http://106.54.4.239:8080/
http://www.found.com:8080/
https://cloud.tencent.com/
### 1.创建文件夹
mkdir /tmp/setup
mkdir /opt/ngx
mkdir /opt/jdk
mkdir /opt/tomcat
### 2.下载相关安装包
cd /tmp/setup
wget http://nginx.org/download/nginx-1.14.2.tar.gz
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz
wget --post-data="user=user1&pass=pass1&submit=Login" --save-cookies=cookie.txt --keep-session-cookies http://domain.com/login.php
wget --load-cookies=cookie.txt http://domain.com/path/page_need_login.php
wget --post-data="sso_username=estc.wu@hotmail.com&ssopassword=pw&submit=Login" --save-cookies=cookie.txt --keep-session-cookies https://login.oracle.com/oaam_server/loginAuth.do
wget --post-data="sso_username=estc.wu@hotmail.com&ssopassword=pw&submit=Login" --save-cookies=cookie.txt --keep-session-cookies https://login.oracle.com/oam/server/sso/auth_cred_submit
wget --load-cookies=cookie.txt https://download.oracle.com/otn/java/jdk/8u231-b11/5b13a193868b4bf28bcb45c792fce896/jdk-8u231-linux-x64.tar.gz
### 3.解压文件
tar -zxvf nginx-1.14.2.tar.gz -C /tmp/setup
tar -zxvf jdk-8u211-linux-x64.tar.gz -C /opt/jdk
tar -zxvf apache-tomcat-9.0.21.tar.gz -C /opt/tomcat
### 4.编译安装Nginx
cd /tmp/setup/nginx-1.14.2/
yum -y install pcre-devel
yum -y install openssl openssl-devel
./configure --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module --with-http_ssl_module --with-http_realip_module
make && make install
/usr/local/nginx/sbin/nginx -t # 检查nginx配置文件
/usr/local/nginx/sbin/nginx # 启动nginx
/usr/local/nginx/sbin/nginx -v # 查看nginx版本
/usr/local/nginx/sbin/nginx -V # 查看nginx编译信息
ps -ef|grep nginx # 查看nginx进程
netstat -tunlp #
pkill -9 nginx # 强制停止nginx
cat /usr/local/nginx/conf/nginx.conf # 查看配置文件内容
/usr/local/nginx/sbin/nginx -s reload # 平滑重启:重新加载配置文件
### 5.拷贝网页
cd /tmp/setup
unzip ImgViewer.zip
mv /tmp/setup/ImgViewer/* /usr/local/nginx/html/
mv /tmp/setup/ImgViewer/* /opt/tomcat/apache-tomcat-9.0.21/webapps/docs/
### 6.设置环境变量并启动tomcat
export JAVA_HOME=/opt/jdk/jdk1.8.0_211
export CLASSPATH=.:${JAVA_HOME}/lib:${JAVA_HOME}/jre/lib:$CLASSPATH
export PATH=${JAVA_HOME}/bin:$PATH
cd /opt/tomcat/apache-tomcat-9.0.21/bin/
./startup.sh & tail -f /opt/tomcat/apache-tomcat-9.0.21/logs/catalina.out
ps -ef|grep java
### 7.强制跳转https
yum install httpd -y
vi /etc/httpd/conf/httpd.conf #修改端口
mv /tmp/setup/ImgViewer/* /var/www/html/
service httpd restart #重启Apache服务器
systemctl start httpd.service
systemctl status httpd.service
cd /root
# 创建CA证书私钥
openssl genrsa -out ca-key.pem 1024
# 创建csr证书请求
openssl req -new -key ca-key.pem -out ca-req.csr -subj "/C=CN/ST=JS/L=NJ/O=IT/OU=wudh/CN=CA"
# 生成crt证书
openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 3650
# 创建服务器端私钥
openssl genrsa -out server-key.pem 1024
# 创建服务器端csr证书
openssl req -new -out server-req.csr -key server-key.pem -subj "/C=CN/ST=JS/L=NJ/O=IT/OU=wudh/CN=*.found.com"
# 生成服务器端crt证书
openssl x509 -req -in server-req.csr -out server-cert.pem -signkey server-key.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 3650
# 确认证书
openssl verify -CAfile ca-cert.pem server-cert.pem
vim /usr/local/nginx/conf/nginx.conf (编写nginx主配置文件)
http {
...
#gzip on;
upstream docs
{
ip_hash;
server 106.54.4.239:8080;
}
# HTTP server
#
server {
listen 88 default_server;
server_name www.found.com;
# 301重定向到https协议端口,这样访问http://www.found.com:88会自动跳转到https://www.found.com
rewrite ^(.*) https://$server_name$1 permanent;
}
# HTTPS server
#
server {
listen 443 default_server;
server_name www.found.com;
# 启用https协议访问
ssl on;
#服务端公钥
ssl_certificate /root/server-cert.pem;
#服务端私钥
ssl_certificate_key /root/server-key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_session_cache shared:SSL:1m;
ssl_session_timeout 60m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
error_log logs/error443.log;
location /docs/ {
proxy_pass http://docs;
proxy_set_header Host $host;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
}
}
### 8.linux常用命令
# Linux查看/var/log/wtmp文件查看可疑IP登陆
last -f /var/log/wtmp
# 查看/var/log/secure文件寻找可疑IP登陆次数
cat /var/log/secure
# 查看ssh用户的登录日志:
less /var/log/secure
lastlog last lastb who w users
参考:
https://www.jianshu.com/p/b932ca0726f3
https://www.cnblogs.com/canflyfish/p/11580555.html