CentOS 7 Installation, SSH Enablement, Proxy Setting

1. OS installation

2. Proxy Setting

在一般公司的環境下Client端都需要設定Proxy才可以對外連線
假設Proxy的IP:192.168.1.10 , port:8080
編輯 .bash_profile (root目錄下) ,新增以下(紅字)：

http_proxy=192.168.1.10:8080
ftp_proxy=192.168.1.10:8080
export http_proxy
export ftp_proxy

執行
[root@Server ~]# source .bash_profile

看看是否設定成功
[root@Server ~]# echo $http_proxy
192.168.1.10:8080

• 針對所有使用者

如果要讓這台主機的所有 http / https 都走 proxy 就設定在 /etc/profile

1 2	$ echo "export http_proxy=http://proxy.example.com" >> /etc/profile $ echo "export https_proxy=https://proxy.example.com" >> /etc/profile

2.1 For Yum proxy setting
/etc/yum.conf
add line proxy=http://192.160.1.1:8080

$ vim /etc/apt/apt.conf

Acquire::http::Proxy "http://proxy.example.com";

2.2 Docker Hub Proxy setting [Refer]

mkdir /etc/systemd/system/docker.service.d
vim /etc/systemd/system/docker.service.d/http-proxy.conf

[Service]
Environment="HTTP_PROXY=http://10.1.107.222:8080"

systemctl daemon-reload
systemctl show --property Environment docker

設定永久變數

• 僅在目前使用者

永久變數可以寫在登入後會讀取的 ~/.bash_profile , ~/.bashrc

1 2	$ echo "export http_proxy=http://proxy.example.com" >> ~/.bashrc $ echo "export https_proxy=https://proxy.example.com" >> ~/.bashrc

• 針對所有使用者

如果要讓這台主機的所有 http / https 都走 proxy 就設定在 /etc/profile

1 2	$ echo "export http_proxy=http://proxy.example.com" >> /etc/profile $ echo "export https_proxy=https://proxy.example.com" >> /etc/profile

• 僅 apt or yum 使用時才用 proxy

1 2 3 4 5 6 7

# YUM setting $ vim /etc/yum.conf proxy=http://proxy.example.com   # APT setting $ vim /etc/apt/apt.conf Acquire::http::Proxy "http://proxy.example.com";

3. Yum install OpenSSH server
$ sudo yum install openssh openssh-server

4. Edit /etc/ssh/sshd_config

Port 22 -> xxx

PermitRootLogin no

Protocol 2



sudo systemctl restart sshd.service

sudo systemctl enable sshd.service

sudo systemctl status  sshd.service



5. Config Firewall

SELinux disable

Check Firewall already disabled
#getenforce

If Firewall not show disabled, please modify the file.
#vi /etc/sysconfig/selinux
SELINUX=disabled
(Need to reboot)

# firewall-cmd --permanent --add-port=200-300/tcp
success
# firewall-cmd --reload
successls


CentOS7 Firewall refer:
https://www.rootusers.com/how-to-open-a-port-in-centos-7-with-firewalld/
http://blog.xuite.net/tolarku/blog/363801991-CentOS+7+Firewalld+%E9%98%B2%E7%81%AB%E7%89%86%E8%AA%AA%E6%98%8E%E4%BB%8B%E7%B4%B9

6. Add new user

#Add user for DEV or QA

useradd John
passwd John

#chmod 660 /etc/sudoers
Add user into sudoer to get root permission
#vi /etc/sudoers
John ALL=(ALL)  ALL

Refer:
https://www.brilliantcode.net/124/centos-7-install-and-configure-ssh/

CentOS 7 default No semanage command, need to install
http://n.sfs.tw/content/index/11039

CentOS Minimal Installation Network Configuration

By default CentOS minimal install does not come with pre-configured network, here’s how to make it work:

$ ping google.com
ping: unknown host google.com


To fix this we’ll need to edit the set up for the ethernet. Let’s start with editing this file:
$ vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR=x.x.x.x
BOOTPROTO=none
NETMASK=255.255.255.0
GATEWAY=y.y.y.y
DNS1=y.y.y.y
DNS2=y.y.y.y
USERCTL=yes
HWADDR='your mac address'
ONBOOT=yes

$ /etc/init.d/networking restart
or
$ /etc/init.d/network restart


Verify by ping or nslookup