服务器信息:
[root@ser1 ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@ser1 ~]#
[root@ser1 ~]# uname -r
3.10.0-1127.el7.x86_64
[root@ser1 ~]# hostname
ser1.zhuohua.store
[root@ser1 ~]# cat /etc/hostname
ser1.zhuohua.store
[root@ser1 ~]# ifconfig
-bash: ifconfig: 未找到命令
[root@ser1 ~]#
[root@ser1 ~]# yum -y install net-tools
[root@ser1 ~]# ifconfig ens33 |grep netmask |awk '{print $2}'
192.168.168.190
下载nginx-1.10.0.tar.gz:https://pan.baidu.com/s/1K2yEskROiqYBNGZJ3DViGA
安装Nginx:
yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make psmisc
useradd -M -s /sbin/nologin nginx
tar -zxvf nginx-1.10.0.tar.gz
cd nginx-1.10.0
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module && make && make install
ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/
### 开机自动运行Nginx
[root@ser1 ~]# vi /etc/init.d/nginx
#!/bin/bash
#chkconfig: 35 99 20
#description:Nginx Service Control Script
case "$1" in
start)
/usr/local/nginx/sbin/nginx
;;
stop)
/usr/bin/killall -s QUIT nginx
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage:$0 {start|stop|restart}"
exit 1
esac
exit 0
[root@ser1 ~]# chmod a+x /etc/init.d/nginx
[root@ser1 ~]# chkconfig --add nginx
启动Nginx:
[root@ser1 ~]# service nginx start
查看Nginx的进程:
[root@ser1 ~]# pgrep -l nginx
12577 nginx
12578 nginx
开机自动启动Nginx:
[root@ser1 ~]# systemctl enable nginx
nginx.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig nginx on
确认开机自动启动Nginx:
[root@ser1 ~]# systemctl is-enabled nginx
nginx.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig nginx --level=5
enabled
查看Nginx的版本:
[root@ser1 ~]# nginx -v
nginx version: nginx/1.10.0
[root@ser1 ~]# nginx -V
nginx version: nginx/1.10.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module
服务器本地测试Nginx:
[root@ser1 ~]# yum -y install elinks lsof
[root@ser1 ~]# elinks 127.0.0.1
[root@ser1 ~]# lsof -nP -iTCP:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 12577 root 6u IPv4 34546 0t0 TCP *:80 (LISTEN)
nginx 12578 nginx 6u IPv4 34546 0t0 TCP *:80 (LISTEN)
停止Nginx:
[root@ser1 ~]# service nginx stop
或
[root@ser1 ~]# killall -9 nginx
[root@ser1 ~]# pgrep -l nginx
[root@ser1 ~]#
[root@ser1 ~]# lsof -nP -iTCP:80
[root@ser1 ~]#
重启Nginx:
[root@ser1 ~]# service nginx restart
[root@ser1 ~]# pgrep -l nginx
12723 nginx
12724 nginx
[root@ser1 ~]# lsof -nP -iTCP:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 12723 root 6u IPv4 37748 0t0 TCP *:80 (LISTEN)
nginx 12724 nginx 6u IPv4 37748 0t0 TCP *:80 (LISTEN)
CentOS7/8可以禁用firewalld,使用原来的netfilter:
systemctl stop firewalld
systemctl disable firewalld
安装iptables:
[root@ser1 ~]# yum -y install iptables-services
查看iptables的版本:
[root@ser1 ~]# iptables -V
iptables v1.4.21
现在启动iptables:
systemctl start iptables
开机自动启动iptables:
systemctl enable iptables
检查是否开机自动启动iptables:
[root@ser1 ~]# systemctl is-enabled iptables
enabled
查看防火墙netfilter的配置文件:(原始状态)
[root@ser1 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
在防火墙netfilter打开TCP 80端口:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
再次查看防火墙netfilter的配置文件:
[root@ser1 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Sun Feb 21 09:16:29 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3:324]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Feb 21 09:16:29 2021
关闭SELinux:
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
云锁的下载官网:
http://www.yunsuo.com.cn/download.html
下载云锁服务器端(64位Linux版):
[root@ser1 ~]# yum -y install wget
[root@ser1 ~]# wget https://download.yunsuo.com.cn/v3/yunsuo_agent_64bit.tar.gz
安装云锁:
[root@ser1 ~]# tar -zxvf yunsuo_agent_64bit.tar.gz
[root@ser1 ~]# chmod a+x yunsuo_install/install
[root@ser1 ~]# yunsuo_install/install
Welcome.
If you encounter any problems during installation, you can use 'ctrl-c' to cancel.
checking installation environment:[ OK ]
decompression package:[ OK ]
Install Selinux Policy Module:[ OK ]
Initialize Configuration Information:[ OK ]
Install Auto-start Script:[ OK ]
Install Protection Driver:[ OK ]
Starting SoftWare:[ OK ]
Install Complete.
云锁会自动启动:
[root@ser1 ~]# service yunsuo status
● yunsuo.service - SYSV: start and stop mainserver
Loaded: loaded (/etc/rc.d/init.d/yunsuo; bad; vendor preset: disabled)
Active: active (running) since 日 2021-02-21 09:22:05 CST; 57s ago
Docs: man:systemd-sysv-generator(8)
Process: 1042 ExecStart=/etc/rc.d/init.d/yunsuo start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/yunsuo.service
└─1602 ./yunsuo_agent_service -c config.xml -l runlog/run_log.log ...
2月 21 09:21:44 ser1.zhuohua.store systemd[1]: Starting SYSV: start and sto....
2月 21 09:22:05 ser1.zhuohua.store yunsuo[1042]: Starting yunsuo: [ 确定 ]
2月 21 09:22:05 ser1.zhuohua.store systemd[1]: Started SYSV: start and stop....
Hint: Some lines were ellipsized, use -l to show in full.
服务器重启后,云锁会自动启动的:
[root@ser1 ~]# systemctl is-enabled yunsuo
yunsuo.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig yunsuo --level=5
enabled
添加服务器到云中心,输入以下命令即可绑定自己的服务器:(要到云锁官网注册账号)
[root@ser1 ~]# /usr/local/yunsuo_agent/agent_smart_tool.sh -u 133921xxx -p Jackxxx
Bind Server Success.
Windows客户端管理云锁:(要到云锁的官网下载云锁PC控制端)
可以看到刚刚添加的服务器:
可以在这里重启Nginx:
######
双击进入,可以针对指定的服务器进行管理:
服务器信息》开启所有的常用功能防护:
应用防护:(这里可以看到Web服务器软件为Nginx)
安装Nginx插件:
Nginx的Web防护开启成功:
备注:
Nginx必须采用编译的方式安装,使用Yum安装会无法安装Web防护的插件;
点击上面的“Web防护”》进入网站漏洞防护:
将网站漏洞防护设置为“防护模式”:(默认是监控模式)
客户端通过浏览器,测试Nginx的Web防护:
http://192.168.168.190/?order%20by
######
防多线程下载:
可以将防多线程下载设置为“防护模式”:(默认是关闭)
相关文章:
CentOS8_云锁+Nginx
#################################
#################################
亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^
苏泊尔电压力锅家用智能5L高压饭煲特价
苏泊尔电磁炉火锅家用智能正品学生电池炉灶特价炒菜
苏泊尔电蒸锅多功能家用蒸气锅三层大容量电蒸笼蒸锅蒸菜自动断电
|