helloworld

目前分類:系統管理 (198)

瀏覽方式: 標題列表 簡短摘要

自從更新到最新版的chrome 之後,只要是http 的網站都會被標示為不安全

如果網站的 https 是透過 Alteon Radware L4 switch 的 SSL offload 的功能,而不是利用 web server 本身加解密
因為不管使用者透過 http 或是 https 在訪問網站
web server 本身還是只有透過 80 port 回傳給L4 switch
所以無法透過 rewrite rule 或是透過php的 $_SERVER 變數來判斷是否要幫使用者自動轉址到 https 網站

模擬環境
/cfg/slb/real 1/rip 10.1.1.1
/cfg/slb/real 2/rip 10.1.1.2
/cfg/slb/real 3/rip 10.1.1.3
/cfg/slb/real 4/rip 10.1.1.4
以上real 1 and 2 是原本的web server 
real 3 and 4 則是負責幫忙 redirect 到 https url

/cfg/slb/group 44301/add 1
/cfg/slb/group 44301/add 2
/cfg/slb/group 8001/add 3
/cfg/slb/group 8001/add 4

/cfg/slb/service 80/group 8001
/cfg/slb/service 443 https/group 44301

apply & save

10.1.1.3 和 10.1.1.4 只要依照個人喜好安裝單純的web server 即可
啟用rewrite 機制並設定以上幾行規則
即可變通讓使用者也可以自動轉址到 https 的網站

RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
 


undefined

CentOS 7.3建置、管理與伺服器架設實戰

作者: 湯秉翰  
出版社:博碩  
出版日期:2017/06/15
語言:繁體中文
定價:580元

helloworld 發表在 痞客邦 留言(0) 人氣()

[root@example] /usr/local/etc/apache22# apachectl restart
Performing sanity check on apache22 configuration:
[Wed Jul 04 10:32:52 2018] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Syntax OK
Stopping apache22.
Waiting for PIDS: 86431.
Performing sanity check on apache22 configuration:
[Wed Jul 04 10:32:54 2018] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Syntax OK
Starting apache22.
[Wed Jul 04 10:32:54 2018] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

可以檢查 apache 設定檔是否有加上
NameVirtualHost *.443

如果沒有的話,補上去即可

undefined
一步到位!RWD 網頁程式設計:用 HTML5、CSS3、Bootstrap 打造響應式網頁

作者: 陳惠貞  
出版社:旗標  
出版日期:2017/12/13
語言:繁體中文
定價:480元
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

在console提示符號下執行
hostnamectl set-hostname your-hostname

設定檔會存在
/etc/hostname

重開機後會自動生效

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

透過smbpasswd 指令可以建立samba 使用者並設定密碼
[root@smbsrv samba]# smbpasswd -a test
New SMB password:
Retype new SMB password:
Failed to add entry for user test.

如果出現以上錯誤,表示你的linux系統並沒有test這個使用者
這時候只要在系統上建立這個使用者
[root@smbsrv samba]# adduser test
[root@smbsrv samba]# passwd test
Changing password for user test.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

即可建立samba user
[root@smbsrv samba]# smbpasswd -a test
New SMB password:
Retype new SMB password:
Added user test.

查看剛剛新增的user
[root@smbsrv samba]# pdbedit -L

undefined
CentOS 7 伺服器架設與管理實務

作者: 酆士昌  
出版社:旗標  
出版日期:2017/06/23
語言:繁體中文
定價:490元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

安裝 percona-release-0.1-4.noarch.rpm
[root@pxc57 ~]# yum install http://www.percona.com/downloads/percona-release/redhat/0.1-4/percona-release-0.1-4.noarch.rpm

看看提供哪些套件
[root@pxc57 ~]# sudo yum list | grep percona

安裝Percona-XtraDB-Cluster-57
[root@pxc57 ~]# yum install Percona-XtraDB-Cluster-57

Installed:
 Percona-XtraDB-Cluster-57.x86_64 0:5.7.21-29.26.1.el7 Percona-XtraDB-Cluster-shared-57.x86_64 0:5.7.21-29.26.1.el7 Percona-XtraDB-Cluster-shared-compat-57.x86_64 0:5.7.21-29.26.1.el7

Dependency Installed:
 Percona-XtraDB-Cluster-client-57.x86_64 0:5.7.21-29.26.1.el7 Percona-XtraDB-Cluster-server-57.x86_64 0:5.7.21-29.26.1.el7 libaio.x86_64 0:0.3.109-13.el7 libev.x86_64 0:4.15-7.el7
 lsof.x86_64 0:4.87-5.el7 percona-xtrabackup-24.x86_64 0:2.4.11-1.el7 perl.x86_64 4:5.16.3-292.el7 perl-Carp.noarch 0:1.26-244.el7
 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7 perl-DBI.x86_64 0:1.627-4.el7
 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-Digest.noarch 0:1.17-245.el7 perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-Encode.x86_64 0:2.51-7.el7
 perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
 perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7
 perl-PathTools.x86_64 0:3.40-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 perl-Pod-Escapes.noarch 1:1.04-292.el7 perl-Pod-Perldoc.noarch 0:3.20-4.el7
 perl-Pod-Simple.noarch 1:3.28-4.el7 perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-4.el7
 perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7 perl-Time-Local.noarch 0:1.2300-2.el7
 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-292.el7 perl-macros.x86_64 4:5.16.3-292.el7 perl-parent.noarch 1:0.225-244.el7
 perl-podlators.noarch 0:2.5.1-3.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 qpress.x86_64 0:11-1.el7
 rsync.x86_64 0:3.1.2-4.el7 socat.x86_64 0:1.7.3.2-2.el7

Replaced:
 mariadb-libs.x86_64 1:5.5.56-2.el7

Complete!

啟動mysql
[root@pxc57 ~]# service mysql start

Redirecting to /bin/systemctl start mysql.service

第一次啟動mysql時,系統會給一個亂數密碼,不再是給空密碼了
[root@pxc57 ~]# grep 'temporary password' /var/log/mysqld.log

2018-06-12T05:38:12.965266Z 1 [Note] A temporary password is generated for root@localhost: xxxxxx

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

在一個現有的網站架構下,我們可能不方便再調整 web server 的架構
但又想讓網站服務支援https 的話
可以利用 alteon/radware  的 SSL Offload 功能來實現

1. 匯入金鑰及憑證
匯入金鑰及憑證時建議使用web管理介面會比較好操作
Configuration -> Application Delivery -> Application Services -> SSL -> Certificate Repository


type 選擇 key, 匯入example.com.tw 
type 選擇 Server Certificate , 匯入 STAR_example_com.crt
注意以上兩個ID 要取同一個名字

接下來 type 選擇 Intermediate CA, 依序匯入 COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt

2. 建立憑證鍊的群組


Alteon 不允許匯入bundle 的憑證,但可以利用group 的功能來實現
Configuration -> Application Delivery -> Application Services -> SSL -> Certificate Repository > Certificate Groups
新增一個 comodo_ssl_bundle 的 group
type: Intermediate CA
Selected: AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt + COMODORSADomainValidationSecureServerCA.crt
記得submit

3. 建立 ssl policy


Configuration -> Application Delivery -> Application Services -> SSL -> SSL Policy
新增ssl 政策

4. 設定 server 對應到正確的憑證內容
最後回到cli 介面
/c/slb/v 10/service 443 https
rport 80
ssl/
[SSL Load Balancing Menu]
     srvrcert - Set SSL server certificate or group for this virtual service
     sslpol   - Set SSL policy for this virtual service
     cur      - Display current SSL configuration

>> Standalone ADC - SSL Load Balancing# srvrcert
Current SSL server certificate: Certificate xxx
Enter new SSL server certificate or group [cert|group|none] [cert]: cert
Enter new SSL server certificate: example_com

>> Standalone ADC - SSL Load Balancing# sslpol
Current SSL policy: xxx_pol
Enter new SSL policy or none: example_com_pol

apply

save

undefined
MIS網管達人的工具箱(第三版)

作者: 酆士昌  
出版社:博碩  
出版日期:2017/04/21
語言:繁體中文
定價:560元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

comodo 憑證核發的信件中,會有一個zip 壓縮檔附件
裡面會有包含以下幾個檔案
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Wildcard Certificate - STAR_example_com.crt

Apache:
1. mkdir -p /usr/local/etc/apache22/ssl/example.com/
2. 將所有檔案連同之前產生的 key 複製到該資料匣
3. cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
4. 編輯apache 設定檔
SSLCertificateFile /usr/local/etc/apache22/ssl/example.com/STAR_example_com.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/example.com/example.com.key
SSLCertificateChainFile /usr/local/etc/apache22/ssl/example.com/ssl-bundle.crt
5. 重啟apache
apachectl restart

Nginx:
1. mkdir -p /etc/nginx/ssl/example.com/
2. 將所有檔案連同之前產生的 key 複製到該資料匣
3. cat STAR_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
4. 編輯nginx 設定檔
        server {
                listen 443 ssl;
                server_name www.example.com
                ssl on;
                ssl_certificate /etc/nginx/ssl/example.com/ssl-bundle.crt;
                ssl_certificate_key /etc/nginx/ssl/example.com/example.com.key;
5. 重啟nginx 
systemctl restart nginx 

不論是 apache 或是 nginx ,如果有多個virtualhost, 記得每個virtualhost 都要寫入憑證的設定
確定啟動都正常,並且可以正常瀏覽後
以下線上工具可以協助測試安裝的憑證是否正確
https://www.digicert.com/help/
https://www.sslshopper.com/ssl-checker.html

undefined
Nginx技術手札:網頁伺服器應用全攻略

作者: 苗澤  
出版社:上奇資訊  
出版日期:2017/02/23
語言:繁體中文
定價:580元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

情境:
當目的ip 為 192.168.50.0/24 的時候,便經由 eth1 到 192.168.10.254

編輯 /etc/sysconfig/network-scripts/route-eth1

192.168.50.0/24 via 192.168.10.254 dev eth1
存檔,離開

重啟啟動網路
/etc/init.d/network restart 或 service network restart

重開機後設定檔也會自動生效

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

<?php
function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

$time_begin = microtime_float();

my_function ();

$time_end = microtime_float();
$time = ($time_end - $time_begin) * 1000;
echo "執行這個 function 花了 ". $time ." ms ";

?>

undefined
Laravel 5 for beginner 新手道場:優雅運用框架快速開發 PHP 網站

作者: 洪可郡(KeJyun)  
出版社:博碩  
出版日期:2017/12/29
語言:繁體中文
定價:580元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

為了讓使用者可以加速下載網頁,加上台灣流量不便宜
我們可以在伺服器上做壓縮網頁的處理
如果要測試你的網站有沒有壓縮過
可以利用以下的網站

http://www.gidnetwork.com/tools/gzip-test.php

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()


FreeBSD:
# cd /usr/ports/ftp/tftp-hpa/
# make install clean

# mkdir /tftpboot
# touch /tftpboot/預計存檔的檔名
# chmod -R 777 /tftpboot (雖然知道這樣很危險,但真的不知道怎樣才是適當的權限XD)

# vi /etc/rc.conf
tftpd_enable="YES"
tftpd_flags="-l -s /tftpboot"

# /usr/local/etc/rc.d/tftpd start


Cisco Switch:
login as: cisco
Using keyboard-interactive authentication.
Password:

lab>en
Password:
lab#copy running-config tftp
Address or name of remote host []? 192.168.1.1
Destination filename [lab-confg]?
!!
6982 bytes copied in 1.426 secs (4896 bytes/sec)
lab#
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

條件
tls 1.2 以上 , apache 2.4.17 以上

安裝 apache2.4 時記得一併安裝HTTP2 模組

安裝完上述套件,並測試可以正常瀏覽後
檢查以下幾個設定
httpd.conf:
LoadModule http2_module libexec/apache24/mod_http2.so

除了要Load mod_http2 之外,記得檢查每個vhosts 是否有 Protocols h2 http/1.1
vhost:
<VirtualHost *:443>
    SSLEngine on
    Protocols h2 http/1.1
    .....
    ....
</VirtualHost>

重啟apache
apachectl restart

線上測試網址
https://tools.keycdn.com/http2-test

如果你的網站有支援http/2  就會出現以下畫面


undefined
Learning HTTP/2: A Practical Guide for Beginners

作者: Ludin, Stephen/ Garza, Javier
原文出版社:Oreilly & Associates Inc
出版日期:2017/06/02
語言:英文
定價:1400元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

apache 出現以下錯誤訊息
[error] Oops, no RSA or DSA server certificate found for 'xxx.xxx.xxx:0'?!

檢查vhost 裡面是否有
SSLEngine On
如果沒有的話,補上再試試

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

yum -y install wondershaper

使用語法
Usage: /sbin/wondershaper [device] clean|[upload speed in Kb/s] [download speed in Kb/s]
Example: /sbin/wondershaper eth0 20 500

例如,如果要限制上傳1024Kb/s , 下載2048Kb/s
wondershaper ens192 1024 2048

但實際測試結果,圖形有點怪,上下傳相反,數字也打折了

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

[root@example ~]# killall sftp
-bash: killall: command not found

[root@example ~]# yum -y install yum install psmisc
Loaded plugins: fastestmirror
varnishcache_varnish5/x86_64/signature                                                         |  836 B  00:00:00
varnishcache_varnish5/x86_64/signature                                                         | 1.0 kB  00:00:00 !!!
varnishcache_varnish5-source/signature                                                         |  836 B  00:00:00
varnishcache_varnish5-source/signature                                                         | 1.0 kB  00:00:00 !!!
Loading mirror speeds from cached hostfile
 * base: ftp.stu.edu.tw
 * epel: mirror01.idc.hinet.net
 * extras: ftp.stu.edu.tw
 * updates: ftp.stu.edu.tw
No package install available.
Resolving Dependencies
--> Running transaction check
---> Package psmisc.x86_64 0:22.20-15.el7 will be installed
---> Package yum.noarch 0:3.4.3-154.el7.centos will be updated
---> Package yum.noarch 0:3.4.3-154.el7.centos.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                Arch                   Version                                  Repository               Size
======================================================================================================================
Installing:
 psmisc                 x86_64                 22.20-15.el7                             base                    141 k
Updating:
 yum                    noarch                 3.4.3-154.el7.centos.1                   updates                 1.2 M

Transaction Summary
======================================================================================================================
Install  1 Package
Upgrade  1 Package

Total download size: 1.4 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): psmisc-22.20-15.el7.x86_64.rpm                                                          | 141 kB  00:00:01
(2/2): yum-3.4.3-154.el7.centos.1.noarch.rpm                                                   | 1.2 MB  00:00:06
----------------------------------------------------------------------------------------------------------------------
Total                                                                                 224 kB/s | 1.4 MB  00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : yum-3.4.3-154.el7.centos.1.noarch                                                                  1/3
  Installing : psmisc-22.20-15.el7.x86_64                                                                         2/3
  Cleanup    : yum-3.4.3-154.el7.centos.noarch                                                                    3/3
  Verifying  : psmisc-22.20-15.el7.x86_64                                                                         1/3
  Verifying  : yum-3.4.3-154.el7.centos.1.noarch                                                                  2/3
  Verifying  : yum-3.4.3-154.el7.centos.noarch                                                                    3/3

Installed:
  psmisc.x86_64 0:22.20-15.el7

Updated:
  yum.noarch 0:3.4.3-154.el7.centos.1

Complete!
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

檢查iptables 狀態
systemctl status firewalld

手動關閉 iptables
systemctl stop firewalld

手動啟動 iptables
systemctl start firewalld

重開機後不執行iptables
手動啟動 iptables
systemctl disable firewalld

重開機後自動執行iptables
手動啟動 iptables
systemctl enable firewalld
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

CentOS 網卡限速

CentOS 7 預設裝有iproute 套件
可以用其中的tc 指令來達到網卡限速的目的

還沒設定前,先看一下預設的狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

限制網卡 1024kbit 頻寬
[root@ethan-centos7 ~]# tc qdisc add dev ens192 root tbf rate 1024kbit latency 50ms burst 1540

再次查看狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc tbf 8003: root refcnt 9 rate 1024Kbit burst 1539b lat 50.0ms

可以嘗試從其他地方拉一個大檔案測試
但我測試結果只有output 有限速1024k, input如果也要限速1024k 還要研究一下...orz

如果要還原剛剛的設定,只要將add 改成del 即可
[root@ethan-centos7 ~]# tc qdisc del dev ens192 root tbf rate 1024kbit latency 50ms burst 1540
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

如果檢查http的錯誤訊息出現
/home/website/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration

請檢查 httpd.conf
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
是否有把# 拿掉

重新啟動apache 即可生效
apachectl restart
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

curl -G --data-urlencode "a=1 1 1" --data-urlencode "b=2 2 2"  https://servername/test.php

man curl

       -G, --get
              When  used,  this  option  will make all data specified with -d,
              --data, --data-binary or --data-urlencode to be used in an  HTTP
              GET  request instead of the POST request that otherwise would be
              used. The data will be appended to the URL with a '?' separator.

              If  used  in  combination with -I, the POST data will instead be
              appended to the URL with a HEAD request.

              If this option is used several times,  only  the  first  one  is
              used.  This is because undoing a GET doesn't make sense, but you
              should then instead enforce the alternative method you prefer.

       --data-urlencode <data>
              (HTTP) This posts data, similar to the other --data options with
              the exception that this performs URL-encoding. (Added in 7.18.0)

              To  be  CGI-compliant,  the <data> part should begin with a name
              followed by a separator and a content specification. The  <data>
              part can be passed to curl using one of the following syntaxes:

              content
                     This  will make curl URL-encode the content and pass that
                     on. Just be careful so that the content  doesn't  contain
                     any  =  or  @  symbols, as that will then make the syntax
                     match one of the other cases below!

              =content
                     This will make curl URL-encode the content and pass  that
                     on. The preceding = symbol is not included in the data.

              name=content
                     This  will make curl URL-encode the content part and pass
                     that on. Note that the name part is expected to  be  URL-
                     encoded already.

              @filename
                     This  will  make  curl  load  data  from  the  given file
                     (including any newlines), URL-encode that data  and  pass
                     it on in the POST.

              name@filename
                     This  will  make  curl  load  data  from  the  given file
                     (including any newlines), URL-encode that data  and  pass
                     it  on  in  the  POST.  The  name part gets an equal sign
                     appended, resulting in name=urlencoded-file-content. Note
                     that the name is expected to be URL-encoded already.
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

從varnish 4.x 以後設定檔有大幅度的改變
如果不想一行一行debug 的話,可以使用這個方便的工具
https://github.com/fgsch/varnish3to4

節錄文章的內容

Script to assist migrating a VCL file from Varnish 3 to 4.x. [1]

Suggested usage

 $ varnish3to4 -o <filename>.v4 <filename>
 $ diff -u <filename> <filename>.v4

To limit changes for Varnish 4.0:

 $ varnish3to4 -v 4.0 -o <filename>.v4 <filename>
 $ diff -u <filename> <filename>.v4

Currently understands

V3 V4
{bereq,req}.backend.healthy std.healthy({bereq.backend,req.backend_hint})
{bereq,req}.request {bereq,req}.method
bereq.* in vcl_pass and vcl_miss req.*
{beresp,obj,resp}.response {beresp,obj,resp}.reason
beresp.storage beresp.storage_hint
{client,server}.port std.port({client,server}.ip)
error code response return (synth(code, response))
obj.hits - writing to -
obj.* in vcl_synth resp.*
obj.lastuse -
remove unset
req.backend req.backend_hint
req.grace -
req.* in vcl_backend_response bereq.*
return (hash) in vcl_hash return (lookup)
return (hit_for_pass) set beresp.uncacheable = true;
return (deliver);
return (lookup) in vcl_recv return (hash)
return (pass) in vcl_pass return (fetch)
return (restart) in vcl_fetch return (retry)
std.real2integer(..) [2] std.real2integer(.., n)
std.time2integer(..) [2] std.time2integer(.., n)
std.time2real(..) [2] std.time2real(.., n.n)
synthetic .. synthetic(..)
vcl_error vcl_backend_error and vcl_synth
vcl_fetch vcl_backend_response

Limited coverage

V3 V4
purge -

Won't be implemented

V3 V4
 - vcl 4.0
 - import directors
new xx = directors.yy();
xx.add_backend(ss);
set req.backend_hint = xx.backend();

Add imports resulting from changes in V4, complete purge handling and any other changes missing from this document.

N/A for 3.0 (for documentation only)

V4.0 V4.1
return (fetch) in vcl_hit [3] return (miss)

Notes

  1. Comments in VCL are treated as code and as such references within will be rewritten.
  2. Required in 4.1 and above.
  3. Optional in 4.1. Required in 5.0 and above.
文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()