标签:CentOS

CentOs中Apache开启mod_rewrite模块

今天刚发现wordpress的固定链接功能,于是想试试水。。

未分类

但是改完之后发现只有首页能进,文章都进不去了,404 NOT FOUND,崩溃。。。

于是Google了一下,在这里把方法整理一下

之所以无法访问 是因为Apache的 rewrite模块没有开启

rewrite是Apache环境的一个伪静态功能,如果我们没有让Apache开启rewrite功能,网站上所有的rewrite规则都不可使用.

自然文章链接的重写也不行咯

CentOs的配置文件放在: /etc/httpd/conf/httpd.conf

打开文件找到:

LoadModule rewrite_module modules/mod_rewrite.so

将前面”#”去掉,如果没有的话添加上去

如果你的网站是根目录的话:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

将None改成All

我的网站是放在/var/www/html下面的,所以:

未分类

然后重启Apache服务

输入以下命令:

service httpd restart

未分类

完美。。

补充:如果以上步骤你都做对了 但是还是404的错误 并提示你要手动配置.htaccess文件

请把下面的文件下载好 上传到你网站的根目录下面。

https://pan.baidu.com/s/1qYoKOcG
提取密码:wyru

CentOS 7系统上部署Apache+PHP+MariaDB+xcache使用rpm,php module

在进行部署之前需要确保当前的CentOS系统可以连接到任意一个repo软件仓库——如果网络通畅,直接使用默认repo仓库(最好使用本地yum仓库,速度快),如果无法连接网络使用本地repo仓库通过修改/etc/yum.repo.d/中的配置文件进行配置。

在配置好后使用以下命令安装Apache+PHP+MariaDB:

~]# yum install httpd php php-mysql mariadb* -y

在安装完成之后可以将其设为开机启动:

~]# systemctl start mariadb
~]# systemctl start httpd

使用下面这条命令可以检查一个服务是否设为开机启动:

~]# systemctl is-enabled SERVICE.service

到这里,基本的安装文件已经安装完成,但是从windows中使用浏览器访问此主机IP时还是不能访问,因为被防火墙阻止了,我们可以先将防火墙关闭和selinux,使用以下命令:

~]# iptables -F
~]# setenforce 0

就可以看到以下画面(172.16.7.100是这台主机的IP):

未分类

接下来开始配置两个虚拟主机,目的是当使用不同的网址访问此主机的时候能够返回不同的页面。首先添加一个配置文件到/etc/httpd/conf.d/中,文件中写入以下内容:

~]# vim /etc/httpd/conf.d/vhost-myweb

<VirtualHost *:80>
        ServerName myweb.wordpress.com
        DocumentRoot /myweb/wordpress
        ErrorLog logs/wordpress-error_log
        CustomLog logs/wordpress-access_log combiend
        <Directory "/myweb/wordpress">
                Options None
                AllowOverride   None
                Require all granted
        </Directory>
</VirtualHost>
<VirtualHost *:80>
        ServerName myweb.phpmyadmin.com
        DocumentRoot /myweb/phpmyadmin
        ErrorLog logs/phpmyadmin-error_log
        CustomLog logs/phpmyadmin-access_log combiend
        <Directory "/myweb/phpmyadmin">
                Options None
                AllowOverride None
                Require all granted
        </Directory>
</VirtualHost>

然后创建两个虚拟主机对应的家目录,并重新加载服务:

~]# mkdir -pv /myweb/{wordpress,phpmyadmin}

~]# systemctl reload httpd

~]# echo "<h1>wordpress</h1>"> /myweb/wordpress/index.html
~]# echo "<h1>phpmyadmin</h1>"> /myweb/phpmyadmin/index.html

通过上面两条输出重定向命令创建测试文件分别到各自对应的目录,创建完成之后回到windows中修改hosts配置文件(此文件在C:WindowsSystem32driversetc目录中的hosts文件,这个文件保存了本地的DNS记录),在其中加入这两条(如果提示不能修改,那么鼠标右键此文件,属性→安全→编辑,在下方权限那里将修改权限的勾打上):

172.16.7.100 myweb.wordpress.com
172.16.7.100 myweb.phpmyadmin.com

配置保存之后在浏览器通过访问两个网址即可看到不同的网址:

未分类

未分类

接下来删除这两个测试文件(~]# rm -frv /myweb/*),开始配置wordpress和phpmyadmin,wordpress的配置请参考上一篇博客:http://11142243.blog.51cto.com/11132243/1964468 ,在这里只进行phpmyadmin的配置。

配置好的wordpress:

未分类

下面开始配置phpmyadmin,下载地址:https://files.phpmyadmin.net/phpMyAdmin/3.5.4/phpMyAdmin-3.5.4-all-languages.tar.gz

(在这里一定要注意版本,我因为没有注意版本,下载了一个高版本的,但是它所依赖的其他软件版本没跟上,调试了快一整天才发现这个问题 = =!)

调试的时候将下边的语句写到要调适的php文件开头,将错误输出打开:

    <?php
    ini_set('display_errors','on');
    error_reporting(E_ALL);
    ?>

当软件下载完成之后(可以通过

wget -c https://files.phpmyadmin.net/phpMyAdmin/3.5.4/phpMyAdmin-3.5.4-all-languages.tar.gz

命令下载或者从windows中下载之后导入到linux系统中(使用xshell自带功能或者FileZilla软件))

未分类

 ~]# cd /myweb/phpmyadmin/
 phpmyadmin]# tar -zxvf ~/phpMyAdmin-3.5.4-all-languages.tar.gz -C ./

然后将phpMyAdmin-4.7.4-all-languages/目录中的文件复制到当前目录中:

phpmyadmin]# mv phpMyAdmin-3.5.4-all-languages/* ./

这样,phpMyAdmin远程管理软件即配置完成,我们可以通过远程来管理数据库中的内容:

未分类

但是因为我们只给wordpress账户赋予了远程登陆的权限,所以在这里只能登陆账号“wordpress”(如果想要登陆root账户,只需要按照在数据库中给wordpress账户分配权限的方法给root用户分配远程登陆的权限即可)

未分类

未分类

此时网站已经部署好了,我们接下来需要对其进行测试,可以在另外一台能够连接到这台主机的主机中使用以下命令(同样需要修改hosts文件——/etc/hosts):

echo '172.16.7.100    myweb.phpmyadmin.com myweb.wordpress.com' >> /etc/hosts
~]# ab -c 100 -n 1000 myweb.phpmyadmin.com/index.php

此时,我正好有一台IP为172.16.6.11的主机,ab压力测试结果如下:

未分类

未分类

为了进一步提升访问速度,我们可以安装php的xcache模块:

]# yum install php-xcache

未分类

安装之后使用以下命令就可以看到如下图所示的效果(没有安装的使用这个命令效果如上图)

~]# php -v

未分类

安装成功之后再进行测试,发现速度提升了将近一倍

未分类

未分类

Vagrant CentOS 共享目录挂载问题解决

一直以来都是使用Vagrant与VirtualBox运行CentOS系统来搭建环境,然而有一天突然出现Windows下面的目录无法映射进去了,报错:

D:projectvagrantcentos64php56>vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
  default: Adapter 1: nat
  default: Adapter 2: hostonly
==> default: Forwarding ports...
  default: 80 (guest) => 8080 (host) (adapter 1)
  default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
  default: SSH address: 127.0.0.1:2222
  default: SSH username: vagrant
  default: SSH auth method: private key
  default: Warning: Connection reset. Retrying...
  default: Warning: Connection aborted. Retrying...
  default: Warning: Connection reset. Retrying...
  default: Warning: Remote connection disconnect. Retrying...
==> default: Machine booted and ready!
[default] GuestAdditions versions on your host (5.1.26) and guest (4.3.6) do not matc
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.btte.net
 * epel: repo.fedoralinux.ir
 * extras: mirrors.btte.net
 * updates: mirrors.btte.net
No package kernel-devel-2.6.32-358.23.2.el6.x86_64 available.
Package gcc-4.4.7-18.el6.x86_64 already installed and latest version
Package binutils-2.20.51.0.2-5.47.el6_9.1.x86_64 already installed and latest version
Package 1:make-3.81-23.el6.x86_64 already installed and latest version
Package 4:perl-5.10.1-144.el6.x86_64 already installed and latest version
Package bzip2-1.0.5-7.el6_0.x86_64 already installed and latest version
Nothing to do
Copy iso file C:Program FilesOracleVirtualBoxVBoxGuestAdditions.iso into the box
Installing Virtualbox Guest Additions 5.1.26 - guest version is 4.3.6
Verifying archive integrity... All good.
Uncompressing VirtualBox 5.1.26 Guest Additions for Linux...........
VirtualBox Guest Additions installer
Removing installed version 5.1.26 of VirtualBox Guest Additions...
vboxadd.sh: Stopping VirtualBox Additions.
Copying additional installer modules ...
Installing additional modules ...
vboxadd.sh: Starting the VirtualBox Guest Additions.
Failed to set up service vboxadd, please check the log file
/var/log/VBoxGuestAdditions.log for details.
An error occurred during installation of VirtualBox Guest Additions 5.1.26. Some func
In most cases it is OK that the "Window System drivers" installation failed.
vboxadd.sh: Starting the VirtualBox Guest Additions.
vboxadd.sh: failed: Look at /var/log/vboxadd-install.log to find out what went wrong.
vboxadd.sh: failed: modprobe vboxguest failed.
==> default: Checking for guest additions in VM...
  default: The guest additions on this VM do not match the installed version of
  default: VirtualBox! In most cases this is fine, but in rare cases it can
  default: prevent things such as shared folders from working properly. If you see
  default: shared folder errors, please make sure the guest additions within the
  default: virtual machine match the version of VirtualBox you have installed on
  default: your host and reload your VM.
  default:
  default: Guest Additions Version: 4.3.6
  default: VirtualBox Version: 5.1
==> default: Configuring and enabling network interfaces...
  default: SSH address: 127.0.0.1:2222
  default: SSH username: vagrant
  default: SSH auth method: private key
==> default: Mounting shared folders...
  default: /home/rc => D:/project/vagrant/centos64php56
Vagrant was unable to mount VirtualBox shared folders. This is usually
because the filesystem "vboxsf" is not available. This filesystem is
made available via the VirtualBox Guest Additions and kernel module.
Please verify that these guest additions are properly installed in the
guest. This is not a bug in Vagrant and is usually caused by a faulty
Vagrant box. For context, the command attempted was:

mount -t vboxsf -o uid=500,gid=500 home_rc_ /home/rc

The error output from the command was:

/sbin/mount.vboxsf: mounting failed with the error: No such device

这里提示虚拟机里CentOS的VBoxGuestAdditions与VirtualBox的版本匹配,需要升级:

[default] GuestAdditions versions on your host (5.1.26) and guest (4.3.6) do not matc

应该是升级了VirtualBox导致的。然而自动安装新插件失败:

vboxadd.sh: Starting the VirtualBox Guest Additions.
Failed to set up service vboxadd, please check the log file
/var/log/VBoxGuestAdditions.log for details.
An error occurred during installation of VirtualBox Guest Additions 5.1.26. Some func
In most cases it is OK that the "Window System drivers" installation failed.
vboxadd.sh: Starting the VirtualBox Guest Additions.
vboxadd.sh: failed: Look at /var/log/vboxadd-install.log to find out what went wrong.
vboxadd.sh: failed: modprobe vboxguest failed.

导致共享目录无法映射。但是虚拟机仍然是启动成功的,可以ssh进去,或者使用sftp挂载。

Google了下有说是VirtualBox bug的,也有说是Windows问题的,各种折腾不能解决。升级插件也无效:vagrant plugin install vagrant-vbguest。重新安装VirtualBox和Vagrant,并不会影响现有虚拟机及网络配置,但不能解决问题。

直到看到这篇文章,决定从CentOS入手解决。

启动虚拟机后,使用sftp上传VBoxGuestAdditions.iso,ssh进入手动安装:

$ sudo
$ mount VBoxGuestAdditions.iso -o loop /mnt
$ cd /mnt
$ sh VBoxLinuxAdditions.run

安装失败,查看日志:

Building the main Guest Additions module                   [FAILED]
(Look at /var/log/vboxadd-install.log to find out what went wrong)

vboxadd-install.log日志:

/tmp/vbox.0/Makefile.include.header:97: *** Error: unable to find the sources of your current Linux kernel. Specify KERN_DIR=<directory> and run Make again.  Stop.

参照: https://www.centos.org/forums/viewtopic.php?t=45163 ,查看kernel版本

$ rpm -qa kernel* | sort
kernel-2.6.32-358.23.2.el6.x86_64
kernel-devel-2.6.32-696.10.2.el6.x86_64
kernel-firmware-2.6.32-358.10.2.el6.noarch
kernel-headers-2.6.32-696.10.2.el6.x86_64

$ uname -r
2.6.32-358.10.2.el6.x86_64

其实一开始是更多版本不匹配的,尝试更新kernel:

yum update
yum install kernel-headers kernel-devel

结果部分更新失败:

Warning: No matches found for: kernel-devel
No Matches found

参照: https://stackoverflow.com/questions/29396322/warning-no-matches-found-for-kernel-devel 解除版本锁定,设置enabled = 0:

$ vim /etc/yum/pluginconf.d/versionlock.conf

再次运行升级kernel就可以了。安装成功后,重启后,再次运行sh VBoxLinuxAdditions.run 就可以了。事实上Vagrant启动时就会自动安装VBoxGuestAdditions:

[default] GuestAdditions 5.1.26 running --- OK.

Vagrant升级到后发现vagrant up初始化下载box卡住了,那是你的vagrant版本太高与对应的powershell版本对应不上,可以下载最新的powershell安装即可。

如果box下载很慢,可以参照这里的方法自我映射取得url单独下载:

https://app.vagrantup.com/box-cutter/boxes/centos73
==> https://atlas.hashicorp.com/box-cutter/boxes/centos73/versions/2.0.21/providers/virtualbox.box

如何在CentOS和Ubuntu中安装Linux Kernel 4.13

未分类

Linus Torvalds 在 9 月 3 日星期天正式发布了稳定版 Linux Kernel 4.13,这个最新版本发布了新功能,进行了诸多修复和问题改进。有关更多详细信息,请参阅: http://lkml.iu.edu/hypermail/linux/kernel/1709.0/01021.html

下面系统极客将向大家介绍在 CentOS 和 Ubuntu 中手动安装、更新 Linux Kernel 4.13 的方法,当然,这些步骤也同时适用于其它基于 YUM 和基于 APT 的系统。

CentOS系统安装Linux Kernel 4.13

以下步骤在 CentOS 7 64 位版本中进行了测试,它也适用于其他 RPM 发行版,如:RHEL、Fedora 和 Scientific Linux 等。

由于最新的内核在官方存储库中目前还不可用, 所以我们需要添加 ELRepo 仓库来安装这个最新的 Linux Kernel 4.13 内核。

1、使用如下命令添加 ELRepo GPG 密钥:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

2、使用如下命令在 CentOS 7、RHEL 7 或 Scientific Linux 7 中添加 ELRepo 存储库:

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

CentOS 6、RHEL 6、Scientific Linux 6 添加 ELRepo 存储库的命令是:

rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm

3、使用如下命令将 ELRepo 启用为最快镜像:

yum install yum-plugin-fastestmirror

4、启用 ELRepo 并使用如下命令安装 Linux Kernel 4.13 版本:

yum --enablerepo=elrepo-kernel install kernel-ml

5、安装内核后,重新启动系统并从 Grub 启动菜单中选择最新的内核。

Ubuntu 16.04 LTS系统安装Linux Kernel 4.13

在 Ubuntu 16.04 LTS 或其它基于 Ubuntu 的系统中(如 Debian、Linux Mint 等 )安装最新 Linux Kernel 4.13 内核的步骤如下:

1、现在已经可以从 Ubuntu 官方内核库中下载 Linux Kernel 4.13。

64 位 Ubuntu 系统:

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300_4.13.0-041300.201709031731_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300-generic_4.13.0-041300.201709031731_amd64.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-image-4.13.0-041300-generic_4.13.0-041300.201709031731_amd64.deb

32 位 Ubuntu 系统:

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300_4.13.0-041300.201709031731_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300-generic_4.13.0-041300.201709031731_i386.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-image-4.13.0-041300-generic_4.13.0-041300.201709031731_i386.deb

2、下载完成后使用如下命令安装 Linux Kernel 4.13:

sudo dpkg -i *.deb

3、使用如下命令更新 Grub 引导加载程序:

sudo update-grub

如果使用 BURG 引导加载程序,请运行:

sudo update-burg

4、重新启动系统并登录到新安装的内核。

acme-tiny在CentOS、Apache下自动更新https证书

# yum install mod_ssl openssl

# mkdir /home/crt/

# cd /home/crt/

复制

https://github.com/diafygi/acme-tiny

acme_tiny.py

到/home/crt/

yoursite—>站点名称

# mkdir yoursite/www/

# cd yoursite

//创建Let’s Encrypt私钥

# openssl genrsa 4096 > account.key

# openssl genrsa 4096 > domain.key

#单域名CSR用如下命令

#openssl req -new -sha256 -key domain.key -subj “/CN=yoursite.com” > domain.csr



#多域名CSR用如下命令(一般都至少要为根域和WWW申请证书吧)

接下来需要使用openssl.cnf文件,先查找自己该文件的位置

#locate openssl.cnf

CentOS下的文件位置在/etc/pki/tls/openssl.cnf

#

openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]nsubjectAltName=DNS:yoursite.com,DNS:www.yoursite.com")) > domain.csr

#

设置该目录下面 www 文件夹权限为777

chmod -R 777 www

修改http.conf,红色为修改部分

<VirtualHost *:80>
DocumentRoot "/var/www/yoursite"
ServerName www.yoursite.com
ServerAlias yoursite.com
<Directory "/var/www/yoursite">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /.well-known/acme-challenge "/home/crt/yoursite/www"
<Directory "/home/crt/yoursite/www">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

#systemctl restart httpd.service

# cd /home/crt/

vi renew_cert.sh

==========红字为sh内容

function getCrt()
{
BASURL=/home/crt/
python ${BASURL}/acme_tiny.py --account-key ${BASURL}${1}/account.key --csr ${BASURL}${1}/domain.csr --acme-dir ${BASURL}${1}/www/ > ${BASURL}${1}/signed.crt || exit
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > ${BASURL}${1}/intermediate.pem
cat ${BASURL}${1}/signed.crt ${BASURL}${1}/intermediate.pem > ${BASURL}${1}/chained.pem

}
getCrt yoursite

sudo systemctl restart httpd.service

#chmod +x renew_cert.sh

#sh renew_cert.sh

自动生成证书

删除 ssl.conf

中…所有内容

修改http.conf,增加红字部分

NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/var/www/yoursite"
ServerName www.yoursite.com
ServerAlias yoursite.com
SSLEngine on
SSLHonorCipherOrder on

# 禁止SSLv2 SSLv3协议
SSLProtocol all -SSLv2 -SSLv3

#禁止RC4,禁止SF
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

SSLCertificateFile /home/crt/yoursite/signed.crt
SSLCertificateKeyFile /home/crt/yoursite/domain.key
SSLCertificateChainFile /home/crt/yoursite/chained.pem
<Directory "/var/www/yoursite">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

#systemctl restart httpd.service

访问 https://www.yoursite.com

可以在项目目录下创建.htaccess 来强制http 访问到https访问

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

添加到定时任务中

crontab -e

//添加任务
0 0 1 * * /usr/bin/bash /home/crt/renew_cert.sh

sudo systemctl restart crond.service

CentOS 7 时间同步

1. NTP时钟同步方式说明

NTP在linux下有两种时钟同步方式,分别为直接同步和平滑同步:

  • 直接同步

使用ntpdate命令进行同步,直接进行时间变更。如果服务器上存在一个12点运行的任务,当前服务器时间是13点,但标准时间时11点,使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险,因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。

  • 平滑同步

使用ntpd进行时钟同步,可以保证一个时间不经历两次,它每次同步时间的偏移量不会太陡,是慢慢来的,这正因为这样,ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务

http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务,也包括对中国时间的同步,对应的URL为cn.pool.ntp.org,在其中也描述了
ntp配置文件中的建议写法:

server 1.cn.pool.ntp.org 
server 2.asia.pool.ntp.org

2. 环境情况

准备四台电脑,分别为:

未分类

3. 检查服务是否安装

  • 使用rpm检查ntp包是否安装
[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-25.el7.centos.2.x86_64
  • 如果已经安装则略过此步,否则使用yum进行安装,并设置系统开机自动启动并启动服务
[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 设置ntp服务器: 192.168.11.212

配置前先使用命令:ntpdate -u cn.pool.ntp.org,同步服务器

  • 修改/etc/ntp.conf文件,红色字体是修改的内容
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst

server 2.cn.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# 允许上层时间服务器主动修改本机时间
restrict 2.cn.pool.ntp.org nomodify notrap noquery
restrict 1.asia.pool.ntp.org nomodify notrap noquery
restrict 2.asia.pool.ntp.org nomodify notrap noquery

server 127.0.0.1 # local clock
fudge 127.0.0.1 stratum 10

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

修改完成后重启ntpd服务systemctl restart ntpd

使用ntpq -p 查看网络中的NTP服务器,同时显示客户端和每个服务器的关系

使用ntpstat 命令查看时间同步状态,这个一般需要5-10分钟后才能成功连接和同步。所以,服务器启动后需要稍等下:

刚启动的时候,一般是:

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动,和前面的设置方式相同。然后编辑/etc/ntp.conf文件,红色字体为变化的内容。

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst

server 172.16.248.1

restrict 172.16.248.1 nomodify notrap noquery

server 127.0.0.1
fudge 127.0.0.1 stratum 10

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys 

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

重启ntpd服务

#systemctl restart ntpd

启动后,查看同步情况

# ntpq -p
# ntpstat

因为是内网,一般ntpstat很快就可以同步上。

Centos 7中文语言包的安装及中文支持

1、修改配置文件etc/locale.conf

LANG="zh_CN.UTF-8"

2、查看更改后的系统语言变量

[root@5c46832b5c01 ~]# locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=

3、查看语言包

[root@5c46832b5c01 ~]# locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory
C
POSIX
en_US.utf8

4、如果不提示错误表示已开启中文,可以在终端试一下删除文件等操作看提示是不是中文 否则没有中文,安装一个,注意7跟6不一样

#yum install kde-l10n-Chinese
#yum reinstall glibc-common

未分类

CENTOS 7.2 下设置IP

Centos 服务器下设置内网的IP.

首先,查看网卡,执行命令

ifconfig

会显示出当前服务器网卡数量

em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 111.111.111.111  netmask 255.255.255.128  broadcast 111.111.111.111
    inet6 ***  prefixlen 64  scopeid 0x0<global>
    inet6 ***  prefixlen 64  scopeid 0x40<site>
    inet6 ***  prefixlen 64  scopeid 0x20<link>
    ether ***  txqueuelen 1000  (Ethernet)
    RX packets 133303685  bytes 28505343137 (26.5 GiB)
    RX errors 0  dropped 359528  overruns 0  frame 0
    TX packets 5254914  bytes 491093949 (468.3 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    device interrupt 18

em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
                ether ***  txqueuelen 1000  (Ethernet)
                RX packets 60693  bytes 3894479 (3.7 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 227  bytes 20043 (19.5 KiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
                device interrupt 19

em3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
                ether ***  txqueuelen 1000  (Ethernet)
                RX packets 0  bytes 0 (0.0 B)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 0  bytes 0 (0.0 B)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
                device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
                inet 127.0.0.1  netmask 255.0.0.0
                inet6 ::1  prefixlen 128  scopeid 0x10<host>
                loop  txqueuelen 1  (Local Loopback)
                RX packets 36713  bytes 28535534 (27.2 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 36713  bytes 28535534 (27.2 MiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

解释:

UP 网卡开启状态
RUNNING 网卡网线被接上
MULTICAST 支持组播
MTU  最大传输单元
inet  ip4 地址
inet6  ip6地址
broadcast 广播地址
netmask  子网掩码
RX 表示接收数据包的情况
TX 表示发送数据包的情况
txqueuelen  传输缓存区大小

网卡启动命令

ifconfig em2 up

ifconfig em2 down

可以使用命令,查看当前服务器的外网ip

curl ifconfig.me

例如,结果显示:111.111.111.111 表示当前的网卡em1已被外网使用.

除了lo之外(lo不算),还有三个网卡,em2,em3,em4.

em2 有RUNNING,应该表示当前网卡有线接入.选择em2设置内网.

进入目录

cd /etc/sysconfig/network-scripts/
cp ifcfg-em2 ifcfg-em2.bak  #备份

编辑网卡配置文件

TYPE=Ethernet
BOOTPROTO=static  #默认为dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no  #如果yes改为no
IPV6_AUTOCONF=no #如果yes改为no
IPV6_DEFROUTE=no   #如果yes改为no
IPV6_PEERDNS=no  #如果yes改为no
IPV6_PEERROUTES=no   #如果yes改为no
IPV6_FAILURE_FATAL=no  #如果yes改为no
NAME=em2
UUID=*******
DEVICE=em2
ONBOOT=yes
IPADDR=192.168.1.111  #ip地址  
NETMACK=255.255.255.0    #网关
DNS1=*****   #dns地址

保存

重启网卡

service network restart

CENTOS 6.x/7.x yum安装配置Nginx

第一种方法:直接通过RPM包安装

1、查看系统是否已安装Nginx,若已安装查看Nginx版本

yum info nginx

rpm -qa|grep nginx

2、选择RPM包进行安装

在 http://nginx.org/packages/centos 网站下查找需要安装的Nginx版本

执行命令

yum install http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.8.0-1.el6.ngx.x86_64.rpm

第二种方法:设置Nginx软件源

在/etc/yum.repos.d/目录下创建一个源配置文件nginx.repo:

cd /etc/yum.repos.d/

vim nginx.repo

内容:

[nginx]

name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

保存,则会产生一个/etc/yum.repos.d/nginx.repo文件。

启动Nginx了:

/etc/init.d/nginx start

或者

service nginx start

配置一下Linux防火墙开通80端口。

iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save
service iptables restart

Nginx配置文件位置:

/etc/nginx/nginx.conf

Linux CentOS 7安装Redis服务器教程

说明:redis的缩写是REmote DIctionary Server。它是最流行的开源,高级key-value存储系统。这里说下CentOS 7上安装redis服务器方法。

项目地址:http://redis.io/

安装

一、安装EPEL repo

这里用的CentOS x86_64操作系统架构,所以我将仅使用适用于x86_64的epel repo软件包。请根据您的操作系统架构(EPEL URL)搜索epel repo软件包

yum install wget
wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/e/
rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-*.rpm

之后将会在/etc/yum.repos.d中创建两个epel的repo文件。分别是epel.repo和epel-testing.repo。

二、安装Redis服务器

1、yum安装redis服务器

yum install redis

两个重要的redis服务器配置文件的路径/etc/redis.conf和/etc/redis-sentinel.conf。

2、启动redis服务器

systemctl start redis.service

3、检查redis服务器的运行状态

systemctl status redis.service

4、测试Redis的安装

redis-cli ping

如果返回结果PONG,则安装成功。

三、redis服务器相关命令

systemctl start redis.service  #启动redis服务器 
systemctl stop redis.service  #停止redis服务器
systemctl restart redis.service  #重新启动redis服务器 
systemctl status redis.service  #获取redis服务器的运行状态 
systemctl enable redis.service  #开机启动redis服务器
systemctl disable redis.service  #开机禁用redis服务器

四、Redis服务器监听端口

Redis Server默认侦听端口号6379,可使用SS命令查看。

ss -nlp|grep redis

学习Redis请看:http://redis.io/documentation