Archive for Linux分享

apache 2.4 版获取真实ip

apache 2.4版本默认已经加了 mod_remoteip ,检查配置如果发现未删除解析,请删除#.

 

1.以下加在apache 配置最后面里:

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1/24
#CloudFlare IP Ranges
RemoteIPInternalProxy 103.21.244.0/22
RemoteIPInternalProxy 103.22.200.0/22
RemoteIPInternalProxy 103.31.4.0/22
RemoteIPInternalProxy 104.16.0.0/12
RemoteIPInternalProxy 108.162.192.0/18
RemoteIPInternalProxy 131.0.72.0/22
RemoteIPInternalProxy 141.101.64.0/18
RemoteIPInternalProxy 162.158.0.0/15
RemoteIPInternalProxy 172.64.0.0/13
RemoteIPInternalProxy 173.245.48.0/20
RemoteIPInternalProxy 188.114.96.0/20
RemoteIPInternalProxy 190.93.240.0/20
RemoteIPInternalProxy 197.234.240.0/22
RemoteIPInternalProxy 198.41.128.0/17 #你的CDN的IP,可以重复添加

2.修改下面配置信息

  1. #修改日志格式,在日志格式中加上%a,然后重启apache即可:
  2. LogFormat “%h %a %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
  3. LogFormat “%h %a %l %u %t \”%r\” %>s %b” common
  4. LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combined

Comments off

最大连接数设置太大,导致SSH无法登录

pam_limits(login:session): Could not set limit for ‘nofile’: Operation not permitted

COULD NOT SET LIMIT FOR ‘NOFILE’: OPERATION NOT PERMITTED的处理方法

若需要允许用户使用很大的文件资源需要先修改内核的文件资源数限制
修改用户可打开的文件数一般直接修改limits.conf的nofile 即可,但是如果将这个值修改为上百万很有可能导致ssh无法登陆、系统异常
因为很可能用户可打开的文件数量超过了内核可打开的文件数量
正确的修改方法如下:
先修改内核可打开文件数量,再修改用户可打开文件数量
内核限制数的具体位置是:
/proc/sys/fs/file-max –系统级别所有进程可打开的文件数
/proc/sys/fs/nr_open –定义了file-max允许被修改的最大值,file-max不可以超过该值
修改/etc/sysctl.conf增加:
fs.file-max =***
fs.nr_open = ***
即可修改内核的配置
修改完成后,再修改 /etc/security/limits.conf
  * soft nofile ***   * hard nofile ***
这里也要更改一下 /etc/security/limits.d/90-nproc.conf

Comments off

ovz源

yum remove -y kernel-firmware-2.6.32-696.30.1.el6.noarch
wget ie.archive.ubuntu.com/centos/6/cr/x86_64/Packages/kernel-firmware-2.6.32-754.el6.noarch.rpm

rpm -ivh kernel-firmware-2.6.32-754.el6.noarch.rpm

Comments off

Linux 连续执行多条命令

以前一直使用“shell+expect”组合。

后来在使用过程中,越发觉得expect这个东东太落后了,原因如下:

1. 官方已经停止发行新版本了;

2. 调试起来效率低,很多时候代码走的路子跟人想的差太多。

于是,后来决定使用python这一种脚本语言全部搞定。

实践证明,python开发效率非常高,的确是“糙快猛”。

停,跑题了。。。

在我的Automation case中,需要检查一个命令是否执行成功(假设命令为checklog,成功返回0,失败返回1)。

正常情况下,在checklog的下一句,直接“echo $?”,判断0,1即可。

但是,因为执行环境中的命令提示符中有0和1,所以pexpect无法判断“echo $?”的结果。

后来,琢磨着琢磨着,脑海里就冒出来上面的知识点来,试了一下,顺利解决问题特此Mark一下。

# 期望checklog执行成功
checklog && echo success
pexpect.expect(‘success’)

# 期望checklog执行失败
checklog || echo failure
pexpect.expect(‘failure’)

温习知识点:
1. 命令被分号“;”分隔,这些命令会顺序执行下去;
2. 命令被“&&”分隔,这些命令会顺序执行下去,遇到执行错误的命令停止;
3. 命令被双竖线“||”分隔,这些命令会顺序执行下去,遇到执行成功的命令停止,后面的所有命令都将不会执行;

Comments off

linux下测试网络速度

wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest.py
./speedtest.py
演示
root@cn2:~# ./speedtest.py
Retrieving speedtest.net configuration…
Testing from QuadraNet (104.129.8.16)…
Retrieving speedtest.net server list…
Selecting best server based on ping…
Hosted by Interoute VDC (Los Angeles, CA) [1.30 km]: 1.825 ms
Testing download speed……………………………………………………………………..    下行
Download: 97.70 Mbit/s
Testing upload speed……………………………………………………………………………………  上行
Upload: 94.82 Mbit/s

Comments off

semget: No space left on device DA 启动不了apache

This relates to semaphores on your system (you’ve run out).  Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

If this becomes a common occurance, then you may need to change your ipcs semaphore limits.
Set the following in your /etc/sysctl.conf:

kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024

and reboot your system to load in those values.

Comments off

密码保护:屏了一些ip

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

Comments off

proxmox lxc改密码

1.在母机器lxc-attach -n  101

2.passwd

3.exit

Comments off

Linux配置防火墙,开启80端口、3306端口

1) 重启后生效
开启: chkconfig iptables on
关闭: chkconfig iptables off

2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop

 

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#最后重启防火墙使配置生效

 

 

systemctl stop iptables 防火墙 service iptables save systemctl restart iptables

评论

centos 单网卡加多ip

#写入以下内容

DEVICE=eth0                   //绑定IP段的网卡名称
ONBOOT=yes                    //开机启用此网卡
BOOTPROTO=static              //协议为静态
IPADDR_START=192.168.0.101    //网段的起始IP
IPADDR_END=192.168.0.120      //网段的截止IP
NETMASK=255.255.255.255       //子网掩码
CLONENUM_START=0              //这个数字是网卡别名的开始位置,比如这里的3是指eth0:0,并且会把IPADDR_START设置的IP192.168.0.101绑定到eth0:0上,以此类推
NO_ALIASROUTING=yes           //这个参数的作用是数据包始终通过eth0进出,不走网卡别名(如eth0:0),设置这个参数可以加快路由的响应速度,所以强烈建议配置。

评论

iftop

安装iftop
安装方法1、编译安装
如果采用编译安装可以到iftop官网下载最新的源码包。

安装前需要已经安装好基本的编译所需的环境,比如make、gcc、autoconf等。安装iftop还需要安装libpcap和libcurses。

CentOS上安装所需依赖包:

yum install flex byacc libpcap ncurses ncurses-devel libpcap-devel

Debian上安装所需依赖包:

apt-get install flex byacc libpcap0.8 libncurses5

下载iftop

wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

tar zxvf iftop-0.17.tar.gz

cd iftop-0.17

./configure

make && make install

评论

负载高,自动重启mysql,apache

#!/bin/sh
# crontab: */3 * * * * /root/loadavg_restart_apache.sh >> /var/log/restart_apache.log
sync
sync
echo 3 > /proc/sys/vm/drop_caches
TOP_SYS_LOAD_NUM=5
SYS_LOAD_NUM=`uptime | awk ‘{print $(NF-2)}’ | sed ‘s/,//’`
echo $(date +”%y-%m-%d”) `uptime`
if [ `echo “$TOP_SYS_LOAD_NUM < $SYS_LOAD_NUM”|bc` -eq 1 ]
then
sync
echo “#0#” $(date +”%y-%m-%d %H:%M:%S”) “pkill httpd” `ps -ef | grep httpd | wc -l`
echo “#0#” $(date +”%y-%m-%d %H:%M:%S”) “pkill mysql” `ps -ef | grep mysql | wc -l`
service httpd stop
service mysql stop
sleep 8
pkill httpd
pkill mysql

sleep 8
for i in 1 2 3
do
if [ `pgrep mysql | wc -l` -le 0 ]
then
/sbin/service mysql start

sleep 30
echo “#1#” $(date +”%y-%m-%d %H:%M:%S”) “start mysql” `ps -ef | grep mysql | wc -l`

fi

if [ `pgrep httpd | wc -l` -le 0 ]
then

service httpd start

      service wdapache start

sleep 30

echo “#1#” $(date +”%y-%m-%d %H:%M:%S”) “start httpd” `ps -ef | grep httpd | wc -l`
fi

done
else
if [ `pgrep mysql | wc -l` -le 0 ]
then
/sbin/service mysql start

sleep 30
echo “#2#” $(date +”%y-%m-%d %H:%M:%S”) “start mysql” `ps -ef | grep mysql | wc -l`

fi

if [ `pgrep httpd | wc -l` -le 0 ]
then

service httpd start

 

sleep 30

echo “#2#” $(date +”%y-%m-%d %H:%M:%S”) “start httpd” `ps -ef | grep httpd | wc -l`
fi

fi

将以上文件,保存在 /root/loadavg_restart_apa_my.sh

然后在

crontab -e

添加

*/3 * * * * /root/loadavg_restart_apa_my.sh >> /var/log/restart_apa_my.log

*/3 ***** 表示3分钟,/root/loadavg_restart_apa_my.sh 你可以自定义。

评论

directadmin恢复

Step 1

Run System Backup on the old server.

Admin Tools >> System Backup

 

We will be backuping home directories and mysql db’s manually so Uncheck and unselect the following options on System Backup

Add user home directories to directory list below

Backup httpd data

Backup MySQL Databases

Check and Select

Backup DNS data

Backup Directories and Files listed below

All directories/files listed in bottom section of the System Backup

now click on the Run System Backup Now icon . The backup will be stored mostly in /home/backup ( it will depend upon how you have set it in DA )

Step 2

rsync the system backup to the Newserver.

root@old:~# rsync -avurz -e ssh –delete /home/backup root@Newserver_IP:/home/backup

Step 3

On the Newserver restore the system backups one by one manually.

For example, for restoring your /etc/virtual directory,

root@new:~# cd /etc
root@new:~# tar xvzfp /home/backup/<backup_date>/custom/etc/virtual.tar.gz

Please check here for the complete paths and files used on a DirectAdmin system.

( Do take extra care while restoring /etc/passwd /etc/shadow /etc/group etc.. )

Step 4

Synchronise the home directory

root@old:~# rsync -avurz -e ssh –delete /home root@Newserver_IP:/home

Step 5

Backup and restore the mysql DB’s

On Oldserver

root@old:~# cat /usr/local/directadmin/conf/mysql.conf

Get the da_admin password from the above file

root@old:~# mysqldump -u da_admin -p  –all-databases > /root/all_databases.sql

root@old:~# scp /root/all_databases.sql root@Newserver_IP:/root

On Newserver

root@new:~# cat /usr/local/directadmin/conf/mysql.conf

root@new:~# mysql -u da_admin -p < /root/all_databases.sql

Step 6

Use the ipswap script to change the Oldserver IP’s

root@new:~# cd /usr/local/direactadmin/scripts/

root@new:~# ./ipswap.sh Oldserver_IP  Newserver_IP

Step 7

Update the nameservers to the Newserver IP’s.

Step 8

To resolve all the queries correctly to the new server . You will have to setup the multi server dns clustering on the new server

评论

密码保护:SSH,Firefox和Putty实现 上网

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

要查看留言请输入您的密码。

ovz

In a situation when a lot of disk space were freed on an in-ploop filesystem, use ploop balloon discard to optimize the ploop image size.

ploop balloon discard[–automount] [–to-free size] [–min-block min_size] [–defragDiskDescriptor.xml

Iteratively try to relocate and discard unused blocks from a ploop image, reducing its size.

Note that ploop device and its inner file system should be mounted. If not, one can use –automount option to automatically mount ploop for the duration of the operation.

Option –defrag can be used to run a filesystem defragmentation utility (currently e4defrag2 on ext4 only) before the main operation.

Option –to-free can be used to specify a maximum disk space to be freed. In other words, stop the process once freed space exceeded requested size. Default is 0, meaning to try to free as much space as possible.

Option –min-block can be used to specify a minimum size of an extent to free. The smallest possible extent is 1 cluster (currently 1 MB), one can specify higher value to speed up the whole discarding operation.

Note that the same functionality is available by means of vzctl compact command.

评论

« Previous entries 下一页 » 下一页 »