####################空壳邮件####################
[root@maillinux ~]# vim /etc/named.rfc1912.zones
-----------------------------------------------
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
41 };
42
:wq
-----------------------------------------------
[root@maillinux ~]# cd /var/named
[root@maillinux named]# cp -p westos.com.zone westos.org.zone
##一定要加"-p"参数
[root@maillinux named]# vim westos.org.zone
-----------------------------------------------
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.50.100
10 westos.org. MX 1 172.25.50.100.
:wq
-----------------------------------------------
[root@maillinux named]# dig -t mx westos.org |grep MX
;westos.org. IN MX
westos.org. 86400 IN MX 1 172.25.50.100.
[root@maillinux named]# rm -fr /etc/postfix/main.cf
[root@maillinux named]# yum reinstall postfix -y
......
[root@maillinux named]# systemctl restart postfix.service
[root@maillinux named]# vim /etc/postfix/main.cf
-----------------------------------------------
75 myhostname = maillinux.linux.com
83 mydomain = linux.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled ##不允许本地投递
164 mydestination = ##不接收任何邮件
313 relayhost = 172.25.50.200 ##指定真实的邮件服务器IP地址
:wq
-----------------------------------------------
[root@maillinux named]# systemctl restart postfix.service
[root@mailwestos ~]# vim /etc/postfix/main.cf
-----------------------------------------------
264 mynetworks = 172.25.50.0/24
:wq
-----------------------------------------------
[root@mailwestos ~]# systemctl restart postfix.service
[root@mailwestos ~]# cd /home/vmail/
[root@mailwestos vmail]# ls
mail westos.org
[root@mailwestos vmail]# rm -fr *
[root@mailwestos vmail]# ls
[root@maillinux named]# mail admin@westos.org
Subject: test
test
test
.
EOT
[root@maillinux named]# mailq
Mail queue is empty
[root@mailwestos vmail]# ls
westos.org
[root@mailwestos vmail]# cd westos.org/
[root@mailwestos westos.org]# ls
admin
[root@mailwestos westos.org]# cd admin/
[root@mailwestos admin]# ls
cur new tmp
#####################
##### Apache #####
#####################
Apche提供httpd协议
--网站主流架构--
lamp=linux apache mysql php
lnmp=linux nginx mysql php
以上都是开源软件,所以成为主流
--网站开发语言--
静态:html
动态:php cgi jsp asp
--中间件(翻译语言)--
tomcat jboss 等等
squid代理软件
反向代理,也就是通常所说的Web服务器加速
通过在Internet上增加一个高速的Web缓冲服务器(即:Web反向代理服务器),来降低实际的Web服务器的负载。
go语言
nmap著名的***软件
index.html里写的是html语句
互联网最牛逼的职业是做***,找漏洞,需要强大硬件支持,费用以每小时6位数计算
外国×××是最牛逼的网站,访问量巨大
打开firefox,进入qq邮箱登陆界面
https://mail.qq.com/cgi-bin/loginpage
发现使用的是https协议,并且在网址前面有一个"锁"型图标
点击"锁"-->More Information-->Security-->View Certificate
可以显示证书信息,比如:
Common Name (CN) mail.qq.com
Organizetion (O) Shenzhen Tencent Computer Systems Company Limited
Organizetional Unit (OU) R&D
####################1.curl和nmap的简单用法####################
[root@foundation50 ~]# man curl
-----------------------------------------------
-I, --head
(HTTP/FTP/FILE) Fetch the HTTP-header only! HTTP-servers feature
the command HEAD which this uses to get nothing but the header
of a document. When used on an FTP or FILE file, curl displays
the file size and last modification time only.
-----------------------------------------------
[root@foundation50 ~]# curl -I www.qq.com
HTTP/1.1 200 OK
Server: squid/3.5.20 ##squid提供代理服务,这里用的是反向代理
Date: Thu, 08 Dec 2016 07:54:31 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Thu, 08 Dec 2016 07:55:31 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: HIT from xian.qq.com ##实际访问的是在西安的一台反向代理服务器
[root@localhost ~]# hostnamectl set-hostname web1.westos.com
[root@localhost ~]# reboot
等待重启
[root@web1 ~]# yum install httpd -y
......
[root@web1 ~]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# vim index.html
-----------------------------------------------
1 web1.westos.com
2 123
:wq
-----------------------------------------------
[root@web1 html]# systemctl start httpd
[root@web1 html]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@web1 ~]# firewall-cmd --permanent --add-service=http
success
[root@web1 ~]# firewall-cmd --permanent --add-service=https
success
[root@web1 ~]# firewall-cmd --reload
success
[root@web1 ~]# netstat -antlpe |grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 78225 4642/httpd
[root@foundation50 ~]# firefox &
>测试:http://172.25.50.100
>显示:web1.westos.com 123
[root@foundation50 ~]# curl -I 172.25.50.100
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2016 08:52:59 GMT
Server: Apache/2.4.6 (Red Hat)
Last-Modified: Thu, 08 Dec 2016 08:31:59 GMT
ETag: "14-54321789b792c"
Accept-Ranges: bytes
Content-Length: 20
Content-Type: text/html; charset=UTF-8
[root@foundation50 ~]# yum install nmap -y
......
[root@foundation50 ~]# man nmap
-----------------------------------------------
-A (Aggressive scan options) .
This option enables additional advanced and aggressive options. I
haven't decided exactly which it stands for yet. Presently this
enables OS detection (-O), version scanning (-sV), script scanning
(-sC) and traceroute (--traceroute).. More features may be added
in the future. The point is to enable a comprehensive set of scan
options without people having to remember a large set of flags.
However, because script scanning with the default set is considered
intrusive, you should not use -A against target networks without
permission. This option only enables features, and not timing
options (such as -T4) or verbosity options (-v) that you might want
as well.
-----------------------------------------------
[root@foundation50 ~]# nmap -A 172.25.50.100
Starting Nmap 6.40 ( http://nmap.org ) at 2016-12-08 16:54 CST
Nmap scan report for 172.25.50.100
Host is up (0.00024s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.4 (protocol 2.0)
| ssh-hostkey: 2048 e9:c5:3f:b0:6c:ab:f7:60:a3:05:9f:d5:8d:66:42:53 (RSA)
|_256 eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08 (ECDSA)
80/tcp open http Apache httpd 2.4.6 ((Red Hat))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
443/tcp closed https
MAC Address: 52:54:00:00:32:0A (QEMU Virtual NIC)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.0 - 3.9
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms 172.25.50.100
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.44 seconds
####################2.Index优先级####################
[root@web1 html]# ls
index.html
>测试:http://172.25.50.100
>显示:web1.westos.com 123
[root@web1 html]# echo hello world >file
>测试:http://172.25.50.100/file
>显示:hello world
[root@web1 html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
[root@web1 html]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
164 DirectoryIndex file index.html
:wq
-----------------------------------------------
[root@web1 html]# systemctl reload httpd ##"reload"重新加载速度更快
>测试:http://172.25.50.100
>显示:web1.westos.com 123
--> Ctrl+Shift+Delete --> Clear Now(清空缓存)
>显示:hello world
[root@web1 html]# rm -fr file
>测试:http://172.25.50.100
>显示:web1.westos.com 123
[root@web1 html]# rm -fr index.html
>测试:http://172.25.50.100
>显示:web1.westos.com 123
--> Ctrl+Shift+Delete --> Clear Now(清空缓存)
>显示:apache测试页
####################3.Apache http手册####################
[root@web1 html]# man 5 httpd.conf
No manual entry for httpd.conf in section 5 ##没有man解释
[root@web1 html]# yum install httpd-manual -y ##安装Apache http手册
......
[root@web1 html]# systemctl restart httpd
>测试:http://172.25.50.100/manual
>显示:Apache http英文手册
>如果想看中文版手册,可以百度"apache中文手册"
####################4.更改访问目录####################
[root@web1 html]# getenforce
Enforcing
[root@web1 html]# ls -Zd
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
[root@web1 html]# mkdir -p /www/westos
[root@web1 html]# semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?'
[root@web1 html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@web1 html]# cd /www/westos/
[root@web1 westos]# ls
[root@web1 westos]# vim index.html
-----------------------------------------------
1 /www/westos’s page
:wq
-----------------------------------------------
[root@web1 westos]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>测试:http://172.25.50.100
>显示:/www/westos's page
####################5.更改端口号####################
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
42 Listen 8080 ##8080默认是tomcat的端口
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>测试:http://172.25.50.100:8080
>显示:Unable to connect
[root@web1 westos]# systemctl stop firewalld.service
>测试:http://172.25.50.100:8080
>显示:/www/westos's page
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
42 Listen 80
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
[root@web1 westos]# systemctl start firewalld.service
>测试:http://172.25.50.100
>显示:/www/westos's page
####################6.访问ip限制####################
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 Require all granted
123 Order Allow,Deny
124 Allow from all
125 Deny from 172.25.50.200
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>测试:http://172.25.50.100
>使用172.25.50.200访问,显示:apache测试页
>使用172.25.50.250访问,显示:/www/westos's page
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from 172.25.50.200
125 Deny from all
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>测试:http://172.25.50.100
>使用172.25.50.200访问,显示:/www/westos's page(需清空缓存:ctrl+shift+delete)
>使用172.25.50.250访问,显示:apache测试页
[root@web1 westos]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from 172.25.50.0/24
125 Deny from all
126 </Directory>
:wq
-----------------------------------------------
[root@web1 westos]# systemctl reload httpd
>测试:http://172.25.50.100
>使用172.25.50.200访问,显示:/www/westos's page
>使用172.25.50.250访问,显示:/www/westos's page
####################7.使用密码访问####################
[root@web1 westos]# cd /etc/httpd/
[root@web1 httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@web1 httpd]# htpasswd -cm htpasswdfile admin
New password: admin
Re-type new password: admin
Adding password for user admin
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$YzFmtshu$Ltrnu4IazFD9bIvt451Ka0
[root@web1 httpd]# man htpasswd
-----------------------------------------------
-c Create the passwdfile. If passwdfile already exists, it is
rewritten and truncated. This option cannot be combined with the
-n option.
-----------------------------------------------
/所以创建第二个认证用户,不能带参数"c"。否则会覆盖掉之前的认证用户
[root@web1 httpd]# htpasswd -m htpasswdfile westos
New password: westos
Re-type new password: westos
Adding password for user westos
[root@web1 httpd]# cat htpasswdfile
admin:$apr1$YzFmtshu$Ltrnu4IazFD9bIvt451Ka0
westos:$apr1$q37ttTZO$U3V3Tj5WH.WPmjxogH6cj1
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require user admin
127 </Directory>
:wq
-----------------------------------------------
[root@web1 httpd]# systemctl reload httpd
>测试:http://172.25.50.100(需清空缓存:ctrl+shift+delete)
>使用admin/admin验证成功
>使用westos/westos验证失败
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory>
:wq
-----------------------------------------------
[root@web1 httpd]# systemctl reload httpd
>测试:http://172.25.50.100(需清空缓存:ctrl+shift+delete)
>使用admin/admin验证成功
>使用westos/westos验证成功
####################8.Apache虚拟主机####################
[root@web1 httpd]# vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
/删除
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory>
/修改
119 DocumentRoot "/var/www/html"
:wq
-----------------------------------------------
/即恢复之前的配置
[root@web1 httpd]# systemctl reload httpd
[root@web1 httpd]# cd /var/www/html/
[root@web1 html]# ls
[root@web1 html]# echo www.westos.com > index.html
>测试:http://172.25.50.100
>显示:www.westos.com
[root@web1 html]# mkdir -p /var/www/virtual/music.westos.com/html
[root@web1 html]# mkdir -p /var/www/virtual/news.westos.com/html
[root@web1 html]# cd /var/www/virtual/music.westos.com/html
[root@web1 html]# echo music.westos.com > index.html
[root@web1 html]# cd /var/www/virtual/news.westos.com/html
[root@web1 html]# echo news.westos.com > index.html
[root@web1 html]# cd /etc/httpd/conf.d/
[root@web1 conf.d]# ls
autoindex.conf manual.conf README userdir.conf welcome.conf
[root@web1 conf.d]# vim default.conf
-----------------------------------------------
1 <Virtualhost _default_:80>
2 Documentroot /var/www/html
3 Customlog "logs/default.log" combined ##combined表示日志级别是全部
4 </Virtualhost>
5 <Directory "/var/www/html">
6 Require all granted
7 </Directory>
:wq
-----------------------------------------------
[root@web1 conf.d]# cp default.conf music.conf
[root@web1 conf.d]# vim music.conf
-----------------------------------------------
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/virtual/music.westos.com/html
4 Customlog "logs/music.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/music.westos.com/html">
7 Require all granted
8 </Directory>
:wq
-----------------------------------------------
[root@web1 conf.d]# cp music.conf news.conf
[root@web1 conf.d]# vim news.conf
-----------------------------------------------
1 <Virtualhost *:80>
2 Servername news.westos.com
3 Documentroot /var/www/virtual/news.westos.com/html
4 Customlog "logs/news.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/news.westos.com/html">
7 Require all granted
8 </Directory>
:%s/music/news/g
:wq
-----------------------------------------------
[root@web1 conf.d]# systemctl reload httpd
[root@web1 conf.d]# vim /etc/hosts
-----------------------------------------------
6 172.25.50.100 www.westos.com westos.com music.westos.com news.westos.com
:wq
-----------------------------------------------
[root@web1 conf.d]# firefox & ##更改了虚拟机的hosts解析,所以使用虚拟机的firefox测试
>测试:www.westos.com
>显示:www.westos.com
>测试:music.westos.com
>显示:music.westos.com
>测试:news.westos.com
>显示:news.westos.com
####################9.配置HTTPS####################
客户端加密,服务端解密
客户拿证书加密,服务器拿key解密
[root@web1 conf.d]# netstat -antlpe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 74013 7907/httpd
[root@web1 conf.d]# netstat -antlpe | grep 443
##没有开启https的443端口
[root@web1 conf.d]# ls
autoindex.conf manual.conf news.conf tmprequest welcome.conf
default.conf music.conf README userdir.conf
[root@web1 conf.d]# yum install mod_ssl -y
......
[root@web1 conf.d]# systemctl reload httpd
[root@web1 conf.d]# netstat -antlpe | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 93273 7907/httpd
[root@web1 conf.d]# ls
autoindex.conf manual.conf news.conf ssl.conf userdir.conf
default.conf music.conf README tmprequest welcome.conf
##多了一个文件"ssl.conf"
>测试:https://172.25.50.100/
-->I Understand the Risks-->Add Exception-->Confirm Security Exception
>显示:www.westos.com
>点击"锁"-->More Information-->Security-->View Certificate
>显示证书信息如下:
Common Name (CN) web1.westos.com
Organizetion (O) SomeOrganization
Organizetional Unit (OU) SomeOrganizationalUnit
>删除证书:
方法1.点击"菜单栏"-->Preferences
-->Advanced-->Certificates-->View Certificates
-->Servers-->SomeOrganization-->web1.westos.com--Delete-->OK-->OK
方法2.ctrl+shift+delete,直接清空缓存
[root@web1 conf.d]# yum search crypto-utils |grep crypto-utils
========================== N/S matched: crypto-utils ===========================
crypto-utils.x86_64 : SSL certificate and key management utilities
[root@web1 conf.d]# yum install crypto-utils -y
......
[root@web1 conf.d]# ls /etc/pki/tls/certs/
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@web1 conf.d]# genkey www.westos.com
----------------------------------------------------------------------------------
-->Next
-->1024(size越大,生成速度越慢)-->Next
-->晃晃鼠标,敲敲键盘才会继续。你懂得!
-->No
[ ] Encrypt the private key
-->Next
Country Name (ISO 2 letter code) CN
State or Province Name (full name) shannxi
Locality Name (e.g. city) xi'an
Organization Name (eg, company) westos
Organizational Unit Name (eg, section) linux
Common Name (fully qualified domain name) www.westos.com
-->Next
----------------------------------------------------------------------------------
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.11364 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.11364
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@web1 conf.d]# ls /etc/pki/tls/certs/
ca-bundle.crt localhost.crt Makefile www.westos.com.crt
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@web1 conf.d]# vim ssl.conf
-----------------------------------------------
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
:wq
-----------------------------------------------
>测试:https://172.25.50.100/
-->I Understand the Risks-->Add Exception-->Confirm Security Exception
>显示:www.westos.com
>点击"锁"-->More Information-->Security-->View Certificate
>显示证书信息如下:
Common Name (CN) www.westos.com
Organizetion (O) westos
Organizetional Unit (OU) linux
>删除证书:
步骤1.点击"菜单栏"-->Preferences
-->Advanced-->Certificates-->View Certificates
-->Servers-->SomeOrganization-->web1.westos.com--Delete-->OK-->OK
步骤2.ctrl+shift+delete,清空缓存
转载于:https://blog.51cto.com/shichao/1880875
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
