Tomtalk

来自tomtalk
跳转至: 导航搜索

重启php-fpm

service php-fpm restart

您的主机42.121.108.182正在被暴力破解

原因
  1. 您好,建议您分析下云盾提示的攻击ip,将实际的攻击ip使用iptables功能屏蔽掉。
  2. 另外更改ssh的端口号。加强登陆端口的隐蔽性。
  3. 对常用端口如ssh端口 ftp端口等用iptables命令限制访问ip等。
操作
  1. 改/etc/services和 /etc/ssh/sshd_config
  2. 和/etc/services没任何关系,需要找到正确位置的sshd_config,然后修改其端口号,重启sshd服务。因为不同的安装方式,sshd_config的文件位置不同,而且可能不只一个。
service sshd restart
netstat -lnp
 
passwd 用户名 (修改密码)

centos6.2安装五笔输入法

使用centos 仓库里的 ibus,五笔支持是 ibus-table-wubi 包

sudo yum install ibus-table-wubi

varnish重启脚本

#!/bin/sh 
pkill varnishd 
cd /usr/local/varnish/sbin 
./varnishd -f vcl.conf -s malloc,50M

varnish wiki 配置文件

# set default backend if no server cluster specified
backend default {
    .host = "localhost";
    .port = "8080";
# .port = "80"; also works well, but using 8080 allows direct access to Apache for debugging purposes.
}
 
 
# The default code for vcl_recv is incorporated into the following subroutine to make it easier to specify the proper order of execution.
sub vcl_recv
{
# Force lookup if the request is a no-cache request from the client.
    if (req.http.Cache-Control ~ "no-cache")
    {
        ban_url(req.url);
    }
    unset req.http.Cookie;
 
    if (req.http.Accept-Encoding) {
        if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
            remove req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
            set req.http.Accept-Encoding = "deflate";
        } else {
# unkown algorithm
            set req.http.Accept-Encoding = "gzip";
            #remove req.http.Accept-Encoding;
        }
    }
 
    return (lookup);
}
 
sub vcl_pipe {
# This is otherwise not necessary if you do not do any request rewriting.
    set bereq.http.connection = "close";
}
 
sub vcl_hit {
    if (req.request == "PURGE") { 
        purge;
        error 200 "Purged";
    }
}
 
sub vcl_miss {
    if (req.request == "PURGE") {
        error 200 "Not in cache";
    }
}
 
sub vcl_fetch {
# For debugging only. Varnish's internal Time To Live for cached object
    set beresp.http.X-orig-ttl = beresp.ttl;
# I think the following is redundant because caches aren't allowed to change Cache Control headers
    set beresp.http.X-Orig-Cache-Control = beresp.http.Cache-Control;
 
# set minimum timeouts to auto-discard stored objects
#    set beresp.prefetch =-30s;
    set beresp.grace = 120s;
 
    set beresp.ttl = 1h;
 
    return(deliver);
}
 
 
sub vcl_deliver {
# For debugging only. The approximate number of times the object has been delivered. A value of 0 indicates a cache miss.
    set resp.http.X-obj-hits = obj.hits;
    return(deliver);
}

install memcached

wget https://github.com/downloads/libevent/libevent/libevent-2.0.20-stable.tar.gz
tar zxvf libevent-2.0.20-stable.tar.gz 
./configure --prefix=/usr 
make && make install
 
wget http://memcached.googlecode.com/files/memcached-1.4.15.tar.gz
tar zxvf http://memcached.googlecode.com/files/memcached-1.4.15.tar.gz
./configure --with-libevent=/usr
make && make install

参数不算多,我们来启动一个Memcache的服务器端:

  1. /usr/bin/memcached -d -m 10 -u root -l localhost -p 12000 -c 256 -P /tmp/memcached.pid

-d选项是启动一个守护进程,-m是分配给Memcache使用的内存数量,单位是MB,我这里是10MB,-u是运行Memcache的用户,我这里是root,-l是监听的服务器IP地址,如果有多个地址的话,我这里指定了服务器的IP地址192.168.0.200,-p是设置Memcache监听的端口,我这里设置了12000,最好是1024以上的端口,-c选项是最大运行的并发连接数,默认是1024,我这里设置了256,按照你服务器的负载量来设定,-P是设置保存Memcache的pid文件,我这里是保存在/tmp/memcached.pid,如果要结束Memcache进程,执行:

  1. kill `cat /tmp/memcached.pid`

也可以启动多个守护进程,不过端口不能重复。

pecl install memcache

install nginx

yum install gcc-c++ libtool gcc zlib zlib-devel
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.20.tar.gz
tar zxvf pcre-8.20.tar.gz
./configure
make && make install
 
wget http://nginx.org/download/nginx-1.2.2.tar.gz
tar zxvf nginx
./configure
make && make install
#现在,启动ngnix测试是否已经安装好。open http://www.tomtalk.net/ will display "Welcome to nginx!".
/usr/local/ngnix/sbin/ngnix

install mysql

yum install cmake             #mysql5.5以后是通过cmake来编译的
wget http://downloads.mysql.com/archives/mysql-5.5/mysql-5.5.0-m2.tar.gz
cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DCURSES_LIBRARY=/usr/lib/libncurses.so.5 -DCURSES_INCLUDE_PATH=/usr/include
make && make install
 
#注意事项:重新编译时,需要清除旧的对象文件和缓存信息。# rm -f CMakeCache.txt
 
yum -y install mysql-server php-mysql

install php

yum install libxml2 libxml2-devel
 
yum -y install libmcrypt libmcrypt-devel 
 
yum install php-mcrypt gd-devel php-gd curl curl-devel
 
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz
tar -zxvf libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure 
make && make install
 
wget http://cn2.php.net/get/php-5.3.8.tar.gz/from/au.php.net/mirror           #www.php.net/download.php 
tar -zxvf php-5.3.8.tar.gz
./configure --enable-fastcgi --enable-fpm --enable-pdo --with-iconv=/usr/local/libiconv --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-curl=/usr/local/curl --with-gd --with-mcrypt=/usr --with-config-file-path=/etc --enable-pcntl 
 
make && make install

注:

  1. Nginx+PHP整合,在安装时必须启用–enable-fastcgi和 –enable-fpm,这两个选项是做什么的上面已经描述。执行完后系统会提示–enable-fastcgi是一个未知选项,我们不必理会。
  2. elong要使用pdo,所以要加入--enable-pdo
  3. 解决办法:安装php-mcrypt libmcrypt libmcrypt-devel这三个库文件
      系统运维  www.osyunwei.com  温馨提醒:qihang01原创内容?版权所有,转载请注明出处及原文链接
     下面以CentOS 6.0系统为例来为说明:(备注:以下操作均在终端命令行下进行)
     1、安装第三方yum源(默认yum源里面没有这几个库文件,不能使用yum安装)

wget http://www.atomicorp.com/installers/atomic #下载 sh ./atomic #安装

  1. yun 提示kernel-2.6.32-220.13.1.el6.x86_64 has missin

运行yun 提示kernel-2.6.32-220.13.1.el6.x86_64 has missing requires of kernel-firmware >= ('0', '2.6.32', '220.13.1.el6')

请修改文件vi /etc/yum.conf 将exclude=kernel*前加注释即可解决

configure: error: libjpeg.(a|so) not found

在64位机器centos 6.0系统上安装php-5.3.3出现如下报错,

解决方法:

  1. ln -s /usr/lib64/libjpeg.so /usr/lib/
  1. ln -s /usr/lib64/libpng.so /usr/lib/
[root@MyVPS conf]# cat /usr/local/etc/php-fpm.conf
[global]
pid = /usr/local/var/run/php-fpm.pid
error_log = /usr/local/var/log/php-fpm.log
 
log_level = notice
 
[www]
listen = /tmp/php-cgi.sock
user = nobody 
group = nobody 
pm = dynamic
pm.max_children = 30
pm.start_servers = 2 
pm.min_spare_servers = 2 
pm.max_spare_servers = 5 
pm.max_requests = 50
request_terminate_timeout = 80s 
 
request_slowlog_timeout = 80s 
 
slowlog = /usr/local/var/log/slow-exec-php-fpm.log
 
/usr/local/sbin/php-fpm      #运行php-pfm
 
ln -s /var/lib/mysql/mysql.sock  mysql.sock

ngnix.conf

user  nobody nobody;
 
worker_processes 2;
 
error_log  /usr/local/var/log/nginx_error.log  crit;
 
pid /usr/local/nginx/logs/nginx.pid;
 
worker_rlimit_nofile 51200;
 
events {
    use epoll;
    worker_connections 2048;
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
 
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
 
    sendfile on; 
    tcp_nopush     on; 
 
    keepalive_timeout 60; 
 
    tcp_nodelay on; 
 
    fastcgi_connect_timeout 60; 
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 16k;
    fastcgi_busy_buffers_size 512k;
    fastcgi_temp_file_write_size 700k;
 
    gzip on; 
    gzip_min_length  1k; 
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on; 
 
    server {
        listen       80;
        server_name www.tomtalk.net;
        index index.html index.htm index.php;
        root  /var/www;
 
        location /wiki {
            index index.php;
            rewrite "^/wiki/([^?]*)(?:\?(.*))?" /wiki/index.php?title=$1&$args last;
        }
 
        error_page 404 403 500 502 503 504  /404.html;
 
        location ~ .+\.php($|/) {
            set $script $uri;
            set $path_info "/";
            if ($uri ~ "^(.+\.php)(/.+)") {
                set $script $1;
                set $path_info $2;
            }
 
            fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_index index.php?IF_REWRITE=1;
            include fastcgi.conf;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param SCRIPT_FILENAME $document_root/$script;
            fastcgi_param SCRIPT_NAME $script;
        }
 
 
 
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
            expires      30d;
        }
 
        location ~ .*\.(js|css)?$ {
            expires      12h;
        }
    }
 
    include vhost/*.conf;
}