apache 出現以下錯誤訊息
[error] Oops, no RSA or DSA server certificate found for 'xxx.xxx.xxx:0'?!
檢查vhost 裡面是否有
SSLEngine On
如果沒有的話,補上再試試
helloworld
目前分類:系統管理 (428)
- Mar 26 Mon 2018 14:25
apache 錯誤訊息: [error] Oops, no RSA or DSA server certificate found for 'xxx.xxx.xxx:0'?!
- Mar 21 Wed 2018 17:25
Linux 使用 wondershaper 限制網卡upload/download 頻寬
yum -y install wondershaper
使用語法
Usage: /sbin/wondershaper [device] clean|[upload speed in Kb/s] [download speed in Kb/s]
Example: /sbin/wondershaper eth0 20 500
例如,如果要限制上傳1024Kb/s , 下載2048Kb/s
wondershaper ens192 1024 2048
但實際測試結果,圖形有點怪,上下傳相反,數字也打折了
- Mar 21 Wed 2018 17:18
CentOS 7 找不到 killall 指令
[root@example ~]# killall sftp
-bash: killall: command not found
[root@example ~]# yum -y install psmisc
Loaded plugins: fastestmirror
varnishcache_varnish5/x86_64/signature | 836 B 00:00:00
varnishcache_varnish5/x86_64/signature | 1.0 kB 00:00:00 !!!
varnishcache_varnish5-source/signature | 836 B 00:00:00
varnishcache_varnish5-source/signature | 1.0 kB 00:00:00 !!!
Loading mirror speeds from cached hostfile
* base: ftp.stu.edu.tw
* epel: mirror01.idc.hinet.net
* extras: ftp.stu.edu.tw
* updates: ftp.stu.edu.tw
No package install available.
Resolving Dependencies
--> Running transaction check
---> Package psmisc.x86_64 0:22.20-15.el7 will be installed
---> Package yum.noarch 0:3.4.3-154.el7.centos will be updated
---> Package yum.noarch 0:3.4.3-154.el7.centos.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================
Package Arch Version Repository Size
======================================================================================================================
Installing:
psmisc x86_64 22.20-15.el7 base 141 k
Updating:
yum noarch 3.4.3-154.el7.centos.1 updates 1.2 M
Transaction Summary
======================================================================================================================
Install 1 Package
Upgrade 1 Package
Total download size: 1.4 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): psmisc-22.20-15.el7.x86_64.rpm | 141 kB 00:00:01
(2/2): yum-3.4.3-154.el7.centos.1.noarch.rpm | 1.2 MB 00:00:06
----------------------------------------------------------------------------------------------------------------------
Total 224 kB/s | 1.4 MB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : yum-3.4.3-154.el7.centos.1.noarch 1/3
Installing : psmisc-22.20-15.el7.x86_64 2/3
Cleanup : yum-3.4.3-154.el7.centos.noarch 3/3
Verifying : psmisc-22.20-15.el7.x86_64 1/3
Verifying : yum-3.4.3-154.el7.centos.1.noarch 2/3
Verifying : yum-3.4.3-154.el7.centos.noarch 3/3
Installed:
psmisc.x86_64 0:22.20-15.el7
Updated:
yum.noarch 0:3.4.3-154.el7.centos.1
Complete!
- Mar 21 Wed 2018 11:49
關閉CentOS 7 的 iptables
檢查iptables 狀態
systemctl status firewalld
手動關閉 iptables
systemctl stop firewalld
手動啟動 iptables
systemctl start firewalld
重開機後不執行iptables
手動啟動 iptables
systemctl disable firewalld
重開機後自動執行iptables
手動啟動 iptables
systemctl enable firewalld
- Mar 09 Fri 2018 15:19
CentOS 7 網卡限速
CentOS 網卡限速
CentOS 7 預設裝有iproute 套件
可以用其中的tc 指令來達到網卡限速的目的
還沒設定前,先看一下預設的狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
限制網卡 1024kbit 頻寬
[root@ethan-centos7 ~]# tc qdisc add dev ens192 root tbf rate 1024kbit latency 50ms burst 1540
再次查看狀態
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc tbf 8003: root refcnt 9 rate 1024Kbit burst 1539b lat 50.0ms
可以嘗試從其他地方拉一個大檔案測試
但我測試結果只有output 有限速1024k, input如果也要限速1024k 還要研究一下...orz
如果要還原剛剛的設定,只要將add 改成del 即可
[root@ethan-centos7 ~]# tc qdisc del dev ens192 root tbf rate 1024kbit latency 50ms burst 1540
[root@ethan-centos7 ~]# tc qdisc show dev ens192
qdisc mq 0: root
qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :5 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :6 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :7 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc pfifo_fast 0: parent :8 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
- Mar 02 Fri 2018 14:58
apache 出現 Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
如果檢查http的錯誤訊息出現
/home/website/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
請檢查 httpd.conf
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
是否有把# 拿掉
重新啟動apache 即可生效
apachectl restart
- Feb 01 Thu 2018 17:02
shell scipt 透過 curl 實現urlencode
curl -G --data-urlencode "a=1 1 1" --data-urlencode "b=2 2 2" https://servername/test.php
man curl
-G, --get
When used, this option will make all data specified with -d,
--data, --data-binary or --data-urlencode to be used in an HTTP
GET request instead of the POST request that otherwise would be
used. The data will be appended to the URL with a '?' separator.
If used in combination with -I, the POST data will instead be
appended to the URL with a HEAD request.
If this option is used several times, only the first one is
used. This is because undoing a GET doesn't make sense, but you
should then instead enforce the alternative method you prefer.
--data-urlencode <data>
(HTTP) This posts data, similar to the other --data options with
the exception that this performs URL-encoding. (Added in 7.18.0)
To be CGI-compliant, the <data> part should begin with a name
followed by a separator and a content specification. The <data>
part can be passed to curl using one of the following syntaxes:
content
This will make curl URL-encode the content and pass that
on. Just be careful so that the content doesn't contain
any = or @ symbols, as that will then make the syntax
match one of the other cases below!
=content
This will make curl URL-encode the content and pass that
on. The preceding = symbol is not included in the data.
name=content
This will make curl URL-encode the content part and pass
that on. Note that the name part is expected to be URL-
encoded already.
@filename
This will make curl load data from the given file
(including any newlines), URL-encode that data and pass
it on in the POST.
name@filename
This will make curl load data from the given file
(including any newlines), URL-encode that data and pass
it on in the POST. The name part gets an equal sign
appended, resulting in name=urlencoded-file-content. Note
that the name is expected to be URL-encoded already.
- Jan 30 Tue 2018 11:32
varnish 3.x -> varnish 4.x 設定擋
從varnish 4.x 以後設定檔有大幅度的改變
如果不想一行一行debug 的話,可以使用這個方便的工具
https://github.com/fgsch/varnish3to4
節錄文章的內容
Script to assist migrating a VCL file from Varnish 3 to 4.x. [1]
Suggested usage
$ varnish3to4 -o <filename>.v4 <filename>
$ diff -u <filename> <filename>.v4
To limit changes for Varnish 4.0:
$ varnish3to4 -v 4.0 -o <filename>.v4 <filename>
$ diff -u <filename> <filename>.v4
Currently understands
| V3 | V4 |
|---|---|
| {bereq,req}.backend.healthy | std.healthy({bereq.backend,req.backend_hint}) |
| {bereq,req}.request | {bereq,req}.method |
| bereq.* in vcl_pass and vcl_miss | req.* |
| {beresp,obj,resp}.response | {beresp,obj,resp}.reason |
| beresp.storage | beresp.storage_hint |
| {client,server}.port | std.port({client,server}.ip) |
| error code response | return (synth(code, response)) |
| obj.hits - writing to | - |
| obj.* in vcl_synth | resp.* |
| obj.lastuse | - |
| remove | unset |
| req.backend | req.backend_hint |
| req.grace | - |
| req.* in vcl_backend_response | bereq.* |
| return (hash) in vcl_hash | return (lookup) |
| return (hit_for_pass) | set beresp.uncacheable = true; return (deliver); |
| return (lookup) in vcl_recv | return (hash) |
| return (pass) in vcl_pass | return (fetch) |
| return (restart) in vcl_fetch | return (retry) |
| std.real2integer(..) [2] | std.real2integer(.., n) |
| std.time2integer(..) [2] | std.time2integer(.., n) |
| std.time2real(..) [2] | std.time2real(.., n.n) |
| synthetic .. | synthetic(..) |
| vcl_error | vcl_backend_error and vcl_synth |
| vcl_fetch | vcl_backend_response |
Limited coverage
| V3 | V4 |
|---|---|
| purge | - |
Won't be implemented
| V3 | V4 |
|---|---|
| - | vcl 4.0 |
| - | import directors new xx = directors.yy(); xx.add_backend(ss); set req.backend_hint = xx.backend(); |
Add imports resulting from changes in V4, complete purge handling and any other changes missing from this document.
N/A for 3.0 (for documentation only)
| V4.0 | V4.1 |
|---|---|
| return (fetch) in vcl_hit [3] | return (miss) |
Notes
- Comments in VCL are treated as code and as such references within will be rewritten.
- Required in 4.1 and above.
- Optional in 4.1. Required in 5.0 and above.
- Jan 30 Tue 2018 10:51
CentOS 7 安裝 Varnish 5.x
sudo yum install pygpgme yum-utils
vi /etc/yum.repos.d/varnishcache_varnish5.repo
|
[varnishcache_varnish5] [varnishcache_varnish5-source] |
存檔離開
sudo yum install varnish
參考網址: https://packagecloud.io/varnishcache/varnish5/install#manual-rpm
- Jan 11 Thu 2018 17:22
FreeBSD 修改IP設定
以往如果要修改FreeBSD 除了修改 /etc/rc.conf 之外
還有一個好用的命令 sysinstall
但新版FreeBSD 已經用 bsdconfig 及 bsdinstall 取代了
- Jan 09 Tue 2018 15:39
varnish + Comodo wildcard ssl 憑證
varnish 是一套效能不錯的reverse proxy server
但美中不足的,他不支援https
所以如果要讓網站同時支援https , 就必須要另外加裝其他套件來做 ssl termination 的角色
以下範例是利用nginx 來當 ssl termination
cd /etc/nginx/ssl
cat STAR_pass_tw.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > pass.tw.bundle.crt
cd /etc/nginx/conf.d
vi pass.tw.conf
server {
listen 443 ssl;
server_name pass.tw
ssl on;
ssl_certificate /etc/nginx/ssl/pass.tw.bundle.crt;
ssl_certificate_key /etc/nginx/ssl/pass.tw.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://127.0.0.1:80;
}
}
/etc/init.d/nginx restart
Nginx技術手札:網頁伺服器應用全攻略
作者: 苗澤
出版社:上奇資訊
出版日期:2017/02/23
語言:繁體中文
定價:580元
- Jan 08 Mon 2018 11:12
CentOS 透過 Proxy Server 安裝yum 套件
執行以下指令立即生效
export http_proxy="http://your-proxy-server:3128"
如果希望未來登入後都可以套用proxy
可以新增進 .bash_profile
- Dec 25 Mon 2017 16:31
CentOS 找不到 mail 指令
$ echo 123 | mail -s test 'test@myip.pass.tw'
-bash: mail: command not found
$ which mail
/usr/bin/which: no mail in (/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbinin:/sbin)
解決方式
# yum -y install mailx
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mailx x86_64 12.4-8.el6_6 base 235 k
Transaction Summary
================================================================================
Install 1 Package(s)
- Dec 12 Tue 2017 16:26
CentOS 7/8 設定網路
新版的CentOS 網路代號不像之前的 eth0 , eth1 ....
一開始可能會不習慣,但時勢所趨,還是早點習慣的好
早期的centos / redhat 版本可以透過setup 指令來修改網路的設定
但centos 已經沒有這個指令了
除了一樣可以透過手動編輯 /etc/sysconfig/network-scripts/ifcfg-xxx
也可以改用 nmtui ( NetworkManager TUI )設定,透過互動的設定 ip、是否啟用該網路介面、及設定主機名稱
- Dec 11 Mon 2017 11:48
Apache http/https 使用同一個 VirtualHost
如果要讓一個virtual 設定同時服務 http 和 https
預設的 apache 2.2 無法直接達到這個需求
但是可以利用 include 的功能來勉強達到這個需求
大部分共用的設定寫在 pass.tw-http.inc
有關ssl 的設定另外再獨立出一個 .inc 檔案
例如
<VirtualHost *:80>
ServerAlias test.pass.tw
include /usr/local/etc/apache22/extra/pass.tw-http.inc
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAlias test.pass.tw
include /usr/local/etc/apache22/extra/pass.tw-http.inc
include /usr/local/etc/apache22/extra/pass.tw-https.inc
</VirtualHost>
但還是要注意
1. ServerAlias 要寫在<VirtualHost> 裡面,不可以寫在include file中
1. SSLEngine on 要寫在<VirtualHost> 裡面,不可以寫在include file中
WordPress站長練功秘笈:網站客製化、佈景主題與外掛開發的16堂課
出版社:博碩
出版日期:2017/04/28
語言:繁體中文
定價:580元
- Dec 05 Tue 2017 10:28
shell script 取0~9亂數
#!/bin/sh
#自動產生亂數並除以10取餘數,所以就可以得出 0~9 的亂數
echo $(($RANDOM % 10))
#也可以加一個整數,取某個區間的亂數
echo $((5+$RANDOM % 10))
Linux Shell程式設計實力養成:225個實務關鍵技巧徹底詳解(附DVD)(第二版)
作者: 酆士昌
出版社:博碩
出版日期:2016/07/01
語言:繁體中文
定價:490元
- Nov 30 Thu 2017 09:21
[apache] Invalid command 'ProxyPass' 錯誤訊息
AH00526: Syntax error on line 539 of /usr/local/etc/apache24/httpd.conf:
Invalid command 'ProxyPass', perhaps misspelled or defined by a module not included in the server configuration
解決方式
vi /usr/local/etc/apache24/httpd.conf
以下兩行取消註解
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
重啟apache
apachectl restart
Learning HTTP/2: A Practical Guide for Beginners
作者: Ludin, Stephen/ Garza, Javier
原文出版社:Oreilly & Associates Inc
出版日期:2017/06/02
語言:英文
- Nov 06 Mon 2017 10:45
記憶git帳號密碼
如果經常在修改git內容
每次的pull, push 都輸入帳號密碼是非常煩人的
可以利用以下指令來記憶帳號密碼
git config --global credential.helper 'cache --timeout 86400'
以上例子為 86400 秒,也就是一天
如果要永久儲存
可以輸入
git config --global credential.helper 'cache --timeout 86400'
但會把帳號密碼明碼寫在 ~/.git-credentials
就看個人習慣
- Oct 19 Thu 2017 15:52
freebsd 安裝 redis
redis 跟 memcached 一樣,是一套存儲在記憶體中的key-value nosql 資料庫
預設的port 是 tcp : 6379
常用在網站的cache, 目的在不用過於頻繁的直接讀寫資料庫
在 FreeBSD 上面安裝很簡單
# cd /usr/ports/databases/redis
# make install clean
===> CONFIGURATION NOTE:
To setup "redis" you need to edit the configuration file:
/usr/local/etc/redis.conf
To run redis from startup, add redis_enable="YES"
in your /etc/rc.conf.
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/redis-sentinel
/usr/local/bin/redis-cli
/usr/local/bin/redis-server
/usr/local/bin/redis-check-rdb
/usr/local/bin/redis-benchmark
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/sentinel
/usr/local/etc/rc.d/redis
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://redis.io/
啟動 redis
# /usr/local/etc/rc.d/redis onestart
開機時自動啟用
# vi /etc/rc.conf
redis_enable="YES"
檢查是否正常啟動
# ps uax | grep redis
redis 18947 0.2 0.1 24244 4040 - Ss 3:51PM 0:00.01 redis-server: /usr/local/bin/redis-server 127.0.0.1:6379 (redis
root 18949 0.0 0.0 18832 2052 1 R+ 3:51PM 0:00.00 grep redis
# telnet 0 6379
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
info
$2120
# Server
redis_version:3.2.7
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:66485aa7a7c124f8
redis_mode:standalone
os:FreeBSD 10.3-RELEASE amd64
arch_bits:64
multiplexing_api:kqueue
gcc_version:4.2.1
process_id:18947
run_id:018b4976dccd8701fac6727da769ebc8df8b2c68
tcp_port:6379
uptime_in_seconds:17
uptime_in_days:0
hz:10
lru_clock:15227282
executable:/usr/local/bin/redis-server
config_file:/usr/local/etc/redis.conf
# Clients
connected_clients:1
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0
# Memory
used_memory:1084112
used_memory_human:1.03M
used_memory_rss:1050368
used_memory_rss_human:1.00M
used_memory_peak:1084112
used_memory_peak_human:1.03M
total_system_memory:34389189192
total_system_memory_human:32.03G
used_memory_lua:37888
used_memory_lua_human:37.00K
maxmemory:0
maxmemory_human:0B
maxmemory_policy:noeviction
mem_fragmentation_ratio:0.97
mem_allocator:libc
# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1508399489
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
# Stats
total_connections_received:1
total_commands_processed:0
instantaneous_ops_per_sec:0
total_net_input_bytes:6
total_net_output_bytes:0
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
evicted_keys:0
keyspace_hits:0
keyspace_misses:0
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0
migrate_cached_sockets:0
# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0
# CPU
used_cpu_sys:0.01
used_cpu_user:0.00
used_cpu_sys_children:0.00
used_cpu_user_children:0.00
# Cluster
cluster_enabled:0
# Keyspace
奠定大數據的基石:NoSQL資料庫技術(第2版)
作者: 皮雄軍
出版社:佳魁資訊
出版日期:2016/07/29
語言:繁體中文
定價:560元
- Sep 25 Mon 2017 14:55
GeoIP + Bind + view 針對國家回應不同dns位置
假設一個跨國企業網站
讓來自台灣的訪客可以造訪台灣機房
來自日本的訪客可以造訪日本機房
其餘的訪客造訪另一個機房
cd /etc
wget http://geoip.site/download/MaxMind/GeoIP.acl
vi named.conf
include "/etc/GeoIP.acl";
view "TW" {
match-clients { TW; };
zone "TW-myip.pass.tw" {
type master;
file "JP.myip.pass.tw.zone";
};
};
view "JP" {
match-clients { JP; };
zone "JP-myip.pass.tw" {
type master;
file "JP.myip.pass.tw.zone";
};
};
view "ANY" {
match-clients { any; };
zone "ANY-myip.pass.tw" {
type master;
file "JP.myip.pass.tw.zone";
};
};
最後重啟named 即可
{{ article.title }}
