本文详细介绍了如何在Linux环境下配置DNS服务器及HTTP服务,并通过实例演示了如何设置虚拟主机、目录权限控制等关键步骤。
DNS服务器:
yum -y install bind
yum -y install bind-chroot【必须在bind后安装】
cd /var/named/chroot/var/named
cp -p named.localhost beimi.com.zone
追加:
websrv A 192.168.0.118
www CNAME websrv
cp -p named.localhost king.com.zone
追加:
king A 192.168.0.118
www CNAME king
cd /var/named/chroot/etc
vi named.rfc1912.zones
追加:
zone "beimi.com" {
type master;
file "beimi.com.zone";
};
zone "king.com" {
type master;
file "king.com.zone";
};
【
zone "kun.com" { [kun是master的域名,本机作为kun.com的备域,重启服务【service named restart】后,主kun.com的信息被同步到kun.com.txt]
type slave;
masters {192.168.0.138;};
file "slaves/kun.com.txt";
};
】
vi named.conf
在顶头添加:
acl lan {192.168.0.0/24;};
修改:listen-on port 53 { localhost; };
allow-query { localhost; lan; };
service named restart 如果修改named.conf文件时格式出错,/var/named/chroot/etc/named.conf文件就消失了,直接编辑/etc/named.conf就可
linux机器上测试:host websrv.beimi.com localhost
windows机器上测试:修改IP设置的dns,然后 nslookup websrv.beimi.com【ipconfig/flushdns】
http配置:(DNS已经配置好,只需要配置web服务就可以)
cd /var/www
mkdir beimi
mkdir king
cd beimi
echo welcome to beimi >index.html
cd ../king
echo welcome to king >index.html
cd /etc/httpd/conf/httpd.conf
去掉NameVirtualHost的注释(相当于打开多虚拟主机功能)
在最下面添加:
<VirtualHost *:80>
DocumentRoot /var/www/beimi
ServerName www.beimi.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/king
ServerName www.king.com
</VirtualHost>
重启httpd服务:service httpd restart
www.king.com/news|testdir
setenforce 1(enforcing)的时候,每个目录、文件都有自己的标签。
echo welcome to newdir >index.html
mkdir /home/testdir/
echo welcome to home-testdir >/home/testdir/index.html
cd ..
ln -s /home/testdir testdir
ll -Zd /var/www/html
chcon -R -t httpd_sys_content_t /home/testdir
ll -Zd /var/www/html
直接进入目录,然后lftp,下载过程就直接继承了目录的se标签
测试,不要使用firefox,直接只用links就可以了
links www.king.com (ifcfg-eth0处的DNS1和DOMAIN需要进行配置)
控制目录的访问权限:
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.king.com
<directory /var/www/html/news>
order allow,deny
# order deny,allow
allow from .example.com
deny from 192.168.0.18
</directory>
</VirtualHost>
规则\order allow,denydeny,allow
only allow 允许 允许
only deny 拒绝 拒绝
allow,deny 拒绝 允许
没有定义 拒绝 允许
http启用https:
查看证书:
openssl x509 -in xxx.crt -noout -text
genkey www.king.com
ftp:考匿名下载功能的实现(还涉及防火墙开通)
主动模式(使用20的端口,服务器主动连接客户端)/被动模式(使用非20的端口,服务器被动接受客户端的连接)(和客户端有关系)
防火墙里面的机器就建议使用被动模式,主动模式下服务器无法连接客户端的(穿不透防火墙的)
ftp也是匿名用户
主动/被动模式却换
ftp x.x.x.x
ftp> passive
Passive mode off.
ftp> passive
Passive mode on.
上传:
vsftpd.conf打开
anon_upload_enable=YES
anon_mkdir_write_enable=YES
setfacl -m u:ftp:rwx /var/ftp/upload
getsebool -a|grep ftp
semanage boolean -l |grep ftp(有提示如何做)
chcon -t public_content_rw_t upload
setsebool -P allow_ftpd_anon_write on
setsebool -P ftp_home_dir on(允许用户切换到工作目录)
NFS:
cd /mnt/sdb1
1201 dir
1202 mkdir nfsdir1
1203 mkdir nfsdir2
1204 cd nfsdir1
1205 >k1
1206 >k2
1207 cd ../nfsdir2
1208 >k3
1209 >k4
1210 rpm -q nfs-utils
chkconfig --list nfs
1213 chkconfig nfs on
1214 service nfs start
rpcinfo -p
showmount -e localhost
service rpcbind status(5.0的时候叫portmap)nfs重启的时候,把自己使用的端口注册到rpcinfo
nfs启动后,rpcbind不能停止和重启,否则nfs都需要重启才能正常使用。
vi /etc/exports
/mnt/sdb1/nfsdir1 *(rw,sync,no_root_squash)
/mnt/sdb1/nfsdir2 *.example.com(rw) 192.168.0.200(ro) [export权限控制]
exportfs -r
exportfs -v
1236 showmount -e localhost
1237 cd /net
1238 cd 192.168.0.118
1239 dir
man exports
exportfs -au
exportfs -v
exportfs -a
exportfs -v
samba:(模拟windows共享)
yum -y install samba
chkconfig smb on
service smb start
chkconfig smb --list
useradd -s /sbin/nologin smbuser1
useradd -s /sbin/nologin smbuser2
useradd -s /sbin/nologin smbuser3
smbpasswd -a smbuser1
smbpasswd -a smbuser2
smbpasswd -a smbuser3
semanage boolean -l|grep samba
vi /etc/samba/smb.conf
setsebool -P samba_enable_home_dirs on [可以看到smbuser1/2/3的home目录]
smbclient -U smbuser1%klt8848 -L 192.168.0.118
vi /etc/samba/smb.conf
修改如下:
workgroup = WORKGROUP
hosts allow = 127. 192.168.0.
最后添加:
[public]
path = /mnt/sdb1/share
public = no
valid users=smbuser1 smbuser2
writable = yes
mkdir /mnt/sdb1/share
chcon -t samba_share_t /mnt/sdb1/share
ll -Zd /mnt/sdb1/share
drwxrwxr-x+ root root unconfined_u:object_r:samba_share_t:s0 /mnt/sdb1/share
service smb restart
setfacl -m u:smbuser1:rwx /mnt/sdb1/share 为share目录添加smbuser1/2的读写权限
setfacl -m u:smbuser2:rwx /mnt/sdb1/share
smbclient -U smbuser1 //192.168.0.118/public
iscsi:
yum -y install iscsi*
[root@desktop118 ~]# iscsiadm -m discovery -t st -p 192.168.0.254
Starting iscsid: [ OK ]
192.168.0.254:3260,1 iqn.2010-09.com.example:rdisks.server18
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -l
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -u
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -o delete
mail:
(SMTP/POP)
client haha@qq.com
smtp server
qq mail server
dns
smtp sina mail server
pop
xixi@sina.com
smtp工具:
5.0 6.0
sendmail postfix
rpm -q postfix
chkconfig --list postfix
service postfix status
nestat -antupe|grep :25
vi /etc/postfix/main.cf
inet_interfaces = all
service postfix restart
测试:
telnet 192.168.0.118 25
mail from:a@b.com
rcpt to:tom
data
ni hao ma kkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.
quit
.
quit
su - tom
mail
邮件转发:
vi /etc/aliases
添加:tom:king
newaliases
测试mail:
mail -s hello tom
how are you?
.
su - king
mail
pop端口:110
yum -y install dovecot
yum -y install bind
yum -y install bind-chroot【必须在bind后安装】
cd /var/named/chroot/var/named
cp -p named.localhost beimi.com.zone
追加:
websrv A 192.168.0.118
www CNAME websrv
cp -p named.localhost king.com.zone
追加:
king A 192.168.0.118
www CNAME king
cd /var/named/chroot/etc
vi named.rfc1912.zones
追加:
zone "beimi.com" {
type master;
file "beimi.com.zone";
};
zone "king.com" {
type master;
file "king.com.zone";
};
【
zone "kun.com" { [kun是master的域名,本机作为kun.com的备域,重启服务【service named restart】后,主kun.com的信息被同步到kun.com.txt]
type slave;
masters {192.168.0.138;};
file "slaves/kun.com.txt";
};
】
vi named.conf
在顶头添加:
acl lan {192.168.0.0/24;};
修改:listen-on port 53 { localhost; };
allow-query { localhost; lan; };
service named restart 如果修改named.conf文件时格式出错,/var/named/chroot/etc/named.conf文件就消失了,直接编辑/etc/named.conf就可
linux机器上测试:host websrv.beimi.com localhost
windows机器上测试:修改IP设置的dns,然后 nslookup websrv.beimi.com【ipconfig/flushdns】
http配置:(DNS已经配置好,只需要配置web服务就可以)
cd /var/www
mkdir beimi
mkdir king
cd beimi
echo welcome to beimi >index.html
cd ../king
echo welcome to king >index.html
cd /etc/httpd/conf/httpd.conf
去掉NameVirtualHost的注释(相当于打开多虚拟主机功能)
在最下面添加:
<VirtualHost *:80>
DocumentRoot /var/www/beimi
ServerName www.beimi.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/king
ServerName www.king.com
</VirtualHost>
重启httpd服务:service httpd restart
www.king.com/news|testdir
setenforce 1(enforcing)的时候,每个目录、文件都有自己的标签。
echo welcome to newdir >index.html
mkdir /home/testdir/
echo welcome to home-testdir >/home/testdir/index.html
cd ..
ln -s /home/testdir testdir
ll -Zd /var/www/html
chcon -R -t httpd_sys_content_t /home/testdir
ll -Zd /var/www/html
直接进入目录,然后lftp,下载过程就直接继承了目录的se标签
测试,不要使用firefox,直接只用links就可以了
links www.king.com (ifcfg-eth0处的DNS1和DOMAIN需要进行配置)
控制目录的访问权限:
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.king.com
<directory /var/www/html/news>
order allow,deny
# order deny,allow
allow from .example.com
deny from 192.168.0.18
</directory>
</VirtualHost>
规则\order allow,denydeny,allow
only allow 允许 允许
only deny 拒绝 拒绝
allow,deny 拒绝 允许
没有定义 拒绝 允许
http启用https:
查看证书:
openssl x509 -in xxx.crt -noout -text
genkey www.king.com
ftp:考匿名下载功能的实现(还涉及防火墙开通)
主动模式(使用20的端口,服务器主动连接客户端)/被动模式(使用非20的端口,服务器被动接受客户端的连接)(和客户端有关系)
防火墙里面的机器就建议使用被动模式,主动模式下服务器无法连接客户端的(穿不透防火墙的)
ftp也是匿名用户
主动/被动模式却换
ftp x.x.x.x
ftp> passive
Passive mode off.
ftp> passive
Passive mode on.
上传:
vsftpd.conf打开
anon_upload_enable=YES
anon_mkdir_write_enable=YES
setfacl -m u:ftp:rwx /var/ftp/upload
getsebool -a|grep ftp
semanage boolean -l |grep ftp(有提示如何做)
chcon -t public_content_rw_t upload
setsebool -P allow_ftpd_anon_write on
setsebool -P ftp_home_dir on(允许用户切换到工作目录)
NFS:
cd /mnt/sdb1
1201 dir
1202 mkdir nfsdir1
1203 mkdir nfsdir2
1204 cd nfsdir1
1205 >k1
1206 >k2
1207 cd ../nfsdir2
1208 >k3
1209 >k4
1210 rpm -q nfs-utils
chkconfig --list nfs
1213 chkconfig nfs on
1214 service nfs start
rpcinfo -p
showmount -e localhost
service rpcbind status(5.0的时候叫portmap)nfs重启的时候,把自己使用的端口注册到rpcinfo
nfs启动后,rpcbind不能停止和重启,否则nfs都需要重启才能正常使用。
vi /etc/exports
/mnt/sdb1/nfsdir1 *(rw,sync,no_root_squash)
/mnt/sdb1/nfsdir2 *.example.com(rw) 192.168.0.200(ro) [export权限控制]
exportfs -r
exportfs -v
1236 showmount -e localhost
1237 cd /net
1238 cd 192.168.0.118
1239 dir
man exports
exportfs -au
exportfs -v
exportfs -a
exportfs -v
samba:(模拟windows共享)
yum -y install samba
chkconfig smb on
service smb start
chkconfig smb --list
useradd -s /sbin/nologin smbuser1
useradd -s /sbin/nologin smbuser2
useradd -s /sbin/nologin smbuser3
smbpasswd -a smbuser1
smbpasswd -a smbuser2
smbpasswd -a smbuser3
semanage boolean -l|grep samba
vi /etc/samba/smb.conf
setsebool -P samba_enable_home_dirs on [可以看到smbuser1/2/3的home目录]
smbclient -U smbuser1%klt8848 -L 192.168.0.118
vi /etc/samba/smb.conf
修改如下:
workgroup = WORKGROUP
hosts allow = 127. 192.168.0.
最后添加:
[public]
path = /mnt/sdb1/share
public = no
valid users=smbuser1 smbuser2
writable = yes
mkdir /mnt/sdb1/share
chcon -t samba_share_t /mnt/sdb1/share
ll -Zd /mnt/sdb1/share
drwxrwxr-x+ root root unconfined_u:object_r:samba_share_t:s0 /mnt/sdb1/share
service smb restart
setfacl -m u:smbuser1:rwx /mnt/sdb1/share 为share目录添加smbuser1/2的读写权限
setfacl -m u:smbuser2:rwx /mnt/sdb1/share
smbclient -U smbuser1 //192.168.0.118/public
iscsi:
yum -y install iscsi*
[root@desktop118 ~]# iscsiadm -m discovery -t st -p 192.168.0.254
Starting iscsid: [ OK ]
192.168.0.254:3260,1 iqn.2010-09.com.example:rdisks.server18
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -l
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -u
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server18 -o delete
mail:
(SMTP/POP)
client haha@qq.com
smtp server
qq mail server
dns
smtp sina mail server
pop
xixi@sina.com
smtp工具:
5.0 6.0
sendmail postfix
rpm -q postfix
chkconfig --list postfix
service postfix status
nestat -antupe|grep :25
vi /etc/postfix/main.cf
inet_interfaces = all
service postfix restart
测试:
telnet 192.168.0.118 25
mail from:a@b.com
rcpt to:tom
data
ni hao ma kkkkkkkkkkkkkkkkkkkkkkkkkkkkkk.
quit
.
quit
su - tom
邮件转发:
vi /etc/aliases
添加:tom:king
newaliases
测试mail:
mail -s hello tom
how are you?
.
su - king
pop端口:110
yum -y install dovecot
扫一扫
828
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
