vm-ubuntu-fe安装过程
记录时间:2011-03-20
虚拟系统配置
- CPU:1
- 内存:512MB
- 硬盘:系统:2GB
- 服务:Apache2 + WordPress
提供服务
添加vm-ubuntu-fe虚拟机
在vmhost-ubuntu-vbox上初始化及设置虚拟机
mount /dev/sdb1 /mnt/backup/
su - vbox
VBoxManage createvm --name vm-ubuntu-fe --register
VBoxManage modifyvm vm-ubuntu-fe --cpus 1 --memory 512 --vram 8 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75
VBoxManage sharedfolder add vm-ubuntu-fe --name vbox-shared --hostpath /opt/vbox-shared --automount
VBoxManage createhd --filename /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi --size 2000 --variant fixed
VBoxManage storagectl vm-ubuntu-fe --name "SATA Controller" --add sata
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/ubuntu- 10.04 . 2 -server-amd64.iso
VBoxManage showvminfo vm-ubuntu-fe
VBoxHeadless -s vm-ubuntu-fe
|
远程VRDP安装
使用Windows上的远程管理工具
- mstsc <vmhost-ubuntu-vbox-ip>:3389
- 选项:640*400, 16bit
- Installer boot menu
- Language: English
- <F6>: noacpi=on, nomodeset=on
- Install Ubuntu Server 10.04 (Rescue mode)
- Ubuntu installer main menu
- Choose language: English
- Location: other, Europe, Germany
- Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
- Configure the network
- DHCP: Auto
- hostname: vm-ubuntu-fe
- Partition disks
- Install the base system
- Set up users and passwords
- Fullname: admin 2cn.de
- Username: r
- Password: <password>
- Encrypt your home directory: No
- Configure the package manager
- Select and install software: No automatic updates
- Software selection
- Configuring grub-pc
- Install the GRUB boot loader to the MBR: Yes
- Restart
开启代理,更新系统,安装常用软件,删除不需要的软件包
sudo su
export http_proxy=http: //www-cache.uni-mannheim.de:3128
apt-get update
apt-get dist-upgrade
apt-get autoremove
apt-get install rcconf
apt-get install python-software-properties
add-apt-repository "deb http://archive.canonical.com/ lucid partner"
apt-get remove ubuntu-docs
apt-get remove mysql-common
apt-get remove samba-common
apt-get clean
apt-get autoclean
apt-get autoremove
cat /etc/issue
vi /etc/hosts
|
127.0 . 0.1 vm-ubuntu-fe
10.20 . 18.104 vmhost-ubuntu-vbox
|
为r和root用户设置top
添加nagios远程监测
apt-get install nagios-nrpe-server
vi /etc/nagios/nrpe.cfg
|
修改/添加
allowed_hosts=vmhost-ubuntu-vbox
command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20 % -c 10 % -e
|
/etc/init.d/nagios-nrpe-server restart
|
避免意外删除文件等错误
在vi里添加以下几行:
confirm() {
echo -n "Please confirm $*? [N/y] "
read -N 1 REPLY
echo
if test "$REPLY" = "y" -o "$REPLY" = "Y" ; then
"$@"
else
echo "Cancelled by user"
fi
}
alias rm= "rm -i"
alias cp= "cp -i"
alias mv= "mv -i"
alias halt= "confirm halt"
alias reboot= "confirm reboot"
alias shutdown= "confirm shutdown"
|
SSH设置
用PAM限制SSH用户
在vi里写入
auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail
|
添加允许SSH的用户
在vi里写入
10分钟后自动关闭空闲的SSH链接
添加以下几行:
ClientAliveInterval 300
ClientAliveCountMax 2
UseDNS no
|
安装VirtualBox Additions增强功能
在vmhost-ubuntu-vbox上:
su - vbox
VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso
|
在vm-ubuntu-fe上:
sudo su
mkdir /media/cdrom
mount /dev/cdrom1 /media/cdrom
apt-get install dkms
/media/cdrom/VBoxLinuxAdditions.run --nox11
# 忽略没有视窗的错误:Installing the Window System drivers ...fail!
addgroup r vboxrf
|
安装apache2
apt-get install apache2
vi /etc/apache2/apache2.conf
|
添加/修改行:
ServerName localhost
Timeout 60
|
vi /etc/apache2/conf.d/security
|
添加/修改行:
# Disable access, directory indexing and .htaccess files by default
<Directory />
Options -Indexes
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
# Disable system information be included in the HTTP responses
ServerTokens Prod
# Disable system information to be included in server-generated pages
ServerSignature Off
# Disable HTTP TRACE requests
TraceEnable Off
|
groupadd log
usermod -a -G log www-data
usermod -a -G log r
mkdir /opt/logs
mkdir /opt/logs/apache2
rm -R /var/log/apache2
ln -s /opt/logs/apache2 /var/log/apache2
chown -R www-data.log /opt/logs
chmod -R g+w /opt/logs
chmod -R o-r /opt/logs
chmod -R o-x /opt/logs
|
安装WordPress
apt-get install mysql-server
apt-get install php5 phpmyadmin
adduser --system --shell /bin/sh --gecos 'wordpress admin' --group --disabled-password --home /opt/wordpress wpadmin
usermod -a -G log wpadmin
usermod -a -G wpadmin www-data
mkdir /opt/wordpress
cd /opt/wordpress
wget http: //wordpress.org/latest.tar.gz
tar -zxvf latest.tar.gz
chown -R www-data.www-data wordpress
ln -s /opt/wordpress/wordpress /var/www/wordpress
mysql -u root -p
|
CREATE DATABASE wordpress;
SET PASSWORD FOR wpadmin = PASSWORD( "<PASSWORD>" );
GRANT ALL PRIVILEGES ON wordpress.* TO "wpadmin" @ "localhost" IDENTIFIED BY "<PASSWORD>" ;
FLUSH PRIVILEGES;
EXIT
|
cp /opt/wordpress/wordpress/wp-config-sample.php /opt/wordpress/wordpress/wp-config.php
vi /opt/wordpress/wordpress/wp-config.php
|
define( 'DB_NAME' , 'wordpress' );
define( 'DB_USER' , 'wpadmin' );
define( 'DB_PASSWORD' , '<PASSWORD>' );
# https: //api.wordpress.org/secret-key/1.1/salt/
<SALT>
|
设置固定IP
vi /etc/network/interfaces
|
删除以下dhcp的设置
auto eth0
iface eth0 inet dhcp
|
添加IP设置
auto eth0
iface eth0 inet static
address 192.168 . 178.111
netmask 255.255 . 255.0
network 192.168 . 178.0
broadcast 192.168 . 178.255
gateway 192.168 . 178.1
|
search vm.2cn.de
domain vm.2cn.de
nameserver 192.168 . 178.1
nameserver 134.155 . 96.53
|
127.0 . 0.1 vm-ubuntu-fe
127.0 . 0.1 vm-ubuntu-fe.vm.2cn.de
192.168 . 168.11 vmhost-ubuntu-vbox
192.168 . 168.11 vmhost-ubuntu-vbox.2cn.de
|
/etc/init.d/networking restart
|
卸载dhcp
apt-get remove dhcp-client3
|
TODOs
- http://maketecheasier.com/shrink-your-virtualbox-vm/2009/04/06 (jobs: cleanup, backup)
- ftp server / webdav
- Website
- caching
- mod_expires – generates content expiration and cache control headers
- mod_deflate – compresses content before it is delivered to the client
- mod_mime – associates the requested file with its type and behavior
- mod_dir–serves directory index files
- mod_rewrite–is used to support Search Engine Friendly URL’s
- mod_authz_host–is required to limit access to specific files
- mod_authz_user–might be required in a staging environment to setup password authentication, but on a live site it is not necessary
49.484677
8.476724