事情是这样的
出生于 2009 年的高贵的 CentOS7.9 已经要停止维护了

大人，食大便了

然而作为牛马实习生的我，用惯了 5.x 和 6.x 内核的 Debian 和 Ubuntu，但 ld 只会用 CentOS7.9（他在口嗨），还是内核 3.10 那种，于是乎开始恶补相关知识

但是呢，在网上很多很多很多博客的源、教程都已经过时了，在折腾一天之后终于忍不住了，不行！我一定要拿小本本记下来，不然我下次还得找！

CentOS 换源

清华源

sed -e "s|^mirrorlist=|#mirrorlist=|g" \
-e "s|^#baseurl=http://mirror.centos.org/centos/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo

				

					
				
				

					
				
				

					
				
				

					
				
			

EPEL 换源

暂时 tuna 源为不可用状态，还是用我自己的吧

sudo sed -e 's!^metalink=!#metalink=!g' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -i /etc/yum.repos.d/epel{,-testing}.repo

				

					
				
				

					
				
				

					
				
				

					
				
			

LD 给的老黄历

rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh http://repo.mysql.com/mysql-community-release-el7.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/ius/ius-release-el7.rpm
rpm -ivh http://repo.webtatic.com/yum/el7/webtatic-release.rpm
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

				

					
				
				

					
				
				

					
				
				

					
				
			

软件安装

Wireguard

Wireguard – Installation
这里有高贵的三种方法
Method 1: a signed module is available as built-in to CentOS’s kernel-plus:

sudo yum install yum-utils epel-release
sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
sudo yum install kernel-plus wireguard-tools
sudo reboot

				

					
				
				

					
				
				

					
				
				

					
				
			

Method 2: users wishing to stick with the standard kernel may use ELRepo’s pre-built module:

sudo yum install epel-release elrepo-release
sudo yum install yum-plugin-elrepo
sudo yum install kmod-wireguard wireguard-tools

				

					
				
				

					
				
				

					
				
				

					
				
			

【推荐 / RECOMMEND】Method 3: users running non-standard kernels may wish to use the DKMS package instead:

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools

				

					
				
				

					
				
				

					
				
				

					
				
			

不过对于大多数机器，要全程换源，太难受了，还是用自建源吧，如果第一步安装 epel 都跑不通那请先对 centos 进行换源

sudo yum install epel-release elrepo-release -y
sudo sed -e 's!^metalink=!#metalink=!g' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -i /etc/yum.repos.d/epel{,-testing}.repo
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://mirrors.0e7.cn/copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo sed -i "s/download.copr.fedorainfracloud.org/mirrors.0e7.cn/g" /etc/yum.repos.d/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools -y

				

					
				
				

					
				
				

					
				
				

					
				
			

Docker

# sudo yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+https://download.docker.com+https://mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker

				

					
				
				

					
				
				

					
				
				

					
				
			

防火墙

切换 firewall 为 iptables

systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl enable iptables

				

					
				
				

					
				
				

					
				
				

					
				
			

清空防火墙规则

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
mkdir -p /etc/sysconfig/
service iptables save
iptables-save > /etc/sysconfig/iptables

				

					
				
				

					
				
				

					
				
				

					
				
			

写在最后

推友：你们搞安全的最后真的会变成运维吗？
我：还真是