Intro to JavaWeb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#Servlet (Service + Applet), Tomcat (Servlet container), Jenkins, JSP

# Installation: Java and Tomcat

# search java jdk info (trivial)
[root@localhost ~]# yum search java | grep openjdk
[root@localhost ~]# yum install -y tomcat
[root@localhost ~]# java -version
openjdk version "1.8.0_282"
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
[root@localhost ~]# yum install -y java-1.8.0-openjdk-devel.x86_64
[root@localhost ~]# javac
[root@localhost ~]# systemctl start tomcat
[root@localhost ~]# systemctl status tomcat
● tomcat.service - Apache Tomcat Web Application Container
   Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-03-20 00:46:52 CST; 11s ago
 Main PID: 2957 (java)
   CGroup: /system.slice/tomcat.service
           └─2957 /usr/lib/jvm/jre/bin/java -Djavax.sql.DataSource.Factory=or...

Mar 20 00:46:53 localhost.localdomain server[2957]: Mar 20, 2021 12:46:53 AM ...
Mar 20 00:46:53 localhost.localdomain server[2957]: INFO: Starting service Ca...
Mar 20 00:46:53 localhost.localdomain server[2957]: Mar 20, 2021 12:46:53 AM ...
Mar 20 00:46:53 localhost.localdomain server[2957]: INFO: Starting Servlet En...
Mar 20 00:46:53 localhost.localdomain server[2957]: Mar 20, 2021 12:46:53 AM ...
Mar 20 00:46:53 localhost.localdomain server[2957]: INFO: Starting ProtocolHa...
Mar 20 00:46:53 localhost.localdomain server[2957]: Mar 20, 2021 12:46:53 AM ...
Mar 20 00:46:53 localhost.localdomain server[2957]: INFO: Starting ProtocolHa...
Mar 20 00:46:53 localhost.localdomain server[2957]: Mar 20, 2021 12:46:53 AM ...
Mar 20 00:46:53 localhost.localdomain server[2957]: INFO: Server startup in 4...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl enable tomcat

# show related directory
[root@localhost ~]# rpm -ql tomcat

# default port: 8080
[root@localhost ~]# yum install -y tomcat-webapps tomcat-admin-webapps
[root@localhost ~]# yum install -y tomcat-docs-webapps tomcat-javadoc
[root@localhost ~]# systemctl restart tomcat

# open thw 8080 ports
[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

# add an Tomcat user between <tomcat-users> tag
[root@localhost ~]# vim /etc/tomcat/tomcat-users.xml 
# now you can try to log in http://192.168.0.120:8080/manager/html, enter username and psswd
# there are some examples you can view
[root@localhost ~]# ls /var/lib/tomcat/webapps/
examples  host-manager  manager  ROOT  sample

Jenkins

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#  the mirror location: http://mirrors.jenkins.io/war-stable/latest/
[root@localhost ~]# wget http://mirrors.jenkins.io/war-stable/latest/jenkins.war 
[root@localhost ~]# ls
anaconda-ks.cfg  jenkins.war  name.txt  wordpress  wordpress-5.4.zip
[root@localhost ~]# mv jenkins.war /var/lib/tomcat/webapps/
[root@localhost ~]# cd /var/lib/tomcat/webapps/
[root@localhost webapps]# ls
examples  host-manager  jenkins.war  manager  ROOT  sample
[root@localhost webapps]# systemctl restart tomcat
[root@localhost webapps]# ls
examples  host-manager  jenkins.war  manager  ROOT  sample
# fix this problem
[root@localhost webapps]# ls -Zd jenkins.war 
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 jenkins.war
[root@localhost webapps]# semanage fcontext -a -t tomcat_var_lib_t jenkins.war 
[root@localhost webapps]# restorecon -Rv .
restorecon reset /var/lib/tomcat/webapps/jenkins.war context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:tomcat_var_lib_t:s0
[root@localhost webapps]# ls
examples  host-manager  jenkins  jenkins.war  manager  ROOT  sample

# in this case, if you wget jenkins to the webapps folder then fixing context is not needed

#!!!!!!!!!!!!!!!!!!!Problem not solved!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# FIND ANOTHER WAY TO INSTALL JENKINS on TOMCAT

Reverse Proxy (Nginx, tengine)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
[root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install nginx
# note that port 80 has been taken therefore we cannot start nginx
[root@localhost ~]# nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start nginx
[root@localhost ~]# systemctl status nginx

# configure nginx
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 
LISTEN 7080
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf 
Listen 7443 https
Virtual Host 7443
[root@localhost ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@localhost ~]# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2021-03-22 23:51:26 CST; 9s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 2124 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 2124 (code=exited, status=1/FAILURE)

Mar 22 23:51:26 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Mar 22 23:51:26 localhost.localdomain httpd[2124]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Mar 22 23:51:26 localhost.localdomain httpd[2124]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:7080
Mar 22 23:51:26 localhost.localdomain httpd[2124]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:7080
Mar 22 23:51:26 localhost.localdomain httpd[2124]: no listening sockets available, shutting down
Mar 22 23:51:26 localhost.localdomain httpd[2124]: AH00015: Unable to open logs
Mar 22 23:51:26 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 22 23:51:26 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
Mar 22 23:51:26 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Mar 22 23:51:26 localhost.localdomain systemd[1]: httpd.service failed.
[root@localhost ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 7080
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 7443
[root@localhost ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      7443, 7080, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# firewall-cmd --list-ports
80/tcp 443/tcp 3306/tcp 8080/tcp
[root@localhost ~]# firewall-cmd --zone=public --add-port=7080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --zone=public --add-port=7443/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# cd /etc/nginx/
[root@localhost nginx]# ls
conf.d                  koi-utf             scgi_params
default.d               koi-win             scgi_params.default
fastcgi.conf            mime.types          uwsgi_params
fastcgi.conf.default    mime.types.default  uwsgi_params.default
fastcgi_params          nginx.conf          win-utf
fastcgi_params.default  nginx.conf.default
[root@localhost ~]# vim nginx.conf
#add the following
upstream backend_jenkins{
        server 127.0.0.1:8080;
}

upstream backend_apache{
        server 127.0.0.1:7080;
}
# change the server_name as 'server_name  www.linuxserver.com linuxserver.com;'
# add the following locations
        location / {
                proxy_pass http://backend-apache;
        }

        location /{
                proxy_pass http://backend-jenkins;
        }
[root@localhost nginx]# systemctl restart nginx
# after jenkins restart, it is easier to access your jenkins page

# then go to your os's hosts config file add the following
192.168.0.120 www.linuxserver.com linuxserver.com

# Settings for a TLS enabled server.
[root@localhost nginx]# vim nginx.conf
# un-comment the following
    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/pki/nginx/server.crt";
        ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
[root@localhost nginx]# mkdir pki
[root@localhost nginx]# cd pki/
[root@localhost pki]# cp /etc/httpd/pki/server.crt /etc/httpd/pki/server.key
cp: overwrite ‘/etc/httpd/pki/server.key’? y

# change the following
        ssl_certificate "/etc/nginx/pki/server.crt";
        ssl_certificate_key "/etc/nginx/pki/server.key";
# redirect to https
        location/ {
        location / {
                proxy_pass http://backend-apache;
        }

        location /{
                proxy_pass http://backend-jenkins;
        }
        }
# and add these: (note the location)
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        # Redirect all the HTTP requests to HTTPS
        return 301 https://$host$request_uri;
[root@localhost nginx]# systemctl restart nginx

Squid (as proxy-cache)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
[root@localhost]# yum install squid
[root@localhost]# systemctl start squid
[root@localhost]# systemctl status squid
[root@localhost]# systemctl enable squid
# change the network connect method of the client machine as bridged, then reboot
[root@mos-computer mo]# nmtui
# change the IPv4 Address as Manual : 192.168.0.108/24
[root@mos-computer mo]# systemctl restart network
[root@mos-computer mo]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.108  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::d71b:d7fd:a85f:d0ca  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c7:97:83  txqueuelen 1000  (Ethernet)
        RX packets 498  bytes 55875 (54.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 638  bytes 51722 (50.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 32  bytes 2592 (2.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32  bytes 2592 (2.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:53:64:37  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# now we cannot access outer internet but we can access the server
[root@mos-computer mo]# ping baidu.com
ping: baidu.com: Name or service not known

# deploy proxy-cache: go to firefox's proxy setting, choose manual proxy configuration, set HTTP proxy as the IP address of your server, set the port num as 3128

# then config squid at the server-end, open port 3128
[root@localhost]# firewall-cmd --list-ports
[root@localhost]# firewall-cmd --zone=public --add-port=3128/tcp --permanent
[root@localhost]# firewall-cmd --reload

# it can listen to port 3128, make sure client can access network in specific time
# limit the access
[root@localhost ~]# cd /etc/squid/
[root@localhost squid]# ls
cachemgr.conf          errorpage.css.default  squid.conf
cachemgr.conf.default  mime.conf              squid.conf.default
errorpage.css          mime.conf.default
[root@localhost squid]# vim squid.conf
[root@localhost squid]# grep -vE "^#|^$" /etc/squid/squid.conf
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

# two useful commands: acl (Access Control List) http_access
[root@localhost squid]# squidclient mgr:info
HTTP/1.1 200 OK
Server: squid/3.5.20
Mime-Version: 1.0
Date: Fri, 26 Mar 2021 14:24:13 GMT
Content-Type: text/plain;charset=utf-8
Expires: Fri, 26 Mar 2021 14:24:13 GMT
Last-Modified: Fri, 26 Mar 2021 14:24:13 GMT
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:3128
Via: 1.1 localhost.localdomain (squid/3.5.20)
Connection: close

Squid Object Cache: Version 3.5.20
Build Info: 
Service Name: squid
Start Time:	Fri, 26 Mar 2021 14:11:55 GMT
Current Time:	Fri, 26 Mar 2021 14:24:13 GMT
Connection information for squid:
	Number of clients accessing cache:	2
	Number of HTTP requests received:	7
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	0.6
	Average ICP messages per minute since start:	0.0
	Select loop called: 2154 times, 342.608 ms avg
Cache information for squid:
	Hits as % of all requests:	5min: 0.0%, 60min: 0.0%
	Hits as % of bytes sent:	5min: -0.0%, 60min: -0.0%
	Memory hits as % of hit requests:	5min: 0.0%, 60min: 0.0%
	Disk hits as % of hit requests:	5min: 0.0%, 60min: 0.0%
	Storage Swap size:	0 KB
	Storage Swap capacity:	 0.0% used,  0.0% free
	Storage Mem size:	244 KB
	Storage Mem capacity:	 0.1% used, 99.9% free
	Mean Object Size:	0.00 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):   0.00000  0.23230
	Cache Misses:          0.00000  0.04519
	Cache Hits:            0.00000  0.00000
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:           0.00000  0.06963
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	737.977 seconds
	CPU Time:	0.312 seconds
	CPU Usage:	0.04%
	CPU Usage, 5 minute avg:	0.01%
	CPU Usage, 60 minute avg:	0.04%
	Maximum Resident Size: 67200 KB
	Page faults with physical i/o: 7
Memory accounted for:
	Total accounted:          581 KB
	memPoolAlloc calls:      4752
	memPoolFree calls:       4873
File descriptor usage for squid:
	Maximum number of file descriptors:   16384
	Largest file desc currently in use:     11
	Number of file desc currently in use:    6
	Files queued for open:                   0
	Available number of file descriptors: 16378
	Reserved number of file descriptors:   100
	Store Disk files open:                   0
Internal Data Structures:
	    58 StoreEntries
	    58 StoreEntries with MemObjects
	    57 Hot Object Cache Items
	     0 on-disk objects

[root@localhost squid]# vim squid.conf
[root@localhost squid]# systemctl restart squid
# add the following: that means if the client's ip address is not 192.168.0.107, then it cannot access the internet
acl client src 192.168.0.107

http_access allow client
http_access deny all
[root@localhost squid]# vim squid.conf
# now delete the configs setted above and then add the following
acl deny_keyword url_regex -i bing 
http_access deny deny_keyword
# now the client server cannot access websites have keywords 'bings'

# deny access a specific website
acl deny_url url_regex www.bing.com 
http_access deny deny_url

# deny access a specific file (movie,games)
acl deny_file urlpath_regex -i \.rar$ \.avi$ \.zip$ \.exe 
http_access deny deny_file

Docker (container)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# reading on: what is the diff between VM and Docker
[root@localhost ~]# sudo yum install -y yum-utils \
>  device-mapper-persistent-data \
>  lvm2
[root@localhost ~]# yum-config-manager \
>  --add-repo \
>  https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]# yum install docker-ce docker-ce-cli containerd.io
[root@localhost ~]# systemctl start docker
[root@localhost ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete 
Digest: sha256:308866a43596e83578c7dfa15e27a73011bdd402185a84c5cd7f32a88b501a24
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

# you can even run a centOS on the docker, use exit to quit docker
[root@localhost ~]# docker run -it centos bash

# pull some other tools
[root@localhost ~]# docker pull tomcat
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Discuz Forum (on LNMP)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#install fastCGI first
[root@localhost ~]# yum install php56-fpm
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * epel: hkg.mirror.rackspace.com
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
 * webtatic: us-east.repo.webtatic.com
No package php56-fpm available.
Error: Nothing to do
[root@localhost ~]# yum install php56w-fpm
[root@localhost ~]# systemctl start php-fpm
[root@localhost ~]# systemctl status php-fpm
[root@localhost ~]# systemctl enable php-fpm
[root@localhost ~]# vim /etc/nginx/nginx.conf
# add the following
	location / {
                index index.html index.htm index.php;
        }

        # Pass the PHP scripts to FastCGI serverl listening on 127.0.0.1:9000   
        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;  
        }
[root@localhost ~]# systemctl start nginx
[root@localhost ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-03-27 00:28:52 CST; 3min 14s ago
  Process: 3197 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 3195 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 3192 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 3199 (nginx)
    Tasks: 3
   Memory: 3.2M
   CGroup: /system.slice/nginx.service
           ├─3199 nginx: master process /usr/sbin/nginx
           ├─3200 nginx: worker process
           └─3201 nginx: worker process

Mar 27 00:28:52 localhost.localdomain systemd[1]: Starting The nginx HTTP and...
Mar 27 00:28:52 localhost.localdomain nginx[3195]: nginx: the configuration f...
Mar 27 00:28:52 localhost.localdomain nginx[3195]: nginx: configuration file ...
Mar 27 00:28:52 localhost.localdomain systemd[1]: Started The nginx HTTP and ...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# cd /usr/share/nginx/html/
[root@localhost html]# ls
404.html  en-US  img         nginx-logo.png
50x.html  icons  index.html  poweredby.png
[root@localhost html]# vim index.php
#add these
<?php
        phpinfo();
>

# now access the 192.168.0.120/index.php to see what happened

# construct the Discuz forum

# step 1: Download the forum file (.zip) from Discuz
[root@localhost ~]# cd /usr/share/nginx/html
[root@localhost html]# 

# copy the downloaded Discuz file to server like the following
[mo@mos-computer hgfs]$ scp Discuz_X3.4_SC_UTF8_20210320.zip root@192.168.0.120:/usr/share/nginx/html
Discuz_X3.4_SC_UTF8_20210320.zip              100%   12MB  60.0MB/s   00:00   

# unzip the Discuz file into this directory
[root@localhost html]# unzip Discuz_X3.4_SC_UTF8_20210320.zip 

[root@localhost html]# ls
404.html                          icons       LICENSE         readme
50x.html                          img         nginx-logo.png  readme.html
Discuz_X3.4_SC_UTF8_20210320.zip  index.html  poweredby.png   upload
en-US                             index.php   qqqun.png       utility
[root@localhost html]# rm Discuz_X3.4_SC_UTF8_20210320.zip 
rm: remove regular file ‘Discuz_X3.4_SC_UTF8_20210320.zip’? y
[root@localhost html]# rm -rf index.php index.html 50sx.html
[root@localhost html]# mv upload/* .
[root@localhost html]# ls
404.html   connect.php      home.php   member.php      readme       uc_client
50x.html   crossdomain.xml  icons      misc.php        readme.html  uc_server
admin.php  data             img        nginx-logo.png  robots.txt   upload
api        en-US            index.php  plugin.php      search.php   utility
api.php    favicon.ico      install    portal.php      source
archiver   forum.php        LICENSE    poweredby.png   static
config     group.php        m          qqqun.png       template
[root@localhost html]# ls upload/
[root@localhost html]# rm -rf upload/
[root@localhost html]# ls -dl
drwxr-xr-x. 16 root root 4096 Mar 29 21:41 .
[root@localhost html]# chmod -Rf 777 .
# now goto http://your_server_ip/install to move on the installation

# now more settings need to be done
[root@localhost html]# tail -f /var/log/audit/audit.log 
[root@localhost html]# ls -Z
[root@localhost html]# semanage fcontext -l | grep httpd_sys_rw_content_t
[root@localhost html]# semanage fcontext -a -t httpd_sys_rw_content_t "(/.*)?"
[root@localhost html]# restorecon -Rv .
# now goto the http://your_server_ip/install to see if it works and follow the guide
# set the login name and password

# now you are able to manage your forum

# Incase you forget the root name or Discuz crash down

# Emergency mode

# Press 'E' when the system boot (when you are selecting the disk)
# Find the information about the disk and do the following things
# change ro to rw\ and add these
rw\ init=\sysroot/bin/sh
# then press Ctrl+x to start the system
# change the root directory
chroot /sysroot
# then goto the configuration of selinux
vim /etc/selinux/config
# change the following selinux setting
SELINUX=permissive

# if you forget the root code, you can also change the root password in 'E' mode
passwd

Zabbix Monitor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# The installation process
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
yum clean all
yum install zabbix-server-mysql zabbix-agent
yum install centos-release-scl
# /etc/yum.repos.d/zabbix.repo and enable zabbix-frontend repository.
[zabbix-frontend]
...
enabled=1
...
yum install zabbix-web-mysql-scl zabbix-nginx-conf-scl

mysql -uroot -p
password
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'password';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;

zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

DBPassword=password

#/etc/opt/rh/rh-nginx116/nginx/conf.d/zabbix.conf, uncomment and set 'listen' and 'server_name' directives.
listen 80;
server_name example.com;

#/etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf, add nginx to listen.acl_users directive.
listen.acl_users = apache,nginx

#set the right time zone
; php_value[date.timezone] = Europe/Riga

systemctl restart zabbix-server zabbix-agent rh-nginx116-nginx rh-php72-php-fpm
systemctl enable zabbix-server zabbix-agent rh-nginx116-nginx rh-php72-php-fpm

# connect to server
http://server_ip_or_name
http://server_ip_or_name/zabbix

# install the front-end as the tutorial guided: https://www.zabbix.com/documentation/5.0/manual/installation/install#installing_frontend

# Check the Zabbix log if it shows the error
tail -f /var/log/nginx/error.log