服务器
ubuntu网卡流量实时查看
1 工具iftop
bear@njava:~# sudo apt-get install iftop bear@njava:~# sudo iftop
2 工具nload
bear@njava:~# sudo apt-get install nload bear@njava:~# nload
Nginx的防盗链模块NginxHttpAccessKeyModule
1 下载
bear@njava:/$wget http://wiki.nginx.org/images/5/51/Nginx-accesskey-2.0.3.tar.gz
2 配置
bear@njava:/$tar -xzvf Nginx-accesskey-2.0.3.tar.gz bear@njava:/$vi ../nginx-accesskey-2.0.3/config USE_MD5=YES USE_SHA1=YES ngx_addon_name=ngx_http_accesskey_module #HTTP_MODULES="$HTTP_MODULES $HTTP_ACCESSKEY_MODULE" HTTP_MODULES="$HTTP_MODULES ngx_http_accesskey_module" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_accesskey_module.c"
3 重编译nginx
bear@njava:~/nginx-0.8.34# ./configure --conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug --with-http_stub_status_module --with-http_flv_module --with-http_ssl_module --with-http_dav_module --with-http_gzip_static_module --with-mail --with-mail_ssl_module --with-ipv6 --with-http_realip_module --with-http_geoip_module --with-http_xslt_module --with-http_image_filter_module --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --add-module=../gnosek-nginx-upstream-fair-2131c73 --add-module=../nginx-accesskey-2.0.3
4 配置NginxHttpAccessKeyModule
bear@njava:~/nginx-0.8.34$ vi /etc/nginx/sites-available/njava
location /test {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "abc";
accesskey_signature "njavakey$remote_addr";
}
5 重启nginx
6 使用
使用的时候参考代码如下:
function get_acc_url($url){
return $url."?abc=" . md5('njavakey' . $_SERVER['REMOTE_ADDR']);
}
7 代码测试
http://www.njava.com/a.php
隐藏php版本号
很不爽http头部信息给别人看njava的Php版本信息,修改对应的php.ini属性expose_php
bear@njava:~/nginx-0.8.34# sudo vi /etc/php5/cgi/php.i #expose_php = On expose_php = Off
隐藏nginx的版本号
1 设置nginx.conf的http段参数server_tokens;
bear@njava:~/nginx-0.8.34# sudo vi /etc/nginx/nginx.conf
user www-data;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
server_tokens off;
.....
2 重新编译nginx
修改nginx的代码,重新编译
bear@njava:~/nginx-0.8.34/src/http# vi ngx_http_header_filter_module.c /* static char ngx_http_server_string[] = "Server: nginx" CRLF; static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; */ static char ngx_http_server_string[] = "Server: njava/4.1.6" CRLF; static char ngx_http_server_full_string[] = "Server: njava server /4.1.6" CRLF;
linux固定静态ip设置
1 修改网卡设置
bear@njava:~$ sudo vi /etc/network/interfaces auto lo iface lo inet loopback auto etho iface etho inet static address 192.168.0.101 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 bear@njava:~$ sudo /etc/init.d/networking start
2 增加DNS
bear@njava:~$ sudo vi /etc/resolv.conf nameserver 8.8.8.8 nameserver 192.168.0.1
在ubuntu9.10下用awstats分析nginx日志
1 下载awstats
sudo apt-get install awstats 弄下来的版本在执行awstats_configure.pl时候找不到wwwroot目录结构,所以重新直接下载awstats了
bear@njava:~$axel http://prdownloads.sourceforge.net/awstats/awstats-6.95.tar.gz bear@njava:~$tar xzvf awstats-6.95.tar.gz
2 执行配置脚本
先把 awstats目录复制到/usr/local/awstats,脚本是按照这个目录结构去执行的,如果不是在这/usr/local/awstats里,运行时回提示的
bear@njava:/usr/local/awstats/tools$ sudo ./awstats_configure.pl
[sudo] password for bear:
----- AWStats awstats_configure 1.0 (build 1.8) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
-----> Running OS detected: Linux, BSD or Unix
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
> none #因为没法自动配置nginx,所以none
Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
> www.njava.com #配置名字
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
-----> Create config file '/etc/awstats/awstats.www.njava.com.conf'
Config file /etc/awstats/awstats.www.njava.com.conf created.
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.njava.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
A SIMPLE config file has been created: /etc/awstats/awstats.www.njava.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.njava.com' with command:
> perl awstats.pl -update -config=www.njava.com
You can also build static report pages for 'www.njava.com' with command:
> perl awstats.pl -output=pagetype -config=www.njava.com
Press ENTER to finish...
bear@njava:/usr/local/awstats/tools$
3 修改awstats配置文件
修改awstats.conf
bear@njava:/usr/local/awstats/tools$ sudo vi /etc/awstats/awstats.conf # LogFormat = 1 # LogFormat = "%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot" # # Example for IIS: # LogFormat = 2 # LogFormat =1 #继续使用apache的默认格式 AllowToUpdateStatsFromBrowser=1 #允许浏览器刷新,njava的流量小,这个可以有 Include "/etc/awstats/awstats.www.njava.com.conf" #包含njava的配置
4 修改nginx的日志格式
bear@njava:/etc/awstats$sudo vi /etc/nginx/nginx.conf
user www-data;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
#main 把nginx的输出日志定义成了apache格式的日志
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
4 修改awstats.www.njava.com.conf
bear@njava:/usr/local/awstats/tools$ sudo vi /etc/awstats/awstats.conf LogFile="/var/log/nginx/www.njava.access.log"
要看相应域名下的日志使用
http://awstats.njava.com/awstats.pl?config=cdn.njava.com
5 配置nginx
先确保了nginx已经代理了nginx-fcgi,可以参看 xxx
bear@njava:/etc/awstats$ vi /etc/nginx/sites-enabled/awstats.njava.com
server {
listen 80;
server_name awstats.njava.com;
access_log /var/log/nginx/awstats.log main;
error_log /var/log/nginx/awstats_error.log;
root /usr/local/awstats/wwwroot;
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/conf/awstats;
location / {
rewrite ^ /awstats.pl?config=freshventure.info;
}
location ~ .*(\.cgi|\.pl?)$ {
gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
root /usr/local/awstats/wwwroot/cgi-bin;
#fastcgi_pass 127.0.0.1:8000;
fastcgi_pass unix:/tmp/nginx-fcgi.sock;
fastcgi_index awstats.pl;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /icon {
alias /usr/local/awstats/wwwroot/icon;
location /icon {
alias /usr/local/awstats/wwwroot/icon;
}
location /js {
alias /usr/local/awstats/wwwroot/js;
}
location /css {
alias /usr/local/awstats/wwwroot/css;
}
location /classes {
alias /usr/local/awstats/wwwroot/classes;
}
}
为目录添加用户验证
bear@njava:/etc/nginx/conf$ sudo htpasswd -c awstats admin New password: Re-type new password: Adding password for user admin bear@njava:/etc/nginx/conf$
可以把/etc/nginx/sites-enabled/awstats.njava.com中出现的这个注释掉了
#auth_basic “Restricted”;
#auth_basic_user_file /etc/nginx/conf/awstats;
ab测试和ulimit的设置
ApacheBench 是一个指令列程式,专门用来执行网站服务器的运行效能,特别是针对Apache 网站服务器。这原本是用来检测 Apache 网站服务器能够提供的效能,特别是可以看出Apache能提供每秒能送出多少网页。
ApacheBench( ab )工具程式是标准 Apache 网站服务器发布的一部份,跟 Apache 网站服务器一样,也是免费软件,并可以用 Apache许可证 的规范下散布此软件。
命令格式:ab [-q] -c 并发请求数 -n 总的请求数 [http://]域名[:端口]/路径
1)使用-q选项时,将不显示测试进度信息
2)当测试的目标是Web站点的根路径时,注意最后的“/”符号不能省略
3)指定的并发请求数不能小于总的请求数
使用ab的时候当并发数超过默认最大打开文件数1024的时候就会示出错:
bear@njava:~/$ ab -n 1000000 -c 2000 http://www.njava.com/ This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking www.njava.com (be patient) socket: Too many open files (24) bear@njava:~/soft$
这个时候可以是用ulimit命令来增大文件打开数限制
命令格式: ulimit –n 最大文件数
如:
ulimit -n 10000
sudo需要bash的shell来运行ulimit
这个命令只是真对当前shell, 如果要开机生效需要修改 /etc/security/limits.conf
bear@njava:/$ sudo vi /etc/security/limits.conf ... ## #* soft core 0 #root hard core 100000 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #ftp - chroot /ftp #@student - maxlogins 4 * soft nofile 32768 * hard nofile 65536 bear@njava:/$sudo reboot
nginx目录验证
建立一个密码文件,然后设置nginx设置
bear@njava:/$ sudo mkdir /etc/nginx/conf
bear@njava:/$ sudo htpasswd -c /etc/nginx/conf/passwd njava
bear@njava:/$ sudo vi /etc/nginx/sites-available/njava
location ~ ^/xxx/ {
root /data/htdocs/xxx;
auth_basic "input your username and password";
auth_basic_user_file /etc/nginx/conf/passwd;
}
nginx限制并发连接
做法:定义一个叫“limit”的记录区,总容量为 10M,以变量 $binary_remote_addr 作为会话的判断基准
修改nginx配置
bear@njava:/$ sudo vi /etc/nginx/sites-available/njava
limit_zone limit $binary_remote_addr 10m;
server {
location /download/ {
limit_conn limit 1;
}
在ubuntu9.10下用cacti监控nginx运行
Cacti 在英文中的意思是仙人掌的意思,Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。它通过snmpget来获取数据,使用 RRDtool绘画图形,而且你完全可以不需要了解RRDtool复杂的参数。它提供了非常强大的数据和用户管理功能,可以指定每一个用户能查看树状结 构、host以及任何一张图,还可以与LDAP结合进行用户验证,同时也能自己增加模板,功能非常强大完善。http://www.cacti.net/
1 安装cacti
bear@njava:/$ sudo apt-get install cacti-cactid
2 下载cacti-nginx脚本
bear@njava:/$ wget http://forums.cacti.net/download.php?id=12676 bear@njava:/$ tar -xzvf cacti-nginx.tar.gz bear@njava:/$ sudo cp cacti-nginx/get_nginx_socket_status.pl /usr/share/cacti/site/scripts bear@njava:/$ sudo cp cacti-nginx/get_nginx_clients_status.pl /usr/share/cacti/site/scripts bear@njava:/$ sudo chmod 755 /usr/share/cacti/site/scripts/get_nginx*
3 检查脚本
bear@njava:/$ /usr/share/cacti/site/scripts/get_nginx_socket_status.pl http://www.njava.com/nginx_status
4 配置cacti的nginx虚拟主机
bear@njava:$ sudo vi /etc/nginx/sites-available/cacti
server {
listen 80;
server_name cacti.njava.com;
access_log /var/log/nginx/cacti.access.log;
location / {
root /usr/share/cacti/site;
index index.html index.htm index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/tmp/php-cgi.njava.sock;
fastcgi_index index.php;
set $path_info "/";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME /usr/share/cacti/site/$real_script_name;
fastcgi_param script_name $real_script_name;
fastcgi_param path_info $path_info;
include /etc/nginx/fastcgi_params;
}
}
bear@njava:$ sudo ln -s /etc/nginx/sites-available/cacti /etc/nginx/sites-enable/cacti
bear@njava:$ sudo /etc/init.d/nginx reload
5 从cacti的UI上传cacti模板
cacti_graph_template_nginx_clients_stat.xml cacti_graph_template_nginx_sockets_stat.xml