标签 centos7 下的文章

centos7安装samba服务遇到的问题

作者: 握瑾怀瑜
时间: 2015-11-27
分类: centos7,linux
评论

安装samba是遇到问题，配置如下

[global]
    workgroup = MYGROUP
    netbios name=www.scchary.com
    server string = Samba Server Version %v
    # log files split per-machine:
    log file = /var/log/samba/log.%m
    # maximum size of 50KB per log file, then rotate:
    max log size = 50
    security = share
    map to guest=bad user
    passdb backend = tdbsam
    load printers = no

[temp]
    comment = temp
    path = /tmp
    read only = No
    guest ok = Yes

在运行

[root@www samba_share]# smbclient -L //127.0.0.1
WARNING: Ignoring invalid value 'share' for parameter 'security'
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.12]

    Sharename       Type      Comment
    ---------       ----      -------
    temp            Disk      temp
    IPC$            IPC       IPC Service (Samba Server Version 4.1.12)
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.12]

    Server               Comment
    ---------            -------
    WWW.xxxxx.COM      Samba Server Version 4.1.12

    Workgroup            Master
    ---------            -------
    MYGROUP              WWW.xxxxx.COM
    WORKGROUP            BWOH44CIJNOYGCH

防火墙设置(我的zone是public)

firewall-cmd --zone=public --add-service=samba

但是是可以正常访问的，windows也可以访问，如果想去掉这个警告，把

security = share

换成

security = user

就可以了

然后就是在本地上面挂载的时候报错

[root@www ~]# mount -t cifs //127.0.0.1/temp/ /root/smb_mount
mount: wrong fs type, bad option, bad superblock on //127.0.0.1/temp/,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)

       In some cases useful info is found in syslog - try
       dmesg | tail or so.

原来是因为没有安装软件,来自于

yum install cifs-utils

另外，以这种不需要帐号密码的情况，是以nobody用户(属于nobody用户组)的身份在进行文件操作，我在win下连接samba服务器创建了一个文件，在linux上面查看的时候是这样的

-rwxr--r--.  1 nobody nobody    0 May 26 02:52 asdasd.txt

这里是配置的网址

配置分组都可以登录的文件，和用户登入时，才可以看到自己的家目录,配置值

[global]
    workgroup = MYGROUP
    netbios name=www.scchary.com
    server string = Samba Server Version %v
    # log files split per-machine:
    log file = /var/log/samba/log.%m
    # maximum size of 50KB per log file, then rotate:
    max log size = 50
    security = user
    passdb backend = tdbsam
    load printers = no

[temp]
    comment = temp
    path = /tmp
    read only = No
    guest ok = Yes
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        create mode=0664
        directory mode=0775
[project]
        comment=project
        path=/tmp/project
        browseable=yes
        writeable=yes
        write list=@sambagroup

使用groupadd添加用户组

groupadd sambagroup

添加用户并加入指定的用户组

useradd -G sambagroup samba1
useradd -G sambagroup samba2
useradd -G sambagroup samba3

给文件修改权限

chmod 0775 -R /tmp/project

修改selinux选项

chcon -t samba_share_t -R /tmp/project

挂载

mount -t cifs //127.0.0.1/project /root/smb_mount/ -o username=samba1

centos7下apache配置https

作者: 握瑾怀瑜
时间: 2015-11-27
分类: centos7,linux,apache
评论

apache版本2.4
安装mod_ssl

yum install mod_ssl

建立文件夹，存放sslkey

mkdir /etc/httpd/ssl/

建立凭证档

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

...........................................................+++
..............+++
writing new private key to '/etc/httpd/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CHN
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZZ
Organizational Unit Name (eg, section) []:ZZ
Common Name (eg, your name or your server's hostname) []:WWW^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~
Email Address []:webmaster@xxx.com

需要填写一些内容，我随便填的...

具体选项的含义

openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
req -x509: This specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management.
-nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
-days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
-newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
-keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
-out: This tells OpenSSL where to place the certificate that we are creating.

apache配置
/etc/httpd/conf.d/ssl.conf
我把这下面的内容复制到另外一个文件中配置的

<VirtualHost _default_:443>
*****
</VirtualHost>

需要修改的几项

DocumentRoot "/var/www/example.com/public_html"

ServerName www.example.com:443

SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

重启apace

systemctl restart httpd.service

参考：https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

centos6.6，7minimal安装之后，不能补全命令

作者: 握瑾怀瑜
时间: 2015-11-27
分类: centos6,centos7,linux
评论

centos7minimal安装之后，tab键不能补全了。。。
上网搜了下，原来是要安装一个插件bash-completion
我就直接安装了

yum install bash-completion

安装ok了
然后再退出终端,,在登陆一下就ok了~~~~

参考网址:http://blog.csdn.net/zokie/article/details/8730542
http://www.51ou.com/browse/centos/61405.html

centos6.6执行yum安装的话，找不到这个软件
去这里下载http://www.caliban.org/files/redhat/RPMS/noarch/bash-completion-20060301-1.noarch.rpm

sudo rpm -ivf bash-completion-20060301-1.noarch.rpm

重新登陆下就好了

centos7安装搭建LNMP

作者: 握瑾怀瑜
时间: 2015-11-27
分类: selinux,centos7,mysql,linux,php,nginx
1 条评论

nginx

    rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
   yum install nginx
   systemctl start nginx
   yum install links
   links 127.0.0.1
   links 192.168.208.6
   firewall-cmd --get-active-zones 
   firewall-cmd --zone=public --list-services 
   firewall-cmd --permanent --zone=public --add-service=http
   firewall-cmd --reload

安装安装成功，可以测试，出现nginx欢迎页面就ok

mysql

   rpm -ivf mysql-community-release-el7-5.noarch.rpm 
   yum search yum-utils
   yum install yum-utils
   yum-config-manager --disable mysql56-community
   yum-config-manager --enable mysql57-community-dmr
   yum search mysql-server
   yum repolist | grep 'mysql'
   yum repolist enabled | grep 'mysql'
   yum search mysql-community-server
   yum install mysql-community-server
   [root@localhost log]# systemctl start mysqld.service 
   [root@localhost log]# grep 'temporary password' /var/log/mysqld.log
2015-06-08T01:44:44.713032Z 1 [Warning] A temporary password is generated for root@localhost: ln3hb?;Jkk6w

    [root@localhost log]# mysql_secure_installation 

    Securing the MySQL server deployment.

    Enter password for root user: 这里填grep 'temporary password' /var/log/mysqld.log命令显示出的密码

    The existing password for the user account has expired. Please set a new password.
    重新设置密码
    New password: 

    Re-enter new password: 

    VALIDATE PASSWORD PLUGIN can be used to test passwords
    and improve security. It checks the strength of password
    and allows the users to set only those passwords which are
    secure enough. Would you like to setup VALIDATE PASSWORD plugin?
    密码强度插件
    Press y|Y for Yes, any other key for No: y

    There are three levels of password validation policy:

    LOW    Length >= 8
    MEDIUM Length >= 8, numeric, mixed case, and special characters
    STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

    Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
    Using existing root password.

    Estimated strength of the password: 100 
    Change the root password? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, a MySQL installation has an anonymous user,
    allowing anyone to log into MySQL without having to have
    a user account created for them. This is intended only for
    testing, and to make the installation go a bit smoother.
    You should remove them before moving into a production
    environment.
    删除anonymous用户，
    Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
    Success.


    Normally, root should only be allowed to connect from
    'localhost'. This ensures that someone cannot guess at
    the root password from the network.
    是都禁止root远程连接
    Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n

     ... skipping.
    By default, MySQL comes with a database named 'test' that
    anyone can access. This is also intended only for testing,
    and should be removed before moving into a production
    environment.

    删除test数据库
    Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
     - Dropping test database...
    Success.

     - Removing privileges on test database...
    Success.

    Reloading the privilege tables will ensure that all changes
    made so far will take effect immediately.
    重新载入权限表
    Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
    Success.

    All done!

php

yum install epel-release
   rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
   yum install --enablerepo=remi --enablerepo=remi-php56 php php-fpm php-opcache php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof

整合nginx和php
修改vi /etc/php.ini
cgi.fix_pathinfo=0
修改nginx配置文件

vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    root   /usr/share/nginx/html;
    location / {
        #root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        #root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #    root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

[root@localhost log]# systemctl start php-fpm.service
[root@localhost log]# systemctl restart nginx.service

ok
php和mysql
新建一个文件连接mysql试试

<?php
$con = mysql_connect("192.168.208.6:3306","root","testTEST!@#123");
if($con){
echo "ok";
}else{
echo mysql_error();
}
?>

但是连接报错
Permission denied
于是用远程连接mysql试试看
进入mysql

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'testTEST!@#123' WITH GRANT OPTION;
FLUSH PRIVILEGES;

然后再本机上面用远程连接时ok的，于是试着关掉selinux，

setenforce 0

就ok了
于是再开启selinux，查看http相关的selinux选项

[root@localhost html]# getsebool -a|grep -i httpd | grep net
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off

修改selinux的选项

[root@localhost html]# setsebool -P httpd_can_network_connect=1

再就ok了~~~

centos7.0安装mysql5.7

作者: 握瑾怀瑜
时间: 2015-11-26
分类: centos7,mysql,linux
评论

下载mysql源的安装包
mysql源地址
安装源

rpm -ivf mysql-community-release-el7-5.noarch.rpm

安装

yum install mysql-server

然后按下Y就能安装成功了
但是我安装之后不能启动，运行了一下

mysql_secure_installation

会出现一些设置，root密码设置什么的，设置完成之后mysql自己就启动了
但是这个安装的是5.6版本的mysql，我想安装5.7的

yum-config-manager --disable mysql56-community
yum-config-manager --enable mysql57-community-dmr

然后更新一下·

yum update

就是5.7了

php安装5.6

来自于http://www.zabbix.cc/technic/1420/
配置yum源
追加CentOS 6.5的epel及remi源。

# rpm -Uvh http://ftp.iij.ad.jp/pub/linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

以下是CentOS 7.0的源。

yum install epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

使用yum list命令查看可安装的包(Packege)。

# yum list --enablerepo=remi --enablerepo=remi-php56 | grep php

安装PHP5.6
yum源配置好了，下一步就安装PHP5.6。

# yum install --enablerepo=remi --enablerepo=remi-php56 php php-opcache php-devel php-mbstring php-mcrypt php-mysqlnd php-phpunit-PHPUnit php-pecl-xdebug php-pecl-xhprof

用PHP命令查看版本。

[root@www ~]# php --version
PHP 5.6.9 (cli) (built: May 15 2015 09:31:38) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies
    with Xdebug v2.3.2, Copyright (c) 2002-2015, by Derick Rethans

在这里安装的版本是PHP5.6.0，细心的用户可能已经发现ZendGuardLoader变成Zend OPcahe了。

对从PHP5.5开始PHP代码缓存从APC变成了Zend OPcache了。