# cat /etc/default/locale LC_ALL="en_US.UTF-8" LANG="en_US.UTF-8" LANGUAGE="en_US:en" locale-gen --purge en_US.UTF-8 echo -e 'LANG="en_US.UTF-8"\nLANGUAGE="en_US:en"\n' > /etc/default/locale
# export LC_ALL=en_US.UTF-8 # dpkg-reconfigure locales Timezone
# tzselect vi /etc/profile.d/TZ.sh TZ='Asia/Taipei' export TZ Debian - Testing/etc/apt/source.list deb http://ftp.us.debian.org/debian/ testing main contrib non-free deb-src http://ftp.us.debian.org/debian/ testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free deb http://ftp.us.debian.org/debian/ testing-proposed-updates main contrib non-free deb-src http://ftp.us.debian.org/debian/ testing-proposed-updates main contrib non-free # aptitude update # aptitude full-upgrade Webminhttp://www.webmin.com/download.html /srv/webmin/ # wget webmin.tar # ./setup.sh
commands: /etc/webmin /etc/rc.local /etc/webmin/start Users# adduser wisdomfish
sysctl # cat /proc/sys/fs/file-max 76455 root@li408-72:~# sysctl -a | grep file fs.file-nr = 384 0 76455fs.file-max = 76455fs.xfs.filestream_centisecs = 3000 /etc/sysctl.conf or /etc/sysctl.d/local.conf # sysctl -p net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_forward = 1 # by Kuo, ChaoYi fs.file-max = 2390251 # net.core.somaxconn = 128 -> 262144 net.core.somaxconn = 10240 # net.core.netdev_max_backlog = 1000 -> 262144 net.core.netdev_max_backlog = 10240 # net.ipv4.tcp_fin_timeout = 60 net.ipv4.tcp_fin_timeout = 1 # net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_time = 30 # net.ipv4.tcp_max_orphans = 65536 -> 262144 net.ipv4.tcp_max_tw_buckets = 6000 # net.ipv4.tcp_max_syn_backlog = 512 -> 262144 net.ipv4.tcp_max_syn_backlog = 10240 # net.ipv4.ip_local_port_range = 32768 61000 net.ipv4.ip_local_port_range = 1024 65000 # net.ipv4.tcp_syncookies = 1 # net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_synack_retries = 1 # net.ipv4.tcp_syn_retries = 5 net.ipv4.tcp_syn_retries = 1 # net.ipv4.tcp_tw_recycle = 0 net.ipv4.tcp_tw_recycle = 1 # net.ipv4.tcp_tw_reuse = 0 HG ~/.hgrc [ui] username = Kuo, ChaoYi <Kuo.ChaoYi@gmail.com> verbose = True /etc/mercurial/hgrc [extensions] color =
/etc/postgresql/9.0/main/postgresql.conf listen_addresses = '*' # what IP address(es) to listen on; /etc/postgresql/9.0/main/pg_hba.conf host all all x.x.x.x/0 md5 example # # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 0.0.0.0 0.0.0.0 md5 # IPv6 local connections: host all all 127.0.0.1/32 md5 # Allow replication connections from localhost, by a user with the # replication privilege. #local replication postgres peer #host replication postgres 127.0.0.1/32 md5 #host replication postgres ::1/128 md5 host all all ::1/128 md5 JDK
Download Oracle JDK, set JAVA_HOME and bin. SecurityLinux Firewall清空 Rulse 用 #!/bin/sh iptables -t nat -F iptables -t nat -X iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t mangle -F iptables -t mangle -X iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P INPUT ACCEPT iptables -t mangle -P FORWARD ACCEPT iptables -t mangle -P OUTPUT ACCEPT iptables -t mangle -P POSTROUTING ACCEPT iptables -F iptables -X iptables -P FORWARD ACCEPT iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -t raw -F iptables -t raw -X iptables -t raw -P PREROUTING ACCEPT iptables -t raw -P OUTPUT ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 Rules file /etc/iptables.up.rules # Generated by iptables-save v1.4.10 on Thu Dec 8 01:58:21 2011 *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp -i eth0 --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp -i eth0 --dport ???? -j ACCEPT -A INPUT -p tcp -m tcp -i eth0 --dport ???? -j ACCEPT -A INPUT -p tcp -m tcp -i eth0 --dport ???? -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A INPUT -j DROP :OUTPUT ACCEPT [0:0] COMMIT # Completed on Thu Dec 8 01:58:21 2011 /etc/sysctl.conf
# Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks. net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss # of TCP functionality/features under normal conditions. When flood # protections kick in under high unanswered-SYN load, the system # should remain more stable, with a trade off of some loss of TCP # functionality/features (e.g. TCP Window scaling). net.ipv4.tcp_syncookies=1 # by Kuo net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.ip_local_port_range = 1024 65000 ################################################################### # Additional settings - these settings can improve the network # security of the host and prevent against some network attacks # including spoofing attacks and man in the middle attacks through # redirection. Some network environments, however, require that these # settings are disabled so review and enable them as needed. # # Do not accept ICMP redirects (prevent MITM attacks) net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) net.ipv4.conf.all.secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) net.ipv4.conf.all.send_redirects = 0 # # Do not accept IP source route packets (we are not a router) net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route = 0 # # Log Martian Packets net.ipv4.conf.all.log_martians = 1 # 執行以下指令使設定生效: /sbin/sysctl -p # sysctl -p net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_forward = 1 舊筆記 for UbuntuHg安裝參考 > Mercurial - hg [內部連結] # sudo apt-get install python-all-dev # sudo apt-get install python-setuptools # sudo easy_install -U mercurial # hg --version # apt-get install mercurial # hg --version /etc/.hgignore webmin/system-status/alternatives/ webmin/package-updates/ X11/ defoma/ .java/ gtk-2.0/ Software Package UpdatesPakcagesPostgreSQLUbuntu 11.10 add PostgreSQL 9.1 /etc/apt/source.list.d/org.wisdomfish.list # PostgreSQL 9.x # http://ppa.launchpad.net/pitti/postgresql/ubuntu (optional: dist) deb http://ppa.launchpad.net/pitti/postgresql/ubuntu maverick main deb-src http://ppa.launchpad.net/pitti/postgresql/ubuntu maverick main # ORACLE-JAVA deb http://archive.canonical.com/ubuntu maverick partner * enabled /etc/apt/source.list all '#' Bugs,
/etc/sysctl.d/30-postgresql-shm.conf # Shared memory settings for PostgreSQL # Note that if another program uses shared memory as well, you will have to # coordinate the size settings between the two. # Maximum size of shared memory segment in bytes kernel.shmmax = 33554432 # Maximum total size of shared memory in pages (normally 4096 bytes) kernel.shmall = 2097152 # /etc/init.d/postgresql restart JDK 7# apt-get install java7-jdk # update-alternatives --config java /usr/lib64/jvm/ sudo update-alternatives --config java sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.7.0/jre/bin/java 3 JAVA_HOME=/home/kuochaoyi/jdk7 export JAVA_HOME PATH=$PATH:$JAVA_HOME/bin export PATH CATALINA_HOME=/opt/javaEE/tomcat7 export CATALINA_HOME CATALINA_OPTS="-server -Xmx400m" export CATALINA_OPTS # apt-get update # apt-get install sun-java6-jdk sun-java6-plugin # apt-get install postgresql-9.0 Nginxhttp://wiki.nginx.org/Install#Ubuntu_PPA echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu $(lsb_release -cs) main" >> /etc/apt/sources.list.d/nginx.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C apt-get update && apt-get install nginx deb http://ppa.launchpad.net/nginx/stable/ubuntu oneiric main http://nginxlibrary.com/ubuntu-latest-nginx/ Bug: root@li388-54:/etc/init.d# ./nginx start Starting nginx: nginx: [emerg] unknown "https" variable nginx: configuration file /etc/nginx/nginx.conf test failed root@li388-54:/etc/init.d# vi /etc/nginx/fastcgi_params # fastcgi_param HTTPS $server_https; http://www.webhostingtalk.com/showthread.php?t=1099802 Tomcat 7Play! Framework/srv # ln -s /opt/play-1.x /opt/play-1 PLAY_HOME=/KuoSDK/play-1 PATH=$PATH:$PLAY_HOME export PLAY_HOME export PATH LAPM三分鐘快速安裝nginx+php5-fpm,以Ubuntu 11.04為例, http://blog.lyhdev.com/2011/05/nginxphp5-fpmubuntu-1104.html Creating config file /etc/php5/fpm/php.ini with new version root@li176-97:~# /etc/init.d/nginx start Starting nginx: nginx. root@li176-97:~# /etc/init.d/php5-fpm start * Starting PHP5 FPM... ...done. Securityvi php5/fpm/pool.d/www.conf -> listen = 127.0.0.1:30000 nginx/sites-available/default location ~ \.php$ { fastcgi_pass 127.0.0.1:30000; fastcgi_index index.php; include fastcgi_params; } #/etc/init.d/nginx reload PHP-FPM /etc# vi /etc/nginx/fastcgi_params fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; Dist upgrade# apt-get install update-manager-core # do-release-upgrade // rebooted # lsb_release -a # vi /etc/update-manager/release-upgrades Prompt=normal # do-release-upgrade -d GPG keysReading package lists... Done W: GPG error: http://extras.ubuntu.com oneiric Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192 W: GPG error: http://ppa.launchpad.net maverick Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 99B656EA8683D8A2 # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192 |
B06.高負載之SNS技術研討 > 01.Server管理與效能調校 >