#!/bin/bash # 2024-12 #获取脚本根目录,并设为只读 readonly INITDIR=$(cd $(dirname $0); dirname "$PWD") source $INITDIR/conf/init.conf #设置hostname hostnamectl set-hostname $WEBHOST #关闭selinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config [ `getenforce` == "Enforcing" -o `getenforce` == "enforcing" ] && echo -e "\033[5;31mSELinux设置太高,安装无法继续退出\033[0m" [ `getenforce` == "Enforcing" -o `getenforce` == "enforcing" ] && exit 4 #.修改最大文件数 /usr/bin/cp -f /etc/security/limits.conf /etc/security/limits.conf.`date +%Y%M%d` sed -i -e '/^#/ !s/.*//g' -e '/^$/d' /etc/security/limits.conf; echo '* soft nofile 512000' >> /etc/security/limits.conf echo '* hard nofile 512000' >> /etc/security/limits.conf echo '* soft nproc 512000' >> /etc/security/limits.conf echo '* hard nproc 512000' >> /etc/security/limits.conf sed -i 's#4096#512000#g' /etc/security/limits.d/20-nproc.conf echo "最大文件数修改完成" #安装JDK allreadyJDK=`rpm -qa | grep java` if [ -n "$allreadyJDK" ]; then rpm -e --nodeps $allreadyJDK echo "卸载openjdk成功" fi if [ ! -d "/usr/jdk64/" ]; then echo "检测无/usr/jdk64/目录" else \rm -rf /usr/jdk64/ echo "检测已存在/usr/jdk64/目录,并已删除" fi mkdir -p /usr/jdk64/ tar -xf $INITDIR/file/jdk1.8.0_131.tar -C /usr/jdk64/ #4.7.1新增补丁 \cp -rfp $INITDIR/file/clbstomcat/*.jar /usr/jdk64/jdk1.8.0_131/jre/lib/security/ [ -d "/usr/jdk64/jdk1.8.0_131/" ] && echo "JDK1.8安装完成" #导入环境变量 sed -i "/HISTTIMEFORMAT/d" /etc/profile sed -i "/JAVA\_HOME/d" /etc/profile echo 'export HISTTIMEFORMAT="[ %F %T ] "' >> /etc/profile echo 'export JAVA_HOME=/usr/jdk64/jdk1.8.0_131' >> /etc/profile echo 'export PATH=$JAVA_HOME/bin:$PATH' >> /etc/profile echo 'export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar' >> /etc/profile source /etc/profile echo "优先导入java配置完成" #避免端口被随机占用 sed -i "/net\.ipv4\.ip\_local\_reserved\_ports/d" /etc/sysctl.conf echo "net.ipv4.ip_local_reserved_ports = 53990-53999" >> /etc/sysctl.conf echo "禁止随机占用53990-53999端口" #del DST Root X3 更新CA根证书解决Let's Encrypt证书过期问题 yum update -y ca-certificates && update-ca-trust trust list | grep -C3 'DST Root CA X3' grep -i 'DST Root' /etc/pki/tls/certs/ca-bundle.crt