| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
$ cat /var/log/cron
... CROND[31471]: (root) CMD ( /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx ) CROND[31470]: (root) MAIL (mailed 375 bytes of output but got status 0x004b#012) CROND[31482]: (root) CMD (run-parts /etc/cron.hourly) ...
$ /usr/bin/certbot renew --quiet
Attempting to renew cert from /etc/letsencrypt/renewal/renwole.com.conf produced an unexpected error: 'ascii' codec can't encode characters in position 247-248: ordinal not in range(128). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/renwole.com.conf/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)
$ vim /etc/letsencrypt/renewal/renwole.com.conf
... # Options used in the renewal process [renewalparams] authenticator = webroot installer = None account = a07a7160ea489g586aeaada1368ce0d6 [[webroot_map]] renwole.com = /apps/data/www/renwolecom ...
$ certbot certificates
Advantages: cost saving.
Disadvantages: insufficient performance.
Operating user: root.
$ dd if=/dev/zero of=/dev/mapper/centos-swap bs=1024 count=2048000
$ mkswap /dev/mapper/centos-swap
$ mkswap -f /dev/mapper/centos-swap
$ swapon /dev/mapper/centos-swap
$ vim /etc/fstab
/dev/mapper/centos-swap swap swap default 0 0
$ swapoff /dev/mapper/centos-swap
$ rm /dev/mapper/centos-swap
/dev/mapper/centos-swap swap swap default 0 0
RenwoleServer: 10.28.204.65 server
RenwoleClient: 10.28.204.66 client
OS:CentOS Linux release 7.4.1708 (Core) x64
See:《 CentOS 7 Configure Rsync Data File Synchronization Server 》。
$ yum install -y gcc gcc-c++ lua lua-devel cmake libxml2 libxml2-devel
$ wget //github.com/axkibe/lsyncd/archive/release-2.2.2.tar.gz $ tar xvf release-2.2.2.tar.gz $ cd lsyncd-release-2.2.2 $ cmake -DCMAKE_INSTALL_PREFIX=/usr/local/lsyncd $ make && make install $ ln -s /usr/local/lsyncd/bin/lsyncd /usr/bin/lsyncd
$ vim /etc/lsyncd.conf
settings { Logfile="/var/log/lsyncd. log", -- log path StatusFile="/var/log/lsyncd. status", -- status file Pidfile="/var/run/lsyncd. pid", -- pid file path StatusInterval=1, -- the shortest time to write the status file Nodaemon=false, -- daemon running MaxProcesses=1, -- Maximum Processes MaxDelays=1, -- maximum delay } sync { Default.rsyncssh, -- default rsync+ssh, rsync version needs to be upgraded to more than 3 versions Source="/apps/www/renwoleblog/", -- source directory Delete=true, -- keep full synchronization host = " root@10.28.204.66 ", Targetdir="/apps/www/renwoleblog/bak/", -- target directory exclude={ ". txt" -- files to be excluded }, rsync = { Binary="/usr/bin/rsync", -- install rsync first Archive=true, -- archive Compress=false, -- compression Owner=true, -- owner Perms=true, -- permission whole_file = false }, ssh = { port = 22 } }
sync { default.rsync, source = "/apps/www/renwoleblog/", target = "/apps/www/renwoleblog/bak/", }
sync { default.rsync, source = "/apps/www/renwoleblog/", target = " renwole@10.28.204.65 ::renwolecom", delete="true", exclude = { ".bak*" }, delay = 30, init = false, rsync = { binary = "/usr/bin/rsync", archive = true, compress = true, verbose = true, perms = true, password_file = "/etc/rsync.password", _extra = {"--bwlimit=200"} } }
--# Comment Settings # is global configuration Sync # Define synchronization parameters Rsync # Define synchronization file parameters Ssh # Define the server remote port
$ vim /etc/sysconfig/lsyncd
LSYNCD_OPTIONS="/etc/lsyncd.conf"
$ vim /usr/lib/systemd/system/lsyncd.service
[Unit] Description=Live Syncing (Mirror) Daemon After=network.target [Service] Type=simple EnvironmentFile=-/etc/sysconfig/lsyncd ExecStart=/usr/local/lsyncd/bin/lsyncd -nodaemon $LSYNCD_OPTIONS [Install] WantedBy=multi-user.target
$ systemctl start lsyncd $ systemctl enable lsyncd
[ root@RenwoleServer ~] $ cat /var/log/lsyncd.log
... Fri Dec 22 01:19:22 2017 Normal: Calling rsync with filter-list of new/modified files/dirs / PCHunter_renwole.com.tar.gz / Fri Dec 22 01:19:24 2017 Normal: Finished (list): 0 Fri Dec 22 01:19:32 2017 Normal: Calling rsync with filter-list of new/modified files/dirs / PCHunter_renwole.com.tar.gz / Fri Dec 22 01:19:34 2017 Normal: Finished (list): 0 Fri Dec 22 01:19:34 2017 Normal: Calling rsync with filter-list of new/modified files/dirs / PCHunter_renwole.com.tar.gz / Fri Dec 22 01:19:36 2017 Normal: Finished (list): 0
RenwoleServer: 10.28.204.65 server
RenwoleClient: 10.28.204.66 client
OS:CentOS Linux release 7.4.1708 (Core) x64
$ yum remove rsync -y
$ yum -y install epel-release $ wget //mirror.ghettoforge.org/distributions/gf/gf-release-latest.gf.el7.noarch.rpm $ rpm -Uvh gf-release*rpm $ yum --enablerepo=gf-plus install rsync -y
/etc/rsyncd.conf /etc/sysconfig/rsyncd /etc/xinetd.d/rsync /usr/bin/rsync /usr/share/doc/rsync-3.1.2/COPYING ......
$ cd /tmp $ yum install gcc c++ -y $ wget //download.samba.org/pub/rsync/rsync-3.1.2.tar.gz $ tar zxvf rsync-3.1.2.tar.gz $ cd rsync-3.1.2 $ ./ configure --prefix=/usr/local/rsync $ make -j8 && make install $ ln -s /usr/local/rsync/bin/rsync /usr/bin/rsync
$ cp /tmp/rsync-3.1.2/packaging/systemd/* /usr/lib/systemd/system
$ echo "renwole:renwolecom" >>/etc/rsync.password $ chmod 600 /etc/rsync.password
$ cat /etc/rsyncd.conf Uid=root # The user running the RSYNC daemon Gid=root # The group running the RSYNC daemon Port=873 # default port #Address=10.28.204.65 # Server IP address #Pid file=/var/run/rsyncd.pid # After the process is started, the process number is stored in the path Lock file=/var/run/rsync. lock # Set lock file name Log file=/var/log/rsyncd.log # Specify the log file of rsync Use chroot=no # Do not use chroot Read only=yes # Read only, do not let the client upload files to the server Transfer logging=yes # Log the transfer operation to the transfer log file Hosts allow=10.28.204.66 # Which hosts are allowed to access (multiple hosts are separated by spaces) Hosts deny=* # Which hosts are denied access Max connections=3 # Maximum connections #Motd file=/etc/rsyncd. motd # Login welcome information (not recommended for production environment) Log format=% t% a% m% f% b # Specify the format of the log record Syslog facility=local3 # message level Timeout=600 # Session timeout. [renwolecom] # Name of the module, which can be customized Path=/apps/www # Directory to be synchronized List=yes # Whether users are allowed to list files, which is true by default Ignore errors # Ignore error messages #Exclude=myrenwole/# Out of sync directories (multiple directories separated by spaces) Comment=RenwoleCombak # Comment content, any Auth users=renwole # Only those users are allowed to connect to the module. Multiple users are separated by Secrets file=/etc/rsyncs.pass # Password file required for authentication
$ firewall-cmd --add-port=873/tcp --permanent $ firewall-cmd --add-port=873/udp --permanent $ firewall-cmd --reload
$ vim /etc/rsyncd.conf uid = nobody gid = nobody use chroot = no max connections = 10 pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock log file = /var/log/rsyncd.log port = 873 secrets file = /etc/client.pass
$ echo "renwolecom" >>/etc/client.pass $ chmod 600 /etc/client.pass
$ systemctl start rsync $ systemctl enable rsync $ systemctl list-unit-files
$ /usr/bin/rsync -avzrtopg --progress --delete --password-file=/etc/client.pass renwole@10.28.204.65 ::renwolecom /apps/www
A # Archive mode, which means that files are transferred recursively and all file attributes are maintained, equal to - rlptgoD; V # Detailed mode output; Z # Compress the backed up files during transmission; R # Recursive processing of subdirectories; Topg # Maintain the original file attributes such as primary and time parameters. --Progress # Display detailed synchronization progress. --Delete # If the server side deletes this file, the client side will delete it accordingly to keep the file consistent.
$ /usr/bin/rsync -h
rsync: failed to connect to 10.28.204.65 (10.28.204.65): No route to host (113) rsync error: error in socket IO (code 10) at clientserver.c(125) [Receiver=3.1.2]
[ root@renwole-com ~]# fdisk -l Disk /dev/sdb: 32.2 GB, 32212254720 bytes, 62914560 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x5f149419 Device Boot Start End Blocks Id System /dev/sdb1 2048 62914559 31456256 83 Linux Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x00043041 Device Boot Start End Blocks Id System /dev/sda1 * 2048 2099199 1048576 83 Linux /dev/sda2 2099200 20971519 9436160 8e Linux LVM Disk /dev/mapper/cl-root: 8585 MB, 8585740288 bytes, 16769024 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/mapper/cl-swap: 1073 MB, 1073741824 bytes, 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes
[ root@renwole-com ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/cl-root xfs 8.0G 950M 7.1G 12% / devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs tmpfs 1.9G 8.3M 1.9G 1% /run tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 138M 877M 14% /boot tmpfs tmpfs 379M 0 379M 0% /run/user/0 /dev/sdb1 ext4 30G 60M 28G 1% /apps
[ root@renwole-com ~]# fdisk -l Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x00043041 Device Boot Start End Blocks Id System /dev/sda1 * 2048 2099199 1048576 83 Linux /dev/sda2 2099200 20971519 9436160 8e Linux LVM Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x5f149419 Device Boot Start End Blocks Id System /dev/sdb1 2048 62914559 31456256 83 Linux Disk /dev/mapper/cl-root: 8585 MB, 8585740288 bytes, 16769024 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/mapper/cl-swap: 1073 MB, 1073741824 bytes, 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes
[ root@renwole-com ~]# fdisk /dev/sdb The device presents a logical sector size that is smaller than the physical sector size. Aligning to a physical sector (or optimal I/O) size boundary is recommended, or performance may be impacted. Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): d #Delete sdb1 partition Selected partition 1 Partition 1 is deleted Command (m for help): n #New Section Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): p Partition number (1-4, default 1): one #Specify partition code First sector (2048-209715199, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-209715199, default 209715199): Using default value 209715199 Partition 1 of type Linux and of size 100 GiB is set Command (m for help): w #Enter w to save The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.
[ root@renwole-com ~]# fdisk -l ... Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x5f149419 Device Boot Start End Blocks Id System /dev/sdb1 2048 209715199 104856576 83 Linux ...
[ root@renwole-com ~]# resize2fs -f /dev/sdb1 resize2fs 1.42.9 (28-Dec-2013) Resizing the filesystem on /dev/sdb1 to 26214144 (4k) blocks. The filesystem on /dev/sdb1 is now 26214144 blocks long.
[ root@renwole-com ~]# mount /dev/sdb1 /apps/ [ root@renwole-com ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/cl-root xfs 8.0G 950M 7.1G 12% / devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs tmpfs 1.9G 8.3M 1.9G 1% /run tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 138M 877M 14% /boot tmpfs tmpfs 379M 0 379M 0% /run/user/0 /dev/sdb1 ext4 99G 60M 94G 1% /apps [ root@renwole-com ~]# ls /apps/ web mysql
$ ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ groupadd sftp
$ useradd -g sftp -s /sbin/nologin -M userrenwolecom
-G # Join user group -S # Specify the shell used by the user after logging in /Sbin/nologin # User is not allowed to log in -M # Do not automatically create user login directory
$ passwd userrenwolecom
$ mkdir /data/sftp
$ chown root:sftp /data/sftp
$ chmod 744 /data/sftp
$ mkdir -p /data/sftp/uploads $ chown userrenwolecom:sftp /data/sftp/uploads
$ vim /etc/ssh/sshd_config
Subsystem sftp internal sftp # Specify to use the internal sftp service provided by the system Match Group sftp # Users matching sftp groups. To match multiple groups, separate them with commas ChrootDirectory/data/sftp/# Restrict user's root directory ForceCommand internal sftp # can only be used for sftp login AllowTcpForwarding no # Prevent users from using port forwarding X11Forward no # Forbid users to use port forwarding
$ systemctl restart sshd
$ sftp -P 12012 userrenwolecom@10.28.204.62 userrenwolecom@10.28.204.62 's password: packet_write_wait: Connection to 10.28.204.62 port 12012: Broken pipe Couldn't read packet: Connection reset by peer
$ sftp -P 12012 userrenwolecom@10.28.204.62 The authenticity of host '[10.28.204.62]:12012 ([10.28.204.62]:12012)' can't be established. ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k. ECDSA key fingerprint is MD5:6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2. Are you sure you want to continue connecting (yes/no)? YES Warning: Permanently added '[10.28.204.62]:12012' (ECDSA) to the list of known hosts. userrenwolecom@10.28.204.62 's password: [Enter userrenwolecom user password] Connected to 10.28.204.62. sftp>
sftp> put /tmp/nginx_log_stat /uploads Uploading /tmp/nginx_log_stat to /uploads/nginx_log_stat /tmp/nginx_log_stat
sftp> get uploads/nginx_log_stat /mnt Fetching /uploads/nginx_log_stat to /mnt/nginx_log_stat /uploads/nginx_log_stat 100% 7 1.1KB/s 00:00 sftp>
sftp> rm /uploads/nginx_log_stat Removing /uploads/nginx_log_stat
sftp> help
10.10.204.63 10.10.204.64
[ root@10-10-204-63 ~]# ssh-keygen -b 4096 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:qLcoj2nSzq6G9ZpFQZ/OFqFT+oBDf3ousHkt82F1/xM root@10-10-204-63.10.10.204.63 The key's randomart image is: +---[RSA 4096]----+ | . . o | | . + = o | | o B = | | . X o | | . o B S . | | .= * . . . E | |.oo. B * . . | |oo+*. O o .. | |o*O+o o .. | +----[SHA256]-----+
[ root@10-10-204-63 ~]# ll .ssh/ total 8 -rw------- 1 root root 3243 Nov 25 15:58 id_rsa -rw-r--r-- 1 root root 758 Nov 25 15:58 id_rsa.pub
[ root@10-10-204-63 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.204.64 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.10.204.64 (10.10.204.64)' can't be established. ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k. ECDSA key fingerprint is MD5:6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2. Are you sure you want to continue connecting (yes/no)? Yes [Enter yes] /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.10.204.64 's password: [Enter the server password] Number of key(s) added: 1 Now try logging into the machine, with: "ssh ' root@10.10.204.64 '" and check to make sure that only the key(s) you wanted were added.
$ vim /etc/ssh/sshd_config
RSAAuthentication yes PubkeyAuthentication yes
$ systemctl restart sshd
[ root@10-10-204-63 ~]# ssh ' root@10.10.204.64 ' Last failed login: Sat Nov 25 16:09:48 CST 2017 from 83.234.149.66 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Sat Nov 25 15:57:33 2017 from 36.7.69.84 [ root@10-10-204-64 ~]#
[ root@10-10-204-64 ~]# ll /root/.ssh/ total 8 -rw------- 1 root root 758 Nov 25 16:08 authorized_keys -rw-r--r--. 1 root root 175 Aug 9 09:19 known_hosts
[ root@10-10-204-63 ~]# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
$ cd /mnt/renwole $ vim mysqlbak.sh
#!/ bin/bash createAt=`date +%Y-%m-%d-%H:%M:%S` mysql_back_path=/mnt/MySQL-Bak /usr/local/mysql/bin/mysqldump -u Database user name -p password Database name > $mysql_back_path/renwoleblog-$createAt.sql #Automatically delete backups older than 7 days #- type file type f is a file find $mysql_back_path -name "*.sql" -type f -mtime +7 -exec rm -rf {} \; cd $mysql_back_path git add -A git commit -m "${createAt}" git push origin master
$ chmod +x mysqlbak.sh
$ crontab -e
*/50 2 * * * /mnt/renwole/mysqlbak.sh
$ systemctl restart crond
$ yum install git -y $ git config --global user.name "renwole" $ git config --global user.email renwole@renwole.com
$ ssh-keygen -t rsa -C " renwole@renwole.com "
$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9k1FgZRJN3P7V9tLfWZQ......
$ ssh -T git@gitee.com The authenticity of host 'gitee.com (120.55.226.24)' can't be established. ECDSA key fingerprint is SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc. ECDSA key fingerprint is MD5:27:e5:d3:79:2a:9e:eb:6c:93:cd:1f:c1:47:a3:54:b1. Are you sure you want to continue connecting (yes/no)? yes [Enter yes] Warning: Permanently added 'gitee.com,120.55.226.24' (ECDSA) to the list of known hosts. Authentication failed.
$ ssh -T git@gitee.com Welcome to Gitee.com, yourname!
$ cd /mnt $ git clone git@gitee.com :renwole/renwolecom.git Cloning into 'renwolecom'... remote: Counting objects: 11, done. remote: Compressing objects: 100% (10/10), done. remote: Total 11 (delta 2), reused 0 (delta 0) Receiving objects: 100% (11/11), 19.51 MiB | 5.46 MiB/s, done. Resolving deltas: 100% (2/2), done.
$ cd renwolecom $ ll total 16 -rw-r--r--. 1 root root 10254 Nov 22 09:26 LICENSE -rw-r--r--. 1 root root 13 Nov 22 09:26 README.md
$ git pull origin master $ git add -A $ git commit -m 'init' $ git push origin master
8.1.Checkout $ git checkout --orphan latest_branch 8.2. Add all the files $ git add -A 8.3. Commit the changes $ git commit -am "commit message" 8.4. Delete the branch $ git branch -D master 8.5.Rename the current branch to master $ git branch -m master 8.6.Finally, force update your repository $ git push -f origin master
$git rm -- cached file name $ git commit -m "remove file from remote repository" $ git push
$git rm -- cached - r folder name $ git commit -m "remove directory from remote repository" $ git push