ubuntu-20.04.1-desktop上phpipam的其他功能扩展

1. 启用HTTPS服务

  HTTPS是在HTTP基础上加入SSL，安全性更高。嫌麻烦，我们使用OpenSSL生成免费证书，并在apache配置SSL。

1.1 使用openssl生成免费证书

1.安装OpenSSL。

ipam@ubuntu:~/Downloads$ sudo apt-get install openssl

2.生成一个RSA私钥，其中des加密算法，生成2048位私钥。

ipam@ubuntu:~/Downloads$ openssl genrsa -des3 -out ca.key 2048

查看生成的私钥可以使用

ipam@ubuntu:~/Downloads$ openssl rsa -text -in ca.key

3.创建证书签名请求CSR文件,生成过程中会要求填写一些信息

ipam@ubuntu:~/Downloads$ openssl req -new -key ca.key -out ca.csr
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:cn
Locality Name (eg, city) []:cn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cn
Organizational Unit Name (eg, section) []:cn
Common Name (e.g. server FQDN or YOUR name) []:cn //填写即将发布url的根服务器，如*.example.cn
Email Address []:cn

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:cn
string is too short, it needs to be at least 4 bytes long
A challenge password []:cncn   //你的证书密码，如果不想设置密码，可以直接回车
> An optional company name []:cn

查看csr文件命令如下

ipam@ubuntu:~/Downloads$ openssl req -text -in ca.csr -noout

4.生成签名证书

ipam@ubuntu:~/Downloads$ openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=C = cn, ST = cn, L = cn, O = cn, OU = cn, CN = cn, emailAddress = cn
Getting Private key
Enter pass phrase for ca.key:

1.2 配置apache

1.启用SSL模块
查看/etc/apache2/ports.conf端口配置文件

Listen 80


    Listen 443



    Listen 443

  可以看到要使用443服务，需要先启用SSL模块。

ipam@ubuntu:~/Downloads$ sudo a2enmod ssl

2.修改/etc/apache2/sites-available/内的配置文件
  为了方便管理，证书文件和私钥，分别拷贝至/etc/apache2/ssl/certs/ca.crt以及/etc/apache2/ssl/private/ca.key。由于apache在该文件夹内已创建了示例配置文件default-ssl.conf，修改即可。

#三个部分必须修改
SSLEngine On
SSLCertificateFile    /etc/apache2/ssl/certs/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/private/ca.key

  也可以拷贝000-default.conf文件，并进行简单修改。命名为phpipam-ssl.conf，内容如下：

    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    SSLEngine On
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/phpipam
    SSLCertificateFile /etc/apache2/ssl/certs/ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/ca.key
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

3.启用apache SSL配置
  若是修改了default-ssl.conf，则

ipam@ubuntu:/etc/apache2/sites-available$ sudo a2ensite default-ssl.conf 

文件名根据实际情况自行修改。
4.强制使用https
  由于之前配置过http服务，考虑强制转成https，即输入网址后自动跳转https服务。修改/etc/apache2/sites-available/000-default.conf，里面添加以下内容并保存。

RewriteEngine on
RewriteCond   %{HTTPS} !=on
RewriteRule   ^(.*)  https://%{SERVER_NAME}$1 [L,R]

5.重载apache

ipam@ubuntu:/etc/apache2/sites-available$ sudo systemctl reload apache2.service 

或者重启

ipam@ubuntu:/etc/apache2/sites-available$ sudo systemctl restart apache2.service 

2. 数据库自动备份

  cron是一个Linux定时执行工具，在Ubuntu，可通过/etc/crontab文件进行查看，或者crontab -l
1.打开cron，并进行编辑。保存关闭有命令提示。

ipam@ubuntu:~/Downloads$ crontab -e

2.配置定时备份
  文件备份在/home/ipam/Documents/bak/。另外，%在crontab为换行，因此%之前需要添加转义字符\；{} 和\之间有空格，\和;之间没有空格，否则会报错 /usr/bin/find: 缺少“-exec”参数。

#每天0时进行备份并对30天前的备份资料进行删除
* 0 */1 * * /usr/bin/mysqldump -uroot -p123456 phpipam > /home/ipam/Documents/bak/phpipam_bak_$(date "+\%Y\%m\%d").sql
* 0 */1 * * /usr/bin/find /home/ipam/Documents/bak/ -ctime +30 -exec rm {} \;

3. 定时扫描

  也是使用的crontab。

*/30 * * * * /usr/bin/php /var/www/phpipam/functions/scripts/pingCheck.php
*/30 * * * * /usr/bin/php /var/www/phpipam/functions/scripts/discoveryCheck.php

4. 参考资料（因为链接太多被判定为广告，需要的自行百度）

1. Config Server Firewall：How to Generate Self-signed SSL Certificate using OpenSSL in Ubuntu 18.04
2. 挑战者V：Ubuntu 16.04配置SSL免费证书
3. hiekay：ubuntu apache2 配置安装ssl证书,https]
4. 龙恩0707：使用openssl 生成免费证书
5. ubuntu wiki
6. linux 命令大全
7. nancy05：备份与还原mysql 数据库的常用命令
8. 大专栏 IP地址管理(IPAM)
9. crontab命令详解 含启动/重启/停止
10.killkill：crontab 的写法(@reboot, @1early...)
11. siaisjack：Linux下date命令，格式化输出，时间设置
12.听风：linux每日命令(21)：find命令之exec*
13. leno米雷のcoding记录：Linux的find命令实例详解和mtime ctime atime