CentOS 下源码安装Varnish

一、下载源码编译安装 https://www.varnish-cache.org/

wget http://repo.varnish-cache.org/source/varnish-3.0.5.tar.gz
tar zxvf varnish-3.0.5.tar.gz && cd varnish-3.0.5
./autogen.sh
./configure --prefix=/usr/local/varnish PKG_CONFIG_PATH=/usr/lib/pkgconfig

make && make install

安装成功后,安装的目录是 /usr/local/varnish/

cd /usr/local/varnish/sbin

./varnishd -V

查看版本,看是否安装成功

Varnish启动脚本
1.在安装源文件目录下

cp redhat/varnish.initrc /etc/init.d/varnish
cp redhat/varnish.sysconfig /etc/sysconfig/varnish
cp redhat/varnish_reload_vcl /usr/bin/varnish_reload_vcl
chmod 755 /etc/init.d/varnish
#添加服务
chkconfig varnish on
vi /etc/sysconfig/varnish
#更改后的配置文件如下:
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a 0.0.0.0:80 \
             -T 127.0.0.1:6082 \
             -f /usr/local/varnish/sbin/varnishd -f /usr/local/varnish/etc/varnish/vcl.conf \
             -u www -g www \
             -p thread_pool_max=2048 \
             -p thread_pools=4 \
             -p client_http11=on \
             -s file,/data/cache/varnish_cache.data,1G"

测试varnish

先编辑配置文件

vi /etc/init.d/varnish
#配置文件如下:
#! /bin/sh
#
# varnish Control the Varnish Cache
#
# chkconfig: - 90 10
# description: Varnish is a high-perfomance HTTP accelerator
# processname: varnishd
# config: /etc/sysconfig/varnish
# pidfile: /var/run/varnishd.pid

### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start:
# Default-Stop:
# Should-Start: $syslog
# Short-Description: start and stop varnishd
# Description: Varnish is a high-perfomance HTTP accelerator
### END INIT INFO

# Source function library.
. /etc/init.d/functions

retval=0
pidfile=/var/run/varnish.pid

exec="/usr/local/varnish/sbin/varnishd" #此处需修改成您当前服务器上的 varnish 安装路径
reload_exec="/usr/bin/varnish_reload_vcl"
prog="varnishd"
config="/etc/sysconfig/varnish"
lockfile="/var/lock/subsys/varnish"

# Include varnish defaults
[ -e /etc/sysconfig/varnish ] && . /etc/sysconfig/varnish


start() {

        if [ ! -x $exec ]
        then
                echo $exec not found
                exit 5
        fi

        if [ ! -f $config ]
        then
                echo $config not found
                exit 6
        fi
        echo -n "Starting Varnish Cache: "

        # Open files (usually 1024, which is way too small for varnish)
        ulimit -n ${NFILES:-131072}

        # Varnish wants to lock shared memory log in memory.
        ulimit -l ${MEMLOCK:-82000}

        # Maximum number of threads (default in CentOS is 1024, which
        # is often too small for varnish)
        ulimit -u ${NPROCS:-unlimited}

        # $DAEMON_OPTS is set in /etc/sysconfig/varnish. At least, one
        # has to set up a backend, or /tmp will be used, which is a bad idea.
        if [ "$DAEMON_OPTS" = "" ]; then
                echo "\$DAEMON_OPTS empty."
                echo -n "Please put configuration options in $config"
                return 6
        else
                # Varnish always gives output on STDOUT
                daemon --pidfile $pidfile  $exec -P $pidfile "$DAEMON_OPTS" > /dev/null 2>&1
                retval=$?
                if [ $retval -eq 0 ]
                then
                        touch $lockfile
                        echo_success
                        echo
                else
                        echo_failure
                        echo
                fi
                return $retval
        fi
}

stop() {
        echo -n "Stopping Varnish Cache: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
}

restart() {
        stop
        start
}

reload() {
        if [ "$RELOAD_VCL" = "1" ]
        then
                $reload_exec
        else
                force_reload
        fi
}

force_reload() {
        restart
}

rh_status() {
        status -p $pidfile $prog
}

rh_status_q() {
        rh_status >/dev/null 2>&1
}

configtest() {
    if [ -f "$VARNISH_VCL_CONF" ]; then
        $exec -f "$VARNISH_VCL_CONF" -C -n /tmp > /dev/null && echo "Syntax ok"
    else
        echo "VARNISH_VCL_CONF is  unset or does not point to a file"
    fi
}

# See how we were called.
case "$1" in
        start)
                rh_status_q && exit 0
                $1
                ;;
        stop)
                rh_status_q || exit 0
                $1
                ;;
        restart)
                $1
                ;;
        reload)
                rh_status_q || exit 7
                $1
                ;;
        force-reload)
                force_reload
                ;;
        status)
                rh_status
                ;;
        condrestart|try-restart)
                rh_status_q || exit 0
                restart
                ;;
        configtest)
                configtest
                ;;
        *)
        echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"

        exit 2
esac

exit $?

未完待续。。。。

遇到问题1, No package ‘libpcre’ found
configure: error: libpcre not found

解决办法一:
安装 pcre pcre-devel,

yum install pcre pcre-devel

其他方案:

export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig

遇到的问题2,varnishadm.c:48:33: error: editline/readline.h: No such file or directory
解决办法,安装libedit-devel

yum install *readline-devel*
yum install libedit libedit-dev*

轻松解决Wamp Server 2.2 Windows 7 64-bit and curl无法启动的问题

Wamp Server 2.2 Windows 7 64-bit and curl not working side-by-side configuration incorrect

在本机(Wamp Server 2.2 Windows 7 64位)上安装Wampserver 2.2.e 遇到Curl库无法启动的问题
导致 Magento 1.8.1.0 安装过程中提示 PHP extension “curl” must be loaded 的错误,安装无法继续。

墙外搜索得到了解决办法: 重新下载一个 php_curl.dll 覆盖 wamp\bin\php\php5.4.3\ext文件夹中的php_curl.dll ,重启 apache 服务器,问题顺利解决。具体说明在这里;wampserver 论坛的帖子在这里

为了方便翻—墙 有障碍的童鞋,这个php_curl.dll 我打包传到服务器,链接在下面,请尽情享用。

php_curl-5.4.3-VC9-x64下载

Linux设置SSH的证书登陆

Linux设置SSH的证书登陆

一、新建用户:

useradd itest

修改密码

passwd itest

二、

su - itest

切换到当前用户下

三、

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/itest/.ssh/id_rsa): 使用默认路径
Created directory ‘/home/itest/.ssh’.
Enter passphrase (empty for no passphrase): 输入密码:123456 (如果输入为空,则可以实现无密码访问)
Enter same passphrase again: 输入密码:123456
Your identification has been saved in /home/itest/.ssh/id_rsa.
Your public key has been saved in /home/itest/.ssh/id_rsa.pub.
The key fingerprint is:
c0:e4:f2:03:c6:2c:86:0d:2b:1b:bc:ca:4c:d6:c6:14

四、

cd .ssh/
cp id_rsa.pub authorized_keys

五、

vi id_rsa

显示如下内容:

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,47888AEC20D07596
593FuhyXuJYMdd/YFvgsmABtQZfHivcgaQZ5+SY/Sq/+kn3Vxrg7zUeLgnIxf+R4
1X2t45pbdATIKHg0P8FvefCE06hkmlYbODTlCsGAE1CLBaABYbBZ8O57NL7wgNDh
。。。。。。。。此处省略。。。。。。。。。
b49KwFx7dsBPu7AAuPBnfq0IuHAdcslgJcZVTCi1E1M99df9PEpK9UArjpur47wE
z+t5oLSa7eHFlmpAnrlaxoM6hReJw/aD2R10wFhL95JCAlhJAbj0KQ==
—–END RSA PRIVATE KEY—–

六、复制以上RSA PRIVATE KEY 的内容到 Windows平台,建立 IP-key.txt 文件(文件名中的IP可用使用服务器的IP地址,方便多台服务器管理时搞混乱)

七、设置SecureCRT 等 Xshell工具登陆
Options –> Session Options –> SSH2 –> Authentication –> PublickKey –> Properties –> Use Session Public key setting –> Session settings
SecureCRT-SSH证书登陆设置
选择好文件后点 OK 确定

八、

su -
vi /etc/ssh/sshd_config

去除下面三行前得注视符号:#
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
修改:PasswordAuthentication yes

service sshd restart

使用Xshell登陆

再次修改:PasswordAuthentication no

service sshd restart

使用Xshell登陆,ol。

九、Linux系统下ssh命令行,证书登陆

ssh -i /root/.ssh/key.txt

地址 其中/root/.ssh/key.txt为密钥地址,-i代表使用本地密钥
之后提示输入:Enter passphrase for key ‘/root/.ssh/key.txt’: (如果输入为空,则可以实现无密码访问))

十、使用scp无密码拷贝(拷贝test文件夹到指定目录下)

scp  -i /root/.ssh/key -r /home/test/ 

备注:
当使用ssh-add 添加新的内容,提示如下错误时:
Could not open a connection to your authentication agent.
可以通过先运行如下命令:

ssh-agent bash

再重新添加

ssh-add

相关内容推荐
CentOS ssh root远程连接安全加固

致谢:本文绝大部分内容来自这个帖子,且经本人在VPS上测试通过,在此表示感谢!

CentOS ssh root远程连接安全加固

1,为增强安全,先增加一个用于远程登录普通权限的用户:

#useradd usera
#passwd usera

//设置密码

2、编辑防火墙配置:vi /etc/sysconfig/iptables
防火墙增加新端口45444
-A INPUT -m state –state NEW -m tcp -p tcp –dport 45444 -j ACCEPT
自双横线止于双横线为 iptables 规则,不包含双横线
======================================================================
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# Keep state.
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp -j ACCEPT
-A INPUT -p icmp –icmp-type echo-request -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited

# http, https
-A INPUT -p tcp –dport 80 -j ACCEPT
-A INPUT -p tcp –dport 443 -j ACCEPT

# ssh
-A INPUT -p tcp –dport 22 -j ACCEPT
-A INPUT -p tcp –dport 45444 -j ACCEPT

# smtp, submission
-A INPUT -p tcp –dport 25 -j ACCEPT
-A INPUT -p tcp –dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp –dport 110 -j ACCEPT
-A INPUT -p tcp –dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp –dport 143 -j ACCEPT
-A INPUT -p tcp –dport 993 -j ACCEPT

# ejabberd
#-A INPUT -p tcp –dport 5222 -j ACCEPT
#-A INPUT -p tcp –dport 5223 -j ACCEPT
#-A INPUT -p tcp –dport 5280 -j ACCEPT

# ldap/ldaps
#-A INPUT -p tcp –dport 389 -j ACCEPT
#-A INPUT -p tcp –dport 636 -j ACCEPT

# ftp.
#-A INPUT -p tcp –dport 20 -j ACCEPT
#-A INPUT -p tcp –dport 21 -j ACCEPT

COMMIT

重启防火墙,使配置生效:
/etc/init.d/iptables restart
service iptables restart
=====================================================================

Linux修改ssh端口22

vi /etc/ssh/ssh_config
vi /etc/ssh/sshd_config
修改 Port 22 或者增加
Port 45444

在 /etc/ssh/sshd_config 中修改

将以下三个选项设置为如下值
PermitRootLogin no
PermitEmptyPasswords no #禁止空密码登录
UseDNS no #关闭DNS查询

4、限制用户的SSH访问
假设我们只要root,user1和user2用户能通过SSH使用系统,向sshd_config配置文件中添加
vi /etc/ssh/sshd_config
AllowUsers rootuser1 user2

=======================================================================
5、配置空闲超时退出时间间隔
用户可以通过ssh登录到服务器,你可以设置一个空闲超时时间间隔。
打开sshd_config配置文件,设置为如下。
vi /etc/ssh/sshd_config
ClientAliveInterval 600
ClientAliveCountMax 0
上面的例子设置的空闲超时时间间隔是600秒,即10分钟,
过了这个时间后,空闲用户将被自动踢出出去(可以理解为退出登录/注销)。

重启sshd服务
#service sshd restart

以后远程登录时,使用新的端口及新增加的用户 usera 登录,然后 su root 跳到 root 用户

相关内容推荐Linux设置SSH的证书登陆

Discuz 设置后台 ImageMagick

首先,找到ImageMagick的主程序路径
执行命令查找

find / -name convert

如果编辑ImageMagick 的时候没有指定程序安装路径则主程序默认的安装路径为

/usr/local/bin/convert

我指定了ImageMagick的安装路径为 /usr/local/ImageMagick 因此我服务器上ImageMagick路径为

/usr/local/ImageMagick/bin/convert

更新系统路径信息,使新程序生效
sudo ldconfig /usr/local/lib

进入Discuz论坛后台:
全局=>上传设置=>图片处理库类型=>ImageMagick=>ImageMagick

程序安装路径: /usr/local/ImageMagick/bin/

提交确定就OK

测试一下,效果很好!