1、centos怎麼配置tomcat部署目錄下的某個文件夾使用到 https協議
特定的目錄實現https訪問
解決方案:<url-pattern>/login.html</url-pattern>
在web.xml文件中配置相應的路徑
<security-constraint><!-- Authorization setting for SSL --><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/login.html</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>
2、linux怎麼看http服務是否開啟
1、ps -ef
看有沒有類似httpd/nginx/tomcat之類的進程
2、netstat -ntlp
看看有沒有開啟80/8080之類的埠
3、iptables -nvL
檢查防火牆是否允許訪問80埠
3、centos6.5 squid代理服務埠怎麼設置
centos iptables 的input鏈默認只允許ssh、icmp以及內部環回埠通過。其餘鏈皆為ACCEPT。使用下述命令開放埠。 iptables -I INPUT -p tcp --dport 埠 -j ACCEPT iptables -I INPUT -p udp --dport 埠 -j ACCEPT /etc/rc.d/init.d/iptable.
4、怎樣在CentOS 7.0上安裝和配置VNC伺服器
1.檢查VNC客戶端和伺服器端是否已經安裝
執行如下命令:
[root@localhost ~]# rpm -qa vnc vnc-server
package vnc is not installed
package vnc-server is not installed
表示系統沒有安裝VNC服務端,那我們就用yum安裝VNC服務端。
[root@localhost ~]# yum -y install vnc vnc-server
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package tigervnc.i686 0:1.0.90-0.10.20100115svn3945.el6 set to be updated
---> Package tigervnc-server.i686 0:1.0.90-0.10.20100115svn3945.el6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================================
Installing:
tigervnc i686 1.0.90-0.10.20100115svn3945.el6 base 252 k
tigervnc-server i686 1.0.90-0.10.20100115svn3945.el6 base 1.1 M
Transaction Summary
=================================================================================================================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 1.3 M
Installed size: 3.6 M
Downloading Packages:
(1/2): tigervnc-1.0.90-0.10.20100115svn3945.el6.i686.rpm | 252 kB 00:00
(2/2): tigervnc-server-1.0.90-0.10.20100115svn3945.el6.i686.rpm | 1.1 MB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 137 kB/s | 1.3 MB 00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : tigervnc-1.0.90-0.10.20100115svn3945.el6.i686 1/2
Installing : tigervnc-server-1.0.90-0.10.20100115svn3945.el6.i686 2/2
Installed:
tigervnc.i686 0:1.0.90-0.10.20100115svn3945.el6 tigervnc-server.i686 0:1.0.90-0.10.20100115svn3945.el6
Complete!
啟動VNC Server服務:使用vncserver命令(在當前用戶主目錄下生成.vnc文件夾)
[root@localhost ~]# vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: creating new authority file /root/.Xauthority
New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:1.log
2. 在CentOS系統中將用戶名加入到配置文件中
編輯vncservers的配置文件
[root@localhost ~]# vi /etc/sysconfig/vncservers
# The VNCSERVERS variable is a list of display:user pairs.
#
# Uncomment the lines below to start a VNC server on display :2
# as my 'myusername' (adjust this to your own). You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see this URL:
# http://kbase.redhat.com/faq/docs/DOC-7028
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
# VNCSERVERS="2:myusername"
VNCSERVERS="2:root" #用戶名root
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
VNCSERVERARGS[2]="-geometry 1024x768" #尺寸大小
3.設置 root用戶的密碼
使用如下命令設置密碼:
[root@localhost ~]# vncpasswd
Password:abc123
Verify:abc123
當提示Verify時,再次輸入密碼確認。
4.啟動VNC服務
使用如下命令啟動VNC SERVER
[root@localhost ~]# /sbin/service vncserver start
正在啟動 VNC 伺服器:2:root
New 'localhost.localdomain:2 (root)' desktop is localhost.localdomain:2
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:2.log
[確定]
[root@localhost ~]#
當顯示如下信息時,表示啟動成功.
5.修改VNC SERVER的窗口治理器
vnc server默認使用的窗口治理器是twn,這是一個非常簡單的窗口治理器,我們可以改成常用的GNOME或者KDE。
先使用如下命令進入用戶的home目錄:cd /.vnc
編輯啟動項:vi xstartup
按照如下方式修改啟動項:
[root@localhost ~]# vi /root/.vnc/xstartup
#!/bin/sh
vncconfig -iconic &
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
OS=`uname -s`
if [ $OS = 'Linux' ]; then
case "$WINDOWMANAGER" in
*gnome*)
if [ -e /etc/SuSE-release ]; then
PATH=$PATH:/opt/gnome/bin
export PATH
fi
;;
esac
fi
if [ -x /etc/X11/xinit/xinitrc ]; then
exec /etc/X11/xinit/xinitrc
fi
if [ -f /etc/X11/xinit/xinitrc ]; then
exec sh /etc/X11/xinit/xinitrc
fi
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
gnome-session & #以GNOME作為VNC的窗口治理器
#startkde #kde desktop
#twm &
#twm # 注掉CentOS系統默認的窗口治理器
6.重啟VNC SERVER
當CentOS系統提示如下信息時,表示重啟成功
[root@localhost ~]# /sbin/service vncserver restart
關閉 VNC 伺服器:2:root [確定]
正在啟動 VNC 伺服器:2:root
New 'localhost.localdomain:2 (root)' desktop is localhost.localdomain:2
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:2.log
[確定]
查看VNC SERVER 監聽的埠:
[root@localhost ~]# netstat -antulp |grep 59
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3162/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 4193/Xvnc
tcp 0 0 0.0.0.0:59473 0.0.0.0:* LISTEN 1153/rpc.statd
tcp 0 0 :::5989 :::* LISTEN 1501/cimserver
tcp 0 0 :::5900 :::* LISTEN 3123/vino-server
tcp 0 0 ::ffff:192.168.0.124:5900 ::ffff:192.168.0.145:3072 ESTABLISHED 3123/vino-server
防火牆開放的埠:
[root@localhost ~]# /sbin/iptables -A INPUT -p tcp -m multiport
5、如何在CentOS配置Apache的HTTPS服務
(1)先按裝mod_ssl
yum install mod_ssl
完畢後在
/etc/httpd/conf.d/下會有一個ssl.conf的文件,打開
主要是看下證書及密鑰的位置
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
(2)生成密鑰,
進入/etc/pki/tls/private,
刪除原來的localhost.key
rm -f localhost.key
生成新的localhost.key:
openssl genrsa 1024 > localhost.key
返回到certs目錄
cd ../certs
刪除原來的證書
rm -rf localhost.crt
生成新的
openssl req -new -x509 -days 365 -key ../private/localhost.key -out
localhost.crt
填寫需要填寫的信息,證書就生成了
這里為什麼要用localhost.crt這樣的名子,是因為在ssl.conf就是這樣子指定的,這兩個地方要一樣。
重啟apache,配置結束
現在就可以通過https訪問網站
可能需要開發埠443號:iptables -I INPUT -p TCP --dport 443 -j ACCEPT
更多詳細信息可參考,
http://www.4byte.cn/learning/120027/ru-he-zai-centos-pei--apache-de-https-fu-wu.html
6、在虛擬機中安裝了centos 如何實現http服務
你虛擬機上裝完centos還需要在centos上安裝apache就可以提供http服務了,
7、Linux Centos 怎麼安裝更新根證書實現支持https訪問
第一步、 安裝系統及所需工具
1. 使用最小化安裝盤安裝系統,設置好網路環境配置信息
2. 安裝所需工具包
# yum install openssh-server
# yum install wget
# yum update
# yum install setuptool
系統服務配置 # yum install ntsysv
安裝網路配置 # yum install system-config-network-tui
防火牆配置 # yum install system-config-firewall
# yum -y install gcc gcc-c++ autoconf make
# yum -y install vim
關機備份 # shutdown -h now
二、安裝openssl
切換到/tmp目錄下(安裝約定軟體全放在此目錄下)
cd /tmp
# tar zxvf openssl-1.0.0a.tar.gz
# cd openssl-1.0.0a
# ./config --prefix=/usr/local/openssl
# make && make install
三、創建證書
1.解壓工具包
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
2.創建根證書
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long molus
....++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
Self-sign the root CA...
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:cn
State or Province Name (full name) [Perak]:cn
Locality Name (eg, city) [Sitiawan]:cn
Organization Name (eg, company) [My Directory Sdn Bhd]:cn
Organizational Unit Name (eg, section) [Certification Services Division]:cn
Common Name (eg, MD Root CA) []:172.16.17.132 //這里填站點域名,我是測試的就填ip
Email Address []:[email protected]
這個過程要設置證書密碼,要記住這個密碼後面要用到,還有證書的其它信息:國家、地區、公司名稱,域名,郵箱等,這些信息也要記住,與後面創建的證書主體信息一致
3.創建伺服器證書
# ./new-server-cert.sh server
...
即創建一個名為server的伺服器證書,主體信息與上面的一致就可,我這里就不貼出來了
簽名剛才生成的伺服器證書
# ./sign-server-cert.sh server
這個過程要輸入根證書密碼,後面都選Y即可
4.創建客戶端證書,如果是單向認證,這一步可以跳過
# ./new-user-cert.sh client
...
這里要注意證書信息不能與其它證書完全一樣,這里修改Email與伺服器證書不一樣就行
簽名客戶端證書
# ./sign-user-cert.sh client
轉換成p12格式證書,這樣才能在瀏覽器上安裝
# ./p12.sh client
下載並安裝client.p12證書
關機備份 # shutdown -h now
三、安裝Apache及其所需依賴軟體
# tar zxvf httpd-2.2.23.tar.gz
# cd httpd-2.2.23
# ./configure --prefix=/usr/local/apache \
--enable-ssl \
--enable-rewrite \
--enable-so \
--with-ssl=/usr/local/openssl
# make && make install
可以啟動httpd看看,啟動命令是/usr/local/apache/bin/apachectl start,在瀏覽器中訪問看看,顯示 It workds!說明安裝成功了
四、配置httpd
1.修改httpd.conf
#Include conf/extra/httpd-ssl.conf 把這句前面的#去掉
2.將前面生成的證書拷貝到conf/ssl 下
# mkdir ssl
# cd ssl
# cp /tmp/ssl.ca-0.1/ca.crt ./
# cp /tmp/ssl.ca-0.1/server.* ./
2.修改httpd-ssl.conf
SSLCertificateFile 「/usr/local/apache/conf/ssl/server.crt」
SSLCertificateKeyFile 「/usr/local/apache/conf/ssl/server.key」
下面是開啟客戶端認證,如果是單向認證就不用開啟了
SSLCACertificateFile 「/usr/local/apache/conf/ssl/ca.crt」
SSLVerifyClient require
SSLVerifyDepth 10
五、重啟httpd
[root@localhost extra]# ../../bin/apachectl -t
Syntax OK
[root@localhost extra]# ../../bin/apachectl stop
[root@localhost extra]# ../../bin/apachectl -D SSL -k start
六、安裝並配置MySQL
1、安裝Mysql
添加一個mysql標准組
# groupadd mysql
添加mysql用戶並加到mysql組中
# useradd -g mysql mysql
# tar zxvf mysql-5.0.45.tar.gz
# cd mysql-5.0.45
# ./configure \
--prefix=/usr/local/mysql/ \
--with-extra-charsets=all
出現錯誤:
checking for tgetent in -lncurses... no
checking for tgetent in -lcurses... no
checking for tgetent in -ltermcap... no
checking for tgetent in -ltinfo... no
checking for termcap functions library... configure: error: No curses/termcap library found
分析:缺少ncurses安裝包
解決:
# yum install ncurses-devel
# make && make install
2、配置Mysql
創建MySQL資料庫伺服器的配置文件
# cp support-files/my-medium.cnf /etc/my.cnf
用mysql用戶創建授權表,創建成功後,會在/usr/local/mysql目錄下生成一個var目錄
# /usr/local/mysql/bin/mysql_install_db --user=mysql
將文件的所有屬性改為root用戶
# chown -R root /usr/local/mysql
將數據目錄的所有屬性改為mysql用戶
# chown -R mysql /usr/local/mysql/var
將組屬性改為mysql組
# chgrp -R mysql /usr/local/mysql
啟動資料庫
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
查看3306埠是否開啟
# netstat -tnl|grep 3306
簡單的測試
# /usr/local/mysql/bin/mysqladmin version
查看所有mysql參數
# /usr/local/mysql/bin/mysqladmin variables
設置Mysql開機自啟動
# cp /tmp/mysql-5.0.45/support-files/mysql.server /etc/rc.d/init.d/mysqld
# chown root.root /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --list mysqld
# chkconfig --levels 245 mysqld off
3、Mysql安全性設置
沒有密碼可以直接登錄本機伺服器
# /usr/local/mysql/bin/mysql -u root
查看mysql用戶許可權信息
mysql> select * from mysql.user;
刪除非localhost的主機
mysql> DELETE FROM mysql.user WHERE Host='localhost' AND User='';
刷新授權表
mysql> FLUSH PRIVILEGES;
為root用戶添加密碼
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yuwan1986');
再次進入Mysql客戶端
# /usr/local/mysql/bin/mysql -u root -h localhost -p
關閉MySQL資料庫
# /usr/local/mysql/bin/mysqladmin -u root -p shutdown
七、 安裝和配置php
# tar zxvf php-5.2.6.tar.gz
# cd /tmp/php-5.2.6
# ./configure \
--prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql/
# make && make install
出現依賴錯誤,直接使用yum安裝即可
# yum -y install libxml2 libxml2-devel
簡單配置PHP
cp ./php.ini-dist /usr/local/php/etc/php.ini
使用vi編輯apache配置文件
# vim /usr/local/apache/conf/httpd.conf
添加這一條代碼
Addtype application/x-httpd-php .php .phtml
重啟Apache
# /usr/local/apache/bin/apachectl restart
簡單測試一下對PHP的支持
八、安裝安裝phpMyAdmin
1. 拷貝目錄到指定位置並改名為phpmyadmin
# tar zxvf phpMyAdmin-3.3.4-all-languages.tar.gz
# cp -a phpMyAdmin-3.3.4-all-languages /usr/local/apache/htdocs/phpmyadmin
# cd /usr/local/apache/htdocs/phpmyadmin/
# cp config.sample.inc.php config.inc.php
2. 配置phpMyAdmin
# vim /usr/local/apache/htdocs/phpmyadmin/config.inc.php
將auth_type 改為http
$cfg['Servers'][$i]['auth_type'] = 'http';
最後設置開機啟動項:
編輯開機啟動文件# vim /etc/rc.d/rc.local添加
service mysqld start
/usr/local/apache/bin/apachectl -D SSL -k start
至此簡單配置完成,可以安裝到伺服器上了
8、Linux Centos 怎麼安裝更新根證書實現支持https訪問
第一步、 安裝系統及所需工具1. 使用最小化安裝盤安裝系統,設置好網路環境配置信息
2. 安裝所需工具包
# yum install openssh-server
# yum install wget
# yum update
# yum install setuptool
系統服務配置 # yum install ntsysv
安裝網路配置 # yum install system-config-network-tui
防火牆配置 # yum install system-config-firewall
# yum -y install gcc gcc-c++ autoconf make
# yum -y install vim
關機備份 # shutdown -h now
二、安裝openssl
切換到/tmp目錄下(安裝約定軟體全放在此目錄下)
cd /tmp
# tar zxvf openssl-1.0.0a.tar.gz
# cd openssl-1.0.0a
# ./config --prefix=/usr/local/openssl
# make && make install
三、創建證書
1.解壓工具包
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
2.創建根證書
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long molus
....++++++
9、如何在CentOS 7上安裝和osquitto MQTT消息傳遞代理
方法/步驟 1 打開虛擬機軟體「VMware」,選擇「創建新的虛擬機」; 2 選擇「自定義(高級)」選項,點擊「下一步」; 3 在「硬體兼容性」處選擇最高的版本,我這里是「Workstation 10.0」,點擊「下一步」
10、CentOS上安裝軟體錯誤提示:configure: error: no acceptable C compiler found in $PATH
因為是centos linux,默認可以採用yum方式安裝,則採用如下命令安裝gcc編譯器即可:
# yum -y install gcc
安裝更新了如下幾個組件:
gcc 4.1.2-44.el5
binutils 2.17.50.0.6-9.el5
cpp 4.1.2-44.el5
glibc-devel 2.5-34.el5_3.1
glibc-headers 2.5-34.el5_3.1
kernel-headers 2.6.18-164.el5
libgomp 4.3.2-7.el5