nfs部署及优化
nfs服务器上:
[[email protected] vhosts]# yum install -y nfs-utils rpcbind
[[email protected] vhosts]# vim /etc/exports
/mnt/ 192.168.137.21(rw,sync)
// /mnt/共享的目录,192.168.137.21允许访问的主机IP,(rw,sync)权限
[[email protected] vhosts]# /etc/init.d/rpcbind start
[[email protected] vhosts]# /etc/init.d/nfs start
nfs客户端上
[[email protected] ~]# yum install -y nfs-utils
[[email protected] ~]# showmount -e 192.168.137.22 //查看服务器上共享的目录
Export list for 192.168.137.22:
/mnt 192.168.137.21
[[email protected] ~]# mount -t nfs 192.168.137.22:/mnt /opt/ //挂载共享的目录
[[email protected] ~]# df -h //查看已挂载成功
192.168.137.22:/mnt 18G 5.1G 12G 31% /opt
nfs服务器上:
[[email protected] vhosts]# ls -ld /mnt/
drwxr-xr-x. 2 root root 4096 Sep 23 2011 /mnt/
[[email protected] vhosts]# cd /mnt/
[[email protected] mnt]# chmod 777 .
[[email protected] mnt]# ls -ld .
drwxrwxrwx. 2 root root 4096 Sep 23 2011 .
//查看权限,并使其他人有rwx权限
客户端上创建文件,默认用户nfsnobody
[[email protected] ~]# cd /opt/
[[email protected] opt]# touch 1.txt
[[email protected] opt]# ls -l
total 0
-rw-r--r--. 1 nfsnobody nfsnobody 0 Jul 20 16:26 1.txt
不设置用户默认使用nfsnobody用户
nfs服务器上:
[[email protected] mnt]# vim /etc/exports
/mnt/ 192.168.137.21(rw,sync,all_squash,anonuid=500,anongid=500)
[[email protected] mnt]# /etc/init.d/rpcbind restart
[[email protected] mnt]# /etc/init.d/nfs restart
客户机上:
[[email protected] opt]# cat /etc/passwd //查看客户机上uid500的用户为tom
tom:x:500:500::/home/tom:/bin/bash
[[email protected] opt]# umount -l /opt/
[[email protected] opt]# mount -t nfs 192.168.137.22:/mnt /opt
[[email protected] opt]# ls -l /opt/
-rw-r--r--. 1 nfsnobody nfsnobody 0 Jul 20 16:26 1.txt
[[email protected] opt]# touch 2.txt
[[email protected] opt]# ls -l //查看创建的文件主组为Tom、tom了
-rw-r--r--. 1 nfsnobody nfsnobody 0 Jul 20 16:26 1.txt
-rw-r--r--. 1 tom tom 0 Jul 20 16:34 2.txt
samba部署及优化
[[email protected] ~]# yum install -y samba samba-client
[[email protected] ~]# vim /etc/samba/smb.conf //查看配置文件
共享一目录,可匿名,只读方式:
[[email protected] ~]# vim /etc/samba/smb.conf
security = share
workgroup = WORKGROUP
//尾行加
[wang]
comment = share all
path = /tmp/sambadir
browseable = yes
public = yes
writable = no
[[email protected] ~]# /etc/init.d/smb start
[[email protected] ~]# mkdir /tmp/sambadir
[[email protected] ~]# cp /etc/passwd /tmp/sambadir/1.txt
[[email protected] ~]# mkdir /tmp/sambadir/test
[[email protected] ~]# chmod 777 !$
chmod 777 /tmp/sambadir/test
window客户端在运行中输入:\\192.168.137.22
出现共享的目录:
点击可打开1.txt文件
在test文件中创建文件失败,因为共享的方式为只读,即便前面文件权限设置成人人都有权限操作
linux客户端访问:
[[email protected] ~]# smbclient //192.168.137.22/wang
Enter root‘s password: (密码为空)
smb: \>
挂载方式使用:
[[email protected] ~]# yum install -y cifs-utils
[[email protected] ~]# mount -t cifs ///192.168.137.22/wang /opt/
[[email protected] ~]# df -h //查看挂载
进入目录同样只可看,不能写,创建
先配置需使用用户名及密码才能访问(且可读可写)
[[email protected] ~]# vim /etc/samba/smb.conf
security = user
#[wang] //注释掉之前写的
#comment = share all
#path = /tmp/sambadir
#browseable = yes
#public = yes
#writable = no
[chao] //写入该内容
comment = share for users
path = /tmp/sambadir
browseable = yes
writable = yes
public = no
[[email protected] ~]# useradd smbuser1
[[email protected] ~]# pdbedit -a smbuser1
new password:
retype new password:
[[email protected] ~]# pdbedit -h //查看命令
[[email protected] ~]# /etc/init.d/smb restart
window客户端在运行中输入:\\192.168.137.22
需输入用户名及密码,查看共享的目录
在该文件中test下可新建文件
linux客户端访问
[[email protected] ~]# smbclient -Usmbuser1 //192.168.137.22/chao
Enter smbuser1‘s password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
smb: \> ls
. D 0 Mon Jul 20 21:28:18 2015
.. D 0 Mon Jul 20 22:40:01 2015
1.txt 1832 Mon Jul 20 21:27:49 2015
test D 0 Mon Jul 20 22:34:12 2015
smb: \> quit
[[email protected] sambadir]# vim /etc/samba/smb.conf //查看日志路径
log file = /var/log/samba/log.%m
[[email protected] sambadir]# ls /var/log/samba/log.
log.192.168.137.1 log.192.168.137.3 log.client
log.192.168.137.21 log.admin-pc log.smbd
//日志为一个客户端一套日志
使用挂载方式使用
[[email protected] ~]# mount -t cifs -o username=smbuser1,password=111 //192.168.137.22/chao /opt/
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 18G 5.1G 12G 31% /
tmpfs 504M 84K 504M 1% /dev/shm
/dev/sda1 190M 26M 155M 15% /boot
/dev/sr0 3.8G 3.8G 0 100% /media/CentOS_6.6_Final
//192.168.137.22/chao
18G 5.1G 12G 31% /opt
squid代理
squid正向代理配置:
[[email protected] ~]# yum install squid
[[email protected] ~]# vim /etc/squid/squid.conf //查看配置文件
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 28 MB
refresh_pattern \.(jpg|png|gif|js|css|mp3|mp4) 1440 50% 2880 ignore-reload
visible_hostname wangchao
[[email protected] ~]# /etc/init.d/squid start
[[email protected] ~]# netstat -lnp
tcp 0 0 :::3128 :::* LISTEN 7074/(squid)
window上设置IE代理
访问百度后。
[[email protected] ~]# yum install -y tcpdump
[[email protected] ~]# tcpdump -nn port 3128 //查看有数据产生,代理成功了
[[email protected] ~]# ls /var/spool/squid/
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F swap.state
//缓存目录
[[email protected] ~]# cd !$
cd /var/spool/squid/
[[email protected] squid]# cd 00
[[email protected] 00]# ls
00 0A 14 1E 28 32 3C 46 50 5A 64 6E 78 82 8C 96 A0 AA B4 BE C8 D2 DC E6 F0 FA
01 0B 15 1F 29 33 3D 47 51 5B 65 6F 79 83 8D 97 A1 AB B5 BF C9 D3 DD E7 F1 FB
02 0C 16 20 2A 34 3E 48 52 5C 66 70 7A 84 8E 98 A2 AC B6 C0 CA D4 DE E8 F2 FC
03 0D 17 21 2B 35 3F 49 53 5D 67 71 7B 85 8F 99 A3 AD B7 C1 CB D5 DF E9 F3 FD
04 0E 18 22 2C 36 40 4A 54 5E 68 72 7C 86 90 9A A4 AE B8 C2 CC D6 E0 EA F4 FE
05 0F 19 23 2D 37 41 4B 55 5F 69 73 7D 87 91 9B A5 AF B9 C3 CD D7 E1 EB F5 FF
06 10 1A 24 2E 38 42 4C 56 60 6A 74 7E 88 92 9C A6 B0 BA C4 CE D8 E2 EC F6
07 11 1B 25 2F 39 43 4D 57 61 6B 75 7F 89 93 9D A7 B1 BB C5 CF D9 E3 ED F7
08 12 1C 26 30 3A 44 4E 58 62 6C 76 80 8A 94 9E A8 B2 BC C6 D0 DA E4 EE F8
09 13 1D 27 31 3B 45 4F 59 63 6D 77 81 8B 95 9F A9 B3 BD C7 D1 DB E5 EF F9
//刚刚访问百度后产生的缓存文件
[[email protected] 00]# cd
[[email protected] ~]# curl -x127.0.0.1:3128 www.qq.com -I
HTTP/1.0 200 OK
[[email protected] ~]# curl -x127.0.0.1:3128 www.baidu.com -I
HTTP/1.0 200 OK
[[email protected] ~]# curl -x127.0.0.1:3128 www.sina.com -I
HTTP/1.0 200 OK
//代理都成功了
现不代理某些网站,即不能访问某些网站
[[email protected] ~]# vim /etc/squid/squid.conf
acl http proto HTTP
acl good_domain dstdomain .qq.net .sina.com
http_access allow http good_domain
http_access deny http !good_domain
[[email protected] ~]# squid -kcheck //检查无错误
[[email protected] ~]# squid -kre //重加载
[[email protected] ~]# curl -x127.0.0.1:3128 www.qq.com -I
HTTP/1.0 200 OK
[[email protected] ~]# curl -x127.0.0.1:3128 www.sina.com -I
HTTP/1.0 200 OK
[[email protected] ~]# curl -x127.0.0.1:3128 www.baidu.com -I
HTTP/1.0 403 Forbidden
[[email protected] ~]# curl -x127.0.0.1:3128 www.goole.com -I
HTTP/1.0 403 Forbidden
//只有白名单qq、sina可以访问,其他都被拒绝代理了
配置文件参考
[[email protected] ~]# vim /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl http proto HTTP
acl good_domain dstdomain .qq.com .sina.com
http_access allow http good_domain
http_access deny http !good_domain
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 28 MB
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern \.(jpg|png|gif|js|css|mp3|mp4) 1440 50% 2880 ignore-reload
visible_hostname wangchao
squid反向代理设置
[[email protected] ~]# ping www.qq.com
PING www.qq.com (115.236.139.174) 56(84) bytes of data.
64 bytes from 115.236.139.174: icmp_seq=1 ttl=57 time=4.51 ms
[[email protected] ~]# vim /etc/squid/squid.conf
#acl http proto HTTP //注释掉之前的正向代理
#acl good_domain dstdomain .qq.com .sina.com
#http_access allow http good_domain
#http_access deny http !good_domain
http_port 3128 改为 http_port 80 accel vhost vport
cache_peer 115.236.139.174 parent 80 0 originserver name=a
cache_peer_domain a www.qq.com
[[email protected] ~]# squid -kch
[[email protected] ~]# squid -kre
[[email protected] ~]# /etc/init.d/squid restart
Stopping squid: [FAILED]
Starting squid: [ OK ]
//启动失败,是之前的nginx占用了80端口
[[email protected] ~]# netstat -lnp |grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22754/nginx
[[email protected] ~]# /etc/init.d/nginx stop
[[email protected] ~]# /etc/init.d/squid start
[[email protected] ~]# squid -kre
[[email protected] ~]# netstat -lnp |grep 80
tcp 0 0 :::80 :::* LISTEN 7664/(squid)
[[email protected] ~]# curl -x192.168.137.22:80 www.qq.com -I
HTTP/1.0 200 OK
[[email protected] ~]# curl -x192.168.137.22:80 www.baidu.com -I
HTTP/1.0 503 Service Unavailable
//反向代理QQ成功,百度失败
windows客户端:
取消IE设置的代理
更改hosts文件,加入
192.168.137.22 www.baidu.com
192.168.137.22 www.qq.com
访问QQ成功,百度等失败
配置文件参考
[[email protected] ~]# vim /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#acl http proto HTTP
#acl good_domain dstdomain .qq.com .sina.com
#http_access allow http good_domain
#http_access deny http !good_domain
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 80 accel vhost vport
cache_peer 115.236.148.160 parent 80 0 originserver name=a
cache_peer_domain a www.qq.com
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 28 MB
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern \.(jpg|png|gif|js|css|mp3|mp4) 1440 50% 2880 ignore-reload
visible_hostname wangchao