duwenjun
2018-03-29T09:28:59+00:00
duwenjun
apache 下使用配置 https
2016-10-28T00:00:00+00:00
/https/2016/10/28/Linux-apache-https
<p>##主题介绍
apache 下使用配置 https 验证证书</p>
<!-- more -->
<p>##下载证书安装工具</p>
<ul>
<li><strong>下载地址</strong></li>
</ul>
<blockquote>
<p>git clone https://github.com/Neilpang/acme.sh.git .acme.sh</p>
</blockquote>
<p>##执行安装</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ln -s /root/.acme.sh/acme.sh /usr/local/bin/
$ acme.sh --issue --dns -d www.***.com --keylength ec-384
注:这步执行成功后会生成一个记录类型是text的_acme-challenge.www,需要到域名解析这个text
$ acme.sh --renew -d www.***.com --ecc
注:这步会生成合并证书和key
[Fri Oct 28 14:07:41 CST 2016] Your cert is in /root/.acme.sh/www.iguangj.com_ecc/www.iguangj.com.cer
* [Fri Oct 28 14:07:41 CST 2016] Your cert key is in /root/.acme.sh/www.iguangj.com_ecc/www.iguangj.com.key
[Fri Oct 28 14:07:42 CST 2016] The intermediate CA cert is in /root/.acme.sh/www.iguangj.com_ecc/ca.cer
* [Fri Oct 28 14:07:42 CST 2016] And the full chain certs is there: /root/.acme.sh/www.iguangj.com_ecc/fullchain.cer
</code></pre></div></div>
<p>##修改apache配置</p>
<ul>
<li><strong>通过火狐的设置工具:<code class="highlighter-rouge">https://mozilla.github.io/server-side-tls/ssl-config-generator</code></strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ vim http.onfig
{
Listen 443;
LoadModule ssl_module modules/mod_ssl.so;
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so;
# modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
}
$ vim vhost --> iguangj.conf
{
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /root/.acme.sh/www.iguangj.com_ecc/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/www.iguangj.com_ecc/www.iguangj.com.key
# Uncomment the following directive when using client certificate authentication
#SSLCACertificateFile /path/to/ca_certs_for_client_authentication
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
DocumentRoot /alidata/www/iguangj
ServerName www.iguangj.com
<Directory "/alidata/www/iguangj">
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>
ErrorLog "/alidata/log/httpd/iguangj-error.log"
CustomLog "/alidata/log/httpd/iguangj.log" common
</VirtualHost>
<VirtualHost *:80>
Redirect permanent / https://www.iguangj.com/
ServerName www.iguangj.com
</VirtualHost>
}
$ 重启 httpd
</code></pre></div></div>
Debian 8 下安装zabbix
2016-10-19T00:00:00+00:00
/linux/2016/10/19/Liunix-debian-zabbix
<p>##主题介绍
Debian 8下安装zabbix,监控服务器性能</p>
<!-- more -->
<p>##下载deb安装源</p>
<ul>
<li><strong>下载地址</strong></li>
</ul>
<blockquote>
<p>http://repo.zabbix.com/zabbix/3.2/debian/pool/main/z/zabbix-release/zabbix-release_3.2-1+jessie_all.deb</p>
</blockquote>
<p>##执行安装</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ dpkg -i zabbix-release_3.2-1+jessie_all.deb
$ apt-get update
$ apt-get install zabbix-server-mysql zabbix-frontend-php
</code></pre></div></div>
<p>###新建数据库</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ shell> mysql -uroot -p<password>
$ mysql> create database zabbix character set utf8 collate utf8_bin;
$ mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'du9283';
$ mysql> quit;
</code></pre></div></div>
<p>###导入数据库</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -uroot -p zabbix
</code></pre></div></div>
<ul>
<li><strong>修改zabbix_server配置</strong>
<blockquote>
<p>修改 <code class="highlighter-rouge">/etc/zabbix/zabbix_server.conf</code> 文件中数据库密码</p>
</blockquote>
</li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>DBPassword = du9283
</code></pre></div></div>
<ul>
<li><strong>重启 zabbix 服务生效</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ systemctl restart zabbix-server
</code></pre></div></div>
<ul>
<li><strong>设置zabbix网站</strong></li>
</ul>
<blockquote>
<p>在nginx配置中增加zabbix网站:<code class="highlighter-rouge">/usr/share/zabbix</code></p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ cp /etc/nginx/sites-available/defaule /etc/nginx/sites-available/zabbix
$ ln -s /etc/nginx/sites-available/zabbix /etc/nginx/sites-enabled
$ vim /etc/nginx/sites-enabled/zabbix
################################################
server {
listen 80;
listen [::]:80;
root /usr/share/zabbix;
index index.php index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
#################################################
$ systemctl reload nginx
</code></pre></div></div>
<blockquote>
<p>运行网站</p>
</blockquote>
<blockquote>
<p>修改php配置</p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ vim /etc/php/7.0/fpm/php.ini
</code></pre></div></div>
<blockquote>
<p>安装php扩展:<code class="highlighter-rouge">php-bcmath</code></p>
</blockquote>
<blockquote>
<p>安装代理<code class="highlighter-rouge">zabbix-agent</code></p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ apt-get install zabbix-agent
</code></pre></div></div>
php5.5升级到php7的操作步骤
2016-09-30T00:00:00+00:00
/php/2016/09/30/php-up
<p>##主题介绍
centos7.2下php5.5升级到php7的操作步骤</p>
<!-- more -->
<p>##下载php7镜像</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ wget -c http://cn2.php.net/get/php-7.0.11.tar.xz/from/this/mirror
$ tar xvf mirror
$ rm -rf /alidata/server/php
$ ln -sf /alidata/server/php-7.0.11 /alidata/server/php
</code></pre></div></div>
<p>##配置预编译脚本</p>
<ul>
<li><strong>此操作是预编译,提示的error缺失什么,用yum安装</strong></li>
</ul>
<blockquote>
<p>先<code class="highlighter-rouge">yum search ***</code>,找到<code class="highlighter-rouge">***-devel.x86_64</code>,再<code class="highlighter-rouge">yum install ***</code></p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ./configure \
--prefix=/alidata/server/php \
--with-config-file-path=/alidata/server/php/etc \
--with-apxs2=/alidata/server/httpd/bin/apxs \
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-static \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-libxml-dir \
--with-xmlrpc \
--with-openssl \
--with-mcrypt \
--enable-tokenizer \
--with-mhash \
--with-pcre-regex \
--with-sqlite3 \
--with-zlib \
--enable-bcmath \
--with-iconv=/usr/local/lib \
--with-bz2 \
--enable-calendar \
--with-curl \
--with-cdb \
--enable-dom \
--enable-exif \
--enable-fileinfo \
--enable-filter \
--with-pcre-dir \
--enable-ftp \
--with-gd \
--with-openssl-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir \
--with-freetype-dir \
--enable-gd-native-ttf \
--enable-gd-jis-conv \
--with-gettext \
--with-gmp \
--with-mhash \
--enable-json \
--enable-mbstring \
--enable-mbregex \
--enable-mbregex-backtrack \
--with-libmbfl \
--with-onig \
--enable-pdo \
--with-pdo-mysql=mysqlnd \
--with-zlib-dir \
--with-pdo-sqlite \
--with-readline \
--enable-session \
--enable-shmop \
--enable-simplexml \
--enable-xmlwriter \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--enable-wddx \
--with-libxml-dir \
--with-xsl \
--enable-zip \
--with-pear \
--enable-opcache
####如果是双核cpu,可以make -j2
$ lscpu
$ make && make install
$ cp php.ini-production /alidata/server/php/etc/php.ini
$ vim /alidata/server/httpd/conf/httpd.conf
{
<Ifmodule mime_module>
# 增加 php 文件类型支持
AddType application/x-httpd-php .php .html .htm
AddHandler application/x-httpd-php .php
</IfModule>
}
$ service httpd restart
</code></pre></div></div>
git本地服务器架设gogs操作步骤
2016-09-30T00:00:00+00:00
/git/2016/09/30/git-gogs
<p>##主题介绍
centos7.2下git本地服务器架设gogs操作步骤</p>
<!-- more -->
<p>##下载gogs</p>
<ul>
<li><strong>下载地址:<code class="highlighter-rouge">https://gogs.io/docs/installation/install_from_binary</code></strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ wget -c http://cn2.php.net/get/php-7.0.11.tar.xz/from/this/mirror
$ tar xvf gogs_v0.9.97_linux_amd64.tar.gz
$ cd gogs
$ ./gogs web
$ mv gogs /home/git/
$ chown -R git:git /home/git/
$ cp /home/git/gogs/scripts/systemd/gogs.service /etc/systemd/system/
$ systemctl daemon-reload
$ systemctl start gogs || systemctl status gogs
$ sudo -u git mkdir -p /home/git/gogs/custom/conf/
$ sudo -u git vim /home/git/gogs/custom/conf/app.ini
</code></pre></div></div>
<p>##创建git用户</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ cat /etc/passwd
$ which git-shell
$ useradd -m -G users,video -s /usr/bin/git-shell git
</code></pre></div></div>
<p>##mysql数据库建设</p>
<ul>
<li><strong>gogs依赖本地数据库,需要创建一个数据库</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mysql>
$ grant all privileges on git.* to 'git'@localhost identified by 'duwj9283' with grant option;
$ flush privileges;
</code></pre></div></div>
centos7.2下安装php phalcon 扩展
2016-09-30T00:00:00+00:00
/php/2016/09/30/Liunix-phalcon
<p>##主题介绍
centos7.2下安装php phalcon 扩展</p>
<!-- more -->
<p>##安装git</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ yum install php-dev git
$ mkdir build && cd build
</code></pre></div></div>
<p>##git下载phalcon扩展</p>
<ul>
<li><strong>此phalcon默认是php7下的扩展,如果当前php是5.5,请选择<code class="highlighter-rouge">cd cphalcon/build/php5/64bits</code></strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ git clone https://github.com/phalcon/cphalcon.git \
&& cd cphalcon/build/php7/64bits \
&& phpize \
&& ./configure \
&& make \
&& make install
$ bash -c 'echo "extension=phalcon.so" > /alidata/server/php/etc/php.ini'
$ service httpd restart
</code></pre></div></div>
centos6.5升级到7.2的方法
2016-09-29T00:00:00+00:00
/linux/2016/09/29/Liunix-up
<p>##主题介绍
centos6.5升级到7.2的方法</p>
<!-- more -->
<p>##官方教程</p>
<ul>
<li><strong>教程地址:<code class="highlighter-rouge">https://www.vultr.com/docs/how-to-upgrade-centos-6-to-centos-7</code></strong></li>
</ul>
<p>##安装升级工具需要的软件包</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ yum -y install openscap pcre-devel libxml2-devel libxslt-devel m2crypto python-simplejson mod_wsgi
</code></pre></div></div>
<p>###下载需要的软件包</p>
<ul>
<li><strong>请不要直接复制以下软件包安装链接,应该访问原站,查找最新的软件包</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-1.0.2-36.0.1.el6.centos.x86_64.rpm
$ rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-contents-0.5.14-1.el6.centos.noarch.rpm
$ rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-ui-1.0.2-36.0.1.el6.centos.x86_64.rpm
$ rpm -ihv http://dev.centos.org/centos/6/upg/x86_64/Packages/redhat-upgrade-tool-0.7.22-3.el6.centos.noarch.rpm
</code></pre></div></div>
<p> 获取可用的最近的镜像 - 访问 http://www.centos.org/download/mirrors/ 查看并选择最快镜像</p>
<p>##执行升级</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ redhat-upgrade-tool --network 7.2 --instrepo http://mirrors.aliyun.com/centos/7.2.1511/os/x86_64/ --force
</code></pre></div></div>
<ul>
<li><strong>另外还要修改centos的源文件</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ sed -i "s/6/7/g" /etc/yum.repos.d/CentOS-Base.repo
$ vim /etc/yum.repos.d/CentOS-Base.repo
$ yum clean all
$ yum makecache
</code></pre></div></div>
<ul>
<li><strong>升级成功</strong>
<blockquote>
<p>成功的升级会在最后看到消息 <code class="highlighter-rouge">Finished. Reboot to start upgrade</code>.。</p>
</blockquote>
</li>
<li><strong>重启</strong>
<blockquote>
<p>重启主机后,OS将启动一个称为System Upgrade的新的grub对象,支持将所有已经通过upgrade tool下载的软件包更新。。</p>
</blockquote>
</li>
</ul>
centos7.2下安装文档转换工具
2016-09-29T00:00:00+00:00
/linux/2016/09/29/Liunix-convert
<p>##主题介绍
centos7.2下安装文档转换工具,实现word、ppt、pdf转换成jpg图片,并设置服务器开机启动进程守护。脚本jar包持续运行中</p>
<!-- more -->
<p>##安装java</p>
<ul>
<li><strong>java下载地址</strong></li>
</ul>
<blockquote>
<p>http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html</p>
</blockquote>
<ul>
<li><strong>rmp包安装</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ rpm -ivh jdk-8u102-linux-x64.rpm
$ java -version
</code></pre></div></div>
<p>##文档转换设置</p>
<ul>
<li><strong>jar包及数据库配置下载地址</strong></li>
</ul>
<blockquote>
<p>链接: http://pan.baidu.com/s/1kVGwa5T 密码: <code class="highlighter-rouge">rn4h</code></p>
</blockquote>
<p>###服务配置</p>
<ul>
<li><strong>jar包及数据库移动到<code class="highlighter-rouge">/alidata/lib</code>文件夹下</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ vim /etc/systemd/system/convert-java.service
{
[Unit]
Description=Document Convert Service
Requires=httpd.service
After=httpd.service
[Service]
ExecStart=/usr/bin/java -jar convert-java.jar
Restart=always
RestartSec=10
User=www
Group=www
#Environment=
WorkingDirectory=/alidata/lib
[Install]
WantedBy=multi-user.target
}
$ systemctl daemon-reload
$ systemctl enable convert-java //注:service httpd stop -->systemctl restart httpd)
$ systemctl start convert-java
</code></pre></div></div>
<p>###注意事项</p>
<ul>
<li><strong>httpd服务用<code class="highlighter-rouge">systemctl</code>自身的httpd</strong></li>
</ul>
<blockquote>
<p>手动编译的<code class="highlighter-rouge">apache</code> 跟服务器的<code class="highlighter-rouge">httpd</code>可能路径配置不同,需要把服务器的<code class="highlighter-rouge">httpd</code>改成手动编译的httpd</p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ vim /etc/systemd/system/httpd.service
{
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/alidata/server/httpd/bin/envvars
ExecStart=/alidata/server/httpd/bin/httpd -k start
ExecReload=/alidata/server/httpd/bin/httpd -k graceful
ExecStop=/alidata/server/httpd/bin/httpd -k graceful-stop
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
#KillSignal=SIGCONT
#PrivateTmp=true
[Install]
WantedBy=multi-user.target
}
</code></pre></div></div>
centos7.2下安装ams
2016-09-29T00:00:00+00:00
/linux/2016/09/29/Liunix-ams
<p>##主题介绍
centos7.2下安装ams,支持rtmp的点播和推流直播</p>
<!-- more -->
<p>##序列号</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1652-5580-8001-8333-2201-1631
</code></pre></div></div>
<p>##下载软件包</p>
<ul>
<li><strong>百度网盘下载地址</strong></li>
</ul>
<blockquote>
<p>http://pan.baidu.com/s/1i55AHxV 密码:<code class="highlighter-rouge">7z6c</code></p>
</blockquote>
<p>##执行安装(选择端口的时候选择1935,9283)</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ tar xvf AdobeMediaServer5_x64.tar.gz -C /tmp/
$ cd /tmp/AMS_5_0_10_r1021 && sudo ./installAMS
####注:用户选择httpd进程的用户www;组也是www(不安装AMS内置的apache,apache选择n)
$ sudo systemctl enable ams
$ rm -r /tmp/AMS_5_0_10_r1021
</code></pre></div></div>
<ul>
<li><strong>目录配置</strong></li>
</ul>
<blockquote>
<p>修改 <code class="highlighter-rouge">/opt/adobe/ams/conf/ams.ini</code> 文件中下面两行到文件上传目录</p>
</blockquote>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>VOD_COMMON_DIR = /home/debian/www/upload
VOD_DIR = /home/debian/www/upload
</code></pre></div></div>
<ul>
<li><strong>重启 ams 服务生效</strong></li>
</ul>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ sudo /etc/init.d/ams restart
</code></pre></div></div>
<p>##注意事项</p>
<ul>
<li><strong>centos 7.0以下适用</strong></li>
</ul>
<blockquote>
<p>centos 7.0一下不支持 <code class="highlighter-rouge">systemctl</code> ,改成 <code class="highlighter-rouge">service ams restart</code></p>
</blockquote>