linux问题-CentOS7中搭建HTTP,FTP服务,改变提示颜色

CentOS 7.0发布过后,发现改了很多新东西,

防火墙从iptables改成了firewall,

MySQL改成了MariaDB,

service已经被systemctl取代,

SELinux也有一部分小改动,本次搭建的系统为未加入任何其他配置和安装,是最初环境,这一点至关重要。我们的配置目的是使授权用户通过账户登陆到指定目录(如/var/www/html)来上传、下载、修改、更新、删除相关文件。同时又保持SeLinux和firewall防火墙的工作状态,使其得以安全有效的运行。

step1 : 安装CentOS7系统然后重启

step2用你添加的账户登陆进去,查看网卡配置是否正确。主要是以下配置——

编辑网络DNS,不编辑DNS,你只能通过IP才能yum,而不是通过域名

# vi /etc/resolv.conf
# (INSERT)nameserver 8.8.8.8

# (INSERT)表示按INSERT键然后输入后面的字符
# (ESC):wq

[root@localhost var]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 114.114.114.114
nameserver 8.8.4.4
nameserver 8.8.8.8

确保网络没有问题,因为我们要用yum联网安装http,ftp

输入命令:systemctl status network.service

[root@localhost localhost]# systemctl status network.service 
network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network)
   Active: active (exited) since Thu 2015-10-15 22:36:45 PDT; 2h 4min ago

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

查看网络信息,绿字active就是正确的

step3 : 安装HTTP服务和FTP服务

# yum install httpd vsftpd

 ..............
>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-1.1503.el7.centos.2.8.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : vsftpd-3.0.2-9.el7.x86_64                                    1/1 
  Verifying  : vsftpd-3.0.2-9.el7.x86_64                                    1/1 

Installed:
  vsftpd.x86_64 0:3.0.2-9.el7                                                   

Complete!

step4 : 安装MariaDB客户端和服务端,MariaDB本质上还是MySQL,所有用法句法都一样

# yum install mariadb mariadb-server

[root@localhost Desktop]# yum install mariadb mariadb-server
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
.....
.....
.....
Installed:
  mariadb.x86_64 1:5.5.44-1.el7_1             mariadb-server.x86_64 1:5.5.44-1.el7_1            

Dependency Installed:
  perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7    perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7   
  perl-DBD-MySQL.x86_64 0:4.023-5.el7             perl-DBI.x86_64 0:1.627-4.el7                 
  perl-Data-Dumper.x86_64 0:2.145-3.el7           perl-IO-Compress.noarch 0:2.061-2.el7         
  perl-Net-Daemon.noarch 0:0.48-5.el7             perl-PlRPC.noarch 0:0.2020-14.el7             

Complete!

step5 : 安装php和相关模块,我选择了gd2、xml和mysql,注意这个php-mysql模块,它对应的就是MariaDB,php的版本是5.4.16

# yum install php php-gd php-xml php-mysql

[root@localhost Desktop]# yum install php php-gd php-xml php-mysql
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
...
...
...

Transaction test succeeded
Running transaction
  Installing : t1lib-5.1.2-14.el7.x86_64                                                     1/9 
  Installing : libzip-0.10.1-8.el7.x86_64                                                    2/9 
  Installing : php-common-5.4.16-36.el7_1.x86_64                                             3/9 
  Installing : php-pdo-5.4.16-36.el7_1.x86_64                                                4/9 
  Installing : php-cli-5.4.16-36.el7_1.x86_64                                                5/9 
  Installing : php-5.4.16-36.el7_1.x86_64                                                    6/9 
  Installing : php-mysql-5.4.16-36.el7_1.x86_64                                              7/9 
  Installing : php-gd-5.4.16-36.el7_1.x86_64                                                 8/9 
  Installing : php-xml-5.4.16-36.el7_1.x86_64                                                9/9 
  Verifying  : libzip-0.10.1-8.el7.x86_64                                                    1/9 
  Verifying  : t1lib-5.1.2-14.el7.x86_64                                                     2/9 
  Verifying  : php-pdo-5.4.16-36.el7_1.x86_64                                                3/9 
  Verifying  : php-5.4.16-36.el7_1.x86_64                                                    4/9 
  Verifying  : php-cli-5.4.16-36.el7_1.x86_64                                                5/9 
  Verifying  : php-gd-5.4.16-36.el7_1.x86_64                                                 6/9 
  Verifying  : php-xml-5.4.16-36.el7_1.x86_64                                                7/9 
  Verifying  : php-mysql-5.4.16-36.el7_1.x86_64                                              8/9 
  Verifying  : php-common-5.4.16-36.el7_1.x86_64                                             9/9 

Installed:
  php.x86_64 0:5.4.16-36.el7_1                     php-gd.x86_64 0:5.4.16-36.el7_1               
  php-mysql.x86_64 0:5.4.16-36.el7_1               php-xml.x86_64 0:5.4.16-36.el7_1              

Dependency Installed:
  libzip.x86_64 0:0.10.1-8.el7                     php-cli.x86_64 0:5.4.16-36.el7_1             
  php-common.x86_64 0:5.4.16-36.el7_1              php-pdo.x86_64 0:5.4.16-36.el7_1             
  t1lib.x86_64 0:5.1.2-14.el7                     

Complete!

step6 : 启动这些服务 (注意,之前的版本是 service 服务名 start,CentOS7改为如下方式)

# systemctl start vsftpd.service

# systemctl start httpd.service

# systemctl start mariadb.service

[root@localhost Desktop]# systemctl start vsftpd.service
[root@localhost Desktop]# systemctl start httpd.service
[root@localhost Desktop]# systemctl start mariadb.service

启动成功后,默认不会报错。否则会有提示。注意,这里是mariadb不是mysql

step7 : 检查httpd.service、mariadb.service、vsftpd.service有没有enabled(开机自启动),没有就enable

# systemctl list-unit-files | grep enabled

# 如果没有enabled,就像下面这样启动

# systemctl enable httpd

[root@localhost Desktop]# systemctl list-unit-files | grep enabled
cups.path                                   enabled 
abrt-ccpp.service                           enabled 
abrt-oops.service                           enabled 
abrt-vmcore.service                         enabled 
abrt-xorg.service                           enabled 
abrtd.service                               enabled 
accounts-daemon.service                     enabled 
ksmtuned.service                            enabled 
libstoragemgmt.service                      enabled 
libvirtd.service                            enabled 
...
...
... systemd
-readahead-replay.service enabled tuned.service enabled vmtoolsd.service enabled avahi-daemon.socket enabled cups.socket enabled dm-event.socket enabled iscsid.socket enabled iscsiuio.socket enabled lvm2-lvmetad.socket enabled rpcbind.socket enabled default.target enabled graphical.target enabled remote-fs.target enabled [root@localhost Desktop]# systemctl list-unit-files | grep httpd httpd.service disabled

 

 enable 

[root@localhost Desktop]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@localhost Desktop]# systemctl enable mariadb
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
[root@localhost Desktop]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
[root@localhost Desktop]# systemctl list-unit-files | grep vsftpd
vsftpd.service                              enabled 

 

step8 : 在root组中加入一个htmler账户用来ftp到/var/www/html并给它添加密码

# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler  (添加用户,-g 指定用户组; -M, --no-create-home; -d指定主目录,如目录不存在,使用-m选项,可以创建主目录;-s,指定用户的登录Shell;htmler 创建的用户)

# passwd htmler

# 输入密码

[root@localhost Desktop]# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler
[root@localhost Desktop]# passwd htmler
Changing password for user htmler.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

 

step9 : 把/var/www/html的所有权给htmler.root

# chown -R htmler.root /var/www/html

[root@localhost Desktop]# chown -R htmler:root /var/www/html

 

step10 : 配置vsftpd,禁止匿名用户登陆

# vi /etc/vsftpd/vsftpd.conf

# (INSERT) anonymous_enable=YES 改为 anonymous_enable=NO

# (ESC):wq

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES

 

step11 : 配置防火墙和SELinux

# firewall-cmd --permanent --zone=public --add-service=ftp

# firewall-cmd --permanent --zone=public --add-service=http

# firewall-cmd --permanent --zone=public --add-service=https

# 重新载入

# firewall-cmd --reload

[root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=ftp
success
[root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@localhost Desktop]# firewall-cmd --reload
success

 

step12 : 查找ftp相关的SELinux bool值,给ftp访问放行

# getsebool -a | grep ftp

# setsebool -P ftpd_full_access on

# -P写入磁盘,不会重启消失,但耗时较长,耐心等待,这是最后一步了

[root@localhost Desktop]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@localhost Desktop]# setsebool -P ftpd_full_access on

 

测试一下ftp:

 

测试HTTP,在/var/www/html目录下vim phpinfo.php文件:

[root@localhost html]# cat phpinfo.php 
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP info</title>
</head>

<body>
<?php
echo phpinfo();//show PHP info
?>
</body>
</html>

 

如下:

测试成功,very good!

HTTP、FTP测试均已成功,添加的htmler拥有对这些文件的有效权限,可以使用Dreamweaver连接ftp进行测试。如果你的网站程序需要某些777的权限,你也可以直接在Dreamweaver远端界面中通过FTP修改的。

**************************************************个性化界面**************************************************

修改环境变量PS1,写入/etc/profile或/etc/bashrc对全部用户生效;写入~/.bash_profile或~/.bashrc 只对当前用户生效。在PS1中配置字符序列颜色的格式为:
\[\e[F;Bm\] 需要改变颜色的字符串 \[\e[0m\]
\[\e[F;Bm\]:开始颜色输入
\[\e[0m\]:关闭颜色输入
F:为字体颜色,编号30~37;
B:为背景色,编号40~47,当B为1时,将显示加亮加粗的文字。

颜色表


同一提示行中使用一种颜色:export PS1="\[\e[36;1m\][\u@\h \W]\\$ \[\e[0m\]"

-------------------------------------------------
| 前景 | 背景 | 颜色 |
-------------------------------------------------
| 30 | 40 | 黑色 |
| 31 | 41 | 红色 |
| 32 | 42 | 绿色 |
| 33 | 43 | 黄色 |
| 34 | 44 | 蓝色 |
| 35 | 45 | 紫色 |
| 36 | 46 | 青色 |
| 37 | 47 | 白色 |
-------------------------------------------------
-----------------------------------------
| 代码 | 代码意义 |
-----------------------------------------
| 0 | OFF,关闭颜色 |
| 1 | 高亮显示 |
| 4 | 显示下划线 |
| 5 | 闪烁显示 |
| 7 | 反白显示 |
| 8 | 颜色不可见 |
-----------------------------------------

有了这个颜色提示,妈妈再也不担心你找不到上一行命令在哪里了。
同一提示行中使用几种颜色:export PS1="\[\e[34;1m\][\[\e[36;1m\]\u@\[\e[32;1m\]\h \[\e[31;1m\]\W\[\e[34;1m\]]\\$ \[\e[0m\]"

2015年10月16日16:51:54

 

posted @ 2015-10-16 16:53  超超xc  Views(4207)  Comments(0Edit  收藏  举报
I suppose,were childrenonec.