首先,为了方便rsa免密码登陆要事先准备好.
其次,如果有堡垒机穿透也要事先在ssh/config下配置好.
ssh [email protected] "cli<< EOF show configuration|dis set EOF " |grep set >junos.backup.txt
ssh [email protected] 'csh -s' <./backup.sh |grep set > junos.backup.txt
方法二是用csh -s将本地的脚本文件内容抛到juniper上执行.
server {
listen 8080;
resolver 114.114.114.114;
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header HOST $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
deny 127.0.0.1;
}CPU: E3-1230V3 - RMB¥1380
主版 Supermicro X10SLH-F - RMB¥1300
內存 三星8GB UDIMM * 4 - RMB¥[email protected]
RAID 卡: LSI 9261-8i + BBU - RMB¥1200
硬盤: 西數1TB 黑色 * 4 - RMB¥1960
機箱, 散熱, 電源, 導軌 - RMB¥900
一共8740元
wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo yum -y install docker-ce systemctl start docker
curl -fsSL https://get.docker.com |bash sh get-docker.sh
wget https://github.com/iredmail/iRedMail/archive/1.2.1.tar.gz -O -|tar xz cd iRedMail-* bash iRedMail.sh
docker volume create iRedMail docker run \ --rm \ --name iredmail \ --env-file /iredmail/iredmail-docker.conf \ --hostname Your-domian..com \ -p 80:80 \ -p 443:443 \ -p 110:110 \ -p 995:995 \ -p 143:143 \ -p 993:993 \ -p 25:25 \ -p 465:465 \ -p 587:587 \ -v /iredmail/data/backup:/var/vmail/backup \ -v /iredmail/data/mailboxes:/var/vmail/vmail1 \ -v /iredmail/data/mlmmj:/var/vmail/mlmmj \ -v /iredmail/data/mlmmj-archive:/var/vmail/mlmmj-archive \ -v /iredmail/data/imapsieve_copy:/var/vmail/imapsieve_copy \ -v /iredmail/data/custom:/opt/iredmail/custom \ -v /iredmail/data/ssl:/opt/iredmail/ssl \ -v /iredmail/data/mysql:/var/lib/mysql \ -v /iredmail/data/clamav:/var/lib/clamav \ -v /iredmail/data/sa_rules:/var/lib/spamassassin \ iredmail/mariadb:nightly
groupadd mysql -g 27
useradd mysql -u 27 -g 27 -c "MySQL Server" -d /home/mysql -m
function install_mysql() {
groupadd mysql
useradd -s /sbin/nologin -M -g mysql mysql
if [ -n "$1" ] ; then mysqlrootpwd=$1; else mysqlrootpwd=`openssl rand -base64 32| tr -dc _A-Z-a-z-0-9 | head -c12`; fi
echo root $mysqlrootpwd ' | ' `date` >> /root/mysql.txt
yum -y -q install mariadb mariadb-server galera
ln -s /usr/lib/systemd/system/mariadb.service /usr/lib/systemd/system/mysql.service
systemctl enable mariadb
systemctl start mariadb
mysqladmin -u root password $mysqlrootpwd
setmyqlroot $mysqlrootpwd
sed -i 's/skip-locking/skip-external-locking/g' /etc/my.cnf
}
function setmyqlroot() {
if [ -n "$1" ] ; then mysqlrootpwd=$1; else mysqlrootpwd=`openssl rand -base64 32| tr -dc _A-Z-a-z-0-9 | head -c12`; echo root $mysqlrootpwd ' | ' `date` >> /root/mysql.txt ; fi
mysql -uroot -p$mysqlrootpwd <<EOF
UPDATE mysql.user SET Password=PASSWORD("$mysqlrootpwd") WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
exit
EOF
}install_mysql()
mysql_install_db --user=mysql --datadir=/home/mysql --no-defaults &
mysqladmin -u root password $mysqlrootpwd
wget https://minecraft.azureedge.net/bin-linux/bedrock-server-1.10.0.7.zip unzip bedrock-server-1.10.0.7.zip apt apt install zip unzip bedrock-server-1.10.0.7.zip LD_LIBRARY_PATH=. ./bedrock_server
sysname 主机名 #配置默认账户密码以及权限 aaa local-user admin password irreversible-cipher 密码 local-user admin privilege level 15 local-user admin service-type terminal ssh http #配置默认路由 ip route-static 0.0.0.0 0.0.0.0 172.20.20.1 #配置上联通信IP interface Vlanif2 ip address 172.20.20.20 255.255.255.0 #配置上联 interface GigabitEthernet0/0/50 description UPLINK port link-type trunk port trunk allow-pass vlan all #port trunk permit vlan all #配置端口 interface GigabitEthernet0/0/1 description 简介内容 port link-type access port default vlan 10 #分配VLAN ID (也可以在三层vlan里面进行限速) qos lr outbound cir 102400 cbs 12800000 #二层限制服务器的流入流量100Mbps qos lr inbound cir 10240 cbs 1280000 #二层限制服务器的流出流量10Mbps #配置SNMP snmp-agent community read cipher Public_community snmp-agent sys-info version v2c undo snmp-agent sys-info version v3 #配置DHCP转发 DHCP Relay dhcp-server 1 ip 192.168.0.10
配置rsa免密码记录在 http://www.kvm.la/1161.html
有很久没用vsftpd了, 最近做自动备份需要用到ftp服务器, 思来想去也只有vsftp简单粗暴快捷了.
function setftpuser() {
setpassword=`openssl rand -base64 12|tr -dc _A-Z-a-z-0-9`;
adduser $1
echo $1 >> /etc/vsftpd/chroot_list
chmod 750 /home/$1
echo $1:$setpassword|chpasswd
echo $1 $setpassword;
echo $1 $setpassword > /root/vsftp.txt;
}
function vsftp-setup{
yum -y install vsftpd
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default
sed -i 's#anonymous_enable=YES#anonymous_enable=NO#g' /etc/vsftpd/vsftpd.conf
sed -i 's#listen=NO#listen=YES#g' /etc/vsftpd/vsftpd.conf
sed -i 's#listen_ipv6=YES#listen_ipv6=NO#g' /etc/vsftpd/vsftpd.conf
sed -i 's/#chroot_/chroot_/g' /etc/vsftpd/vsftpd.conf
systemctl enable vsftpd
systemctl start vsftpd
}
vsftp-setup #安装vsftpd
setftpuser 用户名 #添加用户ssh jail环境没有弄, 后面有精力再弄上.
/ip firewall nat add chain=srcnat src-address=内网IP段/24 protocol=tcp action=masquerade add action=dst-nat chain=dstnat dst-address=公网IP dst-port=80,443,5900 protocol=tcp to-addresses=内网IP to-ports=0-65535 add action=dst-nat chain=dstnat dst-address=公网IP dst-port=623 protocol=udp to-addresses=内网IP to-ports=0-65535
怕忘记了,懒得到处找.
location ~ .*\.(php)?$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(htm|gif|jpg|jpeg|png|bmp|ico|flv|swf|txt|wma)$ { expires 30d;}
location ~ .*\.(js|css)?$ { expires 1d;}
location ~ .*\.(tpl|svn|asp|aspx|jsp|do|mdb|zip|rar|bak|htc)?${ deny all; }
location ~ /0.* { deny all; }
if (!-e $request_filename) { return 444; }LVM在linux下灵活划分硬盘空间分区是非常好用的一个东西.
从centos5开始到现在还在用的centos7, 我一直都在和lvm做斗争.
问题其实也简单, 无非就是lv分区导致丢失: 分区的md编号错乱丢失lv, lvremove恢复后丢失lv, 以及还有许多已经忘记的原因.
上月由于机柜搬迁数据中心的问题, 一些宿主服务器子系统较多关机时间太长, 在半路进行了强制关机.
然而在恢复完后就发现一些子系统没有恢复, 由于标签显示是自用的节点又暂时没有时间就延后处理了.
今天清点后发现全是自用的节点, 好在都是非一线重要的东西.
7月底一台快7年的E3 4x1T RAID10的服务器硬盘挂掉导致whmcs数据丢失了一部分重要的数据,
又因为之前迁移进来后没有做定时数据备份, 好在抢救到的数据能维持正常运行, 覆盖早先的备份后一切正常,
此事算妥善处理完成了.
丢数据的事其实已经亲身遇上过很多次了, 硬盘坏掉和LVM丢分区的事每年都有遇上, 即使有RAID也会翻车的可能.
从第一次在webnx的RAID10挂掉, 到LVM串联硬盘分区, 再到rm -rf 数据库, 以及这次又是RAID的挂掉.
数据备份不能马虎, 一定要做, 且异地备份 本地备份 差异备份 同步备份 都要做上, 数据越重要就越需要做备份.
有2次丢掉财务数据库经验的我总结的经验是, 不是每次都那么幸运可以靠手动修复数据.
有时候没了就是没了, 说啥都没有用.
export LC_ALL="en_US.UTF-8" export LC_CTYPE="en_US.UTF-8" yum install -y git cd /opt git clone https://github.com/certbot/certbot.git cd certbot && ./certbot-auto /opt/certbot/certbot-auto certonly --manual --preferred-challenges dns -d *.域名.后缀
--preferred-challenges dns的参数会要求建立一个_acme-challenge.的txt dns指向记录验证域名.
./certbot-auto certificates
