返回列表 发帖

CentOS7_云锁+Nginx

服务器信息:
[root@ser1 ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@ser1 ~]#
[root@ser1 ~]# uname -r
3.10.0-1127.el7.x86_64

[root@ser1 ~]# hostname
ser1.zhuohua.store
[root@ser1 ~]# cat /etc/hostname
ser1.zhuohua.store


[root@ser1 ~]# ifconfig
-bash: ifconfig: 未找到命令
[root@ser1 ~]#
[root@ser1 ~]# yum -y install net-tools

[root@ser1 ~]# ifconfig ens33 |grep netmask |awk '{print $2}'
192.168.168.190


下载nginx-1.10.0.tar.gz:https://pan.baidu.com/s/1K2yEskROiqYBNGZJ3DViGA

安装Nginx:
yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make psmisc

useradd -M -s /sbin/nologin nginx
tar -zxvf nginx-1.10.0.tar.gz
cd nginx-1.10.0

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module  --with-http_ssl_module && make && make install

ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/



### 开机自动运行Nginx

[root@ser1 ~]# vi /etc/init.d/nginx
#!/bin/bash
#chkconfig: 35 99 20
#description:Nginx Service Control Script

case "$1" in
start)
/usr/local/nginx/sbin/nginx
;;
stop)
/usr/bin/killall -s QUIT nginx
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage:$0 {start|stop|restart}"
exit 1
esac
exit 0


[root@ser1 ~]# chmod a+x /etc/init.d/nginx

[root@ser1 ~]# chkconfig --add nginx

启动Nginx:
[root@ser1 ~]# service nginx start

查看Nginx的进程:
[root@ser1 ~]# pgrep -l nginx
12577 nginx
12578 nginx



开机自动启动Nginx:
[root@ser1 ~]# systemctl enable nginx
nginx.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig nginx on

确认开机自动启动Nginx:
[root@ser1 ~]# systemctl is-enabled nginx
nginx.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig nginx --level=5
enabled


查看Nginx的版本:
[root@ser1 ~]# nginx -v
nginx version: nginx/1.10.0

[root@ser1 ~]# nginx -V
nginx version: nginx/1.10.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module



服务器本地测试Nginx:
[root@ser1 ~]# yum -y install elinks lsof

[root@ser1 ~]# elinks 127.0.0.1
图片1.png
2021-2-21 16:36



[root@ser1 ~]# lsof -nP -iTCP:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   12577  root    6u  IPv4  34546      0t0  TCP *:80 (LISTEN)
nginx   12578 nginx    6u  IPv4  34546      0t0  TCP *:80 (LISTEN)




停止Nginx:
[root@ser1 ~]# service nginx stop

[root@ser1 ~]# killall -9 nginx

[root@ser1 ~]# pgrep -l nginx
[root@ser1 ~]#

[root@ser1 ~]# lsof -nP -iTCP:80
[root@ser1 ~]#


重启Nginx:
[root@ser1 ~]# service nginx restart

[root@ser1 ~]# pgrep -l nginx
12723 nginx
12724 nginx


[root@ser1 ~]# lsof -nP -iTCP:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   12723  root    6u  IPv4  37748      0t0  TCP *:80 (LISTEN)
nginx   12724 nginx    6u  IPv4  37748      0t0  TCP *:80 (LISTEN)






CentOS7/8可以禁用firewalld,使用原来的netfilter:
systemctl stop firewalld
systemctl disable firewalld

安装iptables:
[root@ser1 ~]# yum -y install iptables-services

查看iptables的版本:
[root@ser1 ~]# iptables -V
iptables v1.4.21


现在启动iptables:
systemctl start iptables

开机自动启动iptables:
systemctl enable iptables

检查是否开机自动启动iptables:
[root@ser1 ~]# systemctl is-enabled iptables
enabled


查看防火墙netfilter的配置文件:(原始状态)
[root@ser1 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


在防火墙netfilter打开TCP 80端口:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables-save > /etc/sysconfig/iptables


再次查看防火墙netfilter的配置文件:
[root@ser1 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Sun Feb 21 09:16:29 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3:324]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Feb 21 09:16:29 2021



关闭SELinux:
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config





云锁的下载官网:
http://www.yunsuo.com.cn/download.html

下载云锁服务器端(64位Linux版):
[root@ser1 ~]# yum -y install wget
[root@ser1 ~]# wget https://download.yunsuo.com.cn/v3/yunsuo_agent_64bit.tar.gz


安装云锁:
[root@ser1 ~]# tar -zxvf yunsuo_agent_64bit.tar.gz
[root@ser1 ~]# chmod a+x yunsuo_install/install
[root@ser1 ~]# yunsuo_install/install
Welcome.
If you encounter any problems during installation, you can use 'ctrl-c' to cancel.

checking installation environment:[ OK ]
decompression package:[ OK ]
Install Selinux Policy Module:[ OK ]
Initialize Configuration Information:[ OK ]
Install Auto-start Script:[ OK ]
Install Protection Driver:[ OK ]
Starting SoftWare:[ OK ]

Install Complete.



云锁会自动启动:
[root@ser1 ~]# service yunsuo status
● yunsuo.service - SYSV: start and stop mainserver
   Loaded: loaded (/etc/rc.d/init.d/yunsuo; bad; vendor preset: disabled)
   Active: active (running) since 日 2021-02-21 09:22:05 CST; 57s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1042 ExecStart=/etc/rc.d/init.d/yunsuo start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/yunsuo.service
           └─1602 ./yunsuo_agent_service -c config.xml -l runlog/run_log.log ...

2月 21 09:21:44 ser1.zhuohua.store systemd[1]: Starting SYSV: start and sto....
2月 21 09:22:05 ser1.zhuohua.store yunsuo[1042]: Starting yunsuo: [  确定  ]
2月 21 09:22:05 ser1.zhuohua.store systemd[1]: Started SYSV: start and stop....
Hint: Some lines were ellipsized, use -l to show in full.


服务器重启后,云锁会自动启动的:
[root@ser1 ~]# systemctl is-enabled yunsuo
yunsuo.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig yunsuo --level=5
enabled



添加服务器到云中心,输入以下命令即可绑定自己的服务器:(要到云锁官网注册账号)
[root@ser1 ~]#  /usr/local/yunsuo_agent/agent_smart_tool.sh -u 133921xxx -p Jackxxx
Bind Server Success.


Windows客户端管理云锁:(要到云锁的官网下载云锁PC控制端)
图片2.png
2021-2-21 16:40



图片3.png
2021-2-21 16:41



可以看到刚刚添加的服务器:
图片4.png
2021-2-21 16:41



可以在这里重启Nginx:
图片5.png
2021-2-21 16:41



图片6.png
2021-2-21 16:41






######

双击进入,可以针对指定的服务器进行管理:
图片7.png
2021-2-21 16:42



服务器信息》开启所有的常用功能防护:
图片8.png
2021-2-21 16:42




应用防护:(这里可以看到Web服务器软件为Nginx)
图片9.png
2021-2-21 16:42



安装Nginx插件:
图片10.png
2021-2-21 16:43



图片11.png
2021-2-21 16:43



Nginx的Web防护开启成功:
图片12.png
2021-2-21 16:43

备注:
Nginx必须采用编译的方式安装,使用Yum安装会无法安装Web防护的插件;


点击上面的“Web防护”》进入网站漏洞防护:
图片13.png
2021-2-21 16:44



将网站漏洞防护设置为“防护模式”:(默认是监控模式)
图片14.png
2021-2-21 16:44



客户端通过浏览器,测试Nginx的Web防护:
http://192.168.168.190/?order%20by
图片15.png
2021-2-21 16:44


图片16.png
2021-2-21 16:44





######

防多线程下载:
图片17.png
2021-2-21 16:45



可以将防多线程下载设置为“防护模式”:(默认是关闭)
图片18.png
2021-2-21 16:45





相关文章:
CentOS8_云锁+Nginx





#################################
#################################
亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^


苏泊尔电压力锅家用智能5L高压饭煲特价
dianfanbao.png
2020-1-30 15:45



苏泊尔电磁炉火锅家用智能正品学生电池炉灶特价炒菜
diancilu.png
2020-1-30 15:45



苏泊尔电蒸锅多功能家用蒸气锅三层大容量电蒸笼蒸锅蒸菜自动断电
dianzhengguo.png
2020-1-30 15:45

返回列表