Press "Enter" to skip to content

平淡人生 Posts

CentOS8挂载新硬盘

热度 54 度

创建新硬盘分区命令参数:
fdisk可以用m命令来看fdisk命令的内部命令;
a:命令指定启动分区;
d:命令删除一个存在的分区;
l:命令显示分区ID号的列表;
m:查看fdisk命令帮助;
n:命令创建一个新分区;
p:命令显示分区列表;
t:命令修改分区的类型ID号;
w:命令是将对分区表的修改存盘让它发生作用

[root@kiccleaf ~]# fdisk -l
Disk /dev/sda: 1000 GiB, 1073741824000 bytes, 2097152000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x16aee8ac

Device     Boot   Start        End    Sectors  Size Id Type
/dev/sda1  *       2048    2099199    2097152    1G 83 Linux
/dev/sda2       2099200 2097151999 2095052800  999G 8e Linux LVM


//新硬盘
Disk /dev/sdb: 1000 GiB, 1073741824000 bytes, 2097152000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/cl-root: 50 GiB, 53687091200 bytes, 104857600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/cl-swap: 7.9 GiB, 8468299776 bytes, 16539648 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/cl-home: 941.1 GiB, 1010508496896 bytes, 1973649408 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[root@kiccleaf ~]# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xa5c1ca20.

Command (m for help): n
Partition type
   //输入p分为主分区
   p   primary (0 primary, 0 extended, 4 free)
   //输入e分为逻辑分区
   e   extended (container for logical partitions)
Select (default p): p
//输入该主分区为第几个主分区,由于是新盘我们输入1来分第一个主分区
Partition number (1-4, default 1): 1
 
//First sector 是选择该分区的起始扇区,直接回车
First sector (2048-2097151999, default 2048): 
//使用全部可用存储额,直接回车
Last sector, +sectors or +size{K,M,G,T,P} (2048-2097151999, default 2097151999): 

Created a new partition 1 of type 'Linux' and of size 1000 GiB.

//w保存
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
//mkfs.xfs命令带-f强制格式化
[root@kiccleaf ~]# mkfs.xfs -f /dev/sdb1
meta-data=/dev/sdb1              isize=512    agcount=4, agsize=65535936 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1
data     =                       bsize=4096   blocks=262143744, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=127999, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
//用命令blkid 查看一下已是xfs格式
[root@kiccleaf data]# blkid /dev/sdb1
/dev/sdb1: UUID="813681bd-a154-43d8-88dc-27750eacfcc1" TYPE="xfs" PARTUUID="a5c1ca20-01"
//创建挂载目录
[root@kiccleaf ~]# mkdir /data
//mount直接挂载硬盘至data
[root@kiccleaf ~]# mount /dev/sdb1 /data
//查看一下挂载的硬盘data已经有了
[root@kiccleaf ~]# df -h
Filesystem           Size  Used Avail Use% Mounted on
devtmpfs             3.8G     0  3.8G   0% /dev
tmpfs                3.9G     0  3.9G   0% /dev/shm
tmpfs                3.9G  9.0M  3.8G   1% /run
tmpfs                3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/mapper/cl-root   50G  6.3G   44G  13% /
/dev/mapper/cl-home  941G  6.7G  935G   1% /home
/dev/sda1            976M  198M  711M  22% /boot
tmpfs                779M     0  779M   0% /run/user/0
/dev/sdb1            984G   77M  934G   1% /data
//系统重启自动挂载该分区对fstab进行编辑
[root@kiccleaf ~]# vim /etc/fstab

系统重启自动挂载该分区可修改/etc/fstab文件,在最后加入添加:/dev/sdb1 /data xfs defaults 0 0

格式说明:/dev/sdb1 代表哪个分区, /data是挂载目录, xfs是该分区的格式,defaults 是挂载时所要设定的参数(只读,读写,启用quota等),输入defaults包括的参数有(rw、dev、exec、auto、nouser、async) ,1是使用dump是否要记录,0是不要。 2是开机时检查的顺序,是boot系统文件就为1,其他文件系统都为2,如不要检查就为0

# 
# /etc/fstab
# Created by anaconda on Fri Sep  4 12:04:04 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cl-root     /                       xfs     defaults        0 0
UUID=86a7eaa3-61db-49cd-be3d-54b724f24878 /boot                   ext4    defaults        1 2
/dev/mapper/cl-home     /home                   xfs     defaults        0 0
/dev/mapper/cl-swap     swap                    swap    defaults        0 0
/dev/sdb1 /data                                 xfs    defaults        0 0

xfs格式是一种非常优秀的日志文件系统,它是SGI公司设计的。xfs被称为业界最先进的、最具可升级性的文件系统技术,xfs是一个64位文件系统,最大支持8EB减1字节的单个文件系统,实际部署时取决于宿主操作系统的最大块限制。对于一个32位Linux系统,文件和文件系统的大小会被限制在16TB
xfs在很多方面确实做的比ext4好,ext4受限制于磁盘结构和兼容问题,可扩展性和scalability确实不如xfs。具体详细的区别请自行了解,采用df -T 命令查看系统硬盘的格式

[root@kiccleaf ~]# df -T
Filesystem          Type      1K-blocks    Used  Available Use% Mounted on
devtmpfs            devtmpfs    3968364       0    3968364   0% /dev
tmpfs               tmpfs       3985404       0    3985404   0% /dev/shm
tmpfs               tmpfs       3985404    9176    3976228   1% /run
tmpfs               tmpfs       3985404       0    3985404   0% /sys/fs/cgroup
/dev/mapper/cl-root xfs        52403200 6583040   45820160  13% /
/dev/sdb1           xfs      1048062980 7340272 1040722708   1% /data
/dev/sda1           ext4         999320  202436     728072  22% /boot
/dev/mapper/cl-home xfs       986342856 6965148  979377708   1% /home
tmpfs               tmpfs        797080       0     797080   0% /run/user/0
Leave a Comment

Linux/FreeBSD 下tar加密压缩命令

热度 21 度

加密压缩

tar -czvf - file | openssl des3 -salt -k password -out kiccleaf.tar.gz

解密解压

openssl des3 -d -k password -salt -in kiccleaf.tar.gz | tar zxvf -

file:可以是文件或是目录,多文件/目录空格隔开
password:需要设定的密码

需要注意事项:
在命令行直接输入命令进行加密操作,一般系统在用户的命令历史Linux【.bash_history】/FreeBSD下【.history】文件里面会记录了命令行也就知道了密码,所以如果系统记录了操作的命令行则需要清掉涉及的历史记录或清空,也可以在加密时候不要使用 -k 参数以及后面的密码串,等询问时候再进行输入,解压输入 密码串,这样就不会泄漏密串。如下操作:

加密码提示输入密串,需要输入两次
[root@kiccleaf ~]# tar -czvf - kiccleaf | openssl des3 -salt -out kiccleaf.tar.gz
test.sh
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:

直接解压不可以咯
[root@kiccleaf ~]# tar zxvf kiccleaf.tar.gz 

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now

解压提示输入密串
[root@kiccleaf ~]# openssl des3 -d -salt -in kiccleaf.tar.gz | tar zxvf -
enter des-ede3-cbc decryption password:
test.sh

Leave a Comment

CentOS8/FreeBSD12的Nginx+php-fpm.conf优化配置

热度 48 度

首先优化配置会结合机器硬件的配置进行的,不能无限制无目的的进行,所以先了解自己的cpu,内存,硬盘等信息,然后进行系统的优化,再然后才到应用类的优化设置。

测试环境:CPU E3-1231 V3 四核八线程,内存32G

FreeBSD中Nginx.conf文件配置

user  www www;
worker_processes  auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 51200;

#worker_rlimit_nofile 是nginx能打开文件的最大句柄数,我们需要把这个数字设大一点。
#linux系统的文件查看数限制查看是用 ulimit -n ,修改这个限制是用 ulimit -HSn 65535

events {
        worker_connections 51200;
}

#开启gzip减少带宽
http {

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";
}

CentOS8中的Nginx.conf文件配置

user  www www;

worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 51200;
#worker_rlimit_nofile 是nginx能打开文件的最大句柄数,我们需要把这个数字设大一点。
#linux系统的文件查看数限制查看是用 ulimit -n ,修改这个限制是用 ulimit -HSn 65535
events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }
http
    {
        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

events模块中use设置说明
use epoll
使用epoll的I/O 模型(值得注意的是如果你不知道Nginx该使用哪种轮询方法的话,它会选择一个最适合你操作系统的)
补充说明:与apache相类,nginx针对不同的操作系统,有不同的事件模型
A)标准事件模型
Select、poll属于标准事件模型,如果当前系统不存在更有效的方法,nginx会选择select或poll
B)高效事件模型
Kqueue:使用于FreeBSD 4.1+, OpenBSD 2.9+, NetBSD 2.0 和 MacOS X.使用双处理器的MacOS X系统使用kqueue可能会造成内核崩溃。
Epoll:使用于Linux内核2.6版本及以后的系统。
/dev/poll:使用于Solaris 7 11/99+, HP/UX 11.22+ (eventport), IRIX 6.5.15+ 和 Tru64 UNIX 5.1A+。
Eventport:使用于Solaris 10. 为了防止出现内核崩溃的问题, 有必要安装安全补丁
查看linux版本号可以使用 cat /proc/version命令

worker_processes,工作进程数
1.默认:worker_processes: 1
这里直接设置为auto,根据需求自动调整

worker_cpu_affinity auto;
允许将工作进程自动绑定到可用的CPU

worker_connections,单个工作进程可以允许同时建立外部连接的数量,数字越大,能同时处理的连接越多
1.默认:worker_connections: 1024

worker_connections解析
1.connections不是随便设置的,而是与两个指标有重要关联,一是内存,二是操作系统级别的“进程最大可打开文件数”。
2.进程最大可打开文件数:进程最大可打开文件数受限于操作系统,可通过 ulimit -n 命令查询,以前是1024,现在是65535。(常规系统都配置成65535)

这些官方信息更全面,我这里只讲我优化配置的点,因为服务器需求不同,这些配置会做相应调整,不能盲目的认为这些值是固定的。

接下去说一下php-fpm.conf文件的配置

FreeBSD文件配置默认情况在:/usr/local/etc/php-fpm.d/www.conf

CentOS8文件配置默认情况在:/usr/local/php/etc/php-fpm.conf

#最大子进程数量,一般每个php-cgi所耗费的内存为20M左右
#如果这个值设置的比较小,那么等待的请求时间会出现502超时
#32G内存服务器可以设置1600,但实际应用中不会这样配置,而是根据自己需求进行设定
pm.max_children = 800

#启动时创建的子进程数,常规10~20之间就可以,20个的话是400M内存
pm.start_servers = 40

#为避免内存泄露,php-fpm有这么一个机制,
#当一个php-cgi进程处理的请求数达到这个配置后,则会自动重启该进程,
#所以在高并发中,经常导致502错误,解决方法就是把这个值设置大一些,
#减少进程重启次数,减少高并发情况下502错误。
pm.max_requests = 10240

#单个请求的超时中止时间,超时后会终止进程,nginx发现信号断了,
#就会给客户端返回502错误。和php.ini的max_execution_time配置不冲突,
#谁先达到时间谁先起作用。
request_terminate_timeout = 100

#保证空闲进程数最小值,如果空闲进程小于此值,则创建新的子进程
pm.min_spare_servers = 40

#保证空闲进程数最大值,如果空闲进程大于此值,此进行清理
pm.max_spare_servers = 80

#空闲进程超时时间10秒
pm.process_idle_timeout = 10s

#状态页,可以通过该状态页了解监控 php-fpm 的状态,status可以修改成自己的名称
#pm.status_path = /status
pm.status_path = /kiccleaf
    server {
        listen       80;
        server_name  localhost;
        #Nginx状态页,监控Nginx状态增加以下内容
        location /nginx_status {
                stub_status on;
                access_log off;
                #允许内网访问IP
                allow 192.168.1.8;
                allow 127.0.0.1;
                deny all;
        }
        #php-fpm监控页,增加以下内容
        location = /kiccleaf {
                include fastcgi_params;
                fastcgi_pass unix:/tmp/php-cgi.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        }
}

打开http://网址/nginx_status 显示:

Active connections: 2 
server accepts handled requests
 6 6 78 
Reading: 0 Writing: 1 Waiting: 1 

打开http://网址/kiccleaf 显示:

pool:                 www
process manager:      dynamic
start time:           31/Aug/2020:15:59:56 +0800
start since:          12
accepted conn:        14
listen queue:         0
max listen queue:     0
listen queue len:     0
idle processes:       39
active processes:     1
total processes:      40
max active processes: 1
max children reached: 0
slow requests:        0
Leave a Comment

FreeBSD12安装Nginx1.18+PHP7.4+MariaDB10.4的网站环境

热度 52 度

个人很喜欢FreeBSD系统,简单,占用资源少,在网站大并发处理方面性能比Linux要好很多,稳定运行三五年都不用重启,因为之前做广告投放系统,每天大并发300多万,Linux并发一上来压力就大系统就慢下来,搞不好就挂机了,然而FreeBSD安然无恙,所以还有什么理由不选择这么优秀的系统来做大并发服务呢?(当然这里还涉及到很多系统安全及优化操作,等空了再分享给大家,先记录一下基本环境的搭建)

常用的工具
pkg install vim wget screen
编译扩展时用到的
pkg install autoconf

这里需要的扩展就自己选择增加吧,不知道的可以用才下工具查出你想要的扩展吧

pkg search php74

开始NGINX+PHP7.4.9+MARIADB的安装:

pkg install php74 php74-zlib php74-exif php74-gd php74-mbstring php74-xml php74-pdo php74-pdo_mysql php74-pdo_pgsql php74-mysqli php74-curl php74-opcache php74-intl php74-sockets php74-zip php74-openssl php74-bz2 php74-pecl-redis php74-session php74-json php74-dom php74-fileinfo php74-simplexml php74-simplexml php74-pdo_sqlite php74-iconv php74-pecl-imagick-im7 php74-filter php74-phar php74-calendar php74-ctype php74-exif php74-bcmath php74-dba php74-tokenizer php74-extensions php73-zip nginx-full mariadb104-server-10.4.13_4 mariadb104-client-10.4.13_4

开机启动项/etc/rc.conf增加:

php_fpm_enable="yes"
nginx_enable="yes"
mysql_enable="yes"
mysql_pidfile="/var/db/mysql/mysql.pid"
mysql_optfile="/usr/local/etc/my.cnf"

PHP配置/usr/local/etc/php-fpm.d/www.conf

[www]
user = www
group = www

;listen = 127.0.0.1:9000
 (注释掉或删除,添加以下这一行/tmp/php-cgi.sock)
listen = /tmp/php-cgi.sock

开启以下三行
listen.owner = www
listen.group = www
listen.mode = 0660

为什么要用unix:/tmp/php-cgi.sock替代127.0.0.1:9000呢?最主要的就是unix socket比tcp快,所以对大并发的网站优化过后性能提升不少,这一点你GET到了吗?启动php-fpm自动生成/tmp/php-cgi.sock。

对php.ini文件的修改,增加重要的函数进行屏蔽

disable_functions = passthru,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
根据服务器内存大小调整
memory_limit = 128M
上传文件最大5M
upload_max_filesize = 5M

根据需要开启opcache缓存,能提升性能
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.max_wasted_percentage=5
opcache.validate_timestamps=1
opcache.revalidate_freq=10

validate_timestamps配置项用于验证是否要重新生成缓存脚本, 如果设置为 0(性能最佳),需要手动在每次 PHP 代码更改后手动清除 opcache。除了重启php-fpm的进程可以清理opcache缓存外, 通过PHP函数可以手动清除:

<?php opcache_reset();?>

网络上其他朋友说,当PHP以PHP-FPM的方式运行的时候,opcache的缓存是无法通过php命令进行清除的,只能通过http或cgi到php-fpm进程的方式来清除缓存(此说法本人未验证过)。我配置的生产环境一般都会通过重启php-fpm进程来清除缓存,所以一般一直缓存着高效。

validate_timestamps配置项如果值为 0,那么 revalidate_freq 将失去作用。
revalidate_freq 用于控制 opcache 多久生成一次缓存字节码,这里配置了默认 10s。所以一般我们在开发环境中将上面两个值配置为:

opcache.validate_timestamps=1;
opcache.revalidate_freq=1;

php.net上有人提供的方法存放到 /usr/local/bin/opcache-clear ,需要重置的时候执行一下: “opcache-clear”(仅供参考):

#!/bin/bash
WEBDIR=/var/www/html/
RANDOM_NAME=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)
echo "<?php opcache_reset(); ?>" > ${WEBDIR}${RANDOM_NAME}.php
curl http://localhost/${RANDOM_NAME}.php
rm ${WEBDIR}${RANDOM_NAME}.php

PHP开发的针对opcache进行图形化的参考:

https://github.com/rlerdorf/opcache-status

https://github.com/PeeHaa/OpCacheGUI

nginx.conf中修改

# fastcgi_pass 127.0.0.1:9000;

改为:
fastcgi_pass unix:/tmp/php-cgi.sock;

# fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
改为:
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

默认WEB目录:/usr/local/www/nginx-dist 执行PHP可能需要添加相应的执行权限及目录用户归www
保存后重启php-fpm和nginx:

root@kiccleaf:/home # service php-fpm restart
root@kiccleaf:/home # service nginx restart

启动Mysql,正常情况下

root@kiccleaf:/usr/local/etc # service mysql-server start
Installing MariaDB/MySQL system tables in '/var/db/mysql' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/

Starting mysql.

mysql如果进程中没有看到说明启动失败,可以看错误信息文件:/var/log/mysql/mysqld.err

2020-08-29 22:52:52 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-08-29 22:52:52 0 [Note] InnoDB: Uses event mutexes
2020-08-29 22:52:52 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-08-29 22:52:52 0 [Note] InnoDB: Number of pools: 1
2020-08-29 22:52:52 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-08-29 22:52:52 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-08-29 22:52:52 0 [Note] InnoDB: Completed initialization of buffer pool
2020-08-29 22:52:52 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-08-29 22:52:52 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-08-29 22:52:52 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-08-29 22:52:52 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-08-29 22:52:52 0 [Note] InnoDB: Waiting for purge to start
2020-08-29 22:52:52 0 [Note] InnoDB: 10.4.13 started; log sequence number 61026; transaction id 21
2020-08-29 22:52:52 0 [Note] InnoDB: Loading buffer pool(s) from /var/db/mysql/ib_buffer_pool
2020-08-29 22:52:52 0 [Note] InnoDB: Buffer pool(s) load completed at 200829 22:52:52
2020-08-29 22:52:52 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-08-29 22:52:52 0 [Note] Server socket created on IP: '127.0.0.1'.
2020-08-29 22:52:52 0 [ERROR] Can't start server : Bind on unix socket: Permission denied
2020-08-29 22:52:52 0 [ERROR] Do you already have another mysqld server running on socket: /var/run/mysql/mysql.sock ?
2020-08-29 22:52:52 0 [ERROR] Aborting

关键的错误信息已经提示:Can’t start server : Bind on unix socket: Permission denied 和Do you already have another mysqld server running on socket: /var/run/mysql/mysql.sock ?启动权限有关,需要找到启动:/var/run/mysql目录 权限:root wheel需要修改成mysql用户权限,然后重启mysql就成功了。

原目录权限
drwxr-xr-x  2 root  wheel      512 Aug 29 22:09 mysql/

变更目录所有者权限
root@kiccleaf:/var/run # chown -R mysql:mysql mysql/

运行mysql
root@kiccleaf:/var/run # service mysql-server start
Starting mysql.
查看一下mysql目录下是否生成了mysql.sock文件
root@kiccleaf:/var/run # ll mysql/
total 0
srwxrwxrwx  1 mysql  mysql  0 Aug 29 23:03 mysql.sock=
查看进程是否已经启动,找到mysqld_safe 
root@kiccleaf:/var/run # ps aux
mysql 1092   0.0  0.0  11988  2976  -  Ss   23:03     0:00.99 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/usr/local/etc/my.cnf --user=mysql

接下去初始mysql操作

root@kiccleaf:/var/run # /usr/local/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

#输入mysql的root密码。默认没有,直接回车
Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

#是否切换到unix套接字身份验证[Y/n]
Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

#是否设置root密码,选Y,输入2次需要设定的密码
Change the root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

#是否删除匿名用户?果断删除
Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

#是否不允许远程root登录,正式环境下应该选择Y,我是在测试环境需要连接。
Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

#是否删除test数据库
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

#是否加载权限使之生效
Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

在默认的WEB目录下/usr/local/www/nginx-dist创建index.php内容:

<?php
phpinfo();
?>

打开浏览器,输入http://IP地址/index.php,可以看到成功的页面了。到此FreeBSD12系统下的基础配置已经完成。

Leave a Comment

CentOS8系统时间同步解决方法

热度 61 度

装了新的CentOS8,才发现有很多原来使用的工具在新版本中已经被其他工具替代,今天把常规的系统时间同步问题解决一下,CentOS7及以下的都是采用NTP来解决,《linux中rc.local设置开机自启没有生效解决方案》。

找了一下方法,原来是使用了另一个工具替代了,记录一下先

[root@kiccleaf home]# yum install -y chrony

Installed:
  chrony-3.5-1.el8.x86_64                                                                                            timedatex-0.5-3.el8.x86_64                                                                                           

Complete!
安装好工具,先启动
[root@kiccleaf home]# systemctl start chronyd
设为系统自动启动
[root@kiccleaf home]# systemctl enable chronyd
编辑一下配置文件
[root@kiccleaf home]# vim /etc/chrony.conf

/etc/chrony.conf配置文件内容:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst (这一行注释掉,增加以下两行)
server ntp.aliyun.com iburst
server cn.ntp.org.cn iburst
重新加载配置
[root@kiccleaf home]# systemctl restart chronyd.service
[root@kiccleaf home]# chronyc sources -v
210 Number of sources = 2

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6     7     2   -188us[+6871us] +/-   24ms
^- 61.177.189.190                3   6    17    19   +663us[ +663us] +/-   97ms

[root@kiccleaf home]# date
Sat Aug 29 16:26:08 CST 2020
Leave a Comment

FreeBSD12.1中 NTP 时间同步

热度 38 度

做测试环境有时候关掉了vm主机,再开启时,时间和当天已经不同步了,所以需要同步,简单的执行一下命令:

/usr/sbin/ntpdate cn.pool.ntp.org

以上命令在其他低版本中也适用,每次执行也有点麻烦,直接放到启动项里,之后开机自动同步时间了,在/etc/rc.conf增加如下配置:

ntpdate_enable="YES" 
ntpdate_program="/usr/sbin/ntpdate"
ntpdate_flags="cn.pool.ntp.org"
Leave a Comment

PHP短连接生成算法

热度 42 度

看到一朋友写的PHP短连接生成的算法,拿来修改一下原文件地址:https://www.cnblogs.com/zemliu/archive/2012/09/24/2700661.html

<?php
    #短连接生成算法

    class Short_Url {
        #字符表
        public static $charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
        public static function short($url) {
            $key = "alexis";
            $urlhash = md5($key . $url);
            $len = strlen($urlhash);
            #将加密后的串分成4段,每段4字节,对每段进行计算,一共可以生成四组短连接
            for ($i = 0; $i < 4; $i++) {
                $urlhash_piece = substr($urlhash, $i * $len / 4, $len / 4);
                #将分段的位与0x3fffffff做位与,0x3fffffff表示二进制数的30个1,即30位以后的加密串都归零
                $hex = hexdec($urlhash_piece) & 0x3fffffff; #此处需要用到hexdec()将16进制字符串转为10进制数值型,否则运算会不正常

                $short_url = "http://t.cn/";
                #生成6位短连接
                for ($j = 0; $j < 6; $j++) {
                    #将得到的值与0x0000003d,3d为61,即charset的坐标最大值
                    $short_url .= self::$charset[$hex & 0x0000003d];
                    #循环完以后将hex右移5位
                    $hex = $hex >> 5;
                }
                $short_url_list[] = $short_url;
            }
            return $short_url_list;
        }
    }
    $url = "http://www.cnblogs.com/zemliu/";
    $short = Short_Url::short($url);
    print_r($short);
?>
[root@kiccleaf ~]# php shorturl.php 
Array
(
    [0] => http://t.cn/KyfLyH
    [1] => http://t.cn/bPafHS
    [2] => http://t.cn/H880aD
    [3] => http://t.cn/TmvDK0
)

生成的短url存到服务器里,做一个映射,short_url => original_url,输入短url的时候按照映射转回长url,然后访问原始url即可,原作者输出了四组短网址。

其实在实际应用中只需要一个就够了,简单的修改如下:

<?php
    #短连接生成算法

    class Short_Url {
        #字符表
        public static $charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
        public static function short($url) {
            $key = "alexis";
            $urlhash = md5($key . $url);
            $len = strlen($urlhash);
               $urlhash_piece = substr($urlhash, 1 * $len / 4, $len / 4);
                #将分段的位与0x3fffffff做位与,0x3fffffff表示二进制数的30个1,即30位以后的加密串都归零
                $hex = hexdec($urlhash_piece) & 0x3fffffff;
                #此处需要用到hexdec()将16进制字符串转为10进制数值型,否则运算会不正常
                $short_url = "http://t.cn/";
                #生成6位短连接
                for ($j = 0; $j < 6; $j++) {
                    #将得到的值与0x0000003d,3d为61,即charset的坐标最大值
                    $short_url .= self::$charset[$hex & 0x0000003d];
                    #循环完以后将hex右移5位
                    $hex = $hex >> 5;
                }
            return $short_url;
        }
    }

    $url = "http://www.cnblogs.com/zemliu/";
    $short = Short_Url::short($url);
    print_r($short);
?>

输出单个短网址,进行保存

[root@kiccleaf ~]# php shorturl1.php 
http://t.cn/KyfLyH
Leave a Comment

Linux及FreeBSD下用C语言获取CPU核数

热度 62 度
root@kiccleaf:~ # vim getcpu.c
#include <stdio.h>
#include <unistd.h>

void main(){
    printf("%d\n", sysconf(_SC_NPROCESSORS_ONLN));
}

保存退出后,进行编译

root@kiccleaf:~ # gcc getcpu.c -o getcpu
执行
root@kiccleaf:~ # ./getcpu 
8

显示八核CPU

在Linux CentOS8和FreeBSD12系统下测试通过

Leave a Comment

CentOS8下安装Go环境安装

热度 115 度

Go 语言支持以下系统:

  • Linux
  • FreeBSD
  • Mac OS X(也称为 Darwin)
  • Window

先打开网址:https://golang.google.cn/dl/ 下载需要的版本,Win,Mac,Linux自行选择自己的环境 ,这里只介绍Linux环境的配置。

[root@kiccleaf ~]# wget https://golang.google.cn/dl/go1.15.linux-amd64.tar.gz
[root@kiccleaf ~]# tar zxvf go1.15.linux-amd64.tar.gz
[root@kiccleaf ~]# mv go /usr/local/
[root@kiccleaf ~]# vim /etc/profile
在文件底部增加:
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
保存退出后
[root@kiccleaf ~]# source /etc/profile
[root@kiccleaf ~]# go version
go version go1.15 linux/amd64
显示go环境安装成功,是不是有点太简单了?
来吧,第一个go程序
[root@kiccleaf ~]# vim helloword.go

helloword.go内容:

package main
import "fmt"
func main(){
   fmt.Printf("Hello Word!\n");
}
[root@kiccleaf ~]# go build helloword.go 
[root@kiccleaf ~]# ./helloword 
Hello Word!
[root@kiccleaf ~]# du -sh helloword
2.0M	helloword
编译好的文件还是有点大的,简单的一个Hello Word!需要2M的大小。
Leave a Comment