第十一周作業

• 搭建php-fpm工作方式的LAMP環境，實現wordpress正常訪問
  • 確認系統上沒有安裝php
  • 安裝如下程序包

yum install mariadb-server php-fpm httpd php-mysql

• 選裝的程序包

php-mcrypt:加解密用到,傳輸過程加解密

php-mbstring:多字節字符串支持.

php-xcache:緩存php,加速php運行

• 配置php

服務配置文件:/etc/php-fpm.conf,/etc/php-fpm.d/*.conf

php環境配置文件:/etc/php.ini,/etc/php.d/*.ini

連接池:

/etc/php-fpm.d/www.conf

pm=static|dynamic

static:固定數量的子進程;pm.max_children;

pm.max_children = 50 最大的子進程數量

dynamic:子進程數據以動態模式管理;

pm.start_servers

pm.min_spare_servers

pm.max_spare_servers

pm.max_requests=500

創建session目錄 并確保運行php-fpmjincheng的用戶對此目錄有讀寫權限;

?mkdir /var/lib/php/session

?????chown apache.apache /var/lib/php/session

• 配置怎么和httpd服務器結合的

listen = 127.0.0.1:9000

/path/to/unix/socket 監聽套接字…不用ip時 使用

listen.backlog = -1

配置隊列長度,-1無限制

listen.allowed_clients = 127.0.0.1

配置那個機器可以請求PHP

pm.status_path = /pmstatus ?pm的狀態頁面…可以直接訪問

ping.path.response = pong 測試 是否可用

php_value[session.save_path] = /var/lib/php/session ?自己需要創建此目錄,并授權給apache,上面與創建

????? mkdir /var/lib/php/session

?????chown apache.apache /var/lib/php/session

• ??? 配置HTTPD

1. 添加/etc/httpd/conf.d/fcgi.conf配置文件,內用類似:

DirctoryIndex index.php

ProxyRequests off

ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1

1. 虛擬主機配置

DirectoryIndex index.php

<VirtualHost *.80>

ServerName www.ilinux.io

DocumentRoot /data/www/html

ProxyRequests off ##關閉正向代理

ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1

ProxyPassMatch ^(/pmstatus.*)$ fcgi://127.0.0.1:9000/$1 ?#ping,status,反向代理.

測試:url/pmstatus?xml ? /pmstatus?full

ProxyPassMatch ^(/pmstatus|ping)$ fcgi://127.0.0.1:9000/$1 ?#ping,status,反向代理.

<Directory “/data/www/html”>

Options None ## Options FollowSymLinks

AllowOverride None

Require all granted

</Directory>

</VirtualHost>

1. 壓力測試

ab -n 100000 -c 20 http://192.168.0.200/index.php

1. 測試連接

curl http://192.168.0.200/pma/index.php

phpMySQL 配置文件 ?cp config.sample.inc.php config.inc.php

• 配置wordpress

解壓wordpress到/var/www/html/blog

cp wp-config-sample.php wp-config.php

修改配置文件

/** WordPress數據庫的名稱 */

define(‘DB_NAME’, ‘wordpress’);

/** MySQL數據庫用戶名 */

define(‘DB_USER’, ‘wp’);

/** MySQL數據庫密碼 */

define(‘DB_PASSWORD’, ‘wppass’);

/** MySQL主機 */

define(‘DB_HOST’, ‘localhost’);

啟動瀏覽器連接wordpress

http://192.168.0.200/blog/

 

 

• 什么是DML？常用SQL舉例，每個命令至少1個例子，最多不超過3個例子

DML:INSERT,DELETE,UPDATE,SELECT

 

INSERT [INTO] tb_name [(col1,….)] {VALUES|VALUE} (VAL1,….),(….),….

注意:

字符型:引號;

數值型:不能用引號;

phpMyAdmin ?可視化管理mysql

INSERT INTO www3 VALUES (1,’tom’,’M’,’2011′);

INSERT INTO www3(name,gender) VALUES (‘gaofei’,’M’),(‘zhoayun’,’M’);

REPLACE INTO www3 VALUES (1,’tom’,’F’,’2019′);

SELECT

(1)SELECT * FROM tb_name[,tb_name2];

返回指定表的所有數據;慎用;

(2)SELECT col1,col2,…FROM tb_name;

顯示時,字段可以顯示為別名;

col_name AS col_alias

示例:

select name as student_name,gender from students;

(3)SELECT col,…FROM tb_name WHERE clause; ?/kl?z/ 條件

WHERE clause:用于指明挑選條件;

col_name操作符value:

age>30;

 

select name as student_name,gender from students where stuid>2;

select name as student_name,gender from students where classid is null;

select name as student_name,gender from students where classid in (1,2,3);

select name as student_name,gender from students where name like ‘d%’;

select name as student_name,gender from students where name like ‘^d’;

select name as student_name,gender from students where name like ‘^d’ order by desc;

select count(*) as nus,gender from students group by gender;

seletc * from student where name like ‘D%’ and gender=’F’;

or

not

 

 

操作符:>,<,=,==,!=

組合條件:and,or,not

操作符2:

between …. and …

like ‘pattern’

通配符:

%:任意長度的任意字符;

-:任意單個字符;

rlike ‘pattern’

正則表達式對字符串做模式匹配;

IS NULL

IS NOT NULL

(4)SELECT col1,….FROM tab1_name [where clause] ORDER BY col_name,col_name2,….[ASC|DESC];

ASC:升序;

DESC:降序;

(5)分組:

Group by,為了聚合;

count

DELETE:刪除行;

DELETE FROM tbl_name [where where_condition] [order by …] [limit row_count]

 

(1)delete from tbl_name where where_condition

(2)delete from tbl_name [order by] [limit row_count]

delete from students order by age desc limit 100;

delete from students order by age where age=100;

 

UPDATE:

update [low_PRIORITY] [IGNORE]table_reference set col_name1=value1 [,col_name2=value2]…[where where_condition] [order by]控制

 

update students set classid=2 where stuid=1;

3、簡述ftp的主動和被動模式，并實現基于pam認證的vsftpd

• ftp:

ftp:file transfer protocol,文件傳輸協議;

兩類連接:

命令連接:傳輸命令

數據連接:傳輸數據

兩種模式:

主動模式:port

server:20/tcp連接客戶端的命令連接使用的端口向后的第一個可用端口;

被動模式:PASV

Server:打開一個隨機端口,并等待客戶端連接

• vfs 配置

主程序:/usr/sbin/vsftpd
主配置文件:/et/pam.d/vsftpd? 認證配置文件
數據根目錄:/var/ftp
Systemd Unit File:/usr/lib/systemd/system/vsftpd.service

配置vsftpd:

用戶類別:

匿名用戶:anonymous–>ftp,/var/ftp#目錄

系統用戶:至少禁止系統用戶訪問ftp服務,/etc/vsftpd/ftpusers,PAM(/etc/pam.d/vsftpd);

虛擬用戶:非系統用戶;用戶賬號為非 /etc/passwd

默認認證方式,系統用戶方式認證.

系統用戶登陸后都在自己的家目錄下 pwd 命令可以查看目錄位置

默認可以自己有權限訪問的所有路徑間切換;禁錮用戶于家目錄中;

vsftpd:認證功能托管給pam;

基于何種存儲服務來存儲用戶信息,以及對存儲服務的驅動要靠pam實現;

安裝pam認證的需要的軟件包

yum install mariadb-devel pam-devel

pam_mysql:必須手動安裝,用于連接mariadb:

準備編譯環境

Yum group install “Development Tools” Server Platfrom Development”

tar -xf pam_mysql-0.7RC1.tar.gz

./configure –with-pam=/usr –with-mysql=/usr –with-pam-mods-dir=/usr/lib64/security

make && make install

安裝后確認ls /usr/lib64/security/?? 有pam_mysql.so

 

創建數據庫,授權用戶,創建賬號和密碼;

MariaDB [(none)]> create database vsftpd;

MariaDB [(none)]> grant all on vsftpd.* to ‘vsftpd’@’127.0.0.1’ identified by ‘mageedu’;

MariaDB [(none)]>create table users(id int unsigned auto_increment primary key,name varchar(100) not null,password char(40) not null,unique(name));

MariaDB [(none)]> insert into users(name,password) values (‘test’,password(‘123’)),(‘user1’,password(‘123’));

提供配置文件:/etc/pam.d/vsftpd.vusers

auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

配置vsftpd,添加或修改以下選項:

pam_service_name=vsftpd.vusers

guest_enable=YES

guest_username=vuser

虛擬用戶的寫權限,通過匿名一樣的指令進行定義;

還能實現不同的用戶由不同的權限;

user_config_dir=/etc/vsftpd/vusers_config/

在此目錄下創建不同用戶的權限文件

例如數據庫users表中test

anon_upload_enable=YES

anon_mkdir_write_enable=YES

~

同名.conf文件 權限同 anonymous 權限

 

• 簡述NFS服務原理及配置

nfs

nfs:Network File System
nls:Network Information Service;
ldap:lightweight directory access protocol;ldap over ssl/tls;

nfs時系統內核的一個模塊
lsmod? 可以查看
nfs服務需要安裝? nfs-util實現提供服務;

NFSv1
NFSv2,NFSv3,NFSv4 目前最高版本

NFS監聽的端口:2049 tcp/udp
不建議使用udp
NFS輔助類的服務:rpc,portmapper
rpc.mountd:認證;
rpc.locked:加鎖;
rpc.statd:狀態;
rpc:remote procedure call

NFS Server:
nfs-utils:
The nfs-utils package provides a daemon for the kernel NFS server and related tols,which provides a much higher level of performance than the traditional Linux
NFS server used by most users.

nfs 用戶權限配置文件
/etc/exports? 或者/etc/exports.d/*
格式:/PATH/TO/SOME_DIR CLIENTS1(EXPORT_OPTIONS,….) CLIENTS2(EXPORT_OPTIONS,…..)

CLIENTS:
single host:ipv4,ipv6,FQDN;
network:address/netmask,長度格式掩碼都支持;
wildcards:主機名通配,例如:*.mageedu.com;
netgroups:NIS域內的主機組;@group_name;
anonymous:使用*通配所有主機;
EXPORT_OPTIONS
ro:只讀;
rw:讀寫;
sync:同步;
async:異步;
User ID Mapping:
root_squash:壓縮root用戶,一般指將其映射為nfsnobody;
no_root_squash:不壓縮root用戶;
all_squash:壓縮所有用戶;
anonuid and anongid:將壓縮的用戶映射為此處指定的用戶;

示例:/dat/mysql ?? ?172.16.0.200(rw,no_root_squash) 172.167.0.0/16(ro)

/etc/sysconfig/nfs? 配置文件? 配置rpc等屬性配置

NFS clinet:
mount -t nfs servername:/path/to/share /path/to/mount_point [-rvVwfnsh] [-o options]

#exportfs -ar
#exportfs -au
-r:重新導出;
-a:所有文件系統;
-v:詳細信息;
-u:取消導出文件系統;

showmount :show mount information for an NFS server
showmount命令 可以顯示nfs提供的掛載信息

showmount -e NFS_SERVER_IP:查看指定的NFS Server上導出的所有文件系統;
showmount -a 在NFS server上查看nfs所有的客戶端列表;

其他參考文檔:
man nfs:獲取nfs文件系統專用的掛載選項;

 

• 簡述samba服務，并實現samba配置

samba:

?smb:service message block

?cifs:common internet filesystem

?

?samba:Andrew Tridgell

??????功能:文件系統共享;

??????打印共享;

??????NetBIOS協議;

?程序環境:

??????服務端程序包:samba 依賴samba-common,samba-libs

??????安裝程序:

???????????yum install samba

??????啟動服務:

???????????systemctl start smb nmb

??????主配置文件:/etc/samba/smb.conf,有samb-common提供;

??????主程序:

????????????????nmbd:NetBIOS name server

????????????????smbd:SMB/CIFS service

??????Unit File:

???????????smb.service

???????????nmb.service

??????監聽的端口:

???????????137/udp,138/udp,139/tcp,445/tcp

?????d:\data\tools:共享,共享名(software)? windows路徑是”\”

??????配置samba:

???????????/etc/samba/smb.conf

???????????配置測試:

????????????testparm

• • • [global]
      interfaces = lo ens33???? ##如果是ip的話,后面必須跟端口;
      log file = /var/log/samba/log.%m
      max log size = 50
      security = USER
      server string = Samba Server Version %v
      workgroup = MYGROUP
      idmap config * : backend = tdb[homes]
      browseable = No
      comment = Home Directories
      read only = No

      [printers]
      browseable = No
      comment = All Printers
      path = /var/spool/samba
      printable = Yes

客戶機使用方式:

?安裝samba-client:交互式命令行客戶端,類似于lftp.

掛在文件系統:mount.cifs

?sambclient 使用:

?smbclient -L 192.168.0.200? 查看共享的資源

?smbclient //192.168.0.200/test -U test -C 123 訪問資源

?創建用戶賬戶:

????useradd test

???smbpasswd

????????????????????????????????????-a:add user

????????????????????????????????????-d:disable user

????????????????????????????????????-e:enable user

????????????????????????????????????-n:set no password

????????????????????????????????????-i:interdomain trust account

????????????????????????????????????-m:machine trust account

????????????????????????????????????-W:use stdin ldap admin password

-w PASSWORD:ldap admin password

????????????????????????????????????-x:delete user

??????? ?-R ORDER:name resolve order

 

?共享文件系統配置

?三類:

?[homes]:為每個samba用戶定義其是否能夠通過samba服務訪問自己家目錄;

?[printers]:定義打印服務;

?[shared_fs]:定義文件共享系統;

常用的指令:

?comment:注釋信息;

?path:當前共享所映射的文件系統路徑;

?browseable:是否可瀏覽,是否可被其他用戶查看;

?guest ok:是否允許來賓賬戶訪問;

writable:是否可寫;

write list:擁有寫權限的用戶列表;

用戶名

?@組名

?+組名

?read only:是否可讀;

示例:

[mytest]

comment = A test share directory.

path = /data/samba/files

public = yes

writable = yes###或者write list = +groupname

browseable = yes

用戶必須對共享的文件有權限:可以用setfacl 授權

用掛載命令掛載使用

-o選項可以定義

Rsize= :讀緩存

Wsize= :寫緩存

Actimeo= :超時時間