分类目录归档:LINUX系统

nginx 防盗链

盗链抄站太严重,加上这个,就让他们无从下手

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|css|js)$
  {
    expires      30d;
    valid_referers none blocke *.gz0668.com gz0668.com;
	 if ($invalid_referer) {
          return 403;
	}
  }

debian 系统需要安装apt-get install  nginx-full

perldancer_Twiggy启动脚本

之前已经写了 perldancer_Starman启动脚本   Starman运行方式并不是我喜欢的,下面来贴一个Twiggy  的启动脚本

#!/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/bin/start_server
NAME=start_server
DESC=start_server
RUNDIR=/var/run/start_server

PIDFILE=$RUNDIR/start_server.pid
STATUSFILE=$RUNDIR/start_server.status

PSGI_APP='/home/www.maildir.cn/bin/app.psgi'

HTTP_SERVER="plackup --no-default-middleware -s Twiggy -a $PSGI_APP"
LOGGER="2>&1 | logger -p daemon.notice -t $DESC"
DAEMON_ARGS="--port=6000 -- $HTTP_SERVER $LOGGER"

if [ ! -e $PSGI_APP ]; then
  echo "'$PSGI_APP' does not exist"
  exit 1
fi

case "$1" in
  start)
    echo -n "Starting $DESC: "

    mkdir -p $RUNDIR
    chown www-data:www-data $RUNDIR
    chmod 755 $RUNDIR

    if start-stop-daemon --start --name $NAME --pidfile $PIDFILE \
        --chuid www-data:www-data --exec /usr/bin/perl --startas \
        /bin/bash -- -c "$DAEMON --pid-file $PIDFILE --status-file $STATUSFILE $DAEMON_ARGS &"
    then
      echo "$NAME."
    else
      echo "failed"
    fi
    ;;

  stop)
    echo -n "Stopping $DESC: "
    if start-stop-daemon --stop --retry forever/TERM/10 --quiet --oknodo \
        --name $NAME --pidfile $PIDFILE
    then
      echo "$NAME."
    else
      echo "failed"
    fi
    sleep 1
    ;;

  reload)
    echo -n "Reloading $DESC: "
    if $DAEMON --pid-file $PIDFILE --status-file $STATUSFILE --restart
    then
      echo "$NAME."
    else
      echo "failed"
    fi
    ;;

  restart)
    ${0} stop
    ${0} start
    ;;

  status)
    echo -n "$DESC is "
    if start-stop-daemon --stop --quiet --signal 0 --name ${NAME} --pidfile ${PIDFILE}
    then
      echo "running"
    else
      echo "not running"
      exit 1
    fi
    ;;
esac

exit 0

参考

https://github.com/scripter-v/server_starter_init

perldancer_Starman启动脚本

www.maildir.cn 全套网站使用perldancer开发的,因为运行在阿里云,内存相对偏小,如果用starman占用内存很利害,所以比较喜欢用 Twiggy,一直以来,我以为不管用任何方式运行plackup脚本都一样的。今天认真看看和找资料才发现,原来用的运行方式不一样,脚本也不一样。

Running on PSGI-based Perl webservers

A number of Perl web servers supporting PSGI are available on cpan:

Starman
Starman is a high performance web server, with support for preforking, signals, multiple interfaces, graceful restarts and dynamic worker pool configuration.

Twiggy
Twiggy is an AnyEvent web server, it’s light and fast.

Corona
Corona is a Coro based web server.

下面贴出脚本,方便大家使用

#!/bin/sh
#
# some_website - this script starts and stops some_website
#
# chkconfig:   - 85 15
# description:  Some website description

# pidfile:     /var/run/plackup.some_website.pid

PID=/var/run/mdweb.pid


PORT=8080
WORKERS=3
DANCER_DIR="/home/web/maildir"
DANCER_APP="$DANCER_DIR/bin/app.psgi"

plackup="/usr/local/bin/plackup"
plackup_args="-E production -p $PORT -s Starman --pid=$PID --workers $WORKERS -D"
website="maildirweb_perl"

lockfile=/var/lock/plackup.lock

start() {
    [ -x $plackup ] || exit 5
    [ -f $DANCER_APP ] || exit 6
    echo -n $"Starting $website: "
    $plackup $plackup_args -a $DANCER_APP 2>&1 > /dev/null
    retval=$?
    if [ $retval -eq 0 ]; then
        echo "$website started"
        touch $lockfile
    else
        echo "Unable to start"
    fi
    echo
    return $retval
}

stop() {
    echo -n $"Stopping $website: "
    if [ -f $PID ]; then
        kill `cat $PID` 2>&1 > /dev/null
        retval=$?
        [ $retval -eq 0 ]  && rm -f $lockfile
        echo
        return $retval
    fi
    echo  $"pid $PID not found"
    echo
    return 1
}

restart() {
    stop
    start
}

case "$1" in
    start)
        $1
        ;;
    stop)
        $1
        ;;
    restart)
        $1
        ;;
    *)
        echo $"Usage: $0 {start|stop|restart}"
        exit 2
esac

 

nginx,smtp,pop3,imap 代理服务器

想配置一个email代理服务器,不过smtp失败了。pop3/imap正常。为了以后可以作为参考,特意发个文纪念一下。

worker_processes 1;

error_log /var/log/nginx/error.log debug;

events {
    worker_connections  1024;
}
http {

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$gzip_ratio"';


        server {
                listen 127.0.0.1:8008;
                server_name localhost;
                access_log /var/log/nginx/localhost.access_log main;
                error_log /var/log/nginx/localhost.error_log info;

                root /var/www/localhost/htdocs;

                location ~ .php$ {
                        add_header Auth-Server 127.0.0.1;
                        add_header Auth-Port 25;
                        return 200;
                }
        }
}

mail {
    server_name       mail.dayimold.com;
    auth_http         localhost:8080/auth.php; 

    imap_capabilities IMAP4rev1 UIDPLUS IDLE LITERAL+ QUOTA;

    pop3_auth         plain apop cram-md5;
    pop3_capabilities LAST TOP USER PIPELINING UIDL;

    smtp_auth         login plain cram-md5;
    #smtp_auth         none;
    #smtp_capabilities "SIZE 26214400" ENHANCEDSTATUSCODES 8BITMIME DSN;
    xclient           off;

    server {
        listen   24;
        protocol smtp;
    }
    server {
        listen   110;
        protocol pop3;
        proxy_pass_error_message on;
    }
    server {
        listen   143;
        protocol imap;
    }
    #server {
    #    listen   587;
    #    protocol smtp;
    #}
}

以下php代码作为参考

<?php
/**
* @see yiyou.org
*/
if(!isset($_SERVER ["HTTP_AUTH_USER"] ) || ! isset($_SERVER ["HTTP_AUTH_PASS"] )) {
    fail(0);
}
$username = $_SERVER ["HTTP_AUTH_USER"];
$userpass = $_SERVER ["HTTP_AUTH_PASS"];
$protocol = $_SERVER ["HTTP_AUTH_PROTOCOL"];
$backend_port = 110;
if($protocol == "imap") {
    $backend_port = 143;
} elseif ($protocol == "smtp") {
    $backend_port = 25;
}
list($uid, $domain) = explode("@", $username);
$auth = authuser($username, $userpass);
if(!$auth) fail (-2);
pass('127.0.0.1', $backend_port);
//自定义认证,sql查询或者api
function authuser($user, $pass) {
    return true;
}
function fail($code) {
    switch($code){
        case 0: header("Auth-Status: Parameter lost"); break;
        case -1: header("Auth-Status: No Back-end Server"); break;
        case -2: header("Auth-Status: Invalid login or password" ); break;
    }
    exit();
}
function pass($server, $port) {
    header("Auth-Status: OK" );
    header("Auth-Server: $server" );
    header("Auth-Port: $port" );
    exit();
}

参考

https://www.nginx.com/resources/wiki/start/topics/examples/imapproxyexample/

https://gist.github.com/mmriis/1408764

删除debian桌面环境及配置语言环境

新装一台机,结果让机房的小子装了gnome和设置了中文,看着够气,下面两个命令可以删除桌面环境和改为英文

删除KDE是

apt-get autoremove libqt3c102-mt

删除Gnome是

apt-get autoremove liborbit2

重新配置语言环境

dpkg-reconfigure locales

Dnsmasq修改监听地址

要修改dnsmasq 的监听地址,需要修改以下三个地方,如下

interface=lo
listen-address=127.0.0.1
bind-interfaces

bind-interfaces 这个必需去掉注释,否则上面修改了也没用

结果如下

bbs:~# netstat -lnput|grep dns
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      19169/dnsmasq   
tcp6       0      0 ::1:53                  :::*                    LISTEN      19169/dnsmasq   
udp        0      0 127.0.0.1:53            0.0.0.0:*                           19169/dnsmasq   
udp6       0      0 ::1:53                  :::*                                19169/dnsmasq

 

 

VPS 性能测试

手头上有几个vps,想知道一下性能如何,用了两个方法进行测试

1、SHELL

time echo "scale=5000; 4*a(1)" | bc -l -q

2、unixbench

wget http://teddysun.com/wp-content/uploads/unixbench.sh
bash unixbench.sh

执行上面的命令即可自动下载,并编译运行

1、raksmart  HK1024 vps(openvz  1cpu,1024ram)

shell运行时间 34秒,unixbench 得分   1378.6

2、主机(4G  内存,Pentium(R) CPU G2020,128 SSD)

shell运行时间 23秒,unixbench 得分      3144.6 (单机还是比较牛B)

3、linode  1024 (xen  1cpu ,1024ram)

shell运行时间 30秒,unixbench 得分    523.6(对于这个得分有点失望,由于国人的疯抢,估计已经满载了)

 

参考

https://teddysun.com/245.html

http://blog.sina.com.cn/s/blog_7695e9f40100yimf.html

http://blog.csdn.net/defeattroy/article/details/5922439

debian+postfix+dovecot 建立一个小型虚拟域邮件系统

如果你的公司只有几号人或到十多号人,或者你的邮件只是建立在vps 上面,或者你只是希望拥有一个小型的邮件系统,那么本文将教你以最快的速度建一个小型邮件系统满足公司日常需要。

假定我的域名是maildir.cn,我已经设置好了mx记录,那么我们将开始这个奇妙的旅程。

1、安装postfix,安装时选择 移除 exaim 和选择”internet site “

aptitude install postfix

修改/etc/postfix/main.cf ,更改下面的参数为

myhostname = mail.maildir.cn #实际的hostname
mydestination =  mail.maildir.cc, localhost.maildir.cc, localhost  #要去除虚拟域名的域名

增加下面内容

virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_tls_auth_only = yes

virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains

创建/etc/postfix/virtual_mailbox_domains 添加下面的内容

maildir.cn  OK

生成db文件,注意每次修改这个文件都需要执行一次

shell# postmap /etc/postfix/virtual_mailbox_domains

修改 /etc/postfix/master.cf 找到下面的行,去掉注释

submission inet n       -       -       -       -       smtpd
smtps     inet  n       -       -       -       -       smtpd

重启postfix

service postfix restart

2、安装dovecot

shell#apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd

修改 /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/var/mail/vhosts/%d/%n

创建邮件存储目录,执行下面命令

mkdir -p /var/mail/vhosts/maildir.cn
groupadd -g 5000 vmail
useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"
chown -R vmail:vmail /var/mail/vhosts/

修改/etc/dovecot/conf.d/10-master.conf,将下条目改为:

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
        user = postfix
        group = postfix

  }
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
        user = postfix
        group = postfix
  }
}

修改 /etc/dovecot/conf.d/10-auth.conf ,找到下面行,去掉注释改为

disable_plaintext_auth = no
auth_mechanisms = plain login

找到最后几行,改为下面(去掉!include auth-passwdfile.conf.ext注释)

#!include auth-system.conf.ext
#!include auth-sql.conf.ext   
#!include auth-ldap.conf.ext
!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext

编辑/etc/dovecot/conf.d/auth-passwdfile.conf.ext,修改为

passdb {
  driver = passwd-file
	args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
}

userdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/dovecot-users
}

创建用户文件/etc/dovecot/dovecot-users,输入下面的内容,以下为明文密码

#cat /etc/dovecot/dovecot-users
fy@maildir.cn:{PLAIN}abc123:5000:5000

重启dovecot

service dovecot restart

测试

发邮件

# sendmail fy@maildir.cn
test
.

日志

Sep 4 13:03:37 mail postfix/pickup[4876]: 0A70CA0F1: uid=0 from=<root>
Sep 4 13:03:37 mail postfix/cleanup[8923]: 0A70CA0F1: message-id=<20150904050337.0A70CA0F1@mail.maildir.cc>
Sep 4 13:03:37 mail postfix/qmgr[4877]: 0A70CA0F1: from=<root@mail.maildir.cccn>, size=255, nrcpt=1 (queue active)
Sep 4 13:03:37 mail dovecot: lmtp(8926): Connect from local
Sep 4 13:03:37 mail dovecot: lmtp(8926, fy@maildir.cn): cLPLCykm6VXeIgAA/cW88w: msgid=<20150904050337.0A70CA0F1@mail.maildir.cc>: saved mail to INBOX
Sep 4 13:03:37 mail postfix/lmtp[8925]: 0A70CA0F1: to=<fy@maildir.cn>, relay=mail.maildir.cc[private/dovecot-lmtp], delay=3.3, delays=2.9/0.02/0.02/0.4, dsn=2.0.0, status=sent (250 2.0.0 <fy@maildir.cn> cLPLCykm6VXeIgAA/cW88w Saved)
Sep 4 13:03:37 mail dovecot: lmtp(8926): Disconnect from local: Client quit (in reset)
Sep 4 13:03:37 mail postfix/qmgr[4877]: 0A70CA0F1: removed

收邮件

# telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user fy@maildir.cn
+OK
pass abc123
+OK Logged in.
list
1 479
.
quit
+OK Logging out.
Connection closed by foreign host.

一切正常

参考

http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP

https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto

http://www.binarytides.com/install-postfix-dovecot-debian/

http://wiki2.dovecot.org/AuthDatabase/PasswdFile

http://wiki2.dovecot.org/Variables

debian 搭建pure-ftpd虚拟用户

日常使用中,大家都需要从服务器下载或上传文件,如果是系统用户用sftp 已经足够了,比较好的sftp客户端有 filezilla,多年来使用感觉很满意,如果是web服务器,经常要受权别人上去修改文件,那么用pure-ftpd 建立虚拟用户是一个非常不错的选择,本文以debian7 为标准,使用centos 的也大同小异。

1、安装pure-ftpd

apt-get install pure-ftpd

2、添加一个ftp用户

shell# pure-pw useradd fy -u 1000 -g 1000 -d /home/fy
shell# pure-pw mkdb

上面第一条命令 添加一个fy 用户  设置 uid/gid 为1000,这两个id 要与系统用户对应,否则会出现权限拒绝。另外,如果这个ID 如果小于 /etc/pure-ftpd/conf/MinUID 将无法登录,这个地方要特别注意

3、打开Pure-db作为验证方式

shell #  cd  /etc/pure-ftpd/auth
shell # ln -s ../conf/PureDB  .

注意后面的,否则命令执行会出错,一切已经配置完成,重启服务

#添加个用户,具体参数看 pure-pw 
shell#pure-pw useradd www -u 1000 -g 1000 -d /home/data/ftpdata/ -m 

shell # service pure-ftpd restart

用ftp localhost  就可以测试你刚才的用户了,安装过程十分简单

如果你要改FTP端口,在/etc/pure-ftpd/conf  创建一个文件叫:Bind,文件内容如下

#Bind
# format :  IP,port
*,123