linux--老版本配置记录回顾(2022老版本配置服务器)红帽企业版网络配置--centos7配置DHCP DNS绑定域名 FTP HTTP(apache) nginx samba

简介: linux网络

简介

滚动性教程 随着工具更迭 教程会针对实际作用进行更新 优化
支持投稿

滚动更新

2022.5.8 update

dnf 逐渐在取代yum (考虑到有萌新 )

理解为用一个旧版的下载器去下载一个新的 默认要逐步习惯 实际上在入门阶段没有区别 习惯与熟练度为主

yum install -y dnf 
dnsmasq download
environment

验证方式
kali->client

apt-get -y install dnsutils

centos ->server

dns install dnsmasq
systemctl start dnsmasq
systemctl enable dnsmasq
systemctl status dnsmasq

基础环境

vmware

这边我选择使用vmware演示 实际上docker 更为合适

云服务

氪金大佬直接买 因为你是学习的 买最便宜的就够了

主机

[刻录]

如果会写shell脚本可以直接把以下代码加以修改 变成装机大师.sh

要注意ip 客户端id 端口 网关一类个人本地配置

DHCP

[配置网络可以看这里]

yum -y install dhcp #下载服务
vim /etc/dhcp/dhcpd.conf 
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
ddns-update-style none;
log-facility local7;
​
subnet 192.168.125.0 netmask 255.255.255.0 {     # 管理192.168.125.0/24子网
    range 192.168.125.50 192.168.125.250;       # ip地址的分配范围
    option routers 192.168.125.254;               # 网关地址
    option domain-name-servers 192.168.125.254;   # 域名服务器地址
    option broadcast-address 192.168.125.255;     # 广播地址
    default-lease-time 600;                       # 默认超时时间
    max-lease-time 7200;                          # 最大超时时间
}

分配固定ip则在之前的配置文件之后增加以下内容

host 自定义主机名 {                                # 指定要固定的主机
     hardware ethernet (这里写mac地址);    # 指定主机的mac地址
     fixed-address 192.168.125.(选择固定范围不能在之前规定的50到250);           # 指定要分配的ip地址(此处的ip地址不能再range的范围内)
}
systemctl enable dhcpd.service           # 设置dhcp服务开机自启
systemctl start dhcpd.service            # 设置dhcp服务开启
systemctl restart dhcpd.service                 # 重启服务

客户端设置为dhcp启动 (此验证是在centos7)

vi /etc/svsconfig/network-scripts/ifcfg-ens33
DEVICE=ens33
ONBOOT=yes
BOOTPROTO=dhcp

DNS

配置文件

yum install -y bind bind-chroot
vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
    listen-on port 53 { any; };            
    /*
    # 监听server上所有的网卡(为了将服务提供给所有主机)
    */
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };             
    /* 
    # 接收来自任意地方的dns查询请求
    */
    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
     recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;
    dnssec-enable yes;
    dnssec-validation no;              /*# 设置为no,防止seliunx干扰*/
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
    type hint;
    file "named.ca";
};
include "/etc/named.125.zones";       /*# 指定我们的主要配置文件*/
include "/etc/named.root.key";
vi /etc/named.125.zones
zone "rhel.com" IN {                        # 正向解析
    type master;
    file "rhel.com.zone";
    allow-update {none;};
};

zone "125.168.192.in-addr.arpa" IN {        # 反向解析  这注释不要写进去
    type master;
    file "192.168.125.loopback";
    allow-update {none;};
};

解析

cp /var/named/named.localhost /var/named/rhel.com.zone   # 正向解析清单
vim /var/named/rhel.com.zone
$TTL 1D
@   IN SOA  @ root.rhel.com. (                         # 指定为rhel.com域   注释不要写进去
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum

@ IN NS server.rhel.com                                # 指定DNS解析服务器的地址
server IN A 192.168.125.20                             # A类解析,从域名解析到ipv4地址
cp /var/named/named.loopback /var/named/192.168.125.loopback  # 反向解析清单
vim /var/named/192.168.125.loopback
$TTL 1D
@   IN SOA  @ root.rhel.com. (                         # 指定为rhel.com域
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
@ IN NS server.rhel.com                                # 指定DNS解析服务器的地址
20  IN PTR server.rhel.com.                            # PTR类解析,从ip反向解析为域名
25  IN PTR client.rhel.com.
100 IN PTR windows.rhel.com.

再次配置

firewall-cmd --add-service=dns --permanent                    # 防火墙放行dns的服务器访问
firewall-cmd --reload
chown :named /var/named/192.168.125.loopback
chown :named /var/named/rhel.com.zone 
chown :named /etc/named.125.zones
systemctl enable named
systemctl start named
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.125.20
nameserver 192.168.125.254

test(使用客户端)

nslookup
> server
> exit
dig windows.rhel.com

HTTP

yum install -y httpd
systemctl enable httpd
systemctl start httpd
firewall-cmd --add-service=http --permanent 
firewall-cmd --reload 
vim /var/www/html/index.html      # 写一个html页面 
mkdir /var/www/html/server
vim /var/www/html/server/index.html #自己写
mkdir /var/www/html/test
touch /var/www/html/test/1.html
vim /etc/httpd/conf.d/vhost.conf          # 虚拟站点配置
<Virtualhost 192.168.125.20 >                              # 绑定的ip地址
    DocumentRoot /var/www/html/server                      # 网站的根目录
    ServerName server.rhel.com                             # 访问的时候填写的域名
</Virtualhost>

<Directory "/var/www/html/server">
    AllowOverride None
    Order deny,allow                                       # 默认允许所有客户端访问
    deny from 192.168.125.100                              # 禁止192.168.125.100主机访问
</Directory>

<Virtualhost 192.168.125.20 >
    DocumentRoot /var/www/html
    ServerName 192.168.125.20                              # 当使用ip 的方式进行访问
</Virtualhost>

Alias /hello "/var/www/html/test"                          # 将原本应该是192.168.125.20/test通过虚拟目录的方式,修改了192.168.125.20/hello
<Directory "/var/www/html/test">
    AllowOverride None
    Order deny,allow
</Directory>

FTP

yum install -y vsftpd                      # ftp的服务端
                                                                        # 客户端
# redhat
yum install -y  ftp
# debian
sudo apt-get -y ftp
# window
从设置里面添加服务

配置

firewall-cmd --add-service=ftp --permanent 
firewall-cmd --reload 
systemctl start vsftpd
touch /var/ftp/pub/test.txt
vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
anon_root=/var/www/html                              # 匿名用户登录ftp默认显示的位置(需要处理一下selinux)
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

samba

yum install samba -y
cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
echo > /etc/samba/smb.conf
vim /etc/samba/smb.conf
[public]                                 # 共享名

    comment=public                       # 备注信息

    path=/public                         # 共享的目录(绝对路径)

    public=yes                           # 是否允许匿名访问

    writable=yes                         # 是否可以有写入的操作(还有文件本身的权限要考虑)

#   valid users=smbuser                  # 设置可以使用此共享的用户

#   hosts allow=192.168.125.             # 允许来自192.168.125.0网络的用户访问

#   hosts deny=192.168.125.50            # 不允许来自192.168.125.50网络的用户访问
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
setenforce 0
systemctl start smb
mkdir /public
useradd smbuser
smbpasswd -a smbuser
chown smbuser:smbuser /public

为了方便使用centos7(一样的镜像当客户端测试)

 yum install -y samba-client cifs-utils
 smbclient //192.168.125.20/public
 Enter SAMBA\root's password: 

Anonymous login successful

Try "help" to get a list of possible commands.

smb: \> ls
mkdir /mnt/samba
mount -t cifs //192.168.125.20/public /mnt/samba -o username=smbuser

Password for smbuser@//192.168.125.20/public:  *******

nginx

download
dnf -y install nginx
# 开启服务 开机自启
systemctl start nginx.service 
systemctl enable nginx.service 
systemctl status nginx.service

# 配置文件  默认即可用  大佬可修改
/etc/nginx/               #nginx的配置目录
/etc/nginx/nginx.conf/    #nginx的主配置文件
/usr/share/nginx/         #默认存放网页的目录
目录
相关文章
|
存储 缓存 网络协议
阿里云特惠云服务器99元与199元配置与性能和适用场景解析:高性价比之选
2025年,阿里云长效特惠活动继续推出两款极具吸引力的特惠云服务器套餐:99元1年的经济型e实例2核2G云服务器和199元1年的通用算力型u1实例2核4G云服务器。这两款云服务器不仅价格亲民,而且性能稳定可靠,为入门级用户和普通企业级用户提供了理想的选择。本文将对这两款云服务器进行深度剖析,包括配置介绍、实例规格、使用场景、性能表现以及购买策略等方面,帮助用户更好地了解这两款云服务器,以供参考和选择。
|
存储 缓存 负载均衡
阿里云服务器实例选择指南:热门实例性能、适用场景解析对比参考
2025年,在阿里云的活动中,主售的云服务器实例规格除了轻量应用服务器之外,还有经济型e、通用算力型u1、计算型c8i、通用型g8i、计算型c7、计算型c8y、通用型g7、通用型g8y、内存型r7、内存型r8y等,以满足不同用户的需求。然而,面对众多实例规格,用户往往感到困惑,不知道如何选择。本文旨在全面解析阿里云服务器实例的各种类型,包括经济型、通用算力型、计算型、通用型和内存型等,以供参考和选择。
|
10月前
|
存储 域名解析 弹性计算
阿里云上云流程参考:云服务器+域名+备案+域名解析绑定,全流程图文详解
对于初次通过阿里云完成上云的企业和个人用户来说,很多用户不仅是需要选购云服务器,同时还需要注册域名以及完成备案和域名的解析相关流程,从而实现网站的上线。本文将以上云操作流程为核心,结合阿里云的活动政策与用户系统梳理云服务器选购、域名注册、备案申请及域名绑定四大关键环节,以供用户完成线上业务部署做出参考。
利用Private Zone DNS - 搭建AD但不搭建DNS服务器如何加域
利用Private Zone DNS - 搭建AD但不搭建DNS服务器如何加域
利用Private Zone DNS - 搭建AD但不搭建DNS服务器如何加域
|
存储 弹性计算 安全
阿里云服务器ECS通用型规格族解析:实例规格、性能基准与场景化应用指南
作为ECS产品矩阵中的核心序列,通用型规格族以均衡的计算、内存、网络和存储性能著称,覆盖从基础应用到高性能计算的广泛场景。通用型规格族属于独享型云服务器,实例采用固定CPU调度模式,实例的每个CPU绑定到一个物理CPU超线程,实例间无CPU资源争抢,实例计算性能稳定且有严格的SLA保证,在性能上会更加稳定,高负载情况下也不会出现资源争夺现象。本文将深度解析阿里云ECS通用型规格族的技术架构、实例规格特性、最新价格政策及典型应用场景,为云计算选型提供参考。
|
存储 机器学习/深度学习 人工智能
阿里云服务器第八代通用型g8i实例评测:性能与适用场景解析
阿里云服务器通用型g8i实例怎么样?g8i实例采用CIPU+飞天技术架构,并搭载最新的Intel 第五代至强可扩展处理器(代号EMR),不仅性能得到大幅提升,同时还拥有AMX加持的AI能力增强,以及全球范围内率先支持的TDX机密虚拟机能力。这些特性使得g8i实例在AI增强和全面安全防护两大方面表现出色,尤其适用于在线音视频及AI相关应用。本文将深入探讨g8i实例的产品特性、优势、适用场景及规格族,以帮助您更好地了解这款产品,以供参考和选择。
|
网络协议 安全 Linux
阿里云服务器国际站dns服务器不可用怎么办?dns可以随便改吗?
阿里云服务器国际站dns服务器不可用怎么办?dns可以随便改吗?
5311 0
|
设计模式 存储 安全
【23种设计模式·全精解析 | 创建型模式篇】5种创建型模式的结构概述、实现、优缺点、扩展、使用场景、源码解析
结构型模式描述如何将类或对象按某种布局组成更大的结构。它分为类结构型模式和对象结构型模式,前者采用继承机制来组织接口和类,后者釆用组合或聚合来组合对象。由于组合关系或聚合关系比继承关系耦合度低,满足“合成复用原则”,所以对象结构型模式比类结构型模式具有更大的灵活性。 结构型模式分为以下 7 种: • 代理模式 • 适配器模式 • 装饰者模式 • 桥接模式 • 外观模式 • 组合模式 • 享元模式
929 140
【23种设计模式·全精解析 | 创建型模式篇】5种创建型模式的结构概述、实现、优缺点、扩展、使用场景、源码解析
|
算法 测试技术 C语言
深入理解HTTP/2:nghttp2库源码解析及客户端实现示例
通过解析nghttp2库的源码和实现一个简单的HTTP/2客户端示例,本文详细介绍了HTTP/2的关键特性和nghttp2的核心实现。了解这些内容可以帮助开发者更好地理解HTTP/2协议,提高Web应用的性能和用户体验。对于实际开发中的应用,可以根据需要进一步优化和扩展代码,以满足具体需求。
1517 29
|
前端开发 数据安全/隐私保护 CDN
二次元聚合短视频解析去水印系统源码
二次元聚合短视频解析去水印系统源码
599 4

推荐镜像

更多