php7的最后一个版本在centos9上由于openssl以及net-snmp新版本不兼容了, 得打2个补丁才能安装
source /etc/os-release
yum -y -q --skip-broken install tcpdump iftop net-tools rsync vim-enhanced subversion git curl nss zip unzip wget crontabs iptables file mlocate flex diffutils dnf dnf-plugins-core
yum -y -q install https://rpms.remirepo.net/enterprise/remi-release-${VERSION_ID}.rpm
dnf config-manager --set-enabled remi #centos7/8
dnf config-manager --set-enable crb #centos9
dnf config-manager --set-enabled powertools #centos8
yum -y -q --skip-broken install gcc gcc-c++ autoconf automake imake make cmake patch libtool-libs libtool cronie.x86_64 net-snmp.$(uname -m) net-snmp-utils fping mariadb-server mariadb MySQL-python rrdtool jwhois ipmitool graphviz ImageMagick cpp icu re2c bison mlocate flex diffutils
yum -y -q --skip-broken install {kernel,zlib,libevent,libxml2,freetype,gd,libjpeg,libpng,ncurses,curl,readline,openssl,glibc,glib2,bzip2,e2fsprogs,libidn,gettext,expat,libcap,libtool-ltdl,pam,libxslt,libc-client,freetds,unixODBC,libXpm,krb5,libicu,sqlite,oniguruma,libmcrypt,libsodium,rrdtool,libssh2,net-snmp,libsqlite3x,gmp,libwebp,oniguruma-, rrdtool}-devel
dnf -y install libzip-devel oniguruma-devel rrdtool-devel uw-imap-devel
支持openssl3和net-snmp5.9的补丁
prefix="/opt/php7"
git clone https://github.com/php/php-src.git
cd php-src
git checkout PHP-7.4
autoconf
autoheader
wget http://www.kvm.la/usr/uploads/2023/06/2573259142.patch -O php-7.4-openssl3.0.patch
wget http://www.kvm.la/usr/uploads/2023/06/3393061476.patch -O php-7.4.26-snmp.patch
patch ext/snmp/snmp.c <php-7.4.26-snmp.patch
patch ext/openssl/openssl.c < php-7.4-openssl3.0.patch
./configure --quiet --prefix=$prefix/usr --with-config-file-path=$prefix/etc --with-config-file-scan-dir=$prefix/etc/php.d --sysconfdir=$prefix/etc --sbindir=$prefix/sbin --bindir=$prefix/bin --localstatedir=$prefix/var --enable-fpm --enable-bcmath --enable-exif --enable-ftp --enable-mbstring --enable-soap --enable-sockets --with-curl --with-gettext --with-openssl --with-mhash --with-mysql-sock=/var/lib/mysql/mysql.sock --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-snmp --with-imap --with-imap-ssl --with-kerberos --with-zlib --enable-intl=shared --enable-xml --disable-rpath --enable-shmop --enable-sysvsem --enable-mbregex --enable-pcntl --enable-opcache --enable-exif --with-sqlite3 --with-pdo-sqlite --enable-calendar --with-freetype --with-jpeg --enable-gd --with-webp --with-sodium --with-zip --with-pear --with-gmp --enable-intl --with-libdir=lib64 2>&1 >/dev/null;
make --quiet -j `grep name /proc/cpuinfo|wc -l` 2>&1 >/dev/null
make install 2>&1 >/dev/null
MMP要简单还是直接用remi源安装吧.
dnf install -y http://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf -y --enablerepo=remi php74 php74-php-{fpm,pdo,gd,mysqlnd,xml,pdo,snmp,imap,bcmath,exif,ftp,mbstring,soap,sockets,opcache,calendar,intl,gmp,pear,sodium} php74-php-pecl-{mysql,ssh2,rrd,zip} --skip-broken
ln -s /etc/opt/remi/php74/ /opt/php7
echo "zend_extension='/opt/ioncube/ioncube_loader_lin_7.4.so'">> /opt/php7/php.ini
prefix=/opt/php7
rm -f $prefix/php-fpm.d/www.conf
cat>$prefix/php-fpm.conf<<EOF
[global]
pid = run/php-fpm.pid
error_log = log/php-fpm.log
log_level = warning
emergency_restart_threshold = 30
emergency_restart_interval = 60s
process_control_timeout = 5s
daemonize = yes
include=$prefix/php-fpm.d/*.conf
EOF
cat>$prefix/php-fpm.d/default.conf<<EOF
[default]
;listen=127.0.0.1:9006
listen=/dev/shm/php7-fpm.sock
listen.mode=0666
user=nobody
group=nobody
pm=dynamic
pm.max_children=128
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=10000
rlimit_files=51200
slowlog=log/\$pool.log.slow
env[PATH] = /usr/local/bin:/usr/bin:/bin:$prefix/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
EOF
systemctl restart php74-php-fpm
php目录/etc/opt/remi/php74/
php.ini目录/etc/opt/remi/php74/php.ini
php-fpm目录/etc/opt/remi/php74/php-fpm.d
php二进制地址 /usr/bin/php74 /usr/bin/php74-cgi /usr/bin/php74-phar
curl https://get.acme.sh | sh -s [email protected]
source ~/.bashrc
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
acme(){
DOMAIN="$1";
acme.sh --issue -d $1 --nginx /etc/nginx/conf/$DOMAIN.conf \
--key-file /etc/nginx/ssl/$DOMAIN.key \
--fullchain-file /etc/nginx/ssl/$DOMAIN.crt \
--reloadcmd "nginx -s reload" --force
}
acmeupdate(){
DOMAIN="$1";
acme.sh --renew -d $DOMAIN --ecc --force
}
addfpm() {
if [ ! -n "$1" ]; then username="newuser"; else username=$1; fi
if [ ! -n "$2" ]; then prefix="/opt/php8"; else prefix=$2; fi
useradd -r -s /bin/nologin $username
cat>$prefix/etc/php-fpm.d/$username.conf<<EOF
[$username]
;listen=127.0.0.1:9006
listen=/dev/shm/\$pool.sock
listen.mode=0666
user=$username
group=$username
pm=dynamic
pm.max_children=128
pm.start_servers=20
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=10000
rlimit_files=51200
slowlog=log/\$pool.log.slow
env[PATH] = /usr/local/bin:/usr/bin:/bin:$prefix/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
EOF
}
addnginx(){
if [ ! -n "$1" ]; then echo "Please input Domain";exit; else domain=$1; fi
cat>/etc/nginx/conf/$domain.conf<<EOF
server {
listen 443 ssl;
server_name $domain www.$domain;
index default.php index.php index.htm index.html;
root /home/$2/;
access_log /var/log/httpd/$domain.log;
error_log /var/log/httpd/$domain.error.log;
ssl_certificate /etc/nginx/ssl/$domain.crt;
ssl_certificate_key /etc/nginx/ssl/$domain.key;
include ssl.conf;
#include whmcs.conf;
#include typecho.conf;
sub_filter_once off;
sub_filter_types text/css;
sub_filter "//ajax.googleapis.com" "//ajax.googleapis.cnpmjs.org";
sub_filter "//fonts.googleapis.com" "//fonts.googleapis.cnpmjs.org";
sub_filter "//fonts.gstatic.com" "//fonts.gstatic.cnpmjs.org";
location /{
location ~ [^/]\.php(/|\$){
fastcgi_pass unix:/dev/shm/$2.sock;
try_files \$uri = 404;
}
}
location /nginx_status {
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$ {expires 30d;}
location ~ .*\.(js|css)?\$ { expires 12h;}
location ~ /\. {deny all;}
location ~/\.ht {deny all;}
}
server {
listen 80;
#server_name ~^(www\.)?(.+)$;
server_name $domain www.$domain;
location /{
if (\$scheme = 'http' ) {rewrite ^/(.*)$ https://\$http_host/\$1 permanent;}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$ {expires 30d;}
location ~ .*\.(js|css)?\$ { expires 12h;}
location ~ /\. {deny all;}
location ~/\.ht {deny all;}
location ~ /.well-known { allow all;}
location /.well-known/acme-challenge/ { allow all;}
}
EOF
}
解决办法:
update-crypto-policies --set LEGACY
rpm --import https://openresty.org/package/pubkey.gpg
或者是dnf带上 --nogpgcheck参数
dnf install -y --nogpgcheck openresty
把gpgcheck检查去掉也行.
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/openresty.repo
没导入时候报错提示
GPG Keys are configured as: https://openresty.org/package/pubkey.gpg
Error: GPG check FAILED
当导入时候的错误提示
warning: Signature not supported. Hash algorithm SHA1 not available.
error: https://openresty.org/package/pubkey.gpg: key 1 import failed
总结:更新update-crypto-policies设置
文章内容源自:https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
设置通电自动开机
sudo pmset autorestart 1
取消自动开机
sudo pmset repeat cancel
设置定时自动开机和关机
sudo pmset repeat wakeorpoweron MTWRF 9:00:00 shutdown MTWRFSU 18:30:00
对于小白可以安装一个cockpit, ssh被玩死了上不去的时候可以通过浏览器访问9090端口进入操作终端.
dnf install -y cockpit
rm -f /etc/cockpit/disallowed-users
systemctl start cockpit
如果管理的服务器比较多, 还能串联管理.
对于绑定了很多IP遇上暴力破解ssh之类的, 用iptables封IP会比较慢.
用ip route把对方IP段丢路由黑洞封掉会立竿见影.
ip route add blackhole 10.0.0.0/24
最近安装php发现编译失败, 搜索一圈后发现软件包仓库改crb去了,稍微改一下脚本判断就解决了.
sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/*-{crb,plus}.repo
如果不想改repo配置,则安装的时候启用一下crb源.
dnf -y --enablerepo=crb install libzip-devel oniguruma-devel rrdtool-devel
https://mirror.stream.centos.org/9-stream/CRB/x86_64/os/Packages/
另外libc-client-devel的包暂时也没找到, 用remi的源安装uw-imap-devel替代解决了.
dnf install -y http://rpms.remirepo.net/enterprise/remi-release-9.rpm
dnf -y --enablerepo=remi install uw-imap-devel
IP="168.192.in-addr.arpa
10.10.in-addr.arpa
";
for list in $IP
do
pdnsutil create-zone $list ns1.server.com
pdnsutil add-record $list @ NS ns2.server.com
pdnsutil replace-rrset $list . SOA 'ns1.server.com. ns2.server.com. 0 10800 3600 604800 3600'
pdnsutil increase-serial $list
done
for i in {0..255}; do
for o in {0..255}; do
pdnsutil add-record 168.192.in-addr.arpa $o.$i PTR test.example.com
done;
done;
whmcs自定义模版调用login.tpl模版报错
Error: Error: Call to a member function getButtonClass() on null in
Error: Error: Call to a member function isEnabled() on null in
主要问题在$captcha上, {if $captcha->isEnabled()} 和{$captcha->getButtonClass($captchaForm)}
自定义php文件里面引入一下Captcha()类就解决了.
$smartyvalues["captcha"] = new WHMCS\Utility\Captcha();
官方指引:https://wiki.samba.org/index.php/Configure_Samba_to_Work_Better_with_Mac_OS_X
smb.conf配置后TimeMachine直接可以备份数据.
[Global]
vfs objects = fruit streams_xattr
fruit:metadata = stream
fruit:model = MacSamba
fruit:posix_rename = yes
fruit:veto_appledouble = no
fruit:nfs_aces = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
[TimeMachineBackup]
fruit:time machine = yes
# fruit:time machine max size = SIZE
不用再设置什么虚拟磁盘进行挂载了, 当airport一样用.
https://lg.he.net/
https://lg.sgix.sg
https://www.cogentco.com/en/looking-glass
https://www.cmi.chinamobile.com/en/looking-glass
https://lg.ibeo.hgc-intl.com/
https://lg.ix.br/
https://lg.ntt.lt/
https://www.gin.ntt.net/looking-glass-landing/
https://lookingglass.consoleconnect.com/
https://lookingglass.centurylink.com/
http://lg.level3carrier.com/lg/lg.cgi
https://lg.telia.net/
https://lg.twelve99.net/
https://ipms.chinatelecomglobal.com/public/lookglass/lookglassDisclaimer.html?lang=zh_CN
https://stixlg.singtel.com/dashboard
https://lg.gsl.tools/
个人经验
1.RAID5/6 如同泡水的卫生纸, 出了问题的时候碎得渣, 很难救.
2.仅次于比RAID0安全一点点,安全性低于RAID1
3. RAID5/6掉盘或者迁移主机, 恢复慢导入硬盘慢容易崩.
4.RAID50 RAID60 没用过不评价.
最后总结: 一块盘或者一块以上, 数据无所谓要空间和速度组RAID0就无所谓;
两块盘要安全首选RAID1, 低成本安全储存方案;
只有三块硬盘的时候建议追加一块, 跨入最低门槛用四块硬盘直接组RAID10, 兼顾安全和速度以及一半硬盘的容量,
换阵列卡或者迁移到其他机箱, 导入快rebuild同步快, 掉了一块盘即使跑半年也不用担心坏.
https://hyperglass.dev/docs/getting-started
#composer require stripe/stripe-php
<?php
require_once('vendor/autoload.php');
Stripe\Stripe::setApiKey('sk_test_51zX1hSDCA8Q8MfjPdZLR7oFRlQeJQ1z1W1SoguoffuZbu2WfHyliWa3BAXie3ma45UAgIkQ369cR4bnRNSCh2e6200nbfrbxQb');
$source = Stripe\Source::create(["type" => "wechat", "amount" => 20000,'currency' => 'usd', "metadata" => ["invoice_id" => 'test'], 'redirect'=> [ 'return_url'=>'https://www.xxx.host/callback.php?id=260040&amount=8120¤cy=cny' ] ]);
?>
返回二维码连接
[status] => pending
[type] => wechat
[usage] => single_use
[wechat] => Stripe\StripeObject Object
(
[qr_code_url] => https://stripe.com/sources/test_source?client_secret=src_client_secret_B6l7vfg6XqH7nXPRlFsAEj6r&source=src_1MKdUyDCAxQ8MBjPec73jd1Z
)
- «
- 1
- ...
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- ...
- 68
- »