電腦-Linux-Ubuntu安裝Docker CE
Ubuntu 16.04
Docker CE (18.x)
移除舊版本
apt-get remove docker docker-engine docker.io containerd runc
安裝相關套件
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
安裝Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
安裝Docker Repository
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
安裝Docker-ce
sudo apt-get update
sudo apt-get install docker-ce
檢查Docker服務
sudo systemctl status docker
檢查Docker服務
sudo docker -v
apt-cache madison docker-ce
指定安裝版本
sudo apt-get install docker-ce=<VERSION>
新增一般使用者至dokcer group,指令可不加sudo
sudo usermod -aG docker $(whoami)
檢查使用者group
id -nG
移除Docker CE
sudo apt-get purge docker-ce
移除Docker相關資料
sudo rm -rf /var/lib/docker
參考資料
Get Docker CE for Ubuntu
How To Install and Use Docker on Ubuntu 16.04
2018年11月29日 星期四
2018年11月28日 星期三
電腦-Linux-Librenms 安裝(Centos+nginx)
電腦-Linux-Librenms 安裝(Centos+Nginx)
CentOS7 安裝 LibreNMS
安裝環境
CentOS 7
DB使用 MariaDB/MySQL Galera Cluster + Haproxy
安裝套件(epel、webtatic、php72)
yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install composer cronie fping git ImageMagick jwhois mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
建立 librenms 用戶,加入 nginx 群組
useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms nginx
下載 LibreNMS
cd /opt
composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
設定 DB Server
登入MariaDB/MySQL Galera Cluster 第一台主機,建立librenms資料庫。
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'librenms';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
登入MariaDB/MySQL Galera Cluster 所有主機,修改設定檔。
vim /etc/my.cnf.d/server.cnf
==
[mysqld]
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
==
systemctl enable mariadb
systemctl restart mariadb
建立 Web Server (PHP-FPM+Nginx)
設定PHP
vim /etc/php.ini
==
[Date]
date.timezone = Asia/Taipei
==
設定 PHP-FPM
vim /etc/php-fpm.d/www.conf
==
user = nginx
group = apache
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
==
systemctl enable php-fpm
systemctl restart php-fpm
設定 nginx
停用nginx default 設定
vi /etc/nginx/nginx.conf
==
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
==
新增librenms 設定檔
vim /etc/nginx/conf.d/librenms.conf
==
server {
listen 80;
server_name 192.168.11.201;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
==
systemctl enable nginx
systemctl restart nginx
修改 SELinux 與 Allow fping
安裝SELinux policy tool
yum install policycoreutils-python
設定權限
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
restorecon -RFvv /opt/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /opt/librenms/bootstrap/cache/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
新增http_fping.tt
vim /tmp/http_fping.tt
==
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
==
checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
semodule_package -o /tmp/http_fping.pp -m http_fping.mod
semodule -i /tmp/http_fping.pp
設定 firewall
firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
設定 snmpd
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vim /etc/snmp/snmpd.conf
==
將 RANDOMSTRINGGOESHERE 改成你要的 community 字串
com2sec readonly default public
更改位置及個人資料
syslocation Taipei, Taiwan
syscontact Your Name <your@email.address>
==
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
設定 cron table
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
設定定時清除 log
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
設定權限
chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
網頁安裝 http://192.168.11.201/install.php
依照網頁出現的 6 個步驟執行
步驟5將產生的設定參數,新增/opt/librenms/config.php 手動寫入
vim /opt/librenms/config.php
調整參數檔案權限
chown librenms:librenms /opt/librenms/config.php
再來應該就可以透過網頁依照上一步驟建立的帳號登入
參考資料
原廠 Installation-CentOS-7-Nginx
Librenms 安裝於 Centos7
CentOS7 安裝 LibreNMS
在 CentOS 7 / RHEL 7上,安裝 LibreNMS 服務
CentOS7 安裝 LibreNMS
安裝環境
CentOS 7
DB使用 MariaDB/MySQL Galera Cluster + Haproxy
安裝套件(epel、webtatic、php72)
yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install composer cronie fping git ImageMagick jwhois mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
建立 librenms 用戶,加入 nginx 群組
useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms nginx
下載 LibreNMS
cd /opt
composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
設定 DB Server
登入MariaDB/MySQL Galera Cluster 第一台主機,建立librenms資料庫。
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'librenms';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
登入MariaDB/MySQL Galera Cluster 所有主機,修改設定檔。
vim /etc/my.cnf.d/server.cnf
==
[mysqld]
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
==
systemctl enable mariadb
systemctl restart mariadb
建立 Web Server (PHP-FPM+Nginx)
設定PHP
vim /etc/php.ini
==
[Date]
date.timezone = Asia/Taipei
==
設定 PHP-FPM
vim /etc/php-fpm.d/www.conf
==
user = nginx
group = apache
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
==
systemctl enable php-fpm
systemctl restart php-fpm
設定 nginx
停用nginx default 設定
vi /etc/nginx/nginx.conf
==
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
==
新增librenms 設定檔
vim /etc/nginx/conf.d/librenms.conf
==
server {
listen 80;
server_name 192.168.11.201;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
==
systemctl enable nginx
systemctl restart nginx
修改 SELinux 與 Allow fping
安裝SELinux policy tool
yum install policycoreutils-python
設定權限
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
restorecon -RFvv /opt/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /opt/librenms/bootstrap/cache/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
新增http_fping.tt
vim /tmp/http_fping.tt
==
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
==
checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
semodule_package -o /tmp/http_fping.pp -m http_fping.mod
semodule -i /tmp/http_fping.pp
設定 firewall
firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
設定 snmpd
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vim /etc/snmp/snmpd.conf
==
將 RANDOMSTRINGGOESHERE 改成你要的 community 字串
com2sec readonly default public
更改位置及個人資料
syslocation Taipei, Taiwan
syscontact Your Name <your@email.address>
==
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
設定 cron table
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
設定定時清除 log
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
設定權限
chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
網頁安裝 http://192.168.11.201/install.php
依照網頁出現的 6 個步驟執行
步驟5將產生的設定參數,新增/opt/librenms/config.php 手動寫入
vim /opt/librenms/config.php
調整參數檔案權限
chown librenms:librenms /opt/librenms/config.php
再來應該就可以透過網頁依照上一步驟建立的帳號登入
參考資料
原廠 Installation-CentOS-7-Nginx
Librenms 安裝於 Centos7
CentOS7 安裝 LibreNMS
在 CentOS 7 / RHEL 7上,安裝 LibreNMS 服務
電腦-Linux-Haproxy 設定檔(MariaDB/MySQL)
電腦-Linux-Haproxy 設定檔(MariaDB/MySQL)
配合之前建立 MariaDB/MySQL 安裝 Galera Cluster ,需要使用Haproxy來做負載平衡。
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 500
#管理頁面
listen stats
bind 0.0.0.0:8181
stats enable
stats hide-version
stats uri /admin
stats auth admin:admin
stats admin if TRUE
stats refresh 30s
#MariaDB/MySQL
frontend MySQL
bind *:3306
mode tcp
option tcplog
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
default_backend MySQL
參考資料
Percona XtraDB Cluster 搭配 HAProxy
配合之前建立 MariaDB/MySQL 安裝 Galera Cluster ,需要使用Haproxy來做負載平衡。
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 500
#管理頁面
listen stats
bind 0.0.0.0:8181
stats enable
stats hide-version
stats uri /admin
stats auth admin:admin
stats admin if TRUE
stats refresh 30s
#MariaDB/MySQL
frontend MySQL
bind *:3306
mode tcp
option tcplog
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
default_backend MySQL
mode tcp
balance leastconn
server db01 192.168.11.101:3306
server db02 192.168.11.102:3306
參考資料
Percona XtraDB Cluster 搭配 HAProxy
電腦-Linux-Haproxy 設定檔(http/https)
電腦-Linux-Haproxy 設定檔(http/https)
Haproxy安裝ssl憑證,後端server使用http。
當使用者使用http會自動轉為https,根據url指向定義的server。
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers DES:RC4:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!ADH-RC4-MD5:!ECDHE-RSA-RC4-SHA:!AECDH-RC4-SHA
defaults
mode http
log global
option httplog
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#管理頁面
listen stats
bind 0.0.0.0:8181
stats enable
stats hide-version
stats uri /admin
stats auth admin:admin
stats admin if TRUE
stats refresh 30s
redirect scheme https code 301 if !{ ssl_fc }
#https
frontend https_switch
bind *:443 ssl crt /etc/pki/CA/CA.pem
mode http
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
#ACL
acl url_testsite ssl_fc_sni testsite.com
use_backend url_testsite if url_testsite
acl url_portal ssl_fc_sni -i portal.com
use_backend url_portal if url_portal
#log-format
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format %ci:%cp\ %si:%sp\ %B\ %U\ %ST\ %r\ %b\ %f\ %bi\ %hrl\ %hsl\
backend url_testsite
mode http
balance roundrobin
option httpclose
option forwardfor
cookie SRVERID insert nocache
server testserver1 192.168.11.11:80 check inter 3000 rise 3 fall 5
server testserver2 192.168.11.12:80 check inter 3000 rise 3 fall 5 backup
#backup為備援參數,當testserver1異常才會使用
backend url_portal
mode http
balance roundrobin
option httpclose
option forwardfor
cookie SRVERID insert nocache
server webserver1 192.168.11.21:80 check inter 3000 rise 3 fall 5
server webserver2 192.168.11.22:80 check inter 3000 rise 3 fall 5 backup
參考資料
haproxy生产环境的一个完整配置
Haproxy安裝ssl憑證,後端server使用http。
當使用者使用http會自動轉為https,根據url指向定義的server。
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers DES:RC4:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!ADH-RC4-MD5:!ECDHE-RSA-RC4-SHA:!AECDH-RC4-SHA
mode http
log global
option httplog
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#管理頁面
listen stats
bind 0.0.0.0:8181
stats enable
stats hide-version
stats uri /admin
stats auth admin:admin
stats admin if TRUE
stats refresh 30s
#http轉https
frontend http
bind *:80redirect scheme https code 301 if !{ ssl_fc }
#https
frontend https_switch
bind *:443 ssl crt /etc/pki/CA/CA.pem
mode http
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
#ACL
acl url_testsite ssl_fc_sni testsite.com
use_backend url_testsite if url_testsite
acl url_portal ssl_fc_sni -i portal.com
use_backend url_portal if url_portal
#log-format
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format %ci:%cp\ %si:%sp\ %B\ %U\ %ST\ %r\ %b\ %f\ %bi\ %hrl\ %hsl\
backend url_testsite
mode http
balance roundrobin
option httpclose
option forwardfor
cookie SRVERID insert nocache
server testserver1 192.168.11.11:80 check inter 3000 rise 3 fall 5
server testserver2 192.168.11.12:80 check inter 3000 rise 3 fall 5 backup
#backup為備援參數,當testserver1異常才會使用
backend url_portal
mode http
balance roundrobin
option httpclose
option forwardfor
cookie SRVERID insert nocache
server webserver1 192.168.11.21:80 check inter 3000 rise 3 fall 5
server webserver2 192.168.11.22:80 check inter 3000 rise 3 fall 5 backup
參考資料
haproxy生产环境的一个完整配置
電腦-Linux-Haproxy 日誌(Log)設定
電腦-Linux-Haproxy 日誌(Log)設定
使用rsyslog,啟用udp來接受資料
vim /etc/rsyslog.d/haproxy.conf
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
local0.* /var/log/haproxy.log
&~
重啟rsyslog服務
systemctl status rsyslog
檢查udp 514
netstat -tunpl
設定日誌
vim /etc/haproxy/haproxy.cfg
在global增加log設定,可自行定義等級
log 127.0.0.1 local0
frontend sql_server
bind *:1433
mode tcp
option tcplog
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
Haproxy的日志格式
* the default HTTP format is defined this way : *
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
* the default CLF format is defined this way : *
log-format %{+Q}o\ %{-Q}ci\ -\ -\ [%T]\ %r\ %ST\ %B\ \"\"\ \"\"\ %cp\ %ms\ %ft\ %b\ %s\ \%Tq\ %Tw\ %Tc\ %Tr\ %Tt\ %tsc\ %ac\ %fc\ %bc\ %sc\ %rc\ %sq\ %bq\ %CC\ %CS\ \%hrl\ %hsl
* the default TCP format is defined this way : *
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
HTTP/TCP日志格式
log-format %ci:%cp\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %ST\ %B\ %fc/%sc%rc\ %sq/%bq
參考資料
Capturing HTTP headers 原廠說明
自定義日誌原廠說明
haproxy配置日志及自定义日志
haproxy日志设置
HAProxy日志配置详解
配置Haproxy增加日志记录功能
使用rsyslog,啟用udp來接受資料
vim /etc/rsyslog.d/haproxy.conf
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
local0.* /var/log/haproxy.log
&~
重啟rsyslog服務
systemctl status rsyslog
檢查udp 514
netstat -tunpl
設定日誌
vim /etc/haproxy/haproxy.cfg
在global增加log設定,可自行定義等級
log 127.0.0.1 local0
在defaults
defaults
mode http
log global
option httplog
option dontlognull
自定義日誌在frontend 設定
frontend http
bind *:80
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format %ci:%cp\ %si:%sp\ %B\ %U\ %ST\ %r\ %b\ %f\ %bi\ %hrl\ %hsl\
frontend sql_server
bind *:1433
mode tcp
option tcplog
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
Haproxy的日志格式
* the default HTTP format is defined this way : *
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
* the default CLF format is defined this way : *
log-format %{+Q}o\ %{-Q}ci\ -\ -\ [%T]\ %r\ %ST\ %B\ \"\"\ \"\"\ %cp\ %ms\ %ft\ %b\ %s\ \%Tq\ %Tw\ %Tc\ %Tr\ %Tt\ %tsc\ %ac\ %fc\ %bc\ %sc\ %rc\ %sq\ %bq\ %CC\ %CS\ \%hrl\ %hsl
* the default TCP format is defined this way : *
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
HTTP/TCP日志格式
log-format %ci:%cp\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %ST\ %B\ %fc/%sc%rc\ %sq/%bq
參考資料
Capturing HTTP headers 原廠說明
自定義日誌原廠說明
haproxy配置日志及自定义日志
haproxy日志设置
HAProxy日志配置详解
配置Haproxy增加日志记录功能
電腦-Linux-Haproxy安裝(CentOS)
電腦-Linux-Haproxy on CentOS
1.主機環境
CentOS 7 最小安裝
yum install make wget gcc openssl-devel pcre-devel zlib-devel
2.Haproxy安裝
下載程式
wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.8.tar.gz
編譯、安裝
tar zxvpf haproxy-1.8.8.tar.gz
cd haproxy-1.8.8
1.主機環境
CentOS 7 最小安裝
yum install make wget gcc openssl-devel pcre-devel zlib-devel
2.Haproxy安裝
下載程式
wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.8.tar.gz
編譯、安裝
tar zxvpf haproxy-1.8.8.tar.gz
cd haproxy-1.8.8
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
make install
驗證
/usr/local/sbin/haproxy -v
建立相關環境
useradd -r haproxy
mkdir -p /etc/haproxy
mkdir -p /run/haproxy
mkdir -p /var/lib/haproxy
touch /var/lib/haproxy/stats
建立執行檔連結
ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
設定啟動服務
cp haproxy-1.8.8/examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy
systemctl daemon-reload
service haproxy start
啟動haproxy
systemctl start haproxy.service
停止haproxy
systemctl stop haproxy.service
重新啟動
systemctl restart haproxy.service
狀態
systemctl status haproxy.service
編輯設定檔
vim haproxy.cfg
驗證設定檔
haproxy -f /etc/haproxy/haproxy.cfg -c
參考資料:
2018年11月27日 星期二
電腦-Linux-MariaDB/MySQL 安裝 Galera Cluster
電腦-Linux-MariaDB/MySQL 安裝 Galera Cluster
1.主機環境:
CentOS 7.x 最小安裝
/etc/hosts
db01:192.168.11.101
db02:192.168.11.102
firewalld開啟相關服務 tcp:3306、4444、4567、4568
firewall-cmd --add-service=mysql
firewall-cmd --add-port=4444/tcp
firewall-cmd --add-port=4567/tcp
firewall-cmd --add-port=4568/tcp
firewall-cmd --permanent --add-service=mysql
firewall-cmd --permanent --add-port=4444/tcp
firewall-cmd --permanent --add-port=4567/tcp
firewall-cmd --permanent --add-port=4568/tcp
關閉selinux
sed -i 's,^SELINUX=enforcing,SELINUX=disabled,g' /etc/selinux/config
安裝epel-release
yum install epel-release
2.MariaDB 安裝 (MariaDB 10.2)
vim /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install MariaDB-server MariaDB-client percona-xtrabackup
rpm -qa|grep MariaDB
MariaDB-compat-10.2.19-1.el6.x86_64
MariaDB-common-10.2.19-1.el6.x86_64
MariaDB-client-10.2.19-1.el6.x86_64
MariaDB-server-10.2.19-1.el6.x86_64
3.Galera Cluster設定
3-1.db1設定
啟動MariaDB
systemctl start mariadb.service
設定Galera Cluster 同步帳號
mysql -uroot -e "grant all privileges on *.* to 'wsrep'@'localhost' identified by 'wsrep';"
mysql -uroot -e "grant all privileges on *.* to 'wsrep'@'192.168.11.%' identified by 'wsrep';"
進行安全初始化及重設root
mysql_secure_installation
systemctl stop mariadb.service
開啟Galera Cluster 功能
vim /etc/my.cnf.d/server.cnf
[mysqld]
collation-server = utf8_general_ci
init-connect = SET NAMES utf8
character-set-server = utf8
log-error = /var/log/mariadb/mariadb.log
log-bin = mysql-bin
binlog_format=ROW
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
[galera]
wsrep_on=ON
wsrep_cluster_name="wsrep_cluster"
wsrep_cluster_address="gcomm://"
wsrep_node_name=db01
wsrep_node_address=192.168.11.101
wsrep_sst_auth=wsrep:wsrep
第一次啟動Galera Cluster
galera_new_cluster
檢查Cluster狀態
mysql -uroot -p -e "show status like 'wsrep_connected';"
wsrep_connected ON
mysql -uroot -p -e "show status like 'wsrep_cluster_size';"
wsrep_cluster_size 1
3-2.db2設定
啟動MariaDB
systemctl start mariadb.service
進行安全初始化及重設root
mysql_secure_installation
systemctl stop mariadb.service
vim /etc/my.cnf.d/server.cnf
[mysqld]
collation-server = utf8_general_ci
init-connect = SET NAMES utf8
character-set-server = utf8
log-error = /var/log/mariadb/mariadb.log
log-bin = mysql-bin
binlog_format=ROW
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
[galera]
wsrep_on=ON
wsrep_cluster_name="wsrep_cluster"
wsrep_cluster_address="gcomm://192.168.11.101"
wsrep_node_name=db02
wsrep_node_address=192.168.11.102
wsrep_sst_auth=wsrep:wsrep
db1檢查Cluster狀態
mysql -uroot -p -e "show status like 'wsrep_cluster_size';"
wsrep_cluster_size 2
4.使用xtrabackup同步
rpm -qa|grep percona
vim /etc/my.cnf.d/server.cnf
[galera]
wsrep_sst_method=xtrabackup-v2
systemctl restart mariadb.service
參考資料:
MARIADB GALERA CLUSTER- SOURCE INSTALLATION
Getting Started with MariaDB Galera and MariaDB MaxScale on CentOS
Galera Cluster for MySQL Multi-master Replication
CentOS 7 安裝 Percona XtraDB Cluster
CentOS7使用官方YUM源安裝Mariadb Galera集羣
1.主機環境:
CentOS 7.x 最小安裝
/etc/hosts
db01:192.168.11.101
db02:192.168.11.102
firewalld開啟相關服務 tcp:3306、4444、4567、4568
firewall-cmd --add-service=mysql
firewall-cmd --add-port=4444/tcp
firewall-cmd --add-port=4567/tcp
firewall-cmd --add-port=4568/tcp
firewall-cmd --permanent --add-service=mysql
firewall-cmd --permanent --add-port=4444/tcp
firewall-cmd --permanent --add-port=4567/tcp
firewall-cmd --permanent --add-port=4568/tcp
關閉selinux
sed -i 's,^SELINUX=enforcing,SELINUX=disabled,g' /etc/selinux/config
安裝epel-release
yum install epel-release
2.MariaDB 安裝 (MariaDB 10.2)
vim /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install MariaDB-server MariaDB-client percona-xtrabackup
rpm -qa|grep MariaDB
MariaDB-compat-10.2.19-1.el6.x86_64
MariaDB-common-10.2.19-1.el6.x86_64
MariaDB-client-10.2.19-1.el6.x86_64
MariaDB-server-10.2.19-1.el6.x86_64
3.Galera Cluster設定
3-1.db1設定
啟動MariaDB
systemctl start mariadb.service
設定Galera Cluster 同步帳號
mysql -uroot -e "grant all privileges on *.* to 'wsrep'@'localhost' identified by 'wsrep';"
mysql -uroot -e "grant all privileges on *.* to 'wsrep'@'192.168.11.%' identified by 'wsrep';"
進行安全初始化及重設root
mysql_secure_installation
systemctl stop mariadb.service
開啟Galera Cluster 功能
vim /etc/my.cnf.d/server.cnf
[mysqld]
collation-server = utf8_general_ci
init-connect = SET NAMES utf8
character-set-server = utf8
log-error = /var/log/mariadb/mariadb.log
log-bin = mysql-bin
binlog_format=ROW
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
wsrep_on=ON
wsrep_cluster_name="wsrep_cluster"
wsrep_cluster_address="gcomm://"
wsrep_node_name=db01
wsrep_node_address=192.168.11.101
wsrep_sst_auth=wsrep:wsrep
wsrep_sst_method=rsync
第一次啟動Galera Cluster
galera_new_cluster
檢查Cluster狀態
mysql -uroot -p -e "show status like 'wsrep_connected';"
wsrep_connected ON
mysql -uroot -p -e "show status like 'wsrep_cluster_size';"
wsrep_cluster_size 1
3-2.db2設定
啟動MariaDB
systemctl start mariadb.service
進行安全初始化及重設root
mysql_secure_installation
systemctl stop mariadb.service
vim /etc/my.cnf.d/server.cnf
[mysqld]
collation-server = utf8_general_ci
init-connect = SET NAMES utf8
character-set-server = utf8
log-error = /var/log/mariadb/mariadb.log
log-bin = mysql-bin
binlog_format=ROW
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
wsrep_on=ON
wsrep_cluster_name="wsrep_cluster"
wsrep_cluster_address="gcomm://192.168.11.101"
wsrep_node_name=db02
wsrep_node_address=192.168.11.102
wsrep_sst_auth=wsrep:wsrep
wsrep_sst_method=rsync
重新啟動
systemctl restart mariadb.servicedb1檢查Cluster狀態
mysql -uroot -p -e "show status like 'wsrep_cluster_size';"
wsrep_cluster_size 2
4.使用xtrabackup同步
yum install http://www.percona.com/downloads/percona-release/redhat/0.1-6/percona-release-0.1-6.noarch.rpm
yum install percona-xtrabackuprpm -qa|grep percona
vim /etc/my.cnf.d/server.cnf
[galera]
wsrep_sst_method=xtrabackup-v2
systemctl restart mariadb.service
參考資料:
MARIADB GALERA CLUSTER- SOURCE INSTALLATION
Getting Started with MariaDB Galera and MariaDB MaxScale on CentOS
Galera Cluster for MySQL Multi-master Replication
CentOS 7 安裝 Percona XtraDB Cluster
CentOS7使用官方YUM源安裝Mariadb Galera集羣
2018年11月14日 星期三
電腦-如何檢查伺服器(HTTPS)的加密協定
如何檢查伺服器(HTTPS)的加密協定
使用 openssl
openssl s_client -connect "hostname/ip":443
檢查憑證日期
echo | openssl s_client -connect "hostname/ip":443 -servername "hostname/ip" 2>/dev/null |
使用 nmap
nmap --script ssl-enum-ciphers -p 443 "hostname/ip"
參考資料
HTTPS網頁伺服器停用不安全的SSLv2與SSLv3加密協定
How to check SSL certificate for validity?
使用 openssl
openssl s_client -connect "hostname/ip":443
檢查憑證日期
echo | openssl s_client -connect "hostname/ip":443 -servername "hostname/ip" 2>/dev/null |
使用 nmap
nmap --script ssl-enum-ciphers -p 443 "hostname/ip"
參考資料
HTTPS網頁伺服器停用不安全的SSLv2與SSLv3加密協定
How to check SSL certificate for validity?