1、centos怎么配置tomcat部署目录下的某个文件夹使用到 https协议
特定的目录实现https访问
解决方案:<url-pattern>/login.html</url-pattern>
在web.xml文件中配置相应的路径
<security-constraint><!-- Authorization setting for SSL --><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/login.html</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>
2、linux怎么看http服务是否开启
1、ps -ef
看有没有类似httpd/nginx/tomcat之类的进程
2、netstat -ntlp
看看有没有开启80/8080之类的端口
3、iptables -nvL
检查防火墙是否允许访问80端口
3、centos6.5 squid代理服务端口怎么设置
centos iptables 的input链默认只允许ssh、icmp以及内部环回端口通过。其余链皆为ACCEPT。使用下述命令开放端口。 iptables -I INPUT -p tcp --dport 端口 -j ACCEPT iptables -I INPUT -p udp --dport 端口 -j ACCEPT /etc/rc.d/init.d/iptable.
4、怎样在CentOS 7.0上安装和配置VNC服务器
1.检查VNC客户端和服务器端是否已经安装
执行如下命令:
[root@localhost ~]# rpm -qa vnc vnc-server
package vnc is not installed
package vnc-server is not installed
表示系统没有安装VNC服务端,那我们就用yum安装VNC服务端。
[root@localhost ~]# yum -y install vnc vnc-server
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* updates: mirrors.163.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package tigervnc.i686 0:1.0.90-0.10.20100115svn3945.el6 set to be updated
---> Package tigervnc-server.i686 0:1.0.90-0.10.20100115svn3945.el6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================================
Installing:
tigervnc i686 1.0.90-0.10.20100115svn3945.el6 base 252 k
tigervnc-server i686 1.0.90-0.10.20100115svn3945.el6 base 1.1 M
Transaction Summary
=================================================================================================================================================================================
Install 2 Package(s)
Upgrade 0 Package(s)
Total download size: 1.3 M
Installed size: 3.6 M
Downloading Packages:
(1/2): tigervnc-1.0.90-0.10.20100115svn3945.el6.i686.rpm | 252 kB 00:00
(2/2): tigervnc-server-1.0.90-0.10.20100115svn3945.el6.i686.rpm | 1.1 MB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 137 kB/s | 1.3 MB 00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : tigervnc-1.0.90-0.10.20100115svn3945.el6.i686 1/2
Installing : tigervnc-server-1.0.90-0.10.20100115svn3945.el6.i686 2/2
Installed:
tigervnc.i686 0:1.0.90-0.10.20100115svn3945.el6 tigervnc-server.i686 0:1.0.90-0.10.20100115svn3945.el6
Complete!
启动VNC Server服务:使用vncserver命令(在当前用户主目录下生成.vnc文件夹)
[root@localhost ~]# vncserver
You will require a password to access your desktops.
Password:
Verify:
xauth: creating new authority file /root/.Xauthority
New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:1.log
2. 在CentOS系统中将用户名加入到配置文件中
编辑vncservers的配置文件
[root@localhost ~]# vi /etc/sysconfig/vncservers
# The VNCSERVERS variable is a list of display:user pairs.
#
# Uncomment the lines below to start a VNC server on display :2
# as my 'myusername' (adjust this to your own). You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see this URL:
# http://kbase.redhat.com/faq/docs/DOC-7028
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
# VNCSERVERS="2:myusername"
VNCSERVERS="2:root" #用户名root
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
VNCSERVERARGS[2]="-geometry 1024x768" #尺寸大小
3.设置 root用户的密码
使用如下命令设置密码:
[root@localhost ~]# vncpasswd
Password:abc123
Verify:abc123
当提示Verify时,再次输入密码确认。
4.启动VNC服务
使用如下命令启动VNC SERVER
[root@localhost ~]# /sbin/service vncserver start
正在启动 VNC 服务器:2:root
New 'localhost.localdomain:2 (root)' desktop is localhost.localdomain:2
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:2.log
[确定]
[root@localhost ~]#
当显示如下信息时,表示启动成功.
5.修改VNC SERVER的窗口治理器
vnc server默认使用的窗口治理器是twn,这是一个非常简单的窗口治理器,我们可以改成常用的GNOME或者KDE。
先使用如下命令进入用户的home目录:cd /.vnc
编辑启动项:vi xstartup
按照如下方式修改启动项:
[root@localhost ~]# vi /root/.vnc/xstartup
#!/bin/sh
vncconfig -iconic &
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
OS=`uname -s`
if [ $OS = 'Linux' ]; then
case "$WINDOWMANAGER" in
*gnome*)
if [ -e /etc/SuSE-release ]; then
PATH=$PATH:/opt/gnome/bin
export PATH
fi
;;
esac
fi
if [ -x /etc/X11/xinit/xinitrc ]; then
exec /etc/X11/xinit/xinitrc
fi
if [ -f /etc/X11/xinit/xinitrc ]; then
exec sh /etc/X11/xinit/xinitrc
fi
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
gnome-session & #以GNOME作为VNC的窗口治理器
#startkde #kde desktop
#twm &
#twm # 注掉CentOS系统默认的窗口治理器
6.重启VNC SERVER
当CentOS系统提示如下信息时,表示重启成功
[root@localhost ~]# /sbin/service vncserver restart
关闭 VNC 服务器:2:root [确定]
正在启动 VNC 服务器:2:root
New 'localhost.localdomain:2 (root)' desktop is localhost.localdomain:2
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/localhost.localdomain:2.log
[确定]
查看VNC SERVER 监听的端口:
[root@localhost ~]# netstat -antulp |grep 59
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3162/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 4193/Xvnc
tcp 0 0 0.0.0.0:59473 0.0.0.0:* LISTEN 1153/rpc.statd
tcp 0 0 :::5989 :::* LISTEN 1501/cimserver
tcp 0 0 :::5900 :::* LISTEN 3123/vino-server
tcp 0 0 ::ffff:192.168.0.124:5900 ::ffff:192.168.0.145:3072 ESTABLISHED 3123/vino-server
防火墙开放的端口:
[root@localhost ~]# /sbin/iptables -A INPUT -p tcp -m multiport
5、如何在CentOS配置Apache的HTTPS服务
(1)先按装mod_ssl
yum install mod_ssl
完毕后在
/etc/httpd/conf.d/下会有一个ssl.conf的文件,打开
主要是看下证书及密钥的位置
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
(2)生成密钥,
进入/etc/pki/tls/private,
删除原来的localhost.key
rm -f localhost.key
生成新的localhost.key:
openssl genrsa 1024 > localhost.key
返回到certs目录
cd ../certs
删除原来的证书
rm -rf localhost.crt
生成新的
openssl req -new -x509 -days 365 -key ../private/localhost.key -out
localhost.crt
填写需要填写的信息,证书就生成了
这里为什么要用localhost.crt这样的名子,是因为在ssl.conf就是这样子指定的,这两个地方要一样。
重启apache,配置结束
现在就可以通过https访问网站
可能需要开发端口443号:iptables -I INPUT -p TCP --dport 443 -j ACCEPT
更多详细信息可参考,
http://www.4byte.cn/learning/120027/ru-he-zai-centos-pei--apache-de-https-fu-wu.html
6、在虚拟机中安装了centos 如何实现http服务
你虚拟机上装完centos还需要在centos上安装apache就可以提供http服务了,
7、Linux Centos 怎么安装更新根证书实现支持https访问
第一步、 安装系统及所需工具
1. 使用最小化安装盘安装系统,设置好网络环境配置信息
2. 安装所需工具包
# yum install openssh-server
# yum install wget
# yum update
# yum install setuptool
系统服务配置 # yum install ntsysv
安装网络配置 # yum install system-config-network-tui
防火墙配置 # yum install system-config-firewall
# yum -y install gcc gcc-c++ autoconf make
# yum -y install vim
关机备份 # shutdown -h now
二、安装openssl
切换到/tmp目录下(安装约定软件全放在此目录下)
cd /tmp
# tar zxvf openssl-1.0.0a.tar.gz
# cd openssl-1.0.0a
# ./config --prefix=/usr/local/openssl
# make && make install
三、创建证书
1.解压工具包
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
2.创建根证书
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long molus
....++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
Self-sign the root CA...
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:cn
State or Province Name (full name) [Perak]:cn
Locality Name (eg, city) [Sitiawan]:cn
Organization Name (eg, company) [My Directory Sdn Bhd]:cn
Organizational Unit Name (eg, section) [Certification Services Division]:cn
Common Name (eg, MD Root CA) []:172.16.17.132 //这里填站点域名,我是测试的就填ip
Email Address []:[email protected]
这个过程要设置证书密码,要记住这个密码后面要用到,还有证书的其它信息:国家、地区、公司名称,域名,邮箱等,这些信息也要记住,与后面创建的证书主体信息一致
3.创建服务器证书
# ./new-server-cert.sh server
...
即创建一个名为server的服务器证书,主体信息与上面的一致就可,我这里就不贴出来了
签名刚才生成的服务器证书
# ./sign-server-cert.sh server
这个过程要输入根证书密码,后面都选Y即可
4.创建客户端证书,如果是单向认证,这一步可以跳过
# ./new-user-cert.sh client
...
这里要注意证书信息不能与其它证书完全一样,这里修改Email与服务器证书不一样就行
签名客户端证书
# ./sign-user-cert.sh client
转换成p12格式证书,这样才能在浏览器上安装
# ./p12.sh client
下载并安装client.p12证书
关机备份 # shutdown -h now
三、安装Apache及其所需依赖软件
# tar zxvf httpd-2.2.23.tar.gz
# cd httpd-2.2.23
# ./configure --prefix=/usr/local/apache \
--enable-ssl \
--enable-rewrite \
--enable-so \
--with-ssl=/usr/local/openssl
# make && make install
可以启动httpd看看,启动命令是/usr/local/apache/bin/apachectl start,在浏览器中访问看看,显示 It workds!说明安装成功了
四、配置httpd
1.修改httpd.conf
#Include conf/extra/httpd-ssl.conf 把这句前面的#去掉
2.将前面生成的证书拷贝到conf/ssl 下
# mkdir ssl
# cd ssl
# cp /tmp/ssl.ca-0.1/ca.crt ./
# cp /tmp/ssl.ca-0.1/server.* ./
2.修改httpd-ssl.conf
SSLCertificateFile “/usr/local/apache/conf/ssl/server.crt”
SSLCertificateKeyFile “/usr/local/apache/conf/ssl/server.key”
下面是开启客户端认证,如果是单向认证就不用开启了
SSLCACertificateFile “/usr/local/apache/conf/ssl/ca.crt”
SSLVerifyClient require
SSLVerifyDepth 10
五、重启httpd
[root@localhost extra]# ../../bin/apachectl -t
Syntax OK
[root@localhost extra]# ../../bin/apachectl stop
[root@localhost extra]# ../../bin/apachectl -D SSL -k start
六、安装并配置MySQL
1、安装Mysql
添加一个mysql标准组
# groupadd mysql
添加mysql用户并加到mysql组中
# useradd -g mysql mysql
# tar zxvf mysql-5.0.45.tar.gz
# cd mysql-5.0.45
# ./configure \
--prefix=/usr/local/mysql/ \
--with-extra-charsets=all
出现错误:
checking for tgetent in -lncurses... no
checking for tgetent in -lcurses... no
checking for tgetent in -ltermcap... no
checking for tgetent in -ltinfo... no
checking for termcap functions library... configure: error: No curses/termcap library found
分析:缺少ncurses安装包
解决:
# yum install ncurses-devel
# make && make install
2、配置Mysql
创建MySQL数据库服务器的配置文件
# cp support-files/my-medium.cnf /etc/my.cnf
用mysql用户创建授权表,创建成功后,会在/usr/local/mysql目录下生成一个var目录
# /usr/local/mysql/bin/mysql_install_db --user=mysql
将文件的所有属性改为root用户
# chown -R root /usr/local/mysql
将数据目录的所有属性改为mysql用户
# chown -R mysql /usr/local/mysql/var
将组属性改为mysql组
# chgrp -R mysql /usr/local/mysql
启动数据库
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
查看3306端口是否开启
# netstat -tnl|grep 3306
简单的测试
# /usr/local/mysql/bin/mysqladmin version
查看所有mysql参数
# /usr/local/mysql/bin/mysqladmin variables
设置Mysql开机自启动
# cp /tmp/mysql-5.0.45/support-files/mysql.server /etc/rc.d/init.d/mysqld
# chown root.root /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --list mysqld
# chkconfig --levels 245 mysqld off
3、Mysql安全性设置
没有密码可以直接登录本机服务器
# /usr/local/mysql/bin/mysql -u root
查看mysql用户权限信息
mysql> select * from mysql.user;
删除非localhost的主机
mysql> DELETE FROM mysql.user WHERE Host='localhost' AND User='';
刷新授权表
mysql> FLUSH PRIVILEGES;
为root用户添加密码
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yuwan1986');
再次进入Mysql客户端
# /usr/local/mysql/bin/mysql -u root -h localhost -p
关闭MySQL数据库
# /usr/local/mysql/bin/mysqladmin -u root -p shutdown
七、 安装和配置php
# tar zxvf php-5.2.6.tar.gz
# cd /tmp/php-5.2.6
# ./configure \
--prefix=/usr/local/php \
--with-config-file-path=/usr/local/php/etc \
--with-apxs2=/usr/local/apache/bin/apxs \
--with-mysql=/usr/local/mysql/
# make && make install
出现依赖错误,直接使用yum安装即可
# yum -y install libxml2 libxml2-devel
简单配置PHP
cp ./php.ini-dist /usr/local/php/etc/php.ini
使用vi编辑apache配置文件
# vim /usr/local/apache/conf/httpd.conf
添加这一条代码
Addtype application/x-httpd-php .php .phtml
重启Apache
# /usr/local/apache/bin/apachectl restart
简单测试一下对PHP的支持
八、安装安装phpMyAdmin
1. 拷贝目录到指定位置并改名为phpmyadmin
# tar zxvf phpMyAdmin-3.3.4-all-languages.tar.gz
# cp -a phpMyAdmin-3.3.4-all-languages /usr/local/apache/htdocs/phpmyadmin
# cd /usr/local/apache/htdocs/phpmyadmin/
# cp config.sample.inc.php config.inc.php
2. 配置phpMyAdmin
# vim /usr/local/apache/htdocs/phpmyadmin/config.inc.php
将auth_type 改为http
$cfg['Servers'][$i]['auth_type'] = 'http';
最后设置开机启动项:
编辑开机启动文件# vim /etc/rc.d/rc.local添加
service mysqld start
/usr/local/apache/bin/apachectl -D SSL -k start
至此简单配置完成,可以安装到服务器上了
8、Linux Centos 怎么安装更新根证书实现支持https访问
第一步、 安装系统及所需工具1. 使用最小化安装盘安装系统,设置好网络环境配置信息
2. 安装所需工具包
# yum install openssh-server
# yum install wget
# yum update
# yum install setuptool
系统服务配置 # yum install ntsysv
安装网络配置 # yum install system-config-network-tui
防火墙配置 # yum install system-config-firewall
# yum -y install gcc gcc-c++ autoconf make
# yum -y install vim
关机备份 # shutdown -h now
二、安装openssl
切换到/tmp目录下(安装约定软件全放在此目录下)
cd /tmp
# tar zxvf openssl-1.0.0a.tar.gz
# cd openssl-1.0.0a
# ./config --prefix=/usr/local/openssl
# make && make install
三、创建证书
1.解压工具包
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
2.创建根证书
# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long molus
....++++++
9、如何在CentOS 7上安装和osquitto MQTT消息传递代理
方法/步骤 1 打开虚拟机软件“VMware”,选择“创建新的虚拟机”; 2 选择“自定义(高级)”选项,点击“下一步”; 3 在“硬件兼容性”处选择最高的版本,我这里是“Workstation 10.0”,点击“下一步”
10、CentOS上安装软件错误提示:configure: error: no acceptable C compiler found in $PATH
因为是centos linux,默认可以采用yum方式安装,则采用如下命令安装gcc编译器即可:
# yum -y install gcc
安装更新了如下几个组件:
gcc 4.1.2-44.el5
binutils 2.17.50.0.6-9.el5
cpp 4.1.2-44.el5
glibc-devel 2.5-34.el5_3.1
glibc-headers 2.5-34.el5_3.1
kernel-headers 2.6.18-164.el5
libgomp 4.3.2-7.el5