centos7許多命令都變了,又要重新記了。
centos7默認安裝了httpd吧?記不清了,看一下:
rpm -qa |grep httpd
沒有的話,安裝一下吧。
yum -y install httpd
yum -y install php
yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel
二、啟動httpd服務,並設置成開機啟動。
systemctl start httpd.service
systemctl enable httpd.service
此時,這個配置文件被鏈接到了/etc/systemd/system/multi-user.target.wants
tpd.service,如下圖
ll /etc/systemd/system/multi-user.target.wants/
total 0
lrwxrwxrwx. 1 root root 38 Sep 16 19:08 auditd.service -> /usr
b/systemd/system/auditd.service
lrwxrwxrwx. 1 root root 44 Sep 16 19:08 avahi-daemon.service -> /usrb/systemd/system/avahi-daemon.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 crond.service -> /usrb/systemd/system/crond.service
lrwxrwxrwx. 1 root root 37 Sep 17 02:38 httpd.service -> /usrb/systemd/systemtpd.service
lrwxrwxrwx. 1 root root 42 Sep 16 19:08 irqbalance.service -> /usrb/systemd/system/irqbalance.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 kdump.service -> /usrb/systemd/system/kdump.service
lrwxrwxrwx. 1 root root 46 Sep 16 19:08 NetworkManager.service -> /usrb/systemd/system/NetworkManager.service
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 postfix.service -> /usrb/systemd/system/postfix.service
lrwxrwxrwx. 1 root root 40 Sep 16 19:08 remote-fs.target -> /usrb/systemd/system/remote-fs.target
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 rsyslog.service -> /usrb/systemd/system/rsyslog.service
lrwxrwxrwx. 1 root root 36 Sep 16 19:08 sshd.service -> /usrb/systemd/system/sshd.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 tuned.service -> /usrb/systemd/system/tuned.service
tpd.service,如下圖
ll /etc/systemd/system/multi-user.target.wants/
total 0
lrwxrwxrwx. 1 root root 38 Sep 16 19:08 auditd.service -> /usr
b/systemd/system/auditd.service
lrwxrwxrwx. 1 root root 44 Sep 16 19:08 avahi-daemon.service -> /usr
b/systemd/system/avahi-daemon.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 crond.service -> /usr
b/systemd/system/crond.service
lrwxrwxrwx. 1 root root 37 Sep 17 02:38 httpd.service -> /usr
b/systemd/systemtpd.service
lrwxrwxrwx. 1 root root 42 Sep 16 19:08 irqbalance.service -> /usr
b/systemd/system/irqbalance.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 kdump.service -> /usr
b/systemd/system/kdump.service
lrwxrwxrwx. 1 root root 46 Sep 16 19:08 NetworkManager.service -> /usr
b/systemd/system/NetworkManager.service
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 postfix.service -> /usr
b/systemd/system/postfix.service
lrwxrwxrwx. 1 root root 40 Sep 16 19:08 remote-fs.target -> /usr
b/systemd/system/remote-fs.target
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 rsyslog.service -> /usr
b/systemd/system/rsyslog.service
lrwxrwxrwx. 1 root root 36 Sep 16 19:08 sshd.service -> /usr
b/systemd/system/sshd.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 tuned.service -> /usr
b/systemd/system/tuned.service
三、打開firewalld防火牆端口
firewall-cmd --add-service=http 即使打開
firewall-cmd --permanent --add-service=http 寫入配置文件
此時,httpd這個服務添加到了/etc/firewalld/zones/public.xml這個zone配置文件中,所以firewalld才能夠據此放行。此文件如下所示:
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
注意不要將此處firewalld管理的service與systemd中的sevice配置單元混淆,兩者沒有任何關系。
http服務是安裝firewalld時自動安裝的,這個服務的配置文件為 /usrb/firewalld
rvicestp.xml,我們來看看這個文件。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
<rvice>
據此知道http服務對應的就是tcp協議的80端口。firewalld根據zone配置文件中的服務名http,依次在/etc/firwalldrvices/目錄,/usrb/firewalldrvices/目錄查找名為http.xml的文件,找到即停止繼續查找,所以位於/etc/firwalldrvices/目錄的配置文件優先級更高。
4 與CentOS6.5的區別
總體思路是一致的,都是防火牆放行,把服務加入運行級配置文件。只是CentOS7中防火牆和運行級管理程序均發生徹底改變了。firewalld代替iptables,systemd代替SystemV init,所以需要重新熟悉相關命令。個人感覺新的程序更加人性化,操作也很容易。 配置文件也都采用了標准的xml格式,放棄了容易出錯的老式配置文件。
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
注意不要將此處firewalld管理的service與systemd中的sevice配置單元混淆,兩者沒有任何關系。
http服務是安裝firewalld時自動安裝的,這個服務的配置文件為 /usr
b/firewalldrvicestp.xml,我們來看看這個文件。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
<
rvice>
據此知道http服務對應的就是tcp協議的80端口。firewalld根據zone配置文件中的服務名http,依次在/etc/firwalld
rvices/目錄,/usrb/firewalldrvices/目錄查找名為http.xml的文件,找到即停止繼續查找,所以位於/etc/firwalldrvices/目錄的配置文件優先級更高。
4 與CentOS6.5的區別
總體思路是一致的,都是防火牆放行,把服務加入運行級配置文件。只是CentOS7中防火牆和運行級管理程序均發生徹底改變了。firewalld代替iptables,systemd代替SystemV init,所以需要重新熟悉相關命令。個人感覺新的程序更加人性化,操作也很容易。 配置文件也都采用了標准的xml格式,放棄了容易出錯的老式配置文件。