Rootop 服务器运维与web架构

2011-01-26
发表者 Venus
暂无评论

配置Apache 监听多个端口及运行在不同的端口上

     在IIS中,可以设置web服务跑在不同的端口下,仅需简单的点点鼠标配置下即可:

                                               我们可以将 端口(T):改为其他的,比如8080

然后确定后我们查看端口状态:

C:\>netstat -an | find “80”
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING

下面说一下在linux下apache的配置方法:

首先,dns做好了,分别为80.com   8080.com   对应的IP都是1.1.1.1

首先设置apache的监听端口:

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
listen 8080

#  有几个写几个

接着配置虚拟主机,那我机器肯定是基于域名的虚拟主机了。

# Use name-based virtual hosting.
#
#NameVirtualHost *:80
namevirtualhost 1.1.1.1:80
#

<virtualhost www.80.com:80>
serveradmin venuslinux@gmail.com
servername www.80.com
documentroot /wz/80
errorlog logs/80_error.log
customlog logs/80_access.log common
directoryindex index.html
</virtualhost>

<virtualhost www.8080.com:8080>
serveradmin venuslinux@gmail.com
servername www.8080.com
documentroot /wz/8080
errorlog logs/8080_error.log
customlog logs/8080_access.log common
directoryindex index.html
</virtualhost>

然后为其创建根目录,index.html内容分别为80 8080

然后客户端测试:

http://www.80.com                            显示80

http://www.8080.com:8080/           显示8080(因为运行的端口不是在默认的80上,所以要手动指定)

至此,配置结束。

2011-01-20
发表者 Venus
暂无评论

浅谈 apache 是通过哪条语句判断虚拟主机

       客户端向服务器发起请求后,服务器上有多个虚拟主机,那么服务器是怎么判断归属哪个主机的呢?下面来试验一下:

做好的dns解析为: www.dz.com   1.1.1.1

apache配置文件为:
<VirtualHost 1.1.1.1:80>
    ServerAdmin venuslinux@gmail.com
    DocumentRoot /wz/dz
    ServerName 1.1.1.1
    ErrorLog logs/dz.com-error_log
    CustomLog logs/dz.com-access_log common
    directoryindex index.php
</virtualhost>

肯定不能访问到dz页,按顺序的话,应该会访问到排序第一的虚拟主机。
当设置为:
<VirtualHost 1.1.1.1:80>
    ServerAdmin venuslinux@gmail.com
    DocumentRoot /wz/dz
    ServerName www.dz.com
    ErrorLog logs/dz.com-error_log
    CustomLog logs/dz.com-access_log common
    directoryindex index.php
</virtualhost>

可以访问dz页面。

当设置为:
<VirtualHost www.dz.com:80>
    ServerAdmin venuslinux@gmail.com
    DocumentRoot /wz/dz
    ServerName 1.1.1.1
    ErrorLog logs/dz.com-error_log
    CustomLog logs/dz.com-access_log common
    directoryindex index.php
</virtualhost>

可以访问到dz页面。

设置为:

<VirtualHost www.dz.com:80>
    ServerAdmin venuslinux@gmail.com
    DocumentRoot /wz/dz
    ServerName www.dz.com
    ErrorLog logs/dz.com-error_log
    CustomLog logs/dz.com-access_log common
    directoryindex index.php
</virtualhost>
可以访问。

那么我们现在可以下结论了,在<virtualhost>语句中填入域名可以访问的到,在servername中填写也可以访问到,一般情况下呢,还是都填写域名的好。

2011-01-20
发表者 Venus
暂无评论

apache 添加多域名支持 (绑定多个域名)

      基于域名的虚拟主机,添加多域名支持只需配置<virtualhost> 这段代码即可

方式如下:

<VirtualHost www.nq.com:80 (这里有个空格)www.rootop.org:80>
    ServerAdmin venuslinux@gmail.com
    DocumentRoot /wz/nq
    ServerName www.nq.com
    ErrorLog logs/nq.com-error_log
    CustomLog logs/nq.com-access_log common
    directoryindex index.php
</virtualhost>

       后面的www.rootop.org:80 就是所添加的域名,这样一来,即可以通过www.nq.com 来访问也可以通过www.rootop.org访问了。

第二种方法:

在<VirtualHost></VirtualHost>字段之间加一行 ServerAlias www.domain.com 即可。

所有要绑定的域名都写在serveralias 后面

参考链接:https://www.rootop.org/ApacheManual/Apache2.2_zh_CN/vhosts/name-based.html

2011-01-20
发表者 Venus
暂无评论

httpd: apr_sockaddr_info_get() failed for s1

[root@s1 conf]# service httpd restart
停止 httpd:                                               [确定]
启动 httpd:httpd: apr_sockaddr_info_get() failed for s1
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
                                                                      [确定]

第一句没看懂啥意思,第二句就是无法确定完全合格域名,用127.0.0.1代替。那八成上面那句错误跟第二句有关系了,在httpd.conf全局配置中加一句code:

servername s1   //我主机名为是s1

或者是将httpd.conf中的ServerName 前面的 # 去掉 根据上面的notes自己修改。

restart server OK。

2011-01-17
发表者 Venus
暂无评论

[2003] Can’t connect to MySQL server on ‘localhost'(13)

LOG:Jan 17 23:46:46 s1 setroubleshoot: SELinux is preventing the http daemon from connecting to network port 3306 For complete SELinux messages. run sealert -l ed55546b-97a3-4eea-9cf2-9aa2b6fce245

看得出是selinux的问题。

根据日志提示,开始解决。

[root@s1 ~]# sealert -l ed55546b-97a3-4eea-9cf2-9aa2b6fce245

摘要:

SELinux is preventing the http daemon from connecting to network port 3306

详细的描述:

SELinux has denied the http daemon from connecting to 3306. An httpd script is
trying to do a network connect to a remote port. If you did not setup httpd to
network connections, this could signal a intrusion attempt.

正在允许访问:

If you want httpd to connect to network ports you need to turn on the
httpd_can_network_network_connect boolean: “setsebool -P
httpd_can_network_connect=1”

以下命令将允许这个权限:

setsebool -P httpd_can_network_connect=1

附加的信息:

源上下文                  root:system_r:httpd_t
目标上下文               system_u:object_r:mysqld_port_t
目标对象                  None [ tcp_socket ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          3306
Host                          s1
Source RPM Packages           httpd-2.2.3-43.el5
Target RPM Packages
策略 RPM                    selinux-policy-2.4.6-279.el5
Selinux 激活                True
策略类型                  targeted
MLS 激活                    True
强制模式                  Enforcing
插件名称                  httpd_can_network_connect
主机名                     s1
平台                        Linux s1 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:43
                              EDT 2010 i686 i686
警告记数                  27
First Seen                    Mon Jan 17 23:41:16 2011
Last Seen                     Tue Jan 18 00:05:35 2011
Local ID                      ed55546b-97a3-4eea-9cf2-9aa2b6fce245
行数

原始 Audit 消息

host=s1 type=AVC msg=audit(1295280335.304:112): avc:  denied  { name_connect } f                                              or  pid=4718 comm=”httpd” dest=3306 scontext=root:system_r:httpd_t:s0 tcontext=s                                              ystem_u:object_r:mysqld_port_t:s0 tclass=tcp_socket

host=s1 type=SYSCALL msg=audit(1295280335.304:112): arch=40000003 syscall=102 su                                              ccess=no exit=-13 a0=3 a1=bf8c5a20 a2=3fbe6f8 a3=2 items=0 ppid=4716 pid=4718 au                                              id=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)                                               ses=2 comm=”httpd” exe=”/usr/sbin/httpd” subj=root:system_r:httpd_t:s0 key=(null                                              )

[root@s1 ~]# setsebool -P httpd_can_network_connect=1

[root@s1 ~]#

再次访问,解决。