首页 > 代码库 > Linux课程第二十二天学习笔记

Linux课程第二十二天学习笔记

####################空壳邮件####################
[root@maillinux ~]# vim /etc/named.rfc1912.zones
-----------------------------------------------
 37 zone "westos.org" IN {
 38         type master;
 39         file "westos.org.zone";
 40         allow-update { none; };
 41 };
 42
:wq
-----------------------------------------------
[root@maillinux ~]# cd /var/named
[root@maillinux named]# cp -p westos.com.zone westos.org.zone
##一定要加"-p"参数
[root@maillinux named]# vim westos.org.zone
-----------------------------------------------
  1 $TTL 1D
  2 @       IN SOA  dns.westos.org. root.westos.org. (
  3                                         0       ; serial
  4                                         1D      ; refresh
  5                                         1H      ; retry
  6                                         1W      ; expire
  7                                         3H )    ; minimum
  8                 NS      dns.westos.org.
  9 dns             A       172.25.50.100
 10 westos.org.     MX 1    172.25.50.100.
:wq
-----------------------------------------------
[root@maillinux named]# dig -t mx westos.org |grep MX
;westos.org.            IN    MX
westos.org.        86400    IN    MX    1 172.25.50.100.
[root@maillinux named]# rm -fr /etc/postfix/main.cf
[root@maillinux named]# yum reinstall postfix -y
......
[root@maillinux named]# systemctl restart postfix.service
[root@maillinux named]# vim /etc/postfix/main.cf
-----------------------------------------------
 75 myhostname = maillinux.linux.com

 83 mydomain = linux.com

 98 myorigin = westos.org

113 inet_interfaces = all

116 #inet_interfaces = localhost

140 local_transport = error:local delivery disabled    ##不允许本地投递

164 mydestination =                    ##不接收任何邮件

313 relayhost = 172.25.50.200                ##指定真实的邮件服务器IP地址
:wq
-----------------------------------------------
[root@maillinux named]# systemctl restart postfix.service

[root@mailwestos ~]# vim /etc/postfix/main.cf
-----------------------------------------------
264 mynetworks = 172.25.50.0/24
:wq
-----------------------------------------------
[root@mailwestos ~]# systemctl restart postfix.service
[root@mailwestos ~]# cd /home/vmail/
[root@mailwestos vmail]# ls
mail  westos.org
[root@mailwestos vmail]# rm -fr *
[root@mailwestos vmail]# ls

[root@maillinux named]# mail admin@westos.org
Subject: test
test
test
.
EOT
[root@maillinux named]# mailq
Mail queue is empty

[root@mailwestos vmail]# ls
westos.org
[root@mailwestos vmail]# cd westos.org/
[root@mailwestos westos.org]# ls
admin
[root@mailwestos westos.org]# cd admin/
[root@mailwestos admin]# ls
cur  new  tmp


#####################
#####  Apache    #####
#####################
Apche提供httpd协议

--网站主流架构--
lamp=linux apache mysql php
lnmp=linux nginx mysql php
以上都是开源软件,所以成为主流

--网站开发语言--
静态:html
动态:php cgi jsp asp

--中间件(翻译语言)--
tomcat jboss 等等

squid代理软件
反向代理,也就是通常所说的Web服务器加速
通过在Internet上增加一个高速的Web缓冲服务器(即:Web反向代理服务器),来降低实际的Web服务器的负载。

go语言

nmap著名的黑客软件

index.html里写的是html语句


[root@localhost ~]# hostnamectl set-hostname web1.westos.com
[root@localhost ~]# reboot
等待重启
[root@web1 ~]# yum install httpd -y
......
[root@web1 ~]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# vim index.html
测试http://172.25.254.115
[root@web1 html]# echo hello world >file
测试http://172.25.254.115/file

[root@web1 html]# netstat -antlpe |grep httpd
tcp6       0      0 :::80                   :::*                    LISTEN      0          78225      4642/httpd         
[root@web1 html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd

==index优先级==
[root@web1 html]# vim /etc/httpd/conf/httpd.conf
164     DirectoryIndex file index.html
[root@web1 html]# systemctl reload httpd
测试http://172.25.254.115
hello world
[root@web1 html]# rm -fr file
测试http://172.25.254.115
web1.westos.com 123
[root@web1 html]# rm -fr index.html
测试http://172.25.254.115
apache测试页
##有问题,发现还是web1.westos.com 123,不知怎么又好了,可能是缓存

==http手册==
[root@web1 html]# yum install httpd-manual -y
......
[root@web1 html]# systemctl restart httpd
测试http://172.25.254.115/manual

==更改访问目录==
[root@web1 html]# getenforce
Enforcing
[root@web1 html]# ls -Zd
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
[root@web1 html]# mkdir -p /www/westos
[root@web1 html]# semanage fcontext -a -t httpd_sys_content_t ‘/www/westos(/.*)?‘
[root@web1 html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0

[root@web1 html]# cd /www/westos/
[root@web1 westos]# ls
[root@web1 westos]# vim index.html
  1 /www/westos’s page
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122     Require all granted
123 </Directory>
[root@web1 westos]# systemctl reload httpd
[root@web1 westos]# vim index.html
/www/westos’s page
测试http://172.25.254.115

==更改端口号==
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
 42 Listen 8080
[root@web1 westos]# systemctl reload httpd
测试http://172.25.254.115:8080            ##8080默认是tomcat的端口
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
 42 Listen 80
[root@web1 westos]# systemctl reload httpd    ##重新加载速度更快
测试http://172.25.254.115

==访问ip限制==
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122     Require all granted
123     Order Allow,Deny
124     Allow from all
125     Deny from 172.25.254.115
126 </Directory>
[root@web1 westos]# systemctl reload httpd
测试:
115:http://172.25.254.115不能访问
15:http://172.25.254.115可以访问

[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122     Require all granted
123     Order Deny,Allow
124     Allow from 172.25.254.115
125     Deny from all
126 </Directory>
[root@web1 westos]# systemctl reload httpd
测试:
115:http://172.25.254.115可以访问
15:http://172.25.254.115不能访问

[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122     Require all granted
123     Order Deny,Allow
124     Allow from 172.25.254.0/24
125     Deny from all
126 </Directory>
[root@web1 westos]# systemctl reload httpd
测试:
只允许172.25.254.0/24这个网段访问

==用户名,密码访问==
[root@web1 westos]# cd /etc/httpd/
[root@web1 httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[root@web1 httpd]# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
[root@web1 httpd]# htpasswd -m htpasswdfile westos
New password:
Re-type new password:
Adding password for user westos
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
westos:$apr1$cgzYLUVZ$zSkX6bfpFZkDQxrONSofc/

[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122         #Require all granted
123         Authuserfile /etc/httpd/htpasswdfile
124         Authname "Please input username and password"
125         Authtype basic
126         Require user admin
127 </Directory>
[root@web1 httpd]# systemctl reload httpd
测试http://172.25.254.115
admin验证成功
westos验证不成功

ctrl+shift+delete点击清空缓存
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122         #Require all granted
123         Authuserfile /etc/httpd/htpasswdfile
124         Authname "Please input username and password"
125         Authtype basic
126         Require valid-user
127 </Directory>
[root@web1 httpd]# systemctl reload httpd
测试http://172.25.254.115
admin验证成功
westos验证成功

==music.westos.com; news.westos.com==
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/westos"
[root@web1 httpd]# systemctl reload httpd

[root@web1 httpd]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# vim index.html
  1 www.westos.com
测试http://172.25.254.115正常

[root@web1 html]# vim /etc/hosts
  6 172.25.254.115 www.westos.com westos.com music.westos.com news.westos.com

[root@web1 html]# mkdir /var/www/virtual/music.westos.com/html -p
[root@web1 html]# mkdir /var/www/virtual/news.westos.com/html -p
[root@web1 ~]# cd /var/www/virtual/music.westos.com/html
[root@web1 html]# vim index.html
  1 music.westos.com
[root@web1 html]# cd /var/www/virtual/news.westos.com/html
[root@web1 html]# vim index.html
  1 news.westos.com
[root@web1 html]# cd /etc/httpd/conf.d/
[root@web1 conf.d]# ls
autoindex.conf  manual.conf  README  userdir.conf  welcome.conf
[root@web1 conf.d]# vim default.conf
  1 <Virtualhost _default_:80>
  2         Documentroot /var/www/html
  3         Customlog "logs/default.log" combined    ##combined表示日志级别是全部
  4 </Virtualhost>
  5 <Directory "/var/www/html">
  6         Require all granted
  7 </Directory>
[root@web1 conf.d]# cp default.conf music.conf
[root@web1 conf.d]# vim music.conf
  1 <Virtualhost *:80>
  2         Servername music.westos.com
  3         Documentroot /var/www/virtual/music.westos.com/html
  4         Customlog "logs/music.log" combined
  5 </Virtualhost>
  6 <Directory "/var/www/virtual/music.westos.com/html">
  7         Require all granted
  8 </Directory>
[root@web1 conf.d]# cp music.conf news.conf
[root@web1 conf.d]# vim news.conf
  1 <Virtualhost *:80>
  2         Servername news.westos.com
  3         Documentroot /var/www/virtual/news.westos.com/html
  4         Customlog "logs/news.log" combined
  5 </Virtualhost>
  6 <Directory "/var/www/virtual/news.westos.com/html">
  7         Require all granted
  8 </Directory>
[root@web1 conf.d]# systemctl reload httpd
[root@web1 conf.d]# firefox &
测试:
www.westos.com
news.westos.com
music.westos.com
测试成功




客户端加密,服务端解密
客户拿到证书加密,服务器拿key解密

install上面装好就有证书,下面生成证书

[root@web1 conf.d]# yum install mod_ssl -y
......
[root@foundation15 conf.d]# yum install crypto-utils -y
......


  │ The key will be stored in                                              │
  │     /etc/pki/tls/private/www.westos.com.key                            │
  │ The certificate stored in                                              │
  │     /etc/pki/tls/certs/www.westos.com.crt    

[root@web1 conf.d]# genkey www.westos.com
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.8103 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert

cmd_CreateNewCert
command:  makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.8103
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key


Generating key. This may take a few moments...

Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@web1 ~]# ls /etc/pki/tls/certs
ca-bundle.crt        localhost.crt    Makefile          www.westos.com.crt
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[root@web1 conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
测试:真机打开firefox,输入https://172.25.254.115/

本文出自 “施超Linux学习笔记” 博客,谢绝转载!

Linux课程第二十二天学习笔记