第 1 章 Nginx Web服务器企业实战 ............................................................................................... 1
1.1 Nginx Web 入门简介................................................................................................................................1
1.2 Nginx 工作原理 .......................................................................................................................................2
1.3 二进制部署 Nginx 实战 ...........................................................................................................................4
1.4 源代码部署 Nginx 实战 ...........................................................................................................................5
1.5 Nginx 管理及升级....................................................................................................................................6
1.6 Nginx 常用模块剖析 ................................................................................................................................9
1.6.1 access 模块 ..................................................................................................................................9
1.6.2 auth_basic 模块 ..........................................................................................................................12
1.6.3 stub_status 模块..........................................................................................................................12
1.6.4 autoindex 模块............................................................................................................................13
1.6.5 limit_rate 模块............................................................................................................................14
1.6.6 limit_conn 模块 ..........................................................................................................................15
1.7 Nginx 配置文件优化 ..............................................................................................................................16
1.7.1 优化一 .......................................................................................................................................16
1.7.2 优化二 .......................................................................................................................................18
1.8 Nginx 虚拟主机实战 ..............................................................................................................................20
1.9 Nginx location 深入剖析 .........................................................................................................................23
1.10 企业实战.............................................................................................................................................26
1.10.1 Nginx 动静分离架构.................................................................................................................26
1.10.2 企业实战 LNMP 高性能服务器.................................................................................................28
1.11 LNMP 架构工作原理 ...........................................................................................................................29
1.12 LNMP 架构源码部署企业实战.............................................................................................................30
1.13 Nginx Rewrite 规则详解........................................................................................................................33
1.14 Nginx Web 日志分析 ............................................................................................................................37
1.15 Nginx 日志切割案例 ............................................................................................................................39
1.16 Nginx 防盗链案例实战.........................................................................................................................41
1.17 Nginx HTTPS 简介 ...............................................................................................................................43
1.17.1 Nginx HTTPS 工作原理.............................................................................................................43
1.17.2 Nginx HTTPS 证书配置.............................................................................................................45
VI Linux 内核调优——构建高性能的企业服务
1.18 Tomcat/Java 服务器实战.......................................................................................................................48
1.18.1 Tomcat Web 案例实战...............................................................................................................48
1.18.2 Tomcat 配置文件详解...............................................................................................................50
1.18.3 Tomcat 连接器选择...................................................................................................................53
1.19 JVM 虚拟机详解..................................................................................................................................55
1.20 Tomcat 性能优化 .................................................................................................................................57
1.21 Tomcat 后台管理配置 ..........................................................................................................................59
第 2 章 Linux 性能优化与安全攻防实战 ........................................................................................ 61
2.1 TCP/IP 报文详解 ...................................................................................................................................61
2.2 TCP 三次握手及四次挥手 .....................................................................................................................64
2.3 优化 Linux 文件打开最大数 ..................................................................................................................66
2.4 Linux 内核参数详解和优化 ...................................................................................................................68
2.5 影响服务器性能的因素.........................................................................................................................70
2.6 Linux 服务器性能评估与优化................................................................................................................71
2.7 Linux 故障报错实战 ..............................................................................................................................76
2.8 DDoS 攻击简介 .....................................................................................................................................79
2.9 SYN Flood 攻击简介 ..............................................................................................................................81
2.10 hping 概念剖析....................................................................................................................................84
2.11 DDoS攻击实战....................................................................................................................................85
2.12 DDoS防御实战....................................................................................................................................88
2.12.1 DDoS 企业防御种类 .................................................................................................................88
2.12.2 Linux 内核防御 DDoS ...............................................................................................................89
2.13 CC 攻击简介 .......................................................................................................................................89
2.13.1 CC 攻击概念 ............................................................................................................................89
2.13.2 CC 攻击工具部署.....................................................................................................................90
2.13.3 CC 攻击工具参数.....................................................................................................................91
2.13.4 CC 攻击实战操作.....................................................................................................................93
2.13.5 CC 攻击防御 ............................................................................................................................93
2.14 HTTP Flood 攻击简介 ..........................................................................................................................96
2.15 Hydra 暴力破解攻击............................................................................................................................97
2.16 Libssh安装部署..................................................................................................................................97
2.17 Hydra 安装部署和参数详解.................................................................................................................98
2.18 暴力破解案例实战 ..............................................................................................................................99
2.19 DenyHosts 安装与配置....................................................................................................................... 102
2.19.1 DenyHosts 配置目录详解........................................................................................................ 102
2.19.2 DenyHosts 配置实战 ............................................................................................................... 102
目录 VII
2.19.3 启动 DenyHosts 服务 .............................................................................................................. 104
2.19.4 删除被 DenyHosts 禁止的 IP................................................................................................... 105
2.19.5 配置 DenyHosts 发送报警邮件................................................................................................ 106
2.20 基于 Shell 全自动脚本实现防黑客攻击 ............................................................................................. 107
2.21 Metasploit 渗透攻击实战.................................................................................................................... 108
2.22 msfconsole 参数详解 .......................................................................................................................... 111
2.23 构建 MySQL 数据库环境 ................................................................................................................... 112
2.24 MySQL 数据库安装方式 .................................................................................................................... 114
2.25 Msfconsole 渗透 MySQL 实战.............................................................................................................. 117
2.26 Tomcat 安装配置实战 ........................................................................................................................ 121
2.27 Msfconsole 渗透 Tomcat 实战.............................................................................................................. 123
第 3 章 HTTP详解...................................................................................................................... 127
3.1 TCP 与 HTTP....................................................................................................................................... 127
3.2 资源定位标识符.................................................................................................................................. 128
3.3 HTTP 与端口通信 ............................................................................................................................... 129
3.4 HTTP Request 与 Response 详解........................................................................................................... 130
3.5 HTTP 1.0 与 HTTP 1.1 的区别.............................................................................................................. 132
3.6 HTTP 状态码详解 ............................................................................................................................... 133
3.7 HTTP MIME 类型支持 ......................................................................................................................... 134
第 4 章 Linux 高可用集群实战 .................................................................................................... 137
4.1 Keepalived 高可用软件简介................................................................................................................. 137
4.2 Keepalived VRRP 原理剖析一.............................................................................................................. 138
4.3 Keepalived VRRP 原理剖析二.............................................................................................................. 139
4.4 企业级 Nginx+Keepalived 集群实战 ..................................................................................................... 139
4.5 Keepalived 配置文件实战 .................................................................................................................... 143
4.6 企业级 Nginx+Keepalived 双主架构实战 .............................................................................................. 145
4.7 Redis+Keepalived 高可用集群实战....................................................................................................... 149
4.8 NFS+Keepalived 高可用集群实战......................................................................................................... 152
4.9 MySQL+Keepalived 高可用集群实战 .................................................................................................... 154
4.10 HAProxy+Keepalived 高可用集群实战................................................................................................ 157
4.10.1 HAProxy 入门简介.................................................................................................................. 157
4.10.2 HAProxy 安装配置.................................................................................................................. 158
4.10.3 HAProxy 配置文件详解 .......................................................................................................... 159
4.10.4 安装 Keepalived 服务.............................................................................................................. 162
4.10.5 配置 HAProxy+Keepalived....................................................................................................... 163
4.10.6 创建 HAProxy 脚本................................................................................................................. 164
VIII Linux 内核调优——构建高性能的企业服务
4.10.7 测试 HAProxy+Keepalived 服务............................................................................................... 165
4.11 LVS+Keepalived 高可用集群实战....................................................................................................... 167
4.11.1 LVS 负载均衡简介 ................................................................................................................. 167
4.11.2 LVS 负载均衡工作原理.......................................................................................................... 167
4.11.3 LVS 负载均衡实战配置.......................................................................................................... 170
4.11.4 LVS+Keepalived 实战配置 ...................................................................................................... 174
4.11.5 LVS DR 客户端配置 VIP ........................................................................................................ 178
4.11.6 LVS 负载均衡企业实战排错经验 ........................................................................................... 179
第 5 章 黑客攻击 Linux 服务器与防护实战 ................................................................................. 181
5.1 基于二进制方式安装 DenyHosts .......................................................................................................... 181
5.2 DenyHosts 配置目录详解 ..................................................................................................................... 181
5.3 DenyHosts 配置实战 ............................................................................................................................ 182
5.4 启动 DenyHosts 服务 ........................................................................................................................... 183
5.5 删除被 DenyHosts 禁止的 IP................................................................................................................ 184
5.6 配置 DenyHosts 发送报警邮件............................................................................................................. 185
5.7 基于 Shell 全自动脚本实现防黑客攻击 ............................................................................................... 185
第 6 章 iptables 入门简介 ........................................................................................................... 187
6.1 iptables 表与链功能............................................................................................................................. 188
6.2 iptables 数据包流程............................................................................................................................. 188
6.3 iptables 四张表和五条链...................................................................................................................... 190
6.4 Linux 下 iptables 下 filter 表 ................................................................................................................. 190
6.5 Linux 下 iptables 下 NAT 表 ................................................................................................................. 191
6.6 Linux 下 iptables 下 mangle 表 .............................................................................................................. 191
6.7 Linux 下 iptables 下 raw 表 ................................................................................................................... 191
6.8 Linux 下 iptables 命令剖析................................................................................................................... 192
6.8.1 iptables 命令参数 ..................................................................................................................... 192
6.8.2 匹配条件 ................................................................................................................................. 192
6.8.3 动作......................................................................................................................................... 193
6.9 iptables 企业案例规则实战一 .............................................................................................................. 194
6.10 iptables 企业案例规则实战二............................................................................................................. 194
第 7 章 Firewalld 防火墙企业实战............................................................................................... 197
7.1 Firewalld 区域剖析 .............................................................................................................................. 197
7.2 Firewalld 服务剖析 .............................................................................................................................. 199
7.3 Firewalld 必备命令 .............................................................................................................................. 200
7.4 Firewalld 永久设置 .............................................................................................................................. 205
7.5 Firewalld 配置文件实战 ....................................................................................................................... 207
目录 IX
7.6 IT 运维安全概念 ................................................................................................................................. 208
7.7 IT 运维安全实战策略.......................................................................................................................... 209
7.7.1 用户名密码策略 ...................................................................................................................... 209
7.7.2 启用 Sudo 超级特权 ................................................................................................................. 210
7.7.3 关闭服务和端口 ...................................................................................................................... 211
7.7.4 服务监听控制 .......................................................................................................................... 211
7.7.5 远程登录服务器 ...................................................................................................................... 212
7.7.6 引入防火墙.............................................................................................................................. 212
7.7.7 版本漏洞及补丁 ...................................................................................................................... 212
