Nineth Week Assignment

1 , detailed description of the process of encrypting communication, combined with the best diagram.

For:

one-way encryption and decryption process:

Sender:

1) The sender uses the method of symmetric encryption to extract the signature of the file, encrypt the signature with its own private key, and append it to the file (or clear text);

2) Using a symmetric key, the entire file is encrypted by means of a symmetric encryption algorithm;

3) Then use the other party's public key to encrypt the symmetric key, attached to the file behind;

Receiving Party:

1) The receiver first decrypts the symmetric key with its own private key;(the decryption instructions are indeed encrypted with their own public key;)

2) Decryption of the password, with the help of the decryption algorithm, you can decrypt the file data;

3) Get the plaintext data of the file and encrypt the signature;

4) Use the sender's public key to decrypt the signature, (can decrypt the identity of the other party to be authenticated)

5) Use the same encryption algorithm to calculate the signature of the file data, compare the two signatures , and if it is the same, the data integrity of the file is authenticated;

2 , describing creating a private CA , as well as a method certificate for the certificate request sent to the client.

A :OpenSSL configuration file:/etc/pki/tls/openssl.cnf

(1) Create the required files:

[[Email Protected]erver ~]# cd/etc/pki/ca[[email protected] ca]# touch Index.txt[[email protected] ca]# echo 01>serial [email protected] ca]# LL

(2)CA self-visa certificate

[Email protected] ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)

[Email protected] ca]# ls-l private/

[email protected] ca]# OpenSSL req-new-x509-key private/cakey.pem-days 7300-out Cacert.pem

Description

-new: Generate a new certificate signing request;

-x509: Dedicated to CA generate self-signed certificate;

-key: The private file used to generate the request;

-days # : Validity period of the certificate;

-out/path/to/somecertfile : The path to save the certificate;

(3) issuing certificates

A) Use the certificate's host to generate the certificate request: [[email protected] ~]# Mkdir/etc/httpd/ssl[[email protected] ~]# (umask 077; OpenSSL genrsa-out/etc/htt Pd/ssl/httpd.key 2048) [[email protected] ~]# Cd/etc/httpd/ssl/[email protected] ssl]# OpenSSL Req-new-key httpd.key-da Ys 365-out HTTPD.CSRB) pass the request file to Ca:[[email protected] ssl]# SCP HTTPD.CSR 10.11.0.240:/TMP/3) CA sign the certificate and send the certificate back to the requestor: [email Protected] ca]# OpenSSL ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/httpd.crt-days 365[[email protected] ca]# scp/etc/p KI/CA/CERTS/HTTPD.CRT 10.11.0.242:/etc/httpd/ssl/

3 , build a set of DNS Server, responsible for parsing magedu.com domain name (self-setting hostname and IP )

(1) , capable of forward parsing and inverse parsing of some host names;

(2) , sub-domain cdn.magedu.com Sub -Domain authorization, the subdomain is responsible for resolving the host name in the corresponding subdomain;

(3) , in order to ensure DNS High availability of the service system, please design a set of scenarios and write out the detailed implementation process

4 , please describe a complete http request processing process;

For:

(1) establishing a TCP connection

before HTTP work begins,the web browser first establishes a connection to the Web servervia the TCP protocol ; A higher level of application layer protocol, according to the rules, only the lower layer protocol is established before the higher level protocol connections. Therefore, to establish a TCP connection first, the port number of the general TCP connection is 80.

(2)Web browser wants Web server to send Request command

Once you have established TCP Connection, theWeb browser sends a request message to the Web server. such as:get/sample/hello.phphttp/1.1.

(3)Web Browser sends request header information

After the Web browser sends its request command to the Web server, it also sends some information to the Web server in the form of header information , and then sends a blank line (notifying the end of the server header information).

(4)Web Server Response

After the client wants the server to make a request, the server sends a reply to the client. http/1.1 OK, the first part of the answer is the protocol version number and the response status code.

(5)The Web server sends the response header information

Just as the client sends some information about itself along with the request, the server sends the data about itself and the requested document to the client with the response.

(6) The WEB server sends data to the browser

After the Web server sends a header message to the browser, it sends a blank line to indicate the end of the header message, and then it sends the actual data requested by the client in the format described by the Content-type response header information.

(7)The Web server shuts down the TCP connection

as a general rule, once The WEB server sends the request data to the browser, which closes the TCP connection, but if the browser or server adds this line of code to its header information:Connection:keep-alive, The TCP connection remains open after it is sent, so that the browser can continue to send requests through the same connection. Maintaining a connection saves the time it takes to establish a new connection for each request and also saves network bandwidth.

5 ,httpd What types of processing models are supported, and what environments they are used for respectively.

For:

The processing models supported by HTTPD are prefork,worker,event;

(1)prefork Model: Multi-process model, each process responds to a request; a Master process: responsible for generating n sub-processes, which are also called worker processes, each of which processes a user request, even if no user requests , several idle processes are generated beforehand, waiting for requests to arrive at any time, and the maximum number of child processes is no more than one.

(2)worker Model: multithreaded model, each thread responds to a request; one main process: Multiple child processes are generated, each of which is responsible for generating multiple threads, and each thread responds to a request. m process,n thread: The maximum number of concurrent responses is m*n.

(3) Event Model: Events-driven model, each thread responds to n requests; One main process: generating m sub-processes, with each process responding to N requests directly The maximum number of concurrent responses is m*n.

6 , establish httpd Server ( compiled-based ) , requires:

provides two name-based virtual hosts :

(a) www1.stuX.com , the page file directory is /WEB/VHOSTS/WWW1 ; error log is /var/log/httpd/www1.err , the access log is /var/log/httpd/www1.access ;

(b) www2.stuX.com , the page file directory is /web/vhosts/www2 ; error log is /var/log/httpd/www2.err , the access log is /var/log/httpd/www2.access ;

(c) set up your own home file for two virtual hosts index.html , the content is its corresponding host name;

(d) by Www1.stux.com/server-status output httpd Work status related information, and only allow access to account password (status:status) ;

7 , for the first 6 Part 2 of the question A virtual host provides HTTPS Services, enabling users to use HTTPS secure access to this Web site;

(1) require certificate authentication, the country (CN) required to use the certificate , State (HA) , City (ZZ) and organization (mageedu) ;

(2) set up department for Ops , the host name is www2.stuX.com , Email is [email protected] ;

8 , establishing Samba shared, shared directory is /data , requirements: (describe the complete process)

1) Share is named shared , the Working Group is magedu ;

2) Add Group Develop , add user Gentoo,centos and ubuntu , of which Gentoo and CentOS with develop For additional groups,Ubuntu not part of develop . Group; passwords are user names;

3) Add Samba user Gentoo,centos and ubuntu , the password is "mageedu ";

4) this samba Share shared allow only develop groups have write permissions, and other users can only access them in read-only mode;

5) this samba Shared Services only allowed from 172.16.0.0/16 host access to the network;

9 and build a set of documents vsftp file Sharing service, shared directory is /ftproot, Requirements: (describe the complete process)

1) based on the virtual user's access form;

2) Anonymous users are allowed to download only, do not allow uploading;

3) imprison all users in their home directory;

4) Limit the maximum number of concurrent connections : ;

5) Maximum transfer rate for anonymous users 512kb/s

6) Virtual user's account is stored in MySQL database.

7) database through NFS to share.

This article is from the "Ilinux" blog, make sure to keep this source http://shenzhijin.blog.51cto.com/1741240/1867678

Nineth Week Assignment