i.IT运维上分入门篇
a)【】
b)【】
c)【】
d)【】
e)【】
f)【】
g)【】
ii.IT运维上分初级篇
a)【】
b)【】
c)【】
d)【】
【正在更新】
e)【VMware虚拟化架构概述与兼容性查询】
f)【VMware虚拟化esxi安装】
g)【VMware虚拟化vCenter安装】
[root@localhost ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
ens192 ethernet connected --
virbr0 bridge connected (externally) virbr0
lo loopback unmanaged --
virbr0-nic tun unmanaged --
[root@localhost ~]# nmcli connection add con-name ens192 type ethernet ipv4.addresses 172.16.50.176/24 ipv4.gateway 172.16.50.1 ipv4.method manual
[root@localhost ~]# nmcli connection up ens192 ;
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@localhost ~]# ip a s |grep -i ens192 |grep inet
inet 172.16.50.176/24 brd 172.16.50.255 scope global noprefixroute ens192
[root@localhost ~]# hostnamectl set-hostname web-apache
修改zone文件信息
[root@bind-dns1 named]# hostname
bind-dns1
[root@bind-dns1 named]# cat yunbee.net.zone
www.yunbee.net. IN A 172.16.50.176
www0.yunbee.net. IN A 172.16.50.176
www1.yunbee.net. IN A 172.16.50.176
ftp.yunbee.net. IN CNAME www0
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# rpm -qd httpd
/usr/share/doc/httpd/ABOUT_APACHE
/usr/share/doc/httpd/CHANGES
/usr/share/doc/httpd/LICENSE
/usr/share/doc/httpd/NOTICE
/usr/share/doc/httpd/README
/usr/share/doc/httpd/VERSIONING
/usr/share/doc/httpd/httpd-autoindex.conf
/usr/share/doc/httpd/httpd-dav.conf
/usr/share/doc/httpd/httpd-default.conf
/usr/share/doc/httpd/httpd-info.conf
/usr/share/doc/httpd/httpd-languages.conf
/usr/share/doc/httpd/httpd-manual.conf
/usr/share/doc/httpd/httpd-mpm.conf
/usr/share/doc/httpd/httpd-multilang-errordoc.conf
/usr/share/doc/httpd/httpd-vhosts.conf
/usr/share/doc/httpd/instance.conf
/usr/share/doc/httpd/proxy-html.conf
[root@localhost ~]# egrep -vn "^$|#" /etc/httpd/conf/httpd.conf
34:ServerRoot "/etc/httpd" ## apache主配置文件根目录
45:Listen 80 ## 定义监听80端口
59:Include conf.modules.d/*.conf ## 定义模块存放位置
69:User apache ## web 管理用户
70:Group apache ## web 管理所属组
89:ServerAdmin root@localhost ## 定义管理员邮箱
105:<Directory /> ## 定义根目录(容器)
106: AllowOverride none ## 定义web访问控制,none是不定义
107: Require all denied ## 定义目录拒绝访问
108:</Directory> ## 定义目录(容器) 前面加"/"结尾是准备语法
122:DocumentRoot "/var/www/html" ## 定义apache服务根目录
127:<Directory "/var/www"> ## 定义目录
128: AllowOverride None ## 定义web访问控制,none是不定义
130: Require all granted ## 定义目录允许访问
131:</Directory> ## 定义目录(容器) /结尾是准备语法
134:<Directory "/var/www/html">
147: Options Indexes FollowSymLinks ## Indexes当找不到index文件时列举下面的文件,FollowSymLinks软连接访问
154: AllowOverride None
159: Require all granted
160:</Directory>
166:<IfModule dir_module> ## 模块dir_module
167: DirectoryIndex index.html ## 定义apache Web访问时的默认文件
168:</IfModule>
174:<Files ".ht*"> ## 定义文件访问控制
175: Require all denied ## 拒绝访问
176:</Files>
185:ErrorLog "logs/error_log" ## 定义日志目录
192:LogLevel warn ## 定义日志级别,默认警告级别
194:<IfModule log_config_module> ## 定义日志格式
199: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
200: LogFormat "%h %l %u %t \"%r\" %>s %b" common
202: <IfModule logio_module>
204: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
205: </IfModule>
220: CustomLog "logs/access_log" combined ## 定义访问日志
221:</IfModule>
223:<IfModule alias_module> ## 定义用户自定义模块路径
250: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
252:</IfModule>
258:<Directory "/var/www/cgi-bin">
259: AllowOverride None
260: Options None
261: Require all granted
262:</Directory>
264:<IfModule mime_module>
269: TypesConfig /etc/mime.types
286: AddType application/x-compress .Z
287: AddType application/x-gzip .gz .tgz
308: AddType text/html .shtml
309: AddOutputFilter INCLUDES .shtml
310:</IfModule>
319:AddDefaultCharset UTF-8 ## 定义编码格式
321:<IfModule mime_magic_module>
327: MIMEMagicFile conf/magic
328:</IfModule>
351:EnableSendfile on ## 递送使用内存映射(memory-mapping)来读取文件
356:IncludeOptional conf.d/*.conf ## 定义自定义配置文件目录
[root@localhost conf.d]# pwd
/etc/httpd/conf.d
[root@localhost conf.d]# rpm -ql httpd|grep vhosts
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf ./
[root@localhost conf.d]#cat httpd-vhosts.conf
<Directory "/software"> ## 定义目录(容器)在/software目录下
AllowOverride None
Require all granted
</Directory>
listen 8989 ## 定义一个8989监听端口
<VirtualHost *:8989>
ServerAdmin root@yunbee.com ## 管理员邮箱
DocumentRoot "/software/site1"
ServerName www.yunbee.net ## 虚拟主机名
ServerAlias ftp.yunbee.net ## 虚拟主机别名
ErrorLog "/var/log/httpd/www.example.com-error_log"
CustomLog "/var/log/httpd/www.example.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# httpd -t 检查配置文件是否正确
Syntax OK
[root@localhost conf.d]# echo "www.yunbee.net 8989 Port! " >/software/site1/index.html
[root@localhost conf.d]# curl http://www.yunbee.net:8989
www.yunbee.net 8989 Port!
[root@localhost conf.d]#cat httpd-vhosts.conf
<Directory "/software">
AllowOverride None
Require all granted ## 受权所有用户访问
</Directory>
<VirtualHost 172.16.50.176:80>
ServerAdmin root@yunbee.net
DocumentRoot "/software/site2"
ServerName www0.yunbee.net
ErrorLog "/var/log/httpd/www0.example.com-error_log"
CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@webserver site2]# echo "www0.yunbee.net! and ftp server" >/software/site2/index.html
[root@localhost conf.d]# curl http://www0.yunbee.net
www0.yunbee.net! and ftp server
[root@localhost conf.d]#cat httpd-vhosts.conf
<Directory "/software">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/ftp/pub">
Options indexes ## 当找不能index.html时例举文件与目录
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
ServerAdmin root@yunbee.net
DocumentRoot "/software/site2"
alias /ftp /var/ftp/pub ##定义路径别名
ServerName www0.yunbee.net
ErrorLog "/var/log/httpd/www0.example.com-error_log"
CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# yum install vsftpd
[root@localhost conf.d]# sed -i 's/^anonymous_enable=no/anonymous_enable=yes/' /etc/vsftpd/vsftpd.conf
[root@localhost conf.d]# touch /var/ftp/pub/ftpfile{1..3}
[root@localhost conf.d]# ll /var/ftp/pub/
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile1
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile2
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile3
[root@localhost conf.d]# ftp 172.16.50.176
ftp> cd /var/ftp/pub/
ftp> ls
227 Entering Passive Mode (172,16,50,176,163,126).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Sep 15 12:22 ftpfile1
-rw-r--r-- 1 0 0 0 Sep 15 12:22 ftpfile2
-rw-r--r-- 1 0 0 0 Sep 15 12:22 ftpfile3
测试站点访问是否正常
测试站点文件服务器是否访问正常
[root@localhost site2]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<Directory "/software">
AllowOverride None
Require all granted
</Directory>
<Directory "/software/site2">
Options Indexes FollowSymLinks ## Indexes:例出定义目录下的文件与目录,FollowSymLinks:并允许软连接目录访问
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
ServerAdmin www0.yunbee.net
DocumentRoot "/software/site2"
ServerName root@yunbee.com
ErrorLog "/var/log/httpd/www0.example.com-error_log"
CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@localhost pub]# cd /software/site2/
[root@localhost site2]# ll
lrwxrwxrwx. 1 root root 12 Sep 15 20:53 ftp -> /var/ftp/pub
-rw-r--r--. 1 root root 32 Sep 15 20:14 index.html
创建一个自签名的证书
Redhat 7
yum install crypto-utils -y
genkey --days 90 FQDN
Redhat 7/8
#生成私钥文件
openssl genrsa 2048 > myserver.key
openssl genrsa 4096 > myserver.key
#生成csr
openssl req -new -key myserver.key -out myserver.csr
#生成自签名证书文件
openssl x509 -req -days 90 -in myserver.csr -signkey myserver.key -out myserver.crt
#查看证书文件
openssl x509 -in myserver.crt -noout -text
#查看csr文件
openssl req -in myserver.csr -noout -text
[root@localhost site2]# yum install mod_ssl -y
[root@webserver software]# vim /etc/httpd/conf.d/httpd-vhosts.conf
[root@webserver software]# egrep -ni "^SSLCerti" /etc/httpd/conf.d/httpd-vhosts.conf
92:SSLCertificateFile /software/server.crt
93:SSLCertificateKeyFile /software/server.key
cat /etc/httpd/conf.d/httpd-vhosts.conf
<Directory "/software">
AllowOverride None
Require all granted
</Directory>
<VirtualHost *:443>
ServerAdmin www1.yunbee.net
DocumentRoot "/software/site3"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /software/server.crt
SSLCertificateKeyFile /software/server.key
</VirtualHost>
[root@localhost site3]# cat /software/site3/index.html
This ssl
https访问测试
<VirtualHost _default_:80>
ServerAdmin www1.yunbee.net
Redirect / https://www1.yunbee.net
</VirtualHost>
<VirtualHost *:443>
ServerAdmin root@yunbee.net
DocumentRoot "/software/site3"
ServerName www1.yunbee.net
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /software/server.crt
SSLCertificateKeyFile /software/server.key
</VirtualHost>
本篇完
点击加载更多