步骤

1. 安装 sudo yum install vsftpd

2. 查找安装位置 whereis vsftpd

   展开代码
   vsftpd: /usr/sbin/vsftpd /etc/vsftpd /usr/share/man/man8/vsftpd.8.gz
   

3. 配置 /etc/vsftpd/vsftpd.conf

   • 关闭匿名登入

     anonymous_enable=NO

   • 配置用户权限

     allow_writeable_chroot=YES

     reverse_lookup_enable=NO

     chroot_local_user=YES

   • 具体见附录

4. 重要： 必须要把整个防火墙都关掉

   才能正常登入，只打开21端口，用户无法登入，猜测应该是vsftpd需要更多的端口

   • 查看防火墙状态

     systemctl status firewalld

     或者

     firewall-cmd --state

   • 暂时关闭防火墙

     systemctl stop firewalld

   • 如果有必要，可以把SElinux也关闭

     查看:

     /usr/sbin/sestatus -v

     临时关闭:

     setenforce 0

5. 对于大华的摄像头需要特别注意

   /etc/vsftpd.conf 必须配置：chroot_local_user=YES

   是否将所有用户限制在主目录,YES为启用 NO禁用.(该项默认值是NO,即在安装vsftpd后不做配置的话，ftp用户是可以向上切换到要目录之外的)

   注意，对于大华的摄像头，这个设定必须打开，否则测试将无法通过

   关闭这个选项时，海康的摄像头能够成功测试，并且整个ftp功能是正常的。

   vsftpd的配置到此结束

   • 查看 vsftpd.service服务的状态:

     systemctl status vsftpd.service

   • 关闭服务

     systemctl stop vsftpd.service

   • 开启服务

     systemctl stop vsftpd.service

6. 创建用户

7. 森林防火项目，配置conda 和 python环境

   有一个问题，opencv依赖的动态库 CentOS本地没有, 手动安装

   sh
   展开代码
   yum install libSM-1.2.2-2.el7.x86_64 --setopt=protected_multilib=false
   yum install libXrender-0.9.10-1.el7.x86_64 --setopt=protected_multilib=false
   yum install libXext.x86_64 --setopt=protected_multilib=false
   

8. 如果需要Nginx

   一般配置了ftp, 都需要通过网络可以访问到这些静态的文件，用nginx做是比较好的选择

   Nginx可以源码编译安装，也有centos package安装

   • yum包管理器安装 https://nginx.org/en/linux_packages.html#RHEL-CentOS

     1. 安装依赖 Install the prerequisites:

        sudo yum install yum-utils

     2. 配置Nginx的远程包仓库

        To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

     展开代码
     [nginx-stable]
     name=nginx stable repo
     baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
     gpgcheck=1
     enabled=1
     gpgkey=https://nginx.org/keys/nginx_signing.key
     module_hotfixes=true
     
     [nginx-mainline]
     name=nginx mainline repo
     baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
     gpgcheck=1
     enabled=0
     gpgkey=https://nginx.org/keys/nginx_signing.key
     module_hotfixes=true
     

     通常用默认的stable源就可以了，如果需要nginx主线上的版本，用如下的命令配置 yum

     By default, the repository for stable nginx packages is used. If you would like to use mainline nginx packages, run the following command:

     展开代码
     sudo yum-config-manager --enable nginx-mainline
     

     安装Nginx

     To install nginx, run the following command:

     展开代码
     sudo yum install nginx
     

     When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.

     如果有要求接受GPG秘钥，就接受。

   • /etc/nginx/nginx.conf 配置

     最简单的配置

     shell
     展开代码
     # For more information on configuration, see:
     #   * Official English Documentation: http://nginx.org/en/docs/
     #   * Official Russian Documentation: http://nginx.org/ru/docs/
     user nginx;
     worker_processes auto;
     error_log /var/log/nginx/error.log;
     pid /run/nginx.pid;
     # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
     include /usr/share/nginx/modules/*.conf;
     events {
         worker_connections 1024;
     }
     http {
         log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                           '$status $body_bytes_sent "$http_referer" '
                           '"$http_user_agent" "$http_x_forwarded_for"';
         access_log  /var/log/nginx/access.log  main;
         sendfile            on;
         tcp_nopush          on;
         tcp_nodelay         on;
         keepalive_timeout   65;
         types_hash_max_size 2048;
         include             /etc/nginx/mime.types;
         default_type        application/octet-stream;
         # Load modular configuration files from the /etc/nginx/conf.d directory.
         # See http://nginx.org/en/docs/ngx_core_module.html#include
         # for more information.
         include /etc/nginx/conf.d/*.conf;
         server {
             listen       80 default_server;
             listen       [::]:80 default_server;
             server_name  _;
             root  /;
             location /images/{
                 alias  /home/detector/output/;
                 index index.html;
                 autoindex on;
             }
         }
     

   • 运行 Nginx

     因为用包管理器安装，Nginx已经在我们的shell环境变量中了，可以直接调用，如果是编译安装的，记得把编译时写的--prefix 安装路径放到环境变量中

     • 校验配置文件是否正确

       nginx -t

     • 启动nginx

       nginx

     • 运行时重新导入配置

       nginx -s reload

     • 关闭Nginx

       nginx -s stop

附录

shell
展开代码
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=220
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
allow_writeable_chroot=YES
reverse_lookup_enable=NO