NTTU 伺服器原理 WriteUp

Chihhh Linnn 香菇頭
  2024-08-06 06:28:35 2024-08-06 06:28:35 Created   2024-08-06 06:28:35 2024-08-06 06:28:35 Updated    
  1. Ansible
  2. SELinux

DNS server

Intro (2023.09.20)

  1. SELinux review

    • ls -lZ
    • semanage
    • setenforce
    • chcon
    • firewalld

  2. 名詞解釋

    • DNS : Domain name service
    • FQDN : Fully Qualified Domain Name
    • Domain
    • Subdomain
    • Zone : Depand on Domain manager

  3. client

    • /etc/nsswitch.conf (Name Sever Switch)
    • /etc/hosts : Test usage , contains IP host names and addresses for the local host and other hosts in the Internet network
    • /etc/resolv.conf : DNS

  4. Command

    • host
    • nslooup

  5. DNS Port

    • 53 tcp , udp

  6. DNS resource record

    • host -v -t A example.com
      -> example.com. 86400 IN A 172.25.254.254
    • A : Ipv4
    • AAAA : Ipv6
    • SOA
    • NS : Name Server
    • MX : Mail Exchange
    • CNAME : Cononical Name
    • TXT : Text
    • SRV : Service

RedHat Document

Bind_Named (2023.09.27)

Directery

  • /var/named/ 主要目錄
  • /var/named/slaves/ secondary zones 使用
  • /var/named/dynamic/ dynamic DNS (DDNS) zones 或 DNSSEC keys.
  • /var/named/data/ 統計與除錯檔案

Ways

  • 正查
1
2
3
4
5
6
7
8
9
10
11
$dnf install bind-chroot
$vim /etc/named.conf : # setup zone
    # add ip addr and change allow to any
    # **Add Text** :
        zone "LLL.tw" IN {
            type master;
            file "LLL.tw.zone";
        }
$cd /var/named
$cp named.empty LLL.tw.zone
$vim LLL.tw.zone
  • LLL.tw.zone
1
2
3
4
5
6
7
8
9
10
11
12
$TTL 86400
$ORIGIN LLL.tw.
@       IN      SOA     dns1.example.com. admin.example.com.( #域名伺服器的名稱 管理者郵箱 
                       2022010101  ; Serial
                       3600        ; Refresh
                       1800        ; Retry
                       604800      ; Expire
                       86400       ; Minimum TTL
);

        NS     dns1.example.com.
www     IN      A    172.25.250.10

$systemctl restart named
$chown root.named LLL.tw.zone

1
2
3
4
5
6
7
8
$firewall-cmd --permanent --add-service=dns
$firewall-cmd --reload

$nmcli con mod "Net1" ipv4.dns 172.25.250.10
$nmcli con reload

# To other machine
$dig @172.25.250.10 dns.servera.tw

  • Command history

    image

  • 反解

1
2
3
4
5
6
7
8
9
10
11
12
13
$TTL 86400
@       IN      SOA     ns1.example.com. admin.example.com. (
                       2022010101  ; Serial
                       3600        ; Refresh
                       1800        ; Retry
                       604800      ; Expire
                       86400       ; Minimum TTL
);

@       IN      NS      ns1.example.com.

1       IN      PTR     example.com.

Unbound

  • /etc/unbound/unbound.conf
1
2
local-zone: "example.com." static
local-data: "example.com. IN A 192.168.1.100"
1
2
$sudo chown -R unbound:unbound /var/lib/unbound
$sudo systemctl restart unbound

Web server

HTTPd

Custom web page

  • Basic config/etc/httpd/conf/http.conf

  • custom *.conf add in /etc/httpd/conf.d

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    <Directory "/var/www/html/user">
        AllowOverride None
        Require all granted
    </Directory>


    <VirtualHost *:80>
        DocumentRoot "/var/www/html/user"
        ServerName www.user.tw
        ServerAdmin lll@nttu.edu.tw
        ErrorLog "logs/user_error_log"
        CustomLog "logs/user_cos_log" combined
    </VirtualHost>

  • and add dir in /var/www/html/

nginx

  • /etc/nginx/nginx.conf
  • /etc/nginx/conf.d
  • Add virtual server for page edit *.conf
1
2
3
4
5
6
server{
    listen 80;
    listen [::]:80
    server_name www.jjli.tw; # virtual host
    root /usr/share/nginx/html/<user>; # virtual host root direction.
}
  • /usr/share/nginx/html

HTTPS

  • httpd security cerify
    image

Cache server

Varnish

  • Modify service
1
2
3
4
$systemctl cat varnish #get ExecStart and modify in http_port.conf
$cd /etc/systemd/system
$mkdir varnish.service.d
$vim varnish.service.d/http_port.conf
  • varnish.service.d/http_port.conf daemon 參數調整
1
2
3
[service]
ExecStart=
ExecStart=/usr/
  • start service
1
2
3
4
$systemctl daemon-reload
$systemctl restart varnishd
$firewall-cmd --permanent --add-service=http
$firewall-cmd --reload
  • 快取配置
    /etc/varnish/default.vc

Proxy server

  • 正向 & 反向代理

image

  • 負載平衡
1
2
3
4
5
6
7
8
9
10
11
$vim /etc/haproxy/*.conf # edit frontend and backend
# vim
frontend ll
    bind *:80
    default_backend lll_servers

backend lll_servers
    balance <roundrobin,source>
    server weba 172.25.250.10:80 check inter 10s
    server webb 172.25.250.11:80 check inter 10s

1
$firewalll-cmd --permanent --add-service=http # open firewall for service.
  • Https 解密

截圖 2023-12-30 16.29.44

  • 統計

截圖 2023-12-30 16.40.56

1
2
stats uri /<url> # 自己指定的網頁名稱
stats auth username:passwd

Varnish + haproxy

  • varnish 在haproxy後 ( 或在haproxy前 )
    image

小結

image

DataBase

  • MariaDB
  • phpMyAdmin
1
2
3
4
5
6
7
8
9
10
$sudo mysql_secure_installation # setup root passwd
$sudo mysql -u root -p

# mariadb command
CREATE DATABASE your_database_name;
CREATE USER 'your_username'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON your_database_name.* TO 'your_username'@'localhost';
FLUSH PRIVILEGES;

$sudo systemctl restart mariadb
  • Title: NTTU 伺服器原理 WriteUp
  • Author: Chihhh Linnn
  • Created at : 2024-08-06 06:28:35
  • Updated at : 2024-08-06 06:28:35
  • Link: https://chihhhs.github.io/2024/08/06/server/
  • License: This work is licensed under CC BY-NC-SA 4.0.
推薦閱讀
NTTU 伺服器原理 WriteUp-2 NTTU 伺服器原理 WriteUp-2 Wireguard VPN Wireguard VPN LinkVortex | HackTheBox LinkVortex | HackTheBox
推薦閱讀
NTTU 伺服器原理 WriteUp-2 NTTU 伺服器原理 WriteUp-2 Wireguard VPN Wireguard VPN
On this page
NTTU 伺服器原理 WriteUp
  1. DNS server
    1. Intro (2023.09.20)
    2. Bind_Named (2023.09.27)
    3. Unbound
  2. Web server
    1. HTTPd
    2. nginx
    3. HTTPS
  3. Cache server
    1. Varnish
  4. Proxy server
    1. Varnish + haproxy
    2. 小結
  5. DataBase