢复iptables规则:

  • iptables-save > /etc/sysconfig/iptables:将当前iptables规则保存到文件中;
  • iptables-restore < /etc/sysconfig/iptables:从文件中恢复iptables规则。

需要注意的是,iptables的配置需要根据实际情况进行调整,不正确的配置可能会导致网络连接失败或者安全漏洞。建议在配置防火墙前先备份配置文件,以免误操作导致不可挽回的后果。

使用案例
示例1:允许SSH连接

在这个示例中,我们将配置iptables,允许SSH连接。可以按照以下步骤进行操作:

添加规则:使用iptables命令添加一条规则,允许SSH连接。

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

保存规则:使用iptables-save命令保存规则。

iptables-save > /etc/iptables/rules.v4

在这个示例中,我们使用iptables命令添加了一条规则,允许SSH连接,并使用iptables-save命令保存规则。

示例2:拒绝ICMP数据包

在这个示例中,我们将配置iptables,拒绝ICMP数据包。可以按照以下步骤进行操作:

添加规则:使用iptables命令添加一条规则,拒绝ICMP数据包。

iptables -A INPUT -p icmp -j DROP

保存规则:使用iptables-save命令保存规则。

iptables-save > /etc/iptables/rules.v4

在这个示例中,我们使用iptables命令添加了一条规则,拒绝ICMP数据包,并使用iptables-save命令保存规则。

示例3:完整案例
  1. 添加规则:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 50237 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j ACCEPT
iptables -A INPUT -p tcp --dport 8848 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
  1. 查看当前所有规则:
root@debian:~# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
 109K 1248M ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:50237
 563K 4800M ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8000
   36  2994 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http
 132K 8095K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http-alt
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:redis
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8848
   70  5020 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:mysql
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:2181

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
root@debian:~# 
  1. 执行iptables-save > /etc/iptables/rules.v4命令保存规则:
root@debian:~# iptables-save > /etc/iptables/rules.v4
  1. 查看已保存的规则:
root@debian:~# cat /etc/iptables/rules.v4 
# Generated by iptables-save v1.8.9 (nf_tables) on Fri Dec 29 14:08:30 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50237 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 6379 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8848 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2181 -j ACCEPT
COMMIT
# Completed on Fri Dec 29 14:08:30 2023
注意事项

在使用iptables进行防火墙配置时,需要注意以下事项:

  • 需要使用root权限进行操作。
  • 需要注意规则的顺序和动作,规则的匹配顺序是从上到下,动作可以是ACCEPT、DROP等。
  • 需要注意保存规则,以免重启后规则失效。

参考网址:

  1. https://pythonjishu.com/ohxpkizexcgavba/
  2. https://blog.csdn.net/TXuing/article/details/126021163
  3. https://zhuanlan.zhihu.com/p/591442638
  4. https://blog.csdn.net/m0_69057918/article/details/131229521

2.6 设置静态IP

展示可用的以太网网络

root@debian:~# ip -c link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:65:47:f8 brd ff:ff:ff:ff:ff:ff
    altname enp2s1

显示网络列表

root@debian:~# ip -br -c link show
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
ens33            UP             00:0c:29:65:47:f8 <BROADCAST,MULTICAST,UP,LOWER_UP> 
root@debian:~# 

查询指定网路的ip信息

root@debian:~# ip -c addr show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:65:47:f8 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 172.20.10.8/28 brd 172.20.10.15 scope global dynamic noprefixroute ens33
       valid_lft 1718sec preferred_lft 1718sec
    inet6 fe80::20c:29ff:fe65:47f8/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
root@debian:~# 

备份网络接口配置文件

root@debian:~# cp -rf /etc/network/interfaces /www/tools/
root@debian:~# ll /www/tools/
total 1211480
-rw-r--r-- 1 root root        240 Jan  4 15:34 interfaces
root@debian:~# 

执行vim /etc/network/interfaces命令,编辑网络接口配置信息

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# 固定IP
## 开机自启
auto ens33
## 开启配置热生效
allow-hotplug ens33
## static静态,dhcp动态
iface ens33 inet static
## 静态IP地址
address 172.20.10.8
## 子网掩码
netmask 255.255.255.240
## 默认网关
gateway 172.20.10.2

执行vim /etc/resolv.conf命令,修改DNS配置文件

# Generated by NetworkManager
#search localdomain
nameserver 172.20.10.2
nameserver 8.8.8.8

执行systemctl restart networking.service命令,重启网络:

root@debian:~# systemctl restart networking.service
root@debian:~# systemctl restart networking.service
Job for networking.service failed because the control process exited with error code.
See "systemctl status networking.service" and "journalctl -xeu networking.service" for details.
root@debian:~# vim /etc/network/interfaces
root@debian:~# systemctl restart networking.service
Job for networking.service failed because the control process exited with error code.
See "systemctl status networking.service" and "journalctl -xeu networking.service" for details.
root@debian:~# sudo systemctl restart networking.service
Job for networking.service failed because the control process exited with error code.
See "systemctl status networking.service" and "journalctl -xeu networking.service" for details.
root@debian:~# systemctl status networking.service
x networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Thu 2024-01-04 16:35:31 CST; 4min 27s ago
   Duration: 23min 23.669s
       Docs: man:interfaces(5)
    Process: 5827 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=1/FAILURE)
    Process: 5890 ExecStopPost=/usr/bin/touch /run/network/restart-hotplug (code=exited, status=0/SUCCESS)
   Main PID: 5827 (code=exited, status=1/FAILURE)
        CPU: 69ms

Jan 04 16:35:31 debian systemd[1]: Starting networking.service - Raise network interfaces...
Jan 04 16:35:31 debian ifup[5842]: RTNETLINK answers: File exists
Jan 04 16:35:31 debian ifup[5827]: ifup: failed to bring up ens33
Jan 04 16:35:31 debian systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Jan 04 16:35:31 debian systemd[1]: networking.service: Failed with result 'exit-code'.
Jan 04 16:35:31 debian systemd[1]: Failed to start networking.service - Raise network interfaces.
root@debian:~# 

如果出现如下信息,可通过ip addr flush dev ens33 && /etc/init.d/networking restart命令直接启动。

root@debian:~# ip addr flush dev ens33 && /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.
root@debian:~# 
  • ip addr flush dev ens33单独命令会断开远程连接
  • ens33是网卡名,根据自己的网卡更改名字

参考网址:

  1. https://blog.csdn.net/qq_30818545/article/details/128684541
  2. https://www.cnblogs.com/chenxii81/p/17658501.html
  3. https://blog.csdn.net/u014756339/article/details/100139803

3、Java环境配置

3.1 安装JDK

  1. 把从Oracle官网下载的jdk-8u391-linux-x64.tar.gz安装包传到/www/tools目录

  2. 新建/usr/local/java/文件夹

mkdir -p /usr/local/java/
  1. 将JDK包解压到 /usr/local/java/ 文件夹下面
root@debian:/www/tools# tar -xzvf jdk-8u391-linux-x64.tar.gz -C /usr/local/java/

查看解压后的JDK名称

root@debian:/www/tools# ll /usr/local/java/
total 4
drwxr-xr-x 8 root root 4096 Dec  7 12:46 jdk1.8.0_391
root@debian:/www/tools# 
  1. 配置环境变量
root@debian:/www/tools# vim /etc/profile
## JDK环境变量
export JAVA_HOME=/usr/local/java/jdk1.8.0_391
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH
  1. 重新加载配置命令
root@debian:/www/tools# source /etc/profile

说明:/etc/profile 是一个系统级别的配置文件,在登录时被读取并应用于所有用户的环境。通过运行 source /etc/profile 命令,可以手动加载这些环境变量,而无需重新登录。

  1. 查看是否配置成功
root@debian:/www/tools# java -version
java version "1.8.0_391"
Java(TM) SE Runtime Environment (build 1.8.0_391-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)

参考网址:

  1. https://blog.csdn.net/weixin_38735917/article/details/133185850
  2. https://blog.csdn.net/selifecn/article/details/46504857

3.2 安装git

使用apt-get install git命令安装git:

root@debian:~# apt-get install git
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  git-man liberror-perl patch
Suggested packages:
  git-daemon-run | git-daemon-sysvinit git-doc git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn ed diffutils-doc
The following NEW packages will be installed:
  git git-man liberror-perl patch
0 upgraded, 4 newly installed, 0 to remove and 19 not upgraded.
Need to get 9377 kB of archives.
After this operation, 48.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB]
Get:2 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 git-man all 1:2.39.2-1.1 [2049 kB]
Get:3 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 git amd64 1:2.39.2-1.1 [7171 kB]
Get:4 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB]                                           
Fetched 9377 kB in 14s (670 kB/s)                                                                                                           
Selecting previously unselected package liberror-perl.
(Reading database ... 167874 files and directories currently installed.)
Preparing to unpack .../liberror-perl_0.17029-2_all.deb ...
Unpacking liberror-perl (0.17029-2) ...
Selecting previously unselected package git-man.
Preparing to unpack .../git-man_1%3a2.39.2-1.1_all.deb ...
Unpacking git-man (1:2.39.2-1.1) ...
Selecting previously unselected package git.
Preparing to unpack .../git_1%3a2.39.2-1.1_amd64.deb ...
Unpacking git (1:2.39.2-1.1) ...
Selecting previously unselected package patch.
Preparing to unpack .../patch_2.7.6-7_amd64.deb ...
Unpacking patch (2.7.6-7) ...
Setting up liberror-perl (0.17029-2) ...
Setting up patch (2.7.6-7) ...
Setting up git-man (1:2.39.2-1.1) ...
Setting up git (1:2.39.2-1.1) ...
Processing triggers for man-db (2.11.2-2) ...
root@debian:~# 
Git配置

在我们完成给他的安装之后,在使用Git之前,我们需要对Git进行使用前的配置,包括配置用户名邮箱以及公钥信息,下面我们介绍配置Git的步骤。

  1. 在命令行中,执行以下命令来配置全局用户名和邮箱地址:
git config --global user.name "wywuzh"
git config --global user.email "[email protected]"
  1. 生成生成SSH公钥,命令如下:
root@debian:~# ssh-keygen -t rsa -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:nkfNmdexc0soi2NJWT3YjDk9TsmdiO124Kuj2pprKLI [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|            % + .|
|           B # + |
|          oo*o=.o|
|        So..=*.=o|
|       ..oo +.+ +|
|      . o=.. . . |
| . . . .+....    |
| Eo . .=+o...    |
+----[SHA256]-----+
root@debian:~# 
  1. 查看ssh公钥
root@debian:~# cd .ssh/
root@debian:~/.ssh# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7NAKT/RKmou9gAk2J6+aGPfNITnB6snpVV2jkT4VX7DvtxK69WrGsvvjysFilHs4R3CEwnAu2OgJbJp1aX52tkhlcZ25PhCRTVWWlQzBzWoHLEtWPTmMevwZQrkDJwc6TZwqbUSqtZoG1/iaDyYVml9XRNPW9lW+iF7v+N7gJqF3vMM1DrW+nZpnDtru4e/GhoMR7ZSdOgAIFErdtVzKRf9BT7Y2orCZMPTBNfeIAujVJT8gKrfvuBiNlF5L0TXEYnY0YFoyulbs+ynHQzKfxttafKYC9IZ3cwwhbG4nXKKojXC788vKmNFKyxBJ8t/goyJx4GRJZK+81X3SVhenpFN7AGj9oIRGaTvFWczTRgbdVJuyyBE/9oyy4sfs37m95sWlyVmyxduyps8boAe2y7q93e3vz+S9cgs/qfdmDHHBA+ld6sl34uW+Ek/I/aMhPGAigfzf7lA8jGD9lGkgZrIC66k3j02mMArf9WF0Epx0c+7MXY7h2mtGGdnJWia0= [email protected]
root@debian:~/.ssh# 

参考网址:

  1. https://zhuanlan.zhihu.com/p/655754378

3.3 安装Maven

将从官网下载的maven安装包上传到/www/tools目录,解压缩后移动到/usr/local/sbin目录,然后配置环境变量。

1、下载安装文件

方式一(网络下载):

wget https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz

方式二(ftp上传):我们先去Maven官网下载apache-maven-3.6.3-bin.tar.gz安装文件,然后通过ftp等工具上传到服务器。此方法适用于没有网络等环境

2、解压安装

解压缩maven安装包

root@debian:/www/tools# tar -xzvf apache-maven-3.6.3-bin.tar.gz

移动到指定的目录

root@debian:/www/tools# mv apache-maven-3.6.3 /usr/local/sbin/
3、配置环境变量

编辑/etc/profile文件,在文件末尾添加如下内容:

## Maven环境变量
export MAVEN_HOME=/usr/local/sbin/apache-maven-3.6.3
export PATH=${MAVEN_HOME}/bin:$PATH
## 或者采用如下方式
#export PATH=/usr/local/sbin/apache-maven-3.6.3/bin:$PATH
4、验证maven是否安装成功

使用mvn --version命令,如果出现以下信息,则表示maven安装成功,否则请检查maven安装文件及/etc/profile文件是否正确。

root@debian:~# mvn --version
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /usr/local/sbin/apache-maven-3.6.3
Java version: 1.8.0_391, vendor: Oracle Corporation, runtime: /usr/local/java/jdk1.8.0_391/jre
Default locale: en_US, platform encoding: ANSI_X3.4-1968
OS name: "linux", version: "6.1.0-15-amd64", arch: "amd64", family: "unix"
root@debian:~# 

3.4 安装Tomcat

3.5 安装MariaDB

安装

第 1 步:在我们安装任何软件之前,通过在终端中运行以下命令来确保您的系统是最新的非常重要

sudo apt update
sudo apt install apt-transport-https lsb-release ca-certificates

此命令将刷新存储库,允许您安装最新版本的软件包。

执行sudo apt install mariadb-server命令安装MariaDB

root@debian:~# sudo apt install mariadb-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  galera-4 gawk libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdaxctl1 libdbd-mariadb-perl libdbi-perl libfcgi-bin
  libfcgi-perl libfcgi0ldbl libhtml-template-perl libmariadb3 libndctl6 libpmem1 libsigsegv2 libterm-readkey-perl liburing2
  mariadb-client mariadb-client-core mariadb-common mariadb-plugin-provider-bzip2 mariadb-plugin-provider-lz4
  mariadb-plugin-provider-lzma mariadb-plugin-provider-lzo mariadb-plugin-provider-snappy mariadb-server-core mysql-common pv
  rsync socat
Suggested packages:
  gawk-doc libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx mariadb-test netcat-openbsd
  doc-base python3-braceexpand
The following NEW packages will be installed:
  galera-4 gawk libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdaxctl1 libdbd-mariadb-perl libdbi-perl libfcgi-bin
  libfcgi-perl libfcgi0ldbl libhtml-template-perl libmariadb3 libndctl6 libpmem1 libsigsegv2 libterm-readkey-perl liburing2
  mariadb-client mariadb-client-core mariadb-common mariadb-plugin-provider-bzip2 mariadb-plugin-provider-lz4
  mariadb-plugin-provider-lzma mariadb-plugin-provider-lzo mariadb-plugin-provider-snappy mariadb-server mariadb-server-core
  mysql-common pv rsync socat
0 upgraded, 32 newly installed, 0 to remove and 0 not upgraded.
Need to get 18.8 MB of archives.
After this operation, 194 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libsigsegv2 amd64 2.14-1 [37.2 kB]
Get:2 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 gawk amd64 1:5.2.1-2 [673 kB]
Get:3 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mysql-common all 5.8+1.1.0 [6636 B]
Get:4 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-common all 1:10.11.4-1~deb12u1 [24.2 kB]
Get:5 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 galera-4 amd64 26.4.13-1 [825 kB]
Get:6 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libdbi-perl amd64 1.643-4 [773 kB]
Get:7 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libconfig-inifiles-perl all 3.000003-2 [45.9 kB]
Get:8 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libmariadb3 amd64 1:10.11.4-1~deb12u1 [172 kB]
Get:9 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-client-core amd64 1:10.11.4-1~deb12u1 [870 kB]
Get:10 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-client amd64 1:10.11.4-1~deb12u1 [2931 kB]
Get:11 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libdaxctl1 amd64 76.1-1 [21.1 kB]
Get:12 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libndctl6 amd64 76.1-1 [61.7 kB]
Get:13 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libpmem1 amd64 1.12.1-2 [90.0 kB]
Get:14 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 liburing2 amd64 2.3-3 [12.6 kB]
Get:15 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-server-core amd64 1:10.11.4-1~deb12u1 [7188 kB]
Get:16 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 rsync amd64 3.2.7-1 [417 kB]
Get:17 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 socat amd64 1.7.4.4-2 [375 kB]
Get:18 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-server amd64 1:10.11.4-1~deb12u1 [3660 kB]
Get:19 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libcgi-pm-perl all 4.55-1 [220 kB]                                                                                                      
Get:20 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libfcgi0ldbl amd64 2.4.2-2 [26.1 kB]                                                                                                    
Get:21 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libfcgi-perl amd64 0.82+ds-2 [25.2 kB]                                                                                                  
Get:22 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libcgi-fast-perl all 1:2.15-1 [12.1 kB]                                                                                                 
Get:23 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libdbd-mariadb-perl amd64 1.22-1+b1 [93.8 kB]                                                                                           
Get:24 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libfcgi-bin amd64 2.4.2-2 [12.9 kB]                                                                                                     
Get:25 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libhtml-template-perl all 2.97-2 [66.5 kB]                                                                                              
Get:26 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 libterm-readkey-perl amd64 2.38-2+b1 [24.5 kB]                                                                                          
Get:27 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-plugin-provider-bzip2 amd64 1:10.11.4-1~deb12u1 [24.6 kB]                                                                       
Get:28 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-plugin-provider-lz4 amd64 1:10.11.4-1~deb12u1 [24.5 kB]                                                                         
Get:29 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-plugin-provider-lzma amd64 1:10.11.4-1~deb12u1 [24.6 kB]                                                                        
Get:30 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-plugin-provider-lzo amd64 1:10.11.4-1~deb12u1 [24.5 kB]                                                                         
Get:31 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 mariadb-plugin-provider-snappy amd64 1:10.11.4-1~deb12u1 [24.6 kB]                                                                      
Get:32 http://mirrors.tuna.tsinghua.edu.cn/debian bookworm/main amd64 pv amd64 1.6.20-1 [53.5 kB]                                                                                                             
Fetched 18.8 MB in 7s (2659 kB/s)                                                                                                                                                                             
Extracting templates from packages: 100%
Preconfiguring packages ...
Selecting previously unselected package libsigsegv2:amd64.
(Reading database ... 162026 files and directories currently installed.)
Preparing to unpack .../libsigsegv2_2.14-1_amd64.deb ...
Unpacking libsigsegv2:amd64 (2.14-1) ...
Setting up libsigsegv2:amd64 (2.14-1) ...
Selecting previously unselected package gawk.
(Reading database ... 162035 files and directories currently installed.)
Preparing to unpack .../00-gawk_1%3a5.2.1-2_amd64.deb ...
Unpacking gawk (1:5.2.1-2) ...
Selecting previously unselected package mysql-common.
Preparing to unpack .../01-mysql-common_5.8+1.1.0_all.deb ...
Unpacking mysql-common (5.8+1.1.0) ...
Selecting previously unselected package mariadb-common.
Preparing to unpack .../02-mariadb-common_1%3a10.11.4-1~deb12u1_all.deb ...
Unpacking mariadb-common (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package galera-4.
Preparing to unpack .../03-galera-4_26.4.13-1_amd64.deb ...
Unpacking galera-4 (26.4.13-1) ...
Selecting previously unselected package libdbi-perl:amd64.
Preparing to unpack .../04-libdbi-perl_1.643-4_amd64.deb ...
Unpacking libdbi-perl:amd64 (1.643-4) ...
Selecting previously unselected package libconfig-inifiles-perl.
Preparing to unpack .../05-libconfig-inifiles-perl_3.000003-2_all.deb ...
Unpacking libconfig-inifiles-perl (3.000003-2) ...
Selecting previously unselected package libmariadb3:amd64.
Preparing to unpack .../06-libmariadb3_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking libmariadb3:amd64 (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-client-core.
Preparing to unpack .../07-mariadb-client-core_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-client-core (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-client.
Preparing to unpack .../08-mariadb-client_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-client (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package libdaxctl1:amd64.
Preparing to unpack .../09-libdaxctl1_76.1-1_amd64.deb ...
Unpacking libdaxctl1:amd64 (76.1-1) ...
Selecting previously unselected package libndctl6:amd64.
Preparing to unpack .../10-libndctl6_76.1-1_amd64.deb ...
Unpacking libndctl6:amd64 (76.1-1) ...
Selecting previously unselected package libpmem1:amd64.
Preparing to unpack .../11-libpmem1_1.12.1-2_amd64.deb ...
Unpacking libpmem1:amd64 (1.12.1-2) ...
Selecting previously unselected package liburing2:amd64.
Preparing to unpack .../12-liburing2_2.3-3_amd64.deb ...
Unpacking liburing2:amd64 (2.3-3) ...
Selecting previously unselected package mariadb-server-core.
Preparing to unpack .../13-mariadb-server-core_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-server-core (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package rsync.
Preparing to unpack .../14-rsync_3.2.7-1_amd64.deb ...
Unpacking rsync (3.2.7-1) ...
Selecting previously unselected package socat.
Preparing to unpack .../15-socat_1.7.4.4-2_amd64.deb ...
Unpacking socat (1.7.4.4-2) ...
Setting up mysql-common (5.8+1.1.0) ...
update-alternatives: using /etc/mysql/my.cnf.fallback to provide /etc/mysql/my.cnf (my.cnf) in auto mode
Setting up mariadb-common (1:10.11.4-1~deb12u1) ...
update-alternatives: using /etc/mysql/mariadb.cnf to provide /etc/mysql/my.cnf (my.cnf) in auto mode
Selecting previously unselected package mariadb-server.
(Reading database ... 162749 files and directories currently installed.)
Preparing to unpack .../00-mariadb-server_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-server (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package libcgi-pm-perl.
Preparing to unpack .../01-libcgi-pm-perl_4.55-1_all.deb ...
Unpacking libcgi-pm-perl (4.55-1) ...
Selecting previously unselected package libfcgi0ldbl:amd64.
Preparing to unpack .../02-libfcgi0ldbl_2.4.2-2_amd64.deb ...
Unpacking libfcgi0ldbl:amd64 (2.4.2-2) ...
Selecting previously unselected package libfcgi-perl.
Preparing to unpack .../03-libfcgi-perl_0.82+ds-2_amd64.deb ...
Unpacking libfcgi-perl (0.82+ds-2) ...
Selecting previously unselected package libcgi-fast-perl.
Preparing to unpack .../04-libcgi-fast-perl_1%3a2.15-1_all.deb ...
Unpacking libcgi-fast-perl (1:2.15-1) ...
Selecting previously unselected package libdbd-mariadb-perl.
Preparing to unpack .../05-libdbd-mariadb-perl_1.22-1+b1_amd64.deb ...
Unpacking libdbd-mariadb-perl (1.22-1+b1) ...
Selecting previously unselected package libfcgi-bin.
Preparing to unpack .../06-libfcgi-bin_2.4.2-2_amd64.deb ...
Unpacking libfcgi-bin (2.4.2-2) ...
Selecting previously unselected package libhtml-template-perl.
Preparing to unpack .../07-libhtml-template-perl_2.97-2_all.deb ...
Unpacking libhtml-template-perl (2.97-2) ...
Selecting previously unselected package libterm-readkey-perl.
Preparing to unpack .../08-libterm-readkey-perl_2.38-2+b1_amd64.deb ...
Unpacking libterm-readkey-perl (2.38-2+b1) ...
Selecting previously unselected package mariadb-plugin-provider-bzip2.
Preparing to unpack .../09-mariadb-plugin-provider-bzip2_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-plugin-provider-bzip2 (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-plugin-provider-lz4.
Preparing to unpack .../10-mariadb-plugin-provider-lz4_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-plugin-provider-lz4 (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-plugin-provider-lzma.
Preparing to unpack .../11-mariadb-plugin-provider-lzma_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-plugin-provider-lzma (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-plugin-provider-lzo.
Preparing to unpack .../12-mariadb-plugin-provider-lzo_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-plugin-provider-lzo (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package mariadb-plugin-provider-snappy.
Preparing to unpack .../13-mariadb-plugin-provider-snappy_1%3a10.11.4-1~deb12u1_amd64.deb ...
Unpacking mariadb-plugin-provider-snappy (1:10.11.4-1~deb12u1) ...
Selecting previously unselected package pv.
Preparing to unpack .../14-pv_1.6.20-1_amd64.deb ...
Unpacking pv (1.6.20-1) ...
Setting up libconfig-inifiles-perl (3.000003-2) ...
Setting up galera-4 (26.4.13-1) ...
Setting up libfcgi0ldbl:amd64 (2.4.2-2) ...
Setting up gawk (1:5.2.1-2) ...
Setting up libcgi-pm-perl (4.55-1) ...
Setting up libfcgi-bin (2.4.2-2) ...
Setting up libhtml-template-perl (2.97-2) ...
Setting up socat (1.7.4.4-2) ...
Setting up libmariadb3:amd64 (1:10.11.4-1~deb12u1) ...
Setting up libdaxctl1:amd64 (76.1-1) ...
Setting up pv (1.6.20-1) ...
Setting up libndctl6:amd64 (76.1-1) ...
Setting up libfcgi-perl (0.82+ds-2) ...
Setting up libterm-readkey-perl (2.38-2+b1) ...
Setting up liburing2:amd64 (2.3-3) ...
Setting up libpmem1:amd64 (1.12.1-2) ...
Setting up libdbi-perl:amd64 (1.643-4) ...
Setting up rsync (3.2.7-1) ...
rsync.service is a disabled or a static unit, not starting it.
Setting up libcgi-fast-perl (1:2.15-1) ...
Setting up mariadb-client-core (1:10.11.4-1~deb12u1) ...
Setting up libdbd-mariadb-perl (1.22-1+b1) ...
Setting up mariadb-server-core (1:10.11.4-1~deb12u1) ...
Setting up mariadb-client (1:10.11.4-1~deb12u1) ...
Setting up mariadb-server (1:10.11.4-1~deb12u1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service -> /lib/systemd/system/mariadb.service.
Setting up mariadb-plugin-provider-bzip2 (1:10.11.4-1~deb12u1) ...
Setting up mariadb-plugin-provider-lzma (1:10.11.4-1~deb12u1) ...
Setting up mariadb-plugin-provider-lzo (1:10.11.4-1~deb12u1) ...
Setting up mariadb-plugin-provider-lz4 (1:10.11.4-1~deb12u1) ...
Setting up mariadb-plugin-provider-snappy (1:10.11.4-1~deb12u1) ...
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u3) ...
Processing triggers for mariadb-server (1:10.11.4-1~deb12u1) ...
root@debian:~# 

MariaDB安装完成后服务处理启动状态,我们可以通过systemctl status mariadb命令来检查服务状态:

root@debian:~# systemctl status mariadb
* mariadb.service - MariaDB 10.11.4 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: active (running) since Thu 2023-12-07 20:49:29 CST; 2min 10s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
   Main PID: 3232 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 11 (limit: 6994)
     Memory: 207.6M
        CPU: 953ms
     CGroup: /system.slice/mariadb.service
             `-3232 /usr/sbin/mariadbd

Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Note] Plugin 'FEEDBACK' is disabled.
Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-ex>Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Note] Server socket created on IP: '127.0.0.1'.
Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Note] InnoDB: Buffer pool(s) load completed at 231207 20:49:29
Dec 07 20:49:29 debian mariadbd[3232]: 2023-12-07 20:49:29 0 [Note] /usr/sbin/mariadbd: ready for connections.
Dec 07 20:49:29 debian mariadbd[3232]: Version: '10.11.4-MariaDB-1~deb12u1'  socket: '/run/mysqld/mysqld.sock'  port: 3306  Debian 12
Dec 07 20:49:29 debian systemd[1]: Started mariadb.service - MariaDB 10.11.4 database server.
Dec 07 20:49:29 debian /etc/mysql/debian-start[3252]: Upgrading MySQL tables if necessary.
Dec 07 20:49:29 debian /etc/mysql/debian-start[3263]: Checking for insecure root accounts.
root@debian:~# 

通过sudo systemctl enable mariadb命令将MariaDB设置开机启动:

root@debian:~# sudo systemctl enable mariadb
Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadb
root@debian:~# 

接下来进行MariaDB的相关简单配置:mysql_secure_installation

root@debian:~# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y #是否删除匿名用户
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n #是否禁止root远程登录
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] n #是否删除test数据库
 ... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y #是否重新加载权限表
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
root@debian:~# 

初始化MariaDB完成,接下来测试登录

root@debian:~# mysql -uroot -padmin123456
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.11.4-MariaDB-1~deb12u1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.001 sec)

MariaDB [(none)]> 

MariaDB常用命令:

  • start:启动mariadb
  • restart:重新启动
  • enable:设置开机启动
  • stop:停止MariaDB

参考网址:

  1. https://www.xtuos.com/228535.html
  2. https://www.codenong.com/cs105930371/
  3. https://blog.csdn.net/weixin_43302112/article/details/132317822
设置MariaDB远程访问

将所有数据库权限均赋予从远程访问的root用户。

  1. 修改配置文件vim /etc/mysql/mariadb.conf.d/50-server.cnf,将bind-address值修改为0.0.0.0
# bind-address = 127.0.0.1
bind-address = 0.0.0.0
  1. 用户授权:把在所有数据库的所有表的所有权限赋值给位于所有IP地址的root用户。
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mysql]> grant all privileges on *.* to root@'%' identified by 'admin123456' with grant option;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
  1. 重启MariaDB服务
root@debian:~# systemctl stop mariadb
root@debian:~# systemctl start mariadb

参考网址:

  1. https://blog.csdn.net/weixin_43302112/article/details/132317822

3.6 MariaDB主从复制

MySQL复制是将数据从一个数据库服务器(主服务器)复制到一个或多个服务器(从属服务器)的过程。

MySQL支持几种复制拓扑,其中主/从拓扑是最著名的拓扑之一,其中一台数据库服务器充当主服务器,而一台或多台服务器充当从属服务器。默认情况下,复制是异步的,其中主服务器向其二进制日志发送描述数据库修改的事件,而从服务器在事件准备就绪时请求事件。

在本教程中,我们将向您展示如何在Debian 12上通过一台主服务器和一台从属服务器设置MariaDB主/从复制。MariaDB是Debian中MySQL的默认实现。相同的步骤适用于Oracle MySQL。

这种类型的复制拓扑最适合于部署只读副本以进行规模扩展,实时数据库备份以进行灾难恢复以及分析作业。

3.6.1 克隆一台从服务器
3.6.2 主从复制配置
先决条件

我们假设您有两台运行Debian 12的服务器、一台Windows10服务器,它们通过专用网络相互通信。如果您的托管服务提供商不支持私有IP地址,则可以使用公共IP地址并将防火墙配置为仅允许来自受信任源的端口3306上的通信。

本示例中使用的服务器具有以下IP地址:

  • Master IP(Debian 12):172.20.10.8
  • Master IP(Debian 12):172.20.10.10
  • Slave IP(Windows 10):10.0.223.113
配置主服务器

第一步是设置主服务器。我们将进行以下更改:

  1. 设置MariaDB服务器以侦听专用IP。
  2. 设置唯一的服务器ID。
  3. 启用二进制日志记录。

打开MariaDB配置文件并取消注释或设置以下行:

root@debian:~# vim /etc/mysql/mariadb.conf.d/50-server.cnf

Master:/etc/mysql/mariadb.conf.d/50-server.cnf文件添加如下内容

bind-address = 172.20.10.8
server-id = 1
log_bin = /var/log/mysql/mysql-bin.log

完成后,保存文件并重新启动MySQL服务以使更改生效:

root@debian:~# systemctl restart mariadb
Job for mariadb.service failed because the control process exited with error code.
See "systemctl status mariadb.service" and "journalctl -xeu mariadb.service" for details.

通过systemctl status mariadb.service命令查看错误信息:

root@debian:~# systemctl status mariadb.service
x mariadb.service - MariaDB 10.11.4 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-01-31 11:28:54 CST; 13s ago
   Duration: 1d 20h 2min 3.493s
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 34826 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
    Process: 34829 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
    Process: 34831 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ]   && systemctl set-environment _WSREP_START_POSITION=$V>    Process: 34896 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
x mariadb.service - MariaDB 10.11.4 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-01-31 11:30:04 CST; 2s ago
   Duration: 1d 20h 2min 3.493s
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 34928 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
    Process: 34930 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
    Process: 34932 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ]   && systemctl set-environment _WSREP_START_POSITION=$V>    Process: 34997 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
   Main PID: 34997 (code=exited, status=1/FAILURE)
     Status: "MariaDB server is down"
        CPU: 113ms

Jan 31 11:30:04 debian systemd[1]: Starting mariadb.service - MariaDB 10.11.4 database server...
Jan 31 11:30:04 debian mariadbd[34997]: 2024-01-31 11:30:04 0 [Note] Starting MariaDB 10.11.4-MariaDB-1~deb12u1-log source revision  as process 34997
Jan 31 11:30:04 debian mariadbd[34997]: 2024-01-31 11:30:04 0 [ERROR] mariadbd: File '/var/log/mysql/mysql-bin.index' not found (Errcode: 13 "Permission denied")
Jan 31 11:30:04 debian mariadbd[34997]: 2024-01-31 11:30:04 0 [ERROR] Aborting
Jan 31 11:30:04 debian systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Jan 31 11:30:04 debian systemd[1]: mariadb.service: Failed with result 'exit-code'.
Jan 31 11:30:04 debian systemd[1]: Failed to start mariadb.service - MariaDB 10.11.4 database server.

解决方案如下:

root@debian:~# mkdir -p /var/log/mysql
root@debian:~# chown -Rc mysql:adm /var/log/mysql
changed ownership of '/var/log/mysql' from root:root to mysql:adm
root@debian:~# /etc/init.d/mariadb restart
Restarting mariadb (via systemctl): mariadb.service.

然后重新执行systemctl restart mariadb.service命令:

root@debian:~# systemctl restart mariadb.service
root@debian:~# 

以root用户身份登录MariaDB服务器,运行以下SQL为root用户授予REPLICATION SLAVE特权:

root@debian:~# mysql -uroot -padmin123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 10.11.4-MariaDB-1~deb12u1-log Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mysql]> grant replication slave on *.* to 'root'@'%' identified by 'admin123456';
Query OK, 0 rows affected (0.011 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.010 sec)

MariaDB [mysql]> 

仍在MySQL提示符下时,执行以下命令,该命令将打印二进制文件名和位置。

MariaDB [mysql]> show master status\g
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000002 |     1703 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.000 sec)

MariaDB [mysql]> 

注意文件名“mysql-bin.000002”和位置“1703”。这些值在配置从属服务器时是必需的,并且在您的服务器上可能会有所不同。

配置从服务器(Debian12)

我们将在从属服务器上进行与主服务器相同的更改:

  1. 设置MySQL服务器以侦听专用IP。
  2. 设置唯一的服务器ID。
  3. 启用二进制日志记录。

打开MariaDB配置文件并取消注释或设置以下行:

root@debian:~# vim /etc/mysql/mariadb.conf.d/50-server.cnf

Master:/etc/mysql/mariadb.conf.d/50-server.cnf文件添加如下内容

bind-address = 172.20.10.10
server-id = 2
log_bin = /var/log/mysql/mysql-bin.log

完成后,保存文件并重新启动MySQL服务以使更改生效,新执行systemctl restart mariadb.service命令:

root@debian:~# systemctl restart mariadb.service
root@debian:~# 

下一步是配置从属服务器将用于连接到主服务器的参数。登录到MariaDB shell:

首先停止从属线程:

MariaDB [mysql]> STOP SLAVE;
Query OK, 0 rows affected, 1 warning (0.000 sec)

运行以下SQL以配置主/从复制:

change master to 
master_host='172.20.10.8',
master_port=3306, 
master_user='root',
master_password='admin123456', 
master_log_file='mysql-bin.000002',
master_log_pos=1703;

完成后,启动从属线程。

MariaDB [mysql]> START SLAVE;
Query OK, 0 rows affected (0.034 sec)

执行flush privileges;命令,刷新权限

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.011 sec)
配置从服务器(Window10)

MariaDB版本:mariadb-10.11.6-winx64

操作步骤:

  1. 修改my.ini文件
  2. 进入MariaDB,依次执行以下命令
    2.1 执行STOP SLAVE;命令,停止从属线程
    2.2 执行change master to master_host='172.20.10.8',master_port=3306, master_user='root',master_password='admin123456',master_log_file='mysql-bin.000002',master_log_pos=1703;命令
    2.3 执行START SLAVE;命令,启动从属线程
    2.4 执行flush privileges;命令,刷新权限

修改%MARIADB_HOME%\data目录下的my.ini文件,在[mysqld]下添加以下代码激活二进制日志.:(不能添加到[client]下面。讲究顺序)

server_id=113
log-bin=mysql-bin
log_basename=slave113
max-binlog-size=1G
expire_logs_days=99
binlog_format=row

登录到MariaDB shell,执行如下SQL:

change master to 
master_host='172.20.10.8',
master_port=3306, 
master_user='root',
master_password='admin123456', 
master_log_file='mysql-bin.000002',
master_log_pos=1703;

如果出现ERROR 1201 (HY000): Could not initialize master info structure报错,可以通过 STOP SLAVE;reset SLAVE;show slave status\G 命令来解决

MariaDB [mysql]> change master to
    -> master_host='172.20.10.8',
    -> master_port=3306,
    -> master_user='root',
    -> master_password='admin123456',
    -> master_log_file='mysql-bin.000002',
    -> master_log_pos=1703;
ERROR 1201 (HY000): Could not initialize master info structure for ''; more error messages can be found in the MariaDB error log
MariaDB [mysql]> STOP SLAVE;
Query OK, 0 rows affected (0.007 sec)

MariaDB [mysql]> reset SLAVE;
Query OK, 0 rows affected (0.006 sec)

MariaDB [mysql]> show slave status\G
*************************** 1. row ***************************
                Slave_IO_State:
                   Master_Host: 172.20.10.8
                   Master_User: replica
                   Master_Port: 3306
                 Connect_Retry: 60
               Master_Log_File:
           Read_Master_Log_Pos: 4
                Relay_Log_File:
                 Relay_Log_Pos: 4
         Relay_Master_Log_File:
              Slave_IO_Running: No
             Slave_SQL_Running: No
          Replicate_Rewrite_DB:
               Replicate_Do_DB:
           Replicate_Ignore_DB:
            Replicate_Do_Table:
        Replicate_Ignore_Table:
       Replicate_Wild_Do_Table:
   Replicate_Wild_Ignore_Table:
                    Last_Errno: 0
                    Last_Error:
                  Skip_Counter: 0
           Exec_Master_Log_Pos: 0
               Relay_Log_Space: 256
               Until_Condition: None
                Until_Log_File:
                 Until_Log_Pos: 0
            Master_SSL_Allowed: No
            Master_SSL_CA_File:
            Master_SSL_CA_Path:
               Master_SSL_Cert:
             Master_SSL_Cipher:
                Master_SSL_Key:
         Seconds_Behind_Master: NULL
 Master_SSL_Verify_Server_Cert: No
                 Last_IO_Errno: 0
                 Last_IO_Error:
                Last_SQL_Errno: 0
                Last_SQL_Error:
   Replicate_Ignore_Server_Ids:
              Master_Server_Id: 0
                Master_SSL_Crl:
            Master_SSL_Crlpath:
                    Using_Gtid: Slave_Pos
                   Gtid_IO_Pos:
       Replicate_Do_Domain_Ids:
   Replicate_Ignore_Domain_Ids:
                 Parallel_Mode: optimistic
                     SQL_Delay: 0
           SQL_Remaining_Delay: NULL
       Slave_SQL_Running_State:
              Slave_DDL_Groups: 0
Slave_Non_Transactional_Groups: 0
    Slave_Transactional_Groups: 0
1 row in set (0.000 sec)

MariaDB [mysql]> change master to
    -> master_host='172.20.10.8',
    -> master_port=3306,
    -> master_user='root',
    -> master_password='admin123456',
    -> master_log_file='mysql-bin.000002',
    -> master_log_pos=1703;
Query OK, 0 rows affected, 1 warning (0.029 sec)

MariaDB [mysql]> start slave;
Query OK, 0 rows affected (0.000 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.011 sec)

MariaDB [mysql]>
3.6.3 双机热备

实现双机热备,原理其实就是做两个机器的互相主从,我们把上述步骤主从对调,然后做一遍就能实现了双机热备了。

进入到10.0.223.113服务器(Windows 10),以root用户身份登录MariaDB服务器,运行以下SQL为root用户授予REPLICATION SLAVE特权:

Microsoft Windows [版本 10.0.19045.3930]
(c) Microsoft Corporation。保留所有权利。

C:\Windows\system32>mysql -uroot -padmin123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 22
Server version: 10.11.6-MariaDB-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> grant replication slave on *.* to 'root'@'%' identified by 'admin123456';
Query OK, 0 rows affected (0.002 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.001 sec)

MariaDB [mysql]>

采用show master status;命令查看binlog的信息:

MariaDB [mysql]> show master status;
+---------------------+----------+--------------+------------------+
| File                | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+---------------------+----------+--------------+------------------+
| slave113-bin.000001 |     1078 |              |                  |
+---------------------+----------+--------------+------------------+
1 row in set (0.033 sec)

MariaDB [mysql]>

然后进入到 172.20.10.8 服务器(Debian 12),依次按照下面的步骤执行命令

首先停止从属线程:

MariaDB [mysql]> STOP SLAVE;
Query OK, 0 rows affected, 1 warning (0.000 sec)

运行以下SQL以配置主/从复制:

change master to 
master_host='10.0.223.113',
master_port=3306, 
master_user='root',
master_password='admin123456', 
master_log_file='slave113-bin.000001',
master_log_pos=1078;

完成后,启动从属线程。

MariaDB [mysql]> START SLAVE;
Query OK, 0 rows affected (0.034 sec)

执行flush privileges;命令,刷新权限

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.011 sec)

可通过show slave status\G命令查看状态:

MariaDB [mysql]> show slave status\G
*************************** 1. row ***************************
                Slave_IO_State: Waiting for master to send event
                   Master_Host: 10.0.223.113
                   Master_User: root
                   Master_Port: 3306
                 Connect_Retry: 60
               Master_Log_File: slave113-bin.000001
           Read_Master_Log_Pos: 1078
                Relay_Log_File: mysqld-relay-bin.000002
                 Relay_Log_Pos: 558
         Relay_Master_Log_File: slave113-bin.000001
              Slave_IO_Running: Yes
             Slave_SQL_Running: Yes
          Replicate_Rewrite_DB: 
               Replicate_Do_DB: 
           Replicate_Ignore_DB: 
            Replicate_Do_Table: 
        Replicate_Ignore_Table: 
       Replicate_Wild_Do_Table: 
   Replicate_Wild_Ignore_Table: 
                    Last_Errno: 0
                    Last_Error: 
                  Skip_Counter: 0
           Exec_Master_Log_Pos: 1078
               Relay_Log_Space: 868
               Until_Condition: None
                Until_Log_File: 
                 Until_Log_Pos: 0
            Master_SSL_Allowed: No
            Master_SSL_CA_File: 
            Master_SSL_CA_Path: 
               Master_SSL_Cert: 
             Master_SSL_Cipher: 
                Master_SSL_Key: 
         Seconds_Behind_Master: 0
 Master_SSL_Verify_Server_Cert: No
                 Last_IO_Errno: 0
                 Last_IO_Error: 
                Last_SQL_Errno: 0
                Last_SQL_Error: 
   Replicate_Ignore_Server_Ids: 
              Master_Server_Id: 113
                Master_SSL_Crl: 
            Master_SSL_Crlpath: 
                    Using_Gtid: No
                   Gtid_IO_Pos: 
       Replicate_Do_Domain_Ids: 
   Replicate_Ignore_Domain_Ids: 
                 Parallel_Mode: optimistic
                     SQL_Delay: 0
           SQL_Remaining_Delay: NULL
       Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
              Slave_DDL_Groups: 0
Slave_Non_Transactional_Groups: 0
    Slave_Transactional_Groups: 0
1 row in set (0.002 sec)

MariaDB [mysql]> 

配置完成,我们可以在10.0.223.113服务器上创建test1952数据库,在172.20.10.8服务器上也会同时创建;在172.20.10.8服务器上创建test1954数据库,在10.0.223.113服务器上也会同时创建,这样就实现了刷机热备的效果。

参考网址:

  1. https://www.yundongfang.com/Yun36252.html
  2. https://www.jianshu.com/p/3a54e4e2f25e
  3. https://blog.csdn.net/qq_36628003/article/details/100540390
  4. https://www.cnblogs.com/nzbbody/p/4621870.html

4、安装gitlab服务器

在Debian12系统上安装所需的依赖:ssh、iptables(防火墙)、postfix(用于邮件通知)、wget,以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问。

4.1 安装 & 启动ssh

  1. 安装SSH

注意:如果使用的是WSL安装的ubuntu/debian,那么你需要先卸载:sudo apt-get remove openssh-server,然后重新安装:sudo apt-get install openssh-server

将SSH服务设置成开机自启动,安装命令:sudo systemctl enable sshd

启动SSH服务,安装命令:sudo systemctl start sshd

4.2 安装防火墙(如果已经安装了防火墙并且已经在运行状态,则可直接进行下一步)

如果安装了ufw,那么在开始手动配置iptables前,需要卸载ufw。"使用ufw"和"手动配置iptables"可能会发生冲突,因此只能选择其中一个,放弃另一个

root@debian:~# apt remove ufw
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'ufw' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

安装iptables防火墙

root@debian:~# apt install iptables-persistent

使用iptables命令添加一条规则,允许外网访问gitlab。

iptables -A INPUT -p tcp --dport 8000 -j ACCEPT

4.3 安装 & 启动postfix

接下来,安装Postfix以发送通知邮件:

root@debian:~# sudo apt-get install policycoreutils curl openssh-server ca-certificates postfix

将postfix服务设置成开机自启动:sudo systemctl enable postfix

启动postfix:sudo systemctl start postfix

查看postfix状态:systemctl status postfix

4.4 添加GitLab镜像源并安装gitlab服务器

4.4.1 下载gitlab镜像文件

下载gitlab镜像,我们可以到 https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/debian/pool/bookworm/main/g/gitlab-ce/ 地址找到需要安装的版本。这里下载的是当前最新版本:gitlab-ce_16.6.2-ce.0_amd64.deb

4.4.2 安装gitlab

安装gitlab:sudo dpkg -i gitlab-ce_16.6.2-ce.0_amd64.deb。使用dpkg命令安装deb文件,并自动解决软件的依赖关系。

root@debian:/www/tools# sudo dpkg -i gitlab-ce_16.6.2-ce.0_amd64.deb 
Selecting previously unselected package gitlab-ce.
(Reading database ... 168979 files and directories currently installed.)
Preparing to unpack gitlab-ce_16.6.2-ce.0_amd64.deb ...
Unpacking gitlab-ce (16.6.2-ce.0) ...
Setting up gitlab-ce (16.6.2-ce.0) ...
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.
  


     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/
  

Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

Help us improve the installation experience, let us know how we did with a 1 minute survey:
https://gitlab.fra1.qualtrics.com/jfe/form/SV_6kVqZANThUQ1bZb?installation=omnibus&release=16-6

root@debian:/www/tools#
4.4.3 更改配置文件

修改gitlab配置文件指定服务器ip和自定义端口:vim /etc/gitlab/gitlab.rb

external_url 'http://192.168.174.128:8000'

注意:这里设置的端口不能被占用,默认是8000端口,如果8000已经使用,请自定义其它端口,并在防火墙设置开放相对应得端口.

修改配置之后执行sudo gitlab-ctl reconfigure命令重新加载配置:

root@debian:/www/tools# sudo gitlab-ctl reconfigure

出现如下信息则表示已经重新加载配置成功了

Running handlers:
[2023-12-21T19:03:24+08:00] INFO: Running report handlers
Running handlers complete
[2023-12-21T19:03:24+08:00] INFO: Report handlers complete
Infra Phase complete, 576/1591 resources updated in 03 minutes 23 seconds

Warnings:
Environment variable LANG specifies a non-UTF-8 locale. GitLab requires UTF-8 encoding to function properly. Please check your locale settings.


Notes:
Default admin account has been configured with following details:
Username: root
Password: You didn't opt-in to print initial root password to STDOUT.
Password stored to /etc/gitlab/initial_root_password. This file will be cleaned up in first reconfigure run after 24 hours.

NOTE: Because these credentials might be present in your log files in plain text, it is highly recommended to reset the password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

gitlab Reconfigured!

重启gitlab服务:

gitlab-ctl restart
4.4.4 Gitlab命令及文件
gitlab‐ctl reconfigure # 更改配置文件后需重新配置

/opt/gitlab/ # gitlab的程序安装目录

/var/opt/gitlab # gitlab目录数据目录

/var/opt/gitlab/git‐dfata # 存放仓库数据

gitlab‐ctl status # 查看目前gitlab所有服务运维状态

gitlab‐ctl stop # 停止gitlab服务

gitlab‐ctl stop nginx # 单独停止某个服务

gitlab‐ctl tail # 查看所有服务的日志
4.4.5 Gitlab的服务构成
nginx: 静态web服务器
gitlab-workhorse: 轻量级的反向代理服务器
logrotate:日志文件管理工具
postgresql:数据库
redis:缓存数据库
sidekiq:用于在后台执行队列任务(异步执行)。(Ruby)
unicorn:An HTTP server for Rack applications,GitLab Rails应用是托管在这个服务器上面的。(Ruby Web Server,主要使用Ruby编写)
4.4.6 登陆gitlab

登陆地址:http://192.168.174.128:8000

gitlab登录页

4.4.6.1 管理用户页面修改用户登陆密码

通过sudo cat /etc/gitlab/initial_root_password命令查看root账号的初始密码(默认管理账号密码,安装24小时内有效):

root@debian:/www/tools# sudo cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
#          1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
#          2. Password hasn't been changed manually, either via UI or via command line.
#
#          If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.

Password: hrZyainn5yvaG4n9KypGu3Dht/7ZY6pFsdzQYXXAv5k=

# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.

进入管理用户页面:Projects -> Configure GitLab -> Users,修改root用户登录密码

修改用户修改用户登录密码

参考文档

  1. https://blog.csdn.net/IT8343/article/details/130466003
  2. https://blog.csdn.net/ziqibit/article/details/129877370
4.4.6.2 命令行修改用户登陆密码

执行gitlab-rails console -e production命令修改用户密码:

user = User.where(id:1).first
user.password="新密码"
user.password_confirmation="再次确认新密码"
user.save!

上面使用的是用户id进行修改,也可以通过用户名的方式进行修改:

user = User.where(username:"root").first
user.password = "新密码"
user.password_confirmation ="再次确认密码"
user.save!

完整使用案例:

root@debian:~# gitlab-rails console -e production
--------------------------------------------------------------------------------
 Ruby:         ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
 GitLab:       16.6.2 (d2d66de7163) FOSS
 GitLab Shell: 14.30.0
 PostgreSQL:   13.12
------------------------------------------------------------[ booted in 38.85s ]
Loading production environment (Rails 7.0.8)
irb(main):005:0> user = User.where(username:"wywuzh").first
=> #<User id:2 @wywuzh>
irb(main):006:0> user.password = "***"
=> "***"
irb(main):007:0> user.password_confirmation ="***"
=> "***"
irb(main):008:0> user.save!
=> true
irb(main):009:0> 

参考文档

  1. https://blog.csdn.net/HYZX_9987/article/details/119929043

4.5 GitLab配置&优化

4.6 GitLab备份和迁移

4.6.1 GitLab备份

gitlab备份命令gitlab-rake gitlab:backup:create

root@debian:/var/opt/gitlab/backups# gitlab-rake gitlab:backup:create
2023-12-22 02:58:58 UTC -- Dumping database ... 
Dumping PostgreSQL database gitlabhq_production ... [DONE]
2023-12-22 02:59:05 UTC -- Dumping database ... done
2023-12-22 02:59:05 UTC -- Dumping repositories ... 
2023-12-22 02:59:05 UTC -- Dumping repositories ... done
2023-12-22 02:59:05 UTC -- Dumping uploads ... 
2023-12-22 02:59:05 UTC -- Dumping uploads ... done
2023-12-22 02:59:05 UTC -- Dumping builds ... 
2023-12-22 02:59:05 UTC -- Dumping builds ... done
2023-12-22 02:59:05 UTC -- Dumping artifacts ... 
2023-12-22 02:59:05 UTC -- Dumping artifacts ... done
2023-12-22 02:59:05 UTC -- Dumping pages ... 
2023-12-22 02:59:05 UTC -- Dumping pages ... done
2023-12-22 02:59:05 UTC -- Dumping lfs objects ... 
2023-12-22 02:59:05 UTC -- Dumping lfs objects ... done
2023-12-22 02:59:05 UTC -- Dumping terraform states ... 
2023-12-22 02:59:05 UTC -- Dumping terraform states ... done
2023-12-22 02:59:05 UTC -- Dumping container registry images ... [DISABLED]
2023-12-22 02:59:05 UTC -- Dumping packages ... 
2023-12-22 02:59:05 UTC -- Dumping packages ... done
2023-12-22 02:59:05 UTC -- Dumping ci secure files ... 
2023-12-22 02:59:05 UTC -- Dumping ci secure files ... done
2023-12-22 02:59:05 UTC -- Creating backup archive: 1703213938_2023_12_22_16.6.2_gitlab_backup.tar ... 
2023-12-22 02:59:05 UTC -- Creating backup archive: 1703213938_2023_12_22_16.6.2_gitlab_backup.tar ... done
2023-12-22 02:59:05 UTC -- Uploading backup archive to remote storage  ... [SKIPPED]
2023-12-22 02:59:05 UTC -- Deleting old backups ... [SKIPPED]
2023-12-22 02:59:05 UTC -- Deleting tar staging files ... 
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/backup_information.yml
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/db
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/uploads.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/builds.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/artifacts.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/pages.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/lfs.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/terraform_state.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/packages.tar.gz
2023-12-22 02:59:05 UTC -- Cleaning up /var/opt/gitlab/backups/ci_secure_files.tar.gz
2023-12-22 02:59:05 UTC -- Deleting tar staging files ... done
2023-12-22 02:59:05 UTC -- Deleting backups/tmp ... 
2023-12-22 02:59:05 UTC -- Deleting backups/tmp ... done
2023-12-22 02:59:05 UTC -- Warning: Your gitlab.rb and gitlab-secrets.json files contain sensitive data 
and are not included in this backup. You will need these files to restore a backup.
Please back them up manually.
2023-12-22 02:59:05 UTC -- Backup 1703213938_2023_12_22_16.6.2 is done.
2023-12-22 02:59:05 UTC -- Deleting backup and restore PID file ... done

按照上面提示,需要手动复制gitlab.rbgitlab-secrets.json这2个重要文件。

备份后的文件默认是位于/var/opt/gitlab/backups下, 自动生成文件名文件名如1703213938_2023_12_22_16.6.2_gitlab_backup.tar。当然我们也可以通过vim /etc/gitlab/gitlab.rb修改配置文件来调整备份路径:

# gitlab_rails['manage_backup_path'] = true
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
4.6.1 GitLab恢复

gitlab数据恢复,注意_gitlab_backup.tar后缀名称不用填写:

gitlab-rake gitlab:backup:restore BACKUP=1703213938_2023_12_22_16.6.2

数据恢复后需要执行下面命令重新配置并重启服务

gitlab-ctl reconfigure
gitlab-ctl restart

参考网址:

  1. https://zhuanlan.zhihu.com/p/56108334
  2. https://www.cnblogs.com/jiangwenhui/p/11326264.html

4.7 GitLab完全卸载

1、停止gitlab

gitlab-ctl stop

2、卸载gitlab

apt remove gitlab-ce

删除gitlab相关文件,逐条运行下面命令

rm -rf /opt/gitlab
rm -rf /etc/gitlab
rm -rf /var/log/gitlab
rm -rf /var/gitlab

参考网址:

  1. https://blog.csdn.net/ziqibit/article/details/129877370

4.8 GitLab版本升级

注意事项:

  1. GitLab版本升级,是先小版本升级到最高版本,然后再升级到下一个大版本,进行依次升级
  2. 比如:12.1.3->12.1.9->12.2.0->12.2.9 小版本升级到最高级,在向下一个版本升级
  3. 升级前需要备份,或者做镜像、快照等操作
  4. 升级完成后,重启服务,查看相应版本号是否正确
  5. 查看版本
  6. gitLab 最好跟着[官网][https://docs.gitlab.com/ee/update/#upgrade-paths]发布的时间进行升级/打补丁
;