check which user nginx is running
ps aux | grep "nginx: worker process"
in my case it "apache"
chown apache:apache /var/cache/nginx/ -R
Thursday, December 24, 2015
Thursday, November 26, 2015
ssllabs A+ nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver_timeout 5s;
ssl_ciphers !RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver_timeout 5s;
Wednesday, November 25, 2015
monit check process by name without pid
check process httpd
matching "/usr/sbin/httpd"
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
matching "/usr/sbin/httpd"
start program = "/etc/init.d/httpd start"
stop program = "/etc/init.d/httpd stop"
monit will check process by process name "/usr/sbin/httpd"
Friday, November 20, 2015
fail2ban 0.9.0 example ssh jail.conf
[sshd]
enabled = true
logpath = /var/log/secure #centos
logpath = /var/log/auth.log #debian
ignoreip = 192.168.0.0/24
bantime = 6000
maxretry = 3
Thursday, November 19, 2015
Wednesday, November 18, 2015
mysql logrotate example
/var/log/mysql-slow.log {
weekly
rotate 3
compress
missingok
notifempty
sharedscripts
create 660 mysql mysql
postrotate
/usr/bin/mysqladmin flush-logs
endscript
}
weekly
rotate 3
compress
missingok
notifempty
sharedscripts
create 660 mysql mysql
postrotate
/usr/bin/mysqladmin flush-logs
endscript
}
Monday, November 16, 2015
allow, deny not working apache + nginx
For allow remote connections for specific IP add next to htaccess
SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Deny,Allow
Deny from all
allow from env=realremoteaddr
10.11.12.15|10.11.12.16 — allowed IP
For deny:
SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Allow,Deny
Allow from all
Deny from env=realremoteaddr
10.11.12.15|10.11.12.16 — now allowed IPs
SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Deny,Allow
Deny from all
allow from env=realremoteaddr
10.11.12.15|10.11.12.16 — allowed IP
For deny:
SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Allow,Deny
Allow from all
Deny from env=realremoteaddr
10.11.12.15|10.11.12.16 — now allowed IPs
Friday, November 13, 2015
Tuesday, November 10, 2015
nginx init.d script
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
Thursday, November 5, 2015
pure-ftpd centos working config
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 20
VerboseLog yes
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous yes
DontResolve yes
MaxIdleTime 15
PureDB /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication no
LimitRecursion 10000 8
AnonymousCanCreateDirs no
MaxLoad 4
PassivePortRange 48000 50000
AntiWarez yes
Umask 137:027
MinUID 48
UseFtpUsers no
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload yes
AltLog clf:/var/log/pureftpd.log
MaxDiskUsage 99
CustomerProof yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 20
VerboseLog yes
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous yes
DontResolve yes
MaxIdleTime 15
PureDB /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication no
LimitRecursion 10000 8
AnonymousCanCreateDirs no
MaxLoad 4
PassivePortRange 48000 50000
AntiWarez yes
Umask 137:027
MinUID 48
UseFtpUsers no
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload yes
AltLog clf:/var/log/pureftpd.log
MaxDiskUsage 99
CustomerProof yes
Friday, October 30, 2015
haproxy exclude redirect domain to https
in frontend http-in section
redirect scheme https if !{ hdr(Host) -i sub.domain.com } !{ ssl_fc }
Tuesday, October 6, 2015
git server hook after push
in server repo site edit file
.git/hooks/post-receive
add next script
#!/bin/bash
export GIT_WORK_TREE=/var/www/sitepath
git checkout -f
.git/hooks/post-receive
add next script
#!/bin/bash
export GIT_WORK_TREE=/var/www/sitepath
git checkout -f
Thursday, October 1, 2015
nginx authorization some files
task :
mail page - authorization
static files - without authorization
mail page - authorization
static files - without authorization
Tuesday, September 29, 2015
nginx rewrite to https
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
[....]
}
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
[....]
}
Tuesday, August 25, 2015
create big file linux / создать большой файл
dd if=/dev/zero of=/home//movie.flv
it will be record zero data to file, until you'll stop operation
second solution
fallocate -l 1G test.img
it will be record zero data to file, until you'll stop operation
second solution
fallocate -l 1G test.img
search files modified in range time / найти файлы модифицированные в промежуток времени
find /path/to/dir/ -newermt '2015-08-24 11:35' ! -newermt '2015-08-24 12:17' -ls
Friday, July 24, 2015
удалите из верхней части страницы код javascript и css блокирующий отображение wordpress
в папке с темой находим functions.php и добавляем в самый низ файл код
/**
* Load Enqueued Scripts in the Footer
*
* Automatically move JavaScript code to page footer, speeding up page loading time.
*/
function footer_enqueue_scripts() {
remove_action('wp_head', 'wp_print_scripts');
remove_action('wp_head', 'wp_print_head_scripts', 9);
remove_action('wp_head', 'wp_enqueue_scripts', 1);
add_action('wp_footer', 'wp_print_scripts', 5);
add_action('wp_footer', 'wp_enqueue_scripts', 5);
add_action('wp_footer', 'wp_print_head_scripts', 5);
}
add_action('after_setup_theme', 'footer_enqueue_scripts');
/**
* Load Enqueued Scripts in the Footer
*
* Automatically move JavaScript code to page footer, speeding up page loading time.
*/
function footer_enqueue_scripts() {
remove_action('wp_head', 'wp_print_scripts');
remove_action('wp_head', 'wp_print_head_scripts', 9);
remove_action('wp_head', 'wp_enqueue_scripts', 1);
add_action('wp_footer', 'wp_print_scripts', 5);
add_action('wp_footer', 'wp_enqueue_scripts', 5);
add_action('wp_footer', 'wp_print_head_scripts', 5);
}
add_action('after_setup_theme', 'footer_enqueue_scripts');
Thursday, May 21, 2015
linux кем слушаются порты
rpcinfo -p
вывод примерно такой
[root@host ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 678 rquotad
100011 2 udp 678 rquotad
100011 1 tcp 681 rquotad
100011 2 tcp 681 rquotad
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 tcp 33303 nlockmgr
100021 3 tcp 33303 nlockmgr
100021 4 tcp 33303 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 718 mountd
100005 1 tcp 721 mountd
100005 2 udp 718 mountd
100005 2 tcp 721 mountd
100005 3 udp 718 mountd
100005 3 tcp 721 mountd
вывод примерно такой
[root@host ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 678 rquotad
100011 2 udp 678 rquotad
100011 1 tcp 681 rquotad
100011 2 tcp 681 rquotad
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 tcp 33303 nlockmgr
100021 3 tcp 33303 nlockmgr
100021 4 tcp 33303 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 718 mountd
100005 1 tcp 721 mountd
100005 2 udp 718 mountd
100005 2 tcp 721 mountd
100005 3 udp 718 mountd
100005 3 tcp 721 mountd
nginx / apache parse access log
cat /var/log/nginx/access_log | awk '{print $1}' |sort | uniq -c | sort -k 1 -n
Tuesday, May 12, 2015
AH00082: an unknown filter was not added: PHP
Должно быть так
/etc/apache2/apache2.conf
AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
А не так
/etc/apache2/mod-available/php5filter.conf
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
Делаем так
#<Files *.php> # SetOutputFilter PHP # SetInputFilter PHP #</Files>
Thursday, April 30, 2015
переадресация c http на https и другой порт
RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$ [OR]
RewriteCond %{HTTP} =on
RewriteRule ^(.*)$ https://www.domain.com:8080/$1 [R=301,L]
Как посмотреть cron для всех пользователей
#!/bin/bash
for user in `cat /etc/passwd | cut -d":" -f1`;
do
crontab -l -u $user;
done
Thursday, April 9, 2015
Wednesday, March 25, 2015
libxml2 is missing centos nokogiri
gem install nokogiri -- \
--use-system-libraries \
--with-xml2-config=/path/to/xml2-config \
--with-xslt-config=/path/to/xslt-config
Thursday, March 19, 2015
создание и обмен ключами linux
Генерируем ключ
artemiy@artemiy-nix ~ $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/artemiy/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/artemiy/.ssh/id_rsa.
Your public key has been saved in /home/artemiy/.ssh/id_rsa.pub.
The key fingerprint is:
af:5e:ea:19:84:dd:5a:75:3e:b3:96:b1:b7:15:12:36 artemiy@artemiy-nix
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| .E. |
| o . ..oo |
| . S o .=. |
| . + .B.|
| o o = o|
| * . .o|
| o* . |
+-----------------+
tomcat 80 port linux
1. возвращаем порт 8080 если меняли, а если вы ищете как запустить tomcat на 80 порту, значит меняли
у меня конфиг находится /etc/tomcat7/server.xml
ищем
у меня конфиг находится /etc/tomcat7/server.xml
ищем
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" />
2. выполняем
Wednesday, March 18, 2015
dovecot.spec
Summary: Dovecot Secure imap server
Name: dovecot
Version: 2.2.10 ###Версия пакета
Release: 1
Epoch: 1
License: LGPL
Group: System Environment/Daemons
Name: dovecot
Version: 2.2.10 ###Версия пакета
Release: 1
Epoch: 1
License: LGPL
Group: System Environment/Daemons
как собрать rpm пакет в centos
Для начала необходимо установить необходимые утилиты
yum install -y rpmdevtools
yum install -y rpmdevtools
Tuesday, March 17, 2015
mysqldump: ambiguous option '--all' (all-databases, allow-keywords) fsbackup
Есть такая хорошая штука, как MySQL-Maint
при бэкапе mysql базы данных получаем ошибку
открываем скрипт и удаляем ключ --all
if [ "_$backup_method" = "_full" ]; then
echo "Creating full backup of all MySQL databases."
${backup_progdump_path}mysqldump --all --add-drop-table --all-databases --force --no-data $extra_mysqldump_flag --password=$backup_mysqlpassword --user=$backup_mysqluser > $backup_path/$backup_name-struct-mysql
${backup_progdump_path}mysqldump --all --all-databases --add-drop-table --force $extra_mysqldump_flag --password=$backup_mysqlpassword --user=$backup_mysqluser |gzip > $backup_path/$backup_name-mysql.gz
exit
fi
при бэкапе mysql базы данных получаем ошибку
mysqldump: ambiguous option '--all' (all-databases, allow-keywords)
открываем скрипт и удаляем ключ --all
if [ "_$backup_method" = "_full" ]; then
echo "Creating full backup of all MySQL databases."
${backup_progdump_path}mysqldump --all --add-drop-table --all-databases --force --no-data $extra_mysqldump_flag --password=$backup_mysqlpassword --user=$backup_mysqluser > $backup_path/$backup_name-struct-mysql
${backup_progdump_path}mysqldump --all --all-databases --add-drop-table --force $extra_mysqldump_flag --password=$backup_mysqlpassword --user=$backup_mysqluser |gzip > $backup_path/$backup_name-mysql.gz
exit
fi
массовое копирование файлов с переименовыванием linux
#!/bin/bash
set -x
mydir=/home/test
mkdir $mydir/test; cp *.txt $mydir/test/; rename 's/.txt/.old.txt/g' $mydir/test/*.txt ;mv $mydir/test/*.txt $mydir; rmdir $mydir/test
set -x
mydir=/home/test
mkdir $mydir/test; cp *.txt $mydir/test/; rename 's/.txt/.old.txt/g' $mydir/test/*.txt ;mv $mydir/test/*.txt $mydir; rmdir $mydir/test
что делает скрипт:
Полезные команды yum rpm apt-get dpkg
centos
yum search - поиск пакетовyum update - обновить систему
yum list installed - посмотреть установленные пакеты
yum list updates - посмотреть возможные обновления пакетов
yum list ***** - узнать версию пакета в репо
yum provides *** - в каком пакете файл
rpm -qp <name_pak> -l посмотреть содержимое пакета centos
rpm -qa - установленные пакеты в системе
rpm -qf - узнать кому принадлежит файл
rpm -ql - список файлов пакета
ubuntu
dpkg-dep --contents <name_pak> - узнать содержимое пакета
apt-file list **** посмотреть список файлов в пакете
apt-file search *** - найти пакет по файйлу
dpkg -L *** какие файлы установил пакет
dpkg -S - найти кем был установлен файл
apt-cache policy *** - узнать версии пакетов в репо
apt-get install --reinstall apache2 - переустановить пакет apache2
Monday, March 9, 2015
php configure 5.3
./configure --with-apxs2=/usr/bin/apxs --enable-mbstring --with-mysql=/usr/bin/mysql_config --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-config-file-path=/etc/php/
Monday, January 12, 2015
Shared object libgcrypt.so.19 not found, required by rsyslogd
Столкнулся с проблемой, при запуске rsyslog ошибка - не найден libgcrypt.so.19
обновления libgcrypt и rsyslogd и прочие пляски сгугл..бубнами не помогали
я решил проблему следующим способом
находим в системе libgcrypt
обновления libgcrypt и rsyslogd и прочие пляски с
я решил проблему следующим способом
находим в системе libgcrypt
[root@logs /etc]# locate libgcrypt.so
/usr/local/lib/libgcrypt.so
/usr/local/lib/libgcrypt.so.20
/usr/local/lib/libgcrypt.so.20.0.2
и делаем симлинк с libgcrypt.so.20 на libgcrypt.so.19
ln -s /usr/local/lib/libgcrypt.so.20 /usr/local/lib/libgcrypt.so.19
Запускаем rsyslogd и радуемся
Tuesday, January 6, 2015
Настройка роутера totolink c подключением DHCP
Заходим пуск - панель управления - сетевые подключения и открываем свойства подключения по локальной сети
Subscribe to:
Posts (Atom)
-
Install OpenVZ kernel 1. Go to https://download.openvz.org/virtuozzo/releases/ and choose latest OpenVZ release, in my case this is open...
-
Для начала необходимо установить необходимые утилиты yum install -y rpmdevtools
-
Заходим пуск - панель управления - сетевые подключения и открываем свойства подключения по локальной сети ...