月度归档:2012年11月

关于wordpress ftp更新报错Missing zlib的问题

总结:在freebsd系统里,直接pkg_add -r php5-zlib就可以了。

问题:

wordpress更新或安装插件的时候,报错:

Update WordPress

Downloading update from http://wordpress.org/nightly-builds/wordpress-latest.zip…

Unpacking the update…

Abort class-pclzip.php : Missing zlib extensions

 

从网上查找了很多,都没有解决问题。

最后到zlib的官网:

 

# wget http://zlib.net/zlib-1.2.7.tar.gz
–2012-11-30 10:15:22– http://zlib.net/zlib-1.2.7.tar.gz
Resolving zlib.net (zlib.net)… 69.73.181.135
Connecting to zlib.net (zlib.net)|69.73.181.135|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 560351 (547K) [application/x-gzip]
Saving to: `zlib-1.2.7.tar.gz’

100%[======================================>] 560,351 731K/s in 0.7s

2012-11-30 10:15:23 (731 KB/s) – `zlib-1.2.7.tar.gz’ saved [560351/560351]

# tar -xzvf zlib-1.2.7.tar.gz

# cd zlib-1.2.7

# ./configure
# make

# make install

cp libz.a /usr/local/lib
chmod 644 /usr/local/lib/libz.a
cp libz.so.1.2.7 /usr/local/lib
chmod 755 /usr/local/lib/libz.so.1.2.7
cp zlib.3 /usr/local/share/man/man3
chmod 644 /usr/local/share/man/man3/zlib.3
cp zlib.pc /usr/local/lib/pkgconfig
chmod 644 /usr/local/lib/pkgconfig/zlib.pc
cp zlib.h zconf.h /usr/local/include
chmod 644 /usr/local/include/zlib.h /usr/local/include/zconf.h
#

还是没解决。

 

每次更新的时候,都问ftp信息,网上查了一下,是因为目录的所有者与网站程序的用户不一致(非www)所致,于是;

# chown -R www:www wp

就没再问ftp信息。

 

把php5 重新安装了一遍:

# pkg_add -r php5 php5-xml php5-xmlreader php5-xmlwriter php5-mysql
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5.tbz… Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5-xml.tbz… Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5-xmlreader.tbz… Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/All/php5-dom-5.3.8.tbz… Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5-xmlwriter.tbz… Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5-mysql.tbz… Done.
#

晕,找了半辈子的zlib,原来在这里:

# whereis php5-zlib
php5-zlib: /usr/ports/archivers/php5-zlib
#

# pkg_add -r php5-zlib
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/php5-zlib.tbz… Done.
# service spawn-fcgi restart
Stopping spawn_fcgi.
Waiting for PIDS: 74505.
Starting spawn_fcgi.
spawn-fcgi: child spawned successfully: PID: 77653
#

乌拉!解决啦!

有个朋友博客讲的很清楚:

http://laiyonghua.cn/blog-init/

几款美国的独立服务器

https://www.tailormadeservers.com/order_sys.php?OFFER=WHTSPECIAL-T110&CFG=-3

$80

https://theprimehost.com/billing/cart.php?a=confproduct&i=1

http://www.theprimehost.com/bargain-dedicated-servers.html

$99

 

https://www.datashack.net/cart/?id=148

用优惠码$64

https://portal.securedservers.com/wap-jpost3/E5E31230;jsessionid=A3225D53D95A2AAAB4CCC2755A033C82?execution=e1s1

$98

2013.5.23日补充:
theprimehost有个新的85$的优惠:
http://www.theprimehost.com/bargain-dedicated-servers.html

综合起来看,它的算比较划算的,内存都比较大!

jail中配置整合的网站

mysql 创建数据库:

create database discuz;

 

mysql允许10.0.1.10的myuser用户登录。

mysql> grant all privileges on *.* to ‘myuser’@’10.0.1.10′ identified by ” with grant option;
Query OK, 0 rows affected (0.83 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.11 sec)

 

虚拟机掉电后jail的问题

掉电后,虚拟的硬盘报错,找不到。手工帮它找到,发现以前的jail全没有了。

于是ezjail-admin install -h ftp.jp.freebsd.org

ezjail-admin create test1 10.0.0.5

但是启动的时候报错:

fb1# ezjail-admin start
ezjailConfiguring jails:.
Starting jails:mount_nullfs: Operation not supported by device
mount: fdesc : Operation not supported by device
cannot start jail “test2″:
jail: execvp: /bin/sh: No such file or directory
mount_nullfs: Operation not supported by device
mount: fdesc : Operation not supported by device
cannot start jail “test1_com”:
jail: execvp: /bin/sh: No such file or directory
.

 

报错,看来还是内核问题:

fb1# ezjail-admin update -u
Cannot identify running kernel
fb1#

去下了9.0release的src,然后重新编译内核:

make -j4 buildkernel; make installkernel

重启后,jail工作正常。验证了确实是内核导致的问题。

FREEBSD下的JAIL虚拟机实践4 – ezjail实验2

不知道为什么,用ezjail建立的jails都无法运行:

fb1# jls
JID IP Address Hostname Path
fb1# ezjail-admin list
STA JID IP Hostname Root Directory
— —- ————— —————————— ————————
DS N/A 10.0.0.5 test7 /usr/jails/test7
DS N/A 10.0.0.7 test4.com /usr/jails/test4
DS N/A 10.0.0.6 test2 /usr/jails/test2

于是准备重新虚拟一台新的机器,一切从头来。参考:

https://www.freebsdchina.org/forum/viewtopic.php?t=54242&sid=eef3db0f185e9d9165dbba20255c05c4

这里讲可以不用make buildworld,这样可以节省大量的时间。

但是我用:ezjail-admin install 报错。后来发现是9.0之后,ftp那里发生了变化,导致install的脚本找不到文件。

经过很多磨难,最终“灵光一闪”,到官网下载了最新的ezjail,make install安装。

然后ezjail-admin install 就ok了

(### 修改配置文件,使ezjail可用
$ee /etc/rc.conf
ezjail_enable=”YES”
### 安装world & kernel
$ezjail-admin install -h ftp.tw.freebsd.org )

有可能需要更新($ezjail-admin update -u )

再创建一个最简单的jail:

ezjail-admin create test1.com 10.0.0.10

当然/etc/rc.conf中加入:

ifconfig_em0_alias0=”inet 10.0.0.10/32″
ezjail_enable=”YES”

然后:

fb2# jls
JID IP Address Hostname Path
fb2# ezjail-admin list
STA JID IP Hostname Root Directory
— —- ————— —————————— ————————
DS N/A 10.0.0.10 test1.com /usr/jails/test1.com

 

fb2# jls
JID IP Address Hostname Path
1 10.0.0.10 test1.com /usr/jails/test1.com
fb2# ezjail-admin list
STA JID IP Hostname Root Directory
— —- ————— —————————— ————————
DR 1 10.0.0.10 test1.com /usr/jails/test1.com
哈哈,终于起来了!

 

前面一直失败的原因,我认为应该是内核版本的问题,因为:

fb1# ezjail-admin update -u
Cannot identify running kernel
fb1#

而这台系统就是ok的:

fb2# ezjail-admin update -u
Looking up update.FreeBSD.org mirrors… 3 mirrors found.
Fetching public key from update5.FreeBSD.org… done.
Fetching metadata signature for 9.0-RELEASE from update5.FreeBSD.org…

11.19日补充:

由于放在photon的vps系统关闭,开机后jail无法运行,于是准备用ezjail重构。

ciias# ezjail-admin install -h ftp.jp.freebsd.org

由于photon对亚洲优化过,连freebsd的官网还不如到jp快。

ciias# ezjail-admin update -u

WARNING: FreeBSD 9.0-RELEASE is approaching its End-of-Life date.
It is strongly recommended that you upgrade to a newer
release within the next 2 months.
Installing updates… done.

在/etc/rc.conf 中加入虚拟ip地址:

ifconfig_re0_alias0=”inet 10.0.1.10/32″
ifconfig_re0_alias1=”inet 10.0.1.11/32″
ifconfig_re0_alias2=”inet 10.0.1.12/32″
ifconfig_re0_alias3=”inet 10.0.1.13/32″
ifconfig_re0_alias4=”inet 10.0.1.14/32″

添加jail虚拟机:

ezjail-admin create nginx 10.0.1.10

ezjail-admin create mysql 10.0.1.11

ezjail-admin start

ciias# jls
JID IP Address Hostname Path
1 10.0.1.10 nginx /usr/jails/nginx
2 10.0.1.11 mysql /usr/jails/mysql

做完才发现,更新ports前面用zjail-admin update -p,没通过,后来看那个相关文档,需要用大写P

ezjail-admin update -P

时间比较长,让机器后台去干吧!

允许在jail虚拟机里访问网络
$sysctl security.jail.allow_raw_sockets=1
$ee /etc/sysctl.conf
security.jail.allow_raw_sockets=1

 

另,虚拟机里的一些配置文件,应该在母机中就先配置好,这样省得每个jail都要进去配:域名解析/ip路由/root口令/常用包等。

freebsd内核编译、优化 zt

http://blog.chinaunix.net/space.php?uid=9419692&do=blog&id=3182631

一、内核编译
优化内核,去掉不用的组件及设备驱动,以提高系统效率,首先使用uname -a查看本机的内核详细版本,使用dmesg查看
本机所有的硬件信息,并进行相应的记录,后续编辑内核文件时要用到
1.安装CVSUP:
——————————
最好在安装时装好cvsup;
freebsd# cd /usr/ports/net/cvsup-without-gui/
freebsd# make install clean

2.升级源码:
——————————
freebsd# ee /usr/share/examples/cvsup/stable-supfile
把:
default host=CHANGE_THIS.FreeBSD.org
改为:
default host=cvsup.FreeBSDchina.org
src-all
freebsd# ee /usr/share/examples/cvsup/ports-supfile
把:
default host=CHANGE_THIS.FreeBSD.org
改为:
default host=cvsup.FreeBSDchina.org
freebsd# cvsup -g -L 2 /usr/share/examples/cvsup/stable-supfile
或者 csup -g -L 2 /usr/share/examples/cvsup/stable-supfile
freebsd# cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile
freebsd# cd /usr/obj
freebsd# chflags -R noschg *
freebsd# rm -rf *
3.重新编译源码和内核
———————————–
freebsd# cd /usr/src/sys/amd64(或i386—32位与64位,分别选择相应的)/conf/
freebsd# mkdir /root/kernels
freebsd# cp GENERIC /root/kernels/MYKERNEL
freebsd# cd /usr/src
freebsd# ln -s /root/kernels/MYKERNEL
freebsd# make buildworld //编译所有的系统程序
freebsd# make buildkernel KERNCONF=MYKERNEL //编译新的系统核心
freebsd# reboot
freebsd# make installkernel KERNCONF=MYKERNEL //安裝新的系统核心
freebsd# make installworld //安装新的系统程序
freebsd# reboot
重启系统用uname -a查看编辑后的内核是否是自己定制的内核;
编辑内核文件要注意的地方
device em # Broadcom BCM570xx Gigabit Ethernet //加载网卡,一定要慎重,特别是远程
如果不确定网卡型号,可用dmesg |less 查看
如新内核有问题,可以还的原内核文件
mv /boot/kernel /boot/kernel.bak
mv /boot/kernel.old /boot/kernel
4、附上优化后的内核文件:
—————————————————————-
cpu I686_CPU
ident MYKERNE
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ
options ALTQ_NOPCC
options SC_DISABLE_REBOOT
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options DUMMYNET
options HZ=1000
options IPSEC #IP security
device crypto
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
options STOP_NMI # Stop CPUS using NMI instead of IPI
options AUDIT # Security event auditing
# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC
# CPU frequency control
device cpufreq
# Bus support.
device eisa
device pci
# SCSI Controllers
device mpt # LSI-Logic MPT-Fusion
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
device agp # support several AGP chipsets
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the ‘device miibus’ line in order to use these NICs!
device miibus # MII bus support
device em
device le # Broadcom BCM570xx Gigabit Ethernet
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory “disks”
device gif # IPv6 and IPv4 tunneling
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device ukbd # Keyboard
二、内核参数优化
内核编译完后,就要对内核的参数做一些调整,以提高服务器的运行速度
/etc/sysctl.conf
———————————————————-
#通过源路由,攻击者可以尝试到达内部IP地址 –包括RFC1918中的地址,所以
不接受源路由信息包可以防止你的内部网络被探测
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
#安全参数,编译内核的时候加了options TCP_DROP_SYNFIN才可以用,可以阻止某些OS探测
net.inet.tcp.drop_synfin=1
#最大的待发送TCP数据缓冲区空间
net.inet.tcp.sendspace=65536
#最大的接受TCP缓冲区空间
net.inet.tcp.recvspace=65536
#最大的接受UDP缓冲区大小
net.inet.udp.recvspace=49152
#最大的发送UDP数据缓冲区大小
net.inet.udp.maxdgram=24576
#本地套接字连接的数据发送空间
net.local.stream.sendspace=65535
#加快网络性能的协议
net.inet.tcp.rfc1323=1
net.inet.tcp.rfc3042=1
net.inet.tcp.rfc3390=1
#最大的套接字缓冲区
kern.ipc.maxsockbuf=2097152
#系统中允许的最多文件数量
kern.maxfiles=65536
#每个进程能够同时打开的最大文件数量