Linux Course 22nd Day Study notes

################### #空壳邮件 ####################
[Email protected] ~]# Vim/etc/named.rfc1912.zones
-----------------------------------------------
PNS zone "westos.org" in {
Type master;
"Westos.org.zone";
allow-update {none;};
41};
42
: Wq
-----------------------------------------------
[Email protected] ~]# cd/var/named
[Email protected] named]# cp-p westos.com.zone westos.org.zone
# #一定要加 "-P" parameter
[Email protected] named]# vim Westos.org.zone
-----------------------------------------------
1 $TTL 1D
2 @ in SOA dns.westos.org. Root.westos.org. (
3 0; Serial
4 1D; Refresh
5 1H; Retry
6 1W; Expire
7 3H); Minimum
8 NS dns.westos.org.
9 DNS A 172.25.50.100
Ten westos.org. MX 1 172.25.50.100.
: Wq
-----------------------------------------------
[[email protected] named]# dig-t mx westos.org |grep mx
; westos.org. In MX
westos.org. 86400 in MX 1 172.25.50.100.
[Email protected] named]# RM-FR/ETC/POSTFIX/MAIN.CF
[email protected] named]# Yum Reinstall postfix-y
......
[Email protected] named]# systemctl restart Postfix.service
[Email protected] named]# VIM/ETC/POSTFIX/MAIN.CF
-----------------------------------------------
Myhostname = maillinux.linux.com

MyDomain = linux.com

98 Myorigin = westos.org

113 Inet_interfaces = All

#inet_interfaces = localhost

Local_transport = error:local delivery Disabled # #不允许本地投递

164 Mydestination = # #不接收任何邮件

313 relayhost = 172.25.50.200 # #指定真实的邮件服务器IP地址
: Wq
-----------------------------------------------
[Email protected] named]# systemctl restart Postfix.service

[Email protected] ~]# VIM/ETC/POSTFIX/MAIN.CF
-----------------------------------------------
Mynetworks = 172.25.50.0/24
: Wq
-----------------------------------------------
[Email protected] ~]# systemctl restart Postfix.service
[Email protected] ~]# cd/home/vmail/
[[email protected] vmail]# ls
Mail westos.org
[Email protected] vmail]# RM-FR *
[[email protected] vmail]# ls

[Email protected] named]# mail [email protected]
Subject:test
Test
Test
.
EOT
[Email protected] named]# MAILQ
Mail queue is empty

[[email protected] vmail]# ls
westos.org
[Email protected] vmail]# CD westos.org/
[[email protected] westos.org]# ls
Admin
[Email protected] westos.org]# CD admin/
[[email protected] admin]# ls
CUR new tmp


#####################
##### Apache #####
#####################
Apche provides HTTPD protocol

--The main structure of the website--
Lamp=linux Apache MySQL PHP
Lnmp=linux nginx MySQL PHP
These are open source software, so become the mainstream

--Website development language--
Static: HTML
Dynamic: PHP CGI jsp ASP

--Middleware (translation language)--
Tomcat JBoss et cetera

Squid Agent Software
The reverse proxy, which is usually called the Web server acceleration
Reduce the load on the actual Web server by adding a high-speed Web caching server (ie: Web reverse proxy server) to the Internet.

Go language

Nmap's famous hacker software

The index.html is written in HTML statements.


[Email protected] ~]# Hostnamectl set-hostname web1.westos.com
[email protected] ~]# reboot
Wait for restart
[email protected] ~]# Yum install httpd-y
......
[Email protected] ~]# cd/var/www/html/
[[email protected] html]# ls
[Email protected] html]# vim index.html
Test http://172.25.254.115
[Email protected] html]# echo Hello World >file
Test Http://172.25.254.115/file

[Email protected] html]# Netstat-antlpe |grep httpd
TCP6 0 0::: +:::* LISTEN 0 78225 4642/httpd
[Email protected] html]# RPM-QC httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd

==index-Priority = =
[Email protected] html]# vim/etc/httpd/conf/httpd.conf
164 DirectoryIndex File index.html
[Email protected] html]# Systemctl Reload httpd
Test http://172.25.254.115
Hello World
[[email protected] html]# rm-fr file
Test http://172.25.254.115
Web1.westos.com 123
[Email protected] html]# rm-fr index.html
Test http://172.25.254.115
Apache test Page
# #有问题, found or web1.westos.com 123, somehow better, could be the cache

==http manual = =
[email protected] html]# Yum install httpd-manual-y
......
[Email protected] html]# systemctl restart httpd
Test http://172.25.254.115/manual

= = Change Access Directory = =
[Email protected] html]# Getenforce
Enforcing
[Email protected] html]# LS-ZD
Drwxr-xr-x. Root root system_u:object_r:httpd_sys_content_t:s0.
[Email protected] html]# mkdir-p/www/westos
[Email protected] html]# semanage fcontext-a-T httpd_sys_content_t '/www/westos (/.*)? '
[Email protected] html]# restorecon-rvvf/www/
Restorecon reset/www Context Unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
Restorecon Reset/www/westos Context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t: S0

[Email protected] html]# cd/www/westos/
[[email protected] westos]# ls
[Email protected] westos]# vim index.html
1/www/westos ' s page
[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
DocumentRoot "/www/westos"
121 <directory "/www/westos" >
122 Require All granted
123 </Directory>
[Email protected] westos]# Systemctl Reload httpd
[Email protected] westos]# vim index.html
/www/westos ' s page
Test http://172.25.254.115

= = Change port Number = =
[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
8080 Listen
[Email protected] westos]# Systemctl Reload httpd
Test http://172.25.254.115:8080 # #8080默认是tomcat的端口
[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
80 Listen
[Email protected] westos]# systemctl Reload httpd # #重新加载速度更快
Test http://172.25.254.115

= = Access IP Limit = =
[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
121 <directory "/www/westos" >
122 Require All granted
123 Order Allow,deny
124 Allow from all
A. Deny from 172.25.254.115
126 </Directory>
[Email protected] westos]# Systemctl Reload httpd
Test:
115:HTTP://172.25.254.115 Cannot access
15:HTTP://172.25.254.115 can access

[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
121 <directory "/www/westos" >
122 Require All granted
123 Order Deny,allow
124 Allow from 172.25.254.115
"Deny from" all
126 </Directory>
[Email protected] westos]# Systemctl Reload httpd
Test:
115:HTTP://172.25.254.115 can access
15:HTTP://172.25.254.115 Cannot access

[Email protected] westos]# vim/etc/httpd/conf/httpd.conf
DocumentRoot "/www/westos"
121 <directory "/www/westos" >
122 Require All granted
123 Order Deny,allow
124 Allow from 172.25.254.0/24
"Deny from" all
126 </Directory>
[Email protected] westos]# Systemctl Reload httpd
Test:
Only allow 172.25.254.0/24 this network segment access

= = user name, password access = =
[Email protected] westos]# cd/etc/httpd/
[[email protected] httpd]# ls
Conf CONF.D CONF.MODULES.D logs modules run
[Email protected] httpd]# htpasswd-cm htpasswdfile admin
New Password:
Re-type New Password:
Adding Password for user admin
[email protected] httpd]# cat Htpasswdfile
Admin: $apr 1$wbkugigj$2hguwrwgsxs41wsctbvod/
[Email protected] httpd]# htpasswd-m htpasswdfile Westos
New Password:
Re-type New Password:
Adding Password for user Westos
[email protected] httpd]# cat Htpasswdfile
Admin: $apr 1$wbkugigj$2hguwrwgsxs41wsctbvod/
Westos: $apr 1$cgzyluvz$zskx6bfpfzkdqxronsofc/

[Email protected] httpd]# vim/etc/httpd/conf/httpd.conf
121 <directory "/www/westos" >
122 #Require All granted
123 Authuserfile/etc/httpd/htpasswdfile
124 AuthName "Please input username and password"
AuthType Basic
126 Require User admin
127 </Directory>
[Email protected] httpd]# Systemctl Reload httpd
Test http://172.25.254.115
Admin verified Success
Westos Validation not successful

Ctrl+shift+delete Click to empty the cache
[Email protected] httpd]# vim/etc/httpd/conf/httpd.conf
121 <directory "/www/westos" >
122 #Require All granted
123 Authuserfile/etc/httpd/htpasswdfile
124 AuthName "Please input username and password"
AuthType Basic
126 Require Valid-user
127 </Directory>
[Email protected] httpd]# Systemctl Reload httpd
Test http://172.25.254.115
Admin verified Success
Westos Verification Success

==music.westos.com; news.westos.com==
[Email protected] httpd]# vim/etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
#DocumentRoot "/www/westos"
[Email protected] httpd]# Systemctl Reload httpd

[Email protected] httpd]# cd/var/www/html/
[[email protected] html]# ls
[Email protected] html]# vim index.html
1 www.westos.com
Test http://172.25.254.115 Normal

[Email protected] html]# vim/etc/hosts
6 172.25.254.115 www.westos.com westos.com music.westos.com news.westos.com

[Email protected] html]# mkdir/var/www/virtual/music.westos.com/html-p
[Email protected] html]# mkdir/var/www/virtual/news.westos.com/html-p
[Email protected] ~]# cd/var/www/virtual/music.westos.com/html
[Email protected] html]# vim index.html
1 music.westos.com
[Email protected] html]# cd/var/www/virtual/news.westos.com/html
[Email protected] html]# vim index.html
1 news.westos.com
[Email protected] html]# cd/etc/httpd/conf.d/
[[email protected] conf.d]# ls
autoindex.conf manual.conf README userdir.conf welcome.conf
[Email protected] conf.d]# vim default.conf
1 <virtualhost _default_:80>
2 documentroot/var/www/html
3 Customlog "Logs/default.log" Combined # #combined表示日志级别是全部
4 </Virtualhost>
5 <directory "/var/www/html" >
6 Require All granted
7 </Directory>
[email protected] conf.d]# CP default.conf music.conf
[Email protected] conf.d]# vim music.conf
1 <virtualhost *:80>
2 Servername music.westos.com
3 documentroot/var/www/virtual/music.westos.com/html
4 Customlog "Logs/music.log" combined
5 </Virtualhost>
6 <directory "/var/www/virtual/music.westos.com/html" >
7 Require All granted
8 </Directory>
[email protected] conf.d]# CP music.conf news.conf
[Email protected] conf.d]# vim news.conf
1 <virtualhost *:80>
2 Servername news.westos.com
3 documentroot/var/www/virtual/news.westos.com/html
4 Customlog "Logs/news.log" combined
5 </Virtualhost>
6 <directory "/var/www/virtual/news.westos.com/html" >
7 Require All granted
8 </Directory>
[Email protected] conf.d]# Systemctl Reload httpd
[email protected] conf.d]# Firefox &
Test:
Www.westos.com
News.westos.com
Music.westos.com
Test success




Client-side encryption, server decryption
The client gets the certificate encryption and the server decrypts the key.

Install the certificate, and the certificate will be generated below.

[email protected] conf.d]# Yum install mod_ssl-y
......
[email protected] conf.d]# Yum install crypto-utils-y
......


│the key would be stored in│
│/etc/pki/tls/private/www.westos.com.key│
│the Certificate Stored in│
│/etc/pki/tls/certs/www.westos.com.crt

[Email protected] conf.d]# Genkey www.westos.com
/usr/bin/keyutil-c makecert-g 1024-s "cn=www.westos.com, Ou=linux, O=westos, L=xi ' An, St=shannxi, C=CN"-V 1-a-z/etc /pki/tls/.rand.8103-o/etc/pki/tls/certs/www.westos.com.crt-k/etc/pki/tls/private/www.westos.com.key
Cmdstr:makecert

Cmd_createnewcert
Command:makecert
KeySize = 1024x768 Bits
Subject = cn=www.westos.com, Ou=linux, O=westos, L=xi ' An, St=shannxi, C=CN
Valid for 1 months
Random seed from/etc/pki/tls/.rand.8103
Output would be written to/etc/pki/tls/certs/www.westos.com.crt
Output key written To/etc/pki/tls/private/www.westos.com.key


Generating key. This could take a few moments ...

Made a key
Opened Tmprequest for writing
/usr/bin/keyutil Copying The Cert pointer
Created a certificate
Wrote 882 bytes of encoded data To/etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[Email protected] ~]# Ls/etc/pki/tls/certs
CA-BUNDLE.CRT LOCALHOST.CRT Makefile WWW.WESTOS.COM.CRT
CA-BUNDLE.TRUST.CRT Make-dummy-cert Renew-dummy-cert
[Email protected] conf.d]# vim ssl.conf
Sslcertificatefile/etc/pki/tls/certs/www.westos.com.crt
107 Sslcertificatekeyfile/etc/pki/tls/private/www.westos.com.key
Test: Real Machine open Firefox, enter https://172.25.254.115/

This article from the "Schue Linux Learning Notes" blog, declined reprint!

Linux Course 22nd Day Study notes