I'm alive, I'm here! 人生的两大悲剧:想要的没得到和想要的得到了。
wget https://dl.dell.com/FOLDER05818335M/1/DellEMC-iDRACTools-Web-LX-9.3.1-3669_A00.tar.gz -O -| tar xz
yum -y install iDRACTools/racadm/RHEL7/x86_64/srvadmin-*.rpm
alternatives --install /usr/sbin/racadm racadm /opt/dell/srvadmin/sbin/racadm 1
racadm getniccfg
racadm racreset原文出自https://gist.github.com/inscite/e5c6f95fbf25379c400e9ea76f2360ec
git clone https://github.com/kalcaddle/kodbox.git
chmod -Rf 777 ./kodbox/*要php支持 bu shu部署设置很简单.
[<username>]
user = $pool
group = $pool
listen = /var/run/php-fpm-$pool.sock
listen.owner = nginx
listen.group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /php-fpm-status
ping.path = /php-fpm-ping
access.log = /home/www/$pool/chroot/log/php-fpm-pool.log
slowlog = /home/www/$pool/chroot/log/php-fpm-slow.log
request_slowlog_timeout = 15s
request_terminate_timeout = 20s
chroot = /home/www/$pool/chroot/
chdir = /
; Flags & limits
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_flag[expose_php] = off
php_admin_value[memory_limit] = 32M
php_admin_value[post_max_size] = 24M
php_admin_value[upload_max_filesize] = 20M
php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[disable_functions] = apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_lookup_uri,apache_note,apache_request_headers,apache_reset_timeout,apache_response_headers,apache_setenv,getallheaders,virtual,chdir,chroot,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,chgrp,chown,disk_free_space,disk_total_space,diskfreespace,filegroup,fileinode,fileowner,lchgrp,lchown,link,linkinfo,lstat,pclose,popen,readlink,symlink,umask,cli_get_process_title,cli_set_process_title,dl,gc_collect_cycles,gc_disable,gc_enable,get_current_user,getmygid,getmyinode,getmypid,getmyuid,php_ini_loaded_file,php_ini_scanned_files,php_logo_guid,php_sapi_name,php_uname,sys_get_temp_dir,zend_logo_guid,zend_thread_id,highlight_file,php_check_syntax,show_source,sys_getloadavg,closelog,define_syslog_variables,openlog,pfsockopen,syslog,nsapi_request_headers,nsapi_response_headers,nsapi_virtual,pcntl_alarm,pcntl_errno,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal_dispatch,pcntl_signal,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,posix_access,posix_ctermid,posix_errno,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,setproctitle,setthreadtitle,shmop_close,shmop_delete,shmop_open,shmop_read,shmop_size,shmop_write,opcache_compile_file,opcache_get_configuration,opcache_get_status,opcache_invalidate,opcache_is_script_cached,opcache_reset
; Session
php_admin_value[session.entropy_length] = 1024
php_admin_value[session.cookie_httponly] = on
php_admin_value[session.hash_function] = sha512
php_admin_value[session.hash_bits_per_character] = 6
php_admin_value[session.gc_probability] = 1
php_admin_value[session.gc_divisor] = 1000
php_admin_value[session.gc_maxlifetime] = 1440
; Pathes
php_admin_value[include_path] = .
php_admin_value[open_basedir] = /data/:/tmp/misc/:/tmp/upload/:/dev/urandom
php_admin_value[sys_temp-dir] = /tmp/misc
php_admin_value[upload_tmp_dir] = /tmp/upload
php_admin_value[session.save_path] = /tmp/session
php_admin_value[soap.wsdl_cache_dir] = /tmp/wsdl
php_admin_value[sendmail_path] = /bin/sendmail -f -i
php_admin_value[session.entropy_file] = /dev/urandom
php_admin_value[openssl.capath] = /etc/ssl/certsphp7的最后一个版本在centos9上由于openssl新版本不兼容了, 得安装低版本的openssl才能安装
先安装旧版本的liberssl
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0.tar.gz -O - | tar xz
cd libressl-3.6.0
./configure--prefix=/usr/local/liberssl
make check
make install./configure --prefix=/opt/php7/usr --with-openssl=/usr/local/liberssl/bin --with-openssl-dir=/usr/local/liberssl/bin
然后测试编译php7.4发现一大堆的错误, MMP, 还是直接用remi源安装吧.
dnf install -y http://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf -y --enablerepo=remi php74 php74-php-{fpm,pdo,gd,mysqlnd,xml,pdo,snmp,imap,bcmath,exif,ftp,mbstring,soap,sockets,opcache,calendar,intl,gmp,pear,sodium} php74-php-pecl-{mysql,ssh2,rrd,zip} --skip-broken
ln -s /etc/opt/remi/php74/ /opt/php7
echo "zend_extension='/opt/ioncube/ioncube_loader_lin_7.4.so'">> /opt/php7/php.ini
prefix=/opt/php7
rm -f $prefix/php-fpm.d/www.conf
cat>$prefix/php-fpm.conf<<EOF
[global]
pid = run/php-fpm.pid
error_log = log/php-fpm.log
log_level = warning
emergency_restart_threshold = 30
emergency_restart_interval = 60s
process_control_timeout = 5s
daemonize = yes
include=$prefix/php-fpm.d/*.conf
EOF
cat>$prefix/php-fpm.d/default.conf<<EOF
[default]
;listen=127.0.0.1:9006
listen=/dev/shm/php7-fpm.sock
listen.mode=0666
user=nobody
group=nobody
pm=dynamic
pm.max_children=128
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=10000
rlimit_files=51200
slowlog=log/\$pool.log.slow
env[PATH] = /usr/local/bin:/usr/bin:/bin:$prefix/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
EOF
systemctl restart php74-php-fpmphp目录/etc/opt/remi/php74/
php.ini目录/etc/opt/remi/php74/php.ini
php-fpm目录/etc/opt/remi/php74/php-fpm.d
php二进制地址 /usr/bin/php74 /usr/bin/php74-cgi /usr/bin/php74-phar
curl https://get.acme.sh | sh -s [email protected]
source ~/.bashrc
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
acme(){
DOMAIN="$1";
acme.sh --issue -d $1 --nginx /etc/nginx/conf/$DOMAIN.conf \
--key-file /etc/nginx/ssl/$DOMAIN.key \
--fullchain-file /etc/nginx/ssl/$DOMAIN.crt \
--reloadcmd "nginx -s reload" --force
}
acmeupdate(){
DOMAIN="$1";
acme.sh --renew -d $DOMAIN --ecc --force
}addfpm() {
if [ ! -n "$1" ]; then username="newuser"; else username=$1; fi
if [ ! -n "$2" ]; then prefix="/opt/php8"; else prefix=$2; fi
useradd -r -s /bin/nologin $username
cat>$prefix/etc/php-fpm.d/$username.conf<<EOF
[$username]
;listen=127.0.0.1:9006
listen=/dev/shm/\$pool.sock
listen.mode=0666
user=$username
group=$username
pm=dynamic
pm.max_children=128
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=10000
rlimit_files=51200
slowlog=log/\$pool.log.slow
env[PATH] = /usr/local/bin:/usr/bin:/bin:$prefix/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
EOF
}
addnginx(){
if [ ! -n "$1" ]; then echo "Please input Domain";exit; else domain=$1; fi
cat>/etc/nginx/conf/$domain.conf<<EOF
server {
listen 443 ssl;
server_name $domain www.$domain;
index default.php index.php index.htm index.html;
root /home/$2/;
access_log /var/log/httpd/$domain.log;
error_log /var/log/httpd/$domain.error.log;
ssl_certificate /etc/nginx/ssl/$domain.crt;
ssl_certificate_key /etc/nginx/ssl/$domain.key;
include ssl.conf;
#include whmcs.conf;
#include typecho.conf;
sub_filter_once off;
sub_filter_types text/css;
sub_filter "//ajax.googleapis.com" "//ajax.googleapis.cnpmjs.org";
sub_filter "//fonts.googleapis.com" "//fonts.googleapis.cnpmjs.org";
sub_filter "//fonts.gstatic.com" "//fonts.gstatic.cnpmjs.org";
location /{
location ~ [^/]\.php(/|\$){
fastcgi_pass unix:/dev/shm/$2.sock;
try_files \$uri = 404;
}
}
location /nginx_status {
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$ {expires 30d;}
location ~ .*\.(js|css)?\$ { expires 12h;}
location ~ /\. {deny all;}
location ~/\.ht {deny all;}
}
server {
listen 80;
#server_name ~^(www\.)?(.+)$;
server_name $domain www.$domain;
location /{
if (\$scheme != '\$https' ) {rewrite ^/(.*)$ https://\$http_host/\$1 permanent;}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$ {expires 30d;}
location ~ .*\.(js|css)?\$ { expires 12h;}
location ~ /\. {deny all;}
location ~/\.ht {deny all;}
location ~ /.well-known { allow all;}
location /.well-known/acme-challenge/ { allow all;}
}
EOF
}
解决办法:
update-crypto-policies --set LEGACY
rpm --import https://openresty.org/package/pubkey.gpg或者是dnf带上 --nogpgcheck参数
dnf install -y --nogpgcheck openresty 把gpgcheck检查去掉也行.
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/openresty.repo
没导入时候报错提示
GPG Keys are configured as: https://openresty.org/package/pubkey.gpg
Error: GPG check FAILED
当导入时候的错误提示
warning: Signature not supported. Hash algorithm SHA1 not available.
error: https://openresty.org/package/pubkey.gpg: key 1 import failed
总结:更新update-crypto-policies设置
文章内容源自:https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
设置通电自动开机
sudo pmset autorestart 1取消自动开机
sudo pmset repeat cancel设置定时自动开机和关机
sudo pmset repeat wakeorpoweron MTWRF 9:00:00 shutdown MTWRFSU 18:30:00对于小白可以安装一个cockpit, ssh被玩死了上不去的时候可以通过浏览器访问9090端口进入操作终端.
dnf install -y cockpit
systemctl start cockpit如果管理的服务器比较多, 还能串联管理.
对于绑定了很多IP遇上暴力破解ssh之类的, 用iptables封IP会比较慢.
用ip route把对方IP段丢路由黑洞封掉会立竿见影.
ip route add blackhole 10.0.0.0/24最近安装php发现编译失败, 搜索一圈后发现软件包仓库改crb去了,稍微改一下脚本判断就解决了.
sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/*-{crb,plus}.repo如果不想改repo配置,则安装的时候启用一下crb源.
dnf -y --enablerepo=crb install libzip-devel oniguruma-devel rrdtool-develhttps://mirror.stream.centos.org/9-stream/CRB/x86_64/os/Packages/
另外libc-client-devel的包暂时也没找到, 用remi的源安装uw-imap-devel替代解决了.
dnf install -y http://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf -y --enablerepo=remi install uw-imap-develIP="168.192.in-addr.arpa
10.10.in-addr.arpa
";
for list in $IP
do
pdnsutil create-zone $list ns1.server.com
pdnsutil add-record $list @ NS ns2.server.com
pdnsutil replace-rrset $list . SOA 'ns1.server.com. ns2.server.com. 0 10800 3600 604800 3600'
pdnsutil increase-serial $list
done
for i in {0..255}; do
for o in {0..255}; do
pdnsutil add-record 168.192.in-addr.arpa $o.$i PTR test.example.com
done;
done;
whmcs自定义模版调用login.tpl模版报错
Error: Error: Call to a member function getButtonClass() on null in
Error: Error: Call to a member function isEnabled() on null in
主要问题在$captcha上, {if $captcha->isEnabled()} 和{$captcha->getButtonClass($captchaForm)}
自定义php文件里面引入一下Captcha()类就解决了.
$smartyvalues["captcha"] = new WHMCS\Utility\Captcha();官方指引:https://wiki.samba.org/index.php/Configure_Samba_to_Work_Better_with_Mac_OS_X
smb.conf配置后TimeMachine直接可以备份数据.
[Global]
vfs objects = fruit streams_xattr
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
[TimeMachineBackup]
fruit:time machine = yes
# fruit:time machine max size = SIZE
不用再设置什么虚拟磁盘进行挂载了, 当airport一样用.
https://lg.he.net/
https://lg.sgix.sg
https://www.cogentco.com/en/looking-glass
https://www.cmi.chinamobile.com/en/looking-glass
https://lg.ibeo.hgc-intl.com/
https://lg.ix.br/
https://lg.ntt.lt/
https://www.gin.ntt.net/looking-glass/
https://lookingglass.consoleconnect.com/
https://lookingglass.centurylink.com/
http://lg.level3carrier.com/lg/lg.cgi
https://lg.telia.net/
https://lg.twelve99.net/
https://ipms.chinatelecomglobal.com/public/lookglass/lookglassDisclaimer.html?lang=zh_CN
https://stixlg.singtel.com/dashboard
