线上部署

SSM整合姿势

https://blog.csdn.net/qq598535550/article/details/51703190

git安装依赖 
sudo yum -y install zlib-devel openssl-devel cpio expat-devel gettext-devel curl-devel perl-ExtUtils-CBuilder perl-ExtUtils- MakeMaker 

nginx安装依赖命令 
yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

Tomcat

server.xml
节点下添加

<Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
    <Context path="" debug="9" docBase="/webapppath" reloadable="false" crossContext="true"/>
</Host>

path:指定访问该Web应用的URL入口。这里可为 path="/"或path=""

docBase:指定Web应用的文件路径,可以给定绝对路径,也可以给定相对于的appBase属性的相对路径,

debug 为设定debug的等级0提供最少的信息,9提供最多的信息

nginx 安装

wget http://nginx.org/download/nginx-1.12.0.tar.gz

tar -zxf nginx-1.12.0.tar.gz

cd nginx-1.12.0

./configure --user=nginx --group=nginx --prefix=/usr/local/nginx/ all

make && make install

#创建nginx命令软链接到环境变量
ln -s /application/nginx/sbin/* /usr/local/sbin/

Jul 24 16:59:55 us-37 nginx[4711]: Starting nginx: nginx: [emerg] unknown log format "access" in /usr/local/nginx/conf/nginx.conf:94

解决

log_format没有打开的原因

在Nginx.conf文件中添加,若vhost中也有log,应加在include vhost/*.conf;之前

nginx负载均衡

#启用负载均衡
upstream tomcats {
      # ip_hash算法,session同步问题,不可以给服务器加权重
    ip_hash;
    server 192.168.1.101:8080;  
    server 192.168.1.102:8081;
    # 按后端服务器的响应时间来分配请求,响应时间短的优先分配。
    # fair;
  }
    location / {
            proxy_pass http://tomcats;
            expires 1d; 
        }

配置日志格式

  #log format
  log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
             '$status $body_bytes_sent "$http_referer" '
             '"$http_user_agent" $http_x_forwarded_for "$upstream_addr" "$upstream_response_time" $request_time $content_length';

让日志变成 json 格式存储

    log_format json_log '{"timestamp": "$time_local", '
    '"remote_addr": "$remote_addr", '
    '"remotr_user": "$remote_user", '
    '"referer": "$http_referer", '
    '"request": "$request", '
    '"status": $status, '
    '"bytes":$body_bytes_sent, '
    '"agent": "$http_user_agent", '
    '"x_forwarded": "$http_x_forwarded_for", '
    '"upstr_addr": "$upstream_addr",'
    '"upstr_host": "$upstream_http_host", '
    '"request_body": "$request_body", '
    '"ups_resp_time": "$upstream_response_time"}';
    
    access_log  logs/access.log  json_log;

Nginx反向代理设置

        location  /nsrep-rest/ {
          proxy_pass http://127.0.0.1:8080/;
        }

        # # 用户信息接口
        # location  /ns-rest/uCenter/user {
        #   proxy_pass http://127.0.0.1:8082/uCenter/user;
        # }

mysql安装

apt-get install mysql-server

/etc/my.cnf

[client]
port    = 3306
socket  = /data/mysql_data/mysqld.sock
[mysqld]
port    = 3306
socket  = /data/mysql_data/mysqld.sock
datadir = /data/mysql_data
lower_case_table_names = 1
skip-name-resolve
back_log = 50
max_connections = 100
max_connect_errors = 10
table_open_cache = 2048
max_allowed_packet = 512M
binlog_cache_size = 1M
max_heap_table_size = 64M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
thread_cache_size = 8
thread_concurrency = 8
query_cache_size = 64M
query_cache_limit = 2M
ft_min_word_len = 4
default-storage-engine = MYISAM
thread_stack = 192K
transaction_isolation = REPEATABLE-READ
tmp_table_size = 64M
log-bin=mysql-bin
binlog_format=mixed
slow_query_log
long_query_time = 2
server-id = 1
key_buffer_size = 32M
bulk_insert_buffer_size = 64M
myisam_sort_buffer_size = 128M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1
myisam_recover
innodb_additional_mem_pool_size = 16M
innodb_buffer_pool_size = 2G
innodb_data_file_path = ibdata1:10M:autoextend
innodb_write_io_threads = 8
innodb_read_io_threads = 8
innodb_thread_concurrency = 16
innodb_flush_log_at_trx_commit = 1
innodb_log_buffer_size = 8M
innodb_log_file_size = 256M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M
[mysqlhotcopy]
interactive-timeout
[mysqld_safe]
open-files-limit = 8192

CentOS安装MySQL

    # 在MySQL官网中下载YUM源rpm安装包:http://dev.mysql.com/downloads/repo/yum/ 
    # 下载mysql源安装包
    wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
    # 安装mysql源
    yum localinstall mysql57-community-release-el7-8.noarch.rpm
    
    # 检查mysql源是否安装成功
    yum repolist enabled | grep "mysql.*-community.*"
    # 修改vim /etc/yum.repos.d/mysql-community.repo源,改变默认安装的mysql版本。比如要安装5.6版本,将5.7源的enabled=1改成enabled=0
    
    # 安装MySQL
    yum install mysql-community-server
    
    # 启动MySQL服务
    systemctl start mysqld.service
    
    # 查看状态
    systemctl status mysqld.service
    
    # 开机启动
    systemctl enable mysqld
    systemctl daemon-reload
    
    # mysql安装完成之后,在/var/log/mysqld.log文件中给root生成了一个默认密码
    grep 'temporary password' /var/log/mysqld.log
    
    # 配置方式
    mysql_secure_installation
    # 使用临时密码登录
    mysql_secure_installation
    mysql -uroot -p
    # 修改:密码最小长度策略
    set global validate_password_length=0;
    # 修改:密码强度检查等级策略,0/LOW、1/MEDIUM、2/STRONG
    set global validate_password_policy=0;
    # 修改密码
    set password for 'root'@'localhost' = password('root');
    
    # 开启mysql的root用户远程连接服务(%号即远程连接,IDENTIFIED BY后面跟的密码)
    GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
    
    # 刷新权限
    flush privileges;
    
    # 开启3306服务
    /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
    service network restart

CentOS7重装MySQL5.x

1.查看包

rpm -qa | grep mysql

mysql57-community-release-el6-8.noarch

2.卸载上面的包

强制卸载,添加--nodeps

例如:  rpm -e --nodeps  mysql57-community-release

rpm -e mysql57-community-release
 

3 rpm -qa | grep mariadb

#列出所有被安装的rpm package

4.删除所有第三步列出的包

5.CentOS 7的yum源中貌似没有正常安装mysql时的mysql-sever文件,需要去官网上下载

wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server

成功安装之后重启mysql服务

service mysqld restart

初次安装mysql是root账户是没有密码的

编译安装MySQL

使用下面的命令检查是否安装有MySQL Server

rpm -qa | grep mysql

有的话通过下面的命令来卸载掉

rpm -e mysql   //普通删除模式
rpm -e --nodeps mysql    // 强力删除模式,如果使用上面命令删除时,提示有依赖的其它文件,则用该命令可以对其进行强力删除

安装编译代码需要的包

yum -y install make gcc-c++ cmake bison-devel  ncurses-devel

下载MySQL 5.6.14

wget http://cdn.mysql.com/Downloads/MySQL-5.6/mysql-5.6.14.tar.gz
tar xvf mysql-5.6.14.tar.gz
cd mysql-5.6.14

编译安装

cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DSYSCONFDIR=/etc \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock \
-DMYSQL_TCP_PORT=3306 \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DEXTRA_CHARSETS=all \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci

make && make install

编译的参数可以参考http://dev.mysql.com/doc/refman/5.5/en/source-configuration-options.html

整个过程需要30分钟左右……漫长的等待

配置MySQL

设置权限

使用下面的命令查看是否有mysql用户及用户组

cat /etc/passwd 查看用户列表
cat /etc/group  查看用户组列表

如果没有就创建

groupadd mysql
useradd -g mysql mysql

修改/usr/local/mysql权限

chown -R mysql:mysql /usr/local/mysql

修改/usr/local/mysql权限

初始化配置

进入安装路径

cd /usr/local/mysql

进入安装路径,执行初始化配置脚本,创建系统自带的数据库和表

scripts/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql

添加服务,拷贝服务脚本到init.d目录,并设置开机启动

cp support-files/mysql.server /etc/init.d/mysql
chkconfig mysql on
service mysql start  --启动MySQL

修改/etc/profile文件,在文件末尾添加

PATH=/usr/local/mysql/bin:$PATH
export PATH

mysql5.7中Invalid default value for 'stime'问题

    show variables like 'sql_mode';
    
    set session sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION';

MySQL 备份脚本

#!/bin/bash
# 数据库认证
user="root"
password="root"
host="127.0.0.1"
db_name="dbname"
# 其它
backup_path="/mysql_backup"
date=$(date +"%Y-%m-%d")
echo 'web file backup....'
echo '现在日期:'
date "+%Y-%m-%d %H:%M:%S"
echo '备份中.....'
# 设置导出文件的缺省权限
umask 177
# Dump数据库到SQL文件
mysqldump --user=$user --password=$password --host=$host $db_name > $backup_path/$db_name-$date.sql
echo '备份成功!'
cd /mysql_backup
ls

Error querying database. Cause: java.sql.SQLException: Expression #1 of ORDER BY clause is not in SELECT list, references column 'inxedu_customer_shuoke_wx.EDU_COURSE.add_time' which is not in SELECT list; this is incompatible with DISTINCT

错误提示DISTINCT不兼容,要么更改SQL,但是对于开发者来讲,sql运行一直都是正常的,可能是mysql 版本升级导致的安全问题,5.7.x安全性提升了很多,解决办法可以考虑修改MySQL配置文件,找到对应的my.cnf或者my.ini

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

my.ini

[client]
port=3306
default-character-set=utf8
[mysqld]
port=3306
character_set_server=utf8
# 设置为MYSQL的安装目录 
basedir=E:\Program Files\MySQL
# 设置为MYSQL的数据目录
datadir=E:\Program Files\MySQL\data
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
#开启查询缓存
explicit_defaults_for_timestamp=true

[WinMySQLAdmin]

[WindowsMySQLServer]
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

mysql windows免安装版配置时出现如下问题

传送门,绿色版安装教程: http://blog.csdn.net/qq_30617755/article/details/75213020

    ---------------------------
    mysqld.exe - 系统错误
    ---------------------------
    由于找不到 MSVCR120.dll,无法继续执行代码。重新安装程序可能会解决此问题。 
    ---------------------------
    ---------------------------
    mysqld.exe - 系统错误
    ---------------------------
    由于找不到 MSVCP120.dll,无法继续执行代码。重新安装程序可能会解决此问题。

解决办法:
查找C:\Windows\SysWOW64(32位C:\Windows\system32) 的系统目录MSVCR100.dll发现已经有了,怀疑是没有运行环境,参考如下方式下载
Microsoft Visual C++ 2013 x64 Redistributable (找准版本我下载的一个5M)

Win10系统丢失MSVCP100.dll导致程序无法启动的解决办法

Win10企业版系统用户反馈,他在运行程序的过程中弹出了一个系统错误窗口,提示“无法启动程序,因为计算机中丢失MSVCP100.dll”。很多用户都根据提示重新安装了该程序,然而问题并没有得到解决,这该怎么办呢?
步骤:
1、打开浏览器,在地址栏输入“www.microsoft.com/zh-cn”回车打开微软中国官方网站;
2、打开网页后在窗口右侧搜索框内输入“vc++ 2013 2010”,然后点击右侧的搜索按钮;
3、点击搜索出来的第一个链接;
4、在页面中选择安装语言,然后点击“下载”;

数据库设置

# window下MySQL绿色版初始化数据库
mysqld --initialize-insecure --user=mysql --explicit_defaults_for_timestamp

# 重置密码
mysqladmin -uroot -poldpassword password newpassword

# 关闭mysqld
mysqladmin -uroot -ppass shutdown

解决win下命令行中文乱码问题

show variables like'%char%';

# 设置编码
set character_set_database=utf8;
set character_set_server=utf8;
set character_set_client=gb2312;
set character_set_connection=gb2312;
set character_set_results=gb2312;

##gitee私钥添加

生成私钥

ssh-keygen.exe -t rsa -C "youthallen@163.com"

cat ~/.ssh/id_rsa.pub

把公钥添加到gitee公钥设置里

验证

ssh -T git@gitee.com

配置git

git config --global user.name "Allen"

git config --global user.email "youthallen@163.com"

#提交时转换为LF,检出时转换为CRLF
git config --global core.autocrlf true

#提交时转换为LF,检出时不转换
git config --global core.autocrlf input

#提交检出均不转换
git config --global core.autocrlf false

线上部署脚本

echo "===========进入git项目mmall目录============="
cd /developer/git-repository/mmall


echo "==========git切换分之到v1.0==============="
git checkout v1.0

echo "==================git fetch======================"
git fetch

echo "==================git pull======================"
git pull


echo "===========编译并跳过单元测试===================="
mvn clean package -Dmaven.test.skip=true


echo "============删除旧的ROOT.war==================="
rm /developer/apache-tomcat-7.0.73/webapps/ROOT.war


echo "======拷贝编译出来的war包到tomcat下-ROOT.war======="
cp /developer/git-repository/mmall/target/mmall.war  /developer/apache-tomcat-7.0.73/webapps/ROOT.war


echo "============删除tomcat下旧的ROOT文件夹============="
rm -rf /developer/apache-tomcat-7.0.73/webapps/ROOT



echo "====================关闭tomcat====================="
/developer/apache-tomcat-7.0.73/bin/shutdown.sh


echo "================sleep 10s========================="
for i in {1..10}
do
    echo $i"s"
    sleep 1s
done


echo "====================启动tomcat====================="
/developer/apache-tomcat-7.0.73/bin/startup.sh

防火墙配置

# Generated by iptables-save v1.4.7 on Fri Jan  6 16:53:09 2017
#*filter
#:INPUT ACCEPT [174:12442]
#:FORWARD ACCEPT [0:0]
#:OUTPUT ACCEPT [96:10704]
#-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT 
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT


#COMMIT
# Completed on Fri Jan  6 16:53:09 2017


#------------------------------------

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

#ssh port 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

#vsftpd
-A INPUT -p TCP --dport 61001:62000 -j ACCEPT
-A OUTPUT -p TCP --sport 61001:62000 -j ACCEPT

-A INPUT -p TCP --dport 20 -j ACCEPT
-A OUTPUT -p TCP --sport 20 -j ACCEPT
-A INPUT -p TCP --dport 21 -j ACCEPT
-A OUTPUT -p TCP --sport 21 -j ACCEPT


#mysql port
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

#tomcat remote debug port
-A INPUT -p tcp -m tcp --dport 5005 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

#nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

环境变量配置

# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}


if [ -x /usr/bin/id ]; then
    if [ -z "$EUID" ]; then
        # ksh workaround
        EUID=`id -u`
        UID=`id -ru`
    fi
    USER="`id -un`"
    LOGNAME=$USER
    MAIL="/var/spool/mail/$USER"
fi

# Path manipulation
if [ "$EUID" = "0" ]; then
    pathmunge /sbin
    pathmunge /usr/sbin
    pathmunge /usr/local/sbin
else
    pathmunge /usr/local/sbin after
    pathmunge /usr/sbin after
    pathmunge /sbin after
fi

HOSTNAME=`/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
    export HISTCONTROL=ignoreboth
else
    export HISTCONTROL=ignoredups
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi

for i in /etc/profile.d/*.sh ; do
    if [ -r "$i" ]; then
        if [ "${-#*i}" != "$-" ]; then
            . "$i"
        else
            . "$i" >/dev/null 2>&1
        fi
    fi
done

unset i
unset -f pathmunge



export JAVA_HOME=/usr/java/jdk1.7.0_80
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export MAVEN_HOME=/developer/apache-maven-3.0.5
export NODE_HOME=/usr/local/node-v4.4.7-linux-x64
export RUBY_HOME=/usr/local/ruby
export CATALINA_HOME=/developer/apache-tomcat-7.0.73

export PATH=$PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin:$MAVEN_HOME/bin:$NODE_HOME/bin:/usr/local/bin:$RUBY_HOME/bin


export LC_ALL=en_US.UTF-8

MySQL配置文件

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
old_passwords=1
character-set-server = utf8 
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

vsftpd的配置

本项目要用到的配置项:
1)local_root=/ftpfile(当本地用户登入时,将被更换到定义的目录下,默认值为各用户的家目录) 
2)anon_root=/ftpfile(使用匿名登入时,所登入的目录) 
3)use_localtime=YES(默认是GMT时间,改成使用本机系统时间)
4)anonymous_enable=NO(不允许匿名用户登录)
5)local_enable=YES(允许本地用户登录)
6)write_enable=YES(本地用户可以在自己家目录中进行读写操作)
7)local_umask=022(本地用户新增档案时的umask值)
8)dirmessage_enable=YES(如果启动这个选项,那么使用者第一次进入一个目录时,会检查该目录下是否有.message这个档案,如果有,则会出现此档案的内容,通常这个档案会放置欢迎话语,或是对该目录的说明。默认值为开启)
9)xferlog_enable=YES(是否启用上传/下载日志记录。如果启用,则上传与下载的信息将被完整纪录在xferlog_file 所定义的档案中。预设为开启。)
10)connect_from_port_20=YES(指定FTP使用20端口进行数据传输,默认值为YES)
11)xferlog_std_format=YES(如果启用,则日志文件将会写成xferlog的标准格式)
12)ftpd_banner=Welcome to mmall FTP Server(这里用来定义欢迎话语的字符串)
13)chroot_local_user=NO(用于指定用户列表文件中的用户是否允许切换到上级目录)
14)chroot_list_enable=YES(设置是否启用chroot_list_file配置项指定的用户列表文件)
15)chroot_list_file=/etc/vsftpd/chroot_list(用于指定用户列表文件)
16)listen=YES(设置vsftpd服务器是否以standalone模式运行,以standalone模式运行是一种较好的方式,此时listen必须设置为YES,此为默认值。建议不要更改,有很多与服务器运行相关的配置命令,需要在此模式下才有效,若设置为NO,则vsftpd不是以独立的服务运行,要受到xinetd服务的管控,功能上会受到限制)
17)pam_service_name=vsftpd(虚拟用户使用PAM认证方式,这里是设置PAM使用的名称,默认即可,与/etc/pam.d/vsftpd对应) userlist_enable=YES(是否启用vsftpd.user_list文件,黑名单,白名单都可以
18)pasv_min_port=61001(被动模式使用端口范围最小值)
19)pasv_max_port=62000(被动模式使用端口范围最大值)
20)pasv_enable=YES(pasv_enable=YES/NO(YES)
若设置为YES,则使用PASV工作模式;若设置为NO,则使用PORT模式。默认值为YES,即使用PASV工作模式。
   FTP协议有两种工作方式:PORT方式和PASV方式,中文意思为主动式和被动式。
   一、PORT(主动)方式的连接过程是:客户端向服务器的FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。 
  当需要传送数据时,客户端在命令链路上用 PORT命令告诉服务器:“我打开了****端口,你过来连接我”。于是服务器从20端口向客户端的****端口发送连接请求,建立一条数据链路来传送数据。
   二、PASV(被动)方式的连接过程是:客户端向服务器的FTP端口(默认是21)发送连接请求,服务器接受连接,建立一条命令链路。 
  当需要传送数据时,服务器在命令链路上用 PASV命令告诉客户端:“我打开了****端口,你过来连接我”。于是客户端向服务器的****端口发送连接请求,建立一条数据链路来传送数据。 
  从上面可以看出,两种方式的命令链路连接方法是一样的,而数据链路的建立方法就完全不同。而FTP的复杂性就在于此。
)

vsftpd.conf文件

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

local_root=/product/ftpfile 
#chroot_local_user=YES 
anon_root=/product/ftpfile
use_localtime=YES





#匿名
#anonymous_enable=YES
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to mmall FTP Server
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().

chroot_local_user=NO

chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

#pasv_enable=YES
pasv_min_port=61001
pasv_max_port=62000

selinux配置

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted

阿里pay文档

沙箱登录:https://openhome.alipay.com/platform/appDaily.htm 
沙箱环境使用说明:https://doc.open.alipay.com/doc2/detail.htm?treeId=200&articleId=105311&docType=1 
如何使用沙箱环境:https://support.open.alipay.com/support/hotProblemDetail.htm?spm=a219a.7386793.0.0.uS5uZ6&id=251932&tagId=100248 
当面付产品介绍:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.hV5Clx&treeId=193&articleId=105072&docType=1 
扫码支付接入指引:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.Ia6Wqy&treeId=193&articleId=106078&docType=1 
当面付快速接入:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.bROnXf&treeId=193&articleId=105170&docType=1 
当面付接入必读:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.hV5Clx&treeId=193&articleId=105322&docType=1 
当面付进阶功能:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.YFmkxI&treeId=193&articleId=105190&docType=1 
当面付异步通知-仅用于扫码支付:https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.BykVSR&treeId=193&articleId=103296&docType=1 
当面付SDK&DEMO:https://support.open.alipay.com/docs/doc.htm?spm=a219a.7386797.0.0.k0rwWc&treeId=193&articleId=105201&docType=1 
服务端SDK:https://doc.open.alipay.com/doc2/detail?treeId=54&articleId=103419&docType=1 
生成RSA密钥:https://doc.open.alipay.com/docs/doc.htm?treeId=291&articleId=105971&docType=1 
线上创建应用说明:https://doc.open.alipay.com/doc2/detail.htm?treeId=200&articleId=105310&docType=1#s0 
最后由 不一样的少年 编辑于2019年05月16日 14:14