2. Tech
  3. Linux Web Server Full Solution

Linux Web Server Full Solution

xiaoxiao2021-03-06  60

Apache Mysql PHP PROFTPD MOD_LIMITIP MOD_BANDWIDTH 1. The preface I combined with online information and personal practice, using an afternoon time to write this application for a typical configuration of the resource download site. This configuration of the web site initially implements the management of IP threads and thread traffic, and PROFTPD is used for uploading resources, and SSH is used for host management. There is no doubt that you can give yourself a valuable network bandwidth. There is a simple set of firewall configuration behind the article for reference. The Linux version I use is Redhat AS 3.0. I hope that everyone will communicate with me after reading this article, II. Software version apache-1.3.29 mysql-4.0.16 php-4.3.4 ProftPD-1.2.9 mod_limitipConn-0.04 mod_bandWidth-2.0.4 three, installation configuration MySQL # cd mysql-4.0.16 # ./configure --prefix = / usr / local / mysql --localStatedir = / usr / local / mysql / data --disable-maintainer-mode-with-mysqld-user = mysql - -ENABLE-LARGE-FILES-WITHOUT-Debug # make # make INSTALL Add MySQL User # / usr / sbin / groupadd mysql the we create a user caled mysql which belongs to the mysql group; # / usr / sbin / useradd -g mysql MySQL installation database file: #. / scripts / mysql_install_db set file permissions: # chown -r root: mysql / usr / local / mysql # chown -r mysql: mysql / usr / local / mysql / data configuration ld.so.conf # Vi /etc/ld.so.conf Add below: / usr / local / mysql / lib / mysql Startup file: # cp support-files / mysql.server /etc/init.d/mysql # CP Support- Files / my-medium.cnf /etc/my.cnf starts mysql: # / usr / local / mysql / bin / mysqld_safe -user = mysql & settings mysql Root password: # / usr / local / mysql / bin / mysqladmin -u root password new_password Set the mysql service to boot: # chmod 755 /etc/init.d/mysql # chkconfig --Add mysql # chk Config MySQL ON

# chkconfig mysql off 4. Installation Configuration PHP #CD PHP-4.3.4

Apache 1.3. * #. / configure --prefix = / ucd sr / local / php --With-apxs = / usr / local / apache / bin / apxs --with-mysql = / usr / local / mysql

Apache 2.0. *

#. / configure --prefix = / usr / local / php --with-apxs2 = / usr / local / apache / bin / apxs --with-mysql = / usr / local / mysql # make #make install builds PHP Profile: # cp php.ini-dist /usr/local/php/lib/php.ini Modify PHP configuration file: #vi /usr/local/php/lib/php.ini doc_root = "/ home / www / "File_uploads = off register-golbals = ON Establish test PHP page # vi /home/www/test.php # Chomd 755 /home/www/test.php 5, install Apache-1.3. 29 # tar zvxf apache_1.3.29.tar.gz # cd apache_1.3.29 # cp ../mod_bandwidth.c mod_bandwidth.c Modify SRC / include / httpd.h to increase the maximum number of threads # vi src / include / httpd.h modification Where #define hard_server_limit 256 is #define hard_server_limit 2560 # ./configure --prefix = / usr / local / apache --enable-module = so --enable-module = REWRITE --ENABLE-Shared = max --htdocsdir = / home / www --add-module = mod_bandwidth.c --Permute-module = begin: Bandwidth # make # make install Create a boot file: #cp apachectl /etc/init.d/httpd Modify Apache profile: #vi /us/local/apache/conf/httpd.conf modification, add and confirm the following configuration items: adddefaultcharset GB2312 Note "AddDefaultCharset ISO8859 *" ExtendedStatus ON LoadModule php4_module modules / libphp4.so DirectoryIndex index.html index.html.var index.php AddType application / x-httpd-php .php AddType application / x-httpd-php-source .phps LoadModule limitipconn_module libexec / mod_limitipconn.so AddModule mod_limitipconn .c mounting mod_limitipconn-0.04 # tar xzf mod_limitipconn-0.04.tar.gz # cd mod_limitipconn-0.04 # vi Makefile APXS = / usr / local / apache / bin / apxs # make # make install module needs to use mod_limitip in httpd.conf Add this setting Settings To control the directory MAXConnperip 2 limit the maximum number of threads for each IP

Mod_bandwidth module to complete the installation operation requires mod_bandwidth create directory mkdir / var / apachebw mkdir / var / apachebw / link mkdir / var / apachebw / master chmod -R 777 / var / apachebw increased following modifications httpd.conf BandwidthdataDir "/ var / apachebw /" BandwidthModule on Bandwidth 192.168.0 0 200000 Board network users download speed is 200K bandwidth all 51200 limit other users' download speed is 51200 bytes per second Modify /etc/init.d/httpd # vi /etc/init.d/httpd Add the following: #! / Bin / sh # # Startup Script for the apache Web Server # chkconfig : - 85 15 # description: Apache is a world wide web server. It is buy to serve / # HTML Files and cgi. # Processname: httpd # pidfile: /usr/local/apache/log/httpd.pid # config: / USR / local / apache / conf / httpd.conf Set the Apache service to boot: # chkconfig --add httpd # chmod 755 /etc/init.d/httpd # chkconfig httpd on six, install PORFTPD-1.2.9 # tar -Zxvf pro # cd proFTPD-1.2.gz # ./configure --prefix = / usr / local / proFTPD # make # make install Create the startup file, set the proFTPD to boot # CP. /contrib/dist/rpm/proftpd.i Nit.d /etc/rc.d/init.d/proftpd # chkconfig --Add Proftpd # chmod 755 /etc/rc.d/init.d/proftpd # vi /etc/rc.d/init.d/functions Export path = "/ sbin: / usr / sbin: / bin: / usr / bin: / usr / x11r6 / bin: / usr / local / proFTPD / SBIN" # vi /etc/rc.d/init.d/proftpd Config: /usr/local/proftpd/etc/proftpd.conf path = "$ path: / usr / local / proFTPD / sbin" # chKCONFIG PROFTPD ON creation account and directory: # mkdir / home / test # chmod 755 / home / Test # adduser -d / home / test -g ftp -s / sbin / nologin test # passwd test # adduser -d / home / upload -g ftp -s / sbin / nologin upload # passwd upload configuration / usr / local / proftpd /etc/proftpd.conf, disabled anonymous login ServerName "Llzqq's FTP Service"

ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 MaxInstances 10 # Set the user and group under which the server will run. User nobody Group ftp # to cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message RequireValidShell no #Limit User of being enbled login ftp server AllowGroup ftp DenyAll # DenyGroup ftp TransferRate RETR 51200 group ftp DenyGroup FTP Transferrate Stor 256000 Group FTP ServerIdent off MaxClientsPerHost 2 TimeoutIdle 600 TimeoutLogin 300 TimeoutNoTransfer 300 TimeoutStalled 300 seven, reboot the computer # shutdown -r now point your browser to: http: //loaclhost/test.php If you saw about: mysql; apache; php of a Big pile of information, congratulations, your installation is basically successful, and the next step can be tested with the settings of PROFTP and bandwidth.

Eight, to establish a simple and effective firewall export PATH = / sbin: / usr / sbin: / bin: / usr / bin modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc echo 1> / proc / sys / net / ipv4 / icmp_echo_ignore_broadcasts echo 0> / proc / sys / net / ipv4 / conf / all / accept_source_route echo 0> / proc / sys / net / ipv4 / conf / all / accept_redirects echo 1> / proc / sys / net / ipv4 / icmp_ignore_bogus_error_responses echo 1 > / proc / sys / net / ipv4 / conf / limited / log_martians iptables -f iptables -X iptables -z iptables -a input -i eth0 -s 10.0.0.0/8 -j drop iptables -a input -i eth0 -s 192.168.0.0/16 -j drop ## iptables -ainput -m state --state established, Related -j accept ## loopback iptables -a input -i lo -j accept iptables -a output -o lo -j accept # # Syn-flooding iptables -n syn-flood iptables -a input -i eth0 -p tcp --Syn -j syn-flood iptables -a syn-flood -m limit --LIMIT 1 / S --LIMIT-BURST 4 - J Return iptables -a syn-flood -j drop ## make Sure That New TCP Connections Are Syn Packets iptabl ES -A INPUT -I ETH0 -P TCP! --SYN -M State --State New -j Drop ## http iptables -a input -i eth0 -p TCP -D 0/0 - Dport 80 -j Accept # # Ip packets limited iptables -a input -f -m limited --LIMIT 100 / s --LIMIT-BURST 100 -J Accept iptables -a input -p icmp -m limited --LIMIT 1 / S --LIMIT-BURST 3 -J ACCEPT ## FTP Service iptables -a INPUT -I Eth0 -p TCP - Dport 21 -J Accept iptables -a Input -i Eth0 -p TCP -S 0 --SPORT 20 -M State --State Established , Related -j Accept ## ssh login iptables -a input -i eth0 -m mac --Mac-Source 00: 00: 00: 00: 00: --P TCP - Dport 22 -J Accept iptables -a input - I eth0 -p tcp --dport 22 -j drop ## Anything else not allowed iptables -a input -i eth0 -j drop nine, appendix: MOD_BANDWIDTH option brief description:

转载请注明原文地址:https://www.9cbs.com/read-111692.html

9cbs

New Post(0)