Edmond Yu, 2013.4.26 余水保, yushb0602@gmail.com

Linux server • Select the hardware and distribution

• Security system

LAMP

Web API

Rent server from IDC

Infrastructure as a Service (IaaS)

• Amazon， DigitalOcean

• 阿里云

Platform as a Service (PaaS) • OpenShift …

• 新浪云

Linux Distribution Timeline

Redhat Enterprise Linux

CentOS Community ENTerprise Operating System

http://en.wikipedia.org/wiki/CentOS

Command Line vim –bd a.txt b.txt git log –Smymodification

TUI (Text-based User Interface) gdb –tui myapp git log –graph

GUI Lot of tools have no GUI GUI has bug

Kernel-based Virtual Machine (KVM) is a

virtualization infrastructure for the Linux kernel

included in mainline Linux, as of 2.6.20 • kvm.ko, kvm-intel.ko

QEMU(qemu-kvm) can make use of KVM when

running a target architecture that is the same as

the host architecture qemu-img create -f qcow2 vdisk.img 10G

qemu-system -hda vdisk.img -cdrom /boot-media.iso \ -boot d -m 384

Daemon is a process run in background. two types of daemon: 1. xinetd (extended Internet daemon) super-server daemon which runs on

many Unix-like systems and manages Internet-based connectivity. 2. httpd, sshd etc. Use fork to create subprocess

Run The demo: nc localhost 20011

Disable root account in sshd

Disable ports

Anti- attack( OS level using Iptables)

Anti- attack (Application level)

Selinux(Security Enhanced Linux) ls -alZ /var/www/html

getsebool –a

getsebool -a|fgrep http allow_httpd_anon_write --> off

allow_httpd_mod_auth_ntlm_winbind --> off

allow_httpd_mod_auth_pam --> off

allow_httpd_sys_script_anon_write --> off

httpd_can_network_connect --> off

httpd_can_sendmail --> off

Linux kernel firewall and

the chains and rules it

stores.

#iptables -I INPUT -p tcp --dport 80 -j ACCEPT

#iptables -I INPUT -p tcp --dport 443 -j ACCEPT

#iptables-save

a tool to transfer data from or to a server, using

one of the supported protocols (HTTP, HTTPS,

FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET,

LDAP or FILE)

Cross-platform, libcurl,

Trace the protocol • curl –v –O http://42.120.16.118/json.php

• http://www.thegeekstuff.com/2012/04/curl-examples/

Linux server Select the hardware and distribution

Security system

LAMP

Web API

Apache httpd vs Apache Software Foundation

Apache license: business-friend

Industry open source software http://projects.apache.org/indexes/category.

html

Tomcat, Lucene, Chemistry

Apache HTTP server started from1995.

In 2009 it became the first web server software to surpass the 100

million website milestone

Implemented as compiled modules to extend the core functionality

php, perl(mod_perl.so) , python(mod_python.so)

mod_dav_svn

mod_mono. A module to deploy an ASP.NET application with Mono

MultiProcessing Modules

1）a process-based, 2）hybrid (process and thread)

3）event-hybrid mode

To use the event MPM, add --with-mpm=event to the configure

script's arguments when building the httpd.

PHP is a server-side scripting language

designed for web development

Extension • http://pecl.php.net/packages.php

PECL is a repository for PHP Extensions

• yum install gcc make php-pear

• pecl install mongo

• http://pecl.php.net/packages.php

Extensions in Zend Repos • yum search php|fgrep "extension"

MongoDB stores structured data as JSON-like

documents with dynamic schemas offer

simplicity and power.

Installation • Configure yum 10gen repos

• yum install mongo-10gen mongo-10gen-server

• chkconfg mongod on

• Service mongod start

Self-installation: • $ nohup ./mongod &

• Or run command “./mongod & ” in /etc/init.d/rc.local

Demo

Vsftp

Very Secure FTPD is a *nix FTP Server

Wiki server: CentOS + Apache+MySQL+PHP

http://pdcwiki.cn.kodak.com

Bugzilla, Perl https://bugzilla.redhat.com/show_bug.cgi?id=

701559

Linux server Select the hardware and distribution

Security system

LAMP

Web API

Review the http protocol • curl -X GET http://42.120.16.118/json.php?name='edmond' -v

> GET http://42.120.16.118/json.php?name=edmond HTTP/1.1

> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1

> Host: 42.120.16.118

> Accept: */*

Proxy-Connection: Keep-Alive

• List of HTTP header fields, http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

A real case about http header: Cache-Control: no-cache

HTTP methods and CRUD(Create, Read, Update, and Delete)operations • To create a resource on the server, use POST.

• To retrieve a resource, use GET.

• To change the state of a resource or to update it, use PUT.

• To remove or delete a resource, use DELETE

a REST(Representational State Transfer) Web service follows four basic design principles: • Use HTTP methods explicitly.

• Be stateless.

• Expose directory structure-like URIs.

• Transfer XML, JavaScript Object Notation (JSON), or both.

curl -X GET http://42.120.16.118/json.php?name='edmond' -v

curl --data "name=aaa&tel=00000" http://42.120.16.118/json.php

curl -X DELETE --data "name=aaa&tel=00000" http://42.120.16.118/json.php

curl -X PUT -d "phone=1-800-999-9999" http http://42.120.16.118/json.php

Restful API -> php -> mongo

Which is the daemon process, which is the

subprocess?

What is TUI?

List the languages apache which support.

What is the fireware name?

How to quickly create a daemon service?