马哥教育第四十四天-五十天学习总结

第四十四天、

MySQL:mariadb ：数据库重点
前提小记：
{systemctl start mysqld ; systemctl enable mysqld
|grep -i mariadb :忽略大小写查询 grep -i

2.对于数据库存放目录：建议必须是逻辑卷
3.对mysql_install_db安装执行脚本进行学习与思考：对于服务的一些脚本以及好的开发脚本应该多进行学习和模仿，提升开发设计思维和能力
4.使用chkconfig管理的服务，则服务启动脚本必须拷贝到 /etc/init.d/ 启动管理脚本目录}
5.在进行二进制安装包手工安装或者源码编译安装前，需要为特定的一些服务创建特定的非交互式登录用户、组，通常为将uid\gid保持一致，所以使用groupadd -r -g gid gname;useradd -u gid -r -m -d dirname -s /sbin/nologin username #默认创建用户uid和gid不一定一致
6.对于新建的目录以及文件都必须要思考修改正确的权限和所属主、所属组等！！
7.对于数据库的操作必须谨慎小心：必须先备份，备份，备份！！使用条件
备份数据库信息，为防止丢失索引、约束等重要对象信息，必须完整备份，不能使用组合语句，如 create table xxx as select * from ...

8.重点：mysql子查询，必须将子查询语句当做一个整体使用别名方式 update student set age=(select * from (select age from student where ...) as student_tmp) where stuid=...
如果单纯在select查询语句，没有其他update一类，所以可以不使用别名！！

9.重点自主学习：触发器、事物！！】

触发器：非常有用的知识

10.对 'user'@'host' 进行重新授权后，必须使用 use databasename ; 重新拉取生效

MYSQL

第四十五天

二进制安装mariadb

1.创建用户
[root@mysql home]# useradd -r -m -d /app/dbdata -s /sbin/nologin mysql
2.下载并解压
下载略
[root@mysql local]# tar xvf mariadb-10.2.14-linux-x86_64.tar.gz -C /usr/local/
[root@mysql local]# ln -sv mariadb-10.2.14-linux-x86_64/ mysql
3.vim /etc/mysql/my.conf
[mysqld]
datadir = /app/dbdata
innodb_file_per_table = on
skip_name_resolve = on

4.[root@mysql mysql]# scripts/mysql_install_db --datadir=/app/dbdata --user=mysql

5.
[root@mysql support-files]# cp mysql.server /etc/init.d
[root@mysql ~]# chkconfig --add mysql.server
[root@mysql ~]# systemctl start mysql.serve
[root@mysql ~]# vim /etc/profile.d/env.sh
export PATH=/usr/local/mysql/bin:$PATH

DDL
MariaDB [nandb]> create table student (stuid smallint unsigned primary key,stuname varchar(20) not null,age tinyint unsigned,sex char(1) default "m", dep_id tinyint unsigned not null);

MariaDB [nandb]> create table student2 (stuid smallint unsigned,stuname varchar(20) not null,age tinyint unsigned,sex char(1) default "m", dep_id tinyint unsigned not null,primary key (stuid,stuname));

MariaDB [nandb]> drop table student2;

MariaDB [nandb]> alter table student add phone char(11);

MariaDB [nandb]> alter table student drop phone;

MariaDB [nandb]> alter table student add phone char(11) after stuname;

MariaDB [nandb]> alter table student add constraint phone_uk unique key (phone);

MariaDB [nandb]> create index age_index on student(age);

MariaDB [nandb]> alter table student drop index stuname;

MariaDB [nandb]> show indexes from student\G;

DML
MariaDB [nandb]> insert into student values (0,'liubei',20,'m',1);

MariaDB [nandb]> insert into student2 values (4,'zhaoyun',16,'m',2,90),(5,'diaochan',20,'f',3,60);

MariaDB [nandb]> update student set dep_id=1 where stuid in (0,2);

MariaDB [nandb]> delete from student2 where sex='f';

MariaDB [nandb]> create table student2 as select * from student;

MariaDB [nandb]> insert into student2 select * from student;

DQL

MariaDB [nandb]> select * from student where stuname rlike '[g]{2,}';
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 7 | xiaominggh | NULL | m | 2 | NULL |
+-------+------------+------+------+--------+-----------+

等于
MariaDB [nandb]> select * from student where avg_score=70 or avg_score=60;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 5 | diaochan | 20 | f | 3 | 60 |
| 6 | huangzhong | 38 | m | 1 | 70 |
+-------+------------+------+------+--------+-----------+
2 rows in set (0.00 sec)

不等于
MariaDB [nandb]> select * from student where avg_score != 70;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 1 | liubei | 18 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 5 | diaochan | 20 | f | 3 | 60 |
| 7 | xiaominggh | 38 | m | 2 | 40 |
+-------+------------+------+------+--------+-----------+
6 rows in set (0.00 sec)

MariaDB [nandb]> select * from student where avg_score <> 70;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 1 | liubei | 18 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 5 | diaochan | 20 | f | 3 | 60 |
| 7 | xiaominggh | 38 | m | 2 | 40 |
+-------+------------+------+------+--------+-----------+
6 rows in set (0.00 sec)

大于
MariaDB [nandb]> select * from student where avg_score > 70;
+-------+----------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+----------+------+------+--------+-----------+
| 1 | liubei | 18 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
+-------+----------+------+------+--------+-----------+
4 rows in set (0.00 sec)

大于等于
MariaDB [nandb]> select * from student where avg_score >= 70;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 1 | liubei | 18 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 6 | huangzhong | 38 | m | 1 | 70 |
+-------+------------+------+------+--------+-----------+
5 rows in set (0.00 sec)

等于多个值相当于等于or等于or……
MariaDB [nandb]> select * from student where avg_score in (70,60);
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 5 | diaochan | 20 | f | 3 | 60 |
| 6 | huangzhong | 38 | m | 1 | 70 |
+-------+------------+------+------+--------+-----------+

不等于多个值相当于不等于and不等于……
MariaDB [nandb]> select * from student where avg_score not in (70,60,80); = and = and
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 2 | guanyu | 28 | m | 1 | 75 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 7 | xiaominggh | 38 | m | 2 | 40 |
+-------+------------+------+------+--------+-----------+

排序

MariaDB [nandb]> select * from student order by avg_score asc;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 7 | xiaominggh | 38 | m | 2 | 40 |
| 5 | diaochan | 20 | f | 3 | 60 |
| 6 | huangzhong | 38 | m | 1 | 70 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 1 | liubei | 18 | m | 1 | 80 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 4 | zhaoyun | 16 | m | 1 | 90 |
+-------+------------+------+------+--------+-----------+
7 rows in set (0.00 sec)

MariaDB [nandb]> select * from student order by avg_score desc;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 1 | liubei | 18 | m | 1 | 80 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 6 | huangzhong | 38 | m | 1 | 70 |
| 5 | diaochan | 20 | f | 3 | 60 |
| 7 | xiaominggh | 38 | m | 2 | 40 |
+-------+------------+------+------+--------+-----------+
7 rows in set (0.00 sec)

用列数排
MariaDB [nandb]> select * from student order by 6 DESC;
+-------+------------+------+------+--------+-----------+
| stuid | stuname | age | sex | dep_id | avg_score |
+-------+------------+------+------+--------+-----------+
| 4 | zhaoyun | 16 | m | 1 | 90 |
| 1 | liubei | 18 | m | 1 | 80 |
| 3 | zhangfei | 22 | m | 1 | 80 |
| 2 | guanyu | 28 | m | 1 | 75 |
| 6 | huangzhong | 38 | m | 1 | 70 |
| 5 | diaochan | 20 | f | 3 | 60 |
| 7 | xiaominggh | 38 | m | 2 | 40 |
+-------+------------+------+------+--------+-----------+

用别名排
MariaDB [nandb]> select stuid,stuname,avg_score fenshu from student order by fenshu desc;
+-------+------------+--------+
| stuid | stuname | fenshu |
+-------+------------+--------+
| 4 | zhaoyun | 90 |
| 1 | liubei | 80 |
| 3 | zhangfei | 80 |
| 2 | guanyu | 75 |
| 6 | huangzhong | 70 |
| 5 | diaochan | 60 |
| 7 | xiaominggh | 40 |
+-------+------------+--------+
7 rows in set (0.00 sec)

MariaDB [nandb]> select dep_id,age,min(avg_score),max(avg_score),sum(avg_score) from student group by dep_id,age;
+--------+------+----------------+----------------+----------------+
| dep_id | age | min(avg_score) | max(avg_score) | sum(avg_score) |
+--------+------+----------------+----------------+----------------+
| 1 | 16 | 90 | 90 | 90 |
| 1 | 18 | 80 | 80 | 80 |
| 1 | 22 | 80 | 80 | 80 |
| 1 | 28 | 75 | 75 | 75 |
| 1 | 38 | 70 | 70 | 70 |
| 2 | 38 | 40 | 40 | 40 |
| 3 | 20 | 60 | 60 | 60 |
+--------+------+----------------+----------------+----------------+
7 rows in set (0.01 sec)

查询指定表中有多少行
MariaDB [nandb]> select count() from student;
+----------+
| count() |
+----------+
| 7 |
+----------+
1 row in set (0.00 sec)

去除重复项再统计
MariaDB [nandb]> select count(distinct dep_id) from student;
+------------------------+
| count(distinct dep_id) |
+------------------------+
| 3 |
+------------------------+
1 row in set (0.00 sec)

分组函数
MariaDB [nandb]> select dep_id,avg(avg_score) avg from student group by dep_id;
+--------+---------+
| dep_id | avg |
+--------+---------+
| 1 | 79.0000 |
| 2 | 40.0000 |
| 3 | 60.0000 |
+--------+---------+
3 rows in set (0.00 sec)

对组函数进行限定
MariaDB [nandb]> select dep_id,avg(avg_score) avg from student group by dep_id having avg > 50;
+--------+---------+
| dep_id | avg |
+--------+---------+
| 1 | 79.0000 |
| 3 | 60.0000 |
+--------+---------+
2 rows in set (0.00 sec)

MariaDB [nandb]> select dep_id,avg(avg_score) avg from student where age > 10 group by dep_id having avg >= 50 order by 2;

子查询：

update student2 set age=(select * from (select age from student2 where stuname='guanyu') as student_tmp) where stuname='liubei';

多表连接：

DDL create database create table drop truncate
DML insert update delete
DQL select
DCL grant revoke

DCL

创建用户
MariaDB [nandb]> create user caocao@'192.168.123.8' identified by 'magedu';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> set password for caocao@'192.168.123.8'=password('centos');
Query OK, 0 rows affected (0.00 sec)

授权
MariaDB [(none)]> grant select,insert on nandb. to caocao@'127.0.0.1';
MariaDB [(none)]> grant all .* to caocao@'127.0.0.1';

撤消
MariaDB [(none)]> revoke all on nandb.* from [email protected];

创建用户，设置密码，授权一步到位
MariaDB [(none)]> grant all on . to king@'192.168.123.%' identified by "magedu";
Query OK, 0 rows affected (0.00 sec)

第四十六天

rpm yum
centos6 mysql 5
二进制安装

datadir = /app/dbdata
innodb_file_per_table = on
skip_name_resolve = on

mysql_secure_installation

DDL

target: table、view、index、trriger

schema (database)

show schemas[databases]

create: create database schemaname

use magedu

tinyint
smallint
int unsigned
char
varchar
date
primary key
unique key
not null
foreign key
check

DDL

create table t1 (id smallinit unsigned primary key,
name varchar(20) not null,
score tinyint unsigned);

alter table t1 add columnt sex char(1) defalt 'm';

drop table t1 ;

truncate table t1;

DML
insert into t1 values (1,'liubei',80,'m');
insert into t1 (id,name) values (2,'zhangfei');
update t1 set sex='f' where id=1;
delete from t1; where id=1;

DQL
select |col1,col2 [as] alias ,col3 +/-///
from t1

select from student where age=(select age from student where name='zhangfei');
update student set age=(select from (select age from student where name='zhangfei') as student_tmp) where name='liubei';

select dept_id,avg(score) from student group by dept_id;

order by asc
order by desc
select s.name student,d.name teacher from student s ,dept d where s.dept_id=d.dept_id;
select s.name student,d.name teacher from student s natural join dept d;
select s.name student,d.name teacher from student s join dept d on s.dept_id=d.dept_id;
select s.name student,d.name teacher from student s join dept d using (dept_id)
select s.name student,d.name teacher from student s cross join dept d;

DCL

create user 'caocao'@'localhost' identified by password;

grant select,delete,insert on . to 'caocao'@'localhost';
revoke all on . from 'caocao'@'localhost';

sohu
sohoo
yahoo
icq
oicq
qq

易趣 ebay
淘宝
1拍
爱拍

策划--> 前端开发（UI） html5 java -> php > dba -> 测试工程师 --> 运维工程师 ->seo 优化工程师 -> 编辑

http+squid

nginx

<Directory /app/website1>
AllowOverride all
</Directory>

AllowOverride indexes:(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc)

options :indexes followsymlinks

第四十七天

at.allow at.deny
cron.allow cron.deny
默认仅deny存在，默认允许所有，写到deny的才被拒绝
一旦创建了allow文件，则deny无效，仅写到allow里的才允许
如果两个文件都不存在。则只有root才允许

hosts.allow hosts.deny tcpwrap libwrap.so
sshd:192.168.123.
两个文件先读allow再读deny，先匹配直接生效。

httpd
order allow,deny
order deny,allow
allow from ......
deny from .....

192.168.123.0/24
192.168.123.
192.168.123.0/255.255.255.0

allow from 192.168.123.6 192.168.123.1

<Directory /app/website1>
options indexes
<Files ".txt">
order allow,deny
allow from all
</Files>
</Directory>
<Directory /app/website1/bbs>
<Files ".txt">
order allow,deny
allow from 192.168.123.1
</Files>
</Directory>

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
192.168.123.1 - - [26/Apr/2018:17:00:35 +0800] "GET /icons/image2.gif HTTP/1.1" 200 309 "http://192.168.123.66/bbs/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0"

第四十八天

<Directory /app/website1/secret>
Authtype Basic
AuthName "Secrect Directory"
AuthUserFile "/etc/httpd/conf.d/.htuser"
Require User bob alice
</Directory>

basic认证

DocumentRoot "/app/website1"
<Directory /app/website1/secret>
Authtype Basic
AuthName "Secrect Directory"
AuthUserFile "/etc/httpd/conf.d/.htuser"
Require User bob alice
</Directory>
<Directory /app/website1/admin>
AllowOverride Authconfig
</Directory>

[root@centos66 ~]# vim /app/website1/admin/.htaccess
Authtype Basic
AuthName "Admin Magedu Directory"
AuthUserFile "/etc/httpd/conf.d/.htuser"
Require Valid-user

使用组来认证
DocumentRoot "/app/website1"
<Directory /app/website1/secret>
Authtype Basic
AuthName "Secrect Directory"
AuthUserFile "/etc/httpd/conf.d/.htuser"
AuthGroupFile "/etc/httpd/conf.d/.htgroup"
Require Group webs1 webs2

[root@centos66 ~]# vim /etc/httpd/conf.d/.htgroup
webs1:bob alice
webs2:lucy harry

双重认证
<Directory /app/website1/secret>
Order allow,deny
allow from 192.168.123.7
Authtype Basic
AuthName "Secrect Directory"
AuthUserFile "/etc/httpd/conf.d/.htuser"
AuthGroupFile "/etc/httpd/conf.d/.htgroup"
Require Group webs1 webs2
Satisfy Any
</Directory>

server-status
<Location /magedu-zhuangtai>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.168.123
</Location>

基于IP的虚拟主机
<VirtualHost 192.168.123.10:80>
DocumentRoot /app/website1
</VirtualHost>
<VirtualHost 192.168.123.20:80>
DocumentRoot /app/website2
</VirtualHost>
<VirtualHost 192.168.123.30:80>
DocumentRoot /app/website3
</VirtualHost>

基于端口的虚拟主机
Listen 192.168.123.10:8070
Listen 192.168.123.10:8080
Listen 192.168.123.10:8090
<VirtualHost 192.168.123.10:8070>
DocumentRoot /app/website1
</VirtualHost>
<VirtualHost 192.168.123.10:8080>
DocumentRoot /app/website2
</VirtualHost>
<VirtualHost 192.168.123.10:8090>
DocumentRoot /app/website3
</VirtualHost>

基于域名的虚拟主机
www.a.com
www.b.com
www.c.com

IOE
IBM huawei
O ORACLE mysql

第四十九天

错误代码：

200：成功
301：永久跳转
302：临时跳转
304: 服务端文件未改变，客户端可直接从缓存调取页面
401: 有帐户密码认证的页面
403: 禁止访问
404：服务端未找到所请求的资源

Curl

curl -A 伪造客户端
curl -e 伪造跳转信息
curl --cacert 指定CA中心的公钥（证书）
curl --cacert 指定CA中心的公钥（证书） -k 忽略证书
curl --compressed 要求返回是压缩的格式
curl -H "host:www.c.com" http://www.a.com 构造首部
curl -I http://www.a.com 只显示首部信息
curl -i http://www.a.com 先显示首部信息，再显示页面内容
curl -D head.log http://www.a.com 将首部信息保存到指定文件中，终端上仅显示页面内容
curl --limit-rate 100 http://www.a.com/big 设置传输速度，单位bytes
curl -o /root/bigfile http://www.a.com/big 下载文件到指定路径
curl -O http://www.a.com/big 将文件下载到当前所在目录，且文件名与原文件名保持一致
curl --basic -u bob:redhat http://www.a.com/secret/
curl -L http://www.360buy.com 如果有3xx响应码，直接进行跳转
curl -0 http://www.a.com 使用http 1.0
curl -o bigduan -C - http://www.a.com/big -C - 断点续传
curl -c baidu.cookie http://www.baidu.com 将指定网站的cookie 存在指定路径下

elinks --dump http://www.a.com 非交互式模式，将URL的内容输出至标准输出
elinks --source http://www.a.com 打印源码

www.xuefeng.com CNAME xuefeng.huangshengke.com
linux 192.168.0.1
202.111.12.1

    花生壳
    huashengke.com
    xuefeng.huangshengke.com

备案

一台DNS：www.a.com
www.b.com
www.c.com
web.a.com 192.168.123.10

一台CA：

一台web server

客户端

CA中心部署
[root@centos6 CA]# (umask 066;openssl genrsa -out private/cakey.pem 4096)
[root@centos6 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
[root@centos6 CA]# touch index.txt
[root@centos6 CA]# echo 00 > serial

WEB Server生成私钥及请求文件
[root@centos66 ssl]# (umask 066;openssl genrsa -out httpd.key 1024)
[root@centos66 ssl]# openssl req -new -key httpd.key -out httpd.csr
[root@centos66 ssl]# scp httpd.csr [email protected]:/etc/pki/CA
[root@centos6 CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 300
[root@centos6 CA]# scp certs/httpd.crt [email protected]:/etc/httpd/conf.d/ssl

总结：
实验：实现 HTTPS
环境：三台主机
一台CA和DNS，一台clinet，一台httpd Sever

1.DNS named.rfsc...配置文件中配置的是区域解析服务器的名称即区域解析服务器--> a.com b.com c.com ;对应的zone文件分别是a.com.zones b.com.zones c.com.zones
NS ns
ns A IP-DNS
www.a.com A IP-DNS --> 此区域解析服务器下的子域主机
web.a.com --> 同上
www.b.com
www.c.com ---> 192.168.123.10

实验问题总结
注意：1.做实验时：通过个人物理主机访问虚拟机上的站点或者虚拟主机站点，都要将本地物理机的DNS解析指向到配置DNS解析的服务器地址！！
原理：使用哪台服务器做了DNS服务器，做好域名解析后，只要是经过域名解析到目的站点的都要指定到准确的DNS服务器
2.本地物理机如windows shift+F5清除的是浏览器的缓存，而如果涉及到本机物理机解析问题的，必须要使用 ipconfig/flushdns 清除dns缓存，并重新配制DNS地址

2.httpd mod_ssl

3.CA

4.httpd 向CA申请csr, CA颁发证书

5.httpd
httpd.key httpd.crt cacert.pem 写入ssl.conf

6.clinet 导入CA中心的公钥cacert.pem

[root@centos6 CA]# curl --cacert cacert.pem https://www.a.com
/var/www/html/index.html

[root@centos66 website4]# cat /etc/httpd/conf.d/website.conf
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
#--------------HTTPS--------------------
NameVirtualHost :443
<VirtualHost :443>
ServerName www.a.com
DocumentRoot /app/website1
ErrorLog logs/www.a.com-error_log
CustomLog logs/www.a.com-access_log combined
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
<Directory /app/website1/secret>
AllowOverride Authconfig
</Directory>
</VirtualHost>
#---------------------------------------
<VirtualHost :443>
ServerName web.a.com
DocumentRoot /app/website4
ErrorLog logs/web.a.com-error_log
CustomLog logs/web.a.com-access_log combined
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
</VirtualHost>
<VirtualHost :443>
ServerName www.b.com
DocumentRoot /app/website2
ErrorLog logs/www.b.com-error_log
CustomLog logs/www.b.com-access_log combined
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd-b.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
</VirtualHost>
#--------------HTTP---------------------
NameVirtualHost :80
<VirtualHost :80>
ServerName www.a.com
Header always set Strict-Transport-Security "max-age=15768000000"
RewriteEngine on
RewriteRule ^(/.)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
#---------------------------------------
<VirtualHost :80>
ServerName www.b.com
Header always set Strict-Transport-Security "max-age=15768000"
RewriteEngine on
RewriteRule ^(/.)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
#---------------------------------------
<VirtualHost :80>
ServerName www.c.com
DocumentRoot /app/website3
ErrorLog logs/www.c.com-error_log
CustomLog logs/www.c.com-access_log combined
</VirtualHost>
#---------------------------------------

1、建立httpd服务器，要求提供两个基于名称的虚拟主机:
(1)www.X.com，页面文件目录为/web/vhosts/x；错误日志为
/var/log/httpd/x.err，访问日志为/var/log/httpd/x.access
(2)www.Y.com，页面文件目录为/web/vhosts/y；错误日志为
/var/log/httpd/www2.err，访问日志为/var/log/httpd/y.access
(3)为两个虚拟主机建立各自的主页文件index.html，内容分别为其对应的主
机名
(4)通过www.X.com/server-status输出httpd工作状态相关信息
2、为上面的两个虚拟主机均提供https服务，使得用户可以通过https安全的
访问此web站点
(1)要求使用证书认证，证书中要求使用的国家(CN)、州(Beijing)、城市
(Beijing)和组织(MageEdu)
(2)设置部门为Ops，主机名为www.X.com，及www.Y.com.

****httpd重点总结：
HTTP服务和协议：

1.重要习惯：必须在修改配置文件等重要数据文件前必须备份！！

2.对于配置文件的修改后，必须使用专门的语法检测如 httpd -t ,然后再确定是否重启

3.telnet经常用来测试端口：
telnet host port
GET /[URL] HTTP/1.1
Host: XXXX #telnet通过ip连接上了，因为有默认网点，所以可以非正常定义

4.ip a a x.x.x.x dev ...
arp -an 查看信息包括HWADDR等

4.关于http协议重要特点功能之一的 “路径别名” -->实质是rewrite 重定向，并不是通过一个别人来访问源目录站点，而是通过真实存在的主站点下的目录路径跳转访问其他站点或者目录下的网页内容
Alias 本地站点目录url 跳转后访问的真实站点目录网页
--> Alias /url /real_redirect_index.html

5.httpd web服务之多虚拟机功能：
通过启用多servername对应一个 IP:port 来访问不同站点，实际应用可以一台服务器搭建多个web虚拟机，通过提供给客户ftp账号和mysql数据库个人登录账号从而实现个人可以上传、建表记录数据等操作，但是绝不能使其拥有登录linux主机的权限！！（学习搭建ftp等相关网络文件服务等-->nfs 、 samba重要网络文件共享服务）

5.生产环境重点关注点：
1.使用httpd 选项快速导出所有的虚拟主机站点servername(站点迁移)；
2.必须先查看站点是否有.htaccess文件，使用cp -p 或者准备的方式在打包的时候将其加入，并能准确传输！！！

6.
必须注意：common server 必须不一致，而且必须是网站的域名或者使用泛域名，因为签名是对谁签名才能识别有效-->站点域名！！

7.反向代理：代理服务器做在服务器端，客户端不需要指定，代理服务器指定；
正向代理：客户端需要指定
8.对于httpd源码安装，要将开机自启动，需要Httpd服务脚本放入/etc/init.d/ 或 /etc/rc.d/init.d/ ； chkconfig --add httpd[24] ...
对于主站点目录的安全性 chmod 700 htdocs ; setfacl -m u:apache:rx htdosc
9.windows下清除dns缓存：ipconfig/flushdns

10.清除编译安装时的编译过程产生的文件： make clean
编译安装的apache需要主动创建系统用户，主配置文件默认用户时daomen ,所以需要修改，包括DocumentRoot等
编译安装的软件没有厂商根据自己的操作系统版本进行编译好的服务启动脚本，需要手动从别的主机上拷贝如scp /etc/init.d/httpd -->目标 /etc/init.d/ ,然后根据编译安装的真实启动程序所在的路径和log、pidfile等进行路径改写配置文件

{rpm -qf filename路径； rpm -qi package包名 --> 查看安装包的详细信息}

LAMP环境（执行程序如果命名太长，即可以创建软连接重命名方便记忆的）

LAMP:

1.安装完mysql或者mariadb数据后，必须进行安全初始化数据库（mariadb_install_secrition...），才能使用php正确连接测试！！

abbix LNMP搭建
（推荐使用CentOS6.7 64位系统）应用运维：强化应用运维的核心技术知识、前沿技术

安装yum的axel插件，使yum支持多线程下载：
rpm -ivh http://pkgs.repoforge.org/axel/axel-2.4-1.el6.rf.x86_64.rpm
cp axelget.conf /etc/yum/pluginconf.d/
cp axelget.py /usr/lib/yum-plugins/

下载163 yum源：
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O CentOS-Base.repo
cp -p /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
mv -f CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo

安装epel yum源：
rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
sed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo

nginx的yum源：
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
enabled=1
gpgcheck=0
EOF

安装Mysql的yum源：
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm

安装zabbix的yum源：
rpm -ivh http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm
关闭selinux：
setenforce 0
sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config

安装nginx、php、mysql、zabbix：
yum clean all
yum install nginx php-fpm php-soap php-bcmath php-xml php-opcache php-gd php-mcrypt php-pdo php-mysql php-mbstring php-xmlrpc
yum install mysql mysql-server mysql-devel
yum install zabbix-server-mysql zabbix-server zabbix-agent zabbix-get zabbix-sender

修改php配置：
PHP_INI="/etc/php.ini"
FPM_CONF="/etc/php-fpm.d/www.conf"
sed -i '/^;default_charset/cdefault_charset = "utf-8"' $PHP_INI
sed -i '/^expose_php/cexpose_php = Off' $PHP_INI
sed -i '/^max_execution_time/cmax_execution_time = 600' $PHP_INI
sed -i '/^max_input_time/cmax_input_time = 600' $PHP_INI
sed -i '/^memory_limit/cmemory_limit = 256M' $PHP_INI
sed -i '/^post_max_size/cpost_max_size = 32M' $PHP_INI
sed -i '/^upload_max_filesize/cupload_max_filesize = 300M' $PHP_INI
sed -i '/^max_file_uploads/cmax_file_uploads = 30' $PHP_INI
sed -i '/^;date.timezone/cdate.timezone = "Asia/Shanghai"' $PHP_INI
sed -i '/^disable_functions/cdisable_functions = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source syslog,readlink,symlink,popepassthru,stream_socket_server' $PHP_INI
sed -i 's/apache/nginx/g' $FPM_CONF
sed -i '/^pm = dynamic/cpm = static' $FPM_CONF
sed -i '/^pm.max_children/cpm.max_children = 10' $FPM_CONF
sed -i '/^;pm.status_path/cpm.status_path = /php-status' $FPM_CONF
sed -i '/^;request_terminate_timeout/crequest_terminate_timeout=600' $FPM_CONF
sed -i '/^;request_slowlog_timeout/crequest_slowlog_timeout=3' $FPM_CONF

启动php-fpm：
service php-fpm start

修改/etc/nginx/nginx.conf
user nginx;
worker_processes 4;
error_log /data/logs/nginx_error.log crit;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
server_tokens off;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for ';
access_log /data/logs/access.log access;
reset_timedout_connection on;
include conf.d/*.conf;
}
创建/etc/nginx/conf.d/zabbix.conf
server {
listen 80;
servername ;

location / {
root /data/www/zabbix;
index index.php;
}

location ~ .php$ {
root /data/www/zabbix;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.old
mkdir -p /data/logs
chown -R nginx. /data/logs

部署zabbix前端代码：
wget http://nchc.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/2.2.10/zabbix-2.2.10.tar.gz -O zabbix-2.2.10.tar.gz
tar xvzf zabbix-2.2.10.tar.gz
mkdir -p /data/www/zabbix
\cp -r zabbix-2.2.10/frontends/php/* /data/www/zabbix
chown -R nginx. /data/www
chmod 755 /data

启动nginx：
nginx -t && service nginx start

设置http认证：
yum -y install httpd-tools
htpasswd -cdb jzcec.pass jzcec 7BXyj1fG
chmod 644 jzcec.pass
cp jzcec.pass /etc/nginx/
在/etc/nginx/conf.d/zabbix.conf中server里加入下面两行：
auth_basic "Authorized users only";
auth_basic_user_file jzcec.pass;
重启nginx：
service nginx restart

启动前先修改/etc/my.cnf优化mysql
启动mysql：
service mysqld start
设置mysql root密码：
/usr/bin/mysqladmin -u root password 'zabbix@jzcec'
创建zabbix数据库和用户：
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix';
mysql> exit
初始化zabbix数据库：
cd /usr/share/doc/zabbix-server-mysql-2.2.10/create/
mysql -uzabbix -pzabbix zabbix < schema.sql
mysql -uzabbix -pzabbix zabbix < images.sql
mysql -uzabbix -pzabbix zabbix < data.sql

配置zabbix：
vi /etc/zabbix/zabbix_server.conf
vi /etc/zabbix/zabbix_agentd.conf
mkdir -p /etc/zabbix/externalscripts
mkdir -p /etc/zabbix/alertscripts
chown -R zabbix.zabbix /etc/zabbix
启动zabbix server和agent：
service zabbix-server start
service zabbix-agent start

安装完毕，最后访问Zabbix：
http://zabbix-frontend-ip/

设置开机启动：
chkconfig mysqld on
chkconfig php-fpm on
chkconfig nginx on
chkconfig zabbix-server on
chkconfig zabbix-agent on

做mysql partition（表分区），导入表分区的存储过程：
https://www.zabbix.org/wiki/Docs/howto/mysql_partition
调用方法：
mysql -uzabbix -pzabbix zabbix -e "CALL partition_maintenance_all('zabbix');"
设置到cron定时任务，每天执行。

部署zabbix zatree插件：
https://github.com/spide4k/zatree
让zatree支持http认证：
http://qicheng0211.blog.51cto.com/3958621/1530018
优化zatree左侧边栏：
http://qicheng0211.blog.51cto.com/3958621/1531637

配置邮件告警：
http://qicheng0211.blog.51cto.com/3958621/1434514

官网LAMP部署文档：
https://www.zabbix.com/documentation/2.2/manual/installation/install_from_packages

马哥教育第四十四天-五十天学习总结

猜你喜欢