4月 252021
 

启动接口异常

[root@localhost ~]# wg-quick up wg0
[#] ip link add wg0 type wireguard
Error: Unknown device type.
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"
[root@localhost ~]#

手动加载内核模块异常

[root@localhost ~]# modprobe wireguard
modprobe: ERROR: could not insert 'wireguard': Required key not available
[root@localhost ~]#

禁用ESXi客户机Secure Boot的选项

重启系统后接口启动恢复正常

4月 122021
 

 

包信息

[root@tinc ~]# dnf info tinc
Last metadata expiration check: 0:01:55 ago on Mon 12 Apr 2021 01:44:09 AM UTC.
Installed Packages
Name         : tinc
Version      : 1.0.36
Release      : 2.el8
Architecture : x86_64
Size         : 629 k
Source       : tinc-1.0.36-2.el8.src.rpm
Repository   : @System
From repo    : epel
Summary      : A virtual private network daemon
URL          : http://www.tinc-vpn.org/
License      : GPLv2+
Description  : tinc is a Virtual Private Network (VPN) daemon that uses tunnelling
             : and encryption to create a secure private network between hosts on
             : the Internet. Because the tunnel appears to the IP level network
             : code as a normal network device, there is no need to adapt any
             : existing software. This tunnelling allows VPN sites to share
             : information with each other over the Internet without exposing any
             : information to others.

[root@tinc ~]#

安装路径

[root@tinc ~]# rpm -lq tinc
/usr/lib/.build-id
/usr/lib/.build-id/ec
/usr/lib/.build-id/ec/f0a564e8d20e169bed52480a235992928751ed
/usr/lib/systemd/system/tinc.service
/usr/lib/systemd/system/tinc@.service
/usr/sbin/tincd
/usr/share/doc/tinc
/usr/share/doc/tinc/AUTHORS
/usr/share/doc/tinc/COPYING.README
/usr/share/doc/tinc/NEWS
/usr/share/doc/tinc/README
/usr/share/doc/tinc/THANKS
/usr/share/doc/tinc/sample-config
/usr/share/doc/tinc/sample-config/hosts
/usr/share/doc/tinc/sample-config/hosts/alpha
/usr/share/doc/tinc/sample-config/hosts/beta
/usr/share/doc/tinc/sample-config/rsa_key.priv
/usr/share/doc/tinc/sample-config/tinc-down
/usr/share/doc/tinc/sample-config/tinc-up
/usr/share/doc/tinc/sample-config/tinc.conf
/usr/share/doc/tinc/texinfo.tex
/usr/share/info/tinc.info.gz
/usr/share/licenses/tinc
/usr/share/licenses/tinc/COPYING
/usr/share/man/man5/tinc.conf.5.gz
/usr/share/man/man8/tincd.8.gz
[root@tinc ~]#

服务配置文件示例

https://www.tinc-vpn.org/documentation/Main-configuration-variables.html#Main-configuration-variables
[root@tinc ~]# cat /usr/share/doc/tinc/sample-config/tinc.conf
# Sample tinc configuration file

# This is a comment.
# Spaces and tabs are eliminated.
# The = sign isn't strictly necessary any longer, though you may want
# to leave it in as it improves readability :)
# Variable names are treated case insensitive.

# The name of this tinc host. Required.
Name = alpha

# The internet host to connect with.
# Comment these out to make yourself a listen-only connection
# You must use the name of another tinc host.
# May be used multiple times for redundance.
ConnectTo = beta

# The tap device tinc will use.
# /dev/tap0 for ethertap, FreeBSD or OpenBSD
# /dev/tun0 for Solaris
# /dev/net/tun for Linux tun/tap
Device = /dev/net/tun
[root@tinc ~]#

主机配置文件示例

https://www.tinc-vpn.org/documentation/Host-configuration-variables.html#Host-configuration-variables
[root@tinc ~]# cat /usr/share/doc/tinc/sample-config/hosts/alpha
# Sample host configuration file

# The real IP address of this tinc host. Can be used by other tinc hosts.
Address = 123.234.35.67

# Portnumber for incoming connections. Default is 655.
Port = 655

# Subnet on the virtual private network that is local for this host.
Subnet = 192.168.1.0/24

# The public key generated by `tincd -n example -K' is stored here
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
[root@tinc ~]#
[root@tinc ~]# cat /usr/share/doc/tinc/sample-config/hosts/beta
# Sample host configuration file
# This file was generated by host beta.

# The real IP address of this tinc host. Can be used by other tinc hosts.
Address = 123.45.67.189

# Portnumber for incoming connections. Default is 655.
Port = 6500

# Subnet on the virtual private network that is local for this host.
Subnet = 192.168.2.0/24

# The public key generated by `tincd -n example -K' is stored here
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
[root@tinc ~]#

启动和停止脚本示例(使用ifconfig命令依赖net-tools包)

[root@tinc ~]# cat /usr/share/doc/tinc/sample-config/tinc-up
#!/bin/sh
# This file sets up the tap device.
# It gives you the freedom to do anything you want with it.
# Use the correct name for the tap device:
# The environment variable $INTERFACE is set to the right name
# on most platforms, but if it doesn't work try to set it manually.

# Give it the right ip and netmask. Remember, the subnet of the
# tap device must be larger than that of the individual Subnets
# as defined in the host configuration file!
ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0
[root@tinc ~]#
[root@tinc ~]# cat /usr/share/doc/tinc/sample-config/tinc-down
#!/bin/sh
# This file closes down the tap device.

ifconfig $INTERFACE down
[root@tinc ~]#

使用ip命令示例

#!/bin/sh
ip link set $INTERFACE up
ip addr add 10.0.0.1/32 dev $INTERFACE
ip route add 10.0.0.0/24 dev $INTERFACE
#!/bin/sh
ip route del 10.0.0.0/24 dev $INTERFACE
ip addr del 10.0.0.1/32 dev $INTERFACE
ip link set $INTERFACE down
8月 242020
 

禁用SELinux配置

[root@lsws ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config;
[root@lsws ~]# setenforce 0
[root@lsws ~]#

配置仓库

[root@lsws ~]# dnf install http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm

查看仓库配置文件

[root@lsws ~]# cat /etc/yum.repos.d/litespeed.repo
[litespeed]
name=LiteSpeed Tech Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/centos/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-update]
name=LiteSpeed Tech Update Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/centos/$releasever/update/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-edge]
name=LiteSpeed Tech Edge Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/$basearch/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed

[litespeed-edge-update]
name=LiteSpeed Tech Edge Update Repository for CentOS $releasever - $basearch
baseurl=http://rpms.litespeedtech.com/edge/centos/$releasever/update/$basearch/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-litespeed
[root@lsws ~]#

更新dnf工具缓存

[root@lsws ~]# dnf makecache
CentOS-8 - AppStream                             12 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                 7.8 kB/s | 3.9 kB     00:00
CentOS-8 - Extras                               2.9 kB/s | 1.5 kB     00:00
LiteSpeed Tech Repository for CentOS 8 - x86_64 2.1 MB/s | 490 kB     00:00
LiteSpeed Tech Update Repository for CentOS 8 - 1.0 MB/s | 227 kB     00:00
Metadata cache created.
[root@lsws ~]#

查看openlitespeed包信息

[root@lsws ~]# dnf info openlitespeed
Last metadata expiration check: 0:00:36 ago on Mon 24 Aug 2020 02:48:52 AM UTC.
Available Packages
Name         : openlitespeed
Version      : 1.6.15
Release      : 2.el8
Architecture : x86_64
Size         : 37 M
Source       : openlitespeed-1.6.15-2.el8.src.rpm
Repository   : litespeed-update
Summary      : OpenLiteSpeed
URL          : http://www.litespeedtech.com
License      : GPLv3
Description  : OpenLiteSpeed is a high-performance, lightweight, open source
             : HTTP server developed and copyrighted by LiteSpeed Technologies.
             : Users are free to download, use, distribute, and modify
             : OpenLiteSpeed and its source code in accordance with the precepts
             : of the GPLv3 license.

[root@lsws ~]#

安装litespeed及php环境包

问题

[root@lsws ~]# dnf install openlitespeed
Last metadata expiration check: 0:00:13 ago on Mon 24 Aug 2020 02:43:32 AM UTC.
Error:
Problem: package openlitespeed-1.6.15-2.el8.x86_64 requires lsphp73-mcrypt, but none of the providers can be installed
- cannot install the best candidate for the job
- nothing provides libmcrypt.so.4()(64bit) needed by lsphp73-pecl-mcrypt-1.0.3-1.el8.7.3.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[root@lsws ~]#

解决

[root@lsws ~]# dnf install epel-release

再次安装

[root@lsws ~]# dnf install openlitespeed

================================================================================
 Package                Arch      Version             Repository           Size
================================================================================
Installing:
 openlitespeed          x86_64    1.6.15-2.el8        litespeed-update     37 M
Installing dependencies:
 libXpm                 x86_64    3.5.12-8.el8        AppStream            58 k
 libargon2              x86_64    20171227-3.el8      epel                 29 k
 libc-client            x86_64    2007f-24.el8        epel                564 k
 libjpeg-turbo          x86_64    1.5.3-10.el8        AppStream           156 k
 libmcrypt              x86_64    2.5.8-26.el8        epel                109 k
 libnsl                 x86_64    2.28-101.el8        BaseOS               97 k
 libwebp                x86_64    1.0.0-1.el8         AppStream           273 k
 libxslt                x86_64    1.1.32-4.el8        BaseOS              249 k
 lsphp73                x86_64    7.3.21-1.el8        litespeed           4.7 M
 lsphp73-common         x86_64    7.3.21-1.el8        litespeed           677 k
 lsphp73-gd             x86_64    7.3.21-1.el8        litespeed           122 k
 lsphp73-imap           x86_64    7.3.21-1.el8        litespeed            39 k
 lsphp73-mbstring       x86_64    7.3.21-1.el8        litespeed           571 k
 lsphp73-mysqlnd        x86_64    7.3.21-1.el8        litespeed           142 k
 lsphp73-opcache        x86_64    7.3.21-1.el8        litespeed           203 k
 lsphp73-pdo            x86_64    7.3.21-1.el8        litespeed            75 k
 lsphp73-pecl-mcrypt    x86_64    1.0.3-1.el8.7.3     litespeed            27 k
 lsphp73-process        x86_64    7.3.21-1.el8        litespeed            37 k
 lsphp73-xml            x86_64    7.3.21-1.el8        litespeed           140 k

Transaction Summary
================================================================================
Install  20 Packages

查看openlitespeed安装路径

[root@lsws ~]# ls /usr/local/lsws/
add-ons      backup     conf      gdata    lsphp73      phpbuild  VERSION
admin        bin        docs      GPL.txt  lsrecaptcha  PLAT
adminpasswd  cachedata  Example   lib      modules      share
autoupdate   cgid       fcgi-bin  logs     php          tmp
[root@lsws ~]#

[root@lsws ~]# rpm -lq openlitespeed
/etc/init.d/lsws
/usr/lib/.build-id
/usr/lib/.build-id/01
/usr/lib/.build-id/01/1fe5f65c8015eff89a7061cf3cd705df56b14d
/usr/lib/.build-id/0e
/usr/lib/.build-id/0e/0ad48b16e05134408b5ba7fda33a78ff494487
/usr/lib/.build-id/2c
/usr/lib/.build-id/2c/01b36791441d4ea4d211f1568e03a4ad6717eb
/usr/lib/.build-id/7d
/usr/lib/.build-id/7d/19ffa9101ece0920acec1aa7a41befdf870147
/usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11
/usr/lib/.build-id/7d/3455969230e2d6f0ee22db5931293343d19d11.1
/usr/lib/.build-id/92
/usr/lib/.build-id/92/57016074c47d5ea7e6939c5bf92678f8bf07fd
/usr/lib/.build-id/9a
/usr/lib/.build-id/9a/54a5da0375a7bee6dfa1cec7ec3c95b51da417
/usr/lib/.build-id/c2
/usr/lib/.build-id/c2/16322f9066a8510f3f5a666bb8af7694727b4b
/usr/lib/.build-id/c5
/usr/lib/.build-id/c5/4953e950479bd6c50a614e5d37e8fcc170b91a
/usr/lib/.build-id/cd
/usr/lib/.build-id/cd/71ea0ab4fcdd0c7976dfe74c8e7333f547fa83
/usr/lib/.build-id/e8
/usr/lib/.build-id/e8/0ec2ee684e24336fb76439c1a1afc48787cdf7
/usr/lib/.build-id/f6
/usr/lib/.build-id/f6/4cc59833a8b1b9b1320b431830b6cf377e8684
/usr/local/lsws
/usr/local/lsws/Example
/usr/local/lsws/Example/cgi-bin
/usr/local/lsws/Example/cgi-bin/helloworld
/usr/local/lsws/Example/fcgi-bin
/usr/local/lsws/Example/html
/usr/local/lsws/Example/html/.htaccess
/usr/local/lsws/Example/html/blocked
/usr/local/lsws/Example/html/blocked/index.html
/usr/local/lsws/Example/html/css
/usr/local/lsws/Example/html/css/bootstrap.min.css
/usr/local/lsws/Example/html/css/custom.css
/usr/local/lsws/Example/html/error404.html
/usr/local/lsws/Example/html/img
/usr/local/lsws/Example/html/img/404-icon.png
/usr/local/lsws/Example/html/img/blocked_content-icon.png
/usr/local/lsws/Example/html/img/cgi-icon.png
/usr/local/lsws/Example/html/img/file_upload-icon.png
/usr/local/lsws/Example/html/img/olsws_logo.png
/usr/local/lsws/Example/html/img/php-icon.png
/usr/local/lsws/Example/html/img/powered_by_ols-new.png
/usr/local/lsws/Example/html/img/pwd_protect-icon.png
/usr/local/lsws/Example/html/index.html
/usr/local/lsws/Example/html/phpinfo.php
/usr/local/lsws/Example/html/protected
/usr/local/lsws/Example/html/protected/index.html
/usr/local/lsws/Example/html/upload.html
/usr/local/lsws/Example/html/upload.php
/usr/local/lsws/Example/logs
/usr/local/lsws/GPL.txt
/usr/local/lsws/PLAT
/usr/local/lsws/VERSION
/usr/local/lsws/add-ons
/usr/local/lsws/add-ons/snmp_monitoring
/usr/local/lsws/add-ons/snmp_monitoring/README
/usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_snmp_bridge.php
/usr/local/lsws/add-ons/snmp_monitoring/class.litespeed_stats.php
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_cacti_template.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_extapp.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_general.xml
/usr/local/lsws/add-ons/snmp_monitoring/litespeed_vhost.xml
/usr/local/lsws/add-ons/snmp_monitoring/sample.php
/usr/local/lsws/add-ons/webcachemgr
/usr/local/lsws/add-ons/webcachemgr/VERSION
/usr/local/lsws/add-ons/webcachemgr/autoloader.php
/usr/local/lsws/add-ons/webcachemgr/bootstrap.php
/usr/local/lsws/add-ons/webcachemgr/bootstrap_cli.php
/usr/local/lsws/add-ons/webcachemgr/src
/usr/local/lsws/add-ons/webcachemgr/src/AjaxResponse.php
/usr/local/lsws/add-ons/webcachemgr/src/CliController.php
/usr/local/lsws/add-ons/webcachemgr/src/Context
/usr/local/lsws/add-ons/webcachemgr/src/Context/Context.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/ContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/RootCLIContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/RootPanelContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/Context/UserCLIContextOption.php
/usr/local/lsws/add-ons/webcachemgr/src/DashNotifier.php
/usr/local/lsws/add-ons/webcachemgr/src/LSCMException.php
/usr/local/lsws/add-ons/webcachemgr/src/LogEntry.php
/usr/local/lsws/add-ons/webcachemgr/src/Logger.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/ControlPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanel.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/CustomPanelBase.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/DirectAdmin.php
/usr/local/lsws/add-ons/webcachemgr/src/Panel/Plesk.php
/usr/local/lsws/add-ons/webcachemgr/src/PanelController.php
/usr/local/lsws/add-ons/webcachemgr/src/PluginVersion.php
/usr/local/lsws/add-ons/webcachemgr/src/UserCommand.php
/usr/local/lsws/add-ons/webcachemgr/src/Util.php
/usr/local/lsws/add-ons/webcachemgr/src/View
/usr/local/lsws/add-ons/webcachemgr/src/View/AjaxView.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/Ajax/CacheMgrRowViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/CacheRootNotSetViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/DashNotifierViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/DataFileMsgViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/ManageViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashDisableProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassDashNotifyProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MassEnableDisableViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/MissingTplViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/RefreshStatusProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/ScanProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/UnflagAllProgressViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionChangeViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Model/VersionManageViewModel.php
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrActionsCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrFlagCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Ajax/CacheMgrStatusCol.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Blocks/InputSubmitBtn.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/CacheRootNotSet.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DashNotifier.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/DataFileMsg.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/Manage.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashDisableProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassDashNotifyProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisable.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MassEnableDisableProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/MissingTpl.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/RefreshStatusProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/ScanProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/UnflagAllProgress.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionChange.tpl
/usr/local/lsws/add-ons/webcachemgr/src/View/Tpl/VersionManage.tpl
/usr/local/lsws/add-ons/webcachemgr/src/WPCaller.php
/usr/local/lsws/add-ons/webcachemgr/src/WPDashMsgs.php
/usr/local/lsws/add-ons/webcachemgr/src/WPInstall.php
/usr/local/lsws/add-ons/webcachemgr/src/WPInstallStorage.php
/usr/local/lsws/admin
/usr/local/lsws/admin/cgid
/usr/local/lsws/admin/cgid/secret
/usr/local/lsws/admin/conf
/usr/local/lsws/admin/conf/admin_config.conf
/usr/local/lsws/admin/conf/htpasswd
/usr/local/lsws/admin/conf/jcryption_keypair
/usr/local/lsws/admin/conf/php.ini
/usr/local/lsws/admin/fcgi-bin
/usr/local/lsws/admin/fcgi-bin/admin_php
/usr/local/lsws/admin/html
/usr/local/lsws/admin/html.open
/usr/local/lsws/admin/html.open/favicon.ico
/usr/local/lsws/admin/html.open/index.php
/usr/local/lsws/admin/html.open/lib
/usr/local/lsws/admin/html.open/lib/CAuthorizer.php
/usr/local/lsws/admin/html.open/lib/CData.php
/usr/local/lsws/admin/html.open/lib/CNode.php
/usr/local/lsws/admin/html.open/lib/CValidation.php
/usr/local/lsws/admin/html.open/lib/ControllerBase.php
/usr/local/lsws/admin/html.open/lib/DAttrBase.php
/usr/local/lsws/admin/html.open/lib/DAttrHelp.php
/usr/local/lsws/admin/html.open/lib/DInfo.php
/usr/local/lsws/admin/html.open/lib/DKeywordAlias.php
/usr/local/lsws/admin/html.open/lib/DMsg.php
/usr/local/lsws/admin/html.open/lib/DPage.php
/usr/local/lsws/admin/html.open/lib/DTbl.php
/usr/local/lsws/admin/html.open/lib/DTblDefBase.php
/usr/local/lsws/admin/html.open/lib/DTblMap.php
/usr/local/lsws/admin/html.open/lib/LogViewer.php
/usr/local/lsws/admin/html.open/lib/PathTool.php
/usr/local/lsws/admin/html.open/lib/PlainConfParser.php
/usr/local/lsws/admin/html.open/lib/SInfo.php
/usr/local/lsws/admin/html.open/lib/XmlParser.php
/usr/local/lsws/admin/html.open/lib/blowfish.php
/usr/local/lsws/admin/html.open/lib/jCryption.php
/usr/local/lsws/admin/html.open/lib/ows
/usr/local/lsws/admin/html.open/lib/ows/ConfValidation.php
/usr/local/lsws/admin/html.open/lib/ows/DAttr.php
/usr/local/lsws/admin/html.open/lib/ows/DPageDef.php
/usr/local/lsws/admin/html.open/lib/ows/DTblDef.php
/usr/local/lsws/admin/html.open/lib/ows/Product.php
/usr/local/lsws/admin/html.open/lib/ows/RealTimeStats.php
/usr/local/lsws/admin/html.open/lib/ows/Service.php
/usr/local/lsws/admin/html.open/lib/ows/UI.php
/usr/local/lsws/admin/html.open/lib/util
/usr/local/lsws/admin/html.open/lib/util/build_php
/usr/local/lsws/admin/html.open/lib/util/build_php/BuildConfig.php
/usr/local/lsws/admin/html.open/lib/util/build_php/build_common.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_install.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_install_ext.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_manual_run.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare.template
/usr/local/lsws/admin/html.open/lib/util/build_php/build_prepare_ext.template
/usr/local/lsws/admin/html.open/lib/util/build_php/buildfunc.inc.php
/usr/local/lsws/admin/html.open/login.php
/usr/local/lsws/admin/html.open/res
/usr/local/lsws/admin/html.open/res/css
/usr/local/lsws/admin/html.open/res/css/bootstrap.min.css
/usr/local/lsws/admin/html.open/res/css/font-awesome.min.css
/usr/local/lsws/admin/html.open/res/css/googlefonts.css
/usr/local/lsws/admin/html.open/res/css/lockscreen.min.css
/usr/local/lsws/admin/html.open/res/css/lst-webadmin.min.css
/usr/local/lsws/admin/html.open/res/css/smartadmin-production.min.css
/usr/local/lsws/admin/html.open/res/fonts
/usr/local/lsws/admin/html.open/res/fonts/FontAwesome.otf
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.eot
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.svg
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.ttf
/usr/local/lsws/admin/html.open/res/fonts/fontawesome-webfont.woff
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.eot
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.svg
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.ttf
/usr/local/lsws/admin/html.open/res/fonts/glyphicons-halflings-regular.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-300.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-700italic.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-italic.woff2
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff
/usr/local/lsws/admin/html.open/res/fonts/open-sans-v17-latin-regular.woff2
/usr/local/lsws/admin/html.open/res/img
/usr/local/lsws/admin/html.open/res/img/ajax-loader.gif
/usr/local/lsws/admin/html.open/res/img/alpha.png
/usr/local/lsws/admin/html.open/res/img/blank.gif
/usr/local/lsws/admin/html.open/res/img/clear.png
/usr/local/lsws/admin/html.open/res/img/favicon
/usr/local/lsws/admin/html.open/res/img/favicon/favicon.ico
/usr/local/lsws/admin/html.open/res/img/hue.png
/usr/local/lsws/admin/html.open/res/img/icons
/usr/local/lsws/admin/html.open/res/img/icons/adminconfig.gif
/usr/local/lsws/admin/html.open/res/img/icons/administrator.gif
/usr/local/lsws/admin/html.open/res/img/icons/application.gif
/usr/local/lsws/admin/html.open/res/img/icons/cgi.gif
/usr/local/lsws/admin/html.open/res/img/icons/controlpanel.gif
/usr/local/lsws/admin/html.open/res/img/icons/database.gif
/usr/local/lsws/admin/html.open/res/img/icons/debug.gif
/usr/local/lsws/admin/html.open/res/img/icons/down.gif
/usr/local/lsws/admin/html.open/res/img/icons/edit.gif
/usr/local/lsws/admin/html.open/res/img/icons/fast_cgi.gif
/usr/local/lsws/admin/html.open/res/img/icons/favicon.ico
/usr/local/lsws/admin/html.open/res/img/icons/file.gif
/usr/local/lsws/admin/html.open/res/img/icons/filter.gif
/usr/local/lsws/admin/html.open/res/img/icons/form.gif
/usr/local/lsws/admin/html.open/res/img/icons/graph.gif
/usr/local/lsws/admin/html.open/res/img/icons/help.png
/usr/local/lsws/admin/html.open/res/img/icons/info.gif
/usr/local/lsws/admin/html.open/res/img/icons/link.gif
/usr/local/lsws/admin/html.open/res/img/icons/load_balancer.gif
/usr/local/lsws/admin/html.open/res/img/icons/lock.gif
/usr/local/lsws/admin/html.open/res/img/icons/ls_sapi.gif
/usr/local/lsws/admin/html.open/res/img/icons/module.gif
/usr/local/lsws/admin/html.open/res/img/icons/module_handler.gif
/usr/local/lsws/admin/html.open/res/img/icons/network.gif
/usr/local/lsws/admin/html.open/res/img/icons/play.gif
/usr/local/lsws/admin/html.open/res/img/icons/record.gif
/usr/local/lsws/admin/html.open/res/img/icons/redirect.gif
/usr/local/lsws/admin/html.open/res/img/icons/refresh.gif
/usr/local/lsws/admin/html.open/res/img/icons/report.gif
/usr/local/lsws/admin/html.open/res/img/icons/script.gif
/usr/local/lsws/admin/html.open/res/img/icons/search.gif
/usr/local/lsws/admin/html.open/res/img/icons/serverconfig.gif
/usr/local/lsws/admin/html.open/res/img/icons/servlet_engine.gif
/usr/local/lsws/admin/html.open/res/img/icons/shield.gif
/usr/local/lsws/admin/html.open/res/img/icons/stop.gif
/usr/local/lsws/admin/html.open/res/img/icons/trash.gif
/usr/local/lsws/admin/html.open/res/img/icons/up.gif
/usr/local/lsws/admin/html.open/res/img/icons/web.gif
/usr/local/lsws/admin/html.open/res/img/icons/web_link.gif
/usr/local/lsws/admin/html.open/res/img/icons/web_server.gif
/usr/local/lsws/admin/html.open/res/img/loading.gif
/usr/local/lsws/admin/html.open/res/img/lsws_bolt.png
/usr/local/lsws/admin/html.open/res/img/lsws_bolt.svg
/usr/local/lsws/admin/html.open/res/img/mappin-default.png
/usr/local/lsws/admin/html.open/res/img/minus.png
/usr/local/lsws/admin/html.open/res/img/mybg.png
/usr/local/lsws/admin/html.open/res/img/plus.png
/usr/local/lsws/admin/html.open/res/img/product_logo.gif
/usr/local/lsws/admin/html.open/res/img/product_logo.svg
/usr/local/lsws/admin/html.open/res/img/ribbon.png
/usr/local/lsws/admin/html.open/res/img/sa-dark.png
/usr/local/lsws/admin/html.open/res/img/sa-default.png
/usr/local/lsws/admin/html.open/res/img/sort_asc.png
/usr/local/lsws/admin/html.open/res/img/sort_asc_disabled.png
/usr/local/lsws/admin/html.open/res/img/sort_both.png
/usr/local/lsws/admin/html.open/res/img/sort_desc.png
/usr/local/lsws/admin/html.open/res/img/sort_desc_disabled.png
/usr/local/lsws/admin/html.open/res/img/vt-menu.png
/usr/local/lsws/admin/html.open/res/js
/usr/local/lsws/admin/html.open/res/js/app.config.min.js
/usr/local/lsws/admin/html.open/res/js/bootstrap
/usr/local/lsws/admin/html.open/res/js/bootstrap/bootstrap.min.js
/usr/local/lsws/admin/html.open/res/js/jcryption
/usr/local/lsws/admin/html.open/res/js/jcryption/jquery.jcryption.min.js
/usr/local/lsws/admin/html.open/res/js/libs
/usr/local/lsws/admin/html.open/res/js/libs/jquery-2.2.4.min.js
/usr/local/lsws/admin/html.open/res/js/libs/jquery-ui-1.12.1.min.js
/usr/local/lsws/admin/html.open/res/js/lst-app.min.js
/usr/local/lsws/admin/html.open/res/js/notification
/usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.js
/usr/local/lsws/admin/html.open/res/js/notification/SmartNotification.min.js
/usr/local/lsws/admin/html.open/res/js/plugin
/usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive
/usr/local/lsws/admin/html.open/res/js/plugin/datatable-responsive/datatables.responsive.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.bootstrap.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colReorder.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.colVis.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/dataTables.tableTools.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/jquery.dataTables.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls.swf
/usr/local/lsws/admin/html.open/res/js/plugin/datatables/swf/copy_csv_xls_pdf.swf
/usr/local/lsws/admin/html.open/res/js/plugin/flot
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.cust.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.fillbetween.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.orderBar.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.pie.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.resize.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/flot/jquery.flot.tooltip.min.js
/usr/local/lsws/admin/html.open/res/js/plugin/msie-fix
/usr/local/lsws/admin/html.open/res/js/plugin/msie-fix/jquery.mb.browser.min.js
/usr/local/lsws/admin/html.open/res/lang
/usr/local/lsws/admin/html.open/res/lang/en-US_msg.php
/usr/local/lsws/admin/html.open/res/lang/en-US_tips.php
/usr/local/lsws/admin/html.open/res/lang/ja-JP_msg.php
/usr/local/lsws/admin/html.open/res/lang/ja-JP_tips.php
/usr/local/lsws/admin/html.open/res/lang/util_sortlang.php
/usr/local/lsws/admin/html.open/res/lang/zh-CN_msg.php
/usr/local/lsws/admin/html.open/res/lang/zh-CN_tips.php
/usr/local/lsws/admin/html.open/view
/usr/local/lsws/admin/html.open/view/UIBase.php
/usr/local/lsws/admin/html.open/view/UIProperty.php
/usr/local/lsws/admin/html.open/view/ajax_data.php
/usr/local/lsws/admin/html.open/view/compilePHP.php
/usr/local/lsws/admin/html.open/view/confMgr.php
/usr/local/lsws/admin/html.open/view/dashboard.php
/usr/local/lsws/admin/html.open/view/inc
/usr/local/lsws/admin/html.open/view/inc/auth.php
/usr/local/lsws/admin/html.open/view/inc/configui.php
/usr/local/lsws/admin/html.open/view/inc/global.php
/usr/local/lsws/admin/html.open/view/inc/header.php
/usr/local/lsws/admin/html.open/view/inc/nav.php
/usr/local/lsws/admin/html.open/view/inc/scripts.php
/usr/local/lsws/admin/html.open/view/logviewer.php
/usr/local/lsws/admin/html.open/view/realtimestats.php
/usr/local/lsws/admin/html.open/view/serviceMgr.php
/usr/local/lsws/admin/logs
/usr/local/lsws/admin/misc
/usr/local/lsws/admin/misc/admpass.sh
/usr/local/lsws/admin/misc/build_admin_php.sh
/usr/local/lsws/admin/misc/convertxml.php
/usr/local/lsws/admin/misc/convertxml.sh
/usr/local/lsws/admin/misc/create_admin_keypair.sh
/usr/local/lsws/admin/misc/enable_phpa.sh
/usr/local/lsws/admin/misc/gdb-bt
/usr/local/lsws/admin/misc/genjCryptionKeyPair.php
/usr/local/lsws/admin/misc/gzipStatic.sh
/usr/local/lsws/admin/misc/htpasswd.php
/usr/local/lsws/admin/misc/lscmctl
/usr/local/lsws/admin/misc/lshttpd.service
/usr/local/lsws/admin/misc/lsup.sh
/usr/local/lsws/admin/misc/lsws.rc
/usr/local/lsws/admin/misc/lsws.rc.gentoo
/usr/local/lsws/admin/misc/php.ini
/usr/local/lsws/admin/misc/rc-inst.sh
/usr/local/lsws/admin/misc/rc-uninst.sh
/usr/local/lsws/admin/misc/testbeta.sh
/usr/local/lsws/admin/misc/uninstall.sh
/usr/local/lsws/admin/tmp
/usr/local/lsws/adminpasswd
/usr/local/lsws/autoupdate
/usr/local/lsws/backup
/usr/local/lsws/bin
/usr/local/lsws/bin/litespeed
/usr/local/lsws/bin/lshttpd
/usr/local/lsws/bin/lsws_env
/usr/local/lsws/bin/lswsctrl
/usr/local/lsws/bin/lswsctrl.open
/usr/local/lsws/bin/openlitespeed
/usr/local/lsws/bin/openlitespeed.asan
/usr/local/lsws/bin/openlitespeed.dbg
/usr/local/lsws/bin/openlitespeed.prof
/usr/local/lsws/cachedata
/usr/local/lsws/cgid
/usr/local/lsws/conf
/usr/local/lsws/conf/cert
/usr/local/lsws/conf/httpd_config.conf
/usr/local/lsws/conf/mime.properties
/usr/local/lsws/conf/templates
/usr/local/lsws/conf/templates/ccl.conf
/usr/local/lsws/conf/templates/rails.conf
/usr/local/lsws/conf/vhosts
/usr/local/lsws/conf/vhosts/Example
/usr/local/lsws/conf/vhosts/Example/htgroup
/usr/local/lsws/conf/vhosts/Example/htpasswd
/usr/local/lsws/conf/vhosts/Example/vhconf.conf
/usr/local/lsws/docs
/usr/local/lsws/docs/AdminGeneral_Help.html
/usr/local/lsws/docs/AdminListeners_General_Help.html
/usr/local/lsws/docs/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/AdminSecurity_Help.html
/usr/local/lsws/docs/App_Server_Context.html
/usr/local/lsws/docs/App_Server_Help.html
/usr/local/lsws/docs/CGI_Context.html
/usr/local/lsws/docs/CompilePHP_Help.html
/usr/local/lsws/docs/Context_Help.html
/usr/local/lsws/docs/ExtApp_Help.html
/usr/local/lsws/docs/External_FCGI.html
/usr/local/lsws/docs/External_FCGI_Auth.html
/usr/local/lsws/docs/External_LB.html
/usr/local/lsws/docs/External_LSAPI.html
/usr/local/lsws/docs/External_PL.html
/usr/local/lsws/docs/External_Servlet.html
/usr/local/lsws/docs/External_WS.html
/usr/local/lsws/docs/FCGI_Context.html
/usr/local/lsws/docs/Java_Web_App_Context.html
/usr/local/lsws/docs/LB_Context.html
/usr/local/lsws/docs/LSAPI_Context.html
/usr/local/lsws/docs/Listeners_General_Help.html
/usr/local/lsws/docs/Listeners_SSL_Help.html
/usr/local/lsws/docs/Module_Context.html
/usr/local/lsws/docs/Module_Help.html
/usr/local/lsws/docs/Proxy_Context.html
/usr/local/lsws/docs/Redirect_Context.html
/usr/local/lsws/docs/Rewrite_Help.html
/usr/local/lsws/docs/ScriptHandler_Help.html
/usr/local/lsws/docs/ServGeneral_Help.html
/usr/local/lsws/docs/ServLog_Help.html
/usr/local/lsws/docs/ServSecurity_Help.html
/usr/local/lsws/docs/ServTuning_Help.html
/usr/local/lsws/docs/ServerStat_Help.html
/usr/local/lsws/docs/Servlet_Context.html
/usr/local/lsws/docs/Static_Context.html
/usr/local/lsws/docs/Templates_Help.html
/usr/local/lsws/docs/VHGeneral_Help.html
/usr/local/lsws/docs/VHSSL_Help.html
/usr/local/lsws/docs/VHSecurity_Help.html
/usr/local/lsws/docs/VHWebSocket_Help.html
/usr/local/lsws/docs/VirtualHosts_Help.html
/usr/local/lsws/docs/admin.html
/usr/local/lsws/docs/config.html
/usr/local/lsws/docs/css
/usr/local/lsws/docs/css/hdoc.css
/usr/local/lsws/docs/img
/usr/local/lsws/docs/img/attention.svg
/usr/local/lsws/docs/img/info.svg
/usr/local/lsws/docs/img/lightning-bolt.svg
/usr/local/lsws/docs/img/lsws_logo.svg
/usr/local/lsws/docs/img/ols_logo.svg
/usr/local/lsws/docs/img/shield.svg
/usr/local/lsws/docs/img/web-adc_logo.svg
/usr/local/lsws/docs/index.html
/usr/local/lsws/docs/install.html
/usr/local/lsws/docs/intro.html
/usr/local/lsws/docs/ja-JP
/usr/local/lsws/docs/ja-JP/AdminGeneral_Help.html
/usr/local/lsws/docs/ja-JP/AdminListeners_General_Help.html
/usr/local/lsws/docs/ja-JP/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/ja-JP/AdminSecurity_Help.html
/usr/local/lsws/docs/ja-JP/App_Server_Context.html
/usr/local/lsws/docs/ja-JP/App_Server_Help.html
/usr/local/lsws/docs/ja-JP/CGI_Context.html
/usr/local/lsws/docs/ja-JP/CompilePHP_Help.html
/usr/local/lsws/docs/ja-JP/Context_Help.html
/usr/local/lsws/docs/ja-JP/ExtApp_Help.html
/usr/local/lsws/docs/ja-JP/External_FCGI.html
/usr/local/lsws/docs/ja-JP/External_FCGI_Auth.html
/usr/local/lsws/docs/ja-JP/External_LB.html
/usr/local/lsws/docs/ja-JP/External_LSAPI.html
/usr/local/lsws/docs/ja-JP/External_PL.html
/usr/local/lsws/docs/ja-JP/External_Servlet.html
/usr/local/lsws/docs/ja-JP/External_WS.html
/usr/local/lsws/docs/ja-JP/FCGI_Context.html
/usr/local/lsws/docs/ja-JP/Java_Web_App_Context.html
/usr/local/lsws/docs/ja-JP/LB_Context.html
/usr/local/lsws/docs/ja-JP/LSAPI_Context.html
/usr/local/lsws/docs/ja-JP/Listeners_General_Help.html
/usr/local/lsws/docs/ja-JP/Listeners_SSL_Help.html
/usr/local/lsws/docs/ja-JP/Module_Context.html
/usr/local/lsws/docs/ja-JP/Module_Help.html
/usr/local/lsws/docs/ja-JP/Proxy_Context.html
/usr/local/lsws/docs/ja-JP/Redirect_Context.html
/usr/local/lsws/docs/ja-JP/Rewrite_Help.html
/usr/local/lsws/docs/ja-JP/ScriptHandler_Help.html
/usr/local/lsws/docs/ja-JP/ServGeneral_Help.html
/usr/local/lsws/docs/ja-JP/ServLog_Help.html
/usr/local/lsws/docs/ja-JP/ServSecurity_Help.html
/usr/local/lsws/docs/ja-JP/ServTuning_Help.html
/usr/local/lsws/docs/ja-JP/ServerStat_Help.html
/usr/local/lsws/docs/ja-JP/Servlet_Context.html
/usr/local/lsws/docs/ja-JP/Static_Context.html
/usr/local/lsws/docs/ja-JP/Templates_Help.html
/usr/local/lsws/docs/ja-JP/VHGeneral_Help.html
/usr/local/lsws/docs/ja-JP/VHSSL_Help.html
/usr/local/lsws/docs/ja-JP/VHSecurity_Help.html
/usr/local/lsws/docs/ja-JP/VHWebSocket_Help.html
/usr/local/lsws/docs/ja-JP/VirtualHosts_Help.html
/usr/local/lsws/docs/ja-JP/admin.html
/usr/local/lsws/docs/ja-JP/config.html
/usr/local/lsws/docs/ja-JP/index.html
/usr/local/lsws/docs/ja-JP/install.html
/usr/local/lsws/docs/ja-JP/intro.html
/usr/local/lsws/docs/ja-JP/license.html
/usr/local/lsws/docs/ja-JP/security.html
/usr/local/lsws/docs/ja-JP/webconsole.html
/usr/local/lsws/docs/license.html
/usr/local/lsws/docs/security.html
/usr/local/lsws/docs/webconsole.html
/usr/local/lsws/docs/zh-CN
/usr/local/lsws/docs/zh-CN/AdminGeneral_Help.html
/usr/local/lsws/docs/zh-CN/AdminListeners_General_Help.html
/usr/local/lsws/docs/zh-CN/AdminListeners_SSL_Help.html
/usr/local/lsws/docs/zh-CN/AdminSecurity_Help.html
/usr/local/lsws/docs/zh-CN/App_Server_Context.html
/usr/local/lsws/docs/zh-CN/App_Server_Help.html
/usr/local/lsws/docs/zh-CN/CGI_Context.html
/usr/local/lsws/docs/zh-CN/CompilePHP_Help.html
/usr/local/lsws/docs/zh-CN/Context_Help.html
/usr/local/lsws/docs/zh-CN/ExtApp_Help.html
/usr/local/lsws/docs/zh-CN/External_FCGI.html
/usr/local/lsws/docs/zh-CN/External_FCGI_Auth.html
/usr/local/lsws/docs/zh-CN/External_LB.html
/usr/local/lsws/docs/zh-CN/External_LSAPI.html
/usr/local/lsws/docs/zh-CN/External_PL.html
/usr/local/lsws/docs/zh-CN/External_Servlet.html
/usr/local/lsws/docs/zh-CN/External_WS.html
/usr/local/lsws/docs/zh-CN/FCGI_Context.html
/usr/local/lsws/docs/zh-CN/Java_Web_App_Context.html
/usr/local/lsws/docs/zh-CN/LB_Context.html
/usr/local/lsws/docs/zh-CN/LSAPI_Context.html
/usr/local/lsws/docs/zh-CN/Listeners_General_Help.html
/usr/local/lsws/docs/zh-CN/Listeners_SSL_Help.html
/usr/local/lsws/docs/zh-CN/Module_Context.html
/usr/local/lsws/docs/zh-CN/Module_Help.html
/usr/local/lsws/docs/zh-CN/Proxy_Context.html
/usr/local/lsws/docs/zh-CN/Redirect_Context.html
/usr/local/lsws/docs/zh-CN/Rewrite_Help.html
/usr/local/lsws/docs/zh-CN/ScriptHandler_Help.html
/usr/local/lsws/docs/zh-CN/ServGeneral_Help.html
/usr/local/lsws/docs/zh-CN/ServLog_Help.html
/usr/local/lsws/docs/zh-CN/ServSecurity_Help.html
/usr/local/lsws/docs/zh-CN/ServTuning_Help.html
/usr/local/lsws/docs/zh-CN/ServerStat_Help.html
/usr/local/lsws/docs/zh-CN/Servlet_Context.html
/usr/local/lsws/docs/zh-CN/Static_Context.html
/usr/local/lsws/docs/zh-CN/Templates_Help.html
/usr/local/lsws/docs/zh-CN/VHGeneral_Help.html
/usr/local/lsws/docs/zh-CN/VHSSL_Help.html
/usr/local/lsws/docs/zh-CN/VHSecurity_Help.html
/usr/local/lsws/docs/zh-CN/VHWebSocket_Help.html
/usr/local/lsws/docs/zh-CN/VirtualHosts_Help.html
/usr/local/lsws/docs/zh-CN/admin.html
/usr/local/lsws/docs/zh-CN/config.html
/usr/local/lsws/docs/zh-CN/index.html
/usr/local/lsws/docs/zh-CN/install.html
/usr/local/lsws/docs/zh-CN/intro.html
/usr/local/lsws/docs/zh-CN/license.html
/usr/local/lsws/docs/zh-CN/security.html
/usr/local/lsws/docs/zh-CN/webconsole.html
/usr/local/lsws/fcgi-bin
/usr/local/lsws/fcgi-bin/RackRunner.rb
/usr/local/lsws/fcgi-bin/lsnode.js
/usr/local/lsws/fcgi-bin/lsperld.fpl
/usr/local/lsws/fcgi-bin/lsphp
/usr/local/lsws/fcgi-bin/lsphp5
/usr/local/lsws/gdata
/usr/local/lsws/lib
/usr/local/lsws/logs
/usr/local/lsws/lsrecaptcha
/usr/local/lsws/lsrecaptcha/_recaptcha
/usr/local/lsws/lsrecaptcha/_recaptcha.shtml
/usr/local/lsws/modules
/usr/local/lsws/modules/mod_js.so
/usr/local/lsws/modules/mod_security.so
/usr/local/lsws/modules/modinspector.so
/usr/local/lsws/modules/modpagespeed.so
/usr/local/lsws/modules/modreqparser.so
/usr/local/lsws/modules/uploadprogress.so
/usr/local/lsws/php
/usr/local/lsws/phpbuild
/usr/local/lsws/share
/usr/local/lsws/share/autoindex
/usr/local/lsws/share/autoindex/bwlimit.html
/usr/local/lsws/share/autoindex/default.php
/usr/local/lsws/share/autoindex/icons
/usr/local/lsws/share/autoindex/icons/binary.png
/usr/local/lsws/share/autoindex/icons/blank.png
/usr/local/lsws/share/autoindex/icons/compress.png
/usr/local/lsws/share/autoindex/icons/folder.png
/usr/local/lsws/share/autoindex/icons/html.png
/usr/local/lsws/share/autoindex/icons/image.png
/usr/local/lsws/share/autoindex/icons/movie.png
/usr/local/lsws/share/autoindex/icons/sound.png
/usr/local/lsws/share/autoindex/icons/text.png
/usr/local/lsws/share/autoindex/icons/unknown.png
/usr/local/lsws/share/autoindex/icons/up.png
/usr/local/lsws/tmp
/usr/local/lsws/tmp/ocspcache
[root@lsws ~]#

服务控制命令

[root@lsws ~]# /usr/local/lsws/bin/lswsctrl
Usage: /usr/local/lsws/bin/lswsctrl {start|stop|restart|reload|condrestrt|try-restart|status|help}

start       - start web server
stop        - stop web server
restart     - gracefully restart web server with zero down time
reload      - same as restart
condrestart - gracefully restart web server if server is running
try-restart - same as condrestart
status      - show service status
help        - this screen

[root@lsws ~]#

查看端口监听

[root@lsws ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
[root@lsws ~]#

使用Web控制台

默认首页

默认Web管理控制台

3月 052020
 

Generic Routing Encapsulation 通用路由封装协议

主机列表

18.163.50.194/172.31.44.248
18.162.60.60/172.31.37.49

查找系统可用的内核模块

[centos@ip-172-31-44-248 ~]$ ls -alRUv /lib/modules/$(uname -r)/kernel |grep ip_gre
-rw-r--r--. 1 root root 9396 Nov 29 2018 ip_gre.ko.xz
[centos@ip-172-31-44-248 ~]$

加载ip_gre模块

[root@ip-172-31-44-248 ~]# modprobe ip_gre
[root@ip-172-31-44-248 ~]#

[root@ip-172-31-37-49 ~]# modprobe ip_gre
[root@ip-172-31-37-49 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.1
对端隧道地址192.168.192.2

[root@ip-172-31-44-248 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.2
PEER_OUTER_IPADDR=18.162.60.60
MY_INNER_IPADDR=192.168.192.1

启用tun0网卡

[root@ip-172-31-44-248 ~]# ifup tun0

查看接口信息

[root@ip-172-31-44-248 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:84:f5:b0:db:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.31.44.248/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2667sec preferred_lft 2667sec
    inet6 fe80::c84:f5ff:feb0:dbf6/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.162.60.60
    inet 192.168.192.1 peer 192.168.192.2/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-44-248 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.2
对端隧道地址192.168.192.1

[root@ip-172-31-37-49 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.1
PEER_OUTER_IPADDR=18.163.50.194
MY_INNER_IPADDR=192.168.192.2

启用tun0网卡

[root@ip-172-31-37-49 ~]# ifup tun0

查看接口信息

[root@ip-172-31-37-49 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:4a:2b:48:b8:aa brd ff:ff:ff:ff:ff:ff
    inet 172.31.37.49/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2692sec preferred_lft 2692sec
    inet6 fe80::c4a:2bff:fe48:b8aa/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.163.50.194
    inet 192.168.192.2 peer 192.168.192.1/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-37-49 ~]# 

分别使用对端IP地址进行ping测试

[root@ip-172-31-37-49 ~]# ping -c 4 192.168.192.1
PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data.
64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=0.297 ms
64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=0.283 ms
64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=0.237 ms
64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=0.268 ms

--- 192.168.192.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.237/0.271/0.297/0.025 ms
[root@ip-172-31-37-49 ~]#


[root@ip-172-31-44-248 ~]# ping -c 4 192.168.192.2
PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data.
64 bytes from 192.168.192.2: icmp_seq=1 ttl=64 time=0.249 ms
64 bytes from 192.168.192.2: icmp_seq=2 ttl=64 time=0.279 ms
64 bytes from 192.168.192.2: icmp_seq=3 ttl=64 time=0.196 ms
64 bytes from 192.168.192.2: icmp_seq=4 ttl=64 time=0.214 ms

--- 192.168.192.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.196/0.234/0.279/0.035 ms
[root@ip-172-31-44-248 ~]#
3月 022020
 

安装向导欢迎页面

选择要安装的组件

同意最终用户许可协议

重要声明

选择安装目录

准备安装

安装进行中

完成安装并启动服务器管理器

选择要连接的服务器并点击连接

首次连接设置管理员密码

提示管理员密码设置成功

关闭弹出的简单设置窗口

选择是否设置开启IPsec功能

在管理器主界面进入VPN Gate设置

选择启用VPN Gate中继服务并加入研究志愿者队伍

VPN Gate服务设置选项界面

请勿在禁止使用VPN通信技术的国家使用VPN Gate服务

在管理器主界面进入动态域名设置

查看或修改该服务器的动态域名

在管理器主界面查看当前的动态域名解析主机名

查看当前已连接客户端会话信息

2月 272020
 

主机列表

ansible 167.179.84.153 }Z5c,jM-?bQec#z-
server1 149.28.24.11 A7f{v#PAB8$!-K8q
server2 45.76.216.130 7]Mf%YKRFP[9H!*K
server3 108.160.137.54 _Rr3%[2rg,JJQpwQ

在ansible主机上配置hosts文件

[root@ansible ~]# vi /etc/hosts
149.28.24.11 server1
45.76.216.130 server2
108.160.137.54 server3

确认主机名及IP对应关系

[root@ansible ~]# ping -c 1 server1
PING server1 (149.28.24.11) 56(84) bytes of data.
64 bytes from server1 (149.28.24.11): icmp_seq=1 ttl=61 time=0.360 ms

--- server1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms
[root@ansible ~]# ping -c 1 server2
PING server2 (45.76.216.130) 56(84) bytes of data.
64 bytes from server2 (45.76.216.130): icmp_seq=1 ttl=57 time=0.933 ms

--- server2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.933/0.933/0.933/0.000 ms
[root@ansible ~]# ping -c 1 server3
PING server3 (108.160.137.54) 56(84) bytes of data.
64 bytes from server3 (108.160.137.54): icmp_seq=1 ttl=57 time=0.982 ms

--- server3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.982/0.982/0.982/0.000 ms
[root@ansible ~]#

解决首次登录远程系统的严格主机密钥检查交互(保存远程主机公钥)

[root@ansible ~]# ssh root@server1
The authenticity of host 'server1 (149.28.24.11)' can't be established.
ECDSA key fingerprint is SHA256:NUM9LGuAESXFeEyluk7GqoY3vC7rmLvzyf4Fr5p0tWs.
ECDSA key fingerprint is MD5:36:02:b3:0c:d0:33:db:a5:a5:68:21:4f:ce:87:01:aa.
Are you sure you want to continue connecting (yes/no)? ^C
[root@ansible ~]#

[root@ansible ~]# ls .ssh/
[root@ansible ~]#

修改本机ssh客户端配置文件

[root@ansible ~]# vi /etc/ssh/ssh_config
# StrictHostKeyChecking ask
StrictHostKeyChecking no

查看ansible版本信息

[root@ansible ~]# ansible --version
ansible 2.9.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[root@ansible ~]#

编辑ansible主机配置文件(注意server1密码的转义字符)

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root ansible_password=A7f{v\#PAB8$!-K8q
server2 ansible_user=root ansible_password=7]Mf%YKRFP[9H!*K
server3 ansible_user=root ansible_password=_Rr3%[2rg,JJQpwQ

连接测试

[root@ansible ~]# ansible servers -m ping
server2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@ansible ~]#

本地已保存的远程主机公钥信息

[root@ansible ~]# ls .ssh/
known_hosts
[root@ansible ~]# cat .ssh/known_hosts
server1,149.28.24.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCv/uWIj+5gWiri6BdEYw+QQYuE3wIfdW0FhgdCIY92UXf1P9rhRI9q5FQMQ1sJuKfzSihEsU2uwnQ8P45zE3Yc=
server2,45.76.216.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+LjHvPrUcao6A5zNJwPgjRUOQAtxPCzMoEUOl21jMKiTPpDe87feCz2S/k6bo0Paf3G9lKdJg5B+r9dCZMBOU=
server3,108.160.137.54 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+8jA1/3alAX2YtrLVUfJGvyCeCcpsJFG7WGwTgB5y4i0pBxPum0AYSw/G5ehaM8KPLCjEbCwUYS+XW83XYY10=
[root@ansible ~]#

创建密钥对

[root@ansible ~]# ssh-keygen -b 4096 -t rsa -C "harvey.mei@linuxcache.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):/root/.ssh/id_rsa_ansible
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_ansible.
Your public key has been saved in id_rsa_ansible.pub.
The key fingerprint is:
SHA256:Cv6UZ+/72ZTeeeuYP5ePrKmr7YhcZG6DVwwzXqXmLuU harvey.mei@linuxcache.com
The key's randomart image is:
+---[RSA 4096]----+
|            .    |
|           o     |
|        + +      |
|       . O       |
|    .   S =      |
|   . . B =     . |
|    . = X E   o .|
|     + B *   Bo=+|
|      + o+O==+B=O|
+----[SHA256]-----+
[root@ansible ~]#

查看公钥信息

[root@ansible ~]# cat .ssh/id_rsa_ansible.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

将公钥信息复制给一个变量

[root@ansible ~]# pubkey=`cat .ssh/id_rsa_ansible.pub`
[root@ansible ~]# echo $pubkey
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

使用Ansible的shell模块,对目的主机组执行公钥的导入操作

[root@ansible ~]# ansible servers -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh; echo -e ${pubkey} >> .ssh/authorized_keys"
server1 | CHANGED | rc=0 >>

server3 | CHANGED | rc=0 >>

server2 | CHANGED | rc=0 >>

[root@ansible ~]#

通过Ansible远程执行查看目的主机已导入的公钥信息

[root@ansible ~]# ansible servers -m shell -a "cat .ssh/authorized_keys"
server3 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
server1 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
server2 | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIp2W44/lMGw98BRvdTrCBwjBs9PYBiXhb9fN+ntU6fbnN12s7MUj92Z4uRLbJywJbspUPSV8SI4QVL0FKPSm37OMdY8SvpURgiaqRfRuo7pwVP7j31JxpcB4mF0PZiEFUqPttJ1MVbUnHfHxePJXjLmfRirJ5PkH26K4F3WUEgQiWJq2WlOWTERqdMjXqQHiubfSGT+s5q1jwakhCjjk06EbwRtN5ZYa0PcvoTCVPORTzr+/mOIzkY+GCAvPdFXO4KbXA4yI8LMPFcDH1DLJfIF7wc8y8aRbDVu5g6khzi8ipof5+XkLquUjxU4yuHaEr1/Gf4lNIBq81O8BXv0lKsy6vFwO4uP42W+jzYpqN9vM+6ibAywZ/zx3ags+aPrO++HYqok2gUYvXizPVPabadeLb0d0DY6XxAp1vXNqeLqwxMVsfAViXiyGIU76OEfnkgdzhHvFiXopKOIzTbS3pFctr3/dnMnHkKEnUmjYBQ7T8MEkJGPka5IsKrl5fTPgUtb53crB21rRHo/Dz82uGzPnUVUQRilUd9xip1xkUw/HB53FsZH9hP+dF5ohn9N1FwqZnHE6PCFTTtTgSNytNMmwXIKenZaVIOwoJN8cA8GfnQEpidl8im75EhoGlKDkFVSObJxttMlvAbDrBnzuNSzPmOV8NhlRgMrPPV4iwQ== harvey.mei@linuxcache.com
[root@ansible ~]#

修改Ansible主机配置文件以启用私钥登录验证

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
server2 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible
server3 ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa_ansible

测试成功

[root@ansible ~]# ansible servers -m ping
server3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
server1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
[root@ansible ~]#

在执行ansible命令时指定私钥参数

[root@ansible ~]# vi /etc/ansible/hosts
[servers]
server1 ansible_user=root
server2 ansible_user=root
server3 ansible_user=root

测试成功

[root@ansible ~]# ansible servers --private-key=.ssh/id_rsa_ansible -m command -a hostname
server1 | CHANGED | rc=0 >>
server1
server2 | CHANGED | rc=0 >>
server2
server3 | CHANGED | rc=0 >>
server3
[root@ansible ~]#
2月 202020
 

禁用防火墙

[root@radius ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@radius ~]# systemctl stop firewalld
[root@radius ~]#

安装AMP环境

[root@radius ~]# yum install php php-pdo php-mysql php-gd php-pear httpd mariadb-server mariadb

创建数据库

MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on radius.* to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> set password for radius@localhost=password('radiuspassword');
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

设置系统及PHP时区

[root@radius ~]# cp /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime
cp: overwrite ‘/etc/localtime’? y
[root@radius ~]#
[root@radius ~]# vi /etc/php.ini
;date.timezone =
date.timezone = Asia/Hong_Kong

安装Free RADIUS及相关组件软件包

[root@radius html]# yum install freeradius freeradius-utils freeradius-mysql

查看FreeRADIUS安装包路径

[root@radius html]# rpm -lq freeradius
/etc/logrotate.d/radiusd
/etc/pam.d/radiusd
/etc/raddb
/etc/raddb/README.rst
/etc/raddb/certs
/etc/raddb/certs/Makefile
/etc/raddb/certs/README
/etc/raddb/certs/bootstrap
/etc/raddb/certs/ca.cnf
/etc/raddb/certs/client.cnf
/etc/raddb/certs/passwords.mk
/etc/raddb/certs/server.cnf
/etc/raddb/certs/xpextensions
/etc/raddb/clients.conf
/etc/raddb/dictionary
/etc/raddb/hints
/etc/raddb/huntgroups
/etc/raddb/mods-available
/etc/raddb/mods-available/README.rst
/etc/raddb/mods-available/always
/etc/raddb/mods-available/attr_filter
/etc/raddb/mods-available/cache
/etc/raddb/mods-available/cache_eap
/etc/raddb/mods-available/chap
/etc/raddb/mods-available/counter
/etc/raddb/mods-available/cui
/etc/raddb/mods-available/date
/etc/raddb/mods-available/detail
/etc/raddb/mods-available/detail.example.com
/etc/raddb/mods-available/detail.log
/etc/raddb/mods-available/dhcp
/etc/raddb/mods-available/dhcp_sqlippool
/etc/raddb/mods-available/digest
/etc/raddb/mods-available/dynamic_clients
/etc/raddb/mods-available/eap
/etc/raddb/mods-available/echo
/etc/raddb/mods-available/etc_group
/etc/raddb/mods-available/exec
/etc/raddb/mods-available/expiration
/etc/raddb/mods-available/expr
/etc/raddb/mods-available/files
/etc/raddb/mods-available/idn
/etc/raddb/mods-available/inner-eap
/etc/raddb/mods-available/ippool
/etc/raddb/mods-available/linelog
/etc/raddb/mods-available/logintime
/etc/raddb/mods-available/mac2ip
/etc/raddb/mods-available/mac2vlan
/etc/raddb/mods-available/mschap
/etc/raddb/mods-available/ntlm_auth
/etc/raddb/mods-available/opendirectory
/etc/raddb/mods-available/otp
/etc/raddb/mods-available/pam
/etc/raddb/mods-available/pap
/etc/raddb/mods-available/passwd
/etc/raddb/mods-available/preprocess
/etc/raddb/mods-available/python
/etc/raddb/mods-available/radutmp
/etc/raddb/mods-available/realm
/etc/raddb/mods-available/redis
/etc/raddb/mods-available/rediswho
/etc/raddb/mods-available/replicate
/etc/raddb/mods-available/rest
/etc/raddb/mods-available/smbpasswd
/etc/raddb/mods-available/smsotp
/etc/raddb/mods-available/soh
/etc/raddb/mods-available/sometimes
/etc/raddb/mods-available/sql
/etc/raddb/mods-available/sqlcounter
/etc/raddb/mods-available/sqlippool
/etc/raddb/mods-available/sradutmp
/etc/raddb/mods-available/unix
/etc/raddb/mods-available/unpack
/etc/raddb/mods-available/utf8
/etc/raddb/mods-available/wimax
/etc/raddb/mods-available/yubikey
/etc/raddb/mods-config
/etc/raddb/mods-config/README.rst
/etc/raddb/mods-config/attr_filter
/etc/raddb/mods-config/attr_filter/access_challenge
/etc/raddb/mods-config/attr_filter/access_reject
/etc/raddb/mods-config/attr_filter/accounting_response
/etc/raddb/mods-config/attr_filter/post-proxy
/etc/raddb/mods-config/attr_filter/pre-proxy
/etc/raddb/mods-config/files
/etc/raddb/mods-config/files/accounting
/etc/raddb/mods-config/files/authorize
/etc/raddb/mods-config/files/pre-proxy
/etc/raddb/mods-config/preprocess
/etc/raddb/mods-config/preprocess/hints
/etc/raddb/mods-config/preprocess/huntgroups
/etc/raddb/mods-config/sql
/etc/raddb/mods-config/sql/counter
/etc/raddb/mods-config/sql/cui
/etc/raddb/mods-config/sql/ippool
/etc/raddb/mods-config/sql/ippool-dhcp
/etc/raddb/mods-config/sql/main
/etc/raddb/mods-enabled
/etc/raddb/mods-enabled/always
/etc/raddb/mods-enabled/attr_filter
/etc/raddb/mods-enabled/cache_eap
/etc/raddb/mods-enabled/chap
/etc/raddb/mods-enabled/date
/etc/raddb/mods-enabled/detail
/etc/raddb/mods-enabled/detail.log
/etc/raddb/mods-enabled/dhcp
/etc/raddb/mods-enabled/digest
/etc/raddb/mods-enabled/dynamic_clients
/etc/raddb/mods-enabled/eap
/etc/raddb/mods-enabled/echo
/etc/raddb/mods-enabled/exec
/etc/raddb/mods-enabled/expiration
/etc/raddb/mods-enabled/expr
/etc/raddb/mods-enabled/files
/etc/raddb/mods-enabled/linelog
/etc/raddb/mods-enabled/logintime
/etc/raddb/mods-enabled/mschap
/etc/raddb/mods-enabled/ntlm_auth
/etc/raddb/mods-enabled/pap
/etc/raddb/mods-enabled/passwd
/etc/raddb/mods-enabled/preprocess
/etc/raddb/mods-enabled/radutmp
/etc/raddb/mods-enabled/realm
/etc/raddb/mods-enabled/replicate
/etc/raddb/mods-enabled/soh
/etc/raddb/mods-enabled/sradutmp
/etc/raddb/mods-enabled/unix
/etc/raddb/mods-enabled/unpack
/etc/raddb/mods-enabled/utf8
/etc/raddb/panic.gdb
/etc/raddb/policy.d
/etc/raddb/policy.d/accounting
/etc/raddb/policy.d/canonicalization
/etc/raddb/policy.d/control
/etc/raddb/policy.d/cui
/etc/raddb/policy.d/debug
/etc/raddb/policy.d/dhcp
/etc/raddb/policy.d/eap
/etc/raddb/policy.d/filter
/etc/raddb/policy.d/operator-name
/etc/raddb/proxy.conf
/etc/raddb/radiusd.conf
/etc/raddb/sites-available
/etc/raddb/sites-available/README
/etc/raddb/sites-available/buffered-sql
/etc/raddb/sites-available/challenge
/etc/raddb/sites-available/channel_bindings
/etc/raddb/sites-available/check-eap-tls
/etc/raddb/sites-available/coa
/etc/raddb/sites-available/control-socket
/etc/raddb/sites-available/copy-acct-to-home-server
/etc/raddb/sites-available/decoupled-accounting
/etc/raddb/sites-available/default
/etc/raddb/sites-available/dhcp
/etc/raddb/sites-available/dhcp.relay
/etc/raddb/sites-available/dynamic-clients
/etc/raddb/sites-available/example
/etc/raddb/sites-available/inner-tunnel
/etc/raddb/sites-available/originate-coa
/etc/raddb/sites-available/proxy-inner-tunnel
/etc/raddb/sites-available/robust-proxy-accounting
/etc/raddb/sites-available/soh
/etc/raddb/sites-available/status
/etc/raddb/sites-available/tls
/etc/raddb/sites-available/virtual.example.com
/etc/raddb/sites-available/vmps
/etc/raddb/sites-enabled
/etc/raddb/sites-enabled/default
/etc/raddb/sites-enabled/inner-tunnel
/etc/raddb/templates.conf
/etc/raddb/trigger.conf
/etc/raddb/users
/usr/lib/systemd/system/radiusd.service
/usr/lib/tmpfiles.d/radiusd.conf
/usr/lib64/freeradius
/usr/lib64/freeradius/libfreeradius-dhcp.so
/usr/lib64/freeradius/libfreeradius-eap.so
/usr/lib64/freeradius/libfreeradius-radius.so
/usr/lib64/freeradius/libfreeradius-server.so
/usr/lib64/freeradius/proto_dhcp.so
/usr/lib64/freeradius/proto_vmps.so
/usr/lib64/freeradius/rlm_always.so
/usr/lib64/freeradius/rlm_attr_filter.so
/usr/lib64/freeradius/rlm_cache.so
/usr/lib64/freeradius/rlm_cache_rbtree.so
/usr/lib64/freeradius/rlm_chap.so
/usr/lib64/freeradius/rlm_counter.so
/usr/lib64/freeradius/rlm_cram.so
/usr/lib64/freeradius/rlm_date.so
/usr/lib64/freeradius/rlm_detail.so
/usr/lib64/freeradius/rlm_dhcp.so
/usr/lib64/freeradius/rlm_digest.so
/usr/lib64/freeradius/rlm_dynamic_clients.so
/usr/lib64/freeradius/rlm_eap.so
/usr/lib64/freeradius/rlm_eap_fast.so
/usr/lib64/freeradius/rlm_eap_gtc.so
/usr/lib64/freeradius/rlm_eap_leap.so
/usr/lib64/freeradius/rlm_eap_md5.so
/usr/lib64/freeradius/rlm_eap_mschapv2.so
/usr/lib64/freeradius/rlm_eap_peap.so
/usr/lib64/freeradius/rlm_eap_pwd.so
/usr/lib64/freeradius/rlm_eap_sim.so
/usr/lib64/freeradius/rlm_eap_tls.so
/usr/lib64/freeradius/rlm_eap_tnc.so
/usr/lib64/freeradius/rlm_eap_ttls.so
/usr/lib64/freeradius/rlm_exec.so
/usr/lib64/freeradius/rlm_expiration.so
/usr/lib64/freeradius/rlm_expr.so
/usr/lib64/freeradius/rlm_files.so
/usr/lib64/freeradius/rlm_ippool.so
/usr/lib64/freeradius/rlm_linelog.so
/usr/lib64/freeradius/rlm_logintime.so
/usr/lib64/freeradius/rlm_mschap.so
/usr/lib64/freeradius/rlm_otp.so
/usr/lib64/freeradius/rlm_pam.so
/usr/lib64/freeradius/rlm_pap.so
/usr/lib64/freeradius/rlm_passwd.so
/usr/lib64/freeradius/rlm_preprocess.so
/usr/lib64/freeradius/rlm_radutmp.so
/usr/lib64/freeradius/rlm_realm.so
/usr/lib64/freeradius/rlm_replicate.so
/usr/lib64/freeradius/rlm_soh.so
/usr/lib64/freeradius/rlm_sometimes.so
/usr/lib64/freeradius/rlm_sql.so
/usr/lib64/freeradius/rlm_sql_null.so
/usr/lib64/freeradius/rlm_sqlcounter.so
/usr/lib64/freeradius/rlm_sqlippool.so
/usr/lib64/freeradius/rlm_unix.so
/usr/lib64/freeradius/rlm_unpack.so
/usr/lib64/freeradius/rlm_utf8.so
/usr/lib64/freeradius/rlm_wimax.so
/usr/lib64/freeradius/rlm_yubikey.so
/usr/sbin/checkrad
/usr/sbin/raddebug
/usr/sbin/radiusd
/usr/sbin/radmin
/usr/share/doc/freeradius-3.0.13/LICENSE.gpl
/usr/share/doc/freeradius-3.0.13/LICENSE.lgpl
/usr/share/doc/freeradius-3.0.13/LICENSE.openssl
/usr/share/doc/freeradius-3.0.13/REDHAT
/usr/share/freeradius
/usr/share/freeradius/dictionary
/usr/share/freeradius/dictionary.3com
/usr/share/freeradius/dictionary.3gpp
/usr/share/freeradius/dictionary.3gpp2
/usr/share/freeradius/dictionary.acc
/usr/share/freeradius/dictionary.acme
/usr/share/freeradius/dictionary.actelis
/usr/share/freeradius/dictionary.adtran
/usr/share/freeradius/dictionary.aerohive
/usr/share/freeradius/dictionary.airespace
/usr/share/freeradius/dictionary.alcatel
/usr/share/freeradius/dictionary.alcatel-lucent.aaa
/usr/share/freeradius/dictionary.alcatel.esam
/usr/share/freeradius/dictionary.alcatel.sr
/usr/share/freeradius/dictionary.alteon
/usr/share/freeradius/dictionary.altiga
/usr/share/freeradius/dictionary.alvarion
/usr/share/freeradius/dictionary.alvarion.wimax.v2_2
/usr/share/freeradius/dictionary.apc
/usr/share/freeradius/dictionary.aptilo
/usr/share/freeradius/dictionary.aptis
/usr/share/freeradius/dictionary.arbor
/usr/share/freeradius/dictionary.arista
/usr/share/freeradius/dictionary.aruba
/usr/share/freeradius/dictionary.ascend
/usr/share/freeradius/dictionary.ascend.illegal
/usr/share/freeradius/dictionary.asn
/usr/share/freeradius/dictionary.audiocodes
/usr/share/freeradius/dictionary.avaya
/usr/share/freeradius/dictionary.azaire
/usr/share/freeradius/dictionary.bay
/usr/share/freeradius/dictionary.bintec
/usr/share/freeradius/dictionary.bluecoat
/usr/share/freeradius/dictionary.boingo
/usr/share/freeradius/dictionary.bristol
/usr/share/freeradius/dictionary.broadsoft
/usr/share/freeradius/dictionary.brocade
/usr/share/freeradius/dictionary.bskyb
/usr/share/freeradius/dictionary.bt
/usr/share/freeradius/dictionary.cablelabs
/usr/share/freeradius/dictionary.cabletron
/usr/share/freeradius/dictionary.camiant
/usr/share/freeradius/dictionary.checkpoint
/usr/share/freeradius/dictionary.chillispot
/usr/share/freeradius/dictionary.cisco
/usr/share/freeradius/dictionary.cisco.asa
/usr/share/freeradius/dictionary.cisco.bbsm
/usr/share/freeradius/dictionary.cisco.vpn3000
/usr/share/freeradius/dictionary.cisco.vpn5000
/usr/share/freeradius/dictionary.citrix
/usr/share/freeradius/dictionary.clavister
/usr/share/freeradius/dictionary.cnergee
/usr/share/freeradius/dictionary.colubris
/usr/share/freeradius/dictionary.columbia_university
/usr/share/freeradius/dictionary.compat
/usr/share/freeradius/dictionary.compatible
/usr/share/freeradius/dictionary.cosine
/usr/share/freeradius/dictionary.dante
/usr/share/freeradius/dictionary.dhcp
/usr/share/freeradius/dictionary.digium
/usr/share/freeradius/dictionary.dlink
/usr/share/freeradius/dictionary.dragonwave
/usr/share/freeradius/dictionary.efficientip
/usr/share/freeradius/dictionary.eltex
/usr/share/freeradius/dictionary.epygi
/usr/share/freeradius/dictionary.equallogic
/usr/share/freeradius/dictionary.ericsson
/usr/share/freeradius/dictionary.ericsson.ab
/usr/share/freeradius/dictionary.ericsson.packet.core.networks
/usr/share/freeradius/dictionary.erx
/usr/share/freeradius/dictionary.extreme
/usr/share/freeradius/dictionary.f5
/usr/share/freeradius/dictionary.fdxtended
/usr/share/freeradius/dictionary.fortinet
/usr/share/freeradius/dictionary.foundry
/usr/share/freeradius/dictionary.freedhcp
/usr/share/freeradius/dictionary.freeradius
/usr/share/freeradius/dictionary.freeradius.internal
/usr/share/freeradius/dictionary.freeswitch
/usr/share/freeradius/dictionary.gandalf
/usr/share/freeradius/dictionary.garderos
/usr/share/freeradius/dictionary.gemtek
/usr/share/freeradius/dictionary.h3c
/usr/share/freeradius/dictionary.hillstone
/usr/share/freeradius/dictionary.hp
/usr/share/freeradius/dictionary.huawei
/usr/share/freeradius/dictionary.iana
/usr/share/freeradius/dictionary.iea
/usr/share/freeradius/dictionary.infoblox
/usr/share/freeradius/dictionary.infonet
/usr/share/freeradius/dictionary.ipunplugged
/usr/share/freeradius/dictionary.issanni
/usr/share/freeradius/dictionary.itk
/usr/share/freeradius/dictionary.juniper
/usr/share/freeradius/dictionary.karlnet
/usr/share/freeradius/dictionary.kineto
/usr/share/freeradius/dictionary.lancom
/usr/share/freeradius/dictionary.lantronix
/usr/share/freeradius/dictionary.livingston
/usr/share/freeradius/dictionary.localweb
/usr/share/freeradius/dictionary.lucent
/usr/share/freeradius/dictionary.manzara
/usr/share/freeradius/dictionary.meinberg
/usr/share/freeradius/dictionary.meraki
/usr/share/freeradius/dictionary.merit
/usr/share/freeradius/dictionary.meru
/usr/share/freeradius/dictionary.microsemi
/usr/share/freeradius/dictionary.microsoft
/usr/share/freeradius/dictionary.mikrotik
/usr/share/freeradius/dictionary.motorola
/usr/share/freeradius/dictionary.motorola.illegal
/usr/share/freeradius/dictionary.motorola.wimax
/usr/share/freeradius/dictionary.navini
/usr/share/freeradius/dictionary.netscreen
/usr/share/freeradius/dictionary.networkphysics
/usr/share/freeradius/dictionary.nexans
/usr/share/freeradius/dictionary.nokia
/usr/share/freeradius/dictionary.nokia.conflict
/usr/share/freeradius/dictionary.nomadix
/usr/share/freeradius/dictionary.nortel
/usr/share/freeradius/dictionary.ntua
/usr/share/freeradius/dictionary.openser
/usr/share/freeradius/dictionary.packeteer
/usr/share/freeradius/dictionary.paloalto
/usr/share/freeradius/dictionary.patton
/usr/share/freeradius/dictionary.perle
/usr/share/freeradius/dictionary.propel
/usr/share/freeradius/dictionary.prosoft
/usr/share/freeradius/dictionary.proxim
/usr/share/freeradius/dictionary.purewave
/usr/share/freeradius/dictionary.quiconnect
/usr/share/freeradius/dictionary.quintum
/usr/share/freeradius/dictionary.redcreek
/usr/share/freeradius/dictionary.rfc2865
/usr/share/freeradius/dictionary.rfc2866
/usr/share/freeradius/dictionary.rfc2867
/usr/share/freeradius/dictionary.rfc2868
/usr/share/freeradius/dictionary.rfc2869
/usr/share/freeradius/dictionary.rfc3162
/usr/share/freeradius/dictionary.rfc3576
/usr/share/freeradius/dictionary.rfc3580
/usr/share/freeradius/dictionary.rfc4072
/usr/share/freeradius/dictionary.rfc4372
/usr/share/freeradius/dictionary.rfc4603
/usr/share/freeradius/dictionary.rfc4675
/usr/share/freeradius/dictionary.rfc4679
/usr/share/freeradius/dictionary.rfc4818
/usr/share/freeradius/dictionary.rfc4849
/usr/share/freeradius/dictionary.rfc5090
/usr/share/freeradius/dictionary.rfc5176
/usr/share/freeradius/dictionary.rfc5447
/usr/share/freeradius/dictionary.rfc5580
/usr/share/freeradius/dictionary.rfc5607
/usr/share/freeradius/dictionary.rfc5904
/usr/share/freeradius/dictionary.rfc6519
/usr/share/freeradius/dictionary.rfc6572
/usr/share/freeradius/dictionary.rfc6677
/usr/share/freeradius/dictionary.rfc6911
/usr/share/freeradius/dictionary.rfc6929
/usr/share/freeradius/dictionary.rfc6930
/usr/share/freeradius/dictionary.rfc7055
/usr/share/freeradius/dictionary.rfc7155
/usr/share/freeradius/dictionary.rfc7268
/usr/share/freeradius/dictionary.rfc7499
/usr/share/freeradius/dictionary.rfc7930
/usr/share/freeradius/dictionary.riverbed
/usr/share/freeradius/dictionary.riverstone
/usr/share/freeradius/dictionary.roaringpenguin
/usr/share/freeradius/dictionary.ruckus
/usr/share/freeradius/dictionary.ruggedcom
/usr/share/freeradius/dictionary.sangoma
/usr/share/freeradius/dictionary.sg
/usr/share/freeradius/dictionary.shasta
/usr/share/freeradius/dictionary.shiva
/usr/share/freeradius/dictionary.siemens
/usr/share/freeradius/dictionary.slipstream
/usr/share/freeradius/dictionary.sofaware
/usr/share/freeradius/dictionary.sonicwall
/usr/share/freeradius/dictionary.springtide
/usr/share/freeradius/dictionary.starent
/usr/share/freeradius/dictionary.starent.vsa1
/usr/share/freeradius/dictionary.surfnet
/usr/share/freeradius/dictionary.symbol
/usr/share/freeradius/dictionary.t_systems_nova
/usr/share/freeradius/dictionary.telebit
/usr/share/freeradius/dictionary.telkom
/usr/share/freeradius/dictionary.terena
/usr/share/freeradius/dictionary.trapeze
/usr/share/freeradius/dictionary.travelping
/usr/share/freeradius/dictionary.tropos
/usr/share/freeradius/dictionary.ukerna
/usr/share/freeradius/dictionary.unix
/usr/share/freeradius/dictionary.usr
/usr/share/freeradius/dictionary.usr.illegal
/usr/share/freeradius/dictionary.utstarcom
/usr/share/freeradius/dictionary.valemount
/usr/share/freeradius/dictionary.versanet
/usr/share/freeradius/dictionary.vqp
/usr/share/freeradius/dictionary.walabi
/usr/share/freeradius/dictionary.waverider
/usr/share/freeradius/dictionary.wichorus
/usr/share/freeradius/dictionary.wifialliance
/usr/share/freeradius/dictionary.wimax
/usr/share/freeradius/dictionary.wimax.alvarion
/usr/share/freeradius/dictionary.wimax.wichorus
/usr/share/freeradius/dictionary.wispr
/usr/share/freeradius/dictionary.xedia
/usr/share/freeradius/dictionary.xylan
/usr/share/freeradius/dictionary.yubico
/usr/share/freeradius/dictionary.zeus
/usr/share/freeradius/dictionary.zte
/usr/share/freeradius/dictionary.zyxel
/usr/share/man/man5/clients.conf.5.gz
/usr/share/man/man5/dictionary.5.gz
/usr/share/man/man5/radiusd.conf.5.gz
/usr/share/man/man5/radrelay.conf.5.gz
/usr/share/man/man5/rlm_always.5.gz
/usr/share/man/man5/rlm_attr_filter.5.gz
/usr/share/man/man5/rlm_chap.5.gz
/usr/share/man/man5/rlm_counter.5.gz
/usr/share/man/man5/rlm_detail.5.gz
/usr/share/man/man5/rlm_digest.5.gz
/usr/share/man/man5/rlm_expr.5.gz
/usr/share/man/man5/rlm_files.5.gz
/usr/share/man/man5/rlm_idn.5.gz
/usr/share/man/man5/rlm_mschap.5.gz
/usr/share/man/man5/rlm_pap.5.gz
/usr/share/man/man5/rlm_passwd.5.gz
/usr/share/man/man5/rlm_realm.5.gz
/usr/share/man/man5/rlm_sql.5.gz
/usr/share/man/man5/rlm_unix.5.gz
/usr/share/man/man5/unlang.5.gz
/usr/share/man/man5/users.5.gz
/usr/share/man/man8/raddebug.8.gz
/usr/share/man/man8/radiusd.8.gz
/usr/share/man/man8/radmin.8.gz
/usr/share/man/man8/radrelay.8.gz
/usr/share/snmp/mibs/FREERADIUS-MGMT-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-NOTIFICATION-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-PRODUCT-RADIUSD-MIB.mib
/usr/share/snmp/mibs/FREERADIUS-SMI.mib
/usr/share/snmp/mibs/RADIUS-ACC-CLIENT-MIB.mib
/usr/share/snmp/mibs/RADIUS-ACC-SERVER-MIB.mib
/usr/share/snmp/mibs/RADIUS-AUTH-CLIENT-MIB.mib
/usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.mib
/usr/share/snmp/mibs/RADIUS-STAT-MIB.mib
/var/lib/radiusd
/var/log/radius
/var/log/radius/radacct
/var/log/radius/radius.log
/var/log/radius/radutmp
/var/run/radiusd
/var/run/radiusd/tmp
[root@radius html]#

查看FreeRADIUS工具包安装路径

[root@radius html]# rpm -lq freeradius-utils
/usr/bin/dhcpclient
/usr/bin/map_unit
/usr/bin/rad_counter
/usr/bin/radattr
/usr/bin/radclient
/usr/bin/radcrypt
/usr/bin/radeapclient
/usr/bin/radlast
/usr/bin/radsniff
/usr/bin/radsqlrelay
/usr/bin/radtest
/usr/bin/radwho
/usr/bin/radzap
/usr/bin/rlm_ippool_tool
/usr/bin/smbencrypt
/usr/share/man/man1/dhcpclient.1.gz
/usr/share/man/man1/rad_counter.1.gz
/usr/share/man/man1/radclient.1.gz
/usr/share/man/man1/radeapclient.1.gz
/usr/share/man/man1/radlast.1.gz
/usr/share/man/man1/radtest.1.gz
/usr/share/man/man1/radwho.1.gz
/usr/share/man/man1/radzap.1.gz
/usr/share/man/man1/smbencrypt.1.gz
/usr/share/man/man5/checkrad.5.gz
/usr/share/man/man8/radcrypt.8.gz
/usr/share/man/man8/radsniff.8.gz
/usr/share/man/man8/radsqlrelay.8.gz
/usr/share/man/man8/rlm_ippool_tool.8.gz
[root@radius html]#

查看FreeRADIUS MySQL数据库扩展包安装路

[root@radius html]# rpm -lq freeradius-mysql
/etc/raddb/mods-config/sql/counter/mysql
/etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
/etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
/etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
/etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
/etc/raddb/mods-config/sql/cui/mysql
/etc/raddb/mods-config/sql/cui/mysql/queries.conf
/etc/raddb/mods-config/sql/cui/mysql/schema.sql
/etc/raddb/mods-config/sql/ippool-dhcp/mysql
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
/etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
/etc/raddb/mods-config/sql/ippool/mysql
/etc/raddb/mods-config/sql/ippool/mysql/queries.conf
/etc/raddb/mods-config/sql/ippool/mysql/schema.sql
/etc/raddb/mods-config/sql/main/mysql
/etc/raddb/mods-config/sql/main/mysql/extras
/etc/raddb/mods-config/sql/main/mysql/extras/wimax
/etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf
/etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql
/etc/raddb/mods-config/sql/main/mysql/queries.conf
/etc/raddb/mods-config/sql/main/mysql/schema.sql
/etc/raddb/mods-config/sql/main/mysql/setup.sql
/etc/raddb/mods-config/sql/main/ndb
/etc/raddb/mods-config/sql/main/ndb/README
/etc/raddb/mods-config/sql/main/ndb/schema.sql
/etc/raddb/mods-config/sql/main/ndb/setup.sql
/usr/lib64/freeradius/rlm_sql_mysql.so
[root@radius html]#

注册并启动服务

[root@radius ~]# systemctl enable radiusd
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
[root@radius ~]# systemctl start radiusd
[root@radius ~]#

查看端口监听(UDP1812/UDP1813)

[root@radius ~]# netstat -ltun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 127.0.0.1:323           0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 127.0.0.1:18120         0.0.0.0:*
udp        0      0 0.0.0.0:56569           0.0.0.0:*
udp        0      0 0.0.0.0:1812            0.0.0.0:*
udp        0      0 0.0.0.0:1813            0.0.0.0:*
udp6       0      0 ::1:323                 :::*
udp6       0      0 :::54657                :::*
udp6       0      0 :::1812                 :::*
udp6       0      0 :::1813                 :::*
[root@radius ~]#

导入数据库

[root@radius ~]# mysql -uroot -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password:
[root@radius ~]#

启用数据库模块

[root@radius ~]# cd /etc/raddb/mods-enabled/
[root@radius mods-enabled]# ln -s ../mods-available/sql sql
[root@radius mods-enabled]#

修改数据库连接配置文件

[root@radius mods-enabled]# vi sql

driver = "rlm_sql_null"
driver = "rlm_sql_mysql"

dialect = "sqlite"
dialect = "mysql"

#       server = "localhost"
#       port = 3306
#       login = "radius"
#       password = "radpass"

        server = "localhost"
        port = 3306
        login = "radius"
        password = "radiuspassword"

#       read_clients = yes
        read_clients = yes

修改数据库连接配置文件属组

[root@radius mods-enabled]# ll sql
lrwxrwxrwx 1 root root 21 Feb 20 05:58 sql -> ../mods-available/sql
[root@radius mods-enabled]# chgrp -h radiusd sql
[root@radius mods-enabled]# ll sql
lrwxrwxrwx 1 root radiusd 21 Feb 20 05:58 sql -> ../mods-available/sql
[root@radius mods-enabled]#

下载daloRADIUS安装包并解压缩

[root@radius ~]# wget https://github.com/lirantal/daloradius/archive/master.zip
[root@radius ~]# cp -R daloradius-master/ /var/www/html/daloradius

导入数据库

[root@radius ~]# cd /var/www/html/
[root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Enter password:
[root@radius html]# mysql -uroot -p radius < daloradius/contrib/db/mysql-daloradius.sql
Enter password:
[root@radius html]#

修改目录及配置文件属性

[root@radius html]# chown -R apache.apache daloradius/
[root@radius html]# chmod 664 daloradius/library/daloradius.conf.php
[root@radius html]#

修改daloRADIUS配置文件

[root@radius html]# vi daloradius/library/daloradius.conf.php
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radiuspassword';
$configValues['CONFIG_DB_NAME'] = 'radius';

安装PEAR扩展

更新频道

[root@radius ~]# pear channel-update pear.php.net
Updating channel "pear.php.net"
Update of Channel "pear.php.net" succeeded
[root@radius ~]#

升级pear/PEAR版本

错误提示

[root@radius ~]# pear install DB
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"
pear/DB requires package "pear/PEAR" (version >= 1.10.0), installed version is 1.9.4
No valid packages found
install failed
[root@radius ~]#

升级操作

[root@radius ~]# pear install PEAR
WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus"
downloading PEAR-1.10.10.tgz ...
Starting to download PEAR-1.10.10.tgz (293,388 bytes)
.............................................................done: 293,388 bytes
downloading Archive_Tar-1.4.9.tgz ...
Starting to download Archive_Tar-1.4.9.tgz (21,343 bytes)
...done: 21,343 bytes
downloading Structures_Graph-1.1.1.tgz ...
Starting to download Structures_Graph-1.1.1.tgz (12,579 bytes)
...done: 12,579 bytes
downloading Console_Getopt-1.4.3.tgz ...
Starting to download Console_Getopt-1.4.3.tgz (5,789 bytes)
...done: 5,789 bytes
downloading XML_Util-1.4.3.tgz ...
Starting to download XML_Util-1.4.3.tgz (18,842 bytes)
...done: 18,842 bytes
install ok: channel://pear.php.net/Archive_Tar-1.4.9
install ok: channel://pear.php.net/Structures_Graph-1.1.1
install ok: channel://pear.php.net/Console_Getopt-1.4.3
install ok: channel://pear.php.net/XML_Util-1.4.3
install ok: channel://pear.php.net/PEAR-1.10.10
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
PEAR: To install optional features use "pear install pear/PEAR#featurename"
[root@radius ~]#

安装pear/DB扩展

[root@radius ~]# pear install DB
WARNING: "pear/DB" is deprecated in favor of "pear/MDB2"
downloading DB-1.9.3.tgz ...
Starting to download DB-1.9.3.tgz (132,290 bytes)
.............................done: 132,290 bytes
install ok: channel://pear.php.net/DB-1.9.3
[root@radius ~]#

安装pear/MDB2扩展

[root@radius ~]# pear install MDB2
downloading MDB2-2.4.1.tgz ...
Starting to download MDB2-2.4.1.tgz (121,557 bytes)
..........................done: 121,557 bytes
install ok: channel://pear.php.net/MDB2-2.4.1
MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2)
MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2)
MDB2: Optional feature mysql available (MySQL driver for MDB2)
MDB2: Optional feature mysqli available (MySQLi driver for MDB2)
MDB2: Optional feature mssql available (MS SQL Server driver for MDB2)
MDB2: Optional feature oci8 available (Oracle driver for MDB2)
MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2)
MDB2: Optional feature querysim available (Querysim driver for MDB2)
MDB2: Optional feature sqlite available (SQLite2 driver for MDB2)
MDB2: To install optional features use "pear install pear/MDB2#featurename"
[root@radius ~]#

重启服务

[root@radius ~]# systemctl restart radiusd

使用浏览器访问daloRADIUS控制台

2月 012020
 

自签根证书导入客户端计算机

正确的自签CA证书导入路径(证书-本地计算机-受信任的根证书颁发机构)

查看已导入的CA证书详情

错误的自签CA证书导入路径(证书-当前用户-受信任的根证书颁发机构)

证书导入位置错误时的连接错误提示:IKE身份验证凭证不可接受

拨号连接属性设置详情

常规选项卡

安全选项卡

网络选项卡

建立连接后的状态信息