Linux配置防火墙,开启80端口、3306端口

1) 重启后生效
开启: chkconfig iptables on
关闭: chkconfig iptables off

2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop

 

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#最后重启防火墙使配置生效

 

 

systemctl stop iptables 防火墙 service iptables save systemctl restart iptables

评论

centos 单网卡加多ip

#写入以下内容

DEVICE=eth0                   //绑定IP段的网卡名称
ONBOOT=yes                    //开机启用此网卡
BOOTPROTO=static              //协议为静态
IPADDR_START=192.168.0.101    //网段的起始IP
IPADDR_END=192.168.0.120      //网段的截止IP
NETMASK=255.255.255.255       //子网掩码
CLONENUM_START=0              //这个数字是网卡别名的开始位置,比如这里的3是指eth0:0,并且会把IPADDR_START设置的IP192.168.0.101绑定到eth0:0上,以此类推
NO_ALIASROUTING=yes           //这个参数的作用是数据包始终通过eth0进出,不走网卡别名(如eth0:0),设置这个参数可以加快路由的响应速度,所以强烈建议配置。

评论

cpanel改变默认ip

Steps in WHM:

  • Log into WHM and go to Basic cPanel & WHM Setup
  • Change the Primary IP here with the option that says “The IP address (only one address) that will be used for setting up shared IP virtual hosts
  • Note: This might not actually be necessary.

Log in to SSH, and do the following:

  • Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip

 

  • Edit /etc/sysconfig/network
    • Change the GATEWAY line here if it does not exist in the ifcfg-* file.

 

  • Edit /etc/ips
    • Remove the new primary IP from this file if it is present
    • Add the old primary IP to this file with the format ::

  • Edit /var/cpanel/mainip
    • Replace the old primary IP with the new primary IP

 

  • Edit /etc/hosts
    • Replace the old primary IP with the new one if needed. The hostname’s dns will need to be updated too

 

  • Restart the network service to make the new IP the primary
    • service network restart
    • Note: You’re probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.

 

  • Restart the ipaliases script to bring up the additional IP
    • service ipaliases restart

  • Run ifconfig and make sure all IPs show up correctly

 

  • Update the cpanel license to the new primary IP

评论

iftop

安装iftop
安装方法1、编译安装
如果采用编译安装可以到iftop官网下载最新的源码包。

安装前需要已经安装好基本的编译所需的环境,比如make、gcc、autoconf等。安装iftop还需要安装libpcap和libcurses。

CentOS上安装所需依赖包:

yum install flex byacc libpcap ncurses ncurses-devel libpcap-devel

Debian上安装所需依赖包:

apt-get install flex byacc libpcap0.8 libncurses5

下载iftop

wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

tar zxvf iftop-0.17.tar.gz

cd iftop-0.17

./configure

make && make install

评论

负载高,自动重启mysql,apache

#!/bin/sh
# crontab: */3 * * * * /root/loadavg_restart_apache.sh >> /var/log/restart_apache.log
sync
sync
echo 3 > /proc/sys/vm/drop_caches
TOP_SYS_LOAD_NUM=5
SYS_LOAD_NUM=`uptime | awk ‘{print $(NF-2)}’ | sed ‘s/,//’`
echo $(date +”%y-%m-%d”) `uptime`
if [ `echo “$TOP_SYS_LOAD_NUM < $SYS_LOAD_NUM”|bc` -eq 1 ]
then
sync
echo “#0#” $(date +”%y-%m-%d %H:%M:%S”) “pkill httpd” `ps -ef | grep httpd | wc -l`
echo “#0#” $(date +”%y-%m-%d %H:%M:%S”) “pkill mysql” `ps -ef | grep mysql | wc -l`
service httpd stop
service mysql stop
sleep 8
pkill httpd
pkill mysql

sleep 8
for i in 1 2 3
do
if [ `pgrep mysql | wc -l` -le 0 ]
then
/sbin/service mysql start

sleep 30
echo “#1#” $(date +”%y-%m-%d %H:%M:%S”) “start mysql” `ps -ef | grep mysql | wc -l`

fi

if [ `pgrep httpd | wc -l` -le 0 ]
then

service httpd start

      service wdapache start

sleep 30

echo “#1#” $(date +”%y-%m-%d %H:%M:%S”) “start httpd” `ps -ef | grep httpd | wc -l`
fi

done
else
if [ `pgrep mysql | wc -l` -le 0 ]
then
/sbin/service mysql start

sleep 30
echo “#2#” $(date +”%y-%m-%d %H:%M:%S”) “start mysql” `ps -ef | grep mysql | wc -l`

fi

if [ `pgrep httpd | wc -l` -le 0 ]
then

service httpd start

 

sleep 30

echo “#2#” $(date +”%y-%m-%d %H:%M:%S”) “start httpd” `ps -ef | grep httpd | wc -l`
fi

fi

将以上文件,保存在 /root/loadavg_restart_apa_my.sh

然后在

crontab -e

添加

*/3 * * * * /root/loadavg_restart_apa_my.sh >> /var/log/restart_apa_my.log

*/3 ***** 表示3分钟,/root/loadavg_restart_apa_my.sh 你可以自定义。

评论

directadmin恢复

Step 1

Run System Backup on the old server.

Admin Tools >> System Backup

 

We will be backuping home directories and mysql db’s manually so Uncheck and unselect the following options on System Backup

Add user home directories to directory list below

Backup httpd data

Backup MySQL Databases

Check and Select

Backup DNS data

Backup Directories and Files listed below

All directories/files listed in bottom section of the System Backup

now click on the Run System Backup Now icon . The backup will be stored mostly in /home/backup ( it will depend upon how you have set it in DA )

Step 2

rsync the system backup to the Newserver.

root@old:~# rsync -avurz -e ssh –delete /home/backup root@Newserver_IP:/home/backup

Step 3

On the Newserver restore the system backups one by one manually.

For example, for restoring your /etc/virtual directory,

root@new:~# cd /etc
root@new:~# tar xvzfp /home/backup/<backup_date>/custom/etc/virtual.tar.gz

Please check here for the complete paths and files used on a DirectAdmin system.

( Do take extra care while restoring /etc/passwd /etc/shadow /etc/group etc.. )

Step 4

Synchronise the home directory

root@old:~# rsync -avurz -e ssh –delete /home root@Newserver_IP:/home

Step 5

Backup and restore the mysql DB’s

On Oldserver

root@old:~# cat /usr/local/directadmin/conf/mysql.conf

Get the da_admin password from the above file

root@old:~# mysqldump -u da_admin -p  –all-databases > /root/all_databases.sql

root@old:~# scp /root/all_databases.sql root@Newserver_IP:/root

On Newserver

root@new:~# cat /usr/local/directadmin/conf/mysql.conf

root@new:~# mysql -u da_admin -p < /root/all_databases.sql

Step 6

Use the ipswap script to change the Oldserver IP’s

root@new:~# cd /usr/local/direactadmin/scripts/

root@new:~# ./ipswap.sh Oldserver_IP  Newserver_IP

Step 7

Update the nameservers to the Newserver IP’s.

Step 8

To resolve all the queries correctly to the new server . You will have to setup the multi server dns clustering on the new server

评论

密码保护:cpanel whm

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

要查看留言请输入您的密码。

密码保护:SSH,Firefox和Putty实现 上网

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

要查看留言请输入您的密码。

ovz

In a situation when a lot of disk space were freed on an in-ploop filesystem, use ploop balloon discard to optimize the ploop image size.

ploop balloon discard[–automount] [–to-free size] [–min-block min_size] [–defragDiskDescriptor.xml

Iteratively try to relocate and discard unused blocks from a ploop image, reducing its size.

Note that ploop device and its inner file system should be mounted. If not, one can use –automount option to automatically mount ploop for the duration of the operation.

Option –defrag can be used to run a filesystem defragmentation utility (currently e4defrag2 on ext4 only) before the main operation.

Option –to-free can be used to specify a maximum disk space to be freed. In other words, stop the process once freed space exceeded requested size. Default is 0, meaning to try to free as much space as possible.

Option –min-block can be used to specify a minimum size of an extent to free. The smallest possible extent is 1 cluster (currently 1 MB), one can specify higher value to speed up the whole discarding operation.

Note that the same functionality is available by means of vzctl compact command.

评论

whm cpanel php.ini

评论

密码保护:关于cpanel 编译php5.4

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

要查看留言请输入您的密码。

HostMonster ssh 导入sql

HostMonster主机提供免费SSH,通过SSH导入/导出MySQL数据库还是比较方便的,具体步骤如下:

1. HostMonster主机导出MySQL数据库

下面的例子显示怎样导出一个MySQL数据库,经常将数据导出做个备份还是必要的,在命令行的操作步骤如下:

(1). mysqldump -u username -p database_name > FILE.sql
(2). 回车
(3). 提示输入密码
(4). 输入密码,回车.

其中username, password 和 database_name 就是MySQL数据库的用户名、密码 和 数据库名。文件FILE.sql就是HostMonster主机上MySQL数据库的备份,现在可以下载到本地来保存。

2. HostMonster主机导入MySQL数据库

上传MySQL数据库备份文件(比如上面导出的文件FILE.sql)到HostMonster服务器上,然后执行如下命令:

(1). mysql -u username -p database_name < FILE.sql
(2). 回车
(3). 提示输入密码
(4). 输入用户名对应的密码,回车.

评论

wdlinux 3.0 php 502

wget http://www.kscub.com/share/mhash-0.9.9.9.tar.gz
wget http://www.kscub.com/share/libmcrypt-2.5.8.tar.gz

 

解决方法:

一、先查看一下php-fpm的启动情况:(到底是不是这个问题造成的)

1
2
3
4
5
6
7
8
[root@localhost ~]# find / -name php-fpm       #查看php-fpm
/www/wdlinux/init.d/php-fpm
/www/wdlinux/nginx_php-5.2.17/sbin/php-fpm
[root@localhost ~]# /www/wdlinux/init.d/php-fpm start  #启动一下php-fpm 下面报错了(缺少包mhash)
Starting php_fpm /www/wdlinux/nginx_php-5.2.17/bin/php-cgi
error while loading shared libraries: 
libmhash.so.2: cannot open shared object file: No such file or directory failed

二、下载mhash包:

wget http://www.kscub.com/share/mhash-0.9.9.9.tar.gz

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@localhost ~]# ls        #查看一下上传的包
mhash-0.9.9.9.tar.gz
[root@localhost ~]# tar xf mhash-0.9.9.9.tar.gz    #解压mhash-0.9.9.9.tar.gz包
[root@localhost ~]# cd mhash-0.9.9.9               #进入到解压后生成的mhash-0.9.9.9目录中去
[root@localhost mhash-0.9.9.9]# ./configure        #配置,检测安装环境
[root@localhost mhash-0.9.9.9]# make && make install         #编译 && 安装
[root@localhost mhash-0.9.9.9]# ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
[root@localhost mhash-0.9.9.9]# vim /etc/ld.so.conf.d/mhash.conf #新建的一个配置文件,往里写入:/usr/lib/
[root@localhost mhash-0.9.9.9]# cat /etc/ld.so.conf.d/mhash.conf     #里面就只有:/usr/lib/
/usr/lib/
[root@localhost mhash-0.9.9.9]# ldconfig
[root@localhost mhash-0.9.9.9]# /www/wdlinux/init.d/php-fpm start  #再启动一下php-fpm,还是报缺少包
Starting php_fpm /www/wdlinux/nginx_php-5.2.17/bin/php-cgi
error while loading shared libraries: 
libmcrypt.so.4: cannot open shared object file: No such file or directory

三、下载mcrypt包:

wget http://www.kscub.com/share/libmcrypt-2.5.8.tar.gz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost ~]# ls                           #查看一下上传的包
libmcrypt-2.5.8.tar.gz
[root@localhost ~]# tar xf libmcrypt-2.5.8.tar.gz       #解压libmcrypt-2.5.8.tar.gz包
[root@localhost ~]# cd libmcrypt-2.5.8                  #进入到解压后生成的libmcrypt-2.5.8目录中去
[root@localhost libmcrypt-2.5.8]# ./configure           #配置,检测安装环境
[root@localhost libmcrypt-2.5.8]# make && make install  #编译 && 安装
[root@localhost libmcrypt-2.5.8]# ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
[root@localhost libmcrypt-2.5.8]# ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
[root@localhost libmcrypt-2.5.8]# /www/wdlinux/init.d/php-fpm start  #再次启动php-fpm,成功
Starting php_fpm  don
[root@localhost libmcrypt-2.5.8]# reboot   #重新开机

评论

小工具从v3.0.1版本开始提供

小工具从v3.0.1版本开始提供

修改/重置后台用户的密码
/www/wdlinux/wdcp/shell/wdcploginchp.sh
适用于忘记了admin用户密码时可操作

修改/重置mysql的root用户密码
/www/wdlinux/wdcp/shell/mysqlrootchp.sh
适用于忘记了mysql的root用户密码时可操作

ftp用户密码检查
/www/wdlinux/wdcp/shell/pureftpconfcheck.sh
适用于FTP用户登录不了或是登录503时可操作

重置wdcp后台的登录限制
/www/wdlinux/wdcp/shell/wdcplogincip.sh
适用于在wdcp后台上设置IP/域名访问限制时设置错误时可操作

评论

WDCP面板忘记后台管理员登陆密码如何重置

强制修改mysql的root密码,在忘记mysql密码时有用
sh /www/wdlinux/tools/mysql_root_chg.sh

ftp配置文件检查,在FTP不能连接或登录时有用
sh /www/wdlinux/tools/pureftp_conf_check.sh

wdcp权限检查,在wdcp后台不正常或部分功能无法使用时有用
sh /www/wdlinux/tools/wdcp_perm_check.sh

wdcp数据库无法连接的修复,如登录后台提示”无法连接mysql,请检查mysql是否已启动及用户密码是否设置正确”
sh /www/wdlinux/tools/mysql_wdcp_chg.sh

wdcp后台登录密码忘记的修改方法
sh /www/wdlinux/tools/wdcp_login_chp.sh

wdcp后台限制登录IP设置错误的修复方法
sh /www/wdlinux/tools/wdcp_login_cbip.sh

wdcp后台限制登录错误次数的修复方法
sh /www/wdlinux/tools/wdcp_cdip.sh

修改时间和同步时间的方法
sh /www/wdlinux/tools/wdcp_ntp.sh

评论

« 上一页« Previous entries « 上一页 · 下一页 » Next entries »下一页 »