centos7 配置正向代理

运行以下脚本安装nginx , 该脚本只针对nginx-1.20.1 版本 

#!/bin/bash
## install nginx

WORK_DIR=`mktemp -d`
yum install wget gcc gcc-c++ automake pcre pcre-devel zlib-devel openssl openssl-devel  git libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed -y
cd $WORK_DIR
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz && cd nginx-1.20.1
patch -p1 < $WORK_DIR/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
./configure --prefix=/opt/nginx --add-module=$WORK_DIR/ngx_http_proxy_connect_module --user=apache --group=apache --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_v2_module --with-http_dav_module --with-http_flv_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_random_index_module --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install

cd  ~
[ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
groupadd apache
useradd -g apache -s /sbin/nologin -c "apache" apache

下面是一个正向代理的配置文件示例: 

server {
     listen  0.0.0.0:10713;

     access_log logs/10713.access.log;
     error_log logs/10713.error.log;

     resolver                       114.114.114.114  ipv6=off; # 关闭ipv6 解决可能会出现失败的问题

     proxy_connect;
     proxy_connect_allow            all; # 允许所有接口通过该端口转发
     proxy_connect_connect_timeout  100s;
     proxy_connect_read_timeout     100s;
     proxy_connect_send_timeout     100s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$http_host;  # 这儿的设置可以解决代理非常规端口的问题
         proxy_set_header Host $host;
     }
 }

参考: https://github.com/chobits/ngx_http_proxy_connect_module

debian10 安装 rabbitmq

直接运行下面的脚本 

#!/usr/bin/sh

sudo apt-get install curl gnupg apt-transport-https -y

## Team RabbitMQ's main signing key
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
## Cloudsmith: modern Erlang repository
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
## Cloudsmith: RabbitMQ repository
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg > /dev/null

## Add apt repositories maintained by Team RabbitMQ
sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
## Provides modern Erlang/OTP releases
##
deb [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu bionic main
deb-src [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu bionic main

## Provides RabbitMQ
##
deb [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu bionic main
deb-src [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu bionic main
EOF

## Update package indices
sudo apt-get update -y

## Install Erlang packages
sudo apt-get install -y erlang-base \
                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                        erlang-runtime-tools erlang-snmp erlang-ssl \
                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

## Install rabbitmq-server and its dependencies
sudo apt-get install rabbitmq-server -y --fix-missing

再依次运行下面的命令 

rabbitmq-plugins enable rabbitmq_management
rabbitmqctl add_user admin password
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
systemctl restart rabbitmq-server.service
systemctl enable rabbitmq-server.service

参考: https://www.rabbitmq.com/install-debian.html#apt-quick-start-cloudsmith

debian 通过 apt 方式安装 PHP7.4

sudo apt update
sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
wget https://packages.sury.org/php/apt.gpg
sudo apt-key add apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php7.list
sudo apt update
sudo apt install -y php7.4 php7.4-cli php7.4-common php7.4-fpm php7.4-curl php7.4-bcmath php7.4-bz2 php7.4-dba php7.4-dom php7.4-enchant php7.4-gd php7.4-gmp php7.4-igbinary php7.4-imagick php7.4-zip php7.4-xsl php7.4-curl php7.4-xmlwriter php7.4-xmlrpc php7.4-xmlreader php7.4-xml php7.4-xdebug php7.4-tidy php7.4-swoole php7.4-soap php7.4-snmp php7.4-SimpleXML php7.4-redis php7.4-amqp php7.4-apcu php7.4-imap  php7.4-intl php7.4-ldap php7.4-mbstring php7.4-mcrypt php7.4-memcached php7.4-mongodb php7.4-pspell php7.4-pgsql php7.4-odbc php7.4-dev

systemctl start  php7.4-fpm
systemctl enable  php7.4-fpm
systemctl status  php7.4-fpm

参考文章: https://www.itzgeek.com/how-tos/linux/debian/how-to-install-php-7-3-7-2-7-1-on-debian-10-debian-9-debian-8.html

Nginx 源码安装脚本(debian版本)

#!/bin/bash
## install nginx
WORK_DIR=`mktemp -d`
apt install wget libpcre3 libpcre3-dev zlib1g-dev \
    openssl libssl-dev libxml2 libxml2-dev libxslt-dev  \
    gcc  make libgd-dev  libgeoip-dev libpcre3-dev libperl-dev -y
cd $WORK_DIR
wget http://nginx.org/download/nginx-1.27.2.tar.gz

tar zxvf nginx-1.27.2.tar.gz && cd nginx-1.27.2
./configure --prefix=/opt/nginx --user=apache --group=apache \
    --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module \
    --with-pcre --with-http_v2_module --with-http_dav_module \
    --with-http_flv_module --with-http_realip_module --with-http_addition_module \
    --with-http_xslt_module --with-http_sub_module --with-http_random_index_module \
    --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module \
    --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install
[ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
cat /etc/passwd | grep apache
if [ $? -ne 0 ];then
    groupadd apache
    useradd -g apache -s /sbin/nologin -c "apache" apache
fi

python3 监控域名证书到期时间,并实现叮叮的及时报警

# _*_coding=utf-8 _*_
# @author 云深沾衣
# @date 2021/11/5 16:33

import re
import subprocess
from datetime import datetime
import requests


class DomainCheck:
    def __init__(self, domain_file='domain_file.txt', log_file='log.txt'):
        self.domain_file = domain_file
        self.log_file = log_file

    check_days = 5
    dingding_token = 'your_dingding_token'
    dingding_url = 'https://oapi.dingtalk.com/robot/send?access_token='

    def check_domain_ssl_status(self):
        with open(self.domain_file) as f:
            self.write_log_to_file('<------  ' + str(datetime.now()) + '    ------>' + '\n')
            for line in f:
                line = line.replace('\n', '').replace('\r', '').strip()
                if not line.startswith("#") and len(line) > 0:
                    expire_date = self.get_cert_expire_date(line)
                    content = line + ' :    ' + str(expire_date) + '\n'
                    self.write_log_to_file(content)
                    if expire_date <= self.check_days:
                        self.send_to_dingding(content)

    def send_to_dingding(self, content):
        content_data = {
            "msgtype": "text",
            "text": {
                "content": content
            }
        }
        requests.post(self.dingding_url + self.dingding_token, json=content_data)

    def write_log_to_file(self, content):
        with open(self.log_file, mode='a') as f:
            f.write(content)

    @staticmethod
    def parse_time(date_str):
        return datetime.strptime(date_str, "%b %d %H:%M:%S %Y GMT")

    @staticmethod
    def get_re_match_result(pattern, string):
        match = re.search(pattern, string)
        return match.group(1)

    def get_cert_info(self, domain):
        """获取证书信息"""
        cmd = f"curl -Ivs https://{domain} --connect-timeout 10"  # 这儿的 curl 应该使用最新版
        exitcode, output = subprocess.getstatusoutput(cmd)
        try:
            expire_date = self.get_re_match_result('expire date: (.*)', output)
        except:
            content = domain + ": This domain check failed , please check reason"
            self.send_to_dingding(content)
            expire_date = "Aug  7 00:28:51 2020 GMT"
        expire_date = self.parse_time(expire_date)
        return expire_date

    def get_cert_expire_date(self, domain):
        """获取证书剩余时间"""
        expire_date = self.get_cert_info(domain)
        # 剩余天数
        return (expire_date - datetime.now()).days


domain_check = DomainCheck('/opt/sh/text.txt', '/opt/sh/log.txt')
domain_check.check_domain_ssl_status()