How to use Linux to build a fully automated VM (on)

Source: Internet
Author: User
Article Title: how to use Linux to build a fully automated virtual host (on ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Generally, a university provides virtual hosting services for its departments, departments, teachers, and students. Generally, a second-level domain name can be managed by the user, and supports dynamic web page technologies such as PHP and JSP. In addition, users must be given a space limit, so that they cannot upload a large number of files at will.
  
It is not difficult for system administrators familiar with the Web to implement the above requirements: second-level domain names can be recorded by a CNAME record in the domain name system, in the Apache configuration file, create a name-based virtual host implementation for it. The independent management can be achieved by giving each user an FTP account; PHP and JSP are supported by installing corresponding modules. However, the problem arises. Apache must be restarted after the Apache configuration file is modified each time. After adding a record to the domain name system, ndc reload (mdc reload under Red Hat 9.0) must be performed ); as the number of users increases, the system's httpd. the conf file becomes larger, and there are more users in the/etc/passwd file. Such a large system is disastrous for management and security.
  
How can we manage such a system efficiently, securely, and conveniently? As a network administrator of a university, after careful research and practice, the author successfully realizes automatic management of the system on a Linux server using free software. All work can be done on the Web page by yourself. The system will require authentication. The Administrator will check whether the user information is true on the Web page and activate the service for the user after confirmation. The system is currently running well.
  
Preparations
  
1. Software selection
  
Providing services as needed is the most basic principle. The actual service environment here is a DNS/Web Server (IBM xforward'), requiring a fixed IP address.
  
Select Apache to provide virtual Web services. Apache is a fully functional Web server that is freely available and widely used. Many commercial Web service software use Apache as the front-end service software. Apache has various modules for users to choose from, basically meeting user requirements. Here we use two important non-default modules.
  
Take into account the current common methods and system costs, and use FTP to manage files to achieve user self-management. There are many types of FTP service software. The principle is: you cannot use system accounts, which is highly secure and easy to use. The classic wu-ftpd is the default FTP service software on many Unix platforms, but it uses a system account with poor security. The vsftpd with Red Hat features high security and good stability, however, its usability does not meet the requirements of the system. So finally, select proftpd. Proftpd is a very popular FTP service software. It is easy to configure and has MySQL and Quota modules to choose from, the perfect combination of these features enables non-system account management and user disk restrictions.
  
Select Bind for the User Domain Name Service. You can select Bind when installing the Red Hat system.
  
PHP is indispensable for implementing PHP Dynamic Web Services. JSP uses Resin instead of common Tomcat. It is better to consider the combination of Apache and Resin. Of course, you can also choose other service software.
  
Finally, you must install the MySQL software. You can install MySQL in Red Hat or manually after installing the system. Here, manual compilation and installation are selected. Although RPM package installation is much more convenient, manual compilation is a more convenient choice.
  
In addition to the above software, the system also has Zend Optimizer and mod_security installed. Zend Optimizer not only provides encryption code execution, but also improves PHP code execution efficiency. Mod_security is a module designed to prevent some SQL injection attacks. For more information, see related materials.
  
2. Software Download
  
All software can be downloaded to/root/vhosts.
  
(1) Apache1.3.28
  
# Wget ftp://ftp.linuxaid.com.cn/pub/mirrors/apache/dist/httpd/apache_1.3.28.tar.gz
  
(2) PHP4.3.3
  
# Wget http://php.linuxaid.com.cn/get/php-4.3.3.tar.gz/from/cn.php.net/mirror
  
(3) MySQL4.0.16
  
# Wget http://www.mysql.com/get/Downloads/MySQL-4.0/mysql-4.0.16.tar.gz/from/http://mysql.linuxforum.net/
  
(4) proftpd1.2.8
  
# Wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.8.tar.gz
  
(5) proftpd-mod-quotatab-1.2.7
  
# Wget http://www.castaglia.org/proftpd/modules/proftpd-mod-quotatab-1.2.7.tar.gz
  
(6) Resin2.1
  
# Wget http://www.caucho.com/download/resin-2.1.11.tar.gz
  
(7) Zend Optimizer
  
Http://www.zend.com/store/getfreefile.php? Pid = 13 & zbid = 548
  
Here we need an Accept user authorization protocol before downloading it.
  
(8) mod_security
  
# Wget http://www.modsecurity.org/download/mod_security-1.6.tar.gz
  
System installation and configuration
  
The following describes the implementation steps. Note that you must select the development kit when installing the system, that is, select GCC and associated software packages.
  
1. Install the DNS server
  
When installing Red Hat 9.0, You must select the Server Installation Method and Domain Name Service. Other software may not be installed. Installing the required system is a basic principle of security.
  
2. Domain Name Server Configuration
  
First, give the DNS server the resolution right of the applied domain name. The specific method is to request that the DNS resolution permission be directed to the server, and then the domain can be configured on it.
  
The configuration example of the/etc/named. conf file is as follows:
  
Options {
Directory "/var/named ";
};
Zone "." in {
Type hint;
File "named. root ";
};
Zone "0.0.127.in-addr. arpa" in {
Type master;
File "localhost. rev ";
};
Zone "yourdomain.com" in {
Type master;
File "yourdomain. hosts ";
};
Zone "176.118.202.in-addr. arpa" in {
Type master;
File "176.rev ";
};
  
The yourdomain in the domain name is the key to configuration and will adopt the wildcard domain name form.
  
The/var/named/yourdomain. hosts file contains the following content:
$ TTL 3600
@ INSOAhrbeu.hrbeu.edu.cn. root.mail.hrbeu.edu.cn .(
2003080812; serial
360000; refresh every 100 hours
3600; retry after 1 hour
4 w; expire after 4 weeks
3600; default ttl is 1 hours
); Define the nameservers and mail servers
INNShrbeu.hrbeu.edu.cn.
INNSlion.hrbeu.edu.cn.
INMX10mail.yourdomain.com.
; Define localhost
LocalhostINA127.0.0.1
; Define hosts in this zone
* .Yourdomain.com. in a 218.7.43.21
  
Here, we mainly use this * .yourdomain.com. in a 218.7.43.21. Any domain names like abc.yourdomain.com and hello.yourdomain.com will be resolved to 218.7.43.21. In this way, you do not need to reload the domain name configuration file and make a CNAME record on the domain name system for each VM. Note that * .yourdomain.com. is followed by a ".".
  
3. install and configure MySQL
  
(1) Add mysql users and mysql groups
  
# Cd/root/vhosts/
# Groupadd mysql
# Useradd-g mysql
  
(2) Compile and install
  
# Tar-zxvf mysql-3.23.52.tar.gz
# Cd mysql-3.23.52
#./Configure -- prefix =/usr/loca/mysql
# Make
# Make install
  
(3) initialize the database, modify the directory permissions, and start the database.
  
# Scripts/mysql_install_db
# Chown-R root/usr/local/mysql
# Chown-R mysql/usr/local/mysql/var
# Chgrp-R mysql/usr/local/mysql
# Cp support-files/my-medium.cnf/etc/my. cnf
#/Usr/local/mysql/bin/safe_mysqld -- user = mysql &
  
(4) set MySQL to start automatically
  
# Cp support-files/mysql. server/etc/init. d/
# Ln-s/etc/init. d/mysql. server/etc/rc3.d/S99mysqld
  
Note: Modify mysql. server and S99mysqld to be executable.
  
To facilitate future access to MySQL, it is best to add the MySQL client program path to/etc/profile. Add export PATH =/usr/local/mysql/bin: $ PATH to the end of the file.
  
The installation of MySQL has been completed. You can run the MySQL command to enter. Note that you need to exit and then enter, because the/etc/profile has been modified and re-enter to automatically search for the MySQL path. After entering, please change the MySQL root Password. The command is as follows:
  
# Mysqladmin-u root password newpassword
  
Note: You should also delete your own. bash_history file. Otherwise, password leakage may occur.
  
4. proftpd Installation
  
(1) decompress the proftpd source code package to the directory
  
# Tar-zxvf proftpd-1.2.8.tar.gz
  
Extract mod_quotatab-1.2.7:
  
# Tar-zxvf proftpd-mod-quotatab-1.2.7.tar.gz
  
Go to the mod_quotatab directory and copy the files in mod_quotatab to the modules directory of proftpd:
  
# Cd mod_quotatab
# Cp-Rpf * ../proftpd-1.2.8/modules
  
(2) modify the mod_ SQL _mysql.c file before running configure.
  
# Cd ../proftpd-1.2.8/contrib
# Vi mod_ SQL _mysql.c
  
Change # include to the actual path. For example, if MySQL is installed under/usr/local/mysql, change it:
  
# Include
  
(3) Configure proftpd
  
# Cd ..
#./Configure -- prefix = DIR
-- With-modules = mod_ SQL: mod_ SQL _mysql: mod_quotatab: mod_quotatab_ SQL
-- With-regiondes = DIR
-- With-libraries = DIR
  
The three items to be modified are:
  
◆ -- Prefix = DIR, DIR is to be installed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.