罗马尼亚


罗马尼亚 抗投诉服务器

外贸空间 外贸服务器 外贸vps 抗投诉服务器 抗投诉vps 忽略投诉服务器 忽略投诉vps

no dmca free dmca  ignore dmca hosting

Offshore host

Offshore vps

Offshore dedicated server

销售E-mail:[email protected]

客户中心: https://my.cloudsrain.com

联系我们https://my.cloudsrain.com/submitticket.php?step=2&deptid=1

E3-12xx / 32GB内存 / 1TB SSD / 61 IP 1台 225美元 (约1575 元)/月
E3-12xx / 32GB内存 / 2TB sata/ 61ip 210美元(约1470元)/月 1台
E5 / 32GB内存 / 2TB sata/ 61ip 210美元(约1470元)/月 2台

Comments off

apache 2.4 版获取真实ip

apache 2.4版本默认已经加了 mod_remoteip ,检查配置如果发现未删除解析,请删除#.

 

1.以下加在apache 配置最后面里:

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1/24
#CloudFlare IP Ranges
RemoteIPInternalProxy 103.21.244.0/22
RemoteIPInternalProxy 103.22.200.0/22
RemoteIPInternalProxy 103.31.4.0/22
RemoteIPInternalProxy 104.16.0.0/12
RemoteIPInternalProxy 108.162.192.0/18
RemoteIPInternalProxy 131.0.72.0/22
RemoteIPInternalProxy 141.101.64.0/18
RemoteIPInternalProxy 162.158.0.0/15
RemoteIPInternalProxy 172.64.0.0/13
RemoteIPInternalProxy 173.245.48.0/20
RemoteIPInternalProxy 188.114.96.0/20
RemoteIPInternalProxy 190.93.240.0/20
RemoteIPInternalProxy 197.234.240.0/22
RemoteIPInternalProxy 198.41.128.0/17 #你的CDN的IP,可以重复添加

2.修改下面配置信息

  1. #修改日志格式,在日志格式中加上%a,然后重启apache即可:
  2. LogFormat “%h %a %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
  3. LogFormat “%h %a %l %u %t \”%r\” %>s %b” common
  4. LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combined

Comments off

cpanel使用第三方SSL(letsencrypt)非官方插件

细节看插件官方它好像是收费,我们只作测试请访问https://letsencrypt-for-cpanel.com/pricing 网站说明为试用72小时,你可以尝试72小时后是否还可以签发.

第三方SSL安装教程连接 https://letsencrypt-for-cpanel.com/docs/for-admins/installation/

1.增加安装源

wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo

2.更新安装软件

yum -y install letsencrypt-cpanel

3.安装后自检

le-cp self-test

下面为执行过程

[[email protected] ~]# yum -y install letsencrypt-cpanel Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 91.197.228.252 * cpanel-addons-production-feed: 91.197.228.252 * cpanel-plugins: 91.197.228.252 * base: ftp.tsukuba.wide.ad.jp * extras: ftp.tsukuba.wide.ad.jp * updates: ftp.tsukuba.wide.ad.jp EA4 | 2.9 kB 00:00:00 cpanel-addons-production-feed | 2.9 kB 00:00:00 cpanel-plugins | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 letsencrypt-cpanel | 2.9 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql57-community | 2.5 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/2): letsencrypt-cpanel/primary_db | 5.7 kB 00:00:00 (2/2): cpanel-plugins/x86_64/primary_db | 30 kB 00:00:00 Resolving Dependencies –> Running transaction check —> Package letsencrypt-cpanel.x86_64 0:0.15.1-1 will be installed –> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================= Installing: letsencrypt-cpanel x86_64 0.15.1-1 letsencrypt-cpanel 5.1 M Transaction Summary ============================================================================================================================================================================================================================================================= Install 1 Package Total download size: 5.1 M Installed size: 14 M Downloading packages: letsencrypt-cpanel-0.15.1-1.x86_64.rpm | 5.1 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction *** By running this installer, you indicate that you have read the end-user licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. *** Running installer as root OS version OK cPanel version OK No licence file detected at /etc/letsencrypt-cpanel.licence Fetching new trial licence … Licence file present Redirecting to /bin/systemctl stop letsencrypt-cpanel.service Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded. FleetSSL cPanel service daemon stopped Installing : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 This server has self-signed service certificates It is not safe to operate this plugin in this circumstance ‘insecure’ is being added to /etc/letsencrypt-cpanel.conf If you wish to generate a Let’s Encrypt cert for the server Please read the configuration documentation on our website, at https://cpanel.fleetssl.com/docs/service-certificates/ Config written to /etc/letsencrypt-cpanel.conf Uninstallation of existing service failed (it’s OK) Installed init scripts. Copied plugin files OK Installing cPanel paper_lantern plugin (may take a minute) … cPanel Plugin installer succeeded OK Installed chkservd scripts Added apache pre virtualhost global include Set cpanel tweak settings — Installation complete — The plugin should now be available in the cPanel feature manager Will rebuild conf and restart Apache to reload AutoSSL DCV URLs Rebuilding Apache conf and restarting now … Built /etc/apache2/conf/httpd.conf OK Verifying : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 Installed: letsencrypt-cpanel.x86_64 0:0.15.1-1 Complete! [[email protected] ~]# le-cp self-test [SELF-TEST] Has valid licence ………… SUCCESS. [SELF-TEST] Can read config ………… SUCCESS. [SELF-TEST] Can connect to Let’s Encrypt ………… SUCCESS. [SELF-TEST] Can talk to WHM API ………… SUCCESS. [SELF-TEST] Can talk to plugin RPC ………… SUCCESS. [SELF-TEST] System tuning correctness ………… SUCCESS. [[email protected] ~]#

 

5.以下为使用方法 https://letsencrypt-for-cpanel.com/docs/for-admins/autossl/

1.关于自动签发( AutoSSL )

该插件可以提供“ AutoSSL”类型的功能。

默认情况下禁用。

如果启用,它将每隔12小时(在续订完成后进行处理):

  • 查找符合以下条件的虚拟主机
  • 没有有效的证书(未自签名且在接下来的48小时内没有过期)
  • 收集所有通过DCV(域控制验证)检查的域,并通过插件为所有域添加证书
  • DCV失败的域将被自动跳过
  • 超出“加密”速率限制的证书(即每个证书超过100个名称)
  • 反复失败的域最终将停止重试,但始终可以通过UI发出它们.

启用/禁用

 

启用(推荐)
[[email protected]~]$ le-cp autossl enable
禁用
[[email protected]~]$ le-cp autossl disable

5.人工签发(如果发现证书过期,首先要删除证书

(Home »SSL/TLS »Manage SSL Hosts

6.然后到SSH使用命令签发:

le-cp ssl --user=用户名  issue abc.com www.abc.com
成功例子:
[[email protected] ~]# le-cp ssl --user=drma**** issue drmartens*******.fi www.drmartens*******.fi
INFO[0011] 1 certificates were returned
INFO[0011] Domain: drmartens*******.fi
INFO[0011]      Requested AltNames: [drmartens*******.fi www.drmartens*******.fi]
INFO[0011]      Expiry: 2020-05-12 21:49:45 -0400 EDT
INFO[0011]      URL: https://acme-v02.api.letsencrypt.org/acme/order/78038503/2315490342
INFO[0011]      Cert ID: drmartens*******_fi_d2ae8_3e4c3_1589334585_c28571a4e7223c826fa6ba29749bb59a
INFO[0011]      Key ID: d2ae8_3e4c3_73dbff3b435eb636c6faf1f391287465
INFO[0011]      Actual DNS Names on Certificate: [drmartens*******.fi www.drmartens*******.fi]

Comments off

密码保护:cpanel合并用户

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

cpanel用户创造多个网站

使用一个用户多个网站首先你要给用户分配域名权限:

创造套餐包

分配资源,然后点ADD.

多用户编辑


进入后选择一个用户,或者选择多个用户.拉到最下面:
进行分配套餐包
首先我们关闭一些dns检测NS功能,防止没有使用服务器DNS无法附加域名.

完成上面修改,然后进入cpanel子用户,也就是https://ip:2083端口.

添加新域名
上面是一个演示,域名自己替换.
完成上面后,得到细节.

然后我们来尝试上传文件,打开文件管理器.

添加域名的路径

Comments off

php

DSO

It is also known as mod_php.  It is the fastest way to serve the PHP requests. It runs PHP directly from the Apache without working like a separate service. The PHP scripts will run as the Apache user, which by default is the user ‘nobody’. In this case the PHP scripts all are owned & executed by the Apaches’s ‘nobody’ user. Therefore, we cannot track each individual user since they all run from one web server.  Security is another concern in DSO mode. It is vulnerable to malicious attacks that could modify your PHP scripts or modify the files outside of that user’s directory that had the PHP script that were exploitable. The benefit of the DSO handler is that it provides PHP opcode caching along with DSO to speed up the PHP requests. Also, we can set PHP directives directly via .htaccess files to control certain functionality of PHP.

You might choose DSO as your PHP handler if you only have one user and your primary concern is speed and performance.

CGI

CGI handler will run PHP as a CGI module as opposed to an Apache module. The CGI method is intended as a fallback handler for when DSO is not available. This method is neither fast nor secure. That is regardless of whether or not suEXEC is enabled. Nowadays, CGI handlers are used less frequently because of other handler benefits. Similar to suPHP and FastCGI, the CGI handler can use suEXEC. Instead, PHP executions are run by the file owner of a PHP script rather than the Apache “nobody” user. The usage of CGI handlers provides ease of configuration and support using suEXEC for reducing permission related issue. The main disadvantage of the CGI handler is that it is one of the slowest handler. The CGI handler is the least popular for this reason leading it to be one of the less frequently used handlers

CGI is a recommended PHP handler if suPHP, DSO, or FastCGI was not available in your server.

suPHP

Technically it is a CGI module, but it is entirely different from the CGI handler. It is the most flexible and secure way of serving PHP requests. The main advantage with this handler is it runs the PHP script as the user calling them, instead the ‘nobody’ user. Also, it is quite easy to monitor the usage of PHP script executions, because for every PHP request that is being processed a separate PHP process will be generated. Another advantage is that suPHP handler isolates one of the user on the server from others. This is a precaution taken because if one user’s account is misused then the attacker would only be able to view or modify files owned by that particular users. These applications require permission to have the ability to write, modify, and create files on the server. Permission management is easy to configure because all of your files are owned by just one user.

The main disadvantage of suPHP is speed and CPU load. This handler is recommended for small reseller clients, because it possess the high load of running separate PHP process per request. Also, if the server receives high amount of PHP requests in small period of time, this can result in a heavy load on your server.

The selection of suPHP as your PHP handler is recommended if you have multiple users on your server. You do not want to worry about setting permissions, and you are not having any performance issues with the PHP scripts that is currently used.

Fast CGI

FastCGI PHP handler is a faster way to serve PHP requests than using suPHP, but typically not as fast as using DSO. FastCGI helps reduce CPU usage by increasing the server’s available RAM in order to cache PHP scripts in the memory. This method is use instead of starting up a separate PHP process for each and every PHP request.

The main benefit of using FastCGI is that you can you can use suEXEC just like in the suPHP. This allows the PHP scripts to be executed by the actual user of the PHP script instead of the Apache’s ‘nobody’ user. It also does not require a single PHP process execution per request like suPHP does, which enhances the speed and the CPU usage by keeping PHP scripts in the memory. Issue regarding the memory usage is the drawback of FastCGI.  Also regarding the PHP opcode cache, itt keeps PHP sessions opened in the background in memory for faster access

FastCGI is the best handler if you are looking for a faster PHP execution, provided that you the high availability of memory to spare on your server.

Comments off

密码保护:监控

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

ovz源

yum remove -y kernel-firmware-2.6.32-696.30.1.el6.noarch
wget ie.archive.ubuntu.com/centos/6/cr/x86_64/Packages/kernel-firmware-2.6.32-754.el6.noarch.rpm

rpm -ivh kernel-firmware-2.6.32-754.el6.noarch.rpm

Comments off

密码保护:win7 key

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

Linux 连续执行多条命令

以前一直使用“shell+expect”组合。

后来在使用过程中,越发觉得expect这个东东太落后了,原因如下:

1. 官方已经停止发行新版本了;

2. 调试起来效率低,很多时候代码走的路子跟人想的差太多。

于是,后来决定使用python这一种脚本语言全部搞定。

实践证明,python开发效率非常高,的确是“糙快猛”。

停,跑题了。。。

在我的Automation case中,需要检查一个命令是否执行成功(假设命令为checklog,成功返回0,失败返回1)。

正常情况下,在checklog的下一句,直接“echo $?”,判断0,1即可。

但是,因为执行环境中的命令提示符中有0和1,所以pexpect无法判断“echo $?”的结果。

后来,琢磨着琢磨着,脑海里就冒出来上面的知识点来,试了一下,顺利解决问题特此Mark一下。

# 期望checklog执行成功
checklog && echo success
pexpect.expect(‘success’)

# 期望checklog执行失败
checklog || echo failure
pexpect.expect(‘failure’)

温习知识点:
1. 命令被分号“;”分隔,这些命令会顺序执行下去;
2. 命令被“&&”分隔,这些命令会顺序执行下去,遇到执行错误的命令停止;
3. 命令被双竖线“||”分隔,这些命令会顺序执行下去,遇到执行成功的命令停止,后面的所有命令都将不会执行;

Comments off

linux下测试网络速度

wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest.py
./speedtest.py
演示
[email protected]:~# ./speedtest.py
Retrieving speedtest.net configuration…
Testing from QuadraNet (104.129.8.16)…
Retrieving speedtest.net server list…
Selecting best server based on ping…
Hosted by Interoute VDC (Los Angeles, CA) [1.30 km]: 1.825 ms
Testing download speed……………………………………………………………………..    下行
Download: 97.70 Mbit/s
Testing upload speed……………………………………………………………………………………  上行
Upload: 94.82 Mbit/s

Comments off

semget: No space left on device DA 启动不了apache

This relates to semaphores on your system (you’ve run out).  Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

If this becomes a common occurance, then you may need to change your ipcs semaphore limits.
Set the following in your /etc/sysctl.conf:

kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024

and reboot your system to load in those values.

Comments off

密码保护:屏了一些ip

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

proxmox lxc改密码

1.在母机器lxc-attach -n  101

2.passwd

3.exit

Comments off

Linux配置防火墙,开启80端口、3306端口

1) 重启后生效
开启: chkconfig iptables on
关闭: chkconfig iptables off

2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop

 

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#最后重启防火墙使配置生效

 

 

systemctl stop iptables 防火墙 service iptables save systemctl restart iptables

评论

« Previous entries 下一页 » 下一页 »