openeuler服务管理

发表于 2023-11-26 分类于学习，实验手册

openEuler HCIP实验手册服务管理部分

openeuler服务管理

软件	版本
apache	2.4.43
nginx	1.21.5
mysql	5.7.38
php	8.0.30
wordpress	6.1.1

节点	IP	系统	功能	CPU	内存	硬盘
node1	10.80.20.1	openeuler20.03	apache	2核心	4GB	20GB
node2	10.80.20.2	openeuler20.03	nginx	2核心	4GB	20GB
node3	10.80.20.3	openeuler20.03	dns	2核心	4GB	20GB
node4	10.80.20.4	openeuler20.03	mysql	2核心	4GB	20GB

apache相关配置

apache安装及测试

node1

下载安装httpd：

1	# dnf install -y httpd

查看httpd版本并检查配置文件：

# httpd -v
Server version: Apache/2.4.43 (Unix)
Server built:   Nov  8 2023 10:46:26
# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::129b:b1d2:e4cf:22c7%ens160. Set the 'ServerName' directive globally to suppress this message
Syntax OK

修改配置文件，消除报错：

1
2
3

# vim /etc/httpd/conf/httpd.conf
# 95行，修改配置
ServerName www.test.com:80

1 2	# httpd -t Syntax OK

启动httpd并设置开机自启：

1 2	# systemctl enable httpd --now # systemctl status httpd

检测80端口：

1 2	# ss -tlunp \| grep 80 tcp LISTEN 0 128 :80 :* users:(("httpd",pid=262922,fd=4),("httpd",pid=262921,fd=4),("httpd",pid=262920,fd=4),("httpd",pid=262917,fd=4))

访问80端口：

# curl -s 10.80.20.1:80 | head -5
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
        <head>
                <title>Test Page for the Apache HTTP Server on openEuler Linux</title>

浏览器访问：http://10.80.20.1/

apache主页面配置

注释监听端口：

1
2
3

# vim /etc/httpd/conf/httpd.conf
# 42行，注释配置
#Listen 80

添加监听端口配置：

1 2	# vim /etc/httpd/conf.d/port.conf Listen 10.80.20.1:81

1	# systemctl reload httpd

访问测试：

# curl 127.0.0.1:80
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
# curl 127.0.0.1:81
curl: (7) Failed to connect to 127.0.0.1 port 81: Connection refused
# curl 10.80.20.1:80
curl: (7) Failed to connect to 10.80.20.1 port 80: Connection refused
# curl 10.80.20.1:81
# curl -s 10.80.20.1:81 | head -5
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
        <head>
                <title>Test Page for the Apache HTTP Server on openEuler Linux</title>

修改主页面：

1
2
3

# echo "hello openeuler" > /var/www/html/index.html
# curl 10.80.20.1:81
hello openeuler

创建新的主页面目录：

1 2	# mkdir /home/source # cp /var/www/html/index.html /home/source/

修改主页面目录：

1
2
3

# vim /etc/httpd/conf/httpd.conf
# 119行，注释配置
#DocumentRoot "/var/www/html"

# vim /etc/httpd/conf.d/source.conf
DocumentRoot "/home/source"
<Directory "/home/source">
    AllowOverride None
    Require all granted
</Directory>

1
2
3

# systemctl reload httpd
# curl 10.80.20.1:81
hello openeuler

修改主页面名称：

# mv /home/source/index.html /home/source/Index.html
# vim /etc/httpd/conf.d/source.conf
# 尾行，添加配置
DirectoryIndex Index.html

1
2
3

# systemctl reload httpd
# curl 10.80.20.1:81
hello openeuler

apache动态功能模块加载卸载练习

查看是否加载模块：

1 2	# httpd -M \| grep status status_module (shared)

添加开启ExtendedStatus配置，配置权限：

# vim /etc/httpd/conf.d/module.conf
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from all
</Location>
ExtendedStatus On

1	# systemctl reload httpd

浏览器访问：http://10.80.20.1:81/server-status

卸载mod_status模块：

1
2
3

# vim /etc/httpd/conf.modules.d/00-base.conf
# 60行，添加注释
#LoadModule status_module modules/mod_status.so

# systemctl reload httpd
# curl 10.80.20.1:81/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

恢复mod_status模块：

1
2
3

# vim /etc/httpd/conf.modules.d/00-base.conf
# 60行，取消注释
LoadModule status_module modules/mod_status.so

1 2	# systemctl reload httpd # curl 10.80.20.1:81/server-status

apache mpm工作模式调整

不同方式查看mpm当前工作模式：

1 2	# httpd -M \| grep mpm mpm_event_module (shared)

1 2	# curl -s 10.80.20.1:81/server-status \| grep "Server MPM:" <dt>Server MPM: event</dt>

1 2	# grep "^LoadModule mpm" /etc/httpd/conf.modules.d/00-mpm.conf LoadModule mpm_event_module modules/mod_mpm_event.so

修改mpm工作方式：

# vim /etc/httpd/conf.modules.d/00-mpm.conf
# 17行，取消注释
LoadModule mpm_worker_module modules/mod_mpm_worker.so
# 23行，注释
#LoadModule mpm_event_module modules/mod_mpm_event.so

1
2
3

# systemctl restart httpd
# httpd -M | grep mpm
 mpm_worker_module (shared)

恢复mpm配置：

# vim /etc/httpd/conf.modules.d/00-mpm.conf
# 17行，注释
# LoadModule mpm_worker_module modules/mod_mpm_worker.so
# 23行，取消注释
LoadModule mpm_event_module modules/mod_mpm_event.so

1	# systemctl restart httpd

apache持久连接配置

查看非持久连接状态：

浏览器访问：http://10.80.20.1:81/server-status

开启持久连接状态并配置参数：

# vim /etc/httpd/conf.d/keepalived.conf
KeepAlive On
KeepAliveTimeout 20
MaxKeepAliveRequests 500

1	# systemctl reload httpd

apache静态资源配置

通过文件系统路径的方式指定静态资源

准备资源：

# mkdir /home/source/test
# cd /home/source/test/
# echo "hello test1" > test1
# ln -s test1 test2

修改配置：

# vim /etc/httpd/conf.d/source.conf
DocumentRoot "/home/source"
<Directory "/home/source">
    Options Indexes
    AllowOverride None
    Require all granted
</Directory>
<Directory "/home/source/test">
    Options Indexes
    AllowOverride None
    Require all granted
</Directory>
DirectoryIndex Index.html

1	# systemctl reload httpd

浏览器访问：http://10.80.20.1:81/test/

修改配置，再次访问：

1
2
3

# vim /etc/httpd/conf.d/source.conf
# 3行、8行，修改配置
    Options Indexes FollowSymLinks

1	# systemctl reload httpd

通过别名指定静态资源：

1
2
3

# vim /etc/httpd/conf.d/source.conf
# 尾行，添加配置
Alias /test2 "/home/source/test"

1	# systemctl reload httpd

浏览器访问：http://10.80.20.1:81/test2/

为静态资源设置访问权限（基于源地址）

修改配置，禁止浏览器访问：

# vim /etc/httpd/conf.d/source.conf
# 7~11行，修改配置
<Directory "/home/source/test">
    Options Indexes FollowSymLinks
    <RequireAll>
        Require all granted
        Require not ip 10.80.0.1
    </RequireAll>
</Directory>

1	# systemctl reload httpd

浏览器访问：http://10.80.20.1:81/test2/

查看日志：

# tail /var/log/httpd/error_log 
[Sun Nov 26 18:28:13.998635 2023] [authz_core:error] [pid 650032:tid 140443006265088] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.126325 2023] [authz_core:error] [pid 650032:tid 140443098519296] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.249954 2023] [authz_core:error] [pid 650032:tid 140442997872384] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.382242 2023] [authz_core:error] [pid 650032:tid 140442964301568] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.526147 2023] [authz_core:error] [pid 650032:tid 140442402285312] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.678413 2023] [authz_core:error] [pid 650032:tid 140442385499904] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.833289 2023] [authz_core:error] [pid 650032:tid 140442368714496] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:14.978379 2023] [authz_core:error] [pid 650032:tid 140442981086976] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:15.110359 2023] [authz_core:error] [pid 650032:tid 140442989479680] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test
[Sun Nov 26 18:28:15.258449 2023] [authz_core:error] [pid 650032:tid 140442410678016] [client 10.80.0.1:55264] AH01630: client denied by server configuration: /home/source/test

修改配置，允许访问：

# vim /etc/httpd/conf.d/source.conf
# 9~12行，添加注释
#    <RequireAll>
#        Require all granted
#        Require not ip 10.80.0.1
#    </RequireAll>
# 8行，添加配置
    AllowOverride ALL

添加.htaccess配置，禁止访问，浏览器依然不能访问：

# vim /home/source/test/.htaccess
<RequireAll>
    Require all granted
    Require not ip 10.80.0.1
</RequireAll>

为静态资源设置访问权限（基于账户）

创建密码：

1 2	# cd /home/source/test/ # htpasswd -cb .passwd test Huawei@123

添加认证配置：

# vim /home/source/test/.htaccess
# 尾行，添加配置
Authtype Basic
AuthName "http test"
AuthUserFile "/home/source/test/.passwd"
Require user test

1	# systemctl reload httpd

浏览器访问：http://10.80.20.1:81/test2/

1 2	用户名：test 密码：Huawei@123

apache虚拟主机

创建资源目录：

# cd /home/source/
# mkdir test{1..3}
# echo "hello test1" > test1/test1
# echo "hello test2" > test2/test2
# echo "hello test3" > test3/test3

创建虚拟主机配置文件：

# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:81>
    ServerName www.test1.com
    DocumentRoot "/home/source/test1"
    DirectoryIndex test1
</VirtualHost>
<VirtualHost *:81>
    ServerName www.test2.com
    DocumentRoot "/home/source/test2"
    DirectoryIndex test2
</VirtualHost>
<VirtualHost *:81>
    ServerName www.test3.com
    DocumentRoot "/home/source/test3"
    DirectoryIndex test3
</VirtualHost>

修改hosts：

# vim /etc/hosts
# 尾行，添加配置
10.80.20.1 www.test1.com
10.80.20.1 www.test2.com
10.80.20.1 www.test3.com

修改别名配置，防止冲突：

1
2
3

# vim /etc/httpd/conf.d/source.conf
# 尾行，注释配置
#Alias /test2 "/home/source/test"

# systemctl restart httpd
# curl www.test1.com:81
hello test1
# curl www.test2.com:81
hello test2
# curl www.test3.com:81
hello test3

https服务配置

安装mod_ssl模块：

1	# dnf install -y mod_ssl

创建私钥：

1 2	# mkdir /etc/ca && cd /etc/ca # openssl genrsa -out ca.key 2048

私钥生成ca证书：

# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
CN
ZJ
HZ
回车
回车
test1.com
回车

私钥和ca证书生成请求文件：

# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.test1.com.key -out www.test1.com.csr
CN
ZJ
HZ
回车
回车
www.test1.com
回车
回车
回车

为服务器签发证书：

1	# openssl x509 -req -days 36500 -in www.test1.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.test1.com.csr

指定ssl证书：

# vim /etc/httpd/conf.d/ssl.conf
# 101行，修改配置
SSLCertificateFile /etc/ca/www.test1.com.csr
# 109行，修改配置
SSLCertificateKeyFile /etc/ca/www.test1.com.key

1	# systemctl reload httpd

添加windows地址解析：

C:\Windows\System32\drivers\etc\hosts

1	10.80.20.1 www.test1.com

cmd刷新dns：

1	> ipconfig/flushdns

浏览器访问：https://www.test1.com/

继续访问：

nginx相关配置

安装和测试nginx

node2

下载安装nginx：

1	# dnf install -y nginx

查看nginx版本：

1 2	# nginx -v nginx version: nginx/1.21.5

启动nginx，查看进程：

# systemctl enable nginx --now
# ps -ef | grep nginx
root       48659       1  0 19:21 ?        00:00:00 nginx: master process /usr/sbin/nginx
nginx      48660   48659  0 19:21 ?        00:00:00 nginx: worker process
nginx      48661   48659  0 19:21 ?        00:00:00 nginx: worker process
root       50186    1295  0 19:21 pts/0    00:00:00 grep --color=auto nginx

浏览器访问：http://10.80.20.2/

nginx基础配置

静态资源访问配置

修改全局配置：

# vim /etc/nginx/nginx.conf
# 5~6行，修改配置
user nginx;
worker_processes 4;

重载nginx：

# nginx -s reload
# ps -ef | grep nginx
root       48659       1  0 19:21 ?        00:00:00 nginx: master process /usr/sbin/nginx
nginx      81210   48659  0 19:26 ?        00:00:00 nginx: worker process
nginx      81211   48659  0 19:26 ?        00:00:00 nginx: worker process
nginx      81212   48659  0 19:26 ?        00:00:00 nginx: worker process
nginx      81213   48659  0 19:26 ?        00:00:00 nginx: worker process
root       81562    1295  0 19:26 pts/0    00:00:00 grep --color=auto nginx

创建静态资源数据：

# mkdir -p /data/Nginx
# echo "hello openeuler" > /data/Nginx/index.html
# echo "hello nginx" > /data/Nginx/test.txt
# cp /usr/share/nginx/html/nginx-logo.png /data/Nginx/
# ls /data/Nginx/
index.html  nginx-logo.png  test.txt

创建静态资源配置文件：

# vim /etc/nginx/conf.d/static.conf
server {
    listen 81;
    server_name www.test.com;
    root /data/Nginx;
    index index.html;
}

查看配置文件正确性，重新加载nginx：

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# nginx -s reload

添加windows地址解析：

C:\Windows\System32\drivers\etc\hosts

1	10.80.20.2 www.test.com

cmd刷新dns：

1	> ipconfig/flushdns

浏览器访问：http://www.test.com:81/

浏览器访问：http://www.test.com:81/nginx-logo.png

浏览器访问：http://www.test.com:81/test.txt

虚拟主机配置

创建资源目录：

# cd /data/
# mkdir nginx{1..3}
# echo "hello nginx1" > nginx1/index.html
# echo "hello nginx2" > nginx2/index.html
# echo "hello nginx3" > nginx3/index.html

创建虚拟主机配置：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location / {
        root /data/nginx1;
        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location / {
        root /data/nginx2;
        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
        root /data/nginx3;
        index index.html;
    }
}

# nginx -t
# nginx -s reload
# curl localhost:81
hello nginx1
# curl localhost:82
hello nginx2
# curl localhost:83
hello nginx3

location参数配置实践

修改资源文件夹：

1	# mv /data/nginx1/ /data/Nginx1

修改虚拟主机配置文件：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location / {
        root /data/nginx1;
        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location /nginx2 {
        root /data;
        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
        root /data/nginx3;
        index index.html;
    }
}

# nginx -s reload
# curl localhost:81
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.5</center>
</body>
</html>
# curl -s localhost:82 | head -5
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
# curl -s localhost:83
hello nginx3
# curl -s localhost:82/nginx2
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.21.5</center>
</body>
</html>

修改虚拟主机配置文件：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location ~* \.html$ {
        root /data/Nginx1;
#        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location /nginx2/index.html {
        root /data;
#        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
#        root /data/nginx3;
        index index.html;
    }
}

# nginx -s reload
# curl -s localhost:81
hello nginx1
# curl localhost:82/nginx2/index.html
hello nginx2
# curl -s localhost:83 | head -5
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

修改虚拟主机配置文件：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location /Nginx1 {
        root /data;
        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location /nginx2 {
        alias /data/nginx2/index.html;
#        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
#        root /data/nginx3;
        index index.html;
    }
}

# nginx -s reload
# curl localhost:81/Nginx1/
hello nginx1
# curl localhost:81/Nginx1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.21.5</center>
</body>
<# curl localhost:82/nginx2
hello nginx2
# curl localhost:82/nginx2/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.5</center>
</body>
</html>
/html>

nginx反向代理和负载均衡配置

nginx的反向代理配置

修改虚拟主机配置，81端口代理83端口：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location / {
        proxy_pass http://127.0.0.1:83;
#        root /data;
#        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location /nginx2 {
        alias /data/nginx2/index.html;
#        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
        root /data/nginx3;
        index index.html;
    }
}

1
2
3

# nginx -s reload
# curl localhost:81
hello nginx3

修改虚拟主机配置，81端口代理82端口：

# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location /nginx1 {
        proxy_pass http://127.0.0.1:82/nginx2;
#        root /data;
#        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location /nginx2 {
        alias /data/nginx2/index.html;
#        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
        root /data/nginx3;
        index index.html;
    }
}

1
2
3

# nginx -s reload
# curl localhost:81/nginx1
hello nginx2

nginx负载均衡配置

恢复虚拟主机配置文件：

# mv /data/nginx1/ /data/Nginx1
# rm -rf /data/Nginx/
# rm -rf /etc/nginx/conf.d/static.conf
# vim /etc/nginx/conf.d/vhost.conf
server {
    listen 81;
    server_name localhost;
    location / {
        root /data/nginx1;
        index index.html;
    }
}
server {
    listen 82;
    server_name localhost;
    location / {
        root /data/nginx2;
        index index.html;
    }
}
server {
    listen 83;
    server_name localhost;
    location / {
        root /data/nginx3;
        index index.html;
    }
}

# nginx -s reload
# curl 10.80.20.2:81
hello nginx1
# curl 10.80.20.2:82
hello nginx2
# curl 10.80.20.2:83
hello nginx3

添加负载均衡配置文件：

# vim /etc/nginx/conf.d/lb.conf
upstream www.test.com {
    server 10.80.20.2:81;
    server 10.80.20.2:82;
    server 10.80.20.2:83;
}
server {
    location / {
        proxy_pass http://www.test.com;
    }
}

添加hosts：

1
2
3

# vim /etc/hosts
# 尾行，添加配置
10.80.20.2 www.test.com

# nginx -s reload
# for i in {1..10}; do curl www.test.com; done
hello nginx1
hello nginx2
hello nginx3
hello nginx1
hello nginx2
hello nginx3
hello nginx1
hello nginx2
hello nginx3
hello nginx1

添加负载权重：

# vim /etc/nginx/conf.d/lb.conf
upstream www.test.com {
    server 10.80.20.2:81 weight=2;
    server 10.80.20.2:82 weight=1;
    server 10.80.20.2:83;
}
server {
    location / {
        proxy_pass http://www.test.com;
    }
}

# nginx -s reload
# for i in {1..10}; do curl www.test.com; done
hello nginx1
hello nginx2
hello nginx3
hello nginx1
hello nginx1
hello nginx2
hello nginx3
hello nginx1
hello nginx1
hello nginx2

添加负载备用服务器：

# vim /etc/nginx/conf.d/lb.conf
upstream www.test.com {
    server 10.80.20.2:81 backup;
    server 10.80.20.2:82;
    server 10.80.20.2:83;
}
server {
    location / {
        proxy_pass http://www.test.com;
    }
}

# nginx -s reload
# for i in {1..10}; do curl www.test.com; done
hello nginx2
hello nginx3
hello nginx2
hello nginx3
hello nginx2
hello nginx3
hello nginx2
hello nginx3
hello nginx2
hello nginx3

开启备用服务器，只有关闭所有其它后端服务器，备用服务器才会启动：

# vim /etc/nginx/conf.d/lb.conf
upstream www.test.com {
    server 10.80.20.2:81 backup;
    server 10.80.20.2:82 down;
    server 10.80.20.2:83 down;
}
server {
    location / {
        proxy_pass http://www.test.com;
    }
}

# nginx -s reload
# for i in {1..10}; do curl www.test.com; done
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1
hello nginx1

dns相关配置

安装dns软件

node3

下载安装dns：

# dnf install -y bind bind-utils
# systemctl enable named --now
# systemctl status named
# nslookup -version
nslookup 9.11.21-9.11.21-18.oe1

检测端口：

# ss -tlunp | grep 53
udp     UNCONN   0        0              127.0.0.1:53            0.0.0.0:*       users:(("named",pid=11071,fd=512))                                             
udp     UNCONN   0        0                  [::1]:53               [::]:*       users:(("named",pid=11071,fd=513))                                             
tcp     LISTEN   0        10             127.0.0.1:53            0.0.0.0:*       users:(("named",pid=11071,fd=21))                                              
tcp     LISTEN   0        128            127.0.0.1:953           0.0.0.0:*       users:(("named",pid=11071,fd=23))                                              
tcp     LISTEN   0        10                 [::1]:53               [::]:*       users:(("named",pid=11071,fd=22))                                              
tcp     LISTEN   0        128                [::1]:953              [::]:*       users:(("named",pid=11071,fd=24))

dns主服务器搭建

创建正向解析：

1 2	# cd /var/named/ # cp -p named.localhost test.com.zone

修改正向解析配置：

# vim test.com.zone
$TTL 1D
@       IN SOA  master.test.com. admin.test.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      master
master  A       10.80.20.3
www     CNAME   main
main    A       10.80.20.2

修改dns服务监听端口权限配置：

# vim /etc/named.conf
# 11行，修改配置
        listen-on port 53 { localhost; };
# 19行，修改配置
        allow-query     { any; };

添加dns解析配置：

# vim /etc/named.rfc1912.zones
# 尾行，添加配置
zone "test.com" IN {
        type master;
        file "test.com.zone";
};

检查dns配置文件：

1
2
3

# named-checkconf
# named-checkzone test.com /var/named/test.com.zone
# rndc reload

node2

修改服务器dns：

1
2
3

# dnf install -y bind bind-utils
# nmcli con mod ens160 ipv4.dns 10.80.20.3
# nmcli c down ens160 && nmcli c up ens160

查看dns解析：

# nslookup www.test.com
Server:         10.80.20.3
Address:        10.80.20.3#53

www.test.com    canonical name = main.test.com.
Name:   main.test.com
Address: 10.80.20.2

访问测试，因为负载均衡，转跳到nginx1：

1 2	# curl www.test.com hello nginx1

dns反向解析配置

node3

创建反向解析：

1 2	# cd /var/named/ # cp -p named.loopback 10.80.20.zone

修改反向解析配置：

# vim 10.80.20.zone
$TTL 1D
@       IN SOA  master.test.com. admin.test.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      master
master  A       10.80.20.3
2       PTR     www.test.com

添加dns解析配置：

# vim /etc/named.rfc1912.zones
# 尾行，添加配置
zone "20.80.10.in-addr.arpa" IN {
        type master;
        file "10.80.20.zone";
        allow-update { none; };
};

检查dns配置文件：

1
2
3

# named-checkconf
# named-checkzone 20.80.10 /var/named/10.80.20.zone
# rndc reload

node2

测试反向解析：

1 2	# nslookup 10.80.20.2 2.20.80.10.in-addr.arpa name = www.test.com.20.80.10.in-addr.arpa.

修改dns：

1 2	# nmcli con mod ens160 ipv4.dns 114.114.114.114 # nmcli c down ens160 && nmcli c up ens160

mysql相关配置

安装和初始化mysql

安装mysql

node4

下载安装mysql8：

1	# dnf install mysql5-server

启动mysql：

1
2
3

# systemctl enable mysqld --now
# ss -tlunp | grep 3306
tcp     LISTEN   0        80                     *:3306                *:*       users:(("mysqld",pid=212121,fd=21))

登录及初始化mysql

登录mysql并修改密码：

# mysql

mysql> ALTER user root@'localhost' IDENTIFIED BY 'Huawei@123';
Query OK, 0 rows affected (0.00 sec)

查看默认数据库：

mysql> SHOW databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec)

查看用户信息：

mysql> SELECT user,host FROM mysql.user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
+---------------+-----------+
3 rows in set (0.00 sec)

mysql> exit

mysqladmin实践练习

查看mysql状态：

1
2
3

# mysqladmin -uroot -p'Huawei@123' status
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Uptime: 433  Threads: 2  Questions: 56  Slow queries: 0  Opens: 179  Flush tables: 3  Open tables: 95  Queries per second avg: 0.129

查看mysql版本：

# mysqladmin -uroot -p'Huawei@123' version
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
mysqladmin  Ver 8.42 Distrib 5.7.38, for Linux on x86_64
Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Server version          5.7.38
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 8 min 26 sec

Threads: 1  Questions: 73  Slow queries: 0  Opens: 137  Flush tables: 1  Open tables: 130  Queries per second avg: 0.144

查看mysql活动的线程：

# mysqladmin -uroot -p'Huawei@123' processlist
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
+----+------+-----------+----+---------+------+----------+------------------+
| Id | User | Host      | db | Command | Time | State    | Info             |
+----+------+-----------+----+---------+------+----------+------------------+
| 10 | root | localhost |    | Query   | 0    | starting | show processlist |
+----+------+-----------+----+---------+------+----------+------------------+

刷新mysql表、线程：

# 刷新所有表
# mysqladmin -uroot -p'Huawei@123' flush-tables
# 刷新所有线程缓存
# mysqladmin -uroot -p'Huawei@123' flush-threads
# 刷新所有日志
# mysqladmin -uroot -p'Huawei@123' flush-logs

查看mysql能否ping通：

1
2
3

# mysqladmin -uroot -p'Huawei@123' ping
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
mysqld is alive

创建数据库：

1 2	# mysqladmin -uroot -p'Huawei@123' create test mysqladmin: [Warning] Using a password on the command line interface can be insecure.

删除数据库：

# mysqladmin -uroot -p'Huawei@123' drop test
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.

Do you really want to drop the 'test' database [y/N] y
Database "test" dropped

mysql综合实践

创建数据库Vegetables，字符集为utf8mb4：

# mysql -uroot -p'Huawei@123'

mysql> CREATE DATABASE Vegetables CHARACTER SET = utf8mb4;
Query OK, 1 row affected (0.02 sec)

mysql> USE Vegetables;
Database changed

mysql> SELECT database();
+------------+
| database() |
+------------+
| Vegetables |
+------------+
1 row in set (0.00 sec)

创建数据表：

mysql> CREATE TABLE Vegetables(
ID SMALLINT UNSIGNED PRIMARY KEY,
Name VARCHAR(10) NOT NULL,
Price DECIMAL(5,2),
Qty DECIMAL(7,2),
PIC VARCHAR(10) NOT NULL
);
Query OK, 0 rows affected (0.01 sec)

mysql> DESC Vegetables;
+-------+-------------------+------+-----+---------+-------+
| Field | Type              | Null | Key | Default | Extra |
+-------+-------------------+------+-----+---------+-------+
| ID    | smallint unsigned | NO   | PRI | NULL    |       |
| Name  | varchar(10)       | NO   |     | NULL    |       |
| Price | decimal(5,2)      | YES  |     | NULL    |       |
| Qty   | decimal(7,2)      | YES  |     | NULL    |       |
| PIC   | varchar(10)       | NO   |     | NULL    |       |
+-------+-------------------+------+-----+---------+-------+
5 rows in set (0.00 sec)

添加数据：

mysql> INSERT Vegetables VALUES
(1,'白菜',NULL,200,'张三'),
(2,'土豆',2.60,300,'李四'),
(3,'青菜',6,150,'王五'),
(4,'西红柿',5.2,230,'赵六'),
(5,'黄瓜',8,330,'王五');
Query OK, 5 rows affected (0.06 sec)
Records: 5  Duplicates: 0  Warnings: 0

查看数据：

mysql> SELECT * FROM Vegetables;
+----+-----------+-------+--------+--------+
| ID | Name      | Price | Qty    | PIC    |
+----+-----------+-------+--------+--------+
|  1 | 白菜      |  NULL | 200.00 | 张三   |
|  2 | 土豆      |  2.60 | 300.00 | 李四   |
|  3 | 青菜      |  6.00 | 150.00 | 王五   |
|  4 | 西红柿    |  5.20 | 230.00 | 赵六   |
|  5 | 黄瓜      |  8.00 | 330.00 | 王五   |
+----+-----------+-------+--------+--------+
5 rows in set (0.00 sec)

查询王五负责的蔬菜：

mysql> SELECT * FROM Vegetables WHERE PIC='王五';
+----+--------+-------+--------+--------+
| ID | Name   | Price | Qty    | PIC    |
+----+--------+-------+--------+--------+
|  3 | 青菜   |  6.00 | 150.00 | 王五   |
|  5 | 黄瓜   |  8.00 | 330.00 | 王五   |
+----+--------+-------+--------+--------+
2 rows in set (0.00 sec)

查询王五负责的蔬菜名称和价格：

mysql> SELECT Name,Price FROM Vegetables WHERE PIC='王五';
+--------+-------+
| Name   | Price |
+--------+-------+
| 青菜   |  6.00 |
| 黄瓜   |  8.00 |
+--------+-------+
2 rows in set (0.00 sec)

查询王五或张三负责蔬菜的全部信息：

mysql> SELECT * FROM Vegetables WHERE PIC='王五' or PIC='张三';
+----+--------+-------+--------+--------+
| ID | Name   | Price | Qty    | PIC    |
+----+--------+-------+--------+--------+
|  1 | 白菜   |  NULL | 200.00 | 张三   |
|  3 | 青菜   |  6.00 | 150.00 | 王五   |
|  5 | 黄瓜   |  8.00 | 330.00 | 王五   |
+----+--------+-------+--------+--------+
3 rows in set (0.00 sec)

查询价格高出7.00且数量少于180的蔬菜全部信息：

1 2	mysql> SELECT * FROm Vegetables WHERE Price>7 and Qty<180; Empty set (0.00 sec)

查询张姓人员负责蔬菜的全部信息（模糊查询）：

mysql> SELECT * FROm Vegetables WHERE PIC LIKE '张%';
+----+--------+-------+--------+--------+
| ID | Name   | Price | Qty    | PIC    |
+----+--------+-------+--------+--------+
|  1 | 白菜   |  NULL | 200.00 | 张三   |
+----+--------+-------+--------+--------+
1 row in set (0.00 sec)

修改白菜价格为4.2：

mysql> UPDATE Vegetables SET Price=4.2 WHERE ID=1;
Query OK, 1 row affected (0.02 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> SELECT Price FROM Vegetables WHERE ID=1;
+-------+
| Price |
+-------+
|  4.20 |
+-------+
1 row in set (0.00 sec)

创建用户并设置密码：

mysql> CREATE USER vegetable_user@localhost IDENTIFIED BY 'Huawei@123';
Query OK, 0 rows affected (0.00 sec)

mysql> CREATE USER vegetable_admin@localhost IDENTIFIED BY 'Huawei@123';
Query OK, 0 rows affected (0.01 sec)

mysql> USE mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> UPDATE user SET HOST='%' WHERE user LIKE 'vege%';
Query OK, 2 rows affected (0.00 sec)
Rows matched: 2  Changed: 2  Warnings: 0

授权账户：

mysql> GRANT ALL PRIVILEGES ON *.* TO root@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON Vegetables.* TO vegetable_admin@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT ON Vegetables.* TO vegetable_user@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

测试账号：

# mysql -uvegetable_user -p'Huawei@123'

mysql> USE Vegetables;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> SELECT * FROM Vegetables;
+----+-----------+-------+--------+--------+
| ID | Name      | Price | Qty    | PIC    |
+----+-----------+-------+--------+--------+
|  1 | 白菜      |  4.20 | 200.00 | 张三   |
|  2 | 土豆      |  2.60 | 300.00 | 李四   |
|  3 | 青菜      |  6.00 | 150.00 | 王五   |
|  4 | 西红柿    |  5.20 | 230.00 | 赵六   |
|  5 | 黄瓜      |  8.00 | 330.00 | 王五   |
+----+-----------+-------+--------+--------+
5 rows in set (0.00 sec)

mysql> UPDATE Vegetables SET Price=5 WHERE ID=1;
ERROR 1142 (42000): UPDATE command denied to user 'vegetable_user'@'localhost' for table 'Vegetables'

mysql> exit

# mysql -uvegetable_admin -p'Huawei@123'

mysql> USE Vegetables;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> SELECT * FROM Vegetables;
+----+-----------+-------+--------+--------+
| ID | Name      | Price | Qty    | PIC    |
+----+-----------+-------+--------+--------+
|  1 | 白菜      |  4.20 | 200.00 | 张三   |
|  2 | 土豆      |  2.60 | 300.00 | 李四   |
|  3 | 青菜      |  6.00 | 150.00 | 王五   |
|  4 | 西红柿    |  5.20 | 230.00 | 赵六   |
|  5 | 黄瓜      |  8.00 | 330.00 | 王五   |
+----+-----------+-------+--------+--------+
5 rows in set (0.00 sec)

mysql> UPDATE Vegetables SET Price=5 WHERE ID=1;
Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> exit

修改数据表：

# mysql -uroot -p'Huawei@123'

mysql> USE Vegetables;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> ALTER TABLE Vegetables RENAME AS Vegetables1;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW tables;
+----------------------+
| Tables_in_Vegetables |
+----------------------+
| Vegetables1          |
+----------------------+
1 row in set (0.00 sec)

删除Vegetables1表：

mysql> DROP TABLE Vegetables1;
Query OK, 0 rows affected (0.02 sec)

mysql> show tables;
Empty set (0.00 sec)

删除Vegetables库：

1 2	mysql> DROP DATABASE Vegetables; Query OK, 0 rows affected (0.00 sec)

删除vegetable_admin和vegetable_user：

mysql> DROP USER vegetable_admin, vegetable_user;
Query OK, 0 rows affected (0.01 sec)

mysql> SELECT user FROM mysql.user WHERE user LIKE 'vege%';
Empty set (0.00 sec)

mysql> exit

lamp实战

前期组件对接测试

apache和php对接测试

node1

下载安装php：

1	# dnf install -y php

查看php版本：

# php -v
PHP 8.0.30 (cli) (built: Aug  3 2023 17:13:08) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.30, Copyright (c) Zend Technologies

修改配置文件，apache对接php：

# vim /etc/httpd/conf/httpd.conf
# 119行，取消注释
DocumentRoot "/var/www/html"
# 42行，取消注释
Listen 80
# 285行，添加配置
    AddType application/x-httpd-php .php

移除旧配置：

1
2
3

# cd /etc/httpd/conf.d/
# mkdir conf.bk && mv * conf.bk
# cp conf.bk/php.conf ./

重启httpd：

1
2
3

# httpd -t
# systemctl restart httpd
# systemctl status httpd

创建php脚本：

# vim /var/www/html/index.php
<?php
phpinfo();
?>

浏览器访问：http://10.80.20.1/index.php

php和mysql对接测试

node4

创建账号：

# mysql -uroot -p'Huawei@123'

mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'Huawei@123';
Query OK, 0 rows affected (0.02 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

node1

下载安装mysql：

1	# dnf install mysql5-server

连接mysql测试：

1
2
3

# mysql -uroot -h'10.80.20.4' -p'Huawei@123'

mysql> exit

安装php连接mysql驱动：

1	# dnf install -y php-mysqlnd

编写php连接mysql脚本：

# vim /var/www/html/conn_mysql.php
<?php
$con = mysqli_connect("10.80.20.4","root","Huawei@123");
if ($con)
    echo "OK\n";
else
    echo "NOT OK\n";
$con->close();
?>

1 2	# curl 10.80.20.1/conn_mysql.php OK

lamp项目实践

资源准备

下载软件包：

下载地址：https://cn.wordpress.org/download/releases/

1
2
3

# cd /home/
# mkdir wordpress && cd wordpress
# wget https://cn.wordpress.org/wordpress-6.1.1-zh_CN.tar.gz

解压：

1	# tar -xzvf wordpress-6.1.1-zh_CN.tar.gz

node4

创建wordpress数据库：

1 2	mysql> CREATE DATABASE wordpress; Query OK, 1 row affected (0.02 sec)

创建账户并授权：

mysql> CREATE USER wp@'%' IDENTIFIED BY 'Huawei@123';
Query OK, 0 rows affected (0.01 sec)

mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wp'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

安装并测试wordpress

node1

拷贝文件：

1 2	# cd /home/wordpress/wordpress # cp -ar * /var/www/html/

浏览器访问：http://10.80.20.1/wp-admin/setup-config.php

开始安装：

数据库名：wordpress
用户名：wp
密码：Huawei@123
数据库主机：10.80.20.4

将配置写入文件：

1	# vim /var/www/html/wp-config.php

建站信息：

站点标题：openeuler
用户名：openeuler
密码：Huawei@123
您的电子邮箱地址：test@test.com

安装完成：

进入主页：