分类目录归档:LINUX系统

tengine安装ngx_devel_kit和echo模块

git clone https://github.com/agentzh/echo-nginx-module.git
git clone https://github.com/simpl/ngx_devel_kit.git
./configure --prefix=/usr/local/tengine --add-module=/root/ngx_devel_kit --with-http_lua_module --add-module=/root/echo-nginx-module

ndk 需要静态编译,不能动态加载,意思即是重新编译tengine ,参考

http://www.coctec.com/docs/service/show-post-11191.html

tengine启动脚本

如果你的tengine是独立安装的,想保留原来的nginx,那么这个脚本就可以帮你运行tengine

#! /bin/sh
# chkconfig: 2345 55 25
# Description: Startup script for tengine webserver on Debian. Place in /etc/init.d and
# run 'update-rc.d -f tengine defaults', or use the appropriate command on your
# distro. For CentOS/Redhat run: 'chkconfig --add tengine'

### BEGIN INIT INFO
# Provides:          tengine
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the tengine web server
# Description:       starts tengine using start-stop-daemon
### END INIT INFO

# Author:   fy
# website:  http://www.yiyou.org

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=nginx
NGINX_BIN=/usr/local/tengine/sbin/$NAME
CONFIGFILE=/usr/local/tengine/conf/$NAME.conf
PIDFILE=/usr/local/tengine/logs/$NAME.pid

case "$1" in
    start)
        echo -n "Starting $NAME... "

        if netstat -tnpl | grep -q nginx;then
            echo "$NAME (pid `pidof $NAME`) already running."
            exit 1
        fi

        $NGINX_BIN -c $CONFIGFILE

        if [ "$?" != 0 ] ; then
            echo " failed"
            exit 1
        else
            echo " done"
        fi
        ;;

    stop)
        echo -n "Stoping $NAME... "

        if ! netstat -tnpl | grep -q nginx; then
            echo "$NAME is not running."
            exit 1
        fi

        $NGINX_BIN -s stop

        if [ "$?" != 0 ] ; then
            echo " failed. Use force-quit"
            exit 1
        else
            echo " done"
        fi
        ;;

    status)
        if netstat -tnpl | grep -q nginx; then
            PID=`pidof nginx`
            echo "$NAME (pid $PID) is running..."
        else
            echo "$NAME is stopped"
            exit 0
        fi
        ;;

    force-quit)
        echo -n "Terminating $NAME... "

        if ! netstat -tnpl | grep -q nginx; then
            echo "$NAME is not running."
            exit 1
        fi

        kill `pidof $NAME`

        if [ "$?" != 0 ] ; then
            echo " failed"
            exit 1
        else
            echo " done"
        fi
        ;;

    restart)
        $0 stop
        sleep 1
        $0 start
        ;;

    reload)
        echo -n "Reload service $NAME... "

        if netstat -tnpl | grep -q nginx; then
            $NGINX_BIN -s reload
            echo " done"
        else
            echo "$NAME is not running, can't reload."
            exit 1
        fi
        ;;

    configtest)
        echo -n "Test $NAME configure files... "

        $NGINX_BIN -t
        ;;

    *)
        echo "Usage: $0 {start|stop|force-quit|restart|reload|status|configtest}"
        exit 1
        ;;

esac

 

nginx忽略URL大小写

从windows转到linux 时,发现很多URL连接到web目录是随意的,但是在linux下是区分大小写的,为了解决这个问题,网上也提供很多方案,比如用perl模块,但是nginx官网已经提示用perl模块有内存溢出的危险,所以第一时间放弃了。另一个是使用第三方模块https://github.com/replay/ngx_http_lower_upper_case 因为nginx不支持动态加载,所以还要重新编译一个nginx,第三种方法是通过lua来实现,类似perl,不过lua 比perl要好很多,看看 http://openresty.org/cn/ 就知道有多火了。既然重新编译nginx那么干脆试试tengine 吧。下面是操作的命令,下载,解压,安装,就不详细描述了

yum install -y lua lua-devel

wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
tar zxf tengine-2.2.0.tar.gz
cd tengine-2.2.0

./configure --prefix=/usr/local/tengine  --with-http_lua_module
make
make install

 

安装后,在配置文件里加上下面内容,即可(注意这个只是一个参考)

        location / {
            root   /wwwroot/web/;
            index  index.html index.htm;
			if ( $uri ~ [A-Z] ){
				 rewrite_by_lua 'return ngx.redirect(string.lower(ngx.var.uri),ngx.HTTP_MOVED_PERMANENTLY)'; 
			}
        }

参考

https://segmentfault.com/q/1010000000265229

https://my.oschina.net/kisops/blog/151087

nginx海量文件目录hashdir

为了优化SEO,所以站点生成了静态html,但是希望目录路径好看点,所以把招聘公司的职位和公司首页生成静态文件。nginx配置文件如下,测试主要用以下这种方式

rewrite /(\d+)_(\d+)/ /$1/$2/ last;

http://mysite.com/11_1122/   访问 硬盘 /11/1122/  目录

rewrite /((\d\d)\d+)/ /$2/$1/ last;

http://mysite.com/11122/   访问 硬盘 /11/1122/  目录,取前面2个数字为一级目录

 

        rewrite_log on;
         error_log /tmp/nginx_rewrite_log.log notice;
        location ~ ^/\d+_\d+/$ {
                rewrite /(\d+)_(\d+)/ /$1/$2/ last;
        }
        location ~ ^/\d+_\d+/\d+\.html$ {
                rewrite /(\d+)_(\d+)/(.*) /$1/$2/$3 last;
        }
        location ~ ^/\d+/$ {
                rewrite /((\d\d)\d+)/ /$2/$1/ last;
        }
        location ~ ^/\d+/\d+\.html$ {
                rewrite /((\d\d)\d+)/(.*) /$2/$1/$3 last;
        }

 

linux免交互改密码

bash下使用echo+passwd命令修改密码的方法。

方法一:

echo “Password” |passwd username –stdin

方法二:

(echo “Password” ;sleep 1;echo “Password”) | passwd username

mysqld_multi多实例

计划打算用主从来做同步备份,但是只有一台机,却要备份多个数据库,本来打算编译多一个mysql的,但是真的太麻烦了,所以抽时间研究了一下这个程序,感觉挻好用的,本文中mysql为手工编译,内容仅供参考。

1、先看看配置文件

[mysqld_multi]
mysqld     = /usr/local/mysql/bin/mysqld_safe
mysqladmin = /usr/local/mysql/bin/mysqladmin


[mysqld1]
socket     = /tmp/mysql.sock1
port       = 3307
pid-file   = /usr/local/mysql/data2/hostname.pid1
datadir    = /usr/local/mysql/data2
#language   = /usr/local/mysql/share/mysql/english
user       = mysql
server-id = 1    
log-bin=mysql-bin.log  
binlog-do-db = test   
binlog-ignore-db=mysql  

[mysqld2]
socket     = /tmp/mysql.sock2
port       = 3308
pid-file   = /usr/local/mysql/data2/hostname.pid3
datadir    = /usr/local/mysql/data3
#language   = /usr/local/mysql/share/mysql/english
user       = mysql
server-id = 2  
log-bin = mysql-bin.log   
replicate-do-db = test  

上面配置了两个mysql实现,并计划用实例1做主,实例2做从 ,这样两个数据库同步。

2、创建目录内容

在shell执行

/usr/local/mysql>  ./scripts/mysql_install_db --datadir=./data2 --user=mysql
/usr/local/mysql> ./scripts/mysql_install_db --datadir=./data3 --user=mysql

3、查看,启动,关闭

./bin/mysqld_multi --defaults-file=./muti.cf report
./bin/mysqld_multi --defaults-file=./muti.cf start
./bin/mysqld_multi --defaults-file=./muti.cf stop

4、在主服务器

mysql -S /tmp/mysql.sock1
grant replication slave on *.* to 'replication'@'localhost' identified by '000000';  
flush privileges;

5、在从服务器执行

change master to master_host='localhost',master_port=3307, master_user='replication', master_password='000000', master_log_file='mysql-bin.000001', master_log_pos=107;  

上面是简单介绍,请参考

http://blog.csdn.net/yongzhang52545/article/details/7666545

http://chenzehe.iteye.com/blog/1266260

利用find搜索文件内容

最近另一个网站被人挂马,生产了很多垃圾网站信息,后来用find找到了挂马的地方。挻好用的

find ./  -name "*.php" -print  -exec grep eval {} \;|less
find ./  -name "*.php" -print  -exec grep file_get_contents {} \;|less

 

一个快速获取/更新 Let’s encrypt 证书的 shell script

一个快速获取/更新 Let’s encrypt 证书的 shell script

调用 acme_tiny.py 认证、获取、更新证书,不需要额外的依赖。

下载到本地

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh

配置文件

只需要修改 DOMAIN_KEY DOMAIN_DIR DOMAINS 为你自己的信息

ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="example.com.key"
DOMAIN_DIR="/var/www/example.com"
DOMAINS="DNS:example.com,DNS:whatever.example.com"
#ECC=TRUE
#LIGHTTPD=TRUE

执行过程中会自动生成需要的 key 文件。其中 ACCOUNT_KEY 为账户密钥, DOMAIN_KEY 为域名私钥, DOMAIN_DIR 为域名指向的目录,DOMAINS 为要签的域名列表, 需要 ECC 证书时取消 #ECC=TRUE 的注释,需要为 lighttpd 生成 pem 文件时,取消#LIGHTTPD=TRUE 的注释。

运行

./letsencrypt.sh letsencrypt.conf

注意

需要已经绑定域名到 /var/www/example.com 目录,即通过 http://example.com http://whatever.example.com 可以访问到/var/www/example.com 目录,用于域名的验证

将会生成如下几个文件

lets-encrypt-x1-cross-signed.pem
example.chained.crt          # 即网上搜索教程里常见的 fullchain.pem
example.com.key              # 即网上搜索教程里常见的 privkey.pem 
example.crt
example.csr

在 nginx 里添加 ssl 相关的配置

ssl_certificate     /path/to/cert/example.chained.crt;
ssl_certificate_key /path/to/cert/example.key;

cron 定时任务

每个月自动更新一次证书,可以在脚本最后加入 service nginx reload等重新加载服务。

0 0 1 * * /etc/nginx/certs/letsencrypt.sh /etc/nginx/certs/letsencrypt.conf >> /var/log/lets-encrypt.log 2>&1