罗马尼亚


罗马尼亚 抗投诉服务器

外贸空间 外贸服务器 外贸vps 抗投诉服务器 抗投诉vps 忽略投诉服务器 忽略投诉vps

no dmca free dmca  ignore dmca hosting

Offshore host

Offshore vps

Offshore dedicated server

销售E-mail:[email protected]

客户中心: https://my.cloudsrain.com

联系我们https://my.cloudsrain.com/submitticket.php?step=2&deptid=1

E3-12xx / 32GB内存 / 1TB SSD / 61 IP 1台 225美元 (约1575 元)/月
E3-12xx / 32GB内存 / 2TB sata/ 61ip 210美元(约1470元)/月 1台
E5 / 32GB内存 / 2TB sata/ 61ip 210美元(约1470元)/月 2台

Comments off

cpanel使用第三方SSL(letsencrypt)非官方插件

细节看插件官方它好像是收费,我们只作测试请访问https://letsencrypt-for-cpanel.com/pricing 网站说明为试用72小时,你可以尝试72小时后是否还可以签发.

第三方SSL安装教程连接 https://letsencrypt-for-cpanel.com/docs/for-admins/installation/

1.增加安装源

wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo

2.更新安装软件

yum -y install letsencrypt-cpanel

3.安装后自检

le-cp self-test

下面为执行过程

[[email protected] ~]# yum -y install letsencrypt-cpanel
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 91.197.228.252
* cpanel-addons-production-feed: 91.197.228.252
* cpanel-plugins: 91.197.228.252
* base: ftp.tsukuba.wide.ad.jp
* extras: ftp.tsukuba.wide.ad.jp
* updates: ftp.tsukuba.wide.ad.jp
EA4 | 2.9 kB 00:00:00
cpanel-addons-production-feed | 2.9 kB 00:00:00
cpanel-plugins | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
letsencrypt-cpanel | 2.9 kB 00:00:00
mysql-connectors-community | 2.5 kB 00:00:00
mysql-tools-community | 2.5 kB 00:00:00
mysql57-community | 2.5 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): letsencrypt-cpanel/primary_db | 5.7 kB 00:00:00
(2/2): cpanel-plugins/x86_64/primary_db | 30 kB 00:00:00
Resolving Dependencies
–> Running transaction check
—> Package letsencrypt-cpanel.x86_64 0:0.15.1-1 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================================
Installing:
letsencrypt-cpanel x86_64 0.15.1-1 letsencrypt-cpanel 5.1 M

Transaction Summary
=============================================================================================================================================================================================================================================================
Install 1 Package

Total download size: 5.1 M
Installed size: 14 M
Downloading packages:
letsencrypt-cpanel-0.15.1-1.x86_64.rpm | 5.1 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
*** By running this installer, you indicate that you have read the end-user
licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. ***

Running installer as root
OS version OK
cPanel version OK
No licence file detected at /etc/letsencrypt-cpanel.licence
Fetching new trial licence …
Licence file present
Redirecting to /bin/systemctl stop letsencrypt-cpanel.service
Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded.
FleetSSL cPanel service daemon stopped
Installing : letsencrypt-cpanel-0.15.1-1.x86_64 1/1

This server has self-signed service certificates
It is not safe to operate this plugin in this circumstance
‘insecure’ is being added to /etc/letsencrypt-cpanel.conf

If you wish to generate a Let’s Encrypt cert for the server
Please read the configuration documentation on our website, at
https://cpanel.fleetssl.com/docs/service-certificates/

Config written to /etc/letsencrypt-cpanel.conf
Uninstallation of existing service failed (it’s OK)
Installed init scripts.
Copied plugin files OK
Installing cPanel paper_lantern plugin (may take a minute) …
cPanel Plugin installer succeeded OK
Installed chkservd scripts
Added apache pre virtualhost global include
Set cpanel tweak settings

— Installation complete —
The plugin should now be available in the cPanel feature manager
Will rebuild conf and restart Apache to reload AutoSSL DCV URLs
Rebuilding Apache conf and restarting now …
Built /etc/apache2/conf/httpd.conf OK
Verifying : letsencrypt-cpanel-0.15.1-1.x86_64 1/1

Installed:
letsencrypt-cpanel.x86_64 0:0.15.1-1

Complete!
[[email protected] ~]# le-cp self-test
[SELF-TEST] Has valid licence ………… SUCCESS.
[SELF-TEST] Can read config ………… SUCCESS.
[SELF-TEST] Can connect to Let’s Encrypt ………… SUCCESS.
[SELF-TEST] Can talk to WHM API ………… SUCCESS.
[SELF-TEST] Can talk to plugin RPC ………… SUCCESS.
[SELF-TEST] System tuning correctness ………… SUCCESS.
[[email protected] ~]#

4.完成上面以后,在WHM(2087)改变签发功能

Home »SSL/TLS »Manage AutoSSL

以下为使用方法 https://letsencrypt-for-cpanel.com/docs/for-admins/autossl/

1.关于自动签发( AutoSSL )

该插件可以提供“ AutoSSL”类型的功能。

默认情况下禁用。

如果启用,它将每隔12小时(在续订完成后进行处理):

  • 查找符合以下条件的虚拟主机
  • 没有有效的证书(未自签名且在接下来的48小时内没有过期)
  • 收集所有通过DCV(域控制验证)检查的域,并通过插件为所有域添加证书
  • DCV失败的域将被自动跳过
  • 超出“加密”速率限制的证书(即每个证书超过100个名称)
  • 反复失败的域最终将停止重试,但始终可以通过UI发出它们.

启用/禁用

启用(推荐)
[[email protected]~]$ le-cp autossl enable
禁用
[[email protected]~]$ le-cp autossl disable

5.人工签发(如果发现证书过期,首先要删除证书

(Home »SSL/TLS »Manage SSL Hosts

6.然后到SSH使用命令签发:

le-cp ssl --user=用户名  issue abc.com www.abc.com
成功例子:
[[email protected] ~]# le-cp ssl --user=drma**** issue drmartens*******.fi www.drmartens*******.fi
INFO[0011] 1 certificates were returned
INFO[0011] Domain: drmartens*******.fi
INFO[0011]      Requested AltNames: [drmartens*******.fi www.drmartens*******.fi]
INFO[0011]      Expiry: 2020-05-12 21:49:45 -0400 EDT
INFO[0011]      URL: https://acme-v02.api.letsencrypt.org/acme/order/78038503/2315490342
INFO[0011]      Cert ID: drmartens*******_fi_d2ae8_3e4c3_1589334585_c28571a4e7223c826fa6ba29749bb59a
INFO[0011]      Key ID: d2ae8_3e4c3_73dbff3b435eb636c6faf1f391287465
INFO[0011]      Actual DNS Names on Certificate: [drmartens*******.fi www.drmartens*******.fi]

Comments off

密码保护:cpanel合并用户

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

cpanel用户创造多个网站

使用一个用户多个网站首先你要给用户分配域名权限:

创造套餐包

分配资源,然后点ADD.

多用户编辑


进入后选择一个用户,或者选择多个用户.拉到最下面:
进行分配套餐包
首先我们关闭一些dns检测NS功能,防止没有使用服务器DNS无法附加域名.

完成上面修改,然后进入cpanel子用户,也就是https://ip:2083端口.

添加新域名
上面是一个演示,域名自己替换.
完成上面后,得到细节.

然后我们来尝试上传文件,打开文件管理器.

添加域名的路径

Comments off

php

DSO

It is also known as mod_php.  It is the fastest way to serve the PHP requests. It runs PHP directly from the Apache without working like a separate service. The PHP scripts will run as the Apache user, which by default is the user ‘nobody’. In this case the PHP scripts all are owned & executed by the Apaches’s ‘nobody’ user. Therefore, we cannot track each individual user since they all run from one web server.  Security is another concern in DSO mode. It is vulnerable to malicious attacks that could modify your PHP scripts or modify the files outside of that user’s directory that had the PHP script that were exploitable. The benefit of the DSO handler is that it provides PHP opcode caching along with DSO to speed up the PHP requests. Also, we can set PHP directives directly via .htaccess files to control certain functionality of PHP.

You might choose DSO as your PHP handler if you only have one user and your primary concern is speed and performance.

CGI

CGI handler will run PHP as a CGI module as opposed to an Apache module. The CGI method is intended as a fallback handler for when DSO is not available. This method is neither fast nor secure. That is regardless of whether or not suEXEC is enabled. Nowadays, CGI handlers are used less frequently because of other handler benefits. Similar to suPHP and FastCGI, the CGI handler can use suEXEC. Instead, PHP executions are run by the file owner of a PHP script rather than the Apache “nobody” user. The usage of CGI handlers provides ease of configuration and support using suEXEC for reducing permission related issue. The main disadvantage of the CGI handler is that it is one of the slowest handler. The CGI handler is the least popular for this reason leading it to be one of the less frequently used handlers

CGI is a recommended PHP handler if suPHP, DSO, or FastCGI was not available in your server.

suPHP

Technically it is a CGI module, but it is entirely different from the CGI handler. It is the most flexible and secure way of serving PHP requests. The main advantage with this handler is it runs the PHP script as the user calling them, instead the ‘nobody’ user. Also, it is quite easy to monitor the usage of PHP script executions, because for every PHP request that is being processed a separate PHP process will be generated. Another advantage is that suPHP handler isolates one of the user on the server from others. This is a precaution taken because if one user’s account is misused then the attacker would only be able to view or modify files owned by that particular users. These applications require permission to have the ability to write, modify, and create files on the server. Permission management is easy to configure because all of your files are owned by just one user.

The main disadvantage of suPHP is speed and CPU load. This handler is recommended for small reseller clients, because it possess the high load of running separate PHP process per request. Also, if the server receives high amount of PHP requests in small period of time, this can result in a heavy load on your server.

The selection of suPHP as your PHP handler is recommended if you have multiple users on your server. You do not want to worry about setting permissions, and you are not having any performance issues with the PHP scripts that is currently used.

Fast CGI

FastCGI PHP handler is a faster way to serve PHP requests than using suPHP, but typically not as fast as using DSO. FastCGI helps reduce CPU usage by increasing the server’s available RAM in order to cache PHP scripts in the memory. This method is use instead of starting up a separate PHP process for each and every PHP request.

The main benefit of using FastCGI is that you can you can use suEXEC just like in the suPHP. This allows the PHP scripts to be executed by the actual user of the PHP script instead of the Apache’s ‘nobody’ user. It also does not require a single PHP process execution per request like suPHP does, which enhances the speed and the CPU usage by keeping PHP scripts in the memory. Issue regarding the memory usage is the drawback of FastCGI.  Also regarding the PHP opcode cache, itt keeps PHP sessions opened in the background in memory for faster access

FastCGI is the best handler if you are looking for a faster PHP execution, provided that you the high availability of memory to spare on your server.

Comments off

密码保护:监控

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

ovz源

yum remove -y kernel-firmware-2.6.32-696.30.1.el6.noarch
wget ie.archive.ubuntu.com/centos/6/cr/x86_64/Packages/kernel-firmware-2.6.32-754.el6.noarch.rpm

rpm -ivh kernel-firmware-2.6.32-754.el6.noarch.rpm

Comments off

密码保护:win7 key

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

Linux 连续执行多条命令

以前一直使用“shell+expect”组合。

后来在使用过程中,越发觉得expect这个东东太落后了,原因如下:

1. 官方已经停止发行新版本了;

2. 调试起来效率低,很多时候代码走的路子跟人想的差太多。

于是,后来决定使用python这一种脚本语言全部搞定。

实践证明,python开发效率非常高,的确是“糙快猛”。

停,跑题了。。。

在我的Automation case中,需要检查一个命令是否执行成功(假设命令为checklog,成功返回0,失败返回1)。

正常情况下,在checklog的下一句,直接“echo $?”,判断0,1即可。

但是,因为执行环境中的命令提示符中有0和1,所以pexpect无法判断“echo $?”的结果。

后来,琢磨着琢磨着,脑海里就冒出来上面的知识点来,试了一下,顺利解决问题特此Mark一下。

# 期望checklog执行成功
checklog && echo success
pexpect.expect(‘success’)

# 期望checklog执行失败
checklog || echo failure
pexpect.expect(‘failure’)

温习知识点:
1. 命令被分号“;”分隔,这些命令会顺序执行下去;
2. 命令被“&&”分隔,这些命令会顺序执行下去,遇到执行错误的命令停止;
3. 命令被双竖线“||”分隔,这些命令会顺序执行下去,遇到执行成功的命令停止,后面的所有命令都将不会执行;

Comments off

linux下测试网络速度

wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest.py
./speedtest.py
演示
[email protected]:~# ./speedtest.py
Retrieving speedtest.net configuration…
Testing from QuadraNet (104.129.8.16)…
Retrieving speedtest.net server list…
Selecting best server based on ping…
Hosted by Interoute VDC (Los Angeles, CA) [1.30 km]: 1.825 ms
Testing download speed……………………………………………………………………..    下行
Download: 97.70 Mbit/s
Testing upload speed……………………………………………………………………………………  上行
Upload: 94.82 Mbit/s

Comments off

semget: No space left on device DA 启动不了apache

This relates to semaphores on your system (you’ve run out).  Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

If this becomes a common occurance, then you may need to change your ipcs semaphore limits.
Set the following in your /etc/sysctl.conf:

kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024

and reboot your system to load in those values.

Comments off

密码保护:屏了一些ip

这是一篇受密码保护的文章,您需要提供访问密码:

Comments off

proxmox lxc改密码

1.在母机器lxc-attach -n  101

2.passwd

3.exit

Comments off

Linux配置防火墙,开启80端口、3306端口

1) 重启后生效
开启: chkconfig iptables on
关闭: chkconfig iptables off

2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop

 

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#最后重启防火墙使配置生效

 

 

systemctl stop iptables 防火墙 service iptables save systemctl restart iptables

评论

centos 单网卡加多ip

#写入以下内容

DEVICE=eth0                   //绑定IP段的网卡名称
ONBOOT=yes                    //开机启用此网卡
BOOTPROTO=static              //协议为静态
IPADDR_START=192.168.0.101    //网段的起始IP
IPADDR_END=192.168.0.120      //网段的截止IP
NETMASK=255.255.255.255       //子网掩码
CLONENUM_START=0              //这个数字是网卡别名的开始位置,比如这里的3是指eth0:0,并且会把IPADDR_START设置的IP192.168.0.101绑定到eth0:0上,以此类推
NO_ALIASROUTING=yes           //这个参数的作用是数据包始终通过eth0进出,不走网卡别名(如eth0:0),设置这个参数可以加快路由的响应速度,所以强烈建议配置。

评论

« Previous entries 下一页 » 下一页 »