Upload
edmond-yu
View
387
Download
5
Embed Size (px)
DESCRIPTION
Citation preview
Edmond Yu, 2013.4.26 余水保, [email protected]
Linux server • Select the hardware and distribution
• Security system
LAMP
Web API
Rent server from IDC
Infrastructure as a Service (IaaS)
• Amazon, DigitalOcean
• 阿里云
Platform as a Service (PaaS) • OpenShift …
• 新浪云
Linux Distribution Timeline
Redhat Enterprise Linux
CentOS Community ENTerprise Operating System
http://en.wikipedia.org/wiki/CentOS
Command Line vim –bd a.txt b.txt git log –Smymodification
TUI (Text-based User Interface) gdb –tui myapp git log –graph
GUI Lot of tools have no GUI GUI has bug
Kernel-based Virtual Machine (KVM) is a
virtualization infrastructure for the Linux kernel
included in mainline Linux, as of 2.6.20 • kvm.ko, kvm-intel.ko
QEMU(qemu-kvm) can make use of KVM when
running a target architecture that is the same as
the host architecture qemu-img create -f qcow2 vdisk.img 10G
qemu-system -hda vdisk.img -cdrom /boot-media.iso \ -boot d -m 384
Daemon is a process run in background. two types of daemon: 1. xinetd (extended Internet daemon) super-server daemon which runs on
many Unix-like systems and manages Internet-based connectivity. 2. httpd, sshd etc. Use fork to create subprocess
Run The demo: nc localhost 20011
Disable root account in sshd
Disable ports
Anti- attack( OS level using Iptables)
Anti- attack (Application level)
Selinux(Security Enhanced Linux) ls -alZ /var/www/html
getsebool –a
getsebool -a|fgrep http allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_can_network_connect --> off
httpd_can_sendmail --> off
Linux kernel firewall and
the chains and rules it
stores.
#iptables -I INPUT -p tcp --dport 80 -j ACCEPT
#iptables -I INPUT -p tcp --dport 443 -j ACCEPT
#iptables-save
a tool to transfer data from or to a server, using
one of the supported protocols (HTTP, HTTPS,
FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET,
LDAP or FILE)
Cross-platform, libcurl,
Trace the protocol • curl –v –O http://42.120.16.118/json.php
• http://www.thegeekstuff.com/2012/04/curl-examples/
Linux server Select the hardware and distribution
Security system
LAMP
Web API
Apache httpd vs Apache Software Foundation
Apache license: business-friend
Industry open source software http://projects.apache.org/indexes/category.
html
Tomcat, Lucene, Chemistry
Apache HTTP server started from1995.
In 2009 it became the first web server software to surpass the 100
million website milestone
Implemented as compiled modules to extend the core functionality
php, perl(mod_perl.so) , python(mod_python.so)
mod_dav_svn
mod_mono. A module to deploy an ASP.NET application with Mono
MultiProcessing Modules
1)a process-based, 2)hybrid (process and thread)
3)event-hybrid mode
To use the event MPM, add --with-mpm=event to the configure
script's arguments when building the httpd.
PHP is a server-side scripting language
designed for web development
Extension • http://pecl.php.net/packages.php
PECL is a repository for PHP Extensions
• yum install gcc make php-pear
• pecl install mongo
• http://pecl.php.net/packages.php
Extensions in Zend Repos • yum search php|fgrep "extension"
MongoDB stores structured data as JSON-like
documents with dynamic schemas offer
simplicity and power.
Installation • Configure yum 10gen repos
• yum install mongo-10gen mongo-10gen-server
• chkconfg mongod on
• Service mongod start
Self-installation: • $ nohup ./mongod &
• Or run command “./mongod & ” in /etc/init.d/rc.local
Demo
Vsftp
Very Secure FTPD is a *nix FTP Server
Wiki server: CentOS + Apache+MySQL+PHP
http://pdcwiki.cn.kodak.com
Bugzilla, Perl https://bugzilla.redhat.com/show_bug.cgi?id=
701559
Linux server Select the hardware and distribution
Security system
LAMP
Web API
Review the http protocol • curl -X GET http://42.120.16.118/json.php?name='edmond' -v
> GET http://42.120.16.118/json.php?name=edmond HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
> Host: 42.120.16.118
> Accept: */*
Proxy-Connection: Keep-Alive
• List of HTTP header fields, http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
A real case about http header: Cache-Control: no-cache
HTTP methods and CRUD(Create, Read, Update, and Delete)operations • To create a resource on the server, use POST.
• To retrieve a resource, use GET.
• To change the state of a resource or to update it, use PUT.
• To remove or delete a resource, use DELETE
a REST(Representational State Transfer) Web service follows four basic design principles: • Use HTTP methods explicitly.
• Be stateless.
• Expose directory structure-like URIs.
• Transfer XML, JavaScript Object Notation (JSON), or both.
curl -X GET http://42.120.16.118/json.php?name='edmond' -v
curl --data "name=aaa&tel=00000" http://42.120.16.118/json.php
curl -X DELETE --data "name=aaa&tel=00000" http://42.120.16.118/json.php
curl -X PUT -d "phone=1-800-999-9999" http http://42.120.16.118/json.php
Restful API -> php -> mongo
Which is the daemon process, which is the
subprocess?
What is TUI?
List the languages apache which support.
What is the fireware name?
How to quickly create a daemon service?