搬瓦工 VPS推荐

搬瓦工,因其官网网站标识是BandwagonHost,有点类似BanWaGong的拼写,所以我们国内的站长喜欢称作为搬瓦工VPS。搬瓦工VPS是一款性价比较高的便宜VPS主机,且适合入门级网友学习Linux和建站用途。
搬瓦工VPS,隶属于美国IT7公司旗下的一款低价OpenVZ VPS主机方案、2017年新增KVM VPS架构.

  • 搬瓦工优惠码:BWHCGLUKKB
CN2 GIA-E (推荐)
  • 2核 CPU
  • 1GB 内存
  • 20GB SSD 硬盘
  • 1000GB 月流量
  • 2.5Gbps 带宽
  • DC6/DC9/软银/荷兰
  • $49.99/季度,$169.99/年
  • 最推荐,三网直连,速度超快

立即下单

 

HK (高端)

  • 2核 CPU
  • 2GB 内存
  • 40GB SSD 硬盘
  • 500GB 月流量
  • 1Gbps 带宽
  • 香港 CN2 GIA 机房
  • $89.99/月,$899.99/年
  • 土豪高端选择,绝对好用

立即下单

Comments off

apache 2.4 版获取真实ip

apache 2.4版本默认已经加了 mod_remoteip ,检查配置如果发现未删除解析,请删除#.

 

1.以下加在apache 配置最后面里:

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1/24
#CloudFlare IP Ranges
RemoteIPInternalProxy 103.21.244.0/22
RemoteIPInternalProxy 103.22.200.0/22
RemoteIPInternalProxy 103.31.4.0/22
RemoteIPInternalProxy 104.16.0.0/12
RemoteIPInternalProxy 108.162.192.0/18
RemoteIPInternalProxy 131.0.72.0/22
RemoteIPInternalProxy 141.101.64.0/18
RemoteIPInternalProxy 162.158.0.0/15
RemoteIPInternalProxy 172.64.0.0/13
RemoteIPInternalProxy 173.245.48.0/20
RemoteIPInternalProxy 188.114.96.0/20
RemoteIPInternalProxy 190.93.240.0/20
RemoteIPInternalProxy 197.234.240.0/22
RemoteIPInternalProxy 198.41.128.0/17 #你的CDN的IP,可以重复添加

2.修改下面配置信息

  1. #修改日志格式,在日志格式中加上%a,然后重启apache即可:
  2. LogFormat “%h %a %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
  3. LogFormat “%h %a %l %u %t \”%r\” %>s %b” common
  4. LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combined

Comments off

cpanel使用第三方SSL(letsencrypt)非官方插件

细节看插件官方它好像是收费,我们只作测试请访问https://letsencrypt-for-cpanel.com/pricing 网站说明为试用72小时,你可以尝试72小时后是否还可以签发.

第三方SSL安装教程连接 https://letsencrypt-for-cpanel.com/docs/for-admins/installation/

1.增加安装源

wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo

2.更新安装软件

yum -y install letsencrypt-cpanel

3.安装后自检

le-cp self-test

下面为执行过程

[root@ireland ~]# yum -y install letsencrypt-cpanel Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 91.197.228.252 * cpanel-addons-production-feed: 91.197.228.252 * cpanel-plugins: 91.197.228.252 * base: ftp.tsukuba.wide.ad.jp * extras: ftp.tsukuba.wide.ad.jp * updates: ftp.tsukuba.wide.ad.jp EA4 | 2.9 kB 00:00:00 cpanel-addons-production-feed | 2.9 kB 00:00:00 cpanel-plugins | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 letsencrypt-cpanel | 2.9 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql57-community | 2.5 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/2): letsencrypt-cpanel/primary_db | 5.7 kB 00:00:00 (2/2): cpanel-plugins/x86_64/primary_db | 30 kB 00:00:00 Resolving Dependencies –> Running transaction check —> Package letsencrypt-cpanel.x86_64 0:0.15.1-1 will be installed –> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================= Installing: letsencrypt-cpanel x86_64 0.15.1-1 letsencrypt-cpanel 5.1 M Transaction Summary ============================================================================================================================================================================================================================================================= Install 1 Package Total download size: 5.1 M Installed size: 14 M Downloading packages: letsencrypt-cpanel-0.15.1-1.x86_64.rpm | 5.1 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction *** By running this installer, you indicate that you have read the end-user licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. *** Running installer as root OS version OK cPanel version OK No licence file detected at /etc/letsencrypt-cpanel.licence Fetching new trial licence … Licence file present Redirecting to /bin/systemctl stop letsencrypt-cpanel.service Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded. FleetSSL cPanel service daemon stopped Installing : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 This server has self-signed service certificates It is not safe to operate this plugin in this circumstance ‘insecure’ is being added to /etc/letsencrypt-cpanel.conf If you wish to generate a Let’s Encrypt cert for the server Please read the configuration documentation on our website, at https://cpanel.fleetssl.com/docs/service-certificates/ Config written to /etc/letsencrypt-cpanel.conf Uninstallation of existing service failed (it’s OK) Installed init scripts. Copied plugin files OK Installing cPanel paper_lantern plugin (may take a minute) … cPanel Plugin installer succeeded OK Installed chkservd scripts Added apache pre virtualhost global include Set cpanel tweak settings — Installation complete — The plugin should now be available in the cPanel feature manager Will rebuild conf and restart Apache to reload AutoSSL DCV URLs Rebuilding Apache conf and restarting now … Built /etc/apache2/conf/httpd.conf OK Verifying : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 Installed: letsencrypt-cpanel.x86_64 0:0.15.1-1 Complete! [root@ireland ~]# le-cp self-test [SELF-TEST] Has valid licence ………… SUCCESS. [SELF-TEST] Can read config ………… SUCCESS. [SELF-TEST] Can connect to Let’s Encrypt ………… SUCCESS. [SELF-TEST] Can talk to WHM API ………… SUCCESS. [SELF-TEST] Can talk to plugin RPC ………… SUCCESS. [SELF-TEST] System tuning correctness ………… SUCCESS. [root@ireland ~]#

 

5.以下为使用方法 https://letsencrypt-for-cpanel.com/docs/for-admins/autossl/

1.关于自动签发( AutoSSL )

该插件可以提供“ AutoSSL”类型的功能。

默认情况下禁用。

如果启用,它将每隔12小时(在续订完成后进行处理):

  • 查找符合以下条件的虚拟主机
  • 没有有效的证书(未自签名且在接下来的48小时内没有过期)
  • 收集所有通过DCV(域控制验证)检查的域,并通过插件为所有域添加证书
  • DCV失败的域将被自动跳过
  • 超出“加密”速率限制的证书(即每个证书超过100个名称)
  • 反复失败的域最终将停止重试,但始终可以通过UI发出它们.

启用/禁用

 

启用(推荐)
[root@~]$ le-cp autossl enable
禁用
[root@~]$ le-cp autossl disable

5.人工签发(如果发现证书过期,首先要删除证书

(Home »SSL/TLS »Manage SSL Hosts

6.然后到SSH使用命令签发:

le-cp ssl --user=用户名  issue abc.com www.abc.com
成功例子:
[root@ireland ~]# le-cp ssl --user=drma**** issue drmartens*******.fi www.drmartens*******.fi
INFO[0011] 1 certificates were returned
INFO[0011] Domain: drmartens*******.fi
INFO[0011]      Requested AltNames: [drmartens*******.fi www.drmartens*******.fi]
INFO[0011]      Expiry: 2020-05-12 21:49:45 -0400 EDT
INFO[0011]      URL: https://acme-v02.api.letsencrypt.org/acme/order/78038503/2315490342
INFO[0011]      Cert ID: drmartens*******_fi_d2ae8_3e4c3_1589334585_c28571a4e7223c826fa6ba29749bb59a
INFO[0011]      Key ID: d2ae8_3e4c3_73dbff3b435eb636c6faf1f391287465
INFO[0011]      Actual DNS Names on Certificate: [drmartens*******.fi www.drmartens*******.fi]

Comments off

最大连接数设置太大,导致SSH无法登录

pam_limits(login:session): Could not set limit for ‘nofile’: Operation not permitted

COULD NOT SET LIMIT FOR ‘NOFILE’: OPERATION NOT PERMITTED的处理方法

若需要允许用户使用很大的文件资源需要先修改内核的文件资源数限制
修改用户可打开的文件数一般直接修改limits.conf的nofile 即可,但是如果将这个值修改为上百万很有可能导致ssh无法登陆、系统异常
因为很可能用户可打开的文件数量超过了内核可打开的文件数量
正确的修改方法如下:
先修改内核可打开文件数量,再修改用户可打开文件数量
内核限制数的具体位置是:
/proc/sys/fs/file-max –系统级别所有进程可打开的文件数
/proc/sys/fs/nr_open –定义了file-max允许被修改的最大值,file-max不可以超过该值
修改/etc/sysctl.conf增加:
fs.file-max =***
fs.nr_open = ***
即可修改内核的配置
修改完成后,再修改 /etc/security/limits.conf
  * soft nofile ***   * hard nofile ***
这里也要更改一下 /etc/security/limits.d/90-nproc.conf

Comments off

密码保护:cpanel合并用户

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

Comments off

cpanel用户创造多个网站

使用一个用户多个网站首先你要给用户分配域名权限:

创造套餐包

分配资源,然后点ADD.

多用户编辑


进入后选择一个用户,或者选择多个用户.拉到最下面:
进行分配套餐包
首先我们关闭一些dns检测NS功能,防止没有使用服务器DNS无法附加域名.

完成上面修改,然后进入cpanel子用户,也就是https://ip:2083端口.

添加新域名
上面是一个演示,域名自己替换.
完成上面后,得到细节.

然后我们来尝试上传文件,打开文件管理器.

添加域名的路径

Comments off

php

DSO

It is also known as mod_php.  It is the fastest way to serve the PHP requests. It runs PHP directly from the Apache without working like a separate service. The PHP scripts will run as the Apache user, which by default is the user ‘nobody’. In this case the PHP scripts all are owned & executed by the Apaches’s ‘nobody’ user. Therefore, we cannot track each individual user since they all run from one web server.  Security is another concern in DSO mode. It is vulnerable to malicious attacks that could modify your PHP scripts or modify the files outside of that user’s directory that had the PHP script that were exploitable. The benefit of the DSO handler is that it provides PHP opcode caching along with DSO to speed up the PHP requests. Also, we can set PHP directives directly via .htaccess files to control certain functionality of PHP.

You might choose DSO as your PHP handler if you only have one user and your primary concern is speed and performance.

CGI

CGI handler will run PHP as a CGI module as opposed to an Apache module. The CGI method is intended as a fallback handler for when DSO is not available. This method is neither fast nor secure. That is regardless of whether or not suEXEC is enabled. Nowadays, CGI handlers are used less frequently because of other handler benefits. Similar to suPHP and FastCGI, the CGI handler can use suEXEC. Instead, PHP executions are run by the file owner of a PHP script rather than the Apache “nobody” user. The usage of CGI handlers provides ease of configuration and support using suEXEC for reducing permission related issue. The main disadvantage of the CGI handler is that it is one of the slowest handler. The CGI handler is the least popular for this reason leading it to be one of the less frequently used handlers

CGI is a recommended PHP handler if suPHP, DSO, or FastCGI was not available in your server.

suPHP

Technically it is a CGI module, but it is entirely different from the CGI handler. It is the most flexible and secure way of serving PHP requests. The main advantage with this handler is it runs the PHP script as the user calling them, instead the ‘nobody’ user. Also, it is quite easy to monitor the usage of PHP script executions, because for every PHP request that is being processed a separate PHP process will be generated. Another advantage is that suPHP handler isolates one of the user on the server from others. This is a precaution taken because if one user’s account is misused then the attacker would only be able to view or modify files owned by that particular users. These applications require permission to have the ability to write, modify, and create files on the server. Permission management is easy to configure because all of your files are owned by just one user.

The main disadvantage of suPHP is speed and CPU load. This handler is recommended for small reseller clients, because it possess the high load of running separate PHP process per request. Also, if the server receives high amount of PHP requests in small period of time, this can result in a heavy load on your server.

The selection of suPHP as your PHP handler is recommended if you have multiple users on your server. You do not want to worry about setting permissions, and you are not having any performance issues with the PHP scripts that is currently used.

Fast CGI

FastCGI PHP handler is a faster way to serve PHP requests than using suPHP, but typically not as fast as using DSO. FastCGI helps reduce CPU usage by increasing the server’s available RAM in order to cache PHP scripts in the memory. This method is use instead of starting up a separate PHP process for each and every PHP request.

The main benefit of using FastCGI is that you can you can use suEXEC just like in the suPHP. This allows the PHP scripts to be executed by the actual user of the PHP script instead of the Apache’s ‘nobody’ user. It also does not require a single PHP process execution per request like suPHP does, which enhances the speed and the CPU usage by keeping PHP scripts in the memory. Issue regarding the memory usage is the drawback of FastCGI.  Also regarding the PHP opcode cache, itt keeps PHP sessions opened in the background in memory for faster access

FastCGI is the best handler if you are looking for a faster PHP execution, provided that you the high availability of memory to spare on your server.

Comments off

罗马尼亚


美国服务器

 

 

E3-12xx / 32GB内存 / 1TB SSD / 5个IP可用 1312.5元

Comments off

密码保护:监控

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

Comments off

ovz源

yum remove -y kernel-firmware-2.6.32-696.30.1.el6.noarch
wget ie.archive.ubuntu.com/centos/6/cr/x86_64/Packages/kernel-firmware-2.6.32-754.el6.noarch.rpm

rpm -ivh kernel-firmware-2.6.32-754.el6.noarch.rpm

Comments off

密码保护:win7 key

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

Comments off

Linux 连续执行多条命令

以前一直使用“shell+expect”组合。

后来在使用过程中,越发觉得expect这个东东太落后了,原因如下:

1. 官方已经停止发行新版本了;

2. 调试起来效率低,很多时候代码走的路子跟人想的差太多。

于是,后来决定使用python这一种脚本语言全部搞定。

实践证明,python开发效率非常高,的确是“糙快猛”。

停,跑题了。。。

在我的Automation case中,需要检查一个命令是否执行成功(假设命令为checklog,成功返回0,失败返回1)。

正常情况下,在checklog的下一句,直接“echo $?”,判断0,1即可。

但是,因为执行环境中的命令提示符中有0和1,所以pexpect无法判断“echo $?”的结果。

后来,琢磨着琢磨着,脑海里就冒出来上面的知识点来,试了一下,顺利解决问题特此Mark一下。

# 期望checklog执行成功
checklog && echo success
pexpect.expect(‘success’)

# 期望checklog执行失败
checklog || echo failure
pexpect.expect(‘failure’)

温习知识点:
1. 命令被分号“;”分隔,这些命令会顺序执行下去;
2. 命令被“&&”分隔,这些命令会顺序执行下去,遇到执行错误的命令停止;
3. 命令被双竖线“||”分隔,这些命令会顺序执行下去,遇到执行成功的命令停止,后面的所有命令都将不会执行;

Comments off

linux下测试网络速度

wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod +x speedtest.py
./speedtest.py
演示
root@cn2:~# ./speedtest.py
Retrieving speedtest.net configuration…
Testing from QuadraNet (104.129.8.16)…
Retrieving speedtest.net server list…
Selecting best server based on ping…
Hosted by Interoute VDC (Los Angeles, CA) [1.30 km]: 1.825 ms
Testing download speed……………………………………………………………………..    下行
Download: 97.70 Mbit/s
Testing upload speed……………………………………………………………………………………  上行
Upload: 94.82 Mbit/s

Comments off

semget: No space left on device DA 启动不了apache

This relates to semaphores on your system (you’ve run out).  Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

If this becomes a common occurance, then you may need to change your ipcs semaphore limits.
Set the following in your /etc/sysctl.conf:

kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024

and reboot your system to load in those values.

Comments off

密码保护:屏了一些ip

此内容受密码保护。如需查阅,请在下列字段中输入您的密码。

Comments off

« Previous entries 下一页 » 下一页 »