Category Archives: FreeBSD && Linux

Linux升级内核/boot空间不足

1.查看现运行的内核版本

[root@CC boot]# uname -r
2.6.32-220.13.1.el6.centos.plus.x86_64

2.列出所有的内核文件

[root@CC boot]# rpm -q kernel
kernel-2.6.32-131.0.15.el6.x86_64
kernel-2.6.32-220.13.1.el6.x86_64
kernel-2.6.32-220.13.1.el6.centos.plus.x86_64
kernel-2.6.32-220.7.1.el6.x86_64

3.删除所有旧的内核文件
(注意不要删除当前系统正在运行的内核文件)

[root@CC boot]# rpm -e kernel-2.6.32-131.0.15.el6.x86_64
[root@CC boot]# rpm -e kernel-2.6.32-220.7.1.el6.x86_64

到此,旧的内核文件就安全删除

[root@CC boot]# rpm -q kernel
kernel-2.6.32-220.13.1.el6.x86_64
kernel-2.6.32-220.13.1.el6.centos.plus.x86_64

4.查看文件系统使用情况和文件系统被挂在的位置

[root@CC boot]# df -lh
文件系统     容量   已用   可用   已用%%   挂载点
<code>/dev/sda2    9.7G   4.3G      4.9G     47%     /
tmpfs      504M    276K      504M    1%       /dev/shm
/dev/sda1    97M     47M        46M      51%     /boot
/dev/sda3    4.9G    987M      3.6G     22%     /home</code>

阿里云的镜像站

在国内更新yum或apt的时候,最好用国内的mirrors速度会快很多,尤其是epel,fedora的国外的mirrors经常失效。

阿里云镜像站地址:http://mirrors.aliyun.com/

aliyun_mirros

阿里云还非常人性化的提供了各个mirror的使用方法。测试下载速度还不错,在用电信10MB宽带的情况下,下载速度可以达到1.5MB/S,算是满速了。可以把PC上virtuabox中的虚拟机全部更换为aliyun mirros了。

为Apache rewrite转发添加POST数据支持

apache的rewrite转发能够处理大部分的,例如在wordpress上的URL虚拟静态化:
apache_rewrite_POST_1

但是,如果rewrite的url需要处理POST数据的话,这样的转发就不行了,因为apache在转发的时候是默认没有把POST数据也交给rewrite的对象的,类似这样:
apache_rewrite_POST_2

需要在rewriterule后加上参数[P].P表明force proxy,需要mod_proxy以及根据相应协议的proxy模块比如mod_http_proxy
实际上这个时候apache就充当了反向代理的功能。

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/user\.php$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,P]

很遗憾,我第一次这样做的时候,apache给了我一个”500 Internal Server Error”,error log报错如下

[Thu Mar 07 21:36:07 2013] [error] [client 63.223.121.79] SSL Proxy requested for 63.223.121.79:80 but not enabled [Hint: SSLProxyEngine]
[Thu Mar 07 21:36:07 2013] [error] proxy: HTTPS: failed to enable ssl support for 63.223.121.79:443 (www.test.com)

但是如果简单的把一个http uri转发至另一个http uri,用P参数就OK了,很正常.

显然,ssl的转发会更加复杂一些,你看已经涉及SSLProxyEngine.没有猜错的话,apache好像是这样处理问题的:
apache_rewrite_POST_3

毕竟http进程和https分别在80和443端口监听,如果rewrite http至https,其中甚至需要把Apache当做Proxy?!

Centos和Debian使用网易源

1、首先备份/etc/yum.repos.d/CentOS-Base.repo

#mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

2、根据CentOS版本选择操作
CentOS-5

#wget http://mirrors.163.com/.help/CentOS5-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo
#yum makecache

CentOS-6

#wget http://mirrors.163.com/.help/CentOS6-Base-163.repo  -O /etc/yum.repos.d/CentOS-Base.repo
#yum makecache

Debian-5
编辑/etc/apt/sources.list文件

deb http://mirrors.163.com/debian lenny main non-free contrib  
deb http://mirrors.163.com/debian lenny-proposed-updates main contrib non-free  
deb http://mirrors.163.com/debian-security lenny/updates main contrib non-free   
 
deb-src http://mirrors.163.com/debian lenny main non-free contrib  
deb-src http://mirrors.163.com/debian lenny-proposed-updates main contrib non-free  
deb-src http://mirrors.163.com/debian-security lenny/updates main contrib non-free

Debian-6 (Squeeze)

deb http://mirrors.163.com/debian/ squeeze main non-free contrib
deb http://mirrors.163.com/debian/ squeeze-proposed-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ squeeze main non-free contrib
deb-src http://mirrors.163.com/debian/ squeeze-proposed-updates main non-free contrib

Debian5(lenny)升级至Deiban6(squeeze)

VPS上只有Debian5的模板,需要升级为Debian6.

1.修改source.list为Debian6

# vi /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ squeeze main
deb-src http://ftp.us.debian.org/debian/ squeeze main
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
deb http://volatile.debian.org/debian-volatile squeeze/volatile main
deb-src http://volatile.debian.org/debian-volatile squeeze/volatile main

注意:volatile.debian.org已经不在官方源了,注意

2.执行升级命令

首先清除原有信息:

#apt-get clean
#apt-get update
#apt-get install apt dpkg aptitude
#apt-get dist-upgrade

3.重启即可

iptables屏蔽php-fpm的端口

有个VPS用户安装了lnmp后又安装了VPN安装包,结果造成php无法解析,当把iptables暂停的时候php解析正常,所以猜想是iptables屏蔽了php-fpm的端口的原因,查看/etc/sysconfig/iptables:

# Generated by iptables-save v1.3.5 on Mon May 21 23:54:04 2012
*nat
:PREROUTING ACCEPT [135:17888]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [19:1172]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon May 21 23:54:04 2012
# Generated by iptables-save v1.3.5 on Mon May 21 23:54:04 2012
*filter
:INPUT ACCEPT [358:40386]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [179:40626]
COMMIT
# Completed on Mon May 21 23:54:04 2012

在filter中有限制端口,把整个filter内容全部删除后重启iptables正常。

不过很奇怪,在VPN安装包中,只有下面的几行iptables设置:

iptables -F
service iptables save
iptables --table nat --append POSTROUTING --jump MASQUERADE
service iptables save

目的只是加入了nat的转发,但是iptables竟然添加了默认的filter?

lnmp安装包有问题了

一个稍微小白的客户发现Nignx一键安装包无法安装,我登录VPS后用Yum -y update,发现报错:

Error: Missing Dependency: libedit.so.0 is needed by package openssh-clients-5.8p2-16.el5.1.i386

网上找了个解决方法:

rpm -Uvh ftp://ftp.pbone.net/mirror/atrpms.net/el5-i386/atrpms/stable/libedit0-3.0-1.20090722cvs.el5.i386.rpm

后来发现是因为epel-release-5-4.noarch.rpm原有的下载地址有误,原来是这样安装epel的:

rpm -ihv http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

但是今天发现这样rpm无法安装,更换如下方式:

wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

rpm -ihv epel-release-5-4.noarch.rpm

然后就OK了,估计是download.fedoraproject.org作了某些镜像分发,然后rpm内置简单的下载机制就无法下载了。

还有默认安装的nginx-stable后,启动报错:

Starting nginx: nginx: [emerg] unknown directive "limit_conn_zone" in /etc/nginx/nginx.conf:37

不得已,安装包里面改为yum install nginx,而不是nginx-stable.