二进制安装phpipam地址管理

Posted 2023-03-20

安装phpipam

配置主机文件

vi /etc/hosts
10.16.16.13 phpipam.sy.local phpipam

安装依赖模块 Web server、Database 组件

yum install httpd mariadb-server php php-cli php-gd php-common php-ldap php-pdo php-pear php-snmp php-xml php-mysql php-mbstring git -y

设置时区

vi /etc/php.ini
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Shanghai

启动 Apache Web Server 并设置开机启动

systemctl start httpd
systemctl enable httpd

启动 MySQL (MariaDB) database server

systemctl start mariadb
systemctl enable mariadb

配置 Apache Web Server

/etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
  AllowOverride all
  Order allow,deny
  Allow from all
</Directory>

初始化数据库设置

mysql_secure_installation

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named test that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If youve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

03 安装phpIPAM

从 git 下载 phpIPAM 文件

cd /var/www/html/
git clone https://github.com/phpipam/phpipam.git phpipam
cd phpipam
git checkout 1.4

让 apache 用户有权限访问 phpipam

chown apache:apache -R /var/www/html/
cd /var/www/html/
find . -type f -exec chmod 0644  ;
find . -type d -exec chmod 0755  ;

然后配置数据库链接要做到这一点，我们首先需要将示例配置文件复制到phpipam使用的config.php

cp /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.dist.php.bak
mv /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.php

vim /var/www//html/phpipam/config.php
/**
 * database connection details
 ******************************/
$db[host] = localhost;
$db[user] = phpipam_user;
$db[pass] = phpipam_Pass;
$db[name] = phpipam_db;
$db[port] = 3306;
/**

if(!defined(BASE))
define(BASE, "/phpipam/");

重启 http 服务

systemctl restart httpd

登陆：

http://10.16.16.13

ubuntu-20.04.1-desktop上phpipam的其他功能扩展

1. 启用HTTPS服务

  HTTPS是在HTTP基础上加入SSL，安全性更高。嫌麻烦，我们使用OpenSSL生成免费证书，并在apache配置SSL。

1.1 使用openssl生成免费证书

1.安装OpenSSL。

ipam@ubuntu:~/Downloads$ sudo apt-get install openssl

2.生成一个RSA私钥，其中des加密算法，生成2048位私钥。

ipam@ubuntu:~/Downloads$ openssl genrsa -des3 -out ca.key 2048

查看生成的私钥可以使用

ipam@ubuntu:~/Downloads$ openssl rsa -text -in ca.key

3.创建证书签名请求CSR文件,生成过程中会要求填写一些信息

ipam@ubuntu:~/Downloads$ openssl req -new -key ca.key -out ca.csr
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter \'.\', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:cn
Locality Name (eg, city) []:cn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cn
Organizational Unit Name (eg, section) []:cn
Common Name (e.g. server FQDN or YOUR name) []:cn //填写即将发布url的根服务器，如*.example.cn
Email Address []:cn

Please enter the following \'extra\' attributes
to be sent with your certificate request
A challenge password []:cn
string is too short, it needs to be at least 4 bytes long
A challenge password []:cncn   //你的证书密码，如果不想设置密码，可以直接回车
> An optional company name []:cn

查看csr文件命令如下

ipam@ubuntu:~/Downloads$ openssl req -text -in ca.csr -noout

4.生成签名证书

ipam@ubuntu:~/Downloads$ openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=C = cn, ST = cn, L = cn, O = cn, OU = cn, CN = cn, emailAddress = cn
Getting Private key
Enter pass phrase for ca.key:

1.2 配置apache

1.启用SSL模块
查看/etc/apache2/ports.conf端口配置文件

Listen 80

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

  可以看到要使用443服务，需要先启用SSL模块。

ipam@ubuntu:~/Downloads$ sudo a2enmod ssl

2.修改/etc/apache2/sites-available/内的配置文件
  为了方便管理，证书文件和私钥，分别拷贝至/etc/apache2/ssl/certs/ca.crt以及/etc/apache2/ssl/private/ca.key。由于apache在该文件夹内已创建了示例配置文件default-ssl.conf，修改即可。

#三个部分必须修改
SSLEngine On
SSLCertificateFile    /etc/apache2/ssl/certs/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/private/ca.key

  也可以拷贝000-default.conf文件，并进行简单修改。命名为phpipam-ssl.conf，内容如下：

<VirtualHost *:443>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request\'s Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    SSLEngine On
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/phpipam
    SSLCertificateFile /etc/apache2/ssl/certs/ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/ca.key
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

3.启用apache SSL配置
  若是修改了default-ssl.conf，则

ipam@ubuntu:/etc/apache2/sites-available$ sudo a2ensite default-ssl.conf 

文件名根据实际情况自行修改。
4.强制使用https
  由于之前配置过http服务，考虑强制转成https，即输入网址后自动跳转https服务。修改/etc/apache2/sites-available/000-default.conf，里面添加以下内容并保存。

RewriteEngine on
RewriteCond   %{HTTPS} !=on
RewriteRule   ^(.*)  https://%{SERVER_NAME}$1 [L,R]

5.重载apache

ipam@ubuntu:/etc/apache2/sites-available$ sudo systemctl reload apache2.service 

或者重启

ipam@ubuntu:/etc/apache2/sites-available$ sudo systemctl restart apache2.service 

2. 数据库自动备份

  cron是一个Linux定时执行工具，在Ubuntu，可通过/etc/crontab文件进行查看，或者crontab -l
1.打开cron，并进行编辑。保存关闭有命令提示。

ipam@ubuntu:~/Downloads$ crontab -e

2.配置定时备份
  文件备份在/home/ipam/Documents/bak/。另外，%在crontab为换行，因此%之前需要添加转义字符\\；{} 和\\之间有空格，\\和;之间没有空格，否则会报错 /usr/bin/find: 缺少“-exec”参数。

#每天0时进行备份并对30天前的备份资料进行删除
* 0 */1 * * /usr/bin/mysqldump -uroot -p123456 phpipam > /home/ipam/Documents/bak/phpipam_bak_$(date "+\\%Y\\%m\\%d").sql
* 0 */1 * * /usr/bin/find /home/ipam/Documents/bak/ -ctime +30 -exec rm {} \\;

3.数据库还原
  采用source命令。

ipam@ubuntu:~/Downloads$ mysql -u root -p
ipam@ubuntu:mysql>use phpipam
ipam@ubuntu:mysql>source /home/ipam/Documents/bak/phpipam_bak_20210230.sql

3. 定时扫描

  也是使用的crontab。

*/30 * * * * /usr/bin/php /var/www/phpipam/functions/scripts/pingCheck.php
*/30 * * * * /usr/bin/php /var/www/phpipam/functions/scripts/discoveryCheck.php

4. 参考资料（因为链接太多被判定为广告，需要的自行百度）

1. Config Server Firewall：How to Generate Self-signed SSL Certificate using OpenSSL in Ubuntu 18.04
2. 挑战者V：Ubuntu 16.04配置SSL免费证书
3. hiekay：ubuntu apache2 配置安装ssl证书,https]
4. 龙恩0707：使用openssl 生成免费证书
5. ubuntu wiki
6. linux 命令大全
7. nancy05：备份与还原mysql 数据库的常用命令
8. 大专栏 IP地址管理(IPAM)
9. crontab命令详解 含启动/重启/停止
10.killkill：crontab 的写法(@reboot, @1early...)
11. siaisjack：Linux下date命令，格式化输出，时间设置
12. 听风：linux每日命令(21)：find命令之exec
13. leno米雷のcoding记录：Linux的find命令实例详解和mtime ctime atime
14. 博客园：myql数据库备份及还原