Linux课程第二十二天学习笔记

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux课程第二十二天学习笔记相关的知识,希望对你有一定的参考价值。

####################空壳邮件####################
[[email protected] ~]# vim /etc/named.rfc1912.zones
-----------------------------------------------
 37 zone "westos.org" IN {
 38         type master;
 39         file "westos.org.zone";
 40         allow-update { none; };
 41 };
 42
:wq
-----------------------------------------------
[[email protected] ~]# cd /var/named
[[email protected] named]# cp -p westos.com.zone westos.org.zone
##一定要加"-p"参数
[[email protected] named]# vim westos.org.zone
-----------------------------------------------
  1 $TTL 1D
  2 @       IN SOA  dns.westos.org. root.westos.org. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8                 NS      dns.westos.org.
  9 dns             A       172.25.50.100
 10 westos.org.     MX 1    172.25.50.100.
:wq
-----------------------------------------------
[[email protected] named]# dig -t mx westos.org |grep MX
;westos.org.            IN    MX
westos.org.        86400    IN    MX    1 172.25.50.100.
[[email protected] named]# rm -fr /etc/postfix/main.cf
[[email protected] named]# yum reinstall postfix -y
......
[[email protected] named]# systemctl restart postfix.service
[[email protected] named]# vim /etc/postfix/main.cf
-----------------------------------------------
 75 myhostname = maillinux.linux.com

 83 mydomain = linux.com

 98 myorigin = westos.org

113 inet_interfaces = all

116 #inet_interfaces = localhost

140 local_transport = error:local delivery disabled    ##不允许本地投递

164 mydestination =                    ##不接收任何邮件

313 relayhost = 172.25.50.200                ##指定真实的邮件服务器IP地址
:wq
-----------------------------------------------
[[email protected] named]# systemctl restart postfix.service

[[email protected] ~]# vim /etc/postfix/main.cf
-----------------------------------------------
264 mynetworks = 172.25.50.0/24
:wq
-----------------------------------------------
[[email protected] ~]# systemctl restart postfix.service
[[email protected] ~]# cd /home/vmail/
[[email protected] vmail]# ls
mail  westos.org
[[email protected] vmail]# rm -fr *
[[email protected] vmail]# ls

[[email protected] named]# mail [email protected]
Subject: test
test
test
.
EOT
[[email protected] named]# mailq
Mail queue is empty

[[email protected] vmail]# ls
westos.org
[[email protected] vmail]# cd westos.org/
[[email protected] westos.org]# ls
admin
[[email protected] westos.org]# cd admin/
[[email protected] admin]# ls
cur  new  tmp


#####################
#####  Apache    #####
#####################
Apche提供httpd协议

--网站主流架构--
lamp=linux apache mysql php
lnmp=linux nginx mysql php
以上都是开源软件,所以成为主流

--网站开发语言--
静态:html
动态:php cgi jsp asp

--中间件(翻译语言)--
tomcat jboss 等等

squid代理软件
反向代理,也就是通常所说的Web服务器加速
通过在Internet上增加一个高速的Web缓冲服务器(即:Web反向代理服务器),来降低实际的Web服务器的负载。

go语言

nmap著名的黑客软件

index.html里写的是html语句


[[email protected] ~]# hostnamectl set-hostname web1.westos.com
[[email protected] ~]# reboot
等待重启
[[email protected] ~]# yum install httpd -y
......
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# vim index.html
测试http://172.25.254.115
[[email protected] html]# echo hello world >file
测试http://172.25.254.115/file

[[email protected] html]# netstat -antlpe |grep httpd
tcp6       0      0 :::80                   :::*                    LISTEN      0          78225      4642/httpd         
[[email protected] html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd

==index优先级==
[[email protected] html]# vim /etc/httpd/conf/httpd.conf
164     DirectoryIndex file index.html
[[email protected] html]# systemctl reload httpd
测试http://172.25.254.115
hello world
[[email protected] html]# rm -fr file
测试http://172.25.254.115
web1.westos.com 123
[[email protected] html]# rm -fr index.html
测试http://172.25.254.115
apache测试页
##有问题,发现还是web1.westos.com 123,不知怎么又好了,可能是缓存

==http手册==
[[email protected] html]# yum install httpd-manual -y
......
[[email protected] html]# systemctl restart httpd
测试http://172.25.254.115/manual

==更改访问目录==
[[email protected] html]# getenforce
Enforcing
[[email protected] html]# ls -Zd
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
[[email protected] html]# mkdir -p /www/westos
[[email protected] html]# semanage fcontext -a -t httpd_sys_content_t ‘/www/westos(/.*)?‘
[[email protected] html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0

[[email protected] html]# cd /www/westos/
[[email protected] westos]# ls
[[email protected] westos]# vim index.html
  1 /www/westos’s page
[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122     Require all granted
123 </Directory>
[[email protected] westos]# systemctl reload httpd
[[email protected] westos]# vim index.html
/www/westos’s page
测试http://172.25.254.115

==更改端口号==
[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
 42 Listen 8080
[[email protected] westos]# systemctl reload httpd
测试http://172.25.254.115:8080            ##8080默认是tomcat的端口
[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
 42 Listen 80
[[email protected] westos]# systemctl reload httpd    ##重新加载速度更快
测试http://172.25.254.115

==访问ip限制==
[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122     Require all granted
123     Order Allow,Deny
124     Allow from all
125     Deny from 172.25.254.115
126 </Directory>
[[email protected] westos]# systemctl reload httpd
测试:
115:http://172.25.254.115不能访问
15:http://172.25.254.115可以访问

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122     Require all granted
123     Order Deny,Allow
124     Allow from 172.25.254.115
125     Deny from all
126 </Directory>
[[email protected] westos]# systemctl reload httpd
测试:
115:http://172.25.254.115可以访问
15:http://172.25.254.115不能访问

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122     Require all granted
123     Order Deny,Allow
124     Allow from 172.25.254.0/24
125     Deny from all
126 </Directory>
[[email protected] westos]# systemctl reload httpd
测试:
只允许172.25.254.0/24这个网段访问

==用户名,密码访问==
[[email protected] westos]# cd /etc/httpd/
[[email protected] httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[[email protected] httpd]# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[[email protected] httpd]# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
[[email protected] httpd]# htpasswd -m htpasswdfile westos
New password:
Re-type new password:
Adding password for user westos
[[email protected] httpd]# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
westos:$apr1$cgzYLUVZ$zSkX6bfpFZkDQxrONSofc/

[[email protected] httpd]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122         #Require all granted
123         Authuserfile /etc/httpd/htpasswdfile
124         Authname "Please input username and password"
125         Authtype basic
126         Require user admin
127 </Directory>
[[email protected] httpd]# systemctl reload httpd
测试http://172.25.254.115
admin验证成功
westos验证不成功

ctrl+shift+delete点击清空缓存
[[email protected] httpd]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122         #Require all granted
123         Authuserfile /etc/httpd/htpasswdfile
124         Authname "Please input username and password"
125         Authtype basic
126         Require valid-user
127 </Directory>
[[email protected] httpd]# systemctl reload httpd
测试http://172.25.254.115
admin验证成功
westos验证成功

==music.westos.com; news.westos.com==
[[email protected] httpd]# vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/westos"
[[email protected] httpd]# systemctl reload httpd

[[email protected] httpd]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# vim index.html
  1 www.westos.com
测试http://172.25.254.115正常

[[email protected] html]# vim /etc/hosts
  6 172.25.254.115 www.westos.com westos.com music.westos.com news.westos.com

[[email protected] html]# mkdir /var/www/virtual/music.westos.com/html -p
[[email protected] html]# mkdir /var/www/virtual/news.westos.com/html -p
[[email protected] ~]# cd /var/www/virtual/music.westos.com/html
[[email protected] html]# vim index.html
  1 music.westos.com
[[email protected] html]# cd /var/www/virtual/news.westos.com/html
[[email protected] html]# vim index.html
  1 news.westos.com
[[email protected] html]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# ls
autoindex.conf  manual.conf  README  userdir.conf  welcome.conf
[[email protected] conf.d]# vim default.conf
  1 <Virtualhost _default_:80>
  2         Documentroot /var/www/html
  3         Customlog "logs/default.log" combined    ##combined表示日志级别是全部
  4 </Virtualhost>
  5 <Directory "/var/www/html">
  6         Require all granted
  7 </Directory>
[[email protected] conf.d]# cp default.conf music.conf
[[email protected] conf.d]# vim music.conf
  1 <Virtualhost *:80>
  2         Servername music.westos.com
  3         Documentroot /var/www/virtual/music.westos.com/html
  4         Customlog "logs/music.log" combined
  5 </Virtualhost>
  6 <Directory "/var/www/virtual/music.westos.com/html">
  7         Require all granted
  8 </Directory>
[[email protected] conf.d]# cp music.conf news.conf
[[email protected] conf.d]# vim news.conf
  1 <Virtualhost *:80>
  2         Servername news.westos.com
  3         Documentroot /var/www/virtual/news.westos.com/html
  4         Customlog "logs/news.log" combined
  5 </Virtualhost>
  6 <Directory "/var/www/virtual/news.westos.com/html">
  7         Require all granted
  8 </Directory>
[[email protected] conf.d]# systemctl reload httpd
[[email protected] conf.d]# firefox &
测试:
www.westos.com
news.westos.com
music.westos.com
测试成功




客户端加密,服务端解密
客户拿到证书加密,服务器拿key解密

install上面装好就有证书,下面生成证书

[[email protected] conf.d]# yum install mod_ssl -y
......
[[email protected] conf.d]# yum install crypto-utils -y
......


  │ The key will be stored in                                              │
  │     /etc/pki/tls/private/www.westos.com.key                            │
  │ The certificate stored in                                              │
  │     /etc/pki/tls/certs/www.westos.com.crt    

[[email protected] conf.d]# genkey www.westos.com
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.8103 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert

cmd_CreateNewCert
command:  makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.8103
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key


Generating key. This may take a few moments...

Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[[email protected] ~]# ls /etc/pki/tls/certs
ca-bundle.crt        localhost.crt    Makefile          www.westos.com.crt
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[[email protected] conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
测试:真机打开firefox,输入https://172.25.254.115/

本文出自 “施超Linux学习笔记” 博客,谢绝转载!

以上是关于Linux课程第二十二天学习笔记的主要内容,如果未能解决你的问题,请参考以下文章

Linux课程第十二天学习笔记

Linux课程第二天学习笔记

学习python课程第二十二天

Linux课程第二十天学习笔记

Linux课程第二十一天学习笔记

学习笔记第二十节课