* Web Server
Main tasks:
Set up a large Web server based on development and design requirements
Main software:
The following are the referenced contents:
Apache+jboss+oracle
Abbreviation: Lajo
Apache+php+mysql
Short name: LAMP
Proftpd+mysql
Abbreviation: LPM
Ssh+expect
Iptables
Bind
Mail |
Specific requirements:
Massive user access
Mass User Storage
(Interworking at home and abroad)
North-South Interoperability
Requirements Analysis:
1, to ensure high quality high-performance, the need to select the *nix operating platform (here Select as4.3);
2, to ensure high access to high data processing, the need to select a number of business databases (here choose oracle9.2.0.4);
3, to solve the north-South interoperability (including domestic and foreign exchanges), the need to set up a smart DNS server based on Bind-view function;
4, the use of popular B/S,C/S program architecture, the need to select the JBoss server;
5, to better handle the static page effect, you need to select the Apache server;
6, according to the program registered users and upload requirements, the need to set up an FTP server;
7, always automatic system monitoring, need to set up LAPM server. (software cacti is used here);
8, the company communicates with the customer, needs to set up the mail server. (use postfix+extmail here);
9, automatic file data processing and security settings, need expect+ssh+iptables combined with shell script;
10, Mass, the need for cluster load balancing and equipped with storage equipment;
Specific process:
1, hardware procurement.
2. Operating system Installation
Install Redhat as 4.3
System Space Partition (abbreviated)
Install the development environment and dns,lamp the required software packages for the environment.
and confirm that the following packages are installed:
The following are the referenced contents:
Compat-db
compat-gcc
Compat-gcc-32
Compat-oracle-rhel4
Compat-libcwait
compat-libgcc
compat-libstdc++-296
Compat-libstdc++-33
Gcc
Gcc-c++
Gnome-libs
Gnome-libs-devel
Libaio-devel
Libaio
Make
Openmotif21
Xorg-x11-deprecated-libs-devel
Xorg-x11-deprecated-libs
Sysstat DISK4
OPENMOTIF21 DISK3
Libaio DISK3
Libaio-devel DISK3
Freetype-devel DISK3
Fontconfig-devel DISK3
Xorg-x11-devel-disk3
Xorg-x11-deprecated-libs-devel-disk3
Glib-devel DISK4
Orbit-devel DISK4
Gtk+-devel DISK4
Alsa-lib-devel DISK3
Audiofile-devel DISK3
Esound-devel-disk3
Libjpeg-devel-disk3
Libtiff-devel-disk3
Libungif-devel-disk3
Imlib-devel DISK4
Gnome-libs-devel DISK4
Expect DISK4 |
Note: One of the problems I encountered: The new Dell Server 1.5T,RAID5, no system installed, no partitions on the hard drive, and as4.3 installation disk installation prompts: Memory error, blue screen, and installation failed. This is true of several Linux system disks (including Windows Setup disks), with no hard disk format partitioning tool in hand, and no test to see if the hard disk partitions are available. The official release said it does not support more than 2G of memory, so install the system first remove 2G memory, installed after the request to support more than 2G memory kernel installed can support 4G memory, if later installation system will not use the HUGEMEM and use the default SMP kernel can also recognize 4G memory, There will be no blue screen problems. There has not been a careful study of the mysteries.
#rpm –IVH kernel-elhugemem....rpm
Modify the boot file grub.conf ensure that the newly installed kernel is started first.
The following are the referenced contents:
#cat/etc/grub.conf
////////////////////////////////////////////////////////////////////
# grub.conf generated by Anaconda
#
# so you don't have to rerun grub after making changes to this file
# notice:you have a/boot partition. This is means that
# all kernel and INITRD paths are relative to/boot/, eg.
# root (hd0,1)
# kernel/vmlinuz-version RO root=/dev/sda8
# initrd/initrd-version.img
#boot =/DEV/SDA
Default=0
Timeout=5
Splashimage= (hd0,1)/grub/splash.xpm.gz
Hiddenmenu
Title Red Hat Enterprise Linux as (2.6.9-22.ELHUGEMEM)
Root (hd0,1)
Kernel/vmlinuz-2.6.9-22.elhugemem ro root=label=/rhgb quiet
Initrd/initrd-2.6.9-22.elhugemem.img
Title Red Hat Enterprise Linux as (2.6.9-22.ELSMP)
Root (hd0,1)
KERNEL/VMLINUZ-2.6.9-22.ELSMP ro root=label=/rhgb quiet
Initrd/initrd-2.6.9-22.elsmp.img
Title Red Hat Enterprise Linux as-up (2.6.9-22.el)
Root (hd0,1)
Kernel/vmlinuz-2.6.9-22.el ro root=label=/rhgb quiet
Initrd/initrd-2.6.9-22.el.img
//////////////////////////////////////////////////////////////////////////////////////////////// |
If Hiddenmenu
The following sequence of contents is not correct, please modify default=x (x corresponds to ELHUGEMEM item)
Reboot and load another 2G of memory.
This allows the system to support the normal operation of 4G of memory.
2 system installation, please make the connection: #ln –s/tmp/temp
3. Configure DNS
Due to north-South interoperability, open source only use view ACL access control list file to achieve multiple lines of automatic guidance.
(Of course there are other business solutions, such as intelligent Routing and switch settings to implement, we use open source and easy to implement and adjust the solution software bind)
There are many ways to access ACLs on view, which are not discussed here.
The concrete erection reference is as follows
The default installed BIND is the 9 Series, which already supports view, and the configuration is divided into three steps as shown below.
(1) Modify named.conf
(2) Create and configure hosts
(3) Domain name resolution
The following are the referenced contents:
#vi/etc/named.conf
The contents of the file begin///////////////////
//
named.conf for Red Hat caching-nameserver
// Options {
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
/*
* If There is a firewall between for you and nameservers for you want
* To talk to, your might need to uncomment the Query-source
* directive below. Previous versions of BIND always asked
* Questions using port, but BIND 8.1 uses an unprivileged
* Port by default.
*/
Query-source address * port 53;
}; //
A caching only nameserver config
//
Controls {
inet 127.0.0.1 allow {localhost;} keys {rndckey;};
}; Include "/etc/rndc.key"; Modify by Mingfu 060404
ACL "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.21.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.56.0.0/14;
218.60.0.0/15;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
}; View "VIEW_CNC" {
match-clients {CNC;};
Zone "." {
Type hint;
File "named.ca";
}; Zone "0.0.127.in-addr. ARPA "{
Type master;
File "Localhost.rev";
}; Include "Master/cnc.def";
}; View "View_any" {
match-clients {any;};
Zone "." {
Type hint;
File "named.ca";
}; Zone "0.0.127.in-addr. ARPA "{
Type master;
File "Localhost.rev";
}; Include "Master/telecom.def";
};
File content End/////////////////// #mkdir/var/named/master
#mkdir/VAR/NAMED/MASTER/CNC
#mkdir/var/named/master/telecom
#touch/var/named/master/cnc.def
#touch/var/named/master/telecom.def |
Description: about how to do domain name resolution configuration:
@Zone Area file configuration:
The following are the referenced contents:
Master/cnc.def Netcom
Master/telecom.def Telecom
The *.def file contains the zone Configuration area Settings section for resolving domain names. @Hosts Area file Configuration
MASTER/CNC Netcom
Master/telecom Telecom
The following is an example of analytic www.xxxx.com #vi/var/named/master/cnc.def
The contents of the file begin///////////////////
Zone "Xxxx.com" {
Type master;
File "master/cnc/xxxx.com";
};
File content End/////////////////// #vi/var/named/master/telecom.def
The contents of the file begin///////////////////
Zone "Xxxx.com" {
Type master;
File "master/telecom/xxxx.com";
};
File content End/////////////////// #vi/var/named/master/cnc/xxxx.com
The contents of the file begin///////////////////
$TTL 3600
$ORIGIN xxxx.com.
@ in SOA ns.xxxx.com. Root.ns.xxxx.com. (
2005121013; Serial
3600; Refresh (seconds)
900; Retry (seconds)
68400; Expire (seconds)
15); Minimum TTL for Zone (seconds)
;
@ in NS ns.xxxx.com.
@ in MX xxxx.com.
;; IP for CNC
@ in A x.x.x.x (netcom IP)
www in A x.x.x.x (netcom IP)
File content End/////////////////// #vi/var/named/master/telecom/xxxx.com
The contents of the file begin///////////////////
$TTL 3600
$ORIGIN xxxx.com.
@ in SOA ns.xxxx.com. Root.ns.xxxx.com. (
2005121013; Serial
3600; Refresh (seconds)
900; Retry (seconds)
68400; Expire (seconds)
15); Minimum TTL for Zone (seconds)
;
@ in NS ns.xxxx.com.
@ in MX xxxx.com.
;; IP for Telecom
@ in A x.x.x.x (telecom IP)
www in A x.x.x.x (telecom IP) File content End/////////////////// |
Customer Service side test:
Nslookup--type=a xxxx.com x.x.x.x (netcom any DNS server IP)
Nslookup--type=a xxxx.com x.x.x.x (telecommunications any DNS server IP)
See the corresponding IP in the configuration file, the resolution configuration is normal.
Attention:
The above xxxxx.com need to modify the DNS resolution server to
Ns.xxxxx.com
Corresponding IP: Netcom IP.
Note:
1, here do netcom and non-netcom access control, for the realization of North-South interoperability, such as domestic and foreign interoperability, need to list a corresponding access control list ACL can be achieved.
2), about using the tar package to compile.
