nginx配置文件的编码问题

nginx的配置文件居然可以用多种编码,比如utf8和gbk两种,

需要你把utf8和gbk分别写入两个文件比如  vhost1.conf vhost2.conf

然后在 nginx.conf 里面 include vhost1.conf; include vhost2.conf; 即可

这类应用一般是你在需要些配置文件时候用到中文的时候。

比如 :

subs_filter  ‘nihao’ ‘你好’;

有关,nginx的 subs_filter 是定制模块 地址在 https://github.com/yaoweibin/ngx_http_substitutions_filter_module

 

iptables 根据ip设置开放某些ip的访问,ip地址段 a-b 的方式

IPB=/sbin/iptables
$IPB -F INPUT

for kk in ` cat ip.txt | awk '{printf ("%s_%s\n",$1,$2)}'`
do
#echo $kk
startip=`echo $kk | awk -F "_" '{print $1}'`
endip=`echo $kk | awk -F "_" '{print $2}'`
$IPB -A INPUT -p tcp --dport 80 -m iprange --src-range $startip-$endip -j ACCEPT
done
### deny all 
$IPB -A INPUT -p tcp --dport 80 -j DROP

ip.txt内容是

1.0.1.0 1.0.3.255 768
1.0.8.0 1.0.15.255 2,048
1.0.32.0 1.0.63.255 8,192

thinkphp的nginx配置pathinfo模式,适用3.2 5.0

tp-nginx-config

server
{
# 适用于 thinkphp 3.2 thinkphp 5.0
# pathinfo 模式
# 模块/控制器/方法/参数
# 3.2 使用方法 /home/index/index/params
# 5.0 使用方法 /index/index/index/params
listen 80;
server_name tp;#mod this line
index index.php index.html;
root /tpdir; #mod this line

location / {
index index.php index.htm;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
location ~ \.php {
fastcgi_pass 127.0.0.1:9000; #mod this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
if ($fastcgi_script_name ~ “^(.+?\.php)(/.+)$”) {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param PATH_INFO $path_info;
}

}

centos 6.X x86_64 安装 rpm 的mysql 5.6 下载如下包

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-server-5.6.33-2.el6.x86_64.rpm

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-client-5.6.33-2.el6.x86_64.rpm

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-common-5.6.33-2.el6.x86_64.rpm

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-devel-5.6.33-2.el6.x86_64.rpm

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-libs-5.6.33-2.el6.x86_64.rpm

http://repo.mysql.com/yum/mysql-5.6-community/el/6/x86_64/mysql-community-libs-compat-5.6.33-2.el6.x86_64.rpm

mysql 的 information_schema 库

https://dev.mysql.com/doc/refman/5.7/en/information-schema.html

利用  information_schema 可以做很多事,这个库存储了mysql的元数据!

比如:

1)查询存在哪些 表是 innodb 的

2)查询 innodb 表的大小

3)查询某字段的定义

例子
SELECT table_schema,table_name, table_rows,
ROUND((data_length+index_length)/1024/1024) AS total_mb,
ROUND(data_length/1024/1024) AS data_mb,
ROUND(index_length/1024/1024) AS index_mb
FROM INFORMATION_SCHEMA.TABLES WHERE engine=’InnoDB’
ORDER BY total_mb desc;

nginx 的ssl ,单ip多名ssl,以及方便脚本

首先,nginx 单ip多域名的ssl配置,参考地址是

单ip nginx配置多域名https

另外,利用 脚本可以比较方便的使用 lets-encrypt 提供的免费ssl,

https://github.com/xdtianyu/scripts/tree/master/lets-encrypt

一个配置文件的例子  letsencrypt.conf-myssl

ACCOUNT_KEY=”letsencrypt-account.key”
DOMAIN_KEY=”/www/ssl/myssldomain.com.key”
DOMAIN_DIR=” /www/myssldomain”
DOMAINS=”DNS:myssldomain.com,DNS:www.myssldomain.com”

方法就是配置 conf文件,然后运行就好了,

letsencrypt.sh   letsencrypt.conf-myssl

上面脚本就能自动帮你做注册和生成key的动作。后面只需要修改nginx的配置文件即可

nginx的配置文件,这样写

server
{
listen 80;
listen 443;
if ($scheme = http) {return 301 https://$server_name$request_uri;}
server_name www.myssldomain.com myssldomain.com;
root /www/myssldomain/;
index index.php index.html;
include php.conf;
ssl on;
ssl_certificate “/www/ssl/myssldomain.chained.crt”;
### 注意这里,最好用chained.crt 容易被多数浏览器支持
ssl_certificate_key “/www/ssl/myssldomain.com.key”;
}

 

wdcp的apache编译ssl模块

下载apache的源文件 http://archive.apache.org/dist/httpd/

解压后进入 modules/ssl 运行下面语句

/www/wdlinux/apache/bin/apxs -a -i -DHAVE_OPENSSL=1 -I/usr/include/openssl -L/usr/lib64/openssl -c *.c -lcrypto -lssl -ldl

下面的3行不一定对。一般来说编辑 conf/extra/httpd-ssl.conf 里面启用 https比较好

下面3行仅供参考:

SSLCertficateChainFile /www/wdlinux/apache/conf/1_root_bundle.crt
SSLCertificateFile /www/wdlinux/apache/conf/2_www.域名.com.crt
SSLCertificateKeyFile /www/wdlinux/apache/conf/3_www.域名.com.key

PS:

http 80 转向到 https 443

.htaccess里面

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://www.yourname.com%{REQUEST_URI} [L,R=301]
</IfModule>

apache 2.4的Substitute模块使用注意

apache 2.4 的 Substitute 模块是个好东西,可以用来实时修改页面内容,做些替换什么的工作,比如

ProxyPass /  http://other_web_site.com
ProxyPassReverse / http://other_web_site.com
AddOutputFilterByType SUBSTITUTE text/html
Substitute “s|http://other_web_site.com|http://localhost|i”

可以把网页里面的 http://other_web_site.com 字样替换为 http://localhost

那么有时候 你会发现这个没生效,没法替换,但是这也没什么错误啊,
其实问题很可能是因为你proxy的那个站点用来压缩,导致在Substitute看起来页面是压缩的内容,他当然替换不了,那么必须在压缩前进行解压缩,其实并不需要解压,只需要告诉对方的服务器,我这里不接受压缩的文件,那么就需要另外一个模块了
LoadModule headers_module modules/mod_headers.so

这个模块可以更改proxy模块发到对方的header
RequestHeader set Accept-Encoding “”

那么完整就可以可以这样写

ProxyPass /  http://other_web_site.com
ProxyPassReverse /   http://other_web_site.com
RequestHeader set Accept-Encoding ""
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://other_web_site.com|http://localhost|i"

一共需要启用如下模块

LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule substitute_module modules/mod_substitute.so

 

附:有关nginx里面proxy的时候碰到gzip

看这里  http://www.zjpro.com/nginx-substitutions4nginx.html

 

Linux配置了vpn的ppp,访问百度速度慢或者无法访问

RT,搭设了 VPN,可以访问谷歌 FB等,现在却无法访问百度以及亚马逊,这真的很奇怪,有朋友也遇到相同的问题吗?着急求解!!

下载 ip-up-local,上传到服务器的 /etc/ppp/ip-up.local 文件,然后重启ppp服务

service pptpd stop && service pptpd start

参考资料来自

http://www.iyunv.com/thread-27228-1-1.html

nginx配置防盗链的方法

nginx里面,防盗链需要针对你的域名和泛域名做相应的开放,所有图中 *.domain.com 是必须的,否则你的类似 www.domain.com 也会在屏蔽之列了

location ~* \.(gif|jpg|jpeg|png|bmp|swf|flv)$
{
valid_referers none blocked domain.com *.domain.com baidu.com *.baidu.com ;
if ($invalid_referer) {
return 403;
}
}

nginx的高性能参数配置

1)nginx.conf 里面的参数配置,假设服务器8核心(逻辑核心)

worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 102400;
events
{
use epoll;
worker_connections 204800;
accept_mutex on;
}

2) /etc/rc.local

echo “ulimit -SHn 65535” >> /etc/rc.local

3)/etc/security/limits.conf

* soft nofile 655360
* hard nofile 655360

4) /etc/sysctl.conf

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000

 

参考文件:

http://www.open-open.com/lib/view/open1392942521299.html

 

apt.sw.be失效 导致wdcp安装出错

修改 /etc/yum.repos.d/rpmforge.repo

### Name: RPMforge RPM Repository for RHEL 5 to 6 - dag
### URL: http://rpmforge.net/
### MODIFIED BY QQ733905
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el$releasever/en/$basearch/rpmforge/
mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 0

奇怪的linux网络不通事件

一个客户Centos Linux系统出现dz通信失败,
ssh登录到服务器后发现,服务器有双ip, 1.1.1.1 和 1.1.1.2
经询问得知原来1.1.1.1 废弃不用,更改为1.1.1.2,但是原来的系统管理员图省事,
只是增加了1.1.1.2的新ip,并未去掉老的ip,导致服务器对外ping和从服务器的主动动作都
被认为是从老的ip发出,估计外围交换机做了限制,导致失败
去掉旧ip,只保留新ip,问题解决

nginx 的php配置支持php-fpm和Apache,失败后自动切换

其中 error_page 502 = @apache; 是关键!!!

 location ~ .*\.php$
{
        error_page 502 = @apache;
        fastcgi_pass  127.0.0.1:9002;
        fastcgi_index index.php;
        fastcgi_param GATEWAY_INTERFACE CGI/1.1;
        fastcgi_param SERVER_SOFTWARE nginx;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param DOCUMENT_URI $document_uri;
        fastcgi_param DOCUMENT_ROOT $document_root;
        fastcgi_param SERVER_PROTOCOL $server_protocol;
        fastcgi_param REMOTE_ADDR $remote_addr;
        fastcgi_param REMOTE_PORT $remote_port;
        fastcgi_param SERVER_ADDR $server_addr;
        fastcgi_param SERVER_PORT $server_port;
        fastcgi_param SERVER_NAME $server_name;
        # PHP only, required if PHP was built with --enable-force-cgi-redirect
        fastcgi_param REDIRECT_STATUS 200;
}

 location @apache {
        proxy_pass http://127.0.0.1:88;
        proxy_connect_timeout 30s;
        proxy_send_timeout   90;
        proxy_read_timeout   90;
        proxy_buffer_size    32k;
        proxy_buffers     4 32k;
        proxy_busy_buffers_size 64k;
        proxy_redirect     off;
        proxy_hide_header  Vary;
        proxy_set_header   Accept-Encoding '';
        proxy_set_header   Host   $host;
        proxy_set_header   Referer $http_referer;
        proxy_set_header   Cookie $http_cookie;
        proxy_set_header   X-Real-IP  $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
}