更新 SSL 後 CURL 失效
1. 將新的 .crt 拷貝至 /etc/pki/ca-trust/source/anchors
2. 執行 update-ca-trust extract
3. 測試 curl 是否可以重新讀取
ref:
https://ep.gnt.md/index.php/curl-60-peers-certificate-issuer-is-not-recognized/
Install VirtualBox Guest Additions in CentOS
Step 1. update to last repo
# yum -y install epel-release
# yum -y update
# yum install make gcc kernel-headers kernel-devel perl dkms bzip2
# reboot
Step 2. mount CDROM and install
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom
# cd /mnt/cdrom
# ./VBoxLinuxAdditions.run
# reboot
CentOS 7 Install NFS Server / Client and Setting
NFS allows a linux server to share directories with other UNIX clients over network. NFS server exports a directory and NFS client mounts this directory. RHEL 7 supports two version of NFS – NFSv3 and NFSv4.
NFS server and RPC processes
starting the nfs-server process starts the NFS server and other RPC processes. RPC processes includes:
– rpc.statd : implements monitoring protocol (NSM) between NFS client and NFS server
– rpc.mountd : NFS mount daemon that implements the server side of the mount requests from NFSv3 clients.
– rpc.idmapd : Maps NFSv4 names and local UIDs and GIDs
– rpc.rquotad : provides user quota information for remote users.
Configuring NFS server
1. Install the required nfs packages if not already installed on the server :
2. Enable the services at boot time:
3. Start the NFS services:
5. Create a shared directory:
6. Export the directory. The format of the /etc/exports file is :
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.
Example :
7. Exporting the share :
-r re-exports entries in /etc/exports and sync /var/lib/nfs/etab with /etc/exports. The /var/lib/nfs/etab is the master export table. Other options that can be used with exportfs command are :
8. Restart the NFS service:
Configuring NFS client
1. Install the required nfs packages if not already installed on the server :
2. Use the mount command to mount exported file systems. Syntax for the command:
Eample :
– It mounts /home from remote host (remote_host) on local mount point /remote_home.
– File system is mounted read-only and users are prevented from running a setuid program (-o ro,nosuid options).
3. Update /etc/fstab to mount NFS shares at boot time.
Firewalld services to be active on NFS server
For the NFS server to work, enable the nfs, mountd, and rpc-bind services in the relevant zone in the firewall-config application or using firewall-cmd :
Ref:
NFS server and RPC processes
starting the nfs-server process starts the NFS server and other RPC processes. RPC processes includes:
– rpc.statd : implements monitoring protocol (NSM) between NFS client and NFS server
– rpc.mountd : NFS mount daemon that implements the server side of the mount requests from NFSv3 clients.
– rpc.idmapd : Maps NFSv4 names and local UIDs and GIDs
– rpc.rquotad : provides user quota information for remote users.
Configuring NFS server
1. Install the required nfs packages if not already installed on the server :
# yum install nfs-utils rpcbind
2. Enable the services at boot time:
# systemctl enable nfs-serverIn RHEL7.1 (nfs-utils-1.3.0-8.el7) enabling nfs-lock does not work (No such file or directory). it does not need to be enabled since rpc-statd.service is static.
# systemctl enable rpcbind
# systemctl enable nfs-lock
# systemctl enable nfs-idmapIn RHEL7.1 (nfs-utils-1.3.0-8.el7) this does not work (No such file or directory). it does not need to be enabled since nfs-idmapd.service is static.
3. Start the NFS services:
# systemctl start rpcbind4. Check the status of NFS service:
# systemctl start nfs-server
# systemctl start nfs-lock
# systemctl start nfs-idmap
# systemctl status nfs
5. Create a shared directory:
# mkdir /test
6. Export the directory. The format of the /etc/exports file is :
dir client1 (options) [client2(options)...]Client options include (defaults are listed first) :
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.
Example :
# vi /etc/exports/test *(rw)
7. Exporting the share :
# exportfs -r
-r re-exports entries in /etc/exports and sync /var/lib/nfs/etab with /etc/exports. The /var/lib/nfs/etab is the master export table. Other options that can be used with exportfs command are :
-a : exports entries in /etc/exports but do not synchronize with /var/lib/nfs/etab
-i : ignore entries in /etc/exports and uses command line arguments.
-u : un-export one or more directories
-o : specify client options on command line
8. Restart the NFS service:
# systemctl restart nfs-server
Configuring NFS client
1. Install the required nfs packages if not already installed on the server :
# yum install nfs-utils
mount -t nfs -o options host:/remote/export /local/directory
Eample :
# mount -t nfs -o ro,nosuid remote_host:/home /remote_homeThis example does the following:
– It mounts /home from remote host (remote_host) on local mount point /remote_home.
– File system is mounted read-only and users are prevented from running a setuid program (-o ro,nosuid options).
3. Update /etc/fstab to mount NFS shares at boot time.
# vi /etc/fstab
remote_host:/home /remote_home nfs ro,nosuid 0 0
Firewalld services to be active on NFS server
For the NFS server to work, enable the nfs, mountd, and rpc-bind services in the relevant zone in the firewall-config application or using firewall-cmd :
# firewall-cmd --add-service=nfs --zone=internal --permanent
# firewall-cmd --add-service=mountd --zone=internal --permanent
# firewall-cmd --add-service=rpc-bind --zone=internal --permanent
Ref:
https://www.thegeekdiary.com/centos-rhel-7-configuring-an-nfs-server-and-nfs-client/
如何使用 OpenSSL 建立開發測試用途的自簽憑證 (Self-Signed Certificate)
1. 建立 ssl.conf 設定檔
2. 透過 OpenSSL 命令產生出自簽憑證與相對應的私密金鑰
3. 透過 OpenSSL 命令產生 PKCS#12 憑證檔案 (*.pfx 或 *.p12), IIS才需要
4. 匯入自簽憑證到 WINDOWS 憑證 「受信任的根憑證授權單位」
Windows 請以「系統管理員身分」執行以下命令,即可將憑證匯入到 Windows 的憑證儲存區之中:
若要以手動方式匯入,可以參考以下步驟:
請注意:在匯入完成後 Google Chrome 瀏覽器可能不會立刻顯示這是個有效憑證 (因為快取的關係),但你只要過一段時間重開 Chrome 瀏覽器,即可看見網址列的變化,不會再出現紅色不安全的提示。
參考文章:
The Will Will Web ( 感謝保哥分享 )
https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL
[req]
prompt = no
default_md = sha256
default_bits = 2048
distinguished_name = dn
x509_extensions = v3_req
[dn]
C = TW
ST = Taiwan
L = Taipei
O = My Inc.
OU = IT Department
emailAddress = admin@example.com
CN = CA Disaplay Name
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.localhost
DNS.2 = localhost
DNS.3 = *.your.domain.name
DNS.4 = 192.168.1.100
2. 透過 OpenSSL 命令產生出自簽憑證與相對應的私密金鑰
openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf
3. 透過 OpenSSL 命令產生 PKCS#12 憑證檔案 (*.pfx 或 *.p12), IIS才需要
openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx
4. 匯入自簽憑證到 WINDOWS 憑證 「受信任的根憑證授權單位」
Windows 請以「系統管理員身分」執行以下命令,即可將憑證匯入到 Windows 的憑證儲存區之中:
certutil -addstore -f "ROOT" server.crt
若要以手動方式匯入,可以參考以下步驟:
- 開啟檔案總管,並滑鼠雙擊 server.crt 檔案
- 點擊「安裝憑證」按鈕
- 選取「目前使用者」並按「下一步」繼續
- 選取「將所有憑證放入以下的存放區」並按下「瀏覽」按鈕
- 選取「受信任的根憑證授權單位」並按下「確定」
- 按「下一步」繼續
- 按「完成」繼續
- 在 安全性警告 視窗按下「是(Y)」即可完成設定
請注意:在匯入完成後 Google Chrome 瀏覽器可能不會立刻顯示這是個有效憑證 (因為快取的關係),但你只要過一段時間重開 Chrome 瀏覽器,即可看見網址列的變化,不會再出現紅色不安全的提示。
參考文章:
The Will Will Web ( 感謝保哥分享 )
https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL
VirtualBox cannot create symbolic link
關閉所有 VM 及 VirtualBox
Windwos 10 使用管理員權限執行解開軟連結限制
VBoxManage setextradata "VM_NAME" VBoxInternal2/SharedFoldersEnableSymlinksCreate/SHARE_NAME 1
Windows 10 共享資料夾 CentOS 7 掛載
PHPStrom 對 samba 分享的資料夾掛載不友善
External file changes sync may be slow: Project files cannot be watched (are they under network mount?)
所以要反過 windows 10 分享給 centos 掛載, 這樣 phpstorm 在讀取檔案時就不會慢
Windwos 10
open cmd with admin
Add Windows user for share
net user __USER__ __PASSWORD__ /add
Add user to admin(optional)
net localgroup administrators __USER__ /add
Share folder and add user
net share __SHARE_NAME__=D:\www /GRANT:__USER__,FULL
Centos 7
yum install -y cifs-utils
Create mount folder
/mnt/www
Mount Folder
要明確指定權限, 否則 nginx, php 無法執行及寫入動作
mount -t cifs -o username="__USER__",password="__PASSWORD__",uid=root,gid=root,dir_mode=0774,file_mode=0774,vers=2.0 //192.168.0.120/www /mnt/www
Unmount Folder
umount /mnt/www
Auto mount with startup
vi /etc/fstab
//192.168.0.120/www /mnt/www cifs auto,username=__USER__,password=__PASSWORD__,uid=root,gid=root,dir_mode=0774,file_mode=0774,vers=2.0 0 0
Execute mount
mount -a
Check mount
mount
Check df
df -h
ref:
https://hk.saowen.com/a/f9bdf856dcdefe9ef9b81d80d03f3985b5033efd7e230e2cae7c126e04d67794
External file changes sync may be slow: Project files cannot be watched (are they under network mount?)
所以要反過 windows 10 分享給 centos 掛載, 這樣 phpstorm 在讀取檔案時就不會慢
Windwos 10
open cmd with admin
Add Windows user for share
net user __USER__ __PASSWORD__ /add
Add user to admin(optional)
net localgroup administrators __USER__ /add
Share folder and add user
net share __SHARE_NAME__=D:\www /GRANT:__USER__,FULL
Centos 7
yum install -y cifs-utils
Create mount folder
/mnt/www
Mount Folder
要明確指定權限, 否則 nginx, php 無法執行及寫入動作
mount -t cifs -o username="__USER__",password="__PASSWORD__",uid=root,gid=root,dir_mode=0774,file_mode=0774,vers=2.0 //192.168.0.120/www /mnt/www
Unmount Folder
umount /mnt/www
Auto mount with startup
vi /etc/fstab
//192.168.0.120/www /mnt/www cifs auto,username=__USER__,password=__PASSWORD__,uid=root,gid=root,dir_mode=0774,file_mode=0774,vers=2.0 0 0
Execute mount
mount -a
Check mount
mount
Check df
df -h
ref:
https://hk.saowen.com/a/f9bdf856dcdefe9ef9b81d80d03f3985b5033efd7e230e2cae7c126e04d67794
fdisk add LVM to CentOS
Linux Fdisk 磁碟分割及格式化
列出 partition table(s)
# fdisk -l
格式化 /dev/sdb
# fdisk /dev/sdb
# Command (m for help): n
# Command action
e extended
p primary partition (1-4)
p
# Partition number (1-4): 1
# First cylinder (1-2610, default 1): "enter"
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): "enter"
Using default value 2610
# Command (m for help): w
將新增實體給LVM使用
# pvcreate /dev/sdb1
查詢 VG Nname
# vgdisplay
掛載新磁區到 VG
# vgextend centos /dev/sdb1
掃描新磁區是否掛載到 VG
# pvscan
顯示目前的 LVM
# lvdisplay
選擇欲加大的 LVM 掛載新磁區
# lvextend /dev/centos/usr /dev/sdb1
重新整理 LMV 大小
# xfs_growfs /dev/centos/usr
檢查 LVM 是否已正常掛載
# df -h
ref:
https://www.rootusers.com/how-to-increase-the-size-of-a-linux-lvm-by-adding-a-new-disk/
列出 partition table(s)
# fdisk -l
格式化 /dev/sdb
# fdisk /dev/sdb
# Command (m for help): n
# Command action
e extended
p primary partition (1-4)
p
# Partition number (1-4): 1
# First cylinder (1-2610, default 1): "enter"
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): "enter"
Using default value 2610
# Command (m for help): w
將新增實體給LVM使用
# pvcreate /dev/sdb1
查詢 VG Nname
# vgdisplay
掛載新磁區到 VG
# vgextend centos /dev/sdb1
掃描新磁區是否掛載到 VG
# pvscan
顯示目前的 LVM
# lvdisplay
選擇欲加大的 LVM 掛載新磁區
# lvextend /dev/centos/usr /dev/sdb1
重新整理 LMV 大小
# xfs_growfs /dev/centos/usr
檢查 LVM 是否已正常掛載
# df -h
ref:
https://www.rootusers.com/how-to-increase-the-size-of-a-linux-lvm-by-adding-a-new-disk/
CentOS7 Sendmail test send email
# Install sendmail sendmail-cf m4
yum install sendmail sendmail-cf m4
# edit local host name
vi /etc/mail/local-host-names
xxx.com
# edit sendmail.mc
vi /etc/mail/sendmail.mc
#change 127.0.0.1 to 0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
# change sendmail setting
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# setting relay
vi /etc/mail/access
Connect:xxx.com RELAY
# hash database
makemap hash access < access
# restart sendmail
systemctl restart sendmail
# test php send mail
php -a
mail('user@receiver.com', "Test email", "Test email from the Internet", null, "-f user@sender.com");
CentOS 7 Systemd PHP
CentOS 7 Systemd 預設會打開 PrivateTmp 需要將它關掉才能與其他服務共用 /tmp
Close Systemd PHP Private Tmp
/usr/lib/systemd/system/php-fpm.service
PrivateTmp=false
Save reload daemon
systemctl daemon-reload
Restart php-fpm
systemctl restart php-fpm.service
VirtualBox CentOS 加大硬碟空間
1. 關閉虛擬機器
poweroff
2. 以指令增加資料卷容量
VBoxManage modifyhd "D:\VDI\CentOS7.vdi" --resize 40960 (40G)
3. 虛擬機器設定 EFI 開機並掛載 GParted
https://downloads.sourceforge.net/project/gparted/gparted-live-stable/0.31.0-1/gparted-live-0.31.0-1-i686.iso
5. 進入系統取得 LV Path
lvdisplay
6. 重新大小 LV Path
lvresize -l +100%FREE /dev/centos/root
7. 重新大小 xfs
xfs_growfs /dev/centos/root
ref:
http://oldgrayduck.blogspot.com/2016/07/virtualbox-centos.html
poweroff
2. 以指令增加資料卷容量
VBoxManage modifyhd "D:\VDI\CentOS7.vdi" --resize 40960 (40G)
3. 虛擬機器設定 EFI 開機並掛載 GParted
https://downloads.sourceforge.net/project/gparted/gparted-live-stable/0.31.0-1/gparted-live-0.31.0-1-i686.iso
4. 使用 GParted 開機並 Resize 磁區後 Apply 關機, 取消虛擬機器的 EFI 開機並載卸 GParted
lvdisplay
6. 重新大小 LV Path
lvresize -l +100%FREE /dev/centos/root
7. 重新大小 xfs
xfs_growfs /dev/centos/root
ref:
http://oldgrayduck.blogspot.com/2016/07/virtualbox-centos.html
Change Nginx UID and GID
stop nginx
stop php-fpm
usermod -u 1500 nginx
groupmod -g 1500 nginx
find / -user 998 -exec chown -h 1500 {} \;
find / -group 996 -exec chgrp -h 1500 {} \;
usermod -g 1500 nginx
start nginx
start php-fpm
假如 nginx UID/GID 未取代完成會造成錯誤
stop php-fpm
usermod -u 1500 nginx
groupmod -g 1500 nginx
find / -user 998 -exec chown -h 1500 {} \;
find / -group 996 -exec chgrp -h 1500 {} \;
usermod -g 1500 nginx
start nginx
start php-fpm
假如 nginx UID/GID 未取代完成會造成錯誤
CentOS 7 Install NFS Server and Windows 10 NFS Client to Connect
CentOS
1. yum install
yum install nfs-utils
2. systemctl start and enable
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
3. create folder and change mod
mkdir /myshare
chmod 777 /myshare
4. edit /etc/exports and reload exportfs
vi /etc/exports
/myshare 192.168.124.0/24(rw,sync,no_root_squash)
exportfs -r
5. close SELiux
vi /etc/sysconfig/selinux
SELINUX=disabled
6. add firewall rule and reload
firewall-cmd --permanent --zone public --add-service mountd
firewall-cmd --permanent --zone public --add-service rpc-bind
firewall-cmd --permanent --zone public --add-service nfs
firewall-cmd --reload
Windows 10
1. 開啟 Windwos 功能
2. 安裝 Service of NFS 全部
3. 開啟 cmd
4. 掛載 NFS
mount -o anon \\remote_ip_address\myshare z:
PHP upgrade always breaks session folder permissions
PHP 升級後都會自動改成 session owner 回原本設定,
網路建議是為 owner 另建子資料夾對應, 下次就不會被更動.
user = nginx
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/nginx/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/nginx/wsdlcache
ref: https://serverfault.com/questions/582483/php-upgrade-always-breaks-session-folder-permissions
網路建議是為 owner 另建子資料夾對應, 下次就不會被更動.
user = nginx
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/nginx/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/nginx/wsdlcache
ref: https://serverfault.com/questions/582483/php-upgrade-always-breaks-session-folder-permissions
MariaDB Max connect
參考
https://pjstrnad.com/mariadb-raise-number-of-connections/
https://pjstrnad.com/mariadb-raise-number-of-connections/
The issue is that you can’t have more max_connections than open_files_limit.
Indication is at the log
Changed limits: max_open_files: 1024 max_connections: 214 table_cache: 400
So you got to /etc/my.cnf and under [mysqld] add
open_files_limit=12000 max_connections=10000
But it’s not enough. Because of the systemd there are some limits in starting the mysql server – it’s already started with mysql user.
So you need to go to /etc/security/limits.conf and add
mysql soft nofile 4096 mysql hard nofile 10240
Then settings for systemd
mkdir -p /etc/systemd/system/mariadb.service.d vi /etc/systemd/system/mariadb.service.d/limits.conf
And then enter this to to the file:
[Service] LimitNOFILE=infinity
that worked to me. After restart of the mysql by
systemctl daemon-reload
systemctl restart mariadb
I got the connections fixed:
mysql MariaDB [(none)]> select @@max_connections; +-------------------+ | @@max_connections | +-------------------+ | 10000 | +-------------------+ MariaDB [(none)]> SHOW VARIABLES LIKE 'open%'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | open_files_limit | 65536 | +------------------+-------+
That’s all.
mysql binlog too large
檢查硬碟空間
df -h
檢查資料夾大小
du -sh /home/james/*
MySQL log 太大
設定
/etc/my.cnf
只保留七天的 Log
[mysqld]
expire-logs-days=7
重啟 mysql
systemctl restart mariadb
進入 mysql
mysql -u root -p
刷新 log
FLUSH LOGS;
檢查目前 log 在哪個位置
SHOW MASTER STATUS;
清除指定時間 log
PURGE BINARY LOGS BEFORE NOW();
或清指定的 log 檔
PURGE BINARY LOGS TO 'mysql-bin.000047';
df -h
檢查資料夾大小
du -sh /home/james/*
MySQL log 太大
設定
/etc/my.cnf
只保留七天的 Log
[mysqld]
expire-logs-days=7
重啟 mysql
systemctl restart mariadb
進入 mysql
mysql -u root -p
刷新 log
FLUSH LOGS;
檢查目前 log 在哪個位置
SHOW MASTER STATUS;
清除指定時間 log
PURGE BINARY LOGS BEFORE NOW();
或清指定的 log 檔
PURGE BINARY LOGS TO 'mysql-bin.000047';
MariaDB max_connections, table_open_cache stuck
copy my-hugh.cnf to /etc/my.cnf.d/
editing
/etc/sysctl.conf
fs.file-max = 2459688
editing
/etc/security/limits.conf
mysql soft nofile 4096
mysql hard nofile 4096
editing
/etc/my.cnf.d/my-hugh.cnf
max_connections=1024
max_user_connections=1024
table_open_cache = 4096
table_definition_cache = 4096
open_files_limit=4096
ref:
https://codepoets.co.uk/2015/mysql-max_connections-stuck-on-214/
http://blog.endpoint.com/2013/12/increasing-mysql-55-maxconnections-on.html
editing
/etc/sysctl.conf
fs.file-max = 2459688
editing
/etc/security/limits.conf
mysql soft nofile 4096
mysql hard nofile 4096
editing
/etc/my.cnf.d/my-hugh.cnf
max_connections=1024
max_user_connections=1024
table_open_cache = 4096
table_definition_cache = 4096
open_files_limit=4096
ref:
https://codepoets.co.uk/2015/mysql-max_connections-stuck-on-214/
http://blog.endpoint.com/2013/12/increasing-mysql-55-maxconnections-on.html
GeoIP Update
系統
CentOS
https://github.com/maxmind/geoipupdate
先到官方 git clone
使用 bootstrap 遇到問題要裝以下幾項
執行並安裝
可能會遇到錯誤, curl, zlib 安裝
設定下載參數
http://dev.maxmind.com/geoip/geoipupdate/
照上方步驟安裝完 geoipupdate 後會自動寫一份 config 到
修改這份 config 並 mark 原本設定
然後手動新增資料夾
第一次執行 geoipupdate
檔案會寫入
設定排程 /etc/crontab
CentOS
https://github.com/maxmind/geoipupdate
先到官方 git clone
$ git clone https://github.com/maxmind/geoipupdate
$ cd geoipupdate
$ ./bootstrap使用 bootstrap 遇到問題要裝以下幾項
yum install autoconf automake libtool執行並安裝
$ ./configure
$ make
$ sudo make install
可能會遇到錯誤, curl, zlib 安裝
yum install curl-devel zlib-devel
設定下載參數
http://dev.maxmind.com/geoip/geoipupdate/
照上方步驟安裝完 geoipupdate 後會自動寫一份 config 到
/usr/local/etc/GeoIP.conf修改這份 config 並 mark 原本設定
UserId XXX
LicenseKey XXX
ProductIds GeoIP2-City GeoIP2-Country
然後手動新增資料夾
/usr/local/share/GeoIP第一次執行 geoipupdate
檔案會寫入
/usr/local/share/GeoIP設定排程 /etc/crontab
52 11 * * 6 /usr/local/bin/geoipupdate
SELinux 影響 ssh with key login
如果沒有關閉 SELinux
ssh 使用 rsa 登入時會遇到錯誤,
上傳 key 後時要記得更新資料夾權限
restorecon -Rv /folder
就可以正常使用了
ssh 使用 rsa 登入時會遇到錯誤,
上傳 key 後時要記得更新資料夾權限
restorecon -Rv /folder
就可以正常使用了
訂閱:
文章 (Atom)