Posted
Filed under centos7
Edit your
/etc/yum.conf file and add
http_caching=packages

yum clean all
yum makecache
yum update

2019/07/11 17:45 2019/07/11 17:45
Posted
Filed under centos7

If you receive an error while restarting IPtables on your virtual machine that includes : raw nat mangle filter [FAILED] or similar, this is a known error with CentOS 5 / CentOS 6 on virtual architectures. You simply need to modify the : /etc/init.d/iptables file.

===참고
https://www.hostvirtual.com/kb/6383/IPtables-returns-an-error--security-raw-nat-mangle-filter-FAILED.html
===

Next, locate the below text, you can search for 'setting chains' Next add the lines labeled with + to the file, after the line with: case "$i"

vi /etc/init.d/iptables

echo -n $"${IPTABLES}: Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
        echo -n "$i "
        case "$i" in

<!-- 추가된 부분 -->
+           security)

+               $IPTABLES -t filter -P INPUT $policy \
+                   && $IPTABLES -t filter -P OUTPUT $policy \
+                   && $IPTABLES -t filter -P FORWARD $policy \
+                   || let ret+=1
+               ;;


            raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1
                ;;

2015/11/02 16:33 2015/11/02 16:33
Posted
Filed under centos7

CENTOS 6.6 에 NGINX1.8 설치 해서  java 환경 세팅중
502 BAD GATEWay error 가 발생 한다.다음 2 명령어로 깔끔하게 해결 할 수 있다.

나와 같은 에러가 CentOS/RHEL 계열 OS에서 발생한다면 다음 두개의 명령으로 말끔히 해결!

setsebool -P httpd_can_network_connect 1

 

더욱더 견고하게! fix하고 싶다면...

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

2015/05/20 19:59 2015/05/20 19:59
Posted
Filed under centos7

[원문] http://boredguy.net/how-to-fix-nginx-502-bad-gateway-error-on-centosrhel/

포워딩이 정상적으로 톰켓으로 전달이 안되는 경우

다음과 같은방법으로 해결 가능 하다.

How to fix nginx 502 Bad Gateway error on CentOS/RHEL

I was trying to set up a reverse proxy for Atlassian Jira and Confluence by using nginx, connected to http://localhost:8080. This is the error I was getting in my logs:

2015/02/10 10:59:37 [crit] 21155#0: *12 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "x.y.z"
2015/02/10 10:59:38 [error] 21155#0: *15 no live upstreams while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "http://localhost/", host: "x.y.z"

Turns out it was just a SELinux issue. I’ve fixed the problem by issuing this command:

setsebool -P httpd_can_network_connect 1

If you want, you can even completely disable SELinux this way:

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
This entry was posted in Atlassian, CentOS, nginx.
2015/05/08 01:34 2015/05/08 01:34
Posted
Filed under centos7
[원문] http://www.unixmen.com/configure-vsftpd-ssltls-centos-7/

 ftp접근시 22번 포트를 사용함

After installing vsftpd on CentOS 7 server, let us create a directory to store SSL certificates.

mkdir /etc/ssl/private

Then, create the certificate and key files using the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

You’ll be asked to enter the series of questions such as Country, State Code, Email address, Organization name etc. Enter the details one by one. Here is my sample output:

 Generating a 1024 bit RSA private key
 ......++++++
 .............++++++
 writing new private key to '/etc/ssl/private/vsftpd.pem'
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [XX]:IN
 State or Province Name (full name) []:TN
 Locality Name (eg, city) [Default City]:Erode
 Organization Name (eg, company) [Default Company Ltd]:Unixmen
 Organizational Unit Name (eg, section) []:Technical
 Common Name (eg, your name or your server's hostname) []:server1.unixmen.local
 Email Address []:sk@unixmen.com

In the common name field, you can either use hostname or IP address of your vsftpd server.

Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf,

vi /etc/vsftpd/vsftpd.conf

Add the following lines at the end:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Save and close the file. Restart vsftpd service.

systemctl restart vsftpd

Check FTP Server

Open Filezilla from your client system. Go to File -> Site Manager.

In the Site Manager window, select New Site.

Site Manager_003

Name your new site, or leave it as it is. In my case I name it as My local FTP. Enter the FTP server IP address, and select “Require explicit FTP over TLS” from the Encryption drop down box. In the Logon Type drop downbox, select Ask for password option, and enter your FTP user name. Finally click on the Connect button.

Site Manager_004

You’ll be asked to enter the ftp user password in the next screen.

Enter password_007

Now, you”ll be asked to accept the certificate that is being used to make sure the server can be trusted. In the Certificate window, you may see the list of values which is entered during the certificate generation process. Click Ok to accept the certificate and establish the connection.

Unknown certificate_008

That’s it. Now you’ll be able to access your FTP server.

My local Site - ftpes:--sk@192.168.1.150 - FileZilla_009

Note: if you keep getting the error “The data connection could not be established: EHOSTUNREACH – No route to host” after enabling SSL/TLS, disable iptables and try again.

That’s all for now. Cheers!

2015/05/08 00:31 2015/05/08 00:31
Posted
Filed under centos7
yum install vsftpd

vi /etc/vsftpd/vsftpd.conf


[root@www ~]#
yum -y install vsftpd
[root@www ~]#
vi /etc/vsftpd/vsftpd.conf

# line 12: no anonymous
anonymous_enable=NO
# line 82,83: uncomment ( allow ascii mode )

ascii_upload_enable=YES
ascii_download_enable=YES
# line 100, 101: uncomment ( enable chroot )

chroot_local_user=YES
chroot_list_enable=YES
# line 103: uncomment ( specify chroot list )

chroot_list_file=/etc/vsftpd/chroot_list
# line 109: uncomment

ls_recurse_enable=YES
# line 114: change ( if use IPv4 )

listen=
YES
# line 123: change ( turn to OFF if it's not need )

listen_ipv6=
NO
# add follows to the end

# specify root directory ( if don't specify, users' home directory become FTP home directory)

local_root=public_html
# use localtime

use_localtime=YES
# turn off for seccomp filter ( if you cannot login, add this line )

seccomp_sandbox=NO
[root@www ~]#
vi /etc/vsftpd/chroot_list
# add users you allow to move over their home directory

cent



2015/05/07 22:23 2015/05/07 22:23
Posted
Filed under centos7

방화벽 추가

firewall-cmd --permanent --zone=public --add-port=80/tcp

firewall-cmd --permanent --zone=public --add-port=8080/tcp

 firewall-cmd --permanent --zone=public --add-port=21/tcp

방화벽 확인

cat /etc/firewalld/zones/public.xml

 

방화벽 재시작

systemctl restart firewalld

2015/05/07 22:05 2015/05/07 22:05