RHCE实验详解

实验分析

环境拓扑结构

项目需求

主机环境描述

实验步骤

一、密钥互信和主机名更改

二、DNS

三、NGINX

四、MARIADB

五、NFS

六、NTP

七、论坛服务

结果展示及痛点解答

实验分析

环境拓扑结构

项目需求

1. 172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点，该站点在任何路由可达的主机上被访问，页面内容显示为 "Hello，Welcome to www.exam.com !"，并提供 content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所有主机使用。

2. 172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器，对外提供 NTP 服务，并设置本服务器为 3 层。

3. 172.25.250.103 主机提供的MySQL 数据库服务，要求使用需求1中提供的仓库进行安装，并将数据库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。

4. 172.25.250.104 主机提供 NFS 服务，该服务将导出本地的 /bbs 目录作为论坛数据目录，该导出指定只能论坛所在主机使用，并且开机自动挂载。

5. 172.25.250.105 主机提供 DNS 服务，该服务需要提供对项目中所有主机名的正向和反向解析，并要求所有服务器的 DNS 配置为该 DNS 服务器。

6. 172.25.250.106 主机提供基于 Discuz 的论坛服务，该论坛服务使用 172.25.250.103 主机提供的数据库 bbs，使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录，并开机挂载。并使用 172.25.250.101 主机提供的网络仓库，172.25.250.102 主机提供的 NTP 服务，172.25.250.105 主机提供的 DNS 服务。

7. 所有服务器的防火墙服务和 SELinux 服务必须开启。

8. 所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。

9. 根据所有服务的相关代码，编写一键部署shell脚本，最基础的功能为通过执行该脚本实现所有上面所有需求，要求脚本必须在 servera.exam.com 主机上运行，并支持多次运行。

主机环境描述

主机名	主机地址	需要提供的服务
content.exam.com	172.25.250.101	提供基于 httpd/nginx 的 YUM仓库服务
ntp.exam.com	172.25.250.102	提供基于Chronyd 的 NTP 服务
mysql.exam.com	172.25.250.103	提供基于 MySQL 的数据库服务
nfs.exam.com	172.25.250.104	提供基于 NFS 的网络文件系统服务
dns.exam.com	172.25.250.105	提供基于 NFS 的网络文件系统服务
bbs.exam.com	172.25.250.106	提供基于 Discuz 的论坛服务

注意：

172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。 172.25.250.106 由 serverb.exam.com 服务器进行提供。

实验步骤

一、密钥互信和主机名更改

#!/bin/bash
#密钥互信
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF

mount /dev/sr0 /mnt    &>  /dev/null
xs=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs == "/mnt/GPL" ]
    then
            echo "挂载成功"
    else
            echo "挂载失败"
            exit 2
fi

ls /root/.ssh/id_rsa &> /dev/null
yz=$(echo $?)

if [ $yz -eq 0 ]
then
    echo "互信已经完成"
else
    ssh-keygen -t ed25519 -C "comment" -f /root/.ssh/id_rsa -N ''
fi

mkdir -p /root/.ssh &> /dev/null
chmod 700 /root/.ssh &> /dev/null
touch /root/.ssh/authorized_keys &> /dev/null
chmod 600 /root/.ssh/authorized_keys &> /dev/null

if ! command -v sshpass &> /dev/null
then
    yum install -y sshpass &> /dev/null
fi

sshpass -p "redhat" ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.250.106
yz1=$(echo $?)
if [ $yz1 -eq 0 ]
then
    echo "连接中......."
else
    echo "互信失败"
    exit 1
fi

ssh root@172.25.250.106 <<'ALLEOF'
hostnamectl set-hostname serverb.exam.com
nmcli connection modify ens160 ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160
echo "Modified successfully"
ALLEOF

ls /root/.ssh/authorized_keys &> /dev/null
yz2=$(echo $?)
if [ $yz2 -eq 0 ]
then
    echo "互信完成OK"
else
    scp root@172.25.250.106:/root/.ssh/id_rsa.pub /root/.ssh/authorized_keys &> /dev/null
    echo "密钥发送"
fi

hostnamectl set-hostname servera.exam.com  &> /dev/null

注意：密钥互信的前提是两台主机可以互相登录并且之前没有做过互信，互信使用了sshpass来免密登录，所以需要提前配置仓库下载，密码是106主机上的登录密码，请自行确认密码是否有误。

二、DNS

#!/bin/bash
#dns
nmcli connection modify ens160 +ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection modify ens160 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes

if [ $? -eq 0 ]
then
        echo "网卡配置成功"

else
        echo "网卡配置失败"
        exit 2
fi
nmcli connection up ens160 &> /dev/null

pzdns=$(dig | grep SERVER: | awk -F# '{ print $1 }' | awk -F: '{ print $2 }')
if [ "$pzdns" == " 172.25.250.105" ]
then
         echo "dns成功修改为172.25.250.105"
else
         echo "dns修改失败"
fi

echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF

mount /dev/sr0 /mnt    &>  /dev/null
xs2=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs2 == "/mnt/GPL" ]
    then
            echo "挂载成功"
    else
            echo "挂载失败"
            exit 2
fi

dnf install bind -y  &> /dev/null
if [ $? -eq 0 ]
then
        rpm -qa | grep bind &> /dev/null
        if [ $? -eq 0 ]
        then
                echo "bind下载成功"
        else
                echo "bind下载不成功"
        fi
else
        echo "bind下载失败"
fi

systemctl enable named &> /dev/null
systemctl start named  &> /dev/null
if [ $? -eq 0 ]
then
        BINDSTAT=$(systemctl is-active named)
        if [ $BINDSTAT == "active" ]
        then
                echo "bind启动成功"
        else
                echo "bind启动失败"
        fi
fi

cat > /etc/named.conf <<EOF
options {
        listen-on port 53 { 172.25.250.105; };
        directory       "/var/named";
};
zone "exam.com" IN {
        type master;
        file "named.exam";
};
zone "172.25.250.in-addr.arpa" IN {
        type master;
        file "named.fanxiang";
};
EOF

cat > /var/named/named.exam <<EOF
\$TTL 1D
@ IN SOA @ admin.exam.com. (
                         0
                        1D
                        1D
                        2D
                        1D)
        IN      NS      ns.exam.com.
        IN      MX      10 mail.exam.com.
ns      IN      A       172.25.250.99
content IN      A       172.25.250.101
www     IN      A       172.25.250.101
ntp     IN      A       172.25.250.102
mysql   IN      A       172.25.250.103
dns     IN      A       172.25.250.105
nfs     IN      A       172.25.250.104
bbs     IN      A       172.25.250.106
EOF

cat  >   /var/named/named.fanxiang  <<EOF
\$TTL   1D
@   IN   SOA    @   admin.exam.com. (1
                                     1
                                     1
                                     1
                                     1)
        IN      NS      dns.exam.com.
105     IN      PTR     dns.exam.com.
101     IN      PTR     www.exam.com.
101     IN      PTR     content.exam.com.
102     IN      PTR     ntp.exam.com.
103     IN      PTR     mysql.exam.com.
104     IN      PTR     nfs.exam.com.
106     IN      PTR     bbs.exam.com.
EOF

systemctl enable named --now &> /dev/null
fhq_dns=`firewall-cmd --list-services | grep -o  dns`
if [ -z $fhq_dns ]
then
firewall-cmd --permanent --add-service=dns &> /dev/null
firewall-cmd --reload   &> /dev/null
else
        echo "dns防火墙配置成功"
fi

systemctl restart named &> /dev/null
if [ $? -eq 0 ]
then
                echo "dns重启成功,dns配置完成"
else
                echo "dns重启失败"
fi

注意：网卡配置时，查看自己的网卡名称是否为ens160，不是则更改；在DNS配置文件写入时，对于定义变量的$，在其前面要加上\防止它不能写入。

三、NGINX

#NGINX
cat > /etc/yum.repos.d/rpm.repo << EOF
[haha]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[xixi]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt    &>  /dev/null
xs3=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs3 == "/mnt/GPL" ]
    then
            echo "挂载成功，本地源配置成功"
    else
            echo "挂载失败"
            exit 2
fi
dnf install nginx -y &> /dev/null
if [ $? -eq 0 ]
then
        rpm -qa | grep nginx &> /dev/null
        if [ $? -eq 0 ]
        then
                echo "nginx下载成功"
        else
                echo "nginx下载不成功"
        fi
else

echo "nginx下载失败"
fi

systemctl enable nginx &> /dev/null
systemctl start nginx &> /dev/null
if [ $? -eq 0 ]
then
        NGINXSTAT=$(systemctl is-active nginx)
        if [ $NGINXSTAT == "active" ]
        then
                echo "nginx启动成功"
        else
                echo "nginx启动失败"
        fi
else
        echo "nginx启动失败"
fi

cat > /etc/nginx/nginx.conf   << EOF

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '\$remote_addr - \$remote_user \$time_local "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
server {
    listen 172.25.250.101;
    server_name www.exam.com;

    root /www;
    index index.html index.htm;

    location / {
        try_files \$uri \$uri/ =404;
        allow all;
    }
location /www/ {
        deny all;
        allow all;
        internal;
    }

    location /www/yum/ {
        allow all;
        deny all;
        allow all;
    }
}
}
EOF

echo "Hello,Welcome to www.exam.com!" > /www/index.html

systemctl start firewalld.service &> /dev/null
fhq_nginx=`firewall-cmd --list-services | grep -o  http`
if [ -z $fhq_nginx ]
then
firewall-cmd --permanent --add-service=http &> /dev/null
firewall-cmd --reload   &> /dev/null
echo "nginx的防火墙配置成功"
else
echo "nginx的防火墙配置成功"
fi

chcon_http=`ls -Zl /www/index.html | awk '{print $5}' | awk -F: '{print $3}'`
if [ "$chcon_http" = "httpd_sys_content_t" ]
then
        echo "标签修改成功"
else
chcon -t httpd_sys_content_t /www/index.html
fi

yum="/www/yum"
if [ -d   $yum ]
then
        echo "yum文件已经存在，不需要创建了"
else
        mkdir -p /www/yum &> /dev/null
        echo "yum文件已经创建"
fi

systemctl restart nginx &> /dev/null
NGPAGE=$(curl  -s   172.25.250.101)
if [ "$NGPAGE" == "Hello,Welcome to www.exam.com!" ]
then
        echo "nginx服务完成"
else
        echo "nginx服务出现错误"
fi

mount=`df -h | grep /dev/sr0 | awk '{print $6}'`
if [ $mount = /www/yum ]
then
        echo "挂载成功"
elif [ -z $mount ]; then
        umount /dev/sr0 /mnt &> /dev/null
        mount /dev/sr0 /www/yum  &> /dev/null
else
        umount /dev/sr0    &> /dev/null
        mount /dev/sr0 /www/yum &> /dev/null
fi

cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF

dnf install -y vim net-tools bash-com*  &> /dev/null
if [ $? -eq 0 ]
then
        echo "yum源配置成功"
else
        echo "yum源配置失败"
fi

四、MARIADB

#MARIADB
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF

mount /dev/sr0 /mnt    &>  /dev/null
xs4=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs4 == "/mnt/GPL" ]
    then
            echo "挂载成功"
    else
            echo "挂载失败"
            exit 2
fi

yum install mariadb-server -y  &> /dev/null
if [ $? -eq 0 ]
then
        rpm -qa | grep mariadb &> /dev/null
        if [ $? -eq 0 ]
        then
                echo "mariadb下载成功"
        else
                echo "mariadb下载不成功"
        fi
else
        echo "mariadb下载失败"
fi

systemctl enable mariadb &> /dev/null
systemctl start mariadb  &> /dev/null
if [ $? -eq 0 ]
then
        MARSTAT=$(systemctl is-active mariadb)
        if [ $MARSTAT == "active" ]
        then
                echo "mariadb启动成功"
        else
                echo "mariadb启动失败"
        fi
fi

mysql -u root -predhat  << EOF
use mysql;
grant all privileges on *.* to 'root'@'%' identified by 'redhat';
CREATE DATABASE IF NOT EXISTS bbs;
FLUSH PRIVILEGES;
\q;
EOF

if ! firewall-cmd --quiet --query-port=3306/tcp
then
    firewall-cmd --permanent --add-port=3306/tcp
    echo "3306端口已成功添加到防火墙规则"
else
    echo "3306端口已经在防火墙规则中，无需重复添加"
fi

if ! firewall-cmd --quiet --query-service=mysql
then
    firewall-cmd --permanent --add-service=mysql
    echo "MYSQL服务已成功添加到防火墙规则"
else
    echo "MYSQL服务已经在防火墙规则中，无需重复添加"
fi
firewall-cmd --reload &>/dev/null

注意：在下载mariadb之前请确保主机没有关于mysql的服务，如果有的话可能导致mariadb无法下载和启动；由于mariadb是默认不开启远程登录的，所以需要在数据库开启远程登录。

五、NFS

#NFS
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt    &>  /dev/null
xs5=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs5 == "/mnt/GPL" ]
    then
            echo "挂载成功"
    else
            echo "挂载失败"
            exit 2
fi

dnf install nfs-utils -y  &> /dev/null
if [ $? -eq 0 ]
then
        rpm -qa | grep nfs &> /dev/null
        if [ $? -eq 0 ]
        then
                echo "nfs下载成功"
        else
                echo "nfs下载不成功"
        fi
else
        echo "nfs下载失败"
fi

systemctl enable nfs-server  &> /dev/null
systemctl start nfs-server
if [ $? -eq 0 ]
then
        NFSSTAT=$(systemctl is-active nfs)
        if [ $NFSSTAT == "inactive" ]
        then
                echo "nfs启动成功"
        else
                echo "nfs启动失败"
        fi
fi

cs="/bbs"
if [ -d   $cs ]
then
        echo "nfs文件已经存在，不需要创建了"
else
        mkdir /bbs &> /dev/null
        echo "nfs文件已经创建"
fi


chmod 777 /bbs/ -R
cat > /etc/exports << EOF
/bbs 172.25.250.106(rw)
EOF

systemctl start firewalld.service &> /dev/null
fhq_nfs=`firewall-cmd --list-services | grep -o  nfs`
if [ -z $fhq_nfs ]
then
firewall-cmd --permanent --add-service=mountd  &> /dev/null
firewall-cmd --permanent --add-service=rpc-bind &> /dev/null
firewall-cmd --permanent --add-service=nfs &> /dev/null
firewall-cmd --reload   &> /dev/null
echo "nfs的防火墙配置成功"
else
echo "nfs的防火墙配置成功"
fi

systemctl restart nfs-server
if [ $? -eq 0 ]
then
        echo "nfs重启成功"
else
        echo "nfs重启失败"
fi

六、NTP

#NTP
echo "" > /etc/yum.repos.d/rpm.repo
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
mount /dev/sr0 /mnt    &>  /dev/null
xs6=$(ls  /mnt/GPL)  &> /dev/null
if  [ $xs6 == "/mnt/GPL" ]
    then
            echo "挂载成功"
    else
            echo "挂载失败"
            exit 2
fi

rpm -qa | grep chrony &> /dev/null
if [ $? -eq 0 ]
        then
                echo "chrony已经可以使用"
        else
                dnf install chrony -y &> /dev/null
                if [ $? -eq 0 ]
                then
                        echo "chrony下载成功"
                else
                        echo "chrony下载不成功"
                fi
fi

systemctl enable chrony &> /dev/null
systemctl start chrony  &> /dev/null
if [ $? -eq 0 ]
then
        CHRONYSTAT=$(systemctl is-active named)
        if [ $CHRONYSTAT == "inactive" ]
        then
                echo "chrony启动成功"
        else
                echo "chrony启动失败"
        fi
fi

if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
        echo "chrony——pool 2.rhel.pool.ntp.org iburst已被注释，无需修改"
else
        sudo sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
        echo "chrony——已成功注释pool 2.rhel.pool.ntp.org iburst"
fi
chrony_server="server 172.25.250.102 iburst"

if grep -q "$chrony_server" /etc/chrony.conf
then
        echo "chrony——server 172.25.250.102 iburst已存在，无需添加"
else
        sudo sed -i '$a'"$chrony_server" /etc/chrony.conf
        echo "chrony——server 172.25.250.102 iburst已成功添加！"
fi
chrony_allow="allow 172.25.250.0/24"

if grep -q "$chrony_allow" /etc/chrony.conf
then
        echo "chrony——allow 172.25.250.0/24已存在，无需添加"
else
        sudo sed -i '$a'"$chrony_allow" /etc/chrony.conf
        echo "chrony——allow 172.25.250.0/24已成功添加"
fi
chrony_stratum="local stratum 3"

if grep -q "$chrony_stratum" /etc/chrony.conf
then
        echo "chrony——local stratum 3已存在，无需添加"
else
        sudo sed -i '$a'"$chrony_stratum" /etc/chrony.conf
        echo "chrony——local stratum 3已成功添加"
fi
sudo sed -i '/^#log measurements statistics tracking/s/^#//' /etc/chrony.conf

systemctl restart chronyd.service
if [ $? -eq 0 ]
then
        echo "chrony重启成功"
else
        echo "chrony重启失败"
fi

systemctl enable --now cockpit.socket

fhq_ntp=`firewall-cmd --list-services | grep -o  ntp`
if [ -z $fhq_ntp ]
then
firewall-cmd --permanent --add-service=ntp &> /dev/null
firewall-cmd --reload   &> /dev/null
echo "ntp的防火墙配置成功"
else
echo "ntp的防火墙配置成功"
fi

ssh root@172.25.250.106 << ALLEOF
if grep -q '^#pool 2.rhel.pool.ntp.org iburst' /etc/chrony.conf
then
        echo "chrony——pool 2.rhel.pool.ntp.org iburst已被注释，无需修改"
else
        sudo sed -i '/pool 2.rhel.pool.ntp.org iburst/s/^/#/' /etc/chrony.conf
        echo "chrony——已成功注释pool 2.rhel.pool.ntp.org iburst"
fi
chrony_server="server 172.25.250.102 iburst"
if grep -q "\$chrony_server" /etc/chrony.conf
then
        echo "chrony——server 172.25.250.102 iburst已存在，无需添加"
else
        sudo sed -i '\$a'"\$chrony_server" /etc/chrony.conf
        echo "chrony——server 172.25.250.102 iburst已成功添加"
fi
sudo sed -i '/^#log measurements statistics tracking/s/^#//' /etc/chrony.conf

fhq_ntp1=`firewall-cmd --list-services | grep -o  ntp`
if [ -z \$fhq_ntp1 ] 
then
firewall-cmd --permanent --add-service=ntp &> /dev/null
firewall-cmd --reload   &> /dev/null
echo "ntp的防火墙配置成功"
else
echo "ntp的防火墙配置成功"
fi
ALLEOF

七、论坛服务

#luntan
ssh root@172.25.250.106   << ALLEOF
rm -rf /etc/yum.repos.d/*
cat << EOFA > /etc/yum.repos.d/base.repo
[BaseOS]
name=BaseOS
baseurl=/mnt/BaseOS
enabled=1
gpgcheck=0
[Appstream]
name=AppStream
baseurl=/mnt/AppStream
enabled=1
gpgcheck=0
EOFA

mount /dev/sr0 /mnt & > /dev/null
dnf install chrony nfs-utils  bind bind-utils php* unzip nginx -y &> /dev/null
mkdir -p /var/www/html/bbs & > /dev/null
mount 172.25.250.104:/bbs /var/www/html/bbs  & > /dev/null
echo '172.25.250.104:/bbs /var/www/html/bbs       nfs   defaults  0 0' >> /etc/fstab
mount -a & > /dev/null
systemctl restart nfs-server  & > /dev/null
cd /var/www/html/bbs
if [ -d "upload" ]
then
  echo "Discuz压缩包已解压"
else
  rm -rf *
  unzip /root/Discuz_X3.5_SC_UTF8_20230520.zip
  cd
  chmod -R 777 /var/www/html/bbs
fi

rm -rf  /etc/nginx/conf.d/* & > /dev/null

cat > /etc/nginx/conf.d/php-fpm.conf << 'EOFA'
upstream php-fpm {
      server unix:/run/php-fpm/www.sock;
}
EOFA

cat > /etc/nginx/conf.d/vhost.conf << 'EOFR'
server {
    listen 80;
    server_name bbs.exam.com; # 替换为你的域名

    root /var/www/html/bbs;       # Discuz源码目录
    index index.php index.html index.htm;

    location / {
        try_files \$uri \$uri/ /index.php?\$args;
    }
location ~ \.php$ {
        fastcgi_pass unix:/run/php-fpm/www.sock; 
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}
EOFR

cat >> /etc/resolv.conf << EOFC
search localdomain
nameserver 172.25.250.105
EOFC

firewall-cmd --permanent --add-service=http &> /dev/null
if [ $? -eq 0 ]
then
    echo "HTTP service added to firewall successfully."
else
    echo "Failed to add HTTP service to firewall."
    exit 1
fi

firewall-cmd --reload &> /dev/null
if [ $? -eq 0 ]
then
    echo "Firewall reloaded successfully."
else
    echo "Failed to reload firewall."
    exit 1
fi

setsebool -P httpd_use_nfs 1 &> /dev/null
if [ $? -eq 0 ]
then
    echo "SELinux boolean httpd_use_nfs set successfully."
else
    echo "Failed to set SELinux boolean httpd_use_nfs."
    exit 1
fi

setsebool -P httpd_can_network_connect_db 1 &> /dev/null
if [ $? -eq 0 ]
then
    echo "SELinux boolean httpd_can_network_connect_db set successfully."
else
    echo "Failed to set SELinux boolean httpd_can_network_connect_db."
    exit 1
fi

systemctl restart nginx.service
ALLEOF

注意：在远程登录时写入文件时\无法再使得$可以正常写入，于是需要将写入文件时结尾的EOFR加上单引号，来避免这种情况；请确保论坛服务的压缩包在106的主机上。

结果展示及痛点解答

一、若出现404错误则首先查看论坛的nginx服务配置是否正确，检查/etc/nginx/conf.d/目录下面的是否除了php和配置文件有其他文件。

二、若出现数据库连接拒绝访问，则检查mariadb是否支持远程登录。

三、若站点安装之后需要重新安装，由于安装锁定，则请到服务器上删除./data/install.lock，才能重新安装。

四、若在安装时关闭安装界面，则会使得安装失败并且报错，则请恢复快照或者执行三步骤。

五、若nginx由于80端口被占用无法启动，使用fuser -n tcp 80 查看占用端口，并杀死再重新启动。

六、若第一次运行出现了服务无法运行，无法启动请再次运行。

若遇到不可解决问题请留言 ......