Linux运维第十九讲

xiaoxiao2021-03-25 173

1.apache

1.1 准备阶段

服务端配置：

340 yum install httpd -y ##安装服务

342 systemctl start httpd

349 firewall-cmd --permanent --add-service=http ##在防火墙添加可以通过的服务

350 firewall-cmd --permanent --add-service=https

351 firewall-cmd --reload ##重新加载

352 firewall-cmd --list-all

353 cd /var/www/html/

354 vim index.html ##测试文档

hello sir

ypa!

测试：

1.2 更改默认读取文件

vim /etc/httpd/conf/httpd.conf

....

DirectoryIndex index.html westos ##按照文件前后顺序读取

</IfModule>

....

systemctl restart httpd.service

rm -fr index.html ##删除原有文件

vim wula

this is wula

1.3 更改默认读取目录

372 vim /etc/httpd/conf/httpd.conf

....

DocumentRoot "/www/html"

Require all granted ##路径权限

</Directory>

....

373 systemctl restart httpd.service

377 semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?' ##设置安全上下文

378 restorecon -RvvF /www/ ##加载上下文

382 vim index.html

this is /www/htmls

1.4 更改端口

364 vim /etc/httpd/conf/httpd.conf

....

#Listen 12.34.56.78:80

Listen 8080 将原有80端口更改为8080

....

365 systemctl restart httpd.service

366 firewall-cmd --permanent --add-port=8080/tcp ##设置防火墙允许通过的端口

367 firewall-cmd --reload

1.5 虚拟主机（一个IP发布多个站点）

服务端设置：

12 cd /var/www/

13 mkdir news

14 mkdir music

16 echo news.westos.com > news/westos

17 echo music.westos.com > music/westos

24 cd /etc/httpd/

26 cd conf.d/

28 vim default.conf ##设置子配置文件

Documentroot /var/www/html ##读取的目录

customlog "logs/default.log" combined ##日志存放位置

</Virtualhost>

require all granted ##允许访问

</Directory>

30 vim news.conf ##设置子配置文件

Servername news.westos.com ##域名指定

Documentroot /var/www/news ##访问根目录

customlog "logs/news.log" combined ##日志存放文件

</Virtualhost>

require all granted

</Directory>

32 vim music.conf

Servername music.westos.com

Documentroot /var/www/music

customlog "logs/music.log" combined

</Virtualhost>

require all granted

</Directory>

33 systemctl restart httpd.service

客户端测试配置：

[root@foundation24 Desktop]# vim /etc/hosts

172.25.254.124 www.westos.com news.westos.com music.westos.com ##添加本地解析

1.6 允许登陆及加密登陆

允许登陆：

72 cd /etc/httpd/conf

74 htpasswd -cm apacheuser jet ##生成密钥

75 cat apacheuser

76 htpasswd -m apacheuser tom

77 cat apacheuser ##查看生成的密钥

jet:$apr1$IFe.oKun$FtuW6hcQTVri68YXZY0oK1

tom:$apr1$Yifv1FuM$Oih3Y2Bqzq8t7ysyxGJau.

78 cd /etc/httpd/conf.d/

79 ls

80 vim music.conf ##设置黑名单

Order allow,deny ##读取顺序从左到右

allow from all

deny from 172.25.254.24

</Directory>

81 systemctl restart httpd.service

加密登陆及设置用户

vim music.conf

Authuserfile /etc/httpd/conf/apacheuser ##将生成的密码文件与服务关联

Authname "please input your username and passwd "

Authtype basic

Require user jet ##仅允许jet用户登陆

</Directory>

Authuserfile /etc/httpd/conf/apacheuser

Authname "please input your username and passwd "

Authtype basic

Require valid-user ##允许所有加密用户登陆

</Directory>

1.7 php cgi manual

1.7.1 php

423 cd /var/www/news/

425 vim index.php ##编辑测试文件

<?php

phpinfo ();

426 yum install php -y ##安装php软件

测试端：

news.westos.com

1.7.2 cgi

441 mkdir /var/www/news/cgi ##新建cgi文档

442 vim /var/www/news/cgi/index.cgi ##编写测试文件

443 perl /var/www/news/cgi/index.cgi ##命令方式执行

Content-type: text/html

Sun Mar 5 02:13:03 EST 2017

444 vim news.conf ##更改配合文件

Servername news.westos.com

Documentroot /var/www/news

customlog "logs/news.log" combined

</Virtualhost>

require all granted

</Directory>

<Directory /var/www/news/cgi> ##本功能设置

Options +ExecCGI

AddHandler cgi-script .cgi

</Directory>

445 systemctl restart httpd.service

447 chmod +x /var/www/news/cgi/index.cgi

453 ls -Z /var/www/cgi-bin/ -d

454 semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/news/cgi(/.*)?' ##设置该目录安全上下文

455 restorecon -FvvR /var/www/news/cgi

1.7.3 manual：

431 yum install httpd-manual -y

433 mkdir manual

437 cd /etc/httpd/conf.d/

439 vim news.conf

Servername news.westos.com

Documentroot /var/www/news

customlog "logs/news.log" combined

</Virtualhost>

require all granted

</Directory>

<Directory /var/www/news/manual> ##社会子目录访问权限

require all granted

</Directory>

440 systemctl restart httpd.service

1.8 https 证书建立

478 yum install mod_ssl -y ##安装服务

479 cd /etc/httpd/conf.d/

483 systemctl restart httpd.service

484 netstat -antlpe | grep httpd ##查看有无443加密端口

488 yum install crypto-utils.x86_64 -y

489 genkey apache.example.com ##生成证书命令，其后根主机名

493 cd /var/www/

495 mkdir login ##建立用户家目录

497 cd login/

498 vim login.html

499 cd /etc/httpd/conf.d/

501 vim login.conf ##编写用户配置文件

Servername login.westos.com

Documentroot /var/www/login

Customlog "logs/login.log" combined

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt ##证书生成的位置

SSLCertificateKeyFile [] /etc/pki/tls/private/apache.example.com.key ##证书的密钥

</Virtualhost>

Require all granted

</Directory>

<Virtualhost *:80> ##将登陆端口由80转为443加密端口

Servername login.westos.com

RewriteEngine on

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</Virtualhost>

508 systemctl restart httpd.service

测试端口：

vim /etc/hosts ##配置本地解析

172.25.254.124 www.westos.com news.westos.com music.westos.com login.westos.com

2.数据库

2.1 安全初始化

517 yum install mariadb-server -y ##安装数据库软件

518 systemctl start mariadb ##软件安装后必须启动

519 mysql ##登陆命令

520 netstat -antlpe | grep mysqld ##查看数据库端口

521 vim /etc/my.cnf ##编辑该配置文件，关闭端口

....

skip-networking=1

....

522 systemctl restart mariadb

523 netstat -antlpe | grep mysqld ##此时查看端口，就查看不到了

524 mysql

525 mysql_secure_installation ##设置登入数据库的密码

设置密码后，一路y下去即可

526 mysql -uroot -p ##登陆方式为

[root@apache login]# mysql -uroot -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 11

Server version: 5.5.35-MariaDB MariaDB Server

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> quit

Bye

2.2 数据库的备份与恢复

8 mysql -uroot -predhat -e "SHOW DATABASES;" ##显示存在的数据库

+--------------------+

| Database |

+--------------------+

| information_schema |

| linux |

| mysql |

| performance_schema |

+--------------------+

9 mysqldump -uroot -predhat linux > /mnt/linux.sql ##讲该数据库备份到/mnt下

11 mysql -uroot -predhat -e "DROP DATABASE linux;" ##删除linux数据库

12 mysql -uroot -predhat -e "SHOW DATABASES;" ##显示存在的数据库

+--------------------+

| Database |

+--------------------+

| information_schema |

| |

| mysql |

| performance_schema |

+--------------------+

13 mysql -uroot -predhat -e "CREATE DATABASE linux;" ##为恢复下先建立linux数据库

14 mysql -uroot -predhat -e "SHOW DATABASES;"

15 mysql -uroot -predhat linux < /mnt/linux.sql ##将备份文件导入以建立的数据库中

16 mysql -uroot -p

MariaDB [(none)]> use linux;

MariaDB [linux]> SELECT * from linux;

+----------+------+----------+

| username | age | password |

+----------+------+----------+

| user1 | NULL | 1234 |

| user2 | NULL | 1234 |

| user3 | NULL | 1234 |

+----------+------+----------+

3 rows in set (0.00 sec)

MariaDB [linux]> quit

Bye

2.3 数据库用户管理

MariaDB [(none)]> create user jet@localhost identified by 'redhat'; ##创建用户jet

show grants for jet@localhost; ##查询用户jet的权限

drop user jet@localhost; ##删除用户

2.4 用户密码恢复

171 systemctl stop mariadb ##停止数据库服务

命令 mysqld_safe --skip-grant-table & ##免登陆认证进入数据库

172 mysql

MariaDB [(none)]> update mysql.user set password=password('1234') where user='root';

173 ps aux | grep mysql

174 kill -9 9118

175 kill -9 9547

176 systemctl start mariadb

177 mysql

[root@station conf.d]# mysql

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

178 mysql -uroot -p1234

2.5 插件安装

533 tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 ##解压插件包

535 rm -fr phpMyAdmin-3.4.0-all-languages.tar.bz2 ##删除压缩包

537 mv phpMyAdmin-3.4.0-all-languages mysql ##将解压后的包重命名，便于后面的操作

539 cd mysql/

541 cp config.sample.inc.php config.inc.php

542 vim config.inc.php

.....

cfg['blowfish_secret'] = 'ba17c1ec07d65003'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

.....

543 vim Documentation.txt ##通过这里面的提示，把代码复制进去

544 vim config.inc.php

545 yum install php-mysql.x86_64 -y ##安装php数据库服务

546 systemctl restart httpd.service

547 systemctl restart httpd

548 setsebool -P httpd_can_network_connect_db on ##关闭服务

测试：

wula.westos.com/mysql

转载请注明原文地址: https://ju.6miu.com/read-5402.html

技术

最新回复(0)