centos7许多命令都变了,又要重新记了。
centos7默认安装了httpd吧?记不清了,看一下:
rpm -qa |grep httpd
没有的话,安装一下吧。
yum -y install httpd
yum -y install php
yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel
二、启动httpd服务,并设置成开机启动。
systemctl start httpd.service
systemctl enable httpd.service
此时,这个配置文件被链接到了/etc/systemd/system/multi-user.target.wantstpd.service,如下图
ll /etc/systemd/system/multi-user.target.wants/
total 0
lrwxrwxrwx. 1 root root 38 Sep 16 19:08 auditd.service -> /usrb/systemd/system/auditd.service
lrwxrwxrwx. 1 root root 44 Sep 16 19:08 avahi-daemon.service -> /usrb/systemd/system/avahi-daemon.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 crond.service -> /usrb/systemd/system/crond.service
lrwxrwxrwx. 1 root root 37 Sep 17 02:38 httpd.service -> /usrb/systemd/systemtpd.service
lrwxrwxrwx. 1 root root 42 Sep 16 19:08 irqbalance.service -> /usrb/systemd/system/irqbalance.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 kdump.service -> /usrb/systemd/system/kdump.service
lrwxrwxrwx. 1 root root 46 Sep 16 19:08 NetworkManager.service -> /usrb/systemd/system/NetworkManager.service
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 postfix.service -> /usrb/systemd/system/postfix.service
lrwxrwxrwx. 1 root root 40 Sep 16 19:08 remote-fs.target -> /usrb/systemd/system/remote-fs.target
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 rsyslog.service -> /usrb/systemd/system/rsyslog.service
lrwxrwxrwx. 1 root root 36 Sep 16 19:08 sshd.service -> /usrb/systemd/system/sshd.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 tuned.service -> /usrb/systemd/system/tuned.service
ll /etc/systemd/system/multi-user.target.wants/
total 0
lrwxrwxrwx. 1 root root 38 Sep 16 19:08 auditd.service -> /usrb/systemd/system/auditd.service
lrwxrwxrwx. 1 root root 44 Sep 16 19:08 avahi-daemon.service -> /usrb/systemd/system/avahi-daemon.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 crond.service -> /usrb/systemd/system/crond.service
lrwxrwxrwx. 1 root root 37 Sep 17 02:38 httpd.service -> /usrb/systemd/systemtpd.service
lrwxrwxrwx. 1 root root 42 Sep 16 19:08 irqbalance.service -> /usrb/systemd/system/irqbalance.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 kdump.service -> /usrb/systemd/system/kdump.service
lrwxrwxrwx. 1 root root 46 Sep 16 19:08 NetworkManager.service -> /usrb/systemd/system/NetworkManager.service
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 postfix.service -> /usrb/systemd/system/postfix.service
lrwxrwxrwx. 1 root root 40 Sep 16 19:08 remote-fs.target -> /usrb/systemd/system/remote-fs.target
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 rsyslog.service -> /usrb/systemd/system/rsyslog.service
lrwxrwxrwx. 1 root root 36 Sep 16 19:08 sshd.service -> /usrb/systemd/system/sshd.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 tuned.service -> /usrb/systemd/system/tuned.service
三、打开firewalld防火墙端口
firewall-cmd --add-service=http 即使打开
firewall-cmd --permanent --add-service=http 写入配置文件
此时,httpd这个服务添加到了/etc/firewalld/zones/public.xml这个zone配置文件中,所以firewalld才能够据此放行。此文件如下所示:
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
注意不要将此处firewalld管理的service与systemd中的sevice配置单元混淆,两者没有任何关系。
http服务是安装firewalld时自动安装的,这个服务的配置文件为 /usrb/firewalldrvicestp.xml,我们来看看这个文件。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
<rvice>
据此知道http服务对应的就是tcp协议的80端口。firewalld根据zone配置文件中的服务名http,依次在/etc/firwalldrvices/目录,/usrb/firewalldrvices/目录查找名为http.xml的文件,找到即停止继续查找,所以位于/etc/firwalldrvices/目录的配置文件优先级更高。
4 与CentOS6.5的区别
总体思路是一致的,都是防火墙放行,把服务加入运行级配置文件。只是CentOS7中防火墙和运行级管理程序均发生彻底改变了。firewalld代替iptables,systemd代替SystemV init,所以需要重新熟悉相关命令。个人感觉新的程序更加人性化,操作也很容易。 配置文件也都采用了标准的xml格式,放弃了容易出错的老式配置文件。
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
注意不要将此处firewalld管理的service与systemd中的sevice配置单元混淆,两者没有任何关系。
http服务是安装firewalld时自动安装的,这个服务的配置文件为 /usrb/firewalldrvicestp.xml,我们来看看这个文件。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
<rvice>
据此知道http服务对应的就是tcp协议的80端口。firewalld根据zone配置文件中的服务名http,依次在/etc/firwalldrvices/目录,/usrb/firewalldrvices/目录查找名为http.xml的文件,找到即停止继续查找,所以位于/etc/firwalldrvices/目录的配置文件优先级更高。
4 与CentOS6.5的区别
总体思路是一致的,都是防火墙放行,把服务加入运行级配置文件。只是CentOS7中防火墙和运行级管理程序均发生彻底改变了。firewalld代替iptables,systemd代替SystemV init,所以需要重新熟悉相关命令。个人感觉新的程序更加人性化,操作也很容易。 配置文件也都采用了标准的xml格式,放弃了容易出错的老式配置文件。