第四十四天、
MySQL:mariadb :数据库重点 前提小记: {systemctl start mysqld ; systemctl enable mysqld |grep -i mariadb :忽略大小写查询 grep -i
2.对于数据库存放目录:建议必须是逻辑卷 3.对mysql_install_db安装执行脚本进行学习与思考:对于服务的一些脚本以及好的开发脚本应该多进行学习和模仿,提升开发设计思维和能力 4.使用chkconfig管理的服务,则服务启动脚本必须拷贝到 /etc/init.d/ 启动管理脚本目录} 5.在进行二进制安装包手工安装或者源码编译安装前,需要为特定的一些服务创建特定的非交互式登录用户、组,通常为将uid\gid保持一致,所以使用groupadd -r -g gid gname;useradd -u gid -r -m -d dirname -s /sbin/nologin username #默认创建用户uid和gid不一定一致 6.对于新建的目录以及文件都必须要思考修改正确的权限和所属主、所属组等!! 7.对于数据库的操作必须谨慎小心:必须先备份,备份,备份!! 使用条件 备份数据库信息,为防止丢失索引、约束等重要对象信息,必须完整备份,不能使用组合语句,如 create table xxx as select * from ...
8.重点:mysql子查询,必须将子查询语句当做一个整体使用别名方式 update student set age=(select * from (select age from student where ...) as student_tmp) where stuid=... 如果单纯在select查询语句,没有其他update一类,所以可以不使用别名!!
9.重点自主学习:触发器、事物!!】
触发器:非常有用的知识
10.对 'user'@'host' 进行重新授权后,必须使用 use databasename ; 重新拉取生效
MYSQL
第四十五天
二进制安装mariadb
1.创建用户 [root@mysql home]# useradd -r -m -d /app/dbdata -s /sbin/nologin mysql 2.下载并解压 下载略 [root@mysql local]# tar xvf mariadb-10.2.14-linux-x86_64.tar.gz -C /usr/local/ [root@mysql local]# ln -sv mariadb-10.2.14-linux-x86_64/ mysql 3.vim /etc/mysql/my.conf [mysqld] datadir = /app/dbdata innodb_file_per_table = on skip_name_resolve = on
4.[root@mysql mysql]# scripts/mysql_install_db --datadir=/app/dbdata --user=mysql
[root@mysql support-files]# cp mysql.server /etc/init.d [root@mysql ~]# chkconfig --add mysql.server [root@mysql ~]# systemctl start mysql.serve [root@mysql ~]# vim /etc/profile.d/env.sh export PATH=/usr/local/mysql/bin:$PATH
DDL MariaDB [nandb]> create table student (stuid smallint unsigned primary key,stuname varchar(20) not null,age tinyint unsigned,sex char(1) default "m", dep_id tinyint unsigned not null);
MariaDB [nandb]> create table student2 (stuid smallint unsigned,stuname varchar(20) not null,age tinyint unsigned,sex char(1) default "m", dep_id tinyint unsigned not null,primary key (stuid,stuname));
MariaDB [nandb]> drop table student2;
MariaDB [nandb]> alter table student add phone char(11);
MariaDB [nandb]> alter table student drop phone;
MariaDB [nandb]> alter table student add phone char(11) after stuname;
MariaDB [nandb]> alter table student add constraint phone_uk unique key (phone);
MariaDB [nandb]> create index age_index on student(age);
MariaDB [nandb]> alter table student drop index stuname;
MariaDB [nandb]> show indexes from student\G;
DML MariaDB [nandb]> insert into student values (0,'liubei',20,'m',1);
MariaDB [nandb]> insert into student2 values (4,'zhaoyun',16,'m',2,90),(5,'diaochan',20,'f',3,60);
MariaDB [nandb]> update student set dep_id=1 where stuid in (0,2);
MariaDB [nandb]> delete from student2 where sex='f';
MariaDB [nandb]> create table student2 as select * from student;
MariaDB [nandb]> insert into student2 select * from student;
DQL
MariaDB [nandb]> select * from student where stuname rlike '[g]{2,}'; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 7 | xiaominggh | NULL | m | 2 | NULL | +-------+------------+------+------+--------+-----------+
等于 MariaDB [nandb]> select * from student where avg_score=70 or avg_score=60; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 5 | diaochan | 20 | f | 3 | 60 | | 6 | huangzhong | 38 | m | 1 | 70 | +-------+------------+------+------+--------+-----------+ 2 rows in set (0.00 sec)
不等于 MariaDB [nandb]> select * from student where avg_score != 70; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 1 | liubei | 18 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 3 | zhangfei | 22 | m | 1 | 80 | | 4 | zhaoyun | 16 | m | 1 | 90 | | 5 | diaochan | 20 | f | 3 | 60 | | 7 | xiaominggh | 38 | m | 2 | 40 | +-------+------------+------+------+--------+-----------+ 6 rows in set (0.00 sec)
MariaDB [nandb]> select * from student where avg_score <> 70; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 1 | liubei | 18 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 3 | zhangfei | 22 | m | 1 | 80 | | 4 | zhaoyun | 16 | m | 1 | 90 | | 5 | diaochan | 20 | f | 3 | 60 | | 7 | xiaominggh | 38 | m | 2 | 40 | +-------+------------+------+------+--------+-----------+ 6 rows in set (0.00 sec)
大于 MariaDB [nandb]> select * from student where avg_score > 70; +-------+----------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+----------+------+------+--------+-----------+ | 1 | liubei | 18 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 3 | zhangfei | 22 | m | 1 | 80 | | 4 | zhaoyun | 16 | m | 1 | 90 | +-------+----------+------+------+--------+-----------+ 4 rows in set (0.00 sec)
大于等于 MariaDB [nandb]> select * from student where avg_score >= 70; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 1 | liubei | 18 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 3 | zhangfei | 22 | m | 1 | 80 | | 4 | zhaoyun | 16 | m | 1 | 90 | | 6 | huangzhong | 38 | m | 1 | 70 | +-------+------------+------+------+--------+-----------+ 5 rows in set (0.00 sec)
等于多个值 相当于 等于or等于or…… MariaDB [nandb]> select * from student where avg_score in (70,60); +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 5 | diaochan | 20 | f | 3 | 60 | | 6 | huangzhong | 38 | m | 1 | 70 | +-------+------------+------+------+--------+-----------+
不等于多个值 相当于 不等于and不等于…… MariaDB [nandb]> select * from student where avg_score not in (70,60,80); = and = and +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 2 | guanyu | 28 | m | 1 | 75 | | 4 | zhaoyun | 16 | m | 1 | 90 | | 7 | xiaominggh | 38 | m | 2 | 40 | +-------+------------+------+------+--------+-----------+
排序
MariaDB [nandb]> select * from student order by avg_score asc; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 7 | xiaominggh | 38 | m | 2 | 40 | | 5 | diaochan | 20 | f | 3 | 60 | | 6 | huangzhong | 38 | m | 1 | 70 | | 2 | guanyu | 28 | m | 1 | 75 | | 1 | liubei | 18 | m | 1 | 80 | | 3 | zhangfei | 22 | m | 1 | 80 | | 4 | zhaoyun | 16 | m | 1 | 90 | +-------+------------+------+------+--------+-----------+ 7 rows in set (0.00 sec)
MariaDB [nandb]> select * from student order by avg_score desc; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 4 | zhaoyun | 16 | m | 1 | 90 | | 1 | liubei | 18 | m | 1 | 80 | | 3 | zhangfei | 22 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 6 | huangzhong | 38 | m | 1 | 70 | | 5 | diaochan | 20 | f | 3 | 60 | | 7 | xiaominggh | 38 | m | 2 | 40 | +-------+------------+------+------+--------+-----------+ 7 rows in set (0.00 sec)
用列数排 MariaDB [nandb]> select * from student order by 6 DESC; +-------+------------+------+------+--------+-----------+ | stuid | stuname | age | sex | dep_id | avg_score | +-------+------------+------+------+--------+-----------+ | 4 | zhaoyun | 16 | m | 1 | 90 | | 1 | liubei | 18 | m | 1 | 80 | | 3 | zhangfei | 22 | m | 1 | 80 | | 2 | guanyu | 28 | m | 1 | 75 | | 6 | huangzhong | 38 | m | 1 | 70 | | 5 | diaochan | 20 | f | 3 | 60 | | 7 | xiaominggh | 38 | m | 2 | 40 | +-------+------------+------+------+--------+-----------+
用别名排 MariaDB [nandb]> select stuid,stuname,avg_score fenshu from student order by fenshu desc; +-------+------------+--------+ | stuid | stuname | fenshu | +-------+------------+--------+ | 4 | zhaoyun | 90 | | 1 | liubei | 80 | | 3 | zhangfei | 80 | | 2 | guanyu | 75 | | 6 | huangzhong | 70 | | 5 | diaochan | 60 | | 7 | xiaominggh | 40 | +-------+------------+--------+ 7 rows in set (0.00 sec)
MariaDB [nandb]> select dep_id,age,min(avg_score),max(avg_score),sum(avg_score) from student group by dep_id,age; +--------+------+----------------+----------------+----------------+ | dep_id | age | min(avg_score) | max(avg_score) | sum(avg_score) | +--------+------+----------------+----------------+----------------+ | 1 | 16 | 90 | 90 | 90 | | 1 | 18 | 80 | 80 | 80 | | 1 | 22 | 80 | 80 | 80 | | 1 | 28 | 75 | 75 | 75 | | 1 | 38 | 70 | 70 | 70 | | 2 | 38 | 40 | 40 | 40 | | 3 | 20 | 60 | 60 | 60 | +--------+------+----------------+----------------+----------------+ 7 rows in set (0.01 sec)
查询指定表中有多少行 MariaDB [nandb]> select count() from student; +----------+ | count() | +----------+ | 7 | +----------+ 1 row in set (0.00 sec)
去除重复项再统计 MariaDB [nandb]> select count(distinct dep_id) from student; +------------------------+ | count(distinct dep_id) | +------------------------+ | 3 | +------------------------+ 1 row in set (0.00 sec)
分组函数 MariaDB [nandb]> select dep_id,avg(avg_score) avg from student group by dep_id; +--------+---------+ | dep_id | avg | +--------+---------+ | 1 | 79.0000 | | 2 | 40.0000 | | 3 | 60.0000 | +--------+---------+ 3 rows in set (0.00 sec)
对组函数进行限定 MariaDB [nandb]> select dep_id,avg(avg_score) avg from student group by dep_id having avg > 50; +--------+---------+ | dep_id | avg | +--------+---------+ | 1 | 79.0000 | | 3 | 60.0000 | +--------+---------+ 2 rows in set (0.00 sec)
MariaDB [nandb]> select dep_id,avg(avg_score) avg from student where age > 10 group by dep_id having avg >= 50 order by 2;
子查询:
MariaDB [nandb]> select stuname,avg_score from student where age in (select age from student where stuname='huangzhong' or stuname='liubei'); +------------+-----------+ | stuname | avg_score | +------------+-----------+ | liubei | 80 | | huangzhong | 70 | | xiaominggh | 40 | +------------+-----------+ 3 rows in set (0.00 sec)
update student2 set age=(select * from (select age from student2 where stuname='guanyu') as student_tmp) where stuname='liubei';
多表连接:
MariaDB [nandb]> select s.stuname,s.avg_score,d.zhuren from student s,dept d where s.dep_id=d.dep_id; +------------+-----------+--------+ | stuname | avg_score | zhuren | +------------+-----------+--------+ | liubei | 80 | laoliu | | guanyu | 75 | laoliu | | zhangfei | 80 | laoliu | | zhaoyun | 90 | laoliu | | diaochan | 60 | laocao | | huangzhong | 70 | laoliu | | xiaominggh | 40 | laosun | +------------+-----------+--------+ 7 rows in set (0.00 sec)
自然连接,一定要有同名列,不然会进行cross join。 MariaDB [nandb]> select s.stuname,s.avg_score,d.zhuren from student s natural join dept d ; +------------+-----------+--------+ | stuname | avg_score | zhuren | +------------+-----------+--------+ | liubei | 80 | laoliu | | guanyu | 75 | laoliu | | zhangfei | 80 | laoliu | | zhaoyun | 90 | laoliu | | diaochan | 60 | laocao | | huangzhong | 70 | laoliu | | xiaominggh | 40 | laosun | +------------+-----------+--------+ 7 rows in set (0.00 sec)
join on 不同名,但同类型的列可以连接 MariaDB [nandb]> select s.stuname,d.zhuren from student s join dept01 d on s.dep_id=d.dept_id; +------------+--------+ | stuname | zhuren | +------------+--------+ | liubei | laoliu | | guanyu | laoliu | | zhangfei | laoliu | | zhaoyun | laoliu | | diaochan | laocao | | huangzhong | laoliu | | xiaominggh | laosun | +------------+--------+ 7 rows in set (0.00 sec)
join using 多个同名列时,指定使用哪个列作为连接条件 MariaDB [nandb]> select s.stuname,d.zhuren from student s join dept d using (dep_id); +------------+--------+ | stuname | zhuren | +------------+--------+ | liubei | laoliu | | guanyu | laoliu | | zhangfei | laoliu | | zhaoyun | laoliu | | diaochan | laocao | | huangzhong | laoliu | | xiaominggh | laosun | +------------+--------+ 7 rows in set (0.00 sec)
内连接 inner可省略 MariaDB [nandb]> select s.stuname,d.dep_id,d.zhuren from student s inner join dept d using (dep_id); +------------+--------+--------+ | stuname | dep_id | zhuren | +------------+--------+--------+ | liubei | 1 | laoliu | | zhangfei | 1 | laoliu | | zhaoyun | 1 | laoliu | | diaochan | 3 | laocao | | huangzhong | 1 | laoliu | | xiaominggh | 2 | laosun | +------------+--------+--------+
左外连接 MariaDB [nandb]> select s.stuname,d.dep_id,d.zhuren from student s left join dept d using (dep_id); +------------+--------+--------+ | stuname | dep_id | zhuren | +------------+--------+--------+ | liubei | 1 | laoliu | | zhangfei | 1 | laoliu | | zhaoyun | 1 | laoliu | | huangzhong | 1 | laoliu | | xiaominggh | 2 | laosun | | diaochan | 3 | laocao | | guanyu | NULL | NULL | +------------+--------+--------+ 7 rows in set (0.01 sec)
右外连接 MariaDB [nandb]> select s.stuname,d.dep_id,d.zhuren from student s right join dept d using (dep_id); +------------+--------+---------+ | stuname | dep_id | zhuren | +------------+--------+---------+ | liubei | 1 | laoliu | | zhangfei | 1 | laoliu | | zhaoyun | 1 | laoliu | | diaochan | 3 | laocao | | huangzhong | 1 | laoliu | | xiaominggh | 2 | laosun | | NULL | 4 | laosima | +------------+--------+---------+ 7 rows in set (0.00 sec)
迪卡尔乘积 MariaDB [nandb]> select s.stuname,d.dep_id,d.zhuren from student s cross join dept d ; +------------+--------+---------+ | stuname | dep_id | zhuren | +------------+--------+---------+ | liubei | 1 | laoliu | | liubei | 2 | laosun | | liubei | 3 | laocao | | liubei | 4 | laosima | | guanyu | 1 | laoliu | | guanyu | 2 | laosun | | guanyu | 3 | laocao | | guanyu | 4 | laosima | | zhangfei | 1 | laoliu | | zhangfei | 2 | laosun | | zhangfei | 3 | laocao | | zhangfei | 4 | laosima | | zhaoyun | 1 | laoliu | | zhaoyun | 2 | laosun | | zhaoyun | 3 | laocao | | zhaoyun | 4 | laosima | | diaochan | 1 | laoliu | | diaochan | 2 | laosun | | diaochan | 3 | laocao | | diaochan | 4 | laosima | | huangzhong | 1 | laoliu | | huangzhong | 2 | laosun | | huangzhong | 3 | laocao | | huangzhong | 4 | laosima | | xiaominggh | 1 | laoliu | | xiaominggh | 2 | laosun | | xiaominggh | 3 | laocao | | xiaominggh | 4 | laosima | +------------+--------+---------+ 28 rows in set (0.00 sec)
DDL create database create table drop truncate DML insert update delete DQL select DCL grant revoke
DCL
创建用户 MariaDB [nandb]> create user caocao@'192.168.123.8' identified by 'magedu'; Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> set password for caocao@'192.168.123.8'=password('centos'); Query OK, 0 rows affected (0.00 sec)
授权 MariaDB [(none)]> grant select,insert on nandb.* to caocao@'127.0.0.1'; MariaDB [(none)]> grant all . to caocao@'127.0.0.1';
撤消 MariaDB [(none)]> revoke all on nandb.* from caocao@127.0.0.1;
创建用户,设置密码,授权 一步到位 MariaDB [(none)]> grant all on . to king@'192.168.123.%' identified by "magedu"; Query OK, 0 rows affected (0.00 sec)
第四十六天
rpm yum centos6 mysql 5 二进制安装
datadir = /app/dbdata innodb_file_per_table = on skip_name_resolve = on
mysql_secure_installation
DDL
target: table、view、index、trriger
schema (database)
show schemas[databases]
create: create database schemaname
use magedu
tinyint smallint int unsigned char varchar date primary key unique key not null foreign key check
DDL
create table t1 (id smallinit unsigned primary key, name varchar(20) not null, score tinyint unsigned);
alter table t1 add columnt sex char(1) defalt 'm';
drop table t1 ;
truncate table t1;
DML insert into t1 values (1,'liubei',80,'m'); insert into t1 (id,name) values (2,'zhangfei'); update t1 set sex='f' where id=1; delete from t1; where id=1;
DQL
select |col1,col2 [as] alias ,col3 +/-///
from t1
select * from student where age=(select age from student where name='zhangfei'); update student set age=(select * from (select age from student where name='zhangfei') as student_tmp) where name='liubei';
select dept_id,avg(score) from student group by dept_id;
order by asc order by desc select s.name student,d.name teacher from student s ,dept d where s.dept_id=d.dept_id; select s.name student,d.name teacher from student s natural join dept d; select s.name student,d.name teacher from student s join dept d on s.dept_id=d.dept_id; select s.name student,d.name teacher from student s join dept d using (dept_id) select s.name student,d.name teacher from student s cross join dept d;
DCL
create user 'caocao'@'localhost' identified by password;
grant select,delete,insert on . to 'caocao'@'localhost'; revoke all on . from 'caocao'@'localhost';
sohu sohoo yahoo icq oicq qq
易趣 ebay 淘宝 1拍 爱拍
12
策划--> 前端开发(UI) html5 java -> php > dba -> 测试工程师 --> 运维工程师 ->seo 优化工程师 -> 编辑
http+squid
nginx
<Directory /app/website1> AllowOverride all </Directory>
AllowOverride indexes:(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc)
options :indexes followsymlinks
第四十七天
at.allow at.deny cron.allow cron.deny 默认仅deny存在,默认允许所有,写到deny的才被拒绝 一旦创建了allow文件,则deny无效,仅写到allow里的才允许 如果两个文件都不存在。则只有root才允许
hosts.allow hosts.deny tcpwrap libwrap.so sshd:192.168.123. 两个文件先读allow再读deny,先匹配直接生效。
httpd order allow,deny order deny,allow allow from ...... deny from .....
192.168.123.0/24 192.168.123. 192.168.123.0/255.255.255.0
allow from 192.168.123.6 192.168.123.1
<Directory /app/website1> options indexes <Files ".txt"> order allow,deny allow from all </Files> </Directory> <Directory /app/website1/bbs> <Files ".txt"> order allow,deny allow from 192.168.123.1 </Files> </Directory>
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined 192.168.123.1 - - [26/Apr/2018:17:00:35 +0800] "GET /icons/image2.gif HTTP/1.1" 200 309 "http://192.168.123.66/bbs/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0"
第四十八天
<Directory /app/website1/secret> Authtype Basic AuthName "Secrect Directory" AuthUserFile "/etc/httpd/conf.d/.htuser" Require User bob alice </Directory>
basic认证
DocumentRoot "/app/website1" <Directory /app/website1/secret> Authtype Basic AuthName "Secrect Directory" AuthUserFile "/etc/httpd/conf.d/.htuser" Require User bob alice </Directory> <Directory /app/website1/admin> AllowOverride Authconfig </Directory>
[root@centos66 ~]# vim /app/website1/admin/.htaccess Authtype Basic AuthName "Admin Magedu Directory" AuthUserFile "/etc/httpd/conf.d/.htuser" Require Valid-user
使用组来认证 DocumentRoot "/app/website1" <Directory /app/website1/secret> Authtype Basic AuthName "Secrect Directory" AuthUserFile "/etc/httpd/conf.d/.htuser" AuthGroupFile "/etc/httpd/conf.d/.htgroup" Require Group webs1 webs2
[root@centos66 ~]# vim /etc/httpd/conf.d/.htgroup webs1:bob alice webs2:lucy harry
双重认证 <Directory /app/website1/secret> Order allow,deny allow from 192.168.123.7 Authtype Basic AuthName "Secrect Directory" AuthUserFile "/etc/httpd/conf.d/.htuser" AuthGroupFile "/etc/httpd/conf.d/.htgroup" Require Group webs1 webs2 Satisfy Any </Directory>
server-status <Location /magedu-zhuangtai> SetHandler server-status Order deny,allow Deny from all Allow from 192.168.123 </Location>
基于IP的虚拟主机 <VirtualHost 192.168.123.10:80> DocumentRoot /app/website1 </VirtualHost> <VirtualHost 192.168.123.20:80> DocumentRoot /app/website2 </VirtualHost> <VirtualHost 192.168.123.30:80> DocumentRoot /app/website3 </VirtualHost>
基于端口的虚拟主机 Listen 192.168.123.10:8070 Listen 192.168.123.10:8080 Listen 192.168.123.10:8090 <VirtualHost 192.168.123.10:8070> DocumentRoot /app/website1 </VirtualHost> <VirtualHost 192.168.123.10:8080> DocumentRoot /app/website2 </VirtualHost> <VirtualHost 192.168.123.10:8090> DocumentRoot /app/website3 </VirtualHost>
基于域名的虚拟主机 www.a.com www.b.com www.c.com
IOE IBM huawei O ORACLE mysql
第四十九天
错误代码:
200:成功 301:永久跳转 302:临时跳转 304: 服务端文件未改变,客户端可直接从缓存调取页面 401: 有帐户密码认证的页面 403: 禁止访问 404:服务端未找到所请求的资源
Curl
curl -A 伪造客户端 curl -e 伪造跳转信息 curl --cacert 指定CA中心的公钥(证书) curl --cacert 指定CA中心的公钥(证书) -k 忽略证书 curl --compressed 要求返回是压缩的格式 curl -H "host:www.c.com" http://www.a.com 构造首部 curl -I http://www.a.com 只显示首部信息 curl -i http://www.a.com 先显示首部信息,再显示页面内容 curl -D head.log http://www.a.com 将首部信息保存到指定文件中,终端上仅显示页面内容 curl --limit-rate 100 http://www.a.com/big 设置传输速度,单位bytes curl -o /root/bigfile http://www.a.com/big 下载文件到指定路径 curl -O http://www.a.com/big 将文件下载到当前所在目录,且文件名与原文件名保持一致 curl --basic -u bob:redhat http://www.a.com/secret/ curl -L http://www.360buy.com 如果有3xx响应码,直接进行跳转 curl -0 http://www.a.com 使用http 1.0 curl -o bigduan -C - http://www.a.com/big -C - 断点续传 curl -c baidu.cookie http://www.baidu.com 将指定网站的cookie 存在指定路径下
elinks --dump http://www.a.com 非交互式模式,将URL的内容输出至标准输出 elinks --source http://www.a.com 打印源码
www.xuefeng.com CNAME xuefeng.huangshengke.com linux 192.168.0.1 202.111.12.1
花生壳
huashengke.com
xuefeng.huangshengke.com
备案
一台DNS:www.a.com
www.b.com
www.c.com
web.a.com 192.168.123.10
一台CA:
一台web server
客户端
CA中心部署 [root@centos6 CA]# (umask 066;openssl genrsa -out private/cakey.pem 4096) [root@centos6 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 [root@centos6 CA]# touch index.txt [root@centos6 CA]# echo 00 > serial
WEB Server生成私钥及请求文件 [root@centos66 ssl]# (umask 066;openssl genrsa -out httpd.key 1024) [root@centos66 ssl]# openssl req -new -key httpd.key -out httpd.csr [root@centos66 ssl]# scp httpd.csr root@192.168.123.6:/etc/pki/CA [root@centos6 CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 300 [root@centos6 CA]# scp certs/httpd.crt root@192.168.123.66:/etc/httpd/conf.d/ssl
总结: 实验:实现 HTTPS 环境:三台主机 一台CA和DNS,一台clinet,一台httpd Sever
1.DNS named.rfsc...配置文件中配置的是区域解析服务器的名称即 区域解析服务器--> a.com b.com c.com ;对应的zone文件分别是a.com.zones b.com.zones c.com.zones NS ns ns A IP-DNS www.a.com A IP-DNS --> 此区域解析服务器下的子域主机 web.a.com --> 同上 www.b.com www.c.com ---> 192.168.123.10
实验问题总结 注意:1.做实验时:通过个人物理主机访问虚拟机上的站点或者虚拟主机站点,都要将本地物理机的DNS解析指向到配置DNS解析的服务器地址!! 原理:使用哪台服务器做了DNS服务器,做好域名解析后,只要是经过域名解析到目的站点的都要指定到准确的DNS服务器 2.本地物理机如windows shift+F5清除的是浏览器的缓存,而如果涉及到本机物理机解析问题的,必须要使用 ipconfig/flushdns 清除dns缓存,并重新配制DNS地址
2.httpd mod_ssl
3.CA
4.httpd 向CA申请csr, CA颁发证书
5.httpd httpd.key httpd.crt cacert.pem 写入ssl.conf
6.clinet 导入CA中心的公钥cacert.pem
[root@centos6 CA]# curl --cacert cacert.pem https://www.a.com /var/www/html/index.html
[root@centos66 website4]# cat /etc/httpd/conf.d/website.conf SetOutputFilter DEFLATE AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html #--------------HTTPS-------------------- NameVirtualHost *:443 <VirtualHost *:443> ServerName www.a.com DocumentRoot /app/website1 ErrorLog logs/www.a.com-error_log CustomLog logs/www.a.com-access_log combined SSLEngine on SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem <Directory /app/website1/secret> AllowOverride Authconfig </Directory> </VirtualHost> #--------------------------------------- <VirtualHost *:443> ServerName web.a.com DocumentRoot /app/website4 ErrorLog logs/web.a.com-error_log CustomLog logs/web.a.com-access_log combined SSLEngine on SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem </VirtualHost> <VirtualHost *:443> ServerName www.b.com DocumentRoot /app/website2 ErrorLog logs/www.b.com-error_log CustomLog logs/www.b.com-access_log combined SSLEngine on SSLCertificateFile /etc/httpd/conf.d/ssl/httpd-b.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem </VirtualHost> #--------------HTTP--------------------- NameVirtualHost *:80 <VirtualHost :80> ServerName www.a.com Header always set Strict-Transport-Security "max-age=15768000000" RewriteEngine on RewriteRule ^(/.)$ https://%{HTTP_HOST}$1 [redirect=301] </VirtualHost> #--------------------------------------- <VirtualHost :80> ServerName www.b.com Header always set Strict-Transport-Security "max-age=15768000" RewriteEngine on RewriteRule ^(/.)$ https://%{HTTP_HOST}$1 [redirect=301] </VirtualHost> #--------------------------------------- <VirtualHost *:80> ServerName www.c.com DocumentRoot /app/website3 ErrorLog logs/www.c.com-error_log CustomLog logs/www.c.com-access_log combined </VirtualHost> #---------------------------------------
1、建立httpd服务器,要求提供两个基于名称的虚拟主机: (1)www.X.com,页面文件目录为/web/vhosts/x;错误日志为 /var/log/httpd/x.err,访问日志为/var/log/httpd/x.access (2)www.Y.com,页面文件目录为/web/vhosts/y;错误日志为 /var/log/httpd/www2.err,访问日志为/var/log/httpd/y.access (3)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主 机名 (4)通过www.X.com/server-status输出httpd工作状态相关信息 2、为上面的两个虚拟主机均提供https服务,使得用户可以通过https安全的 访问此web站点 (1)要求使用证书认证,证书中要求使用的国家(CN)、州(Beijing)、城市 (Beijing)和组织(MageEdu) (2)设置部门为Ops,主机名为www.X.com,及www.Y.com.
****httpd重点总结: HTTP服务和协议:
1.重要习惯:必须在修改配置文件等重要数据文件前必须备份!!
2.对于配置文件的修改后,必须使用专门的语法检测如 httpd -t ,然后再确定是否重启
3.telnet经常用来测试端口: telnet host port GET /[URL] HTTP/1.1 Host: XXXX #telnet通过ip连接上了,因为有默认网点,所以可以非正常定义
4.ip a a x.x.x.x dev ... arp -an 查看信息 包括HWADDR等
4.关于http协议重要特点功能之一的 “路径别名” -->实质是rewrite 重定向,并不是通过一个别人来访问源目录站点,而是通过真实存在的主站点下的目录路径跳转访问其他站点或者目录下的网页内容 Alias 本地站点目录url 跳转后访问的真实站点目录网页 --> Alias /url /real_redirect_index.html
5.httpd web服务之 多虚拟机功能: 通过启用多servername对应一个 IP:port 来访问不同站点,实际应用可以一台服务器搭建多个web虚拟机,通过提供给客户ftp账号和mysql数据库个人登录账号从而实现个人可以上传、建表记录数据等操作,但是绝不能使其拥有登录linux主机的权限!! (学习搭建ftp等相关网络文件服务等-->nfs 、 samba重要网络文件共享服务)
5.生产环境重点关注点: 1.使用httpd 选项快速导出所有的虚拟主机站点servername(站点迁移); 2.必须先查看站点是否有.htaccess文件,使用cp -p 或者准备的方式在打包的时候将其加入,并能准确传输!!!
必须注意:common server 必须不一致,而且必须是网站的域名或者使用泛域名,因为签名是对谁签名才能识别有效-->站点域名!!
7.反向代理:代理服务器做在服务器端,客户端不需要指定,代理服务器指定; 正向代理: 客户端需要指定 8.对于httpd源码安装,要将开机自启动,需要Httpd服务脚本放入/etc/init.d/ 或 /etc/rc.d/init.d/ ; chkconfig --add httpd[24] ... 对于主站点目录的安全性 chmod 700 htdocs ; setfacl -m u:apache:rx htdosc 9.windows下清除dns缓存:ipconfig/flushdns
10.清除编译安装时的编译过程产生的文件: make clean 编译安装的apache需要主动创建系统用户,主配置文件默认用户时daomen ,所以需要修改,包括DocumentRoot等 编译安装的软件没有厂商根据自己的操作系统版本进行编译好的服务启动脚本,需要手动从别的主机上拷贝如scp /etc/init.d/httpd -->目标 /etc/init.d/ ,然后根据编译安装的真实启动程序所在的路径和log、pidfile等进行路径改写配置文件
{rpm -qf filename路径; rpm -qi package包名 --> 查看安装包的详细信息}
LAMP环境 (执行程序如果命名太长,即可以创建软连接重命名方便记忆的)
LAMP:
1.安装完mysql或者mariadb数据后,必须进行安全初始化数据库(mariadb_install_secrition...),才能使用php正确连接测试!!
abbix LNMP搭建 (推荐使用CentOS6.7 64位系统) 应用运维:强化应用运维的核心技术知识、前沿技术
安装yum的axel插件,使yum支持多线程下载: rpm -ivh http://pkgs.repoforge.org/axel/axel-2.4-1.el6.rf.x86_64.rpm cp axelget.conf /etc/yum/pluginconf.d/ cp axelget.py /usr/lib/yum-plugins/
下载163 yum源: wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O CentOS-Base.repo cp -p /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak mv -f CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
安装epel yum源: rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm sed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo
nginx的yum源: cat > /etc/yum.repos.d/nginx.repo << 'EOF' [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ enabled=1 gpgcheck=0 EOF
安装Mysql的yum源: rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm
安装zabbix的yum源: rpm -ivh http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm 关闭selinux: setenforce 0 sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config
安装nginx、php、mysql、zabbix: yum clean all yum install nginx php-fpm php-soap php-bcmath php-xml php-opcache php-gd php-mcrypt php-pdo php-mysql php-mbstring php-xmlrpc yum install mysql mysql-server mysql-devel yum install zabbix-server-mysql zabbix-server zabbix-agent zabbix-get zabbix-sender
修改php配置: PHP_INI="/etc/php.ini" FPM_CONF="/etc/php-fpm.d/www.conf" sed -i '/^;default_charset/cdefault_charset = "utf-8"' $PHP_INI sed -i '/^expose_php/cexpose_php = Off' $PHP_INI sed -i '/^max_execution_time/cmax_execution_time = 600' $PHP_INI sed -i '/^max_input_time/cmax_input_time = 600' $PHP_INI sed -i '/^memory_limit/cmemory_limit = 256M' $PHP_INI sed -i '/^post_max_size/cpost_max_size = 32M' $PHP_INI sed -i '/^upload_max_filesize/cupload_max_filesize = 300M' $PHP_INI sed -i '/^max_file_uploads/cmax_file_uploads = 30' $PHP_INI sed -i '/^;date.timezone/cdate.timezone = "Asia/Shanghai"' $PHP_INI sed -i '/^disable_functions/cdisable_functions = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source syslog,readlink,symlink,popepassthru,stream_socket_server' $PHP_INI sed -i 's/apache/nginx/g' $FPM_CONF sed -i '/^pm = dynamic/cpm = static' $FPM_CONF sed -i '/^pm.max_children/cpm.max_children = 10' $FPM_CONF sed -i '/^;pm.status_path/cpm.status_path = /php-status' $FPM_CONF sed -i '/^;request_terminate_timeout/crequest_terminate_timeout=600' $FPM_CONF sed -i '/^;request_slowlog_timeout/crequest_slowlog_timeout=3' $FPM_CONF
启动php-fpm: service php-fpm start
修改/etc/nginx/nginx.conf user nginx; worker_processes 4; error_log /data/logs/nginx_error.log crit; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server_tokens off; log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for '; access_log /data/logs/access.log access; reset_timedout_connection on; include conf.d/*.conf; } 创建/etc/nginx/conf.d/zabbix.conf server { listen 80; server_name _;
location / { root /data/www/zabbix; index index.php; }
location ~ .php$ { root /data/www/zabbix; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
} mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.old mkdir -p /data/logs chown -R nginx. /data/logs
部署zabbix前端代码: wget http://nchc.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/2.2.10/zabbix-2.2.10.tar.gz -O zabbix-2.2.10.tar.gz tar xvzf zabbix-2.2.10.tar.gz mkdir -p /data/www/zabbix \cp -r zabbix-2.2.10/frontends/php/* /data/www/zabbix chown -R nginx. /data/www chmod 755 /data
启动nginx: nginx -t && service nginx start
设置http认证: yum -y install httpd-tools htpasswd -cdb jzcec.pass jzcec 7BXyj1fG chmod 644 jzcec.pass cp jzcec.pass /etc/nginx/ 在/etc/nginx/conf.d/zabbix.conf中server里加入下面两行: auth_basic "Authorized users only"; auth_basic_user_file jzcec.pass; 重启nginx: service nginx restart
启动前先修改/etc/my.cnf优化mysql 启动mysql: service mysqld start 设置mysql root密码: /usr/bin/mysqladmin -u root password 'zabbix@jzcec' 创建zabbix数据库和用户: mysql> create database zabbix character set utf8 collate utf8_bin; mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix'; mysql> exit 初始化zabbix数据库: cd /usr/share/doc/zabbix-server-mysql-2.2.10/create/ mysql -uzabbix -pzabbix zabbix < schema.sql mysql -uzabbix -pzabbix zabbix < images.sql mysql -uzabbix -pzabbix zabbix < data.sql
配置zabbix: vi /etc/zabbix/zabbix_server.conf vi /etc/zabbix/zabbix_agentd.conf mkdir -p /etc/zabbix/externalscripts mkdir -p /etc/zabbix/alertscripts chown -R zabbix.zabbix /etc/zabbix 启动zabbix server和agent: service zabbix-server start service zabbix-agent start
安装完毕,最后访问Zabbix: http://zabbix-frontend-ip/
设置开机启动: chkconfig mysqld on chkconfig php-fpm on chkconfig nginx on chkconfig zabbix-server on chkconfig zabbix-agent on
做mysql partition(表分区),导入表分区的存储过程: https://www.zabbix.org/wiki/Docs/howto/mysql_partition 调用方法: mysql -uzabbix -pzabbix zabbix -e "CALL partition_maintenance_all('zabbix');" 设置到cron定时任务,每天执行。
部署zabbix zatree插件: https://github.com/spide4k/zatree 让zatree支持http认证: http://qicheng0211.blog.51cto.com/3958621/1530018 优化zatree左侧边栏: http://qicheng0211.blog.51cto.com/3958621/1531637
配置邮件告警: http://qicheng0211.blog.51cto.com/3958621/1434514
官网LAMP部署文档: https://www.zabbix.com/documentation/2.2/manual/installation/install_from_packages