1.apache
1.1 准备阶段
服务端配置:
340 yum install httpd -y ##安装服务
342 systemctl start httpd
349 firewall-cmd --permanent --add-service=http ##在防火墙添加可以通过的服务
350 firewall-cmd --permanent --add-service=https
351 firewall-cmd --reload ##重新加载
352 firewall-cmd --list-all
353 cd /var/www/html/
354 vim index.html ##测试文档
hello sir
ypa!
测试:
1.2 更改默认读取文件
vim /etc/httpd/conf/httpd.conf
....
<IfModule dir_module>
DirectoryIndex index.html westos ##按照文件前后顺序读取
</IfModule>
....
systemctl restart httpd.service
rm -fr index.html ##删除原有文件
vim wula
this is wula
1.3 更改默认读取目录
372 vim /etc/httpd/conf/httpd.conf
....
DocumentRoot "/www/html"
<Directory "/www">
Require all granted ##路径权限
</Directory>
....
373 systemctl restart httpd.service
377 semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?' ##设置安全上下文
378 restorecon -RvvF /www/ ##加载上下文
382 vim index.html
this is /www/htmls
1.4 更改端口
364 vim /etc/httpd/conf/httpd.conf
....
#Listen 12.34.56.78:80
Listen 8080 将原有80端口更改为8080
....
365 systemctl restart httpd.service
366 firewall-cmd --permanent --add-port=8080/tcp ##设置防火墙允许通过的端口
367 firewall-cmd --reload
1.5 虚拟主机 (一个IP发布多个站点)
服务端设置:
12 cd /var/www/
13 mkdir news
14 mkdir music
16 echo news.westos.com > news/westos
17 echo music.westos.com > music/westos
24 cd /etc/httpd/
26 cd conf.d/
28 vim default.conf ##设置子配置文件
<Virtualhost _default_:80>
Documentroot /var/www/html ##读取的目录
customlog "logs/default.log" combined ##日志存放位置
</Virtualhost>
<Directory /var/www/html>
require all granted ##允许访问
</Directory>
30 vim news.conf ##设置子配置文件
<Virtualhost *:80>
Servername news.westos.com ##域名指定
Documentroot /var/www/news ##访问根目录
customlog "logs/news.log" combined ##日志存放文件
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
32 vim music.conf
<Virtualhost _default_:80>
Servername music.westos.com
Documentroot /var/www/music
customlog "logs/music.log" combined
</Virtualhost>
<Directory /var/www/music>
require all granted
</Directory>
33 systemctl restart httpd.service
客户端测试配置:
[root@foundation24 Desktop]# vim /etc/hosts
172.25.254.124 www.westos.com news.westos.com music.westos.com ##添加本地解析
1.6 允许登陆及加密登陆
允许登陆:
72 cd /etc/httpd/conf
74 htpasswd -cm apacheuser jet ##生成密钥
75 cat apacheuser
76 htpasswd -m apacheuser tom
77 cat apacheuser ##查看生成的密钥
jet:$apr1$IFe.oKun$FtuW6hcQTVri68YXZY0oK1
tom:$apr1$Yifv1FuM$Oih3Y2Bqzq8t7ysyxGJau.
78 cd /etc/httpd/conf.d/
79 ls
80 vim music.conf ##设置黑名单
<Directory /var/www/music/wula>
Order allow,deny ##读取顺序从左到右
allow from all
deny from 172.25.254.24
</Directory>
81 systemctl restart httpd.service
加密登陆及设置用户
vim music.conf
<Directory /var/www/music/wula>
Authuserfile /etc/httpd/conf/apacheuser ##将生成的密码文件与服务关联
Authname "please input your username and passwd "
Authtype basic
Require user jet ##仅允许jet用户登陆
</Directory>
<Directory /var/www/music/wula>
Authuserfile /etc/httpd/conf/apacheuser
Authname "please input your username and passwd "
Authtype basic
Require valid-user ##允许所有加密用户登陆
</Directory>
1.7 php cgi manual
1.7.1 php
423 cd /var/www/news/
425 vim index.php ##编辑测试文件
<?php
phpinfo ();
?>
426 yum install php -y ##安装php软件
测试端:
news.westos.com
1.7.2 cgi
441 mkdir /var/www/news/cgi ##新建cgi文档
442 vim /var/www/news/cgi/index.cgi ##编写测试文件
443 perl /var/www/news/cgi/index.cgi ##命令方式执行
Content-type: text/html
Sun Mar 5 02:13:03 EST 2017
444 vim news.conf ##更改配合文件
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/news
customlog "logs/news.log" combined
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
<Directory /var/www/news/cgi> ##本功能设置
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
445 systemctl restart httpd.service
447 chmod +x /var/www/news/cgi/index.cgi
453 ls -Z /var/www/cgi-bin/ -d
454 semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/news/cgi(/.*)?' ##设置该目录安全上下文
455 restorecon -FvvR /var/www/news/cgi
1.7.3 manual:
431 yum install httpd-manual -y
433 mkdir manual
437 cd /etc/httpd/conf.d/
439 vim news.conf
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/news
customlog "logs/news.log" combined
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
<Directory /var/www/news/manual> ##社会子目录访问权限
require all granted
</Directory>
440 systemctl restart httpd.service
1.8 https 证书建立
478 yum install mod_ssl -y ##安装服务
479 cd /etc/httpd/conf.d/
483 systemctl restart httpd.service
484 netstat -antlpe | grep httpd ##查看有无443加密端口
488 yum install crypto-utils.x86_64 -y
489 genkey apache.example.com ##生成证书命令,其后根主机名
493 cd /var/www/
495 mkdir login ##建立用户家目录
497 cd login/
498 vim login.html
499 cd /etc/httpd/conf.d/
501 vim login.conf ##编写用户配置文件
<Virtualhost *:443>
Servername login.westos.com
Documentroot /var/www/login
Customlog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt ##证书生成的位置
SSLCertificateKeyFile [] /etc/pki/tls/private/apache.example.com.key ##证书的密钥
</Virtualhost>
<Directory "/var/www/login">
Require all granted
</Directory>
<Virtualhost *:80> ##将登陆端口由80转为443加密端口
Servername login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
508 systemctl restart httpd.service
测试端口:
vim /etc/hosts ##配置本地解析
172.25.254.124 www.westos.com news.westos.com music.westos.com login.westos.com
2.数据库
2.1 安全初始化
517 yum install mariadb-server -y ##安装数据库软件
518 systemctl start mariadb ##软件安装后必须启动
519 mysql ##登陆命令
520 netstat -antlpe | grep mysqld ##查看数据库端口
521 vim /etc/my.cnf ##编辑该配置文件,关闭端口
....
skip-networking=1
....
522 systemctl restart mariadb
523 netstat -antlpe | grep mysqld ##此时查看端口,就查看不到了
524 mysql
525 mysql_secure_installation ##设置登入数据库的密码
设置密码后,一路y下去即可
526 mysql -uroot -p ##登陆方式为
[root@apache login]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> quit
Bye
2.2 数据库的备份与恢复
8 mysql -uroot -predhat -e "SHOW DATABASES;" ##显示存在的数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| linux |
| mysql |
| performance_schema |
+--------------------+
9 mysqldump -uroot -predhat linux > /mnt/linux.sql ##讲该数据库备份到/mnt下
11 mysql -uroot -predhat -e "DROP DATABASE linux;" ##删除linux数据库
12 mysql -uroot -predhat -e "SHOW DATABASES;" ##显示存在的数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| |
| mysql |
| performance_schema |
+--------------------+
13 mysql -uroot -predhat -e "CREATE DATABASE linux;" ##为恢复下先建立linux数据库
14 mysql -uroot -predhat -e "SHOW DATABASES;"
15 mysql -uroot -predhat linux < /mnt/linux.sql ##将备份文件导入以建立的数据库中
16 mysql -uroot -p
MariaDB [(none)]> use linux;
MariaDB [linux]> SELECT * from linux;
+----------+------+----------+
| username | age | password |
+----------+------+----------+
| user1 | NULL | 1234 |
| user2 | NULL | 1234 |
| user3 | NULL | 1234 |
+----------+------+----------+
3 rows in set (0.00 sec)
MariaDB [linux]> quit
Bye
2.3 数据库用户管理
MariaDB [(none)]> create user jet@localhost identified by 'redhat'; ##创建用户jet
show grants for jet@localhost; ##查询用户jet的权限
drop user jet@localhost; ##删除用户
2.4 用户密码恢复
171 systemctl stop mariadb ##停止数据库服务
命令 mysqld_safe --skip-grant-table & ##免登陆认证进入数据库
172 mysql
MariaDB [(none)]> update mysql.user set password=password('1234') where user='root';
173 ps aux | grep mysql
174 kill -9 9118
175 kill -9 9547
176 systemctl start mariadb
177 mysql
[root@station conf.d]# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
178 mysql -uroot -p1234
2.5 插件安装
533 tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 ##解压插件包
535 rm -fr phpMyAdmin-3.4.0-all-languages.tar.bz2 ##删除压缩包
537 mv phpMyAdmin-3.4.0-all-languages mysql ##将解压后的包重命名,便于后面的操作
539 cd mysql/
541 cp config.sample.inc.php config.inc.php
542 vim config.inc.php
.....
cfg['blowfish_secret'] = 'ba17c1ec07d65003'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
.....
543 vim Documentation.txt ##通过这里面的提示,把代码复制进去
544 vim config.inc.php
545 yum install php-mysql.x86_64 -y ##安装php数据库服务
546 systemctl restart httpd.service
547 systemctl restart httpd
548 setsebool -P httpd_can_network_connect_db on ##关闭服务
测试:
wula.westos.com/mysql