CentOS 7 一些记录

最小安装完成后无法联网,需要手动开启网络访问

cd /etc/sysconfig/network-scripts/

找到网卡 例如 ifcfg-eno33

vi ifcfg-eno33

将最后一行的 ONBOOT=no 改为 ONBOOT=yes 然后退出 vi

退出重启 network

service network restart

监测 MySQL 服务 挂掉自动重启

最近 MySQL 服务总是挂掉

cd ~
vim /mysqllisten.sh
#!/bin/bash
pgrep -x mysqld &> /dev/null
if [ $? -ne 0 ]
then
echo "MySQL stoped at time: `date` ">> /home/wwwlogs/mysql_messages
/etc/init.d/mysql restart
sleep 15s
MYSQLPORT=`netstat -na|grep "LISTEN"|grep "3306"|awk -F[:" "]+ '{print $4}'`
    if [ "$MYSQLPORT" == "3306" ]
then  
            echo "MySQL restart successful at time: `date` ">> /home/wwwlogs/mysql_messages   
        else
            echo "MySQL restart failed at time: `date` ">> /home/wwwlogs/mysql_messages 
            mail -s "wann! yourwebsitedomain's mysql restart failed" 这里写你的邮箱地址
        fi
else
echo "MySQL server is running"
fi
chmod +x ./mysqllisten.sh

添加定时任务

crontab -e

*/10 * * * * /bin/bash /root/mysqllisten.sh

service crond restart

LNMP使用中mysql宕机挂掉后自动重启脚本

http://xiaohost.com/1580.html

手动安装 Let’s Encrypt SSL 证书 HTTPS

CentOS 6、7,先执行:

yum install epel-release
cd /root/
wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

单域名生成证书:

./certbot-auto certonly --email jollyfon@gmail.com --agree-tos --no-eff-email --webroot -w /home/wwwroot/wanai.unetu.net -d wanai.unetu.net

安装成功返回

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/wanai.unetu.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/wanai.unetu.net/privkey.pem
   Your cert will expire on 2019-01-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

多域名单目录生成单证书:(即一个网站多个域名使用同一个证书)

./certbot-auto certonly --email jollyfon@gmail.com --agree-tos --no-eff-email --webroot -w /home/wwwroot/wanai.unetu.net -d wanai.unetu.net www.unetu.net

多域名多目录生成一个证书:(即一次生成多个域名的一个证书)

./certbot-auto certonly --email jollyfon@gmail.com --agree-tos --no-eff-email --webroot -w /home/wwwroot/wanai.unetu.net -d wanai.unetu.net www.unetu.net -w /home/wwwroot/wanaioa.unetu.net -d wanaioa.unetu.net -d unetu.net

安装完成后证书文件位置

/etc/letsencrypt/live

有四个文件

/etc/letsencrypt/live/wanai.unetu.net/cert.pem
/etc/letsencrypt/live/wanai.unetu.net/chain.pem
/etc/letsencrypt/live/wanai.unetu.net/fullchain.pem
/etc/letsencrypt/live/wanai.unetu.net/privkey.pem

Nginx 配置

listen 443 ssl;   
server_name wanai.unetu.net;     
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/wanai.unetu.net;          
ssl_certificate /etc/letsencrypt/live/wanai.unetu.net/fullchain.pem;    #前面生成的证书,改一下里面的域名就行
ssl_certificate_key /etc/letsencrypt/live/wanai.unetu.net/privkey.pem;   #前面生成的密钥,改一下里面的域名就行
SSLCertificateChainFile /etc/letsencrypt/live/wanai.unetu.net/chain.pem; #Apache 2.2版本需要加入该中间证书,否则浏览器可能不信任
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

Let’s Encrypt 证书的有效期为 90 天,可自动续期

打开 crontab 

crontab -e

添加规则

0 3 */5 * * /root/certbot-auto renew --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"

我的示例

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name wanai.unetu.net ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/wanai.unetu.net;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/wanai.unetu.net/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/wanai.unetu.net/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;

        include rewrite/codeigniter.conf;

        location  ~ [^/]\.php(/|$)
        {
            fastcgi_pass  127.0.0.1:9001; #注意此端口
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;

        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/wanai.unetu.net.log;
    }

参考文献:

CentOS 7 修改 yum 源为 阿里云

备份本地 yum 源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak

获取阿里 yum 源配置文件

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 

清理一下旧包

yum clean all

更新 cache  生成缓存

yum makecache

更新(如果需要)

yum -y update 

Linux 下使用 vsftpd 搭建 ftp 服务

检查系统中是否已安装 vsftpd

rpm -qa | grep vsftpd

若未安装则使用安装命令

yum -y install vsftpd

安装完之后创建 ftp 用户和适用目录

useradd -s /sbin/nologin -d /home/ftproot ftproot

注:目录不要手动创建,该命令会自动创建

更令 ftp 用户密码

passwd ftproot

然后输入两次密码

打开 vsftpd 的配置文件

vim /etc/vsftpd/vsftpd.conf

找到 anonymous_enable 配置项,默认是YES,修改成NO,表示不允许匿名用户登录

:wq 保存文件,执行启动命令

CentOS 6 下启动

service vsftpd start

查看运行状态

service vsftpd status

CentOS 7 下启动

systemctl start vsftpd.service

查看运行状态

systemctl status vsftpd.service

完毕