A 24 post collection
安装nscd
yum install nscd
在有IPA Client(或SSSD)的情况下修改/etc/nscd.conf中enable-cache为如下
enable-cache hosts yes
enable-cache passwd no
enable-cache group no
enable-cache netgroup no
enable-cache services no
启动
systemctl enable nscd
systemctl restart nscd
验证已经开启
time getent hosts www.bing.com
结果中
real 0m0.002s
user 0m0.001s
sys 0m0.000s
real 几乎等于 user + sys
安装dnf-automatic
dnf install dnf-automatic
编辑/etc/dnf/automatic.conf
apply_updates = yes
启动定时器
systemctl enable --now dnf-automatic.timer启用定期TRIM
sudo systemctl enable fstrim.timer
sudo systemctl restart fstrim.timer
手动TRIM
sudo fstrim -a -v
debian8
sudo cp /usr/share/doc/util-linux/examples/fstrim.service /etc/systemd/system
sudo cp /usr/share/doc/util-linux/examples/fstrim.timer /etc/systemd/system
sudo cat /var/log/audit/audit.log | grep denied
sudo sestatus -b
sudo sestatus -b | grep -i sendmail
sudo setsebool -P $boolean名 $1或0
| boolean名 | 意义 |
|---|---|
| httpd_can_network_connect | 允许httpd反向代理 |
| httpd_can_sendmail | 允许httpd发送邮件 |
sudo yum install -y policycoreutils-python
Centos 8
sudo yum install -y policycoreutils-python-utils
sudo semanage fcontext -l |grep {SOMETHING}
sudo semanage fcontext -a -t httpd_sys_content_t /path/to/file
restorecon -v /path/to/file
sudo semanage fcontext -a -t httpd_sys_content_t "/path/to/dir(/.*)?"
restorecon -R -v /path/to/dir
Centos 7
sudo yum install yum-utils -y && sudo package-cleanup --oldkernels --count=1 -y
Centos 8
dnf remove --oldinstallonly --setopt installonly_limit=1ntpdate -u pool.ntp.org安装apache和mod_nss
sudo yum install httpd mod_nss -y
配置mod_nss
sudo sh -c "echo 'Listen 443' >> /etc/httpd/conf.d/nssconfig.conf"
sudo sh -c "echo 'NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sha_256,+rsa_aes_128_sha,+rsa_aes_256_sha' >> /etc/httpd/conf.d/nssconfig.conf"
sudo sh -c "echo 'NSSCertificateDatabase /etc/httpd/alias' >> /etc/httpd/conf.d/nssconfig.conf"
从/etc/httpd/conf.d/nss.conf中删除默认虚拟主机
获取证书
ipa-getcert request -d /etc/httpd/alias -n 'alianame' -K HTTP/'hostname' -D 'FQDN.com'
配置https虚拟主机
<VirtualHost *:443>
ServerName FQDN
NSSEngine on
NSSNickname alianame
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>