1、详细描述一次加密通讯的过程,结合图示最佳。
SSL协议基础:位于TCP/IP协议与各种应用层协议之间,本身又分为两层: 1)SSL记录协议:建立在可靠传输层协议(TCP)之上,为上层协议提供数据封装、压缩、加密等基本功能。 2)SSL握手协议:在SSL记录协议之上,用于实际数据传输前,通讯双方进行身份认证、协商加密算法、交换加密密钥等。 SSL协议通信过程: 1)浏览器发送一个连接请求给服务器;服务器将自己的证书(包含服务器公钥S_PuKey)、对称加密算法种类及其他相关信息返回客户端。 2)客户端浏览器检查服务器传送到CA证书是否由自己信赖的CA中心签发。若是,执行第4步;否则,给客户一个警告信息:询问是否继续访问 3)客户端浏览器比较证书里的信息,如证书有效期、服务器域名和公钥S_PK,与服务器传回的信息是否一致;如果一致,则浏览器完成对服务器的身份认证 4)服务器要求客户端发送客户端证书(包含客户端公钥C_PuKey)、支持的对称加密方案及其他相关信息。收到后,服务器进行相同的身份认证,若没有通过验证,则拒绝连接; 5)服务器根据客户端浏览器发送到密码种类,选择一种加密程度最高的方案,用客户端公钥C_PubKey加密后通知到浏览器; 6)客户端通过私钥C_prKey解密后,得知服务器选择的加密方案,并选择一个通话密钥Key,接着用服务器公钥S_PuKey加密后发送服务器; 7)服务器接收到的浏览器传送到消息,用私钥S_PrKey解密,获得通话密钥key。 8)接下来的数据传输都使用该对称密钥Key进行加密。 上面所述的是双向认证SSL协议的具体通讯过程,服务器和用户双方必须都有证书。由此可见,SSL协议是通过非对称密钥机制保证双方身份认证,并完成建立连接,在实际数据通信 时通过对称密钥机制保障数据安全性。
2、描述创建私有CA的过程,以及为客户端发来的证书请求进行办法证书。
[root@centos7 ~]# yum install -y openssl #此机器用作CA服务器 [root@centos6 ~]# yum install -y openssl #此机器为请求证书签署的客户机 [root@centos7 tls]# touch index.txt #创建必须的文件 [root@centos7 tls]# echo 01 > serial #第一次需要输入序列 后面会同CA签字次数的累加自动递增 无须手动改动 [root@centos7 tls]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) #CA服务器生成自签必要文件 Generating RSA private key, 2048 bit long modulus .............................................................+++ ......................................................................+++ e is 65537 (0x10001) [root@centos7 tls]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem #CA生成证书签署请求并自签;填写自签信息,需要填写的具体为:国家、州/省份、城市、公司/组织、部门、主机名、管理员邮箱,需要特别注意的是,由于是私有CA,所以客户机必须保证同CA来自于同一个组织,否则证书申请请求将无法被CA签署 [root@centos6 httpd24]# mkdir ssl #在客户机生成一个用于存放SSL证书的目录 [root@centos6 ~]# (umask 077;openssl genrsa -out /etc/httpd24/ssl/httpd.key 2048) #客户机生成自己的私钥 Generating RSA private key, 2048 bit long modulus ...+++ .........+++ e is 65537 (0x10001) [root@centos6 ~]# openssl req -new -key /etc/httpd24/ssl/httpd.key -days 365 -out /etc/httpd24/ssl/httpd.csr #客户机生成证书签署请求 特别要注意必须同私有CA来自同一个组织 [root@centos6 ~]# scp /etc/httpd24/ssl/httpd.csr root@192.168.11.213:/tmp/ #客户机将请求文件发送给CA服务器 [root@centos7 CA]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365 #CA校验客户机信息 如信息无误签署证书 [root@centos7 certs]# scp httpd.crt root@192.168.11.111:/etc/httpd24/ssl/ #CA将签署后的证书回传给客户机 [root@centos6 ~]# ll /etc/httpd24/ssl/ #客户机在指定的目录下可以看到已经签署完成的证书 整个过程完成 total 16 -rw-r--r--. 1 root root 4559 Oct 29 04:23 httpd.crt -rw-r--r--. 1 root root 1033 Oct 29 04:15 httpd.csr -rw-------. 1 root root 1675 Oct 29 04:11 httpd.key
3、搭建一套DNS服务器,负责解析magedu.com域名(自行设定主机名及IP)
(1)、能够对一些主机名进行正向解析和逆向解析;
(2)、对子域cdn.magedu.com进行子域授权,子域负责解析对应子域中的主机名;
(3)、为了保证DNS服务系统的高可用性,请设计一套方案,并写出详细的实施过程
[root@centos6 ~]# yum install -y bind #首先安装bind程序 安装过程详情此处忽略 下同
[root@centos6 etc]# vim /etc/named.conf #主配置文件的options部分 以下用于实现搭建缓存服务器
options {
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
18 recursion yes;
19
20 dnssec-enable no;
21 dnssec-validation no;
22
23 /* Path to ISC DLV key */
24 // bindkeys-file "/etc/named.iscdlv.key";
25
26 // managed-keys-directory "/var/named/dynamic";
27 };
[root@centos6 etc]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@centos6 etc]# ss -tnl | grep :53
LISTEN 0 3 192.168.11.168:53 *:*
LISTEN 0 3 127.0.0.1:53 *:*
[root@centos6 etc]# vim /etc/named.rfc1912.zones #配置正向解析
zone "magedu.com" IN {
44 type master;
45 file "magedu.com.zone";
46 };
[root@centos6 etc]# vim /var/named/magedu.com.zone
$TTL 1D
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2016102801
2H
10M
1W
1D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.11.168
ns2 IN A 192.168.11.169
www IN A 192.168.11.200
ftp IN A 192.168.11.201
* IN A 192.168.11.202
[root@centos6 named]# chmod 640 magedu.com.zone ; chown named:named magedu.com.zone
[root@centos6 named]# named-checkconf
[root@centos6 named]# named-checkzone "magedu.com" magedu.com.zone
zone magedu.com/IN: loaded serial 2016102801
OK
[root@centos6 named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@centos6 named]# dig -t A www.magedu.com @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -t A www.magedu.com @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29770
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.11.200
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 1 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Wed Oct 26 23:56:17 2016
;; MSG SIZE rcvd: 116
[root@centos6 named]# dig -t A abc.magedu.com @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -t A abc.magedu.com @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47940
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;abc.magedu.com. IN A
;; ANSWER SECTION:
abc.magedu.com. 86400 IN A 192.168.11.202
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 0 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Wed Oct 26 23:56:32 2016
;; MSG SIZE rcvd: 116
[root@centos6 named]# dig -t A ftp.magedu.com @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -t A ftp.magedu.com @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;ftp.magedu.com. IN A
;; ANSWER SECTION:
ftp.magedu.com. 86400 IN A 192.168.11.201
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 0 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Wed Oct 26 23:56:40 2016
;; MSG SIZE rcvd: 116
[root@centos6 named]# vim /etc/named.rfc1912.zones #配置反向解析
zone "11.168.192.in-addr.arpa" IN {
type master;
file "magedu.com.reverse.zone";
};
[root@centos6 named]# vim magedu.com.reverse.zone
$TTL 1D
$ORIGIN 11.168.192.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2016102801
1H
5M
7D
1D
)
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
168 IN PTR ns1.magedu.com.
169 IN PTR ns2.magedu.com.
200 IN PTR www.magedu.com.
201 IN PTR ftp.magedu.com.
[root@centos6 named]# chmod 640 magedu.com.reverse.zone ;chown named:named magedu.com.reverse.zone
[root@centos6 named]# named-checkconf
[root@centos6 named]# named-checkzone "11.168.192.in-addr.arpa" magedu.com.reverse.zone
zone 11.168.192.in-addr.arpa/IN: loaded serial 2016102801
OK
[root@centos6 named]# rndc reload
server reload successful
[root@centos6 named]# dig -x 192.168.11.200 @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -x 192.168.11.200 @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38830
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.11.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.11.168.192.in-addr.arpa. 86400 IN PTR www.magedu.com.
;; AUTHORITY SECTION:
11.168.192.in-addr.arpa. 86400 IN NS ns1.magedu.com.
11.168.192.in-addr.arpa. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 0 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Thu Oct 27 00:18:39 2016
;; MSG SIZE rcvd: 141
[root@centos6 named]# dig -x 192.168.11.201 @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -x 192.168.11.201 @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10586
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.11.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
201.11.168.192.in-addr.arpa. 86400 IN PTR ftp.magedu.com.
;; AUTHORITY SECTION:
11.168.192.in-addr.arpa. 86400 IN NS ns1.magedu.com.
11.168.192.in-addr.arpa. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 0 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Thu Oct 27 00:19:13 2016
;; MSG SIZE rcvd: 141
[root@centos6 named]# vim magedu.com.zone #子域授权 以下为父域服务器授权操作
$TTL 1D
2 $ORIGIN magedu.com.
3 @ IN SOA ns1.magedu.com. admin.magedu.com. (
4 2016102802
5 2H
6 10M
7 1W
8 1D)
9 IN NS ns1
10 IN NS ns2
11 cdn IN NS ns1.cdn
12 cdn IN NS ns2.cdn
13 ns1 IN A 192.168.11.168
14 ns2 IN A 192.168.11.169
15 www IN A 192.168.11.200
16 ftp IN A 192.168.11.201
17 * IN A 192.168.11.202
18 ns1.cdn IN A 192.168.11.213
19 ns2.cdn IN A 192.168.11.214
[root@centos6 named]# named-checkzone "magedu.com" magedu.com.zone
zone magedu.com/IN: loaded serial 2016102802
OK
[root@centos6 named]# named-checkconf
[root@centos6 named]# rndc reload
server reload successful
[root@centos6 named]#
[root@centos7 ~]# vi /etc/named.rfc1912.zones #在子域服务器上先搭建成缓存服务器 然后定义子区域和区域解析库
zone "cdn.magedu.com" IN {
type master;
file "cdn.magedu.com.zone";
};
[root@centos7 named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@ IN SOA ns1.cdn.magedu.com. admin.cdn.magedu.com. (
2016102901
1H
5M
7D
1D
)
IN NS ns1
IN NS ns2
ns1 IN A 192.168.11.213
ns2 IN A 192.168.11.214
www IN A 192.168.11.221
vpn IN A 192.168.11.222
* IN A 192.168.11.223
[root@centos7 named]# chmod 640 cdn.magedu.com.zone
[root@centos7 named]# chown named:named cdn.magedu.com.zone
[root@centos7 named]# named-checkconf
[root@centos7 named]# named-checkzone "cdn.magedu.com" cdn.magedu.com.zone
zone cdn.magedu.com/IN: loaded serial 2016102901
OK
[root@centos7 named]# rndc reload
server reload successful
[root@centos7 named]# dig -t A wwsddsafw.cdn.magedu.com @192.168.11.213 #子域服务器测试
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -t A wwsddsafw.cdn.magedu.com @192.168.11.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62455
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wwsddsafw.cdn.magedu.com. IN A
;; ANSWER SECTION:
wwsddsafw.cdn.magedu.com. 86400 IN A 192.168.11.223
;; AUTHORITY SECTION:
cdn.magedu.com. 86400 IN NS ns1.cdn.magedu.com.
cdn.magedu.com. 86400 IN NS ns2.cdn.magedu.com.
;; ADDITIONAL SECTION:
ns1.cdn.magedu.com. 86400 IN A 192.168.11.213
ns2.cdn.magedu.com. 86400 IN A 192.168.11.214
;; Query time: 0 msec
;; SERVER: 192.168.11.213#53(192.168.11.213)
;; WHEN: Fri Oct 28 11:14:49 CST 2016
;; MSG SIZE rcvd: 137
[root@centos7 named]# dig -t A vpn.cdn.magedu.com @192.168.11.213
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -t A vpn.cdn.magedu.com @192.168.11.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47975
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.cdn.magedu.com. IN A
;; ANSWER SECTION:
vpn.cdn.magedu.com. 86400 IN A 192.168.11.222
;; AUTHORITY SECTION:
cdn.magedu.com. 86400 IN NS ns1.cdn.magedu.com.
cdn.magedu.com. 86400 IN NS ns2.cdn.magedu.com.
;; ADDITIONAL SECTION:
ns1.cdn.magedu.com. 86400 IN A 192.168.11.213
ns2.cdn.magedu.com. 86400 IN A 192.168.11.214
;; Query time: 0 msec
;; SERVER: 192.168.11.213#53(192.168.11.213)
;; WHEN: Fri Oct 28 11:15:01 CST 2016
;; MSG SIZE rcvd: 131
[root@centos6 backup]# dig -t A wsfsdfww.cdn.magedu.com @192.168.11.168 #父域服务器测试
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -t A wsfsdfww.cdn.magedu.com @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21484
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;wsfsdfww.cdn.magedu.com. IN A
;; ANSWER SECTION:
wsfsdfww.cdn.magedu.com. 86400 IN A 192.168.11.223
;; AUTHORITY SECTION:
cdn.magedu.com. 86400 IN NS ns2.cdn.magedu.com.
cdn.magedu.com. 86400 IN NS ns1.cdn.magedu.com.
;; ADDITIONAL SECTION:
ns1.cdn.magedu.com. 86400 IN A 192.168.11.213
ns2.cdn.magedu.com. 86400 IN A 192.168.11.214
;; Query time: 1 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Thu Oct 27 01:19:43 2016
;; MSG SIZE rcvd: 125
[root@centos6 backup]# dig -t A www.cdn.magedu.com @192.168.11.168
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> -t A www.cdn.magedu.com @192.168.11.168
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31692
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.cdn.magedu.com. IN A
;; ANSWER SECTION:
www.cdn.magedu.com. 86400 IN A 192.168.11.221
;; AUTHORITY SECTION:
cdn.magedu.com. 86386 IN NS ns2.cdn.magedu.com.
cdn.magedu.com. 86386 IN NS ns1.cdn.magedu.com.
;; ADDITIONAL SECTION:
ns1.cdn.magedu.com. 86386 IN A 192.168.11.213
ns2.cdn.magedu.com. 86386 IN A 192.168.11.214
;; Query time: 803 msec
;; SERVER: 192.168.11.168#53(192.168.11.168)
;; WHEN: Thu Oct 27 01:19:57 2016
;; MSG SIZE rcvd: 120
========方案==========
首先,为了保证解析的稳定性,提供一个应急方案,需要常备一台DNS从服务器,步骤如下:
①在主DNS服务器的/var/named/magedu.com.zone文件下,新增以下2条解析从而实现子域授权
IN NS ns3
ns3 IN A 192.168.11.213 #该A记录中的IP即从服务器的IP地址
保存退出
[root@centos6 named]# named-checkconf
[root@centos6 named]# named-checkzone "magedu.com" magedu.com.zone
[root@centos6 named]# rndc reload
②在从服务器里定义区域
[root@centos7 named]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters { 192.168.11.168; };
file "slaves/magedu.com.zone";
};
[root@centos7 named]# named-checkconf
[root@centos7 named]# rndc reload
[root@centos7 named]# ll slaves/
total 4
-rw-r--r--. 1 named named 560 Oct 28 11:38 magedu.com.zone #可以看到这个文件 即实现部署DNS从服务器成功
[root@centos7 named]# dig -t A www.magedu.com @192.168.11.213 #实现从服务器解析,示例为正从,反从解析服务器同理,只是新增的是PTR记录而不是A记录
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -t A www.magedu.com @192.168.11.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50058
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.11.200
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.11.168
ns2.magedu.com. 86400 IN A 192.168.11.169
;; Query time: 0 msec
;; SERVER: 192.168.11.213#53(192.168.11.213)
;; WHEN: Fri Oct 28 11:51:55 CST 2016
;; MSG SIZE rcvd: 127
③此时已搭建好主从服务器,为保证囤机时无法正常解析或者超出自己的解析区域时可以正常,所以在主从服务器的/etc/named.conf中定义转发条件
forward first;
forwarders { 114.114.114.114; };
④为保证安全,主服务器应只允许从服务器进行区域传送,同时2台服务器都应该禁止远程更新
在主服务器的/etc/named.rfc1912.zones的magedu.com区域中添加一下2条指令:
allow-transfer { 192.168.11.213; };
allow-update { none; };
同样的在从服务器的区域定义文件中也添加该指令:
allow-update { none;};4、请描述一次完整的http请求处理过程;
一次完整的HTTP通信过程,包含以下7个步骤: ①. 建立TCP连接 在HTTP工作开始之前,Web浏览器首先在网络上通过TCP协议与Web服务器建立连接,根据规则,只有低层协议建立之后,才能进行更高层协议的连接,而HTTP是比TCP更高层次的应用层协议,因此,必须要先建立TCP连接,一般TCP连接的端口号是80。 ②. Web浏览器向Web服务器发送请求命令 一旦建立了TCP连接,Web浏览器就会向Web服务器发送请求命令。例如:GET/sample/hello.jsp HTTP/1.1。 ③. Web浏览器发送请求头信息 浏览器发送其请求命令之后,还要以头信息的形式向Web服务器发送一些别的信息,之后浏览器发送了一空白行来通知服务器,它已经结束了该头信息的发送。 ④. Web服务器应答 客户机向服务器发出请求后,服务器会客户机回送应答,HTTP/1.1 200 OK ,应答的第一部分是协议的版本号和应答状态码。 ⑤. Web服务器发送应答头信息 正如客户端会随同请求发送关于自身的信息一样,服务器也会随同应答向用户发送关于它自己的数据及被请求的文档。 ⑥. Web服务器向浏览器发送数据 Web服务器向浏览器发送头信息后,它会发送一个空白行来表示头信息的发送到此为结束,接着,它就以Content-Type应答头信息所描述的格式发送用户所请求的实际数据。 ⑦. Web服务器关闭TCP连接 一般情况下,一旦Web服务器向浏览器发送了请求数据,它就要关闭TCP连接;如果浏览器或者服务器在其头信息加入了这行代码:Connection:keep-alive,TCP连接将仍然保持打开状态,浏览器可以继续通过相同的连接发送请求。保持连接节省了为每个请求建立新连接所需的时间,还节约了网络带宽。
5、httpd所支持的处理模型有哪些,他们的分别使用于哪些环境。
httpd所支持的事务处理模型主要有:prefork、worker、event prefork:多进程模型,每个进程响应一个请求。一个主进程:负责生成n个子进程,子进程也称为工作进程,每个子进程处理一个用户请求;即便没有用户请求,也会预先生成多个空闲进程, 随时等待请求到达;最大不会超过1024个;适用于没有线程安全库,需要避免线程兼容性问题,重视稳定性,并发量适中的场景。 worker:多线程模型,每个线程响应一个请求;一个主进程:生成多个子进程,每个子进程负责生个多个线程,每个线程响应一个请求;通常来说,在一个高流量的HTTP服务器上,Worker MPM是个比较好的选择,但由于线程共享内存空间,所以一个程序在运行时必须被系统识别为"每个线程都是安全的"。 event:事件驱动模型,每个线程响应n个请求;一个主进程:生成m个子进程,每个子进程直接响应n个请求;适用于高并发的场景。
6、建立httpd服务器(基于编译的方式进行),要求:
提供两个基于名称的虚拟主机:
(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access;
(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access;
(c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名;
(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status);
[root@centos6 ~]# yum groupinstall "Development Tools" "Server Platform Development" -y #安装gcc编译环境
[root@centos6 tmp]# yum install pcre-devel -y
[root@centos6 tmp]# tar -xf apr-1.5.2.tar.gz
[root@centos6 tmp]# cd apr-1.5.2
[root@centos6 apr-1.5.2]# ./configure --prefix=/usr/local/apr
[root@centos6 apr-1.5.2]# make && make install
[root@centos6 tmp]# tar -xf apr-util-1.5.4.tar.gz
[root@centos6 tmp]# cd apr-util-1.5.4
[root@centos6 apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@centos6 apr-util-1.5.4]# make && make install
[root@centos6 apr-util-1.5.4]# cd
[root@centos6 ~]# groupadd -r apache
[root@centos6 ~]# useradd -r -g apache apache
[root@centos6 ~]# cd /tmp/
[root@centos6 tmp]# tar -xf httpd-2.4.23.tar.gz
[root@centos6 tmp]# cd httpd-2.4.23
[root@centos6 httpd-2.4.23]# ./configure --prefix=/usr/local/apache --sysconf=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[root@centos6 httpd-2.4.23]# make && make install
[root@centos6 ~]# cd /etc/profile.d/
[root@centos6 profile.d]# vim httpd.sh
export PATH=/usr/local/apache/bin:$PATH
[root@centos6 profile.d]# . httpd.sh
[root@centos6 profile.d]# echo $PATH
/usr/local/apache/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@centos6 profile.d]# apachectl start
[root@centos6 profile.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
[root@centos6 profile.d]# curl 192.168.11.111 # httpd服务器编译安装完成
<html><body><h1>It works!</h1></body></html>
[root@centos6 ~]# mkdir -p /web/vhosts/www{1,2}
[root@centos6 ~]# ll /web/vhosts/
total 0
drwxr-xr-x. 2 root root 6 Oct 28 16:02 www1
drwxr-xr-x. 2 root root 6 Oct 28 16:02 www2
[root@centos6 ~]# echo "welcome to www1.stuX.com" > /web/vhosts/www1/index.html
[root@centos6 ~]# echo "welcome to www2.stuX.com" > /web/vhosts/www2/index.html
[root@centos6 ~]# mkdir -p /var/log/httpd/
[root@centos6 httpd24]# vim httpd.conf #将以下行添加注释 关闭main server
#DocumentRoot "/usr/local/apache/htdocs"
Include /etc/httpd24/extra/httpd-vhosts.conf #取消注释 以开启虚拟主机
[root@centos6 extra]# vim httpd-vhosts.conf #编辑虚拟主机配置文件
<VirtualHost 192.168.11.111:80>
DocumentRoot "/web/vhosts/www1"
ServerName www1.stux.com
ErrorLog "/var/log/httpd/www1.err"
CustomLog "/var/log/httpd/www1.access" common
<Directory "/web/vhosts/www1">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.11.111:80>
DocumentRoot "/web/vhosts/www2"
ServerName www2.stux.com
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/www2.access" common
<Directory "/web/vhosts/www2">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
[root@centos6 extra]# httpd -t
Syntax OK
[root@centos6 extra]# apachectl restart
修改hosts文件,输入对应域名,访问结果如下图所示;
[root@centos6 httpd24]# vim extra/httpd-vhosts.conf #修改如下
<VirtualHost 192.168.11.111:80>
DocumentRoot "/web/vhosts/www1"
ServerName www1.stux.com
ErrorLog "/var/log/httpd/www1.err"
CustomLog "/var/log/httpd/www1.access" common
<Directory "/web/vhosts/www1">
options none
allowoverride none
Require all granted
</Directory>
<location /server-status>
SetHandler server-status
Options None
AllowOverride None
AuthType Basic
AuthName "AdminLogin"
AuthUserFile "/etc/httpd24/.htpasswd"
Require valid-user
</location>
</VirtualHost>
[root@centos6 httpd24]# htpasswd -c -m /etc/httpd24/.htpasswd status
New password:
Re-type new password:
Adding password for user status
[root@centos6 httpd24]# httpd -t
Syntax OK
[root@centos6 httpd24]# apachectl restart
在浏览器地址栏输入:http://www1.stux.com/server-status,提示需要输入账密,结果如下图所示。
7、为第6题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点;
(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);
(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com;
[root@centos7 ~]# yum install -y openssl #此机器做CA [root@centos6 ~]# yum install -y openssl #客户机 [root@centos7 tls]# touch index.txt [root@centos7 tls]# echo 01 > serial [root@centos7 tls]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus .............................................................+++ ......................................................................+++ e is 65537 (0x10001) [root@centos7 tls]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem #CA自签信息填写详情略过 同时由于是私有CA,所以后面客户机必须保证和CA来自同一个组织 否则请求的签证将不会被CA进行 [root@centos6 httpd24]# mkdir ssl [root@centos6 ~]# (umask 077;openssl genrsa -out /etc/httpd24/ssl/httpd.key 2048) Generating RSA private key, 2048 bit long modulus ...+++ .........+++ e is 65537 (0x10001) [root@centos6 ~]# openssl req -new -key /etc/httpd24/ssl/httpd.key -days 365 -out /etc/httpd24/ssl/httpd.csr [root@centos6 ~]# scp /etc/httpd24/ssl/httpd.csr root@192.168.11.213:/tmp/ [root@centos7 CA]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365 [root@centos7 certs]# scp httpd.crt root@192.168.11.111:/etc/httpd24/ssl/ [root@centos6 ~]# ll /etc/httpd24/ssl/ total 16 -rw-r--r--. 1 root root 4559 Oct 29 04:23 httpd.crt -rw-r--r--. 1 root root 1033 Oct 29 04:15 httpd.csr -rw-------. 1 root root 1675 Oct 29 04:11 httpd.key [root@centos6 ssl]# vim /etc/httpd24/httpd.conf #将以下两条指令前的"#"去掉,从而实现加载ssl模块和引入ssl配置文件 #LoadModule ssl_module modules/mod_ssl.so #Include /etc/httpd24/extra/httpd-ssl.conf [root@centos6 ssl]# vim /etc/httpd24/extra/httpd-ssl.conf #编辑ssl配置文件,配置<VirtualHost/>下的这4条 DocumentRoot "/web/vhosts/www2" ServerName www2.stux.com:443 SSLCertificateFile "/etc/httpd24/ssl/httpd.crt" SSLCertificateKeyFile "/etc/httpd24/ssl/httpd.key" [root@centos6 ssl]# httpd -t Syntax OK [root@centos6 ssl]# apachectl restart 将CA的证书导入本地计算机或直接通过浏览器导入证书,需要注意的是需要导入到“受信任的根证书颁发机构”中。 浏览器地址栏输入地址:https://www2.stux.com
8、建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为magedu;
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“mageedu”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问;
[root@centos6 ~]# yum install -y samba [root@centos6 ~]# mkdir /data [root@centos6 ~]# groupadd develop [root@centos6 ~]# useradd gentoo [root@centos6 ~]# useradd centos [root@centos6 ~]# useradd ubuntu [root@centos6 ~]# usermod -aG develop gentoo [root@centos6 ~]# usermod -aG develop centos [root@centos6 ~]# echo "gentoo" | passwd --stdin gentoo Changing password for user gentoo. passwd: all authentication tokens updated successfully. [root@centos6 ~]# echo "centos" | passwd --stdin centos Changing password for user centos. passwd: all authentication tokens updated successfully. [root@centos6 ~]# echo "ubuntu" | passwd --stdin ubuntu Changing password for user ubuntu. passwd: all authentication tokens updated successfully. [root@centos6 ~]# smbpasswd -a gentoo New SMB password: Retype new SMB password: Added user gentoo. [root@centos6 ~]# smbpasswd -a centos New SMB password: Retype new SMB password: Added user centos. [root@centos6 ~]# smbpasswd -a ubuntu New SMB password: Retype new SMB password: Added user ubuntu. [root@centos6 ~]# cd /etc/samba/ [root@centos6 samba]# vim smb.conf workgroup = magedu #设置工作组 hosts allow = 172.16. [shared] comment = Public Stuff path = /data public = no #不对所有用户公开 writable = yes #开启写功能 write list = +develop #可写组列表 [root@centos6 data]# setfacl -R -m g:develop:rwx /data #设置develop组对/data具有读写权限 [root@centos6 data]# getfacl /data getfacl: Removing leading '/' from absolute path names # file: data # owner: root # group: root user::rwx group::r-x group:develop:rwx mask::rwx other::r-x [root@centos6 samba]# service smb restart Shutting down SMB services: [ OK ] Starting SMB services: [ OK ] [root@centos6 samba]# service nmb restart Shutting down NMB services: [ OK ] Starting NMB services: [ OK ] [root@centos7 ~]# smbclient //192.168.11.111/shared -U ubuntu #由于ubuntu不是develop组成员 所以仅具有只读权限 Enter ubuntu's password: Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.23-36.el6_8] smb: \> ls . D 0 Sat Oct 29 23:03:30 2016 .. DR 0 Sat Oct 29 19:13:49 2016 3.txt N 0 Sat Oct 29 23:03:30 2016 4.txt N 0 Sat Oct 29 23:03:30 2016 6.txt N 0 Sat Oct 29 23:03:30 2016 5.txt N 0 Sat Oct 29 23:03:30 2016 7.txt N 0 Sat Oct 29 23:03:30 2016 2.txt N 0 Sat Oct 29 23:03:30 2016 1.txt N 0 Sat Oct 29 23:03:30 2016 18003272 blocks of size 1024. 15063044 blocks available smb: \> lcd /etc/ smb: \> put issue NT_STATUS_ACCESS_DENIED opening remote file \issue smb: \> exit [root@centos7 ~]# smbclient //192.168.11.111/shared -U centos #由于centos是develop组成员 所以仅具有完整的读写权限 成功put文件到samba服务器的/data上 Enter centos's password: Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.23-36.el6_8] smb: \> ls . D 0 Sun Oct 30 06:08:08 2016 .. DR 0 Sat Oct 29 19:13:49 2016 3.txt N 0 Sat Oct 29 23:03:30 2016 my.cnf A 570 Sun Oct 30 06:08:08 2016 4.txt N 0 Sat Oct 29 23:03:30 2016 6.txt N 0 Sat Oct 29 23:03:30 2016 5.txt N 0 Sat Oct 29 23:03:30 2016 7.txt N 0 Sat Oct 29 23:03:30 2016 111 N 0 Sun Oct 30 06:00:23 2016 2.txt N 0 Sat Oct 29 23:03:30 2016 1.txt N 0 Sat Oct 29 23:03:30 2016 18003272 blocks of size 1024. 15062984 blocks available smb: \> lcd /etc/ smb: \> put fstab putting file fstab as \fstab (227.0 kb/s) (average 227.1 kb/s) smb: \> ls . D 0 Sun Oct 30 06:08:33 2016 .. DR 0 Sat Oct 29 19:13:49 2016 3.txt N 0 Sat Oct 29 23:03:30 2016 my.cnf A 570 Sun Oct 30 06:08:08 2016 4.txt N 0 Sat Oct 29 23:03:30 2016 6.txt N 0 Sat Oct 29 23:03:30 2016 5.txt N 0 Sat Oct 29 23:03:30 2016 7.txt N 0 Sat Oct 29 23:03:30 2016 111 N 0 Sun Oct 30 06:00:23 2016 2.txt N 0 Sat Oct 29 23:03:30 2016 fstab A 465 Sun Oct 30 06:08:33 2016 1.txt N 0 Sat Oct 29 23:03:30 2016 18003272 blocks of size 1024. 15062976 blocks available smb: \>
9、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200:;
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
[root@centos6 ~]# yum install -y mysql
[root@centos6 vsftpd]# yum install -y mysql-server mysql-devel pam_mysql vsftpd
[root@centos6 ~]# useradd -s /sbin/nologin -d /ftproot vuser
[root@centos6 ~]# chmod go+rx /ftproot/
[root@centos6 ~]# vim /etc/vsftpd/vsftpd.conf #修改一下选项
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
chroot_local_user=YES
pam_service_name=vsftpd.mysql
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vuser
max_clients=200
anon_max_rate=512000
#修改mysql默认安装位置
[root@centos6 mysql]# mkdir -p /nfs_share/data #迁移的目的地
[root@centos6 nfs_share]# chown mysql:mysql data
[root@centos6 nfs_share]# cp -ar /var/lib/mysql/* /nfs_share/data/
[root@centos6 nfs_share]# vim /etc/my.cnf #修改配置项
[mysqld]
#datadir=/var/lib/mysql
datadir=/nfs_share/data
socket=/var/lib/mysql/mysql.sock
[root@centos6 nfs_share]# vim /etc/rc.d/init.d/mysqld #修改启动项
get_mysql_option mysqld datadir "/var/lib/mysql"
#get_mysql_option mysqld datadir "/nfs_share/data"
#datadir="$result"
datadir="/nfs_share/data"
[root@centos6 init.d]# service mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
[root@centos6 init.d]# mysql -uroot -h127.0.0.1
#配置mysql
mysql> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
mysql> grant select on vsftpd.* to vsftpd@localhost identified by 'www.magedu.com';
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'www.magedu.com';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> use vsftpd;
Database changed
mysql> create table users (
-> id int auto_increment not null,
-> name char(20) binary not null,
-> password char(48) binary not null,
-> primary key(id)
-> );
Query OK, 0 rows affected (0.01 sec)
mysql> insert into users (name,password) values('mary',password('magedu'));
Query OK, 1 row affected (0.00 sec)
mysql> insert into users (name,password) values('kangkang',password('magedu'));
Query OK, 1 row affected (0.00 sec)
mysql> show tables;
+------------------+
| Tables_in_vsftpd |
+------------------+
| users |
+------------------+
1 row in set (0.00 sec)
mysql> select * from users;
+----+----------+-------------------------------------------+
| id | name | password |
+----+----------+-------------------------------------------+
| 1 | mary | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
| 2 | kangkang | *6B8CCC83799A26CD19D7AD9AEEADBCD30D8A8664 |
+----+----------+-------------------------------------------+
2 rows in set (0.00 sec)
mysql> exit
Bye
[root@centos6 pam.d]# vim /etc/pam.d/vsftpd.mysql #编辑认证配置文件
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@centos6 pam.d]# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@centos6 pam.d]# chkconfig vsftpd on
[root@centos6 pam.d]# netstat -tnlp | grep :21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2769/vsftpd
[root@centos6 ~]# yum install -y ftp #服务器上安装ftp并访问
[root@centos6 ~]# ftp 192.168.11.111
Connected to 192.168.11.111 (192.168.11.111).
220 (vsFTPd 2.2.2)
Name (192.168.11.111:root): mary
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,11,111,107,84).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Oct 29 21:05 1.xyz
226 Directory send OK.
ftp> by
221 Goodbye.
[root@centos7 ~]# ftp 192.168.11.111 #客户机访问ftp服务器
Connected to 192.168.11.111 (192.168.11.111).
220 (vsFTPd 2.2.2)
Name (192.168.11.111:root): kangkang
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,11,111,112,197).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Oct 29 21:05 1.xyz
226 Directory send OK.
ftp> by
221 Goodbye.
[root@centos6 ~]# yum install -y nfs-utils.x86_64 #在192.168.11.111上安装nfs服务器
[root@centos6 ~]# vim /etc/exports #编辑授权文件 内容如下
/nfs_share/data/ 192.168.11.213(rw) 192.168.11.168(ro)
[root@centos6 ~]# showmount -e 192.168.11.111 #查看NFS服务器共享的文件系统
Export list for 192.168.11.111:
/nfs_share/data 192.168.11.115,192.168.11.213
#为实现共享方便性 应该修改文件权限 添加rx 但不应修改属主属组
[root@centos6 ~]# chmod go+rx -R /nfs_share/data/
[root@centos6 ~]# ll /nfs_share/data/
total 20492
-rw-rwxr-x. 1 mysql mysql 10485760 Oct 29 22:02 ibdata1
-rw-rwxr-x. 1 mysql mysql 5242880 Oct 29 22:02 ib_logfile0
-rw-rwxr-x. 1 mysql mysql 5242880 Oct 29 19:00 ib_logfile1
drwxr-xr-x. 2 mysql mysql 4096 Oct 29 19:00 mysql
drwxr-xr-x. 2 mysql mysql 4096 Oct 29 19:00 test
drwxr-xr-x. 2 mysql mysql 4096 Oct 29 19:58 vsftpd
#客户机挂载NFS共享目录
[root@centos7 ~]# df -hT #挂载前
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 28G 2.1G 26G 8% /
devtmpfs devtmpfs 479M 0 479M 0% /dev
tmpfs tmpfs 489M 0 489M 0% /dev/shm
tmpfs tmpfs 489M 6.7M 483M 2% /run
tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 xfs 497M 125M 373M 25% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
[root@centos7 ~]# mount -t nfs 192.168.11.111:/nfs_share/data /nfsdata/ #挂载
[root@centos7 ~]# df -hT #挂载完成并查看数据库文件
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 28G 2.1G 26G 8% /
devtmpfs devtmpfs 479M 0 479M 0% /dev
tmpfs tmpfs 489M 0 489M 0% /dev/shm
tmpfs tmpfs 489M 6.7M 483M 2% /run
tmpfs tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 xfs 497M 125M 373M 25% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
192.168.11.111:/nfs_share/data nfs4 18G 2.0G 15G 12% /nfsdata
[root@centos7 ~]# cd /nfsdata/
[root@centos7 nfsdata]# ll
total 20492
-rw-rwxr-x. 1 nobody nobody 10485760 Oct 29 22:02 ibdata1
-rw-rwxr-x. 1 nobody nobody 5242880 Oct 29 22:02 ib_logfile0
-rw-rwxr-x. 1 nobody nobody 5242880 Oct 29 19:00 ib_logfile1
drwxr-xr-x. 2 nobody nobody 4096 Oct 29 19:00 mysql
drwxr-xr-x. 2 nobody nobody 4096 Oct 29 19:00 test
drwxr-xr-x. 2 nobody nobody 4096 Oct 29 19:58 vsftpd
