Download - Linux sever building

Transcript
Page 1: Linux sever building

Edmond Yu, 2013.4.26 余水保, [email protected]

Page 2: Linux sever building

Linux server • Select the hardware and distribution

• Security system

LAMP

Web API

Page 3: Linux sever building

Rent server from IDC

Infrastructure as a Service (IaaS)

• Amazon, DigitalOcean

• 阿里云

Platform as a Service (PaaS) • OpenShift …

• 新浪云

Page 4: Linux sever building

Linux Distribution Timeline

Redhat Enterprise Linux

CentOS Community ENTerprise Operating System

http://en.wikipedia.org/wiki/CentOS

Page 5: Linux sever building

Command Line vim –bd a.txt b.txt git log –Smymodification

TUI (Text-based User Interface) gdb –tui myapp git log –graph

GUI Lot of tools have no GUI GUI has bug

Page 6: Linux sever building

Kernel-based Virtual Machine (KVM) is a

virtualization infrastructure for the Linux kernel

included in mainline Linux, as of 2.6.20 • kvm.ko, kvm-intel.ko

QEMU(qemu-kvm) can make use of KVM when

running a target architecture that is the same as

the host architecture qemu-img create -f qcow2 vdisk.img 10G

qemu-system -hda vdisk.img -cdrom /boot-media.iso \ -boot d -m 384

Page 7: Linux sever building

Daemon is a process run in background. two types of daemon: 1. xinetd (extended Internet daemon) super-server daemon which runs on

many Unix-like systems and manages Internet-based connectivity. 2. httpd, sshd etc. Use fork to create subprocess

Run The demo: nc localhost 20011

Page 8: Linux sever building

Disable root account in sshd

Disable ports

Anti- attack( OS level using Iptables)

Anti- attack (Application level)

Selinux(Security Enhanced Linux) ls -alZ /var/www/html

getsebool –a

getsebool -a|fgrep http allow_httpd_anon_write --> off

allow_httpd_mod_auth_ntlm_winbind --> off

allow_httpd_mod_auth_pam --> off

allow_httpd_sys_script_anon_write --> off

httpd_can_network_connect --> off

httpd_can_sendmail --> off

Page 9: Linux sever building

Linux kernel firewall and

the chains and rules it

stores.

#iptables -I INPUT -p tcp --dport 80 -j ACCEPT

#iptables -I INPUT -p tcp --dport 443 -j ACCEPT

#iptables-save

Page 10: Linux sever building

a tool to transfer data from or to a server, using

one of the supported protocols (HTTP, HTTPS,

FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET,

LDAP or FILE)

Cross-platform, libcurl,

Trace the protocol • curl –v –O http://42.120.16.118/json.php

• http://www.thegeekstuff.com/2012/04/curl-examples/

Page 11: Linux sever building

Linux server Select the hardware and distribution

Security system

LAMP

Web API

Page 12: Linux sever building
Page 13: Linux sever building

Apache httpd vs Apache Software Foundation

Apache license: business-friend

Industry open source software http://projects.apache.org/indexes/category.

html

Tomcat, Lucene, Chemistry

Page 14: Linux sever building

Apache HTTP server started from1995.

In 2009 it became the first web server software to surpass the 100

million website milestone

Implemented as compiled modules to extend the core functionality

php, perl(mod_perl.so) , python(mod_python.so)

mod_dav_svn

mod_mono. A module to deploy an ASP.NET application with Mono

MultiProcessing Modules

1)a process-based, 2)hybrid (process and thread)

3)event-hybrid mode

To use the event MPM, add --with-mpm=event to the configure

script's arguments when building the httpd.

Page 15: Linux sever building

PHP is a server-side scripting language

designed for web development

Extension • http://pecl.php.net/packages.php

PECL is a repository for PHP Extensions

• yum install gcc make php-pear

• pecl install mongo

• http://pecl.php.net/packages.php

Extensions in Zend Repos • yum search php|fgrep "extension"

Page 16: Linux sever building

MongoDB stores structured data as JSON-like

documents with dynamic schemas offer

simplicity and power.

Installation • Configure yum 10gen repos

• yum install mongo-10gen mongo-10gen-server

• chkconfg mongod on

• Service mongod start

Self-installation: • $ nohup ./mongod &

• Or run command “./mongod & ” in /etc/init.d/rc.local

Demo

Page 17: Linux sever building

Vsftp

Very Secure FTPD is a *nix FTP Server

Wiki server: CentOS + Apache+MySQL+PHP

http://pdcwiki.cn.kodak.com

Bugzilla, Perl https://bugzilla.redhat.com/show_bug.cgi?id=

701559

Page 18: Linux sever building

Linux server Select the hardware and distribution

Security system

LAMP

Web API

Page 19: Linux sever building

Review the http protocol • curl -X GET http://42.120.16.118/json.php?name='edmond' -v

> GET http://42.120.16.118/json.php?name=edmond HTTP/1.1

> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1

> Host: 42.120.16.118

> Accept: */*

Proxy-Connection: Keep-Alive

• List of HTTP header fields, http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

A real case about http header: Cache-Control: no-cache

HTTP methods and CRUD(Create, Read, Update, and Delete)operations • To create a resource on the server, use POST.

• To retrieve a resource, use GET.

• To change the state of a resource or to update it, use PUT.

• To remove or delete a resource, use DELETE

Page 20: Linux sever building

a REST(Representational State Transfer) Web service follows four basic design principles: • Use HTTP methods explicitly.

• Be stateless.

• Expose directory structure-like URIs.

• Transfer XML, JavaScript Object Notation (JSON), or both.

Page 21: Linux sever building

curl -X GET http://42.120.16.118/json.php?name='edmond' -v

curl --data "name=aaa&tel=00000" http://42.120.16.118/json.php

curl -X DELETE --data "name=aaa&tel=00000" http://42.120.16.118/json.php

curl -X PUT -d "phone=1-800-999-9999" http http://42.120.16.118/json.php

Page 22: Linux sever building

Restful API -> php -> mongo

Page 23: Linux sever building

Which is the daemon process, which is the

subprocess?

What is TUI?

List the languages apache which support.

What is the fireware name?

How to quickly create a daemon service?

Page 24: Linux sever building