helloworld

目前分類:系統管理 (191)

瀏覽方式: 標題列表 簡短摘要

情境:
當目的ip 為 192.168.50.0/24 的時候,便經由 eth1 到 192.168.10.254

編輯 /etc/sysconfig/network-scripts/route-eth1

192.168.50.0/24 via 192.168.10.254 dev eth1
存檔,離開

重啟啟動網路
/etc/init.d/network restart 或 service network restart

重開機後設定檔也會自動生效

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

<?php
function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

$time_begin = microtime_float();

my_function ();

$time_end = microtime_float();
$time = ($time_end - $time_begin) * 1000;
echo "執行這個 function 花了 ". $time ." ms ";

?>

undefined
Laravel 5 for beginner 新手道場:優雅運用框架快速開發 PHP 網站

作者: 洪可郡(KeJyun)  
出版社:博碩  
出版日期:2017/12/29
語言:繁體中文
定價:580元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

為了讓使用者可以加速下載網頁,加上台灣流量不便宜
我們可以在伺服器上做壓縮網頁的處理
如果要測試你的網站有沒有壓縮過
可以利用以下的網站

http://www.gidnetwork.com/tools/gzip-test.php

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()


FreeBSD:
# cd /usr/ports/ftp/tftp-hpa/
# make install clean

# mkdir /tftpboot
# touch /tftpboot/預計存檔的檔名
# chmod -R 777 /tftpboot (雖然知道這樣很危險,但真的不知道怎樣才是適當的權限XD)

# vi /etc/rc.conf
tftpd_enable="YES"
tftpd_flags="-l -s /tftpboot"

# /usr/local/etc/rc.d/tftpd start


Cisco Switch:
login as: cisco
Using keyboard-interactive authentication.
Password:

lab>en
Password:
lab#copy running-config tftp
Address or name of remote host []? 192.168.1.1
Destination filename [lab-confg]?
!!
6982 bytes copied in 1.426 secs (4896 bytes/sec)
lab#
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

條件
tls 1.2 以上 , apache 2.4.17 以上

安裝 apache2.4 時記得一併安裝HTTP2 模組

安裝完上述套件,並測試可以正常瀏覽後
檢查以下幾個設定
httpd.conf:
LoadModule http2_module libexec/apache24/mod_http2.so

除了要Load mod_http2 之外,記得檢查每個vhosts 是否有 Protocols h2 http/1.1
vhost:
<VirtualHost *:443>
    SSLEngine on
    Protocols h2 http/1.1
    .....
    ....
</VirtualHost>

重啟apache
apachectl restart

線上測試網址
https://tools.keycdn.com/http2-test

如果你的網站有支援http/2  就會出現以下畫面


undefined
Learning HTTP/2: A Practical Guide for Beginners

作者: Ludin, Stephen/ Garza, Javier
原文出版社:Oreilly & Associates Inc
出版日期:2017/06/02
語言:英文
定價:1400元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

apache 出現以下錯誤訊息
[error] Oops, no RSA or DSA server certificate found for 'xxx.xxx.xxx:0'?!

檢查vhost 裡面是否有
SSLEngine On
如果沒有的話,補上再試試

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

yum -y install wondershaper

使用語法
Usage: /sbin/wondershaper [device] clean|[upload speed in Kb/s] [download speed in Kb/s]
Example: /sbin/wondershaper eth0 20 500

例如,如果要限制上傳1024Kb/s , 下載2048Kb/s
wondershaper ens192 1024 2048

但實際測試結果,圖形有點怪,上下傳相反,數字也打折了

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

[root@example ~]# killall sftp
-bash: killall: command not found

[root@example ~]# yum -y install yum install psmisc
Loaded plugins: fastestmirror
varnishcache_varnish5/x86_64/signature                                                         |  836 B  00:00:00
varnishcache_varnish5/x86_64/signature                                                         | 1.0 kB  00:00:00 !!!
varnishcache_varnish5-source/signature                                                         |  836 B  00:00:00
varnishcache_varnish5-source/signature                                                         | 1.0 kB  00:00:00 !!!
Loading mirror speeds from cached hostfile
 * base: ftp.stu.edu.tw
 * epel: mirror01.idc.hinet.net
 * extras: ftp.stu.edu.tw
 * updates: ftp.stu.edu.tw
No package install available.
Resolving Dependencies
--> Running transaction check
---> Package psmisc.x86_64 0:22.20-15.el7 will be installed
---> Package yum.noarch 0:3.4.3-154.el7.centos will be updated
---> Package yum.noarch 0:3.4.3-154.el7.centos.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================
 Package                Arch                   Version                                  Repository               Size
======================================================================================================================
Installing:
 psmisc                 x86_64                 22.20-15.el7                             base                    141 k
Updating:
 yum                    noarch                 3.4.3-154.el7.centos.1                   updates                 1.2 M

Transaction Summary
======================================================================================================================
Install  1 Package
Upgrade  1 Package

Total download size: 1.4 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): psmisc-22.20-15.el7.x86_64.rpm                                                          | 141 kB  00:00:01
(2/2): yum-3.4.3-154.el7.centos.1.noarch.rpm                                                   | 1.2 MB  00:00:06
----------------------------------------------------------------------------------------------------------------------
Total                                                                                 224 kB/s | 1.4 MB  00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : yum-3.4.3-154.el7.centos.1.noarch                                                                  1/3
  Installing : psmisc-22.20-15.el7.x86_64                                                                         2/3
  Cleanup    : yum-3.4.3-154.el7.centos.noarch                                                                    3/3
  Verifying  : psmisc-22.20-15.el7.x86_64                                                                         1/3
  Verifying  : yum-3.4.3-154.el7.centos.1.noarch                                                                  2/3
  Verifying  : yum-3.4.3-154.el7.centos.noarch                                                                    3/3

Installed:
  psmisc.x86_64 0:22.20-15.el7

Updated:
  yum.noarch 0:3.4.3-154.el7.centos.1

Complete!
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

檢查iptables 狀態
systemctl status firewalld

手動關閉 iptables
systemctl stop firewalld

手動啟動 iptables
systemctl start firewalld

重開機後不執行iptables
手動啟動 iptables
systemctl disable firewalld

重開機後自動執行iptables
手動啟動 iptables
systemctl enable firewalld
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

CentOS 網卡限速

CentOS 7 預設裝有iproute 套件
可以用其中的tc 指令來達到網卡限速的目的

還沒設定前,先看一下預設的狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

限制網卡 1024kbit 頻寬
[root@ethan-centos7 ~]# tc qdisc add dev ens192 root tbf rate 1024kbit latency 50ms burst 1540

再次查看狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc tbf 8003: root refcnt 9 rate 1024Kbit burst 1539b lat 50.0ms

可以嘗試從其他地方拉一個大檔案測試
但我測試結果只有output 有限速1024k, input如果也要限速1024k 還要研究一下...orz

如果要還原剛剛的設定,只要將add 改成del 即可
[root@ethan-centos7 ~]# tc qdisc del dev ens192 root tbf rate 1024kbit latency 50ms burst 1540
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

如果檢查http的錯誤訊息出現
/home/website/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration

請檢查 httpd.conf
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
是否有把# 拿掉

重新啟動apache 即可生效
apachectl restart
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

curl -G --data-urlencode "a=1 1 1" --data-urlencode "b=2 2 2"  https://servername/test.php

man curl

       -G, --get
              When  used,  this  option  will make all data specified with -d,
              --data, --data-binary or --data-urlencode to be used in an  HTTP
              GET  request instead of the POST request that otherwise would be
              used. The data will be appended to the URL with a '?' separator.

              If  used  in  combination with -I, the POST data will instead be
              appended to the URL with a HEAD request.

              If this option is used several times,  only  the  first  one  is
              used.  This is because undoing a GET doesn't make sense, but you
              should then instead enforce the alternative method you prefer.

       --data-urlencode <data>
              (HTTP) This posts data, similar to the other --data options with
              the exception that this performs URL-encoding. (Added in 7.18.0)

              To  be  CGI-compliant,  the <data> part should begin with a name
              followed by a separator and a content specification. The  <data>
              part can be passed to curl using one of the following syntaxes:

              content
                     This  will make curl URL-encode the content and pass that
                     on. Just be careful so that the content  doesn't  contain
                     any  =  or  @  symbols, as that will then make the syntax
                     match one of the other cases below!

              =content
                     This will make curl URL-encode the content and pass  that
                     on. The preceding = symbol is not included in the data.

              name=content
                     This  will make curl URL-encode the content part and pass
                     that on. Note that the name part is expected to  be  URL-
                     encoded already.

              @filename
                     This  will  make  curl  load  data  from  the  given file
                     (including any newlines), URL-encode that data  and  pass
                     it on in the POST.

              name@filename
                     This  will  make  curl  load  data  from  the  given file
                     (including any newlines), URL-encode that data  and  pass
                     it  on  in  the  POST.  The  name part gets an equal sign
                     appended, resulting in name=urlencoded-file-content. Note
                     that the name is expected to be URL-encoded already.
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

從varnish 4.x 以後設定檔有大幅度的改變
如果不想一行一行debug 的話,可以使用這個方便的工具
https://github.com/fgsch/varnish3to4

節錄文章的內容

Script to assist migrating a VCL file from Varnish 3 to 4.x. [1]

Suggested usage

 $ varnish3to4 -o <filename>.v4 <filename>
 $ diff -u <filename> <filename>.v4

To limit changes for Varnish 4.0:

 $ varnish3to4 -v 4.0 -o <filename>.v4 <filename>
 $ diff -u <filename> <filename>.v4

Currently understands

V3 V4
{bereq,req}.backend.healthy std.healthy({bereq.backend,req.backend_hint})
{bereq,req}.request {bereq,req}.method
bereq.* in vcl_pass and vcl_miss req.*
{beresp,obj,resp}.response {beresp,obj,resp}.reason
beresp.storage beresp.storage_hint
{client,server}.port std.port({client,server}.ip)
error code response return (synth(code, response))
obj.hits - writing to -
obj.* in vcl_synth resp.*
obj.lastuse -
remove unset
req.backend req.backend_hint
req.grace -
req.* in vcl_backend_response bereq.*
return (hash) in vcl_hash return (lookup)
return (hit_for_pass) set beresp.uncacheable = true;
return (deliver);
return (lookup) in vcl_recv return (hash)
return (pass) in vcl_pass return (fetch)
return (restart) in vcl_fetch return (retry)
std.real2integer(..) [2] std.real2integer(.., n)
std.time2integer(..) [2] std.time2integer(.., n)
std.time2real(..) [2] std.time2real(.., n.n)
synthetic .. synthetic(..)
vcl_error vcl_backend_error and vcl_synth
vcl_fetch vcl_backend_response

Limited coverage

V3 V4
purge -

Won't be implemented

V3 V4
 - vcl 4.0
 - import directors
new xx = directors.yy();
xx.add_backend(ss);
set req.backend_hint = xx.backend();

Add imports resulting from changes in V4, complete purge handling and any other changes missing from this document.

N/A for 3.0 (for documentation only)

V4.0 V4.1
return (fetch) in vcl_hit [3] return (miss)

Notes

  1. Comments in VCL are treated as code and as such references within will be rewritten.
  2. Required in 4.1 and above.
  3. Optional in 4.1. Required in 5.0 and above.
文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

sudo yum install pygpgme yum-utils

vi /etc/yum.repos.d/varnishcache_varnish5.repo

[varnishcache_varnish5]
name=varnishcache_varnish5
baseurl=https://packagecloud.io/varnishcache/varnish5/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[varnishcache_varnish5-source]
name=varnishcache_varnish5-source
baseurl=https://packagecloud.io/varnishcache/varnish5/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/varnishcache/varnish5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

存檔離開

sudo yum install varnish

參考網址: https://packagecloud.io/varnishcache/varnish5/install#manual-rpm

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

以往如果要修改FreeBSD 除了修改 /etc/rc.conf 之外
還有一個好用的命令 sysinstall

但新版FreeBSD 已經用 bsdconfig 及 bsdinstall 取代了

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

cd /etc/nginx/ssl
cat STAR_pass_tw.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > pass.tw.bundle.crt


cd /etc/nginx/conf.d
vi pass.tw.conf
  server {
    listen 443 ssl;
    server_name pass.tw
    ssl on;
    ssl_certificate /etc/nginx/ssl/pass.tw.bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/pass.tw.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers   HIGH:!aNULL:!MD5;

    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    location / {
      proxy_pass http://127.0.0.1:80;
    }
  }


/etc/init.d/nginx restart
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

執行以下指令立即生效
export http_proxy="http://your-proxy-server:3128"

如果希望未來登入後都可以套用proxy
可以新增進 .bash_profile
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

$ echo 123 | mail -s test 'test@myip.pass.tw'
-bash: mail: command not found

$ which mail
/usr/bin/which: no mail in (/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbinin:/sbin)

解決方式
# yum -y install mailx

 

Dependencies Resolved

================================================================================
 Package         Arch             Version                  Repository      Size
================================================================================
Installing:
 mailx           x86_64           12.4-8.el6_6             base           235 k

Transaction Summary
================================================================================
Install       1 Package(s)
 

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

新版的CentOS 網路代號不像之前的 eth0 , eth1 ....
一開始可能會不習慣,但時勢所趨,還是早點習慣的好

早期的centos / redhat 版本可以透過setup 指令來修改網路的設定
但centos 已經沒有這個指令了
除了一樣可以透過手動編輯  /etc/sysconfig/network-scripts/ifcfg-xxx 
也可以改用 nmtui 設定,透過互動的設定達成



undefined
CentOS 7 伺服器架設與管理實務

作者: 酆士昌  
出版社:旗標  
出版日期:2017/06/23
語言:繁體中文
定價:490元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()

apache http/https 使用同一個 VirtualHost

理論上apache 2.2 無法直接達到這個需求
但是可以利用 include 的功能
例如
<VirtualHost *:80>
   ServerAlias test.pass.tw
   include /usr/local/etc/apache22/extra/pass.tw-http.inc
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   ServerAlias test.pass.tw
   include /usr/local/etc/apache22/extra/pass.tw-http.inc
   include /usr/local/etc/apache22/extra/pass.tw-http.inc
</VirtualHost>

但還是要注意
1. ServerAlias 要寫在<VirtualHost> 裡面,不可以寫在include file中
1. SSLEngine on 要寫在<VirtualHost> 裡面,不可以寫在include file中

undefined
WordPress站長練功秘笈:網站客製化、佈景主題與外掛開發的16堂課

出版社:博碩  
出版日期:2017/04/28
語言:繁體中文
定價:580元

文章標籤

helloworld 發表在 痞客邦 留言(0) 人氣()