五的网 部署环境配置指南(Ubuntu)
本文档由lookas2001编写。未完待续。
该文档用lookas2001为用户例子,wonld.com为网站例子。
由于软件迭代十分快,该文档仅供参考,本文档中在ubuntu16.04测试通过。
转载请注明
基础环境
配置用户
添加一个非 root 用户用于管理,并且禁用默认的 root 用户。(阿里云)
创建一个用户
sudo useradd -mk /home/ubuntu -s /bin/bash ubuntu-
sudo adduser ubuntu adm
sudo adduser ubuntu sudo
sudo adduser ubuntu cdrom
sudo adduser ubuntu dip
sudo adduser ubuntu plugdev 锁定root用户
sudo passwd root -l
配置 SSH
创建一个SSH密钥对来保证连接安全性,继续前请确认已经安装openssh。(阿里云)
生成秘钥对(服务端)(该命令会生成
~/.ssh/id_rsa.pub(公钥)~/.ssh/id_rsa(私钥) )ssh-keygen -t rsa拷贝公钥到公钥表
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys保存
~/.ssh/id_rsa到本地(通过sftp或者scp)(服务端可以保留也可以不保留私钥)禁止密码登录
编辑/etc/ssh/sshd_conf
将 PasswordAuthentication yes 的yes换成no为 PasswordAuthentication no
重启服务
sudo service openssh restart
配置包管理
将默认的源位置换成中国源。(阿里云,AWS镜像已经切换为内网的,不用更换)(本地、自建)
-
编辑
/etc/apt/sources.list(需要sudo)(建议修改前先备份)`sudo vi /etc/apt/sources.list`将所有的 换成
更新 apt-get 源信息(从源拉取包信息,该命令需要定期执行)
sudo apt-get update
安装配置基本管理工具
@H_502_59@# 安装管理系统以及文件用的OpenSSH(默认已经安装)
sudo apt-get install openssh-server -y
# 安装命令行下常用的Vim Zip Unzip
sudo apt-get install vim zip unzip -y
VsFTP配置
默认的VsFTP是不允许上传文件,并且所有目录都可以访问的,这里可以配置一下。
允许写入
编辑/etc/vsftpd.conf文件,将#write_enable=YES配置行前#去掉变成write_enable=YES
将 #chroot_local_user=YES 配置行前#去掉变成 chroot_local_user=YES
将 #chroot_list_enable=YES 配置行前#去掉变成 #chroot_list_enable=YES
在最后添加一行 allow_writeable_chroot=YES
注:/etc/vsftpd.chroot_list 为例外用户列表
重启服务
sudo service vsftpd restart
应用环境
安装包
下面一行命令会把lamp的amp安装上
sudo apt-get install apache2 MysqL-server MysqL-client redis-server PHP7.0 PHP7.0-MysqL PHP7.0-gd PHP7.0-mcrypt PHP-redis libapache2-mod-PHP7.0 sendmail -y
注: MysqL-client为管理工具。另,sendmail可以选择安装
注2: 安装MysqL时会提示输入密码,请务必记住该密码,在下面阶段会使用。
配置包
Apache2
配置基础环境
启用SSL,Rewrite模块
sudo a2enmod ssl rewrite
注: a2enmod是Apache2在ubuntu下管理启用mod的一个工具。其对应命令为a2dismod。
启用默认的ssl站点default-ssl
sudo a2ensite default-ssl
注: a2ensite是Apache2在ubuntu下管理启用mod的一个工具。其对应命令为a2dissite。
使子目录可以使用 .htaccess 来实现Rewrite
配置/etc/apache2/apache2.conf
找到
@H_502_59@
将 AllowOverride None 配置行变成 AllowOverride All 。
重启服务
sudo service apache2 restart
注: 安装完成libapache2-mod-PHP7.0后一定要restart不能reload,否则在https下会出现直接显示源码的bug。
创建站点目录并且上传站点文件
sudo mkdir /var/www/www.wonld.com/
更改站点目录拥有者
sudo chown -R ubuntu /var/www/www.wonld.com更改站点目录权限
sudo chmod a+wr /var/www/www.wonld.com(选择)挂载目录
这样可以配合ftp只允许访问home目录提升安全性(请提前创立 /home/ubuntu/www/www.wonld.com 文件夹)
mount --bind /home/ubuntu/www/www.wonld.com /var/www/www.wonld.com
配置站点信息(HTTP)
创建默认虚拟站点配置文件的副本
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/www.wonld.com.conf编辑配置文件
以下是各项配置的说明
# "*:80"不建议修改,该选项的含义就是*ip上监听80端口
# The ServerName directive sets the request scheme,hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts,the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However,you must set it for any further virtual host explicitly.
# 请将网站名配置成你的域名
ServerName www.wonld.com
# 并没有什么卵用的网站管理者
ServerAdmin webmaster@wonld.com
# <a href="/tag/zhandian/" target="_blank" class="keywords">站点</a>所在的目录
DocumentRoot /var/www/www.wonld.com
# Available loglevels: trace8,...,trace1,debug,info,notice,warn,# error,crit,alert,emerg.
# It is also possible to configure the loglevel for particular
# modules,e.g.
#LogLevel info ssl:warn
# 配置<a href="/tag/cuowu/" target="_blank" class="keywords">错误</a>日志<a href="/tag/wenjian/" target="_blank" class="keywords">文件</a>建议在最后<a href="/tag/jiashang/" target="_blank" class="keywords">加上</a>域名方便区分
ErrorLog ${APACHE_LOG_DIR}/error-www.wonld.com.log
CustomLog ${APACHE_LOG_DIR}/access-www.wonld.com.log combined
# For most configuration files from conf-available/,which are
# enabled or disabled at a global level,it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
启用站点
sudo a2ensite www.wonld.com重启服务
sudo service apache2 restart
配置站点信息(https)
创建默认虚拟站点配置文件的副本
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/www.wonld.com-ssl.conf
# 仍然不建议修改 "_default_:443"
# 依然是站点管理员信息
ServerAdmin webmaster@wonld.com
# 依然是<a href="/tag/zhandian/" target="_blank" class="keywords">站点</a>目录信息
DocumentRoot /var/www/www.wonld.com
# Available loglevels: trace8,emerg.
# It is also possible to configure the loglevel for particular
# modules,e.g.
#LogLevel info ssl:warn
# 依然是<a href="/tag/cuowu/" target="_blank" class="keywords">错误</a>日志信息
ErrorLog ${APACHE_LOG_DIR}/error-www.wonld.com.log
CustomLog ${APACHE_LOG_DIR}/access-www.wonld.com.log combined
# For most configuration files from conf-available/,which are
# enabled or disabled at a global level,it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
# 启用SSL引擎(废话)
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file,only the
# SSLCertificateFile directive is needed.
# 配置SSL证书(三级证书),这里证书可以是pem 也可以是crt格式的,看ca给的格式
SSLCertificateFile /etc/ssl/certs/ssl-cert-www.wonld.com.pem
# 配置SSL证书私钥(非常重要!!)
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-www.wonld.com.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
# 在某些情况下,如果证书是三级的,需要一个中继证书(二级证书),这个可以从CA那里下载。
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
# CA证书路径(一级证书)
#SSLCACertificatePath /etc/ssl/certs/
# CA证书,需要从CA下载
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
# 配置失效证书列表(并不明白如何使用)
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none,optional,require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set var<a href="/tag/IoU/" target="_blank" class="keywords">IoU</a>s options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|<a href="/tag/PHP/" target="_blank" class="keywords">PHP</a>)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed,i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed,i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant,but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility,so you usually additionally want to disable
# keep-alive for those clients,too. Use variable "nokeepalive" for this.
# Similarly,one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
# BrowserMatch "MSIE [2-6]" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
</VirtualHost>
启用站点
sudo a2ensite www.wonld.com-ssl重启服务
sudo service apache2 restart
配置MysqL
开启远程访问
编辑 /etc/MysqL/my.cnf
将 bind-address = 127.0.0.1 配置行变成 bind-address = 0.0.0.0
创建管理用用户
这里需要输入在安装MysqL时的密码。
建议在服务器本地运行该命令。 MysqL -h127.0.0.1 -uroot -p
CREATE USER 'ubuntu'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wonld.* TO 'ubuntu'@'%';
注: 建议为站点程序单独创建一个用户,并且授予很少的权限,下方为命令。
@H_502_59@# 创建 wonld 用户
CREATE USER 'wonld'@'localhost' IDENTIFIED BY 'password';
# 创建 wonld 数据库
CREATE DATABASE wonld;
# 为 wonld 用户授予 wonld 数据库的基础的CRUD权限
GRANT SELECT,INSERT,UPDATE,DELETE ON wonld.* TO 'wonld'@'localhost';
配置SendMail
如果有第三方邮件提供商,请使用第三方邮件提供商提供的服务,SendMail太蛋疼了,另外,垃圾邮件防不胜防。
常用的管理命令
原来的文件
不忍直视。。
@H_502_59@# 为Ubuntu系统配置LAMP运行环境
# ubuntu编写
# 编辑于20160816
# 该脚本适用于Ubuntu 14.04
# 该脚本,用户名为ubuntu,网站名为www.wudew.com,具体情况需要具体分析
配置用户
添加一个非 root 用户用于管理,并且禁用默认的 root 用户(适用于阿里云)
sudo useradd -mk /home/ubuntu -s /bin/bash ubuntu
sudo adduser ubuntu adm
sudo adduser ubuntu cdrom
sudo adduser ubuntu sudo
sudo adduser ubuntu dip
sudo adduser ubuntu plugdev
禁用(锁定) root 用户
sudo passwd root -l
配置包管理
编辑 sources.list 列表,加快安装速度(将美国的ubuntu官方源换成国内搜狐源)
如果是阿里云,AWS机器不用配置
sudo vi /etc/apt/sources.list
sudo echo "# Sohu" >>/etc/apt/sources.list
sudo echo "deb http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb-src http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb-src http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb-src http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb-src http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse" >>/etc/apt/sources.list
sudo echo "deb-src http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse" >>/etc/apt/sources.list
更新 apt-get 源信息(从上面的网站拉去包信息,该命令需要定期执行)
sudo apt-get update
安装包
清理原来的vim
sudo apt-get purge vim-common -y
安装新的vim并且安装服务器管理工具,ssh,ftp,pptp,openssl
sudo apt-get install vim openssh-server vsftpd zip unzip pptpd openssl -y
安装应用需要的环境,Apache2,MysqL,Redis,Sendmail,PHP5,PHP5相关库
sudo apt-get install apache2 MysqL-server MysqL-client redis-server sendmail PHP5 PHP5-MysqL PHP5-gd PHP5-mcrypt PHP5-redis -y
配置包
配置 Apache2
启用模块 SSL,Rewrite
sudo a2enmod ssl rewrite
启用默认的SSL网站
sudo a2ensite default-ssl
新建网站目录并且配置目录权限
sudo mkdir /var/www/www.wudew.com/
sudo chown -R ubuntu /var/www/www.wudew.com
或者可以这样
mkdir /home/ubuntu/www/www.wudew.com
sudo mount -B /var/www/www.wonld.com /home/ubuntu/www/www.wudew.com
创建HTTP配置文件并且进行配置
sudo touch /etc/apache2/sites-available/www.wudew.com.conf
以下文件内容是通过/etc/apache2/sites-available/000-default.conf修改而来,具体可以查看原文件
sudo echo "<VirtualHost *:80>" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo " ServerName www.wudew.com" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo " ServerAdmin webmaster@wudew.com" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo " DocumentRoot /var/www/www.wudew.com" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo " ErrorLog ${APACHE_LOG_DIR}/error-www.wudew.com.log" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo " CustomLog ${APACHE_LOG_DIR}/access-www.wudew.com.log combined" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo "" >>/etc/apache2/sites-available/www.wudew.com.conf
sudo echo "# vim: Syntax=apache ts=4 sw=4 sts=4 sr noet" >>/etc/apache2/sites-available/www.wudew.com.conf
启用网站
sudo a2ensite www.wudew.com
创建HTTPS配置文件并且进行配置
sudo touch /etc/apache2/sites-available/www.wudew.com-ssl.conf
以下文件内容是通过/etc/apache2/sites-available/default-ssl.conf修改而来,具体可以查看原文件
请先在/etc/ssl/certs/目录下正确放置文件
sudo echo "" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " <VirtualHost *:443>" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " ServerAdmin webmaster@wudew.com" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " ServerName www.wudew.com" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " DocumentRoot /var/www/www.wudew.com" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " LogLevel info ssl:warn" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " ErrorLog ${APACHE_LOG_DIR}/error-www.wudew.com-ssl.log" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " CustomLog ${APACHE_LOG_DIR}/access-www.wudew.com-ssl.log combined" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLEngine on" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLCertificateFile /etc/ssl/certs/www.wudew.com.crt" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLCertificateKeyFile /etc/ssl/private/www.wudew.com.key" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLCertificateChainFile /etc/ssl/certs/WoSignCACN.crt" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " <FilesMatch \".(cgi|shtml|phtml|php)$\">" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLOptions +StdEnvVars" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " " >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " <Directory /usr/lib/cgi-bin>" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " SSLOptions +StdEnvVars" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " " >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " BrowserMatch \"MSIE [2-6]\" \" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " nokeepalive ssl-unclean-shutdown \" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " downgrade-1.0 force-response-1.0" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " BrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " " >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo " " >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
sudo echo "# vim: Syntax=apache ts=4 sw=4 sts=4 sr noet" >>/etc/apache2/sites-available/www.wudew.com-ssl.conf
启用网站
sudo a2ensite www.wudew.com-ssl
重新加载服务
sudo service apache2 reloadN wonld.* TO 'ubuntu'@'%';
配置VSFTP
允许写入
sudo sed -i "s/#write_enable=YES/write_enable=YES/g" /etc/vsftpd.conf
禁止用户访问主目录以外目录
sudo sed -i "s/#chroot_local_user=YES/chroot_local_user=YES/g" /etc/vsftpd.conf
sudo sed -i "s/#chroot_list_enable=YES/chroot_list_enable=YES/g" /etc/vsftpd.conf
sudo sed -i "s/#write_enable=YES/write_enable=YES/g" /etc/vsftpd.conf
sudo echo "allow_writeable_chroot=YES" >>/etc/vsftpd.conf
注:/etc/vsftpd.chroot_list 为例外用户列表
sudo service vsftpd restart
配置 MysqL
配置MysqL来允许远程访问,(这里tab被sublimetext转成空格了。。。。。)
sudo sed -i "s/bind-address = 127.0.0.1/bind-address = 0.0.0.0/g" /etc/MysqL/my.cnf
MysqL -u root
CREATE USER 'ubuntu'@'%' IDENTIFIED BY 'password';
CREATE USER 'wonld'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE wonld;
GRANT SELECT,DELETE ON wonld.* TO 'wonld'@'localhost';
GRANT ALL PRIVILEGES ON wonld.* TO 'wonld'@'localhost';
配置PPTP
sudo sed -i "s/#localip 192.168.0.1/localip 192.168.0.1/g" /etc/pptpd.conf
sudo sed -i "s/#remoteip 192.168.0.234-238,192.168.0.245/remoteip 192.168.0.234-238,192.168.0.245/g" /etc/pptpd.conf
sudo sed -i "s/#ms-dns 10.0.0.1/ms-dns 8.8.8.8/g" /etc/ppp/pptpd-options
sudo sed -i "s/#ms-dns 10.0.0.2/ms-dns 8.8.4.4/g" /etc/ppp/pptpd-options
sudo service pptpd restart
sudo vi /etc/sysctl.conf
sudo sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/ppp/pptpd-options
sudo sysctl -p
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo echo "sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >>/etc/rc.local
sudo vi /var/log/pptpd_record.log
Add
Type Username Time InterfaceName(Device) Tty LinkSpead LocalIP(VPNIP) PeerIP(AssignIP) ClientIP ConnectTime BytesSent BytesRcvd BytesSum AverageSpeed
sudo chown syslog:adm /var/log/pptpd_record.log
sudo vi /etc/ppp/ip-up
Add
echo "Connect $PEERNAME date -d today +%F_%T $1 $2 $3 $4 $5 $6 " >> /var/log/pptpd_record.log
sudo vi /etc/ppp/ip-down
Add
sum_bytes=$(($BYTES_SENT+$BYTES_RCVD))
sum=echo "scale=2;$sum_bytes/1024/1024"|bc
ave=echo "scale=2;$sum_bytes/1024/$CONNECT_TIME"|bc
echo "Disconnect $PEERNAME date -d today +%F_%T $1 $2 $3 $4 $5 $6 $CONNECT_TIME s $BYTES_SENT B $BYTES_RCVD B $sum MB $ave KB/s" >> /var/log/pptpd_record.log
sendmail
sudo vi /etc/mail/local-host-names
Delete ALL
Add wudew.com
sudo vi /etc/mail/sendmail.cf
Find #Dj$w.Foo.COM
Replace with Djwudew.com
sudo vi /etc/hosts
Find 127.0.0.1 localhost localhost.localdomain
Replace with 127.0.0.1 localhost localhost.localdomain wudew.com {HOSTNAME}
sudo service sendmail restart
PHPMyadmin
sudo ln -s /usr/share/PHPmyadmin /var/www/www.wudew.com/admin/tool/
Admin
System
- 添加一个用户组并指定id为1002
sudo groupadd -g 1002 www
- 添加一个用户到www组并指定id为1003
sudo useradd wyx -g 1002 -u 1003 -m
- 修改用户的密码
sudo passwd wyx
- 删除一个用户
sudo userdel wyx
- 为该用户添加sudo权限
sudo usermod -a -G adm wyx
sudo usermod -a -G sudo wyx
- 查看所有用户和用户组:
cat /etc/passwd
cat /etc/groupService
sudo service XXX {start/stop/restart}
MysqL
SET PASSWORD FOR 'username'@'%' = PASSWORD('password');
DROP USER 'username'@'%'
PPTP
添加用户
echo "USERNAME pptpd PASSWORD *" | sudo tee -a /etc/ppp/chap-secrets
sudo service pptpd restart
apt-get卸载
单纯卸载包
apt-get remove {packages}
卸载包和配置文件
apt-get purge {packages}
清理无用的(依赖)包
apt-get autoremove
