安装lnmp
lnmp ssl add
强制所有的走https
include black.conf
传输文件 用管道
导入数据
安装v2ray
安装 monit
配置crontab
lnmp 安装exif opcache memcached
开启bbr
——————
nginx配置
cut log脚本
monit配置
配置mon
v2ray配置
作者归档:贝贝爸
use pipe trans file between linux
tar czf - localdir| ssh [email protected] tar xzf - -C /home/wwwroot
google 3d animals
CentOS8的基础防火墙配置
systemctl使用
systemctl unmask firewalld #执行命令,即可实现取消服务的锁定
systemctl mask firewalld # 下次需要锁定该服务时执行
systemctl start firewalld.service #启动防火墙
systemctl stop firewalld.service #停止防火墙
systemctl reloadt firewalld.service #重载配置
systemctl restart firewalld.service #重启服务
systemctl status firewalld.service #显示服务的状态
systemctl enable firewalld.service #在开机时启用服务
systemctl disable firewalld.service #在开机时禁用服务
systemctl is-enabled firewalld.service #查看服务是否开机启动
systemctl list-unit-files|grep enabled #查看已启动的服务列表
systemctl –failed #查看启动失败的服务列表
firewall-cmd使用
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #更新防火墙规则
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #重载防火墙规则
firewall-cmd –list-ports #查看所有打开的端口
firewall-cmd –list-services #查看所有允许的服务
firewall-cmd –get-services #获取所有支持的服务
/usr/lib/firewalld/services
#区域相关
firewall-cmd –list-all-zones #查看所有区域信息
firewall-cmd –get-active-zones #查看活动区域信息
firewall-cmd –set-default-zone=public #设置public为默认区域
firewall-cmd –get-default-zone #查看默认区域信息
firewall-cmd –zone=public –add-interface=eth0 #将接口eth0加入区域public
#接口相关
firewall-cmd –zone=public –remove-interface=eth0 #从区域public中删除接口eth0
firewall-cmd –zone=default –change-interface=eth0 #修改接口eth0所属区域为default
firewall-cmd –get-zone-of-interface=eth0 #查看接口eth0所属区域
用例
firewall-cmd –query-port=8080/tcp # 查询端口是否开放
firewall-cmd –add-port=80/tcp –permanent #永久添加80端口例外(全局)
firewall-cmd –remove-port=80/tcp –permanent #永久删除80端口例外(全局)
firewall-cmd –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(全局)
firewall-cmd –zone=public –add-port=80/tcp –permanent #永久添加80端口例外(区域public)
firewall-cmd –zone=public –remove-port=80/tcp –permanent #永久删除80端口例外(区域public)
firewall-cmd –zone=public –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(区域public)
firewall-cmd –reload #重启防火墙(修改配置后要重启防火墙)
v2ray core软件提示Privoxy Fatal Error: can’t bind to 127.0.0.1:xxxxx (error number 10104)解决方法
打开命令行(管理员权限),输入
netsh winsock reset
重启电脑即可
nginx+v2ray
参照这个文章的配置,
https://www.ecsoe.com/archives/38.html
一次成功
先安装了nginx+ssl,再安装v2ray,调整配置。
yum -y update bash <(curl -L -s https://install.direct/go.sh) systemctl enable v2ray vi /etc/nginx/conf.d/v2ray.conf server { listen 443 ssl; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; location /ray { proxy_pass http://127.0.0.1:10000; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } } { "inbounds": [ { "port": 10000, "listen":"127.0.0.1", "protocol": "vmess", "settings": { "clients": [ { "id": "你的UUID", "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/ray" } } } ], "outbounds": [ { "protocol": "freedom", "settings": {} } ] } vi /etc/selinux/config SELINUX=disabled setenforce 0
推荐比linode还好点的vps服务商vultr
yii 邮件发送问题解决
yii邮件发送,一直报错
Swift_TransportException
Expected response code 250 but got code “550”, with message “550 5.7.1 Request not taken sender domain mismatch !
”
其实说的比较清楚了。是Request not taken sender domain mismatch
但是web.php已经修改了,找了半天,发现
config\params.php
下面的adminEmail也要修改成一致的才行。
如何让外网访问小米路由器的硬盘文件
解决只能lan口访问,不能wan口访问硬盘资源的问题。
1、小米路由器要开启ssh
2、ssh到小米路由器,编辑/etc/samba/smb.conf.template 文件,将其中的interfaces那一行改为
interfaces = br-lan eth0.2
3、编辑/etc/config/firewall文件,在文件最后添加以下内容:
config rule 'samba_udp' option src 'wan' option dest_port '137 138' option proto 'udp' option target 'ACCEPT' option name 'samba_incoming_udp' config rule 'samba_tcp' option src 'wan' option dest_port '139 445' option proto 'tcp' option target 'ACCEPT' option name 'samba_incoming_tcp'
4、执行/etc/init.d/samba restart命令重启samba服务
5、执行/etc/init.d/firewall restart命令重启防火墙
用\\xxx.xxx.xxx.xxx 访问试试。xxx是小米路由器的wan ip地址
nginx日志按天切割的脚本
本脚本原版来自 lnmp.org,修改如下:
不需要写每个日志文件,除了error日志,其他的都自动切割
不按照年月分目录,放在一个目录,这样好处理点。
用法就是放在服务器上 chmod +x,然后加到crontab里
cat /root/bin/cut_nginx_logs.sh #!/bin/bash #function:cut nginx log files for lnmp #author: http://lnmp.org #modified by http://www.juyimeng.com/lnmp-nginx-log-cut-per-day-rotation.html #set the path to nginx log files log_files_path="/home/wwwlogs/" #log_files_dir=${log_files_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m") log_files_dir=${log_files_path}bak/ #set nginx log files you want to cut #get log files list,exclude error.log log_files_name=($(/bin/find $log_files_path -maxdepth 1 -name "*.log" |grep -v error| awk -F/ '{ print $NF }')) #set the path to nginx. nginx_sbin="/usr/local/nginx/sbin/nginx" #Set how long you want to save save_days=15 ############################################ #Please do not modify the following script # ############################################ mkdir -p $log_files_dir log_files_num=${#log_files_name[@]} #cut nginx log files for((i=0;i<$log_files_num;i++));do mv ${log_files_path}${log_files_name[i]} ${log_files_dir}$(date -d "yesterday" +"%Y%m%d_%s")_${log_files_name[i]} done #delete $save_days ago nginx log files find $log_files_path -mtime +$save_days -exec rm -rf {} \; #reload nginx $nginx_sbin -s reload