服务器安装推荐

安装lnmp
lnmp ssl add
强制所有的走https
include black.conf
传输文件 用管道
导入数据
安装v2ray
安装 monit
配置crontab
lnmp 安装exif opcache memcached
开启bbr
——————
nginx配置
cut log脚本
monit配置
配置mon
v2ray配置

CentOS8的基础防火墙配置

systemctl使用
systemctl unmask firewalld #执行命令,即可实现取消服务的锁定
systemctl mask firewalld # 下次需要锁定该服务时执行
systemctl start firewalld.service #启动防火墙
systemctl stop firewalld.service #停止防火墙
systemctl reloadt firewalld.service #重载配置
systemctl restart firewalld.service #重启服务
systemctl status firewalld.service #显示服务的状态
systemctl enable firewalld.service #在开机时启用服务
systemctl disable firewalld.service #在开机时禁用服务
systemctl is-enabled firewalld.service #查看服务是否开机启动
systemctl list-unit-files|grep enabled #查看已启动的服务列表
systemctl –failed #查看启动失败的服务列表

firewall-cmd使用
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #更新防火墙规则
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #重载防火墙规则
firewall-cmd –list-ports #查看所有打开的端口
firewall-cmd –list-services #查看所有允许的服务
firewall-cmd –get-services #获取所有支持的服务

/usr/lib/firewalld/services

#区域相关
firewall-cmd –list-all-zones #查看所有区域信息
firewall-cmd –get-active-zones #查看活动区域信息
firewall-cmd –set-default-zone=public #设置public为默认区域
firewall-cmd –get-default-zone #查看默认区域信息
firewall-cmd –zone=public –add-interface=eth0 #将接口eth0加入区域public
#接口相关
firewall-cmd –zone=public –remove-interface=eth0 #从区域public中删除接口eth0
firewall-cmd –zone=default –change-interface=eth0 #修改接口eth0所属区域为default
firewall-cmd –get-zone-of-interface=eth0 #查看接口eth0所属区域

用例
firewall-cmd –query-port=8080/tcp # 查询端口是否开放

firewall-cmd –add-port=80/tcp –permanent #永久添加80端口例外(全局)
firewall-cmd –remove-port=80/tcp –permanent #永久删除80端口例外(全局)
firewall-cmd –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(全局)
firewall-cmd –zone=public –add-port=80/tcp –permanent #永久添加80端口例外(区域public)
firewall-cmd –zone=public –remove-port=80/tcp –permanent #永久删除80端口例外(区域public)
firewall-cmd –zone=public –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(区域public)

firewall-cmd –reload #重启防火墙(修改配置后要重启防火墙)

nginx+v2ray

参照这个文章的配置,

https://www.ecsoe.com/archives/38.html

一次成功

先安装了nginx+ssl,再安装v2ray,调整配置。

yum -y update
bash <(curl -L -s https://install.direct/go.sh)
systemctl enable v2ray
vi /etc/nginx/conf.d/v2ray.conf

server {
    listen       443 ssl;
    server_name  example.com;

    ssl_certificate    /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

location /ray {
    proxy_pass       http://127.0.0.1:10000;
    proxy_redirect             off;
    proxy_http_version         1.1;
    proxy_set_header Upgrade   $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host      $http_host;
    }
}


{
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "你的UUID",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ray"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}


vi /etc/selinux/config
SELINUX=disabled
setenforce 0

yii 邮件发送问题解决

yii邮件发送,一直报错

Swift_TransportException
Expected response code 250 but got code “550”, with message “550 5.7.1 Request not taken sender domain mismatch !

其实说的比较清楚了。是Request not taken sender domain mismatch

但是web.php已经修改了,找了半天,发现

config\params.php

下面的adminEmail也要修改成一致的才行。

如何让外网访问小米路由器的硬盘文件

解决只能lan口访问,不能wan口访问硬盘资源的问题。

1、小米路由器要开启ssh
2、ssh到小米路由器,编辑/etc/samba/smb.conf.template 文件,将其中的interfaces那一行改为

interfaces = br-lan eth0.2

3、编辑/etc/config/firewall文件,在文件最后添加以下内容:

config rule 'samba_udp'                                
        option src 'wan'                    
        option dest_port '137 138'             
        option proto 'udp'                                  
        option target 'ACCEPT'                  
        option name 'samba_incoming_udp'

config rule 'samba_tcp'        
        option src 'wan'                                   
        option dest_port '139 445'            
        option proto 'tcp'                
        option target 'ACCEPT'                 
        option name 'samba_incoming_tcp'

4、执行/etc/init.d/samba restart命令重启samba服务
5、执行/etc/init.d/firewall restart命令重启防火墙

用\\xxx.xxx.xxx.xxx 访问试试。xxx是小米路由器的wan ip地址

nginx日志按天切割的脚本

本脚本原版来自 lnmp.org,修改如下:
不需要写每个日志文件,除了error日志,其他的都自动切割
不按照年月分目录,放在一个目录,这样好处理点。
用法就是放在服务器上 chmod +x,然后加到crontab里

cat /root/bin/cut_nginx_logs.sh
#!/bin/bash
#function:cut nginx log files for lnmp
#author: http://lnmp.org
#modified by http://www.juyimeng.com/lnmp-nginx-log-cut-per-day-rotation.html

#set the path to nginx log files
log_files_path="/home/wwwlogs/"
#log_files_dir=${log_files_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")
log_files_dir=${log_files_path}bak/
#set nginx log files you want to cut
#get log files list,exclude error.log
log_files_name=($(/bin/find $log_files_path -maxdepth 1 -name "*.log" |grep -v error| awk -F/ '{ print $NF }'))
#set the path to nginx.
nginx_sbin="/usr/local/nginx/sbin/nginx"
#Set how long you want to save
save_days=15
############################################
#Please do not modify the following script #
############################################
mkdir -p $log_files_dir
log_files_num=${#log_files_name[@]}

#cut nginx log files
for((i=0;i&lt;$log_files_num;i++));do
mv ${log_files_path}${log_files_name[i]} ${log_files_dir}$(date -d "yesterday" +"%Y%m%d_%s")_${log_files_name[i]}
done
#delete $save_days ago nginx log files
find $log_files_path -mtime +$save_days -exec rm -rf {} \;
#reload nginx
$nginx_sbin -s reload