Shulou(Shulou.com)06/03 Report--

Files related to 1.centos network configuration

/ etc/hostname hostname configuration

/ etc/sysconfig/network-scrips/ifcfg-enoN Nic parameter configuration

/ etc/resolv.conf DNS configuration

/ etc/hosts host ip domain name configuration

Restart the network card service network restart

two。 Routing Settin

You can write this command to / etc/rc.d/rc.local and execute it every time you power on.

Route-n displays routing information

Route add default gw 192.168.1.254

Route del default gw 192.168.1.254

Ifconfig eth0:1 10.66.47.1 the sub-ip of the 24 up configuration network card

Route-p add-net 10.66.47.1 Compact 24 gw 10.65.255.254-p permanently effective

Route del-net 10.66.47.1Comp24

3.iptables firewall

Firewall rules can be configured to a file: / proc/sys/net/ipv4/ip_forward

Iptables-t filter-F clears all filter rules

Iptables-nv-L to view the information of each chain

Iptables-t filter-An INPUT-s 10.66.47.2 iptables 32-j ACCEPT

-t indicates the table used for filter (or nat, etc.), and-An indicates which link (INPUT FORWARD OUTPUT)-s subnet or host-j action (ACCEPT DROP REJECT) to add to.

Iptables-An INPUT-p tcp-s 10.66.47.0Universe 24-- dport 22-j DROP disables port 22

Iptables-D INPUT 1 removes the first rule of INPUT

Nc-v 10.66.47.1 443-w 3 test whether port 443 of 10.66.47.1 can be connected

4.tcpdump

Tcpdump-I eth0 tcp and dst host 127.0.0.1 and dst port 3306-S100-XX-n (- XX is displayed in hexadecimal and ascii,-n is not converted to hosts)

Tcpdump tcp port 80-n-s0 crawls http packets (- s0 grabs packets as large as possible 65535)

Tcpdump tcp host 10.16.2.85 and port 2100-s 0-X

5.dhcp

The dpcp server can dynamically assign addresses to client network cards that use dhcp. The process uses the dhcp S mode, and the ip address is actively requested by the ip client.

6. Policy routing configuration

Ip rule list View all routing tables (local main default)

Ip route list table local views routing policies in the local table

Echo 100test1 > / etc/iproute2/rt_tables create a test1 routing table with id 100s

Ip rule add from 10.66.47.1 ip 24 table test1; all ip from 10.66.47.1 hand 24 network use the rules in the test1 table

Ip rule del table test1 deletes the routing table test1

Ip route add default via 10.65.47.1 table test1 added a default route to the test1 table

Ip route add 10.65.0.0/24 via 10.65.47.1 table test1

7. Disk management

Fdisk partition management

Fdisk-l view all disk device files and their corresponding partition file information

Fdisk / dev/sda enters the disk device file / dev/sda

P display the device file partition

N create a partition and enter the partition end location

D delete partition

Parted partition management

Parted / dev/sda enters the disk device file / dev/sda

Print displays the device file partition

Mkpart creates a partition

Rm delete partition

8.squid proxy server configuration

Local area network accesses external network through proxy server

9.nginx.conf reverse proxy configuration and load balancing configuration

Location ~ *. (mp3 | mp4) ${# is case-insensitive, matches requests that end with mp3 or mp4, and proxies to local 8080; does not modify the user's real ip

Proxy_pass http://localhost:8080

}

Location / {# match any url, proxy to 8000

Proxy_pass http://localhost:8000

Proxy_set_header X-Forwarded-For $remote_addr

}

Load balancing configuration

Http {

Upstream backendservers {

Ip_hash

Server www.example1.com weight=2

Server www.example2.com weight=1

Server www.example3.com weight=1

}

Server {

Listen 80

Server_name www.example.com

Location / {

Proxy_pass http://backendservers;

}

}

}

10.mysql replication data synchronization

Https://www.cnblogs.com/rwxwsblog/p/4542417.html (one-way data synchronization)

Http://blog.csdn.net/swandy45/article/details/6982421 (bidirectional data synchronization)

11. Firewall rules add

Systemctl restart firewalld / / restart the firewall

Firewall-cmd-- reload / / reload firewall configuration

Systemctl start firewalld.service / / enable the service

Systemctl enable firewalld.service / / boot brake start

Systemctl stop firewalld.service / / shut down the service

Systemctl disable firewalld.service / / disable boot

-permanent # is in effect forever. Without this parameter, it will expire after restart.

The / etc/firewalld/zones/public.xml file is modified each time the port and service are modified, so it can also be modified directly in the file and then reloaded by reload.

Firewall-cmd-- permanent-- add-port=1234/tcp exposes the port

Firewall-cmd-- permanent-- zone=public-- add-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.4 source address= 24 "service name=" http "accept" / / set an ip to access a service

Firewall-cmd-permanent-zone=public-remove-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.4 source address= 24 "service name=" http "accept" / / Delete configuration

Firewall-cmd-- permanent-- add-rich-rule 'rule family=ipv4 source address=192.168.0.1/24 port port=80 protocol=tcp accept' / / set an ip segment to access a port

Firewall-cmd-- permanent-- remove-rich-rule 'rule family=ipv4 source address=192.168.0.1/2 port port=80 protocol=tcp accept' / / Delete configuration

Firewall-cmd-- query-masquerade # check whether camouflage IP is allowed

Firewall-cmd-add-masquerade # allows firewalls to camouflage IP (port forwarding)

Firewall-cmd-remove-masquerade# forbids firewalls to camouflage IP

Firewall-cmd-- add-forward-port=port=80:proto=tcp:toport=8080 # forwards traffic from port 80 to 8080

Firewall-cmd-- add-forward-port=proto=80:proto=tcp:toaddr=192.168.1.0.1 # forwards traffic from port 80 to 192.168.0.1

Firewall-cmd-add-forward-port=proto=80:proto=tcp:toaddr=192.168.0.1:toport=8080 # forwards traffic from port 80 to port 8080 of 192.168.0.1

Firewall-cmd-state / / get firewalld status

Firewall-cmd-state & & echo "Running" | | echo "Not running" / / status output

Firewall-cmd-reload / / reload the firewall

Firewall-cmd-get-zones / / get the list of supported regions

Firewall-cmd-get-services / / get all supported services

Firewall-cmd-list-all-zones / / lists the features of all enabled areas

Firewall-cmd [- zone=]-add-interface= / / add the interface to the area

Firewall-cmd [- zone=]-change-interface= / / modify the interface to the region

Firewall-cmd [- zone=]-remove-interface= / / remove the interface to the area

Firewall-cmd [- zone=]-query-interface= / / query the interface in the area

12.apache2 and centos site configuration

Apache2

1.sudo vi / etc/apache2/sites-available/public_cloud.conf

ServerName www.nsfocuscontrol.com

ServerAlias nsfocuscontrol12.com

DocumentRoot / home/shanghai/pc_django/PCCon/PCCon

Require all grantedWSGIScriptAlias / / home/shanghai/pc_django/PCCon/PCCon/wsgi.py# WSGIDaemonProcess ziqiangxuetang.com python-path=/home/tu/blog:/home/tu/.virtualenvs/blog/lib/python2.7/site-packages# WSGIProcessGroup ziqiangxuetang.com Require all granted

2.sudo vim / etc/apache2/ports.conf

/ / If you just change the port or add more ports here, you will likely also

/ / have to change the VirtualHost statement in

/ etc/apache2/sites-enabled/000-default.conf

Listen 8000

Listen 443

Listen 443

3. Change the running user of apache2

Users running the apache server can change it in the / etc/apache2/envvars file. The default value is used here, and of course, you can also change it to your own current user. In this case, the permission problem is much easier, but it is more secure to recommend www-data users on the server. The following are the default settings:

Export APACHE_RUN_USER=www-data

Export APACHE_RUN_GROUP=www-data

4. Add Certification HEAD

Add file / etc/apache2/.htacess content:

RewriteEngine On

RewriteCond% {HTTP:Authorization} ^ (.)

RewriteRule. -[e=HTTP_AUTHORIZATION:%1]

Edit / etc/apache2/apache2.conf to add a line:

AccessFileName .htaccess

WSGIPAssAuthorization On

5.sudo vi ~ / pc_django/PCCon/PCCon/wsgi.py

Add

Import sys

From os.path import join,dirname,abspath

PROJECT_DIR = dirname (dirname (abspath (file)

Sys.path.insert (0mum Proceedings DIR)

6. Set directory and file permissions

If the project location is in ~ / pc_django/PCCon (there is a manage.py,zqxt under zqxt is the project name)

General directory permissions are set to 755 and file permissions to 644

Cd ~ / pc_django/PCCon

Sudo chmod-R 644 PCCon

Sudo find PCCon-type d | xargs chmod 755

If it is the saved directory of the uploaded file or the database file of sqlite3, apache is required to execute the user's write permission.

Sudo chgrp-R www-data uploads_dir

Sudo chmod-R Grouw uploads_dir

7. Activate the new website and restart the server

A2ensite / etc/apache2/sites-available/public_cloud.conf

Service restart

Sudo service apache2 restart or sudo service apache2 reload

Cat / etc/passwd | cut-f 1-d:

Mount-rw-o remount /

Centos

1.sudo vi / etc/apache2/sites-available/public_cloud.conf

ServerName www.nsfocuscontrol.com

ServerAlias nsfocuscontrol12.com

DocumentRoot / home/shanghai/pc_django/PCCon/PCCon

Require all grantedWSGIScriptAlias / / home/shanghai/pc_django/PCCon/PCCon/wsgi.py# WSGIDaemonProcess ziqiangxuetang.com python-path=/home/tu/blog:/home/tu/.virtualenvs/blog/lib/python2.7/site-packages# WSGIProcessGroup ziqiangxuetang.com Require all granted

2.sudo vim / etc/apache2/ports.conf

/ / If you just change the port or add more ports here, you will likely also

/ / have to change the VirtualHost statement in

/ etc/apache2/sites-enabled/000-default.conf

Listen 8000

Listen 443

Listen 443

3. Change the running user of apache2

Users running the apache server can change it in the / etc/apache2/envvars file. The default value is used here, and of course, you can also change it to your own current user. In this case, the permission problem is much easier, but it is more secure to recommend www-data users on the server. The following are the default settings:

Export APACHE_RUN_USER=www-data

Export APACHE_RUN_GROUP=www-data

4. Add Certification HEAD

Add file / etc/apache2/.htacess content:

RewriteEngine On

RewriteCond% {HTTP:Authorization} ^ (.)

RewriteRule. -[e=HTTP_AUTHORIZATION:%1]

Edit / etc/apache2/apache2.conf to add a line:

AccessFileName .htaccess

WSGIPAssAuthorization On

5.sudo vi ~ / pc_django/PCCon/PCCon/wsgi.py

Add

Import sys

From os.path import join,dirname,abspath

PROJECT_DIR = dirname (dirname (abspath (file)

Sys.path.insert (0mum Proceedings DIR)

6. Set directory and file permissions

If the project location is in ~ / pc_django/PCCon (there is a manage.py,zqxt under zqxt is the project name)

General directory permissions are set to 755 and file permissions to 644

Cd ~ / pc_django/PCCon

Sudo chmod-R 644 PCCon

Sudo find PCCon-type d | xargs chmod 755

If it is the saved directory of the uploaded file or the database file of sqlite3, apache is required to execute the user's write permission.

Sudo chgrp-R www-data uploads_dir

Sudo chmod-R Grouw uploads_dir

7. Activate the new website and restart the server

A2ensite / etc/apache2/sites-available/public_cloud.conf

Service restart

Sudo service apache2 restart or sudo service apache2 reload

Cat / etc/passwd | cut-f 1-d:

Mount-rw-o remount /

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.