Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Administration

Similar presentations


Presentation on theme: "System Administration"— Presentation transcript:

1 System Administration
NFS & Web Servers

2 NFS Server

3 File System Operations
Create file / directory Remove file / directory List directory Open file Read from file Write to file

4 NFS Network file system File system ops over network RPC-based
IP-based authorization Traffic not encrypted

5 From 鳥哥的Linux私房菜

6 Remote Procedure Call From SGI IRIX Network Programming Guide

7 RPC – Port mapper List which port has what service
“portmap” or “rpcbind” List services: rpcinfo -p

8 NFS Server Debian Package: nfs-kernel- server
NFS server is implemented in kernel. The package is for support utilities. Configuration: /etc/exports See exports(5) manpage Show exported paths exportfs showmount exportfs 只能在server上用 showmount 可以在任何有portmapper的機器上執行。可以查遠端機器的設定。

9 /etc/exports /home /24(ro) Path Client IP (modifier) 目錄 分享對象 (權限)

10 Client IPs IPs (192.168.1.1) IP networks (192.168.1.0/24)
Hostnames ( Wildcards (*.csie.ntu.edu.tw) Hostname determined via reverse DNS lookup

11 Modifiers rw / ro sync / async root_squash / no_root_squash
all_squash [more in exports(5) manpage] rw: 可讀寫 ro: 只能讀取 sync: 寫入時須等待伺服器將資料寫進硬碟 async: 寫入時只要伺服器收到資料就算完成 (反應速度比較快) root_squash: 用 root 存取時,會當做另一個使用者 (通常是 nobody, 可用 anonuid / anongid 指定) no_root_squash: root 還是 root all_squash: 任何人都當做 anonuid 指定的使用者

12 NFS Client Debian Package: nfs-common Configuration: /etc/fstab
NFS client is implemented in kernel. The package is for support utilities. Configuration: /etc/fstab

13 /etc/fstab # local /dev/sda1 / ext4 rw # nfs nfs:/home /home nfs rw

14 NFS mount options fg / bg hard / soft
intr / nointr (No use after ) rsize= & wsize= See nfs(5) manpage fb / bg: 掛載時要等掛載完成,還是可以丟到背景慢慢等 hard / soft: 如過伺服器斷線,執行 I/O 的時候會一直重試還是回傳錯誤 intr / nointr: 執行I/O可否被 signal 中斷。 之後無效,只能用 SIGKILL 把程式砍掉。 rsize, wsize: NFS 一次讀寫的最大傳輸量

15 Automount Automatically mount filesystem when accessed
Unmount after some time unused Implemented in kernel Package: autofs , autofs5

16 Web Servers

17 HTTP Hypertext Transfer Protocol Request Response Header Response Body

18 HTTP (cont.) Other binary protocols exist SPDY QUIC
Multiplexing streams through a single TCP connection. QUIC Optimized for mobile devices Over UDP SSL handshake improvement

19 Apache HTTP Server Oldest(?) open source web server
Most popular according to Netcraft Very versatile CGI/FastCGI/WSGI/PSGI/Rack/… mod_perl / mod_python / mod_ruby Many 3rd party modules Protocols for web frameworks/applications: WSGI => Python PSGI => Perl Rack => Ruby mod_perl / mod_python / mod_ruby: embed language interpreter in web server

20 Lighttpd Lightweight HTTP(S) server Single process event driven
Early solution to C10k problem CGI, FastCGI, SCGI support Little new development

21 Nginx Web server Reverse proxy Load balancing
Single process event driven FastCGI / SCGI / uWSGI No CGI High performance static file serving

22 Multi-Processing Module
prefork 1 process per request worker worker thread pool 1 thread per connection Event event driven with worker thread pool 1 thread per request More info see 6/how-do-i-select-which-apache-mpm- to-use

23 Apache Packages Debian meta-package MPM 3rd party modules apache2
apache2-mpm-* 3rd party modules libapache2-mod-*

24 Basic Configuration # What port to use Listen 80 # My name ServerName nasa.csie.ntu.edu.tw # Run as User www-data Group www-data # PID PidFile /var/run/apache2.pid # log ErrorLog /var/log/apache2/error.log

25 Serving Configuration
# Where is / DocumentRoot /var/www/base # Permissions for /var/www/base <Directory /var/www/base> Options None Order allow,deny Allow from all </Directory>

26 Virtual Hosts Serving many sites with 1 server IP-based virtual hosts
1 website per IP Port-based virtual hosts 1 website per port Name-based virtual hosts Many websites per IP/port Differentiate with “Host” header

27 Name-based Virtual Host
NameVirtualHost * <VirtualHost *> DocumentRoot /var/www/www ServerName <Directory /var/www/www> Options None Order allow,deny Allow from all </Directory> </VirtualHost>

28 HTTP Authentication 401 Unauthorized mod_auth htpasswd Basic Digest
Password sent in plaintext Digest Challenge / Response mod_auth mod_auth* Many backends htpasswd Manage Apache basic password files

29 HTTP Authentication <Location /locked> # Use basic authentication AuthType Basic # Name to show in dialog AuthName “Restricted” # Use htpasswd file based AuthBasicProvider file # Path to password file AuthUserFile /etc/apache/users.pw # Any user is good Require valid-user </Location>

30 URL Rewrite Rewrite a URL internally Redirect Regex Conditional
Make pretty URLs to user Map old URL to new Redirect Regex Conditional Enable mod_rewrite

31 URL Rewrite # Load mod_rewrite LoadModule rewrite_module modules/mod_rewrite.so # Enable rewrite RewriteEngine On # rewrite rule # Redirect /blog?p=N to /new/blog/N RewriteRule ^/blog?p=(\d+) /new/blog/$1 [R]

32 FastCGI 2.2: mod_fastcgi or mod_fcgid 2.4: mod_proxy, mod_proxy_fcgi
Run PHP with FastCGI if you can php-fpm – FastCGI Process Manager

33 PHP FastCGI for Apache 2.2 # Load modules LoadModule fastcgi_module modules/mod_fastcgi.so # Associate an alias for the 'fake' fcgi call. Alias /php5.fcgi /var/www/php5.fcgi # Assign the 'fake' fcgi to an 'external' FastCGI Server FastCGIExternalServer /var/www/php5.fcgi -flush -host :9000 # Create the handler mappings to associate PHP files with a call to '/php5.fcgi' AddType application/x-httpd-fastphp5 .php Action application/x-httpd-fastphp5 /php5.fcgi

34 PHP FastCGI for Apache 2.4 # Load modules LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so # Pass PHP file to FastCGI handler ProxyPassMatch ^/(.*\.php)$ fcgi:// :9000/var/www/$1

35 Homework Explain the “secure/insecure” options in /etc/exports in you own words. What security issues may incur when using “insecure” option? In early times, running a website over SSL requires a dedicated IP address. Describe why and how it is solved by using SNI (Server Name Indication). Describe what “TLS_ECDH_ECDSA_WITH_AES_256_GCM _SHA384” in TLS 1.2 cipher suite means.


Download ppt "System Administration"

Similar presentations


Ads by Google