Day 9 Linux Samba & Ngnix

(excerpt) Samba services

I. Introduction of SAMBA
Samba is a free software that implements the SMB protocol on Linux and UNIX systems, consisting of servers and client programs. SMB (Server Messages block, information service blocks) is a kind of communication protocol for sharing files and printers on LAN, which provides shared services of files and printers among different computers in LAN. The SMB protocol is a client/server protocol that allows clients to access shared file systems, printers, and other resources on the server. By setting up "NetBIOS over TCP/IP", Samba will not only share resources with local network hosts, but also share resources with computers around the world.
The biggest feature of Samba is that it can be used for file sharing and print sharing directly with Linux and Windows systems, and samba can be used for file sharing between Windows and Linux, and for resource sharing between Linux and Linux.
Second, turn off SELinux and firewalls
A, temporary shutdown (do not restart the machine):
# Setenforce 0 # #设置SELinux become permissive mode (off SELinux)
# setenforce 1 # #设置SELinux become enforcing mode (SELinux)

b, modify the configuration file to restart the machine:
# Vi/etc/selinux/config
Change selinux=enforcing to selinux=disabled (restart machine required)

C, can do their own policy open the corresponding port, here I directly close:
# systemctl Status Firewalld.service # #查看防火墙状态
# systemctl Stop Firewalld.service # #关闭防火墙
Iii. Installation of Samba services
① Direct Yum Installation
# Yum Install Samba samba-client

② Start and view Samba
# Systemctl start SMB NMB # #注: NMB provides NetBIOS services to clients
# SYSTEMCTL Status SMB NMB

Iv. Configuring Samba Services
① Configuration (vi/etc/samba/smb.conf)

# vi/etc/samba/smb.conf=================== Global settings[options] ==============================[Global#workgroup = Workgroup# #设定Samba server to join workgroup or domain server string = Samba Server Version%v# #设定注释, the macro%v indicates that the version number of samba is displayed NetBIOS name = Ziji# #设置Samba The NetBIOS name of the server map to Guest = Bad user# #开启匿名访问#-----------------Logging options [log options]-----------------------------log file =/Var/log/samba/log.%m# #设置日志文件存储位置及名称, Macro%m (hostname), which indicates that a log file is logged separately for each machine that accesses Samba server max log size =50# #设置Samba The maximum capacity of the server log file, kb,0 represents no Limit#----------------Standalone Server options[standalone run process]---------------------security = Share# #共享级别: Shared directory can only be accessed by authorized users passdb backend = Tdbsam# #建立安全账户管理数据库#-----------------Printing options[printing options]-----------------------------# Load Printers = yes # #设置是否在启动Samba时共享打印机# Cups options = raw # #通用unix打印选项#================== Share definitions[shared parameters] ==============================[homes]# #设置用户宿主目录 comment = Home directories# #描述该共享: Home Directory browseable =No# #指定该共享是否可以浏览 writable =yes # #指定该共享路径是否可写 [printers] ## Set printer Host Directory comment = all Printers # #描述: All Printers path =/var/spool/ Samba browseable = no guest OK = no # #指定该共享是否允许guest账户访问 writable = no printable = yes # #指定是否可打印 [public] comment = public Stuff # #定义说明信息 path =/home/samba # #共享目录路径 public = yes ## Specifies whether the share allows the Guest account access writable = yes printable = no Write list = + Staff # #允许写入该共享的用户          

Comment = ... Set up shared annotation

Path = Set the physical path of the shared directory
Valid users = @ Group name, user name setting allows which legitimate groups or users to access
Public = Yes|no Set whether the shared resource can be accessed by the visitor account
browseable = Yes|no Set the share as a hidden share
writable = Yes|no Set whether the client is allowed to write data
Hosts allow = sets a legitimate segment or IP that allows access to the share
There are two types of samba security certifications: Share (anonymous access) User: username password
Add SMB User and Setup password: Smbpasswd–a user
Useradd u

Note:
+ ===== "Only in the local password file group to find
& ===== only found in NIS services
@ ===== First lookup via NIS server, NIS not found and then to native lookup
② test Syntax (testparm)

③ Creating a shared directory
# Mkdir/home/samba
# cd/home/samba/
# Touch Samba.txt
V. Testing
① Enter \192.168.10.128 access under Windows
② input smbclient//192.168.10.128/public access under Linux
③ configuration allows only individual users to access
A, configure smb.conf, add the following
[Public1]
Comment = ashes of time
Path =/public_1
Valid users = Zhi
Write list = Zhi
printable = no
Create mask = 0755
Directory mask = 0755
B. Create a shared directory, add the appropriate users and groups
# mkdir-p/public_1
# Groupadd Admin
# Useradd Ziji-s/sbin/nologin
# CD Public_1
# echo "12345" > Abc.txt
# pdbedit-a-u Ziji # #新建Samba用户, set password

# pdbedit-l # #查看Samba用户列表
# systemctl Restart SMB NMB # #重启Samba
Note: You can use the command Smbpasswd-a + username to add a samba password to the user, but the user must be a system user.
C, Verification
Windows Client Authentication:
In "This computer" right, "Map Network Drive"

Prompt for user name password
The network folder is displayed on this computer after you enter it.

If an error occurs: Enter the user name, password, and then pop up the following:
"The specified network folder is currently mapped with a different user name and password. To connect with a different user name and password, first disconnect any existing mappings that are connected to the network share. ”
FIX: Using command net use to view
You can then connect by using command net USE */delete to end all connections.

Linux Client Authentication:
$ smbclient-l 192.168.10.128-u Ziji
$ smbclient//192.168.10.128/time-u Ziji
Problem: Can download cannot upload
Solve:
# setfacl-m u:zhi:rwx/share/time/# #赋予用户写权限
Linux for mounting
$ sudo apt-get install cifs-utils # #网络文件共享系统套件
$ sudo mkdir/mnt/samba
$ sudo mount-t cifs//192.168.10.128/time/mnt/samba-o Username=zhi
Linux Implementation Auto Mount
$ sudo vi/etc/fstab # #添加如下
192.168.10.128/time/mnt/samba CIFS credentials=/etc/samba/zhi.passwd 0 0
$ sudo vi/etc/samba/zhi.passwd # #防止密码泄露, so build another file
Username=ziji
Password=abcdef
$ sudo chmod og=-/etc/samba/zhi.passwd # #设置该密码文件权限
$ sudo umount/mnt/samba # #卸载
$ sudo mount-a # #挂载fstab下的所有选项
$ ls/mnt/samba/
Attached: Ubuntu under Install configuration Samba wiki:
Http://wiki.ubuntu.org.cn/Samba

Nginx Service

　 Nginx Introduction
Nginx is Lgor Sysoev for the Russian traffic second rambler.ru site design and development. Released since 2004, with the power of open source, has been close to maturity and perfection.
Nginx features rich, can be used as an HTTP server, but also as a reverse proxy server, mail server. Support FastCGI, SSL, Virtual Host, URL Rewrite, Gzip and other functions. and supports many third-party module extensions.
Nginx's stability, feature set, sample profile, and consumption of low-system resources have made him behind the list, with a 12.18% usage rate on a globally active website, about 22.2 million sites.
　 Nginx Common Functions
1, HTTP proxy, reverse proxy: As one of the most common functions of Web server, especially the reverse proxy.
Nginx provides stable performance when acting as a reverse proxy, and provides the ability to configure the forwarding function flexibly. Nginx can be based on different regular matching, take a different forwarding strategy, than the end of the file file server, dynamic page to go to the Web server, as long as you are writing no problem, and the corresponding server solution, you can play as you like. and Nginx to return the results of error page jump, abnormal judgment and so on. If the server being distributed has an exception, he can retransmit the request to another server and then automatically remove the exception server.
2. Load Balancing
Nginx provides 2 load balancing strategies: built-in policies and scaling strategies. Built-in strategy for polling, weighted polling, Ip hash. Expand the strategy, the imagination, only you can not think of what he can't do, you could refer to all the load balancing algorithm, give him one by one to find to do the next implementation.
3. Web Caching
Nginx can do different cache processing for different files, flexible configuration, and support Fastcgi_cache, mainly used to cache fastcgi dynamic program. With the third party's ngx_cache_purge, the development of the URL cache content can be managed and deleted.
4, Nginx related address
Source: Https://trac.nginx.org/nginx/browser
Official website: http://www.nginx.org/
　 nginx File Structure

...              #全局块events {         #events块   ...}http      #http块{ ... #http全局块 server #server块 { ... #server全局块 location [PATTERN] #location块 { ... } location [PATTERN] { ... } } server { ... } ... #http全局块}

1. Global BLOCK: Configure the command that affects Nginx Global. There are usually user groups running Nginx server, nginx process PID storage path, log storage path, configuration file introduction, allow to generate worker process number, etc.
2. Events BLOCK: The configuration affects the Nginx server or the network connection with the user. There are the maximum number of connections per process, which event-driven model is selected to handle connection requests, whether to allow multiple network connections to be accepted at the same time, and to turn on serialization of multiple networks.
3, HTTP BLOCK: can be nested multiple servers, configure proxy, cache, log definition and other most functions and the configuration of third-party modules. such as file introduction, Mime-type definition, log customization, whether to use Sendfile transfer file, connection timeout, number of single connection requests, etc.
4, server block: Configure the parameters of the virtual host, an HTTP can have more than one server.
5, location block: Configure the routing of the request, and the processing of various pages.
　Example
　

########### Each instruction must have a semicolon end. ##################user Administrator administrators; #配置用户或者组, the default is nobody nobody.#worker_processes 2; #允许生成的进程数, default is 1#pid/nginx/pid/nginx.pid; #指定nginx进程运行文件存放地址Error_log Log/error.logDebug#制定日志路径, level. This setting can be put into a global block, an HTTP block, a server block, and a level with this: Debug|info|notice|warn|error|crit|alert|emergEvents {Accept_mutexOn#设置网路连接序列化 to prevent the occurrence of a surprise group, the default is onMulti_acceptOn#设置一个进程是否同时接受多个网络连接, the default is off#use Epoll; #事件驱动模型, Select|poll|kqueue|epoll|resig|/dev/poll|eventportWorker_connections1024;#最大连接数, default is 512}HTTP {Include Mime.types;#文件扩展名与文件类型映射表Default_type Application/octet-stream;#默认文件类型, the default is Text/plain#access_log off; #取消服务日志Log_format MyFormat‘$remote _addr–$remote _user [$time _local]$request$status$body _bytes_sent$http _referer$http _user_agent$http _x_forwarded_for ';#自定义格式Access_log Log/access.log MyFormat;#combined为日志格式的默认值SendfileOn#允许sendfile方式传输文件, the default is off, which can be in HTTP blocks, server blocks, and location blocks.Sendfile_max_chunk100k;#每个进程每次调用传输数量不能大于设定的值, the default is 0, that is, there is no upper limit.Keepalive_timeout65;#连接超时时间, the default is 75s, which can be http,server,location blocks.Upstream Mysvr {Server127.0.0.1:7878;Server192.168.10.121:3333 backup;#热备}Error_page404https://www.baidu.com;#错误页server {keepalive_requests 120;  #单连接请求上限次数. listen 4545;  #监听端口 server_name 127.0.0.1;  #监听地址 location ~*^.+$ { #请求的url过滤, regular match, ~ For case sensitivity, ~* is case insensitive.  #root path; #根目录  #index vv.txt; #设置默认页 proxy_pass HTTP://MYSVR;  #请求转向mysvr defined server list deny 127.0.0.1;  #拒绝的ip allow 172.18.5.54;  #允许的ip}}            

Above is the basic configuration of Nginx, the following points need to be noted:
1, 1.$remote_addr and $http_x_forwarded_for to record the client's IP address, 2.$remote_user: Used to record the client user name;
3.$time_local: Used to record access time and time zone;
4.$request: The URL used to record the request and the HTTP protocol;
5.$status: Used to record request status; Success is 200.
6.$body_bytes_s ent: Record sent to client file main content size;
7.$http_referer: Used to record a link from that page to access it;
8.$http_user_agent: Log information about the client browser;
2, surprise group phenomenon: A network connection arrives, a number of sleep processes are woken up by colleagues, but only one process can get links, which will affect system performance.
3, each instruction must have a semicolon end.

Source code installation:  
Yum install gcc-* glibc-* OpenSSL openssl-devel pcre pcre-devel zlib zlib-devel-y& nbsp　　
ls 
Tar xvf nginx-1.10.3.tar.gz 
CD nginx-1.10.3 
ls 
./configure 
./configure–without-http_rewrite_moudle 
(./configure–sbin-path=/usr/local/nginx/nginx–conf-path=/usr/ Local/nginx/nginx.conf–pid-path=/usr/local/nginx/nginx.pid–with-http_ssl_module)  
make 
Make install 
Description:  
Pcre: The function used for address rewriting.  
Zlib:nginx's gzip module, which transmits data packaging, saves traffic (but consumes resources).  
OpenSSL: Provides an SSL encryption protocol.  
Installation: http://www.cnblogs.com/crazyacking/p/5138146.html 
Related parameters: http://blog.csdn.net/xifeijian/ article/details/20956605 
location:http://www.tuicool.com/articles/jr63qy 
forward proxy, reverse proxy, transparent proxy:  
http://blog.csdn.net/u012572955/article/details/49357219 
lb:http://nginx.org/en/docs/http/ load_balancing.html

Day 9 Linux Samba & Ngnix