Linux基礎系列-Day6
Samba服務(基於CentOS 7.0)
Samba是在Linux和UNIX系統上實現SMB協議的一個免費軟件,由服務器及客戶端程序構成,Samba主要用於Linux或UNIX和Windows系統之間的文件共享。
SMB(Server Messages Block,信息服務塊)是一種在局域網上共享文件和打印機的一種通信協議,它為局域網內的不同計算機之間提供文件及打印機等資源的共享服務。
服務安裝
[[email protected] ~]# yum install samba -y
啟動服務
[[email protected] ~]# systemctl start smb #啟動samba服務[[email protected] ~]# systemctl status smb #查看服務狀態 smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: active (running) since Tue 2017-05-30 21:14:18 EDT; 8s ago Main PID: 2958 (smbd) Status: "smbd: ready to serve connections..." CGroup:/system.slice/smb.service ?..2958 /usr/sbin/smbd ?..2959 /usr/sbin/smbd May 30 21:14:18 centos-python smbd[2958]: [2017/05/30 21:14:18.242052, 0] ../lib/util/become_daemon.c:136(daemon_ready) May 30 21:14:18 centos-python systemd[1]: Started Samba SMB Daemon.
[[email protected] ~]# systemctl enable smb #設置開機啟動
ln -s ‘/usr/lib/systemd/system/smb.service‘ ‘/etc/systemd/system/multi-user.target.wants/smb.service‘
配置一個訪問用戶
[[email protected] ~]# useradd usertest #增加一個用戶 [[email protected] ~]# smbpasswd -a usertest #將該用戶配置為samba用戶 New SMB password: Retype new SMB password: Added user usersmb.
配置防火墻和SELinux
[[email protected] ~]# firewall-cmd --permanent --add-service=samba #放行samba服務,使外部能夠訪問該服務 success [[email protected]-python ~]# firewall-cmd --reload #使防火墻配置生效 success
[[email protected] ~]# getenforce #查看SELinux狀態,關閉即可
Disabled
驗證
windows下使用運行工具,輸入Linux服務器共享地址:ip地址+家目錄
確定連接後,提示輸入用戶名和密碼,即smbpasswd -a usertest的用戶名和密碼
登陸成功即可看到共享的文件信息
服務配置-基於用戶的共享目錄
配置文件:/etc/samba/smb.conf
全局配置項說明(部分):[global]配置節
[global] workgroup = MYGROUP #工作組,如果設置為WORKGROUP,則在windows的網絡發現內可以直接看到共享 server string = Samba Server Version %v #該服務器的說明信息 ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. #允許哪些ip地址或者網段訪問該服務器,默認允許所有,去掉;生效
格式:127.表示127開頭的網段,192.168.12.表示192.168.12網段,192.168.13.1表示一個主機
; max protocol = SMB2 # log files split per-machine: log file = /var/log/samba/log.%m #日誌文件的存放路徑 # maximum size of 50KB per log file, then rotate: max log size = 50 #日誌文件的最大容量 security = user #samba服務的安全訪問級別,user是基於smb配置的用戶的 passdb backend = tdbsam ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = <NT-Server-Name> ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the following login script name is determined by the machine name # (%m): ; logon script = %m.bat # the following login script name is determined by the UNIX user used: ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # use an empty path to disable profile support: ; logon path = # various scripts can be used on a domain controller or a stand-alone # machine to add or delete corresponding UNIX accounts: ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" ; local master = no ; os level = 33 ; preferred master = yes ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes load printers = yes cups options = raw ; printcap name = /etc/printcap # obtain a list of printers automatically on UNIX System V systems: ; printcap name = lpstat ; printing = cups ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes
共享配置項說明:[homes]配置節
該配置節用來共享smb用戶本身的"家"目錄,當使用smb用戶登入samba server 後,默認能夠看到用戶的家目錄。
[homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S
共享配置項說明:[printers]配置節
打印共享配置此處略
共享配置項說明:匿名(公開)共享,允許所有用戶訪問共享目錄
[public] #共享模塊名 comment = Public Stuff #共享的註釋說明信息 path = /share #共享目錄路徑,除了smb設置的共享權限外,該目錄在操作系統層面的權限也會限制讀寫權限 public = yes #是否配置為匿名共享,但是當前smb安全級別為user,所以必須登錄用戶,當安全級別為share時無需登錄 writable = yes #smb設置的寫權限,賦予所有用戶寫入權限,當與read only沖突時,無視read only配置 printable = no #是否允許打印 write list = +staff
共享配置項權限管理:
browseable 在瀏覽資源中顯示共享目錄,若為否則必須指定共享路徑才能存取
hide dot ftles 隱藏隱藏文件
public 公開共享,若為否則進行身份驗證(只有當security = share 時此項才起作用)
guest ok 公開共享,若為否則進行身份驗證(只有當security = share 時此項才起作用)
read only 以只讀方式共享當與writable發生沖突時也writable為準
writable 不以只讀方式共享當與read only發生沖突時,無視read only
vaild users 設定只有此名單內的用戶才能訪問共享資源(拒絕優先)([email protected])
invalid users 設定只有此名單內的用戶不能訪問共享資源(拒絕優先)([email protected])
read list 設定此名單內的成員為只讀([email protected])
write list 若設定為只讀時,則只有此設定的名單內的成員才可作寫入動作([email protected])
create mask 建立文件時所給的權限
directory mask 建立目錄時所給的權限
force group 指定存取資源時須以此設定的群組使用者進入才能存取([email protected])
force user 指定存取資源時須以此設定的使用者進入才能存取([email protected])
allow hosts 設定只有此網段/IP的用戶才能訪問共享資源
deny hosts 設定只有此網段/IP的用戶不能訪問共享資源
nginx服務(基於CentOS7.0)
服務安裝(yum)
nginx服務安裝包沒有封裝在系統鏡像中,需要到epel源倉庫中獲取。
[[email protected] yum.repos.d]# yum install epel-release -y #安裝epel源文件,使yum能夠訪問epel源 [[email protected] yum.repos.d]# yum install nginx -y #安裝nginx軟件包
服務安裝(源代碼)
[[email protected] ~]# tar -xzvf nginx-1.12.0.tar.gz #解壓軟件包 [[email protected] ~]# cd nginx-1.12.0/ [[email protected] nginx-1.12.0]# ./configure --prefix=/usr/local/nginx --without-http_rewrite_module #配置軟件包安裝路徑,並禁止使用復寫模塊 [[email protected] nginx-1.12.0]# make && make install #安裝前提註意安裝相應的開發者工具包
服務啟動(源代碼安裝方式)
[[email protected] ~]# cd /usr/local/nginx/sbin/ #啟動腳本所在目錄 [[email protected] sbin]# ./nginx -c /usr/local/nginx/conf/nginx.conf #以/usr/local/nginx/conf/nginx.conf內的配置信息啟動服務 [[email protected] sbin]# netstat -an |grep 80 #查看nginx監聽端口是否開啟 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp6 0 0 :::52807 :::* LISTEN udp 0 0 0.0.0.0:4380 0.0.0.0:* unix 2 [ ACC ] STREAM LISTENING 15680 /var/run/avahi-daemon/socket unix 3 [ ] STREAM CONNECTED 18680 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 18000 /run/systemd/journal/stdout unix 2 [ ] DGRAM 18001 unix 3 [ ] STREAM CONNECTED 21380 [[email protected]-test sbin]# ps aux |grep nginx |grep -v grep root 5781 0.0 0.2 18496 608 ? Ss 07:23 0:00 nginx: master process ./nginx -c /usr/local/nginx/conf/nginx.conf #主進程 nobody 5782 0.0 0.5 21028 1356 ? S 07:23 0:00 nginx: worker process #工作進程
註意,nginx一個主進程可以對應多個工作進程,同時一臺機器可以啟動多個主進程,但是對應的配置文件必須不同,端口也必須不一個樣。
防火墻配置
[[email protected] sbin]# firewall-cmd --permanent --add-port=80/tcp #允許訪問80端口 success [[email protected]-test sbin]# firewall-cmd --reload #使配置生效 success [[email protected]-test sbin]# firewall-cmd --list-all #查詢是否開啟80端口 public (default, active) interfaces: eno16777736 sources: services: dhcpv6-client samba ssh ports: 80/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
瀏覽器訪問測試
能夠看到該界面表示服務能夠正常運行
配置文件說明:
[[email protected] conf]# cat nginx.conf|grep -v "^$" #user nobody; worker_processes 1; #工作進程數 #error_log logs/error.log; #錯誤日誌文件所在目錄 #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; #每個工作進程的並發連接數 } http { include mime.types; #導入模塊,該模塊是用來描述信息類型的國際標準,即文件擴展名與文件類型映射表 default_type application/octet-stream; #log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘ #日誌格式,可以自定義 # ‘$status $body_bytes_sent "$http_referer" ‘ # ‘"$http_user_agent" "$http_x_forwarded_for"‘; #access_log logs/access.log main; #連接日誌存放路徑,並調用main日誌格式 sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #用戶訪問連接超時時間,單位秒 #gzip on; server { listen 80; #監聽端口 server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; #網站家目錄 index index.html index.htm; #主頁文件 } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache‘s document root # concurs with nginx‘s one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
服務配置(負載均衡)
環境說明:一臺訪問的代理機器,三臺web機器,代理機負責將訪問轉發給web機
web1機器配置:
[[email protected] ~]# cd /usr/local/nginx/html/ [[email protected] html]# mv index.html index.html.apk [[email protected] html]# echo server1 >>index.html
web2機器配置:
[[email protected] ~]# cd /usr/local/nginx/html/ [[email protected] html]# mv index.html index.html.apk [[email protected] html]# echo server2 >>index.html
web3機器配置:
[[email protected] ~]# cd /usr/local/nginx/html/ [[email protected] html]# mv index.html index.html.apk [[email protected] html]# echo server3 >>index.html
三臺web啟動nginx:
[[email protected] html]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf [[email protected] html]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf [[email protected] html]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
驗證三臺web配置
輪詢模式配置
輪詢即後端的三臺web服務器依次訪問一次
修改代理機器配置文件nginx.conf
http { upstream myapp1 { #myapp1名字可以隨便起,下面調用替換即可 server 192.168.1.1; server 192.168.1.2; server 192.168.1.3; } server { listen 80; location / { proxy_pass http://myapp1; } } }
修改完啟動服務
[[email protected] ~]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
輪詢驗證(訪問後不斷刷新即可)
最小連接數模式配置
當新的訪問過來後,轉發給現在連接數最少的web上
修改代理機器配置文件nginx.conf
upstream myapp1 {
least_conn;
192.168.1.1;
192.168.1.2;
192.168.1.3;
}
重新生效配置文件
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
最小鏈接數驗證
(沒驗證,主機數量限制)
權重模式配置
輪詢的過程中加上權重值,權重高的接收的連接數多
修改配置文件
upstream myapp1 { server 192.168.1.1 weight=3; server 192.168.1.2; server 192.168.1.3; }
權重模式驗證
刷新五次頁面,會有三次出現server1,一次server2,一次server3,順序可能不一樣。
ip哈希模式配置
當一個訪問過來,按照hash算法對發出訪問請求的ip地址進行計算,匹配到一個web服務器上
ip哈希模式配置
upstream myapp1 {
ip_hash;
server 192.168.1.1;
server 192.168.1.2;
server 192.168.1.3;
}
ip哈希模式驗證
訪問後,只會匹配到一個web服務器,不斷刷新,訪問你的內容不會變
Linux基礎系列-Day6