安装lnmp
lnmp ssl add
强制所有的走https
include black.conf
传输文件 用管道
导入数据
安装v2ray
安装 monit
配置crontab
lnmp 安装exif opcache memcached
开启bbr
——————
nginx配置
cut log脚本
monit配置
配置mon
v2ray配置
use pipe trans file between linux
tar czf - localdir| ssh [email protected] tar xzf - -C /home/wwwroot
google 3d animals
CentOS8的基础防火墙配置
systemctl使用
systemctl unmask firewalld #执行命令,即可实现取消服务的锁定
systemctl mask firewalld # 下次需要锁定该服务时执行
systemctl start firewalld.service #启动防火墙
systemctl stop firewalld.service #停止防火墙
systemctl reloadt firewalld.service #重载配置
systemctl restart firewalld.service #重启服务
systemctl status firewalld.service #显示服务的状态
systemctl enable firewalld.service #在开机时启用服务
systemctl disable firewalld.service #在开机时禁用服务
systemctl is-enabled firewalld.service #查看服务是否开机启动
systemctl list-unit-files|grep enabled #查看已启动的服务列表
systemctl –failed #查看启动失败的服务列表
firewall-cmd使用
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #更新防火墙规则
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #重载防火墙规则
firewall-cmd –list-ports #查看所有打开的端口
firewall-cmd –list-services #查看所有允许的服务
firewall-cmd –get-services #获取所有支持的服务
/usr/lib/firewalld/services
#区域相关
firewall-cmd –list-all-zones #查看所有区域信息
firewall-cmd –get-active-zones #查看活动区域信息
firewall-cmd –set-default-zone=public #设置public为默认区域
firewall-cmd –get-default-zone #查看默认区域信息
firewall-cmd –zone=public –add-interface=eth0 #将接口eth0加入区域public
#接口相关
firewall-cmd –zone=public –remove-interface=eth0 #从区域public中删除接口eth0
firewall-cmd –zone=default –change-interface=eth0 #修改接口eth0所属区域为default
firewall-cmd –get-zone-of-interface=eth0 #查看接口eth0所属区域
用例
firewall-cmd –query-port=8080/tcp # 查询端口是否开放
firewall-cmd –add-port=80/tcp –permanent #永久添加80端口例外(全局)
firewall-cmd –remove-port=80/tcp –permanent #永久删除80端口例外(全局)
firewall-cmd –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(全局)
firewall-cmd –zone=public –add-port=80/tcp –permanent #永久添加80端口例外(区域public)
firewall-cmd –zone=public –remove-port=80/tcp –permanent #永久删除80端口例外(区域public)
firewall-cmd –zone=public –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(区域public)
firewall-cmd –reload #重启防火墙(修改配置后要重启防火墙)
v2ray core软件提示Privoxy Fatal Error: can’t bind to 127.0.0.1:xxxxx (error number 10104)解决方法
打开命令行(管理员权限),输入
netsh winsock reset
重启电脑即可
nginx+v2ray
参照这个文章的配置,
https://www.ecsoe.com/archives/38.html
一次成功
先安装了nginx+ssl,再安装v2ray,调整配置。
yum -y update bash <(curl -L -s https://install.direct/go.sh) systemctl enable v2ray vi /etc/nginx/conf.d/v2ray.conf server { listen 443 ssl; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; location /ray { proxy_pass http://127.0.0.1:10000; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } } { "inbounds": [ { "port": 10000, "listen":"127.0.0.1", "protocol": "vmess", "settings": { "clients": [ { "id": "你的UUID", "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/ray" } } } ], "outbounds": [ { "protocol": "freedom", "settings": {} } ] } vi /etc/selinux/config SELINUX=disabled setenforce 0
推荐比linode还好点的vps服务商vultr
yii 邮件发送问题解决
yii邮件发送,一直报错
Swift_TransportException
Expected response code 250 but got code “550”, with message “550 5.7.1 Request not taken sender domain mismatch !
”
其实说的比较清楚了。是Request not taken sender domain mismatch
但是web.php已经修改了,找了半天,发现
config\params.php
下面的adminEmail也要修改成一致的才行。
如何让外网访问小米路由器的硬盘文件
解决只能lan口访问,不能wan口访问硬盘资源的问题。
1、小米路由器要开启ssh
2、ssh到小米路由器,编辑/etc/samba/smb.conf.template 文件,将其中的interfaces那一行改为
interfaces = br-lan eth0.2
3、编辑/etc/config/firewall文件,在文件最后添加以下内容:
config rule 'samba_udp' option src 'wan' option dest_port '137 138' option proto 'udp' option target 'ACCEPT' option name 'samba_incoming_udp' config rule 'samba_tcp' option src 'wan' option dest_port '139 445' option proto 'tcp' option target 'ACCEPT' option name 'samba_incoming_tcp'
4、执行/etc/init.d/samba restart命令重启samba服务
5、执行/etc/init.d/firewall restart命令重启防火墙
用\\xxx.xxx.xxx.xxx 访问试试。xxx是小米路由器的wan ip地址
nginx日志按天切割的脚本
本脚本原版来自 lnmp.org,修改如下:
不需要写每个日志文件,除了error日志,其他的都自动切割
不按照年月分目录,放在一个目录,这样好处理点。
用法就是放在服务器上 chmod +x,然后加到crontab里
cat /root/bin/cut_nginx_logs.sh #!/bin/bash #function:cut nginx log files for lnmp #author: http://lnmp.org #modified by http://www.juyimeng.com/lnmp-nginx-log-cut-per-day-rotation.html #set the path to nginx log files log_files_path="/home/wwwlogs/" #log_files_dir=${log_files_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m") log_files_dir=${log_files_path}bak/ #set nginx log files you want to cut #get log files list,exclude error.log log_files_name=($(/bin/find $log_files_path -maxdepth 1 -name "*.log" |grep -v error| awk -F/ '{ print $NF }')) #set the path to nginx. nginx_sbin="/usr/local/nginx/sbin/nginx" #Set how long you want to save save_days=15 ############################################ #Please do not modify the following script # ############################################ mkdir -p $log_files_dir log_files_num=${#log_files_name[@]} #cut nginx log files for((i=0;i<$log_files_num;i++));do mv ${log_files_path}${log_files_name[i]} ${log_files_dir}$(date -d "yesterday" +"%Y%m%d_%s")_${log_files_name[i]} done #delete $save_days ago nginx log files find $log_files_path -mtime +$save_days -exec rm -rf {} \; #reload nginx $nginx_sbin -s reload