标签 Linux 下的文章 - 软件下载-企源社区

/

标签搜索

SOSO

累计撰写 299 篇文章
累计收到 5 条评论

搜索到 12 篇与的结果

2022-04-21
CentOS 7 - 安装 OpenVPN CentOS 7 安装 Open VPN一、安装openvpnyum -y install epel-release yum -y install openvpn easy-rsa iptables-servicesDebian 安装 iptablesapt install iptables #保存配置文件 iptables-save >/etc/network/iptables.up.rules # 重启生效: vim/etc/network/if-pre-up.d/iptables #!/bin/bash /sbin/iptables-restore < /etc/network/iptables.up.rules chmod +x /etc/network/if-pre-up.d/iptables二、移动easy-rsa目录easy-rsa 默认安装目录在/usr/share/easy-rsa/3.0.8文档配置文件模板在/usr/share/doc/easy-rsa-3.0.8cp -a /usr/share/easy-rsa/3.0.8 /etc/openvpn/easy-rsa # 复制配置文件模板 cp -a /usr/share/doc/easy-rsa-3.0.8/vars.example /etc/openvpn/easy-rsa/vars三、修改配置文件:[root@C20210910156669 easy-rsa]# grep -Ev "^#|^$" vars if [ -z "$EASYRSA_CALLER" ]; then echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2 echo "This is no longer necessary and is disallowed. See the section called" >&2 echo "'How to use this file' near the top comments for more details." >&2 return 1 fi set_var EASYRSA_REQ_COUNTRY "US" #所在国家 set_var EASYRSA_REQ_PROVINCE "California" #所在省份 set_var EASYRSA_REQ_CITY "San Francisco" #所在城市 set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" #所属组织 set_var EASYRSA_REQ_EMAIL "[email protected]" #邮箱地址 set_var EASYRSA_REQ_OU "My Organizational Unit" #组织单位、部门四、初始化PKI目录[root@C20210910156669 easy-rsa]# ./easyrsa init-pki五、创建CA根证书[root@C20210910156669 easy-rsa]# ./easyrsa build-ca nopass创建CA根证书。提示输入Common Name，名字自定义。在这部分会提示Enter New CA Key Passphrase，输入两次PEM密码，此密码必须记住，不然以后不能为证书签名。可以加nopass参数表示不用密码六、生成 OpenVPN 服务器证书和密钥[root@C20210910156669 easy-rsa]# ./easyrsa build-server-full server nopass七、生成 Diffie-Hellman 算法需要的密钥文件[root@C20210910156669 easy-rsa]# ./easyrsa gen-dh八、生成生成 tls-auth key这个 key 主要用于防止 DoS 和 TLS 攻击，这一步其实是可选的，但为了安全还是生成一下，该文件在后面配置 open VPN 时会用到[root@C20210910156669 easy-rsa]# openvpn --genkey --secret ta.key九、移动生成的证书文件mkdir /etc/openvpn/server/certs cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/server/certs cp /etc/openvpn/easy-rsa/pki/private/ca.key /etc/openvpn/server/certs cp /etc/openvpn/easy-rsa/pki/private/openvpn-server.key /etc/openvpn/server/certs cp /etc/openvpn/easy-rsa/pki/issued/openvpn-server.crt /etc/openvpn/server/certs cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/server/certs十、创建openvpn日志目录[root@C20210910156669]# mkdir -p /var/log/openvpn [root@C20210910156669]# chown openvpn:openvpn /var/log/openvpn/十一、移动配置文件:[root@C20210910156669]# cd /etc/openvpn/server [root@C20210910156669 server]# cp /usr/share/doc/openvpn-2.4.12/sample/sample-config-files/server.conf .十二、编辑配置文件[root@C20210910156669 server]# grep -Ev "^#|^$" server.conf ;local a.b.c.d port 1194 #监听端口 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /etc/openvpn/server/certs/ca.crt #CA根证书路径 cert /etc/openvpn/server/certs/server.crt #open vpn服务器证书路径 key /etc/openvpn/server/certs/server.key #open vpn 服务器密钥路径 This file should be kept secret dh /etc/openvpn/server/certs/dh.pem #diffie hellman算法密钥路径 ;topology subnet server 10.8.0.0 255.255.255.0 #该网段为VPN虚拟网卡网段，不要和内网网段冲突即可 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" #DNS服务器配置 push "dhcp-option DNS 8.8.8.4" push "redirect-gateway def1" #客户端所有流量通过VPN转发，类似开全局代理 client-to-client #让VPN客户端之间可以互相通信 ;duplicate-cn #允许多个客户端使用同一个VPN账号连接服务端; 默认注释：不允许多个客户端登录一个账号 keepalive 10 120 #每10秒ping一次， ;tls-auth ta.key 0 # This file is secret tls-auth /etc/openvpn/server/certs/ta.key 0 #tls-auth,参数0可以省略，如果不省略，客户端配置相应的参数 1，如果省略客户端不需要配置tls-auth cipher AES-256-CBC ;compress lz4-v2 ;push "compress lz4-v2" ;comp-lzo ;max-clients 100 #并发客户端连接数 ;user nobody ;group nobody persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/server.log status /var/log/openvpn/status.log verb 3 #日志记录的详细级别 ;mute 20 explicit-exit-notify 1 #此选项开启只能使用 udp 协议, 否则会报错Options error: --explicit-exit-notify can only be used with --proto udp十三、关闭防火墙和selinuxsystemctl stop firewalld systemctl disable firewalld setenforce 0十四、开启内核转发vi /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p十五、防火墙配置iptables -F iptables -X iptables -Z iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -P INPUT DROP iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables-save > /etc/sysconfig/iptables十六、iptables配置# Generated by iptables-save v1.4.21 on Thu Apr 21 16:25:00 2022 *filter :INPUT DROP [3:212] :FORWARD DROP [0:0] :OUTPUT ACCEPT [138:18252] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -s 0.0.0.0/0 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 1688 -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Thu Apr 21 16:25:00 2022 # Generated by iptables-save v1.4.21 on Thu Apr 21 16:25:00 2022 *nat :PREROUTING ACCEPT [5:602] :INPUT ACCEPT [1:60] :OUTPUT ACCEPT [1:59] :POSTROUTING ACCEPT [1:59] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Thu Apr 21 16:25:00 2022 [root@C20210910156669 sysconfig]# 十七、启动VPN serversystemctl start openvpn-server@server # 启动 systemctl enable openvpn-server@server # 开机自启动 systemctl status openvpn-server@server # 查看服务状态十八、配置客户端[root@C20210910156669 client]# grep -Ev "^#|^$" client.ovpn client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto udp remote xxx.xxx.xxx.xxx 1194 ;remote my-server-2 1194 ;remote-random resolv-retry infinite #断线自动重连 nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings mute-replay-warnings ca ca.crt cert username.crt key username.key remote-cert-tls server ;tls-auth ta.key 1 tls-auth ta.key 1 cipher AES-256-CBC verb 3 十九、自动创建用户脚本【内容回复可见】二十、吊销证书# 进入目录 cd /etc/openvpn/easy-rsa/ # 吊销证书 ./easyrsa revoke test01 #查看写入的文件 ./easyrsa gen-crl # 在server.conf加入一行 crl-verify crl.pem vim /etc/openvpn/server/server.conf 最后加入一行: crl-verify /etc/openvpn/easy-rsa/pki/crl.pem 重启openvpn二十一、配置文件合并到一个文件中 client.ovpn[Tips] IOS客户端配置client dev tun ;proto tcp proto udp remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings #ca ca.crt #cert client02.crt #key client02.key remote-cert-tls server #tls-auth ta.key 1 #comp-lzo verb 3 <ca> -----BEGIN CERTIFICATE----- MIIDJDCCAgygAwIBAgIJAMv+3UPUdlJjMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV BAMMBnNlcnZlcjAeFw0yMjA0MjEwOTEzNDJaFw0zMjA0MTgwOTEzNDJaMBExDzAN BgNVBAMMBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3n HQJcnsmqkPJwLEV8YymrH1l7189/sXmJ0sa5mIYIcBKKL5haAQ6rdjRlJtuTDnoA oFJ1+Uf9Qwpxs/Tj4blsfewsSD5WlXGq2htgXZv8jjIiKwpSjN2LImJi0pOuow/v nFYGA58Xtsg4EDCIGF5LWc8L0WdfmkvN+LFvUQtnlzyIJ1haHFJdCNtgxpj8Khsa GDDRX7Nr4abnTAQwEb6jcReAhvrqu/b5CtgQDYBHV6pY1toXwZ8PzFnay4ngQFJA 5KUoFsso4beHl/F7u4O44CH61rJwiPavRKBwbYZt6ySU7mQkJRC1yQkRNV4HKwdB 6DOBdmZ+CDJSfMbkpysCAwEAAaN/MH0wHQYDVR0OBBYEFLcvJFbXdouS61U7FQ+d OTmjS20JMEEGA1UdIwQ6MDiAFLcvJFbXdouS61U7FQ+dOTmjS20JoRWkEzARMQ8w DQYDVQQDDAZzZXJ2ZXKCCQDL/t1D1HZSYzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAQt6Qxbp2sNc/WtRY7jhLl7J52kMzpoO/ 5MWmqoHZ4IU1yM9hN3KzJIby0d0JgzlWAPvl74RnV3Padu5xSlYeCK8y+EOKuJXx b/CXPloHET5EcGLpZWnhFzTUrG68QUAeP3mwP+rr+2/RTSoYNq8Qu5r8npHjhr40 xH+dLtBZDAOLJcKgi4lgCu8WINCMgPwDd5hAsGD1ul7Lso3xGlHJePt6pV2tM45e BD8vhF59WpShIRYlLqWbRG9glB7IFws024jefCEThSXuPt5M6cSO15pqDkeSjG25 CNtvgMw+VSFeBzvs2hEgY8x08pU2EPn1lhmfolcmRVdg8i0qnJBpRg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIIDQjCCAiqgAwIBAgIRANLIdjgXLZIM++/mhxiBLRYwDQYJKoZIhvcNAQELBQAw ETEPMA0GA1UEAwwGc2VydmVyMB4XDTIyMDQyMTEyNTEwOVoXDTI0MDcyNDEyNTEw OVowEzERMA8GA1UEAwwIY2xpZW50MDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDJgm94AHU2P8NpTTuPIDLCQxT3fqJafi/67Yy2LgTAbif+C/9aUuXC M/wJ4fUcBej82+oga583wfwSECubxAaiJc6hJ8fnXUQ7ZPL4PSUCu8QCCFaJCjMC 1nv8DjCC6R9YX7tAzcWOv3z8kz2Ci4elzQCm1oyhxKJKPAUoANtDPO2/8z2vNmWA 01nMsz3ehWADpVto0WWHM2o1ZCE+Mihx20rSL0c3P1IMWqoXdEllo3E10Tl/d1I1 tPY0DQ/t6BjTSUnmbto41rGHat/sarpg4sznuA1eU+wbJbF0/3kAmK8GRdelGLjs Veq0EWIc5QfU7TAl+majz5cBEp8Lh8gNAgMBAAGjgZIwgY8wCQYDVR0TBAIwADAd BgNVHQ4EFgQUUgrZwhdjvyyLaMdexvU32gKz/+4wQQYDVR0jBDowOIAUty8kVtd2 i5LrVTsVD505OaNLbQmhFaQTMBExDzANBgNVBAMMBnNlcnZlcoIJAMv+3UPUdlJj MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsF AAOCAQEAl07HOolF0Hos9oHfcQlztWt+WNHKQBQ/FxVjufwYv8cZRu+eZozrZvZe fA4mgzvPXsDRZlLKqL4zLhsGyEUTcjAdvhh0s7PVqgppWN1pLEozTvhgJ8r8L8ev fRXf7R0bJHPzzqFdBzdnFhZ3D4fnDafEFlXfqpl30TdEP50CRjYHk1U+0PWyl3+l 05SBCvNaF0nrK+gD2VDtIHp17nB6LFdpW03sBmkLCVy9KDhk1Z0zwtoJe8RI98sj 2r/7ApuXh6otEJlaFKZ0ChotJL4QEBM5nVOJNFWCvu34KXJevkhRQYTwlKsjgfDN eDOvxAOxozI1HegVavrl8K70iFUhQw== -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJgm94AHU2P8Np TTuPIDLCQxT3fqJafi/67Yy2LgTAbif+C/9aUuXCM/wJ4fUcBej82+ogDwnyIzPe IrubxAaiJc6hJ8fnXUQ7ZPL4PSUCu8QCCFaJCjMC1nv8DjCC6R9YX7tAzcWOv3z8 kz2Ci4elzQCm1oyhxKJKPAUoANtDPO2/8z2vNmWA01nMsz3ehWADpVto0WWHM2o1 ZCE+Mihx20rSL0c3P1IMWqoXdEllo3E10Tl/d1I1tPY0DQ/t6BjTSUnmbto41rGH at/sarpg4sznuA1eU+wbJbF0/3kAmK8GRdelGLjsVeq0EWIc5QfU7TAl+majz5cB Ep8Lh8gNAgMBAAECggEAajhZbdY/8vK1nSJbDN0aJJCb0sJr7mup+wmRLM8hLhZi +mV0mzYraq1gZA052SW8ZN2/klqbEYpA4w1H+5nfLUXkn8qKc4kUWIKkGPqSMdis P64Jf39i2FIbVQhdxgQAw+LioAxX4SFLTxCGUfQe8uUXPNrHktZF/f+ZcDbTXaMm 8Y2FyUBXBXuiDgdFw1cP4ShkMY6bGje1pAJ1gVMDKvGumL5L7XYQBF4idu+oUJvH xgZGbxihMA/MpSQK3qp+0/TjvQ3hyxPnoFaZ2IVWDhsdaTINJ88odBeWx/apYUhJ ZArs29e08h+CCDdm2ahgAysFOvRV9QsMrOz/D96LOQKBgQDldojO+OY6ApL+83D6 dtvPYUd0FZbgeNmmuNmpKvD73u2Ui2GfsJvp4DCyegCrxqMrvNVSCmJDUaYZr0qp M2Osbqksn+g0+SRGxSH8l0HhXJDiDCfIeWIWpma4MCnaMJyDq7Qi53gGG1ErXVC3 YjwhjFS8e7sHO+vrI3J3XnsVOwKBgQDg0E+3Jozfuv9AHUqYGfNg4UOs8kADbVTM uNEBQiEGLGvmXfJj5nwPv5IXlybhCf3pezEjGdosRoFkNgauQ2/L7LokWG6siJaE 3xRzWmHu6U7LNoIRc8kPTqf66tTtu9TJExI5uOVMWLq7KVS72qnlHbneq+kjbjmm JSNz5J2jVwKBgQCy97eOjiyqtBVISkEk6I1aesoLLUeG/lrroSMKwVZBbEcq42cZ 8No6GESC/4sEbyIW2+oZWcX4MXd2cvStcUpdU9YY2wN2RZdYpypx4ttcVSEfXVGu F5Y8ij51jAMojV+Vhtcxng1L3gR56QcqcLDrjZMNiwd9hevkcro1hfhDvwKBgDOq 7Ic1Tu8kdQFxOfGXFT5Qx1L6IggnmnOqji5x2lEm6G17bffTwvODnbnaPU8/EqIU dAiTKnc+hQJZAFQQn6MIdwdfY6A3jBBhjLuuLA/Sgw9lKaOFLtJby3N5gRJaNt83 iNrHSbuwMMpasweffsd23Cp67Av+izVKF8nM4wXlAoGBAMFoEH4QDsU9sCZ/7L9t ZstQJ6zPo/aEyVmVH8aogSmlVGBXTigIfXi33UbTqg93IfVGfL1AS+9Ey8I4jq/w 3RtEqe5jzFTdYakjQns++dMq4+0uLSm8XvEGzOZO6dv+dDHXjr3BXUqVFwyyta0O ERqSBDvaSh5zPEc0VeNrZ4Dp -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- 2c5942c3e9d2bf3ba6841c4dc83ac75b 9d73d8e18c45cfecfb98b6d111223d46 6e7eb7309e891e0966914c479e7db614 e847ebcc1f7364c9b4d12db64915e6e7 62cee3c02bbd11a467bbf3053598e865 bcc4497128d4b14816edf37a16737a58 e0f51f0309863ed6458e68730edfe8de 74e54c593b7278581cb3be0a100b2cf4 dae3e72c521a06a7b3ce2777bb7e0caa 42b4255b5dd05d4d5f0315f3989952fd 06a7acc06209a78fe23841818a02303e 2afe2b70cecc110d18bb8fdcb891fa76 7afc99574047c707e5df5afcba937403 4388a0f8ebfbff63079bf6fae3535c56 88f7d75982d56bc24e4e1ae51286c992 f81b01a21523656458941f19e3a98629 -----END OpenVPN Static key V1----- </tls-auth>server.conf 配置描述################################################# # 针对多客户端的OpenVPN 2.0 的服务器端配置文件示例 # # 本文件用于多客户端<->单服务器端的OpenVPN服务器端配置 # # OpenVPN也支持单机<->单机的配置(更多信息请查看网站上的示例页面) # # 该配置支持Windows或者Linux/BSD系统。此外，在Windows上，记得将路径加上双引号， # 并且使用两个反斜杠，例如："C:\Program Files\OpenVPN\config\foo.key" # # '#' or ';'开头的均为注释内容 ################################################# #OpenVPN应该监听本机的哪些IP地址？ #该命令是可选的，如果不设置，则默认监听本机的所有IP地址。 ;local a.b.c.d # OpenVPN应该监听哪个TCP/UDP端口？ # 如果你想在同一台计算机上运行多个OpenVPN实例，你可以使用不同的端口号来区分它们。 # 此外，你需要在防火墙上开放这些端口。 port 1194 #OpenVPN使用TCP还是UDP协议? ;proto tcp proto udp # 指定OpenVPN创建的通信隧道类型。 # "dev tun"将会创建一个路由IP隧道， # "dev tap"将会创建一个以太网隧道。 # # 如果你是以太网桥接模式，并且提前创建了一个名为"tap0"的与以太网接口进行桥接的虚拟接口，则你可以使用"dev tap0" # # 如果你想控制VPN的访问策略，你必须为TUN/TAP接口创建防火墙规则。 # # 在非Windows系统中，你可以给出明确的单位编号(unit number)，例如"tun0"。 # 在Windows中，你也可以使用"dev-node"。 # 在多数系统中，除非你部分禁用或者完全禁用了TUN/TAP接口的防火墙，否则VPN将不起作用。 ;dev tap dev tun # 如果你想配置多个隧道，你需要用到网络连接面板中TAP-Win32适配器的名称(例如"MyTap")。 # 在XP SP2或更高版本的系统中，你可能需要有选择地禁用掉针对TAP适配器的防火墙 # 通常情况下，非Windows系统则不需要该指令。 ;dev-node MyTap # 设置SSL/TLS根证书(ca)、证书(cert)和私钥(key)。 # 每个客户端和服务器端都需要它们各自的证书和私钥文件。 # 服务器端和所有的客户端都将使用相同的CA证书文件。 # # 通过easy-rsa目录下的一系列脚本可以生成所需的证书和私钥。 # 记住，服务器端和每个客户端的证书必须使用唯一的Common Name。 # # 你也可以使用遵循X509标准的任何密钥管理系统来生成证书和私钥。 # OpenVPN 也支持使用一个PKCS #12格式的密钥文件(详情查看站点手册页面的"pkcs12"指令) ca ca.crt cert server.crt key server.key # 该文件应该保密 # 指定迪菲·赫尔曼参数。 # 你可以使用如下名称命令生成你的参数： # openssl dhparam -out dh1024.pem 1024 # 如果你使用的是2048位密钥，使用2048替换其中的1024。 dh dh1024.pem # 设置服务器端模式，并提供一个VPN子网，以便于从中为客户端分配IP地址。 # 在此处的示例中，服务器端自身将占用10.8.0.1，其他的将提供客户端使用。 # 如果你使用的是以太网桥接模式，请注释掉该行。更多信息请查看官方手册页面。 server 10.8.0.0 255.255.255.0 # 指定用于记录客户端和虚拟IP地址的关联关系的文件。 # 当重启OpenVPN时，再次连接的客户端将分配到与上一次分配相同的虚拟IP地址 ifconfig-pool-persist ipp.txt # 该指令仅针对以太网桥接模式。 # 首先，你必须使用操作系统的桥接能力将以太网网卡接口和TAP接口进行桥接。 # 然后，你需要手动设置桥接接口的IP地址、子网掩码； # 在这里，我们假设为10.8.0.4和255.255.255.0。 # 最后，我们必须指定子网的一个IP范围(例如从10.8.0.50开始，到10.8.0.100结束)，以便于分配给连接的客户端。 # 如果你不是以太网桥接模式，直接注释掉这行指令即可。 ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 # 该指令仅针对使用DHCP代理的以太网桥接模式， # 此时客户端将请求服务器端的DHCP服务器，从而获得分配给它的IP地址和DNS服务器地址。 # # 在此之前，你也需要先将以太网网卡接口和TAP接口进行桥接。 # 注意：该指令仅用于OpenVPN客户端，并且该客户端的TAP适配器需要绑定到一个DHCP客户端上。 ;server-bridge # 推送路由信息到客户端，以允许客户端能够连接到服务器背后的其他私有子网。 # (简而言之，就是允许客户端访问VPN服务器自身所在的其他局域网) # 记住，这些私有子网也要将OpenVPN客户端的地址池(10.8.0.0/255.255.255.0)反馈回OpenVPN服务器。 ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # 为指定的客户端分配指定的IP地址，或者客户端背后也有一个私有子网想要访问VPN， # 那么你可以针对该客户端的配置文件使用ccd子目录。 # (简而言之，就是允许客户端所在的局域网成员也能够访问VPN) # 举个例子：假设有个Common Name为"Thelonious"的客户端背后也有一个小型子网想要连接到VPN，该子网为192.168.40.128/255.255.255.248。 # 首先，你需要去掉下面两行指令的注释： ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # 然后创建一个文件ccd/Thelonious，该文件的内容为： # iroute 192.168.40.128 255.255.255.248 #这样客户端所在的局域网就可以访问VPN了。 # 注意，这个指令只能在你是基于路由、而不是基于桥接的模式下才能生效。 # 比如，你使用了"dev tun"和"server"指令。 # 再举个例子：假设你想给Thelonious分配一个固定的IP地址10.9.0.1。 # 首先，你需要去掉下面两行指令的注释： ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # 然后在文件ccd/Thelonious中添加如下指令： # ifconfig-push 10.9.0.1 10.9.0.2 # 如果你想要为不同群组的客户端启用不同的防火墙访问策略，你可以使用如下两种方法： # (1)运行多个OpenVPN守护进程，每个进程对应一个群组，并为每个进程(群组)启用适当的防火墙规则。 # (2) (进阶)创建一个脚本来动态地修改响应于来自不同客户的防火墙规则。 # 关于learn-address脚本的更多信息请参考官方手册页面。 ;learn-address ./script # 如果启用该指令，所有客户端的默认网关都将重定向到VPN，这将导致诸如web浏览器、DNS查询等所有客户端流量都经过VPN。 # (为确保能正常工作，OpenVPN服务器所在计算机可能需要在TUN/TAP接口与以太网之间使用NAT或桥接技术进行连接) ;push "redirect-gateway def1 bypass-dhcp" # 某些具体的Windows网络设置可以被推送到客户端，例如DNS或WINS服务器地址。 # 下列地址来自opendns.com提供的Public DNS 服务器。 ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" # 去掉该指令的注释将允许不同的客户端之间相互"可见"(允许客户端之间互相访问)。 # 默认情况下，客户端只能"看见"服务器。为了确保客户端只能看见服务器，你还可以在服务器端的TUN/TAP接口上设置适当的防火墙规则。 ;client-to-client # 如果多个客户端可能使用相同的证书/私钥文件或Common Name进行连接，那么你可以取消该指令的注释。 # 建议该指令仅用于测试目的。对于生产使用环境而言，每个客户端都应该拥有自己的证书和私钥。 # 如果你没有为每个客户端分别生成Common Name唯一的证书/私钥，你可以取消该行的注释(但不推荐这样做)。 ;duplicate-cn # keepalive指令将导致类似于ping命令的消息被来回发送，以便于服务器端和客户端知道对方何时被关闭。 # 每10秒钟ping一次，如果120秒内都没有收到对方的回复，则表示远程连接已经关闭。 keepalive 10 120 # 出于SSL/TLS之外更多的安全考虑，创建一个"HMAC 防火墙"可以帮助抵御DoS攻击和UDP端口淹没攻击。 # 你可以使用以下命令来生成： # openvpn --genkey --secret ta.key # # 服务器和每个客户端都需要拥有该密钥的一个拷贝。 # 第二个参数在服务器端应该为'0'，在客户端应该为'1'。 ;tls-auth ta.key 0 # 该文件应该保密 # 选择一个密码加密算法。 # 该配置项也必须复制到每个客户端配置文件中。 ;cipher BF-CBC # Blowfish (默认) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # 在VPN连接上启用压缩。 # 如果你在此处启用了该指令，那么也应该在每个客户端配置文件中启用它。 comp-lzo # 允许并发连接的客户端的最大数量 ;max-clients 100 # 在完成初始化工作之后，降低OpenVPN守护进程的权限是个不错的主意。 # 该指令仅限于非Windows系统中使用。 ;user nobody ;group nobody # 持久化选项可以尽量避免访问那些在重启之后由于用户权限降低而无法访问的某些资源。 persist-key persist-tun # 输出一个简短的状态文件，用于显示当前的连接状态，该文件每分钟都会清空并重写一次。 status openvpn-status.log # 默认情况下，日志消息将写入syslog(在Windows系统中，如果以服务方式运行，日志消息将写入OpenVPN安装目录的log文件夹中)。 # 你可以使用log或者log-append来改变这种默认情况。 # "log"方式在每次启动时都会清空之前的日志文件。 # "log-append"这是在之前的日志内容后进行追加。 # 你可以使用两种方式之一(但不要同时使用)。 ;log openvpn.log ;log-append openvpn.log # 为日志文件设置适当的冗余级别(0~9)。冗余级别越高，输出的信息越详细。 # # 0 表示静默运行，只记录致命错误。 # 4 表示合理的常规用法。 # 5 和 6 可以帮助调试连接错误。 # 9 表示极度冗余，输出非常详细的日志信息。 verb 3 # 重复信息的沉默度。 # 相同类别的信息只有前20条会输出到日志文件中。 ;mute 20iptables 配置# Generated by iptables-save v1.4.21 on Wed May 10 08:44:55 2023 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9150:5540077] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT #-A FORWARD -s 10.8.0.0/24 -j ACCEPT # 允许访问的服务器 -A FORWARD -i tun0 -s 10.8.0.0/24 -d 10.0.10.201,10.0.20.100,10.0.30.90 -j ACCEPT # 禁止访问内网网段 -A FORWARD -i tun0 -s 10.8.0.0/24 -d 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24,10.0.91.0/24 -j DROP #-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT COMMIT # Completed on Wed May 10 08:44:55 2023 # Generated by iptables-save v1.4.21 on Wed May 10 08:44:55 2023 *nat :PREROUTING ACCEPT [1525:155528] :INPUT ACCEPT [421:26649] :OUTPUT ACCEPT [1:76] :POSTROUTING ACCEPT [1:76] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE #-A POSTROUTING -s 10.8.0.0/24 -d 10.0.19.201/24 -j SNAT --to-source 10.0.19.250 COMMIT # Completed on Wed May 10 08:44:55 2023
- 2022年04月21日
- 162 阅读
- 0 评论
- 0 点赞
2022-01-22
oVirt-4.x 配置IP地址登录 In a web browser, navigate to https://manager-fqdn/ovirt-engine, replacing manager-fqdn with the FQDN that you provided during installation.You can access the Administration Portal using alternate host names or IP addresses. To do so, you need to add a configuration file under /etc/ovirt-engine/engine.conf.d/. For example:# vi /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf # SSO_ALTERNATE_ENGINE_FQDNS="alias1.example.com alias2.example.com" SSO_ALTERNATE_ENGINE_FQDNS="192.168.0.xx"The list of alternate host names needs to be separated by spaces. You can also add the IP address of the Engine to the list, but using IP addresses instead of DNS-resolvable host names is not recommended.Click Administration Portal. An SSO login page displays. SSO login enables you to log in to the Administration and VM Portal at the same time.Enter your User Name and Password. If you are logging in for the first time, use the user name admin along with the password that you specified during installation.Select the Domain to authenticate against. If you are logging in using the internal admin user name, select the internal domain.Click Log In.You can view the Administration Portal in multiple languages. The default selection is chosen based on the locale settings of your web browser. If you want to view the Administration Portal in a language other than the default, select your preferred language from the drop-down list on the welcome page.To log out of the oVirt Administration Portal, click your user name in the header bar and click Sign Out. You are logged out of all portals and the Engine welcome screen displays.
- 2022年01月22日
- 73 阅读
- 0 评论
- 0 点赞
2021-10-08
Linux_Shell 脚本 1. Hello Worldvim hello_world.sh#!/bin/bash echo "Hello World!"1.1 输出chmod +x hello_world.sh[root@localhost shell]# ./hello_world.sh Hello World!2. 检查存活主机for循环[root@localhost shell]# cat check_hosts.sh#!/bin/bash #检查主机状态 for i in {1..254} do ping -c2 -i0.3 -w1 192.168.1.$i &>/dev/null if [ $? -eq 0 ];then echo "192.168.1.$i is up." else echo "192.168.1.$i is down." fi donewhile循环#!/bin/bash i=1 while [ $i -le 254 ] do ping -c2 -i0.3 -W1 192.168.1.$i &>/dev/null if [ $? -eq 0 ];then echo "192.168.1.$i is up." else echo "192.168.1.$i is down." fi let i++ done3. 猜数字[root@localhost shell]# cat guess_num.sh #!/bin/bash num=$[ RANDOM % 100 +1 ] while : do read -p "Enter a num: " cat if [ $cat -eq $num ];then echo "right!" break elif [ $cat -le $num ];then echo "small!" else echo "big!" fi done
- 2021年10月08日
- 102 阅读
- 0 评论
- 0 点赞
2021-09-26
Rocky Linux LNMP 多环境安装 1.系统环境OS: Rocky Linux 8NGINX: nginx 1.20MySQL: MySQL8.0 PHP PHP: default 7.2.xPHP其他版本：5.3.x 5.5.x 5.6.x 7.0.x 7.4.x 8.0.x1.1 安装依赖yum install apr* autoconf automake bison bzip2 bzip2* cpp curl curl-devel fontconfig fontconfig-devel freetype-devel git gcc gcc-c++ gd gd-devel gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng libpng-devel libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libxml* libXaw-devel libXmu-devel libtiff libtiff* make openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils telnet wget zlib-devel ncurses-devel libtirpc-devel gtk* ntpstat bison* sqlite-devel oniguruma libzip-devel2. 数据库安装2.1 安装 rpcsvc-proto[root@localhost soft]# tar xf rpcsvc-proto-1.4.2.tar.xz [root@localhost soft]# cd rpcsvc-proto-1.4.2/ [root@localhost soft]# ./configure [root@localhost soft]# make && make install2.2 安装 cmake[root@localhost soft]# tar zxf cmake-3.21.3.tar.gz [root@localhost soft]# cd cmake-3.21.3/ [root@localhost cmake-3.21.3]# ./configure [root@localhost cmake-3.21.3]# make && make install2.3 安装MySQL[root@localhost soft]# groupadd mysql [root@localhost soft]# useradd -g mysql -s /bin/false mysql [root@localhost soft]# mkdir -p /usr/local/mysql/data/mysql [root@localhost soft]# chown -R mysql.mysql /usr/local/mysql/data/ [root@localhost soft]# tar zxf mysql-boost-8.0.25.tar.gz [root@localhost soft]# cd mysql-8.0.25/ [root@localhost mysql-8.0.25]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DINSTALL_DATADIR=/usr/local/mysql/data/mysql -DMYSQL_USER=mysql -DMYSQL_UNIX_ADDR=/tmp/mysqld.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_EMBEDDED_SERVER=1 -DFORCE_INSOURCE_BUILD=1 -DWITH_MYISAM_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1 -DEXTRA_CHARSETS=all -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/opt/soft/mysql-8.0.25/boost -DCMAKE_C_COMPILER=/usr/bin/gcc -DCMAKE_CXX_COMPILER=/usr/bin/g++ [root@localhost mysql-8.0.25]# make [root@localhost mysql-8.0.25]# make install2.4 初始化MySQL数据库删除默认配置文件 my.cnfrm -f /etc/my.cnf数据库初始化[root@localhost]# cd /usr/local/mysql/ [root@localhost mysql]# ./bin/mysqld --user=mysql --initialize --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/mysql输出[root@localhost mysql]# ./bin/mysqld --user=mysql --initialize --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ 2021-09-27T11:06:55.258559Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.25) initializing of server in progress as process 352862 2021-09-27T11:06:55.263276Z 0 [Warning] [MY-010161] [Server] You need to use --log-bin to make --log-slave-updates work. 2021-09-27T11:06:55.267723Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. 2021-09-27T11:06:55.606878Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. 2021-09-27T11:06:56.667253Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: xVGu-rCy5a.q #password编辑my.cnf文件[root@localhost mysql]# cat /usr/local/mysql/my.cnf [client] port=3306 socket=/tmp/mysql.sock password="my password" [mysqld] port=3306 user = mysql socket=/tmp/mysql.sock tmpdir = /tmp key_buffer_size=16M max_allowed_packet=128M default_authentication_plugin=mysql_native_password #设置加密方式为mysql_native_password，MySQL 8.0.x默认使用caching_sha2_password加密。 open_files_limit = 60000 explicit_defaults_for_timestamp server-id = 1 character-set-server = utf8mb4 federated max_connections = 1000 max_connect_errors = 100000 interactive_timeout = 86400 wait_timeout = 86400 sync_binlog=0 back_log=100 default-storage-engine = InnoDB log_slave_updates = 1 [mysqldump] quick [mysqld-8.0] sql_mode=TRADITIONAL [mysqladmin] force链接my.cnf到etcln -s /usr/local/mysql/my.cnf /etc/my.cnf配置mysqld启动文件[root@localhost mysql]# cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mysqld [root@localhost mysql]# chmod +x /etc/init.d/mysqld 编辑 mysqld[root@localhost mysql]# vim /etc/rc.d/init.d/mysqld输出basedir=/usr/local/mysqldatadir=/usr/local/mysql/data添加环境变量[root@localhost ~]# cat /etc/profile.d/mysql.sh export PATH=$PATH:/usr/local/mysql/bin添加软链接在编译PHP时可以不用指定mysql的库文件ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql mkdir /var/lib/mysql #创建目录 ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock修改 MySQL密码mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER; Query OK, 0 rows affected (0.10 sec) mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password' PASSWORD EXPIRE NEVER; Query OK, 0 rows affected (0.03 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) 三、安装Nginx3.1 安装 pcre[root@localhost soft]# tar zxf pcre-8.44.tar.gz [root@localhost soft]# cd pcre-8.44/ [root@localhost pcre-8.44]# mkdir /usr/local/pcre -p [root@localhost pcre-8.44]# ./configure --prefix=/usr/local/pcre [root@localhost pcre-8.44]# make && make install3.2 安装openssl[root@localhost soft]# tar zxf openssl-1.1.1k.tar.gz [root@localhost soft]# cd openssl-1.1.1k/ [root@localhost openssl-1.1.1k]# mkdir -p /usr/local/openssl [root@localhost openssl-1.1.1k]# ./config -fPIC shared zlib --prefix=/usr/local/openssl [root@localhost openssl-1.1.1k]# make && make install3.3 安装zlib[root@localhost soft]# tar zxf zlib-1.2.11.tar.gz [root@localhost soft]# cd zlib-1.2.11/ [root@localhost zlib-1.2.11]# mkdir -p /usr/local/zlib [root@localhost zlib-1.2.11]# ./configure --prefix=/usr/local/zlib [root@localhost zlib-1.2.11]# make && make install3.4 安装 nginx[root@localhost nginx-1.20.0]# groupadd www [root@localhost nginx-1.20.0]# useradd -g www -s /bin/false www [root@localhost nginx-1.20.0]# ./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/opt/soft/openssl-1.1.1k --with-zlib=/opt/soft/zlib-1.2.11 --with-pcre=/opt/soft/pcre-8.44 [root@localhost nginx-1.20.0]# make && make install3.5 Nginx启动脚本vim /lib/systemd/system/nginx.service[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStartPost=/bin/sleep 0.1 ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID TimeoutStartSec=120 LimitNOFILE=1000000 LimitNPROC=1000000 LimitCORE=1000000 [Install] WantedBy=multi-user.target 3.6 设置开机启动systemctl enable nginx.serviceNginx设置txt, pdf, doc, xls文件直接下载location / { if ($request_filename ~* ^.*?\.(txt|pdf|doc|xls)$){ add_header Content-Disposition: 'attachment;'; } }四、安装PHP4.1 安装yasm[root@localhost soft]# tar zxf yasm-1.3.0.tar.gz [root@localhost soft]# cd yasm-1.3.0/ [root@localhost yasm-1.3.0]# ./configure [root@localhost yasm-1.3.0]# make && make install4.2 安装libmcrypt[root@localhost soft]# tar zxf libmcrypt-2.5.8.tar.gz [root@localhost soft]# cd libmcrypt-2.5.8/ [root@localhost libmcrypt-2.5.8]# ./configure [root@localhost libmcrypt-2.5.8]# make && make install4.3 安装libvpx[root@localhost soft]# tar zxf libvpx-1.10.0.tar.gz [root@localhost soft]# cd libvpx-1.10.0/ [root@localhost libvpx-1.10.0]# ./configure --prefix=/usr/local/libvpx --enable-shared --enable-vp9 [root@localhost libvpx-1.10.0]# make && make install4.4 安装tiff[root@localhost soft]# tar zxf tiff-4.0.7.tar.gz [root@localhost soft]# cd tiff-4.0.7/ [root@localhost tiff-4.0.7]# ./configure --prefix=/usr/local/tiff --enable-shared [root@localhost tiff-4.0.7]# make && make install4.5 安装libpng[root@localhost soft]# tar zxf libpng-1.6.37.tar.gz [root@localhost soft]# cd libpng-1.6.37/ [root@localhost libpng-1.6.37]# ./configure --prefix=/usr/local/libpng --enable-shared [root@localhost libpng-1.6.37]# make && make install4.6 安装freetype[root@localhost soft]# tar zxf freetype-2.10.4.tar.gz [root@localhost soft]# cd freetype-2.10.4/ [root@localhost freetype-2.10.4]# ./configure --prefix=/usr/local/freetype --enable-shared [root@localhost freetype-2.10.4]# make && make install4.7 安装jpeg[root@localhost soft]# tar zxf jpegsrc.v9d.tar.gz [root@localhost soft]# cd jpeg-9d/ [root@localhost jpeg-9d]# ./configure --prefix=/usr/local/jpeg --enable-shared [root@localhost jpeg-9d]# make && make install4.8 安装新版本GD库　新版本GD库适用于PHP 5.4.x及以上[root@localhost soft]# tar zxf libgd-2.3.1.tar.gz [root@localhost soft]# cd libgd-2.3.1/ [root@localhost libgd-2.3.1]# ./configure --prefix=/usr/local/libgd --enable-shared --with-jpeg=/usr/local/jpeg --with-png=/usr/local/libpng --with-freetype=/usr/local/freetype --with-fontconfig=/usr/local/freetype --with-xpm=/usr/lib64 --with-tiff=/usr/local/tiff [root@localhost libgd-2.3.1]# make && make install4.9 安装旧版本GD库旧版本GD库知用于PHP 5.3.x以下[root@localhost soft]# tar zxf gd-2.0.35.tar.gz [root@localhost soft]# cd gd-2.0.35/ [root@localhost gd-2.0.35]# ./configure --prefix=/usr/local/gd --enable-shared --with-jpeg=/usr/local/jpeg --with-png=/usr/local/libpng --with-freetype=/usr/local/freetype --with-fontconfig=/usr/local/freetype --with-xpm=/usr/lib64 --with-tiff=/usr/local/tiff --with-vpx=/usr/local/libvpx [root@localhost gd-2.0.35]# make && make install4.10 安装t1lib[root@localhost soft]# tar zxf t1lib-5.1.2.tar.gz [root@localhost soft]# cd t1lib-5.1.2/ [root@localhost t1lib-5.1.2]# ./configure --prefix=/usr/local/t1lib --enable-shared [root@localhost t1lib-5.1.2]# make without_doc && make install4.11 安装libzip[root@localhost soft]# tar zxf libzip-1.7.3.tar.gz [root@localhost soft]# cd libzip-1.7.3/ [root@localhost libzip-1.7.3]# mkdir build [root@localhost libzip-1.7.3]# cd build/ [root@localhost build]# cmake .. [root@localhost build]# make [root@localhost build]# make install4.12 安装oniguruma编译 PHP 7.4.x 需要[root@localhost soft]# tar zxf oniguruma-6.9.4.tar.gz [root@localhost soft]# cd oniguruma-6.9.4/ [root@localhost oniguruma-6.9.4]# ./autogen.sh [root@localhost oniguruma-6.9.4]# ./configure --prefix=/usr [root@localhost oniguruma-6.9.4]# make && make install4.13 安装低版本 openssl适用于PHP7.3.x以下编译安装[root@localhost soft]# tar zxf openssl-1.0.2k.tar.gz [root@localhost soft]# cd openssl-1.0.2k/ [root@localhost openssl-1.0.2k]# ./config -fPIC shared zlib --prefix=/usr/local/ssl [root@localhost openssl-1.0.2k]# make && make install[root@localhost soft]# mv /usr/bin/openssl /usr/bin/openssl._1.1.1g [root@localhost soft]# mv /usr/include/openssl/ /usr/include/openssl._1.1.1g [root@localhost soft]# mv /usr/lib64/libssl.so /usr/lib64/libssl.so._1.1.1g_bak [root@localhost soft]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl [root@localhost soft]# ln -s /usr/local/ssl/include/openssl /usr/include/openssl [root@localhost soft]# ln -s /usr/local/ssl/lib/libssl.so /usr/lib64/libssl.so [root@localhost soft]# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf [root@localhost soft]# ldconfig -v [root@localhost soft]# openssl version OpenSSL 1.0.2k 26 Jan 20174.14 安装curl[root@localhost soft]# tar zxf curl-7.76.1.tar.gz [root@localhost soft]# cd curl-7.76.1/ [root@localhost curl-7.76.1]# ./configure --without-nss --prefix=/usr/local/curl --with-ssl=/usr/local/ssl4.15 安装 expat[root@localhost soft]# tar zxf expat-2.4.1.tar.gz [root@localhost soft]# cd expat-2.4.1/ [root@localhost expat-2.4.1]# ./configure --prefix=/usr/local/expat --enable-shared [root@localhost expat-2.4.1]# make && make install4.15 链接lib库[root@localhost]# cp -frp /usr/lib64/libltdl.so* /usr/lib/ [root@localhost]# cp -frp /usr/lib64/libXpm.so* /usr/lib/五编译安装 PHP 5.3.29yum install -y expat-devel[root@localhost php-5.3.29]# ./configure --prefix=/usr/local/php53 --with-config-file-path=/usr/local/php53/etc --with-pdo-mysql=mysqlnd --enable-mysqlnd-compression-support --with-gd=/usr/local/gd --with-png-dir=/usr/lib --with-jpeg-dir=/usr/lib --with-freetype-dir=/usr/lib --with-iconv --with-zlib-dir=/usr/local/zlib --enable-xml --enable-magic-quotes --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curlwrappers --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl=/usr/local/ssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl=/usr/local/curl --enable-ctype --enable-mysqlnd5.1 删除系统默认php.ini[root@localhost php-5.3.29]# rm -f /etc/php.ini [root@localhost php-5.3.29]# cp php.ini-production /usr/local/php53/etc/php.ini [root@localhost php-5.3.29]# ln -s /usr/local/php53/etc/php.ini /etc/php.ini [root@localhost php-5.3.29]# cp /usr/local/php53/etc/php-fpm.conf.default /usr/local/php53/etc/php-fpm.conf5.2 配置php-fpm.conf[root@localhost etc]# grep -Ev "^#|^$|^;" php-fpm.conf [global] pid = run/php-fpm.pid [www] user = www group = www listen = 127.0.0.1:9053 #调整端口号为PHP对应版本号 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 35.3 设置php-fpm开机启动[root@localhost soft]# cd php-5.3.29/ [root@localhost php-5.3.29]# cp /opt/soft/php-5.3.29/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php53-fpm [root@localhost php-5.3.29]# chmod +x /etc/rc.d/init.d/php53-fpm [root@localhost php-5.3.29]# chkconfig php53-fpm on5.4 编辑php-fpm启动脚本[root@localhost php-5.3.29]# grep -Ev "^#|^$|^;" /etc/rc.d/init.d/php53-fpm prefix=/usr/local/php53 exec_prefix=${prefix} php_fpm_BIN=${exec_prefix}/sbin/php53-fpm #修改当前行 php_fpm_CONF=${prefix}/etc/php-fpm.conf php_fpm_PID=${prefix}/var/run/php-fpm.pid php_opts="--fpm-config $php_fpm_CONF --pid $php_fpm_PID" 5.5 启动 php-fpm[root@localhost php-5.3.29]# mv /usr/local/php53/sbin/php-fpm /usr/local/php53/sbin/php53-fpm [root@localhost php-5.3.29]# service php53-fpm start [root@localhost php-5.3.29]# ss -tnlp |grep 9053 LISTEN 0 128 127.0.0.1:9053 0.0.0.0:* users:(("php53-fpm",pid=1434960,fd=0),("php53-fpm",pid=1434959,fd=0),("php53-fpm",pid=1434958,fd=9))5.6 配置php.ini文件[root@localhost ~]# grep -Ev "^#|^$|^;" /usr/local/php53/etc/php.ini [PHP] engine = On short_open_tag = On #支持PHP短标签 asp_tags = Off precision = 14 y2k_compliance = On output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 17 allow_call_time_pass_reference = Off safe_mode = Off safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname #禁用函数 disable_classes = zend.enable_gc = On expose_php = Off #禁止显示php版本 max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = Off variables_order = "GPCS" request_order = "GP" register_globals = Off register_long_arrays = Off register_argc_argv = Off auto_globals_jit = On post_max_size = 8M magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [Date] date.timezone = PRC #时区 [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [Syslog] define_syslog_variables = Off [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQL] mysql.allow_local_infile = On mysql.allow_persistent = On mysql.cache_size = 2000 mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = mysql.default_socket = mysql.default_host = mysql.default_user = mysql.default_password = mysql.connect_timeout = 60 mysql.trace_mode = Off [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [Sybase-CT] sybct.allow_persistent = On sybct.max_persistent = -1 sybct.max_links = -1 sybct.min_server_severity = 10 sybct.min_client_severity = 10 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.bug_compat_42 = Off session.bug_compat_warn = Off session.referer_check = session.entropy_length = 0 session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [MSSQL] mssql.allow_persistent = On mssql.max_persistent = -1 mssql.max_links = -1 mssql.min_error_severity = 10 mssql.min_message_severity = 10 mssql.compatability_mode = Off mssql.secure_connection = Off [Assertion] [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] [xsl]六、安装 PHP 5.5.386.1 编译安装[root@localhost soft]# tar zxf php-5.5.38.tar.gz [root@localhost soft]# cd php-5.5.38/ [root@localhost php-5.5.38]# export LD_LIBRARY_PATH=/usr/local/libgd/lib [root@localhost php-5.5.38]# ./configure --prefix=/usr/local/php55 --with-config-file-path=/usr/local/php55/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-mysqlnd-compression-support --with-gd=/usr/local/libgd --with-png-dir=/usr/local/libpng --with-jpeg-dir=/usr/local/jpeg --with-freetype-dir=/usr/local/freetype --with-xpm-dir=/usr/lib64 --with-vpx-dir=/usr/local/libvpx/ --with-zlib-dir=/usr/local/zlib --with-t1lib=/usr/local/t1lib --with-iconv --enable-libxml --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-opcache --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl=/usr/local/ssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl=/usr/local/curl --enable-ctype --enable-mysqlnd [root@localhost php-5.5.38]# make && make install6.2 编辑配置文件 php-fpm.conf[root@localhost php-5.5.38]# cp php.ini-production /usr/local/php55/etc/php.ini [root@localhost php-5.5.38]# cp /usr/local/php55/etc/php-fpm.conf.default /usr/local/php55/etc/php-fpm.conf [root@localhost php-5.5.38]# vim /usr/local/php55/etc/php-fpm.conf [root@localhost php-5.5.38]# grep -Ev "^#|^$|^;" /usr/local/php55/etc/php-fpm.conf [global] [www] user = www group = www listen = 127.0.0.1:9055 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 36.3 php-fpm 开机启动[root@localhost php-5.5.38]# cp /opt/soft/php-5.5.38/sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php55-fpm [root@localhost php-5.5.38]# chmod +x /etc/rc.d/init.d/php55-fpm [root@localhost php-5.5.38]# vim /etc/rc.d/init.d/php55-fpm [root@localhost php-5.5.38]# grep -Ev "^#|^$|^;" /etc/rc.d/init.d/php55-fpm prefix=/usr/local/php55 exec_prefix=${prefix} php_fpm_BIN=${exec_prefix}/sbin/php55-fpm php_fpm_CONF=${prefix}/etc/php-fpm.conf php_fpm_PID=${prefix}/var/run/php-fpm.pid php_opts="--fpm-config $php_fpm_CONF --pid $php_fpm_PID" [root@localhost php-5.5.38]# mv /usr/local/php55/sbin/php-fpm /usr/local/php55/sbin/php55-fpm6.4 编辑php.ini文件[root@localhost php-5.5.38]# vim /usr/local/php55/etc/php.ini [root@localhost ~]# grep -Ev "^#|^$|^;" /usr/local/php55/etc/php.ini [PHP] engine = On short_open_tag = On asp_tags = Off precision = 14 output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 17 disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname disable_classes = zend.enable_gc = On expose_php = Off max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 8M auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [CLI Server] cli_server.color = On [Date] date.timezone = PRC [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQL] mysql.allow_local_infile = On mysql.allow_persistent = On mysql.cache_size = 2000 mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = mysql.default_socket = mysql.default_host = mysql.default_user = mysql.default_password = mysql.connect_timeout = 60 mysql.trace_mode = Off [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [Sybase-CT] sybct.allow_persistent = On sybct.max_persistent = -1 sybct.max_links = -1 sybct.min_server_severity = 10 sybct.min_client_severity = 10 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [MSSQL] mssql.allow_persistent = On mssql.max_persistent = -1 mssql.max_links = -1 mssql.min_error_severity = 10 mssql.min_message_severity = 10 mssql.compatibility_mode = Off mssql.secure_connection = Off [Assertion] [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] [opcache] opcache.enable=1 opcache.enable_cli=0 [curl] zend_extension=opcache.so7 安装PHP 5.6.40编译安装[root@localhost soft]# tar zxf php-5.6.40.tar.gz [root@localhost soft]# cd php-5.6.40/ [root@localhost php-5.6.40]# export LD_LIBRARY_PATH=/usr/local/libgd/lib [root@localhost php-5.6.40]# ./configure --prefix=/usr/local/php56 --with-config-file-path=/usr/local/php56/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-mysqlnd-compression-support --with-gd=/usr/local/libgd --with-png-dir=/usr/local/libpng --with-jpeg-dir=/usr/local/jpeg --with-freetype-dir=/usr/local/freetype --with-xpm-dir=/usr/lib64 --with-vpx-dir=/usr/local/libvpx/ --with-zlib-dir=/usr/local/zlib --with-t1lib=/usr/local/t1lib --with-iconv --enable-libxml --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-opcache --enable-mbregex --enable-fpm --enable-mbstring --enable-ftp --enable-gd-native-ttf --with-openssl=/usr/local/ssl --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --without-pear --with-gettext --enable-session --with-mcrypt --with-curl=/usr/local/curl --enable-ctype --enable-mysqlnd 十、Nginx 配置文件[root@localhost conf]# grep -Ev "^#|^$" nginx.conf user www www; worker_processes auto; error_log /data/wwwlogs/error_nginx.log crit; pid /var/run/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept on; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 1024m; client_body_buffer_size 10m; sendfile on; tcp_nopush on; keepalive_timeout 120; server_tokens off; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; fastcgi_intercept_errors on; #Gzip Compression gzip on; gzip_buffers 16 8k; gzip_comp_level 6; gzip_http_version 1.1; gzip_min_length 256; gzip_proxied any; gzip_vary on; gzip_types text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml text/javascript application/javascript application/x-javascript text/x-json application/json application/x-web-app-manifest+json text/css text/plain text/x-component font/opentype application/x-font-ttf application/vnd.ms-fontobject image/x-icon; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; ##Brotli Compression #brotli on; #brotli_comp_level 6; #brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; ##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency. #open_file_cache max=1000 inactive=20s; #open_file_cache_valid 30s; #open_file_cache_min_uses 2; #open_file_cache_errors on; server { listen 80; server_name _; access_log /data/wwwlogs/access_nginx.log combined; root /data/wwwroot/default; index index.html index.htm index.php; #error_page 404 /404.html; #error_page 502 /502.html; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } location ~ [^/]\.php(/|$) { #fastcgi_pass 127.0.0.1:9000; #fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) { deny all; } } include vhost/*.conf; } 5.1 虚拟主机[root@localhost vhost]# grep -Ev "^#|^$" localhost.conf server { listen 80; listen [::]:80; server_name localhost; access_log /data/wwwlogs/192.168.10.11_nginx.log combined; index index.html index.htm index.php; root /data/wwwroot/default/; #include /usr/local/nginx/conf/rewrite/typecho.conf; #error_page 404 /404.html; #error_page 502 /502.html; location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ { #valid_referers none blocked *.localhost localhost; if ($invalid_referer) { return 403; } } location ~ .*\.php(\/.*)*$ { root /data/wwwroot/default/; fastcgi_pass 127.0.0.1:9053; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) { deny all; } }
- 2021年09月26日
- 124 阅读
- 0 评论
- 0 点赞
2021-09-26
Linux 模板一、模板设置更新Linuxyum groupinstall "Development tools" -y yum update -y1.1 删除或注释有在MAC地址信息相关文件/etc/sysconfig/network-scripts/ifcfg-ensxx中HWADDR和UUID, 注释或删除;rm -fr /etc/udev/rules.d/70-persistent-net.rulesTYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens33 #UUID=6eb0a15e-d8ba-4ea0-8c3d-2bafb062a4ce DEVICE=ens33 ONBOOT=yes IPADDR=192.168.xxx.xxx NETMASK=255.255.255.0 GATEWAY=192.168.xxx.xxx DNS1=223.5.5.5 DNS2=114.114.114.1141.2 关闭Selinux和防火墙临时关闭selinux[root@localhost ~]# getenforce Enforcing [root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive永久关闭selinux[root@localhost]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing #修改为 disable # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted关闭防火墙[root@localhost ~]# systemctl list-unit-files |grep firewalld firewalld.service enabled [root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# systemctl disable firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.rm -f /etc/ssh/ssh_host_*二.修改网卡名称2.1 重命名mv /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-eth02.2 编辑vim /etc/sysconfig/network-scripts/ifcfg-eth0TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes DEVICE=eth0 ONBOOT=yes MTU=1450 IPADDR=xxx.xxx.xxx.xxx NETMASK=255.255.255.0 GATEWAY=xxx.xxx.xxx.xxx DNS1=8.8.8.8 DNS2=8.8.4.42.3 修改 grub 添加：net.ifnames=0 biosdevname=0[root@localhost]# vim /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 biosdevname=0 resume=UUID=0e32495a-4ac0-4c65-8125-1bc549841c52" GRUB_DISABLE_RECOVERY="true" GRUB_ENABLE_BLSCFG=true2.4 重新生成GRUBgrub2-mkconfig -o /boot/grub2/grub.cfg
- 2021年09月26日
- 86 阅读
- 0 评论
- 0 点赞

1
2
3