分类 centos7 下的文章

centos7安装samba服务遇到的问题

安装samba是遇到问题,配置如下

[global]
    workgroup = MYGROUP
    netbios name=www.scchary.com
    server string = Samba Server Version %v
    # log files split per-machine:
    log file = /var/log/samba/log.%m
    # maximum size of 50KB per log file, then rotate:
    max log size = 50
    security = share
    map to guest=bad user
    passdb backend = tdbsam
    load printers = no

[temp]
    comment = temp
    path = /tmp
    read only = No
    guest ok = Yes

在运行

[root@www samba_share]# smbclient -L //127.0.0.1
WARNING: Ignoring invalid value 'share' for parameter 'security'
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.12]

    Sharename       Type      Comment
    ---------       ----      -------
    temp            Disk      temp
    IPC$            IPC       IPC Service (Samba Server Version 4.1.12)
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.12]

    Server               Comment
    ---------            -------
    WWW.xxxxx.COM      Samba Server Version 4.1.12

    Workgroup            Master
    ---------            -------
    MYGROUP              WWW.xxxxx.COM
    WORKGROUP            BWOH44CIJNOYGCH

防火墙设置(我的zone是public)

firewall-cmd --zone=public --add-service=samba

但是是可以正常访问的,windows也可以访问,如果想去掉这个警告,把

security = share

换成

security = user

就可以了

然后就是在本地上面挂载的时候报错

[root@www ~]# mount -t cifs //127.0.0.1/temp/ /root/smb_mount
mount: wrong fs type, bad option, bad superblock on //127.0.0.1/temp/,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)

       In some cases useful info is found in syslog - try
       dmesg | tail or so.

原来是因为没有安装软件,来自于

yum install cifs-utils

另外,以这种不需要帐号密码的情况,是以nobody用户(属于nobody用户组)的身份在进行文件操作,我在win下连接samba服务器创建了一个文件,在linux上面查看的时候是这样的

-rwxr--r--.  1 nobody nobody    0 May 26 02:52 asdasd.txt

这里是配置的网址

配置分组都可以登录的文件,和用户登入时,才可以看到自己的家目录,配置值

[global]
    workgroup = MYGROUP
    netbios name=www.scchary.com
    server string = Samba Server Version %v
    # log files split per-machine:
    log file = /var/log/samba/log.%m
    # maximum size of 50KB per log file, then rotate:
    max log size = 50
    security = user
    passdb backend = tdbsam
    load printers = no

[temp]
    comment = temp
    path = /tmp
    read only = No
    guest ok = Yes
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        create mode=0664
        directory mode=0775
[project]
        comment=project
        path=/tmp/project
        browseable=yes
        writeable=yes
        write list=@sambagroup

使用groupadd添加用户组

groupadd sambagroup

添加用户并加入指定的用户组

useradd -G sambagroup samba1
useradd -G sambagroup samba2
useradd -G sambagroup samba3

给文件修改权限

chmod 0775 -R /tmp/project

修改selinux选项

chcon -t samba_share_t -R /tmp/project

挂载

mount -t cifs //127.0.0.1/project /root/smb_mount/ -o username=samba1

centos7下apache配置https

apache版本2.4
安装mod_ssl

yum install mod_ssl

建立文件夹,存放sslkey

mkdir /etc/httpd/ssl/

建立凭证档

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

...........................................................+++
..............+++
writing new private key to '/etc/httpd/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CHN
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZZ
Organizational Unit Name (eg, section) []:ZZ
Common Name (eg, your name or your server's hostname) []:WWW^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~
Email Address []:webmaster@xxx.com

需要填写一些内容,我随便填的...

具体选项的含义

openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
-nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
-days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
-newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
-keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
-out: This tells OpenSSL where to place the certificate that we are creating.

apache配置
/etc/httpd/conf.d/ssl.conf
我把这下面的内容复制到另外一个文件中配置的

<VirtualHost _default_:443>
*****
</VirtualHost>

需要修改的几项

DocumentRoot "/var/www/example.com/public_html"

ServerName www.example.com:443

SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

重启apace

systemctl restart httpd.service

参考:https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

centos7安装nginx和php碰到的一些问题

nginx安装,参考网址:https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-7

rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

yum install nginx

安装php和php-fpm

yum install --enablerepo=remi --enablerepo=remi-php56 php  php-fpm

因为我的php安装的是5.6的,所以的指定这个源里面安装php-fpm,不然一直报错

修改配置文件

vi /etc/php.ini

修改成0(这个配置值说是不安全的设置,参考网址:http://www.laruence.com/2010/05/20/1495.html)

cgi.fix_pathinfo=0

修改配置文件

vim /etc/nginx/conf.d/default.conf

server {
    listen       80;
    server_name  www.scchary.com;
    root /home/samba1/public_html;
    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        #root   /usr/share/nginx/html;
        #root /home/samba1/public_html;
        index  index.php index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        #root           /home/samba1/public_html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

修改上面配置文件的时候,运行php文件的时候,老是显示没有找到,后来在这里找到了答案,参考网址http://www.nginx.cn/562.html

server {
    listen   [::]:80;
    server_name  example.com www.example.com;
    access_log  /var/www/logs/example.com.access.log;  

    location / {
        root   /var/www/example.com;
        index  index.html index.htm index.pl;
    }

    location /images {
        autoindex on;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /var/www/example.com$fastcgi_script_name;
        include fastcgi_params;
    }
}

这个配置中有很多不合理的地方,其中一个明显的问题就是root指令被放到了location / 块。如果root指令被定义在location块中那么该root指令只能对其所在的location生效。其它locaiont中没有root指令,像location /images块不会匹配任何请求,需要在每个请求中重复配置root指令来解决这个问题。因此我们需要把root指令放在server块,这样各个location就会继承父server块定义的\$document_root,如果某个location需要定义一个不同的\$document_root,则可以在location单独定义一个root指令。

另一个问题就是fastCGI参数SCRIPT_FILENAME 是写死的。如果修改了root指令的值或者移动文件到别的目录,php-fpm会返回“No input file specified”错误,因为SCRIPT_FILENAME在配置中是写死的并没有随着$doucument_root变化而变化,我们可以修改SCRIPT_FILENAME配置如下:

fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;

所以我们不能忘记在server块中配置root指令,不然\$document_root的值为空,只会传\$fastcgi_script_name到php-fpm,这样就会导致“No input file specified”错误。

最后在测试php文件里面输出phpinfo的时候,出现了一个未定义时区的错误,修改了配置文件还是报错,最后重启了下php-fpm就好了

centos6.6,7minimal安装之后,不能补全命令

centos7minimal安装之后,tab键不能补全了。。。
上网搜了下,原来是要安装一个插件bash-completion
我就直接安装了

yum install bash-completion

安装ok了
然后再退出终端,,在登陆一下就ok了~~~~

参考网址:http://blog.csdn.net/zokie/article/details/8730542
http://www.51ou.com/browse/centos/61405.html

centos6.6执行yum安装的话,找不到这个软件
去这里下载http://www.caliban.org/files/redhat/RPMS/noarch/bash-completion-20060301-1.noarch.rpm

sudo rpm -ivf bash-completion-20060301-1.noarch.rpm

重新登陆下就好了

centos7安装搭建LNMP

nginx

    rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
   yum install nginx
   systemctl start nginx
   yum install links
   links 127.0.0.1
   links 192.168.208.6
   firewall-cmd --get-active-zones 
   firewall-cmd --zone=public --list-services 
   firewall-cmd --permanent --zone=public --add-service=http
   firewall-cmd --reload

安装安装成功,可以测试,出现nginx欢迎页面就ok

mysql

   rpm -ivf mysql-community-release-el7-5.noarch.rpm 
   yum search yum-utils
   yum install yum-utils
   yum-config-manager --disable mysql56-community
   yum-config-manager --enable mysql57-community-dmr
   yum search mysql-server
   yum repolist | grep 'mysql'
   yum repolist enabled | grep 'mysql'
   yum search mysql-community-server
   yum install mysql-community-server
   [root@localhost log]# systemctl start mysqld.service 
   [root@localhost log]# grep 'temporary password' /var/log/mysqld.log
2015-06-08T01:44:44.713032Z 1 [Warning] A temporary password is generated for root@localhost: ln3hb?;Jkk6w

    [root@localhost log]# mysql_secure_installation 

    Securing the MySQL server deployment.

    Enter password for root user: 这里填grep 'temporary password' /var/log/mysqld.log命令显示出的密码

    The existing password for the user account has expired. Please set a new password.
    重新设置密码
    New password: 

    Re-enter new password: 

    VALIDATE PASSWORD PLUGIN can be used to test passwords
    and improve security. It checks the strength of password
    and allows the users to set only those passwords which are
    secure enough. Would you like to setup VALIDATE PASSWORD plugin?
    密码强度插件
    Press y|Y for Yes, any other key for No: y

    There are three levels of password validation policy:

    LOW    Length >= 8
    MEDIUM Length >= 8, numeric, mixed case, and special characters
    STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

    Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
    Using existing root password.

    Estimated strength of the password: 100 
    Change the root password? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, a MySQL installation has an anonymous user,
    allowing anyone to log into MySQL without having to have
    a user account created for them. This is intended only for
    testing, and to make the installation go a bit smoother.
    You should remove them before moving into a production
    environment.
    删除anonymous用户,
    Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
    Success.


    Normally, root should only be allowed to connect from
    'localhost'. This ensures that someone cannot guess at
    the root password from the network.
    是都禁止root远程连接
    Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, MySQL comes with a database named 'test' that
    anyone can access. This is also intended only for testing,
    and should be removed before moving into a production
    environment.

    删除test数据库
    Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
     - Dropping test database...
    Success.

     - Removing privileges on test database...
    Success.

    Reloading the privilege tables will ensure that all changes
    made so far will take effect immediately.
    重新载入权限表
    Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
    Success.

    All done!

php

yum install epel-release
   rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
   yum install --enablerepo=remi --enablerepo=remi-php56 php php-fpm php-opcache php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof

整合nginx和php
修改vi /etc/php.ini
cgi.fix_pathinfo=0
修改nginx配置文件

vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    root   /usr/share/nginx/html;
    location / {
        #root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        #root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #    root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

[root@localhost log]# systemctl start php-fpm.service
[root@localhost log]# systemctl restart nginx.service 

ok
php和mysql
新建一个文件连接mysql试试

<?php
$con = mysql_connect("192.168.208.6:3306","root","testTEST!@#123");
if($con){
echo "ok";
}else{
echo mysql_error();
}
?>

但是连接报错
Permission denied
于是用远程连接mysql试试看
进入mysql

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'testTEST!@#123' WITH GRANT OPTION;
FLUSH PRIVILEGES;

然后再本机上面用远程连接时ok的,于是试着关掉selinux,

setenforce 0

就ok了
于是再开启selinux,查看http相关的selinux选项

[root@localhost html]# getsebool -a|grep -i httpd | grep net
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off

修改selinux的选项

[root@localhost html]# setsebool -P httpd_can_network_connect=1

再就ok了~~~