centos7 升级内核

  1. 使用下面的脚本更新 kernel
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install kernel-ml
  1. 编辑“/etc/default/grub”文件,修改 “GRUB_DEFAULT” 为 0
  2. 运行下面的命令重建内核配置
grub2-mkconfig -o /boot/grub2/grub.cfg
  1. 重启服务器查看kernel 是否升级成功

参考链接: https://linuxstory.org/how-to-install-or-upgrade-the-latest-kernel-in-centos-7/#:~:text=%E5%9C%A8%20CentOS%207%20%E5%90%AF%E7%94%A8%20ELRepo%20%E4%BB%93%E5%BA%93%E5%90%AF%E7%94%A8%E5%90%8E%EF%BC%8C%E4%BD%A0%E5%8F%AF%E4%BB%A5%E4%BD%BF%E7%94%A8%E4%B8%8B%E9%9D%A2%E7%9A%84%E5%91%BD%E4%BB%A4%E5%88%97%E5%87%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%86%85%E6%A0%B8%E7%9B%B8%E5%85%B3%E5%8C%85%EF%BC%9A%20%23%20yum,-%20%E6%89%BE%E5%87%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%86%85%E6%A0%B8%E7%89%88%E6%9C%AC%20%E6%8E%A5%E4%B8%8B%E6%9D%A5%EF%BC%8C%E5%AE%89%E8%A3%85%E6%9C%80%E6%96%B0%E7%9A%84%E4%B8%BB%E7%BA%BF%E7%A8%B3%E5%AE%9A%E5%86%85%E6%A0%B8%EF%BC%9A%20%23%20yum%20–enablerepo%3Delrepo-kernel%20install%20kernel-ml

debian10 安装 yapi

前置条件有下面两个
  1. 安装node并确保 node 版本=> 7.6 目前测试node14 node16 也不满足要求, 目前使用的node版本是10
  2. 安装mongodb并确保 mongodb 版本 => 2.6,请运行 mongo –version 查看版本号
具体安装步骤
  • 运行下面的命令安装 yapi 的引导工具 
    npm install -g yapi-cli --registry https://registry.npm.taobao.org
npm install -g node-gyp
npm install -g pm2
yapi server
  • 根据命令行提示信息,在浏览器中访问部署页面

  • 选择部署版本 -> 输入公司名称 -> 输入yapi的部署路径 -> 输入管理员邮箱 -> 输入网站端口号 ->输入数据库地址 -> 输入数据库端口 —> 输入数据库名 -> 选择开始部署

  • 初始化管理员账号成功,账号名:”admin@admin.com”,密码:”ymfe.org”部署成功,请切换到部署目录,输入: “pm2 start vendors/server/app.js” 指令启动服务器, 然后在浏览器打开 http://127.0.0.1:3000 访问

  • 下面命令是设置 pm2 命令开机启动

    pm2 startup
pm2 save

参考链接: https://github.com/YMFE/yapi/issues/16 ; https://mp.weixin.qq.com/s/XNntrSbRhOokQivC9Hffwg

ubuntu20.04 初始化脚本

#!/bin/bash

#update soft
apt update && apt upgrade
apt install wget tar curl rsync bzip2 lsof telnet htop screen tree vim gcc tree git make net-tools lrzsz psmisc hwloc gsmartcontrol chrony -y

#时间设置 
timedatectl set-local-rtc 1
timedatectl set-timezone Asia/Shanghai
systemctl start chrony
systemctl enable chrony


cat <<EOF | sudo tee /lib/systemd/system/rc.local.service
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=no
GuessMainPID=no

[Install]
WantedBy=multi-user.target
Alias=rc-local.service
EOF

ln -s /lib/systemd/system/rc.local.service /etc/systemd/system/rc.local.service


cat <<EOF | sudo tee /etc/rc.local
#!/bin/bash
# 将你需要执行的命令写在这里,禁止写入死循环命令

exit 0
EOF

chmod 755 /etc/rc.local

#设置最大打开文件描述符数
cat >> /etc/security/limits.conf <<EOF
*           soft   nofile       65535
*           hard   nofile       65535
EOF

#set ssh
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl  restart sshd.service


# profile 修改
echo "export HISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
echo "" >> /etc/profile
echo "## 自定义别名" >> /etc/profile
echo "alias c=clear" >> /etc/profile
echo "alias vi=vim" >> /etc/profile
echo "alias dsh='du -hsx * | sort -rh | head -n 10'" >> /etc/profile
sed -i 's/HISTSIZE=1000/HISTSIZE=10000/g' /etc/profile
source /etc/profile

Nginx 禁止国外ip访问(debian版本)

  1. 参考下面脚本安装 Nginx
#!/bin/bash
## install nginx
WORK_DIR=`mktemp -d`
apt install wget libpcre3 libpcre3-dev zlib1g-dev \
    openssl libssl-dev libxml2 libxml2-dev libxslt-dev  \
    gcc  make libgd-dev  libgeoip-dev  libperl-dev libmaxminddb* 
cd /opt && git clone https://github.com/leev/ngx_http_geoip2_module.git

cd $WORK_DIR
wget http://nginx.org/download/nginx-1.20.1.tar.gz

tar zxvf nginx-1.20.1.tar.gz && cd nginx-1.20.1
./configure --prefix=/opt/nginx --user=apache --group=apache \
    --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module \
    --with-pcre --with-http_v2_module --with-http_dav_module \
    --with-http_flv_module --with-http_realip_module --with-http_addition_module \
    --with-http_xslt_module --with-http_sub_module --with-http_random_index_module \
    --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module \
    --add-module=/opt/ngx_http_geoip2_module \
    --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install
cd ~ && [ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
cat /etc/passwd | grep apache
if [ $? -ne 0 ];then
    groupadd apache
    useradd -g apache -s /sbin/nologin -c "apache" apache
fi
  1. 下面一个示例的 nginx 配置文件
user  apache;
worker_processes  auto;

events {
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  65;
    gzip  on;

    #  GeoLite2-Country.mmdb 这个文件需要到 'https://dev.maxmind.com' 自行下载并放到 ' /usr/share/GeoIP' 这个目录下
    geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
        auto_reload 5m;
        $geoip2_data_country_code country iso_code;
    }

    map $geoip2_data_country_code $allowed_country {
        default yes;
        CN no;
    }

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        if ($allowed_country = yes) {
            return 403;
        }
    }

}
  1. 测试的话需要用一个国外的节点进行测试

centos7 配置正向代理

运行以下脚本安装nginx , 该脚本只针对nginx-1.20.1 版本 

#!/bin/bash
## install nginx

WORK_DIR=`mktemp -d`
yum install wget gcc gcc-c++ automake pcre pcre-devel zlib-devel openssl openssl-devel  git libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed -y
cd $WORK_DIR
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz && cd nginx-1.20.1
patch -p1 < $WORK_DIR/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
./configure --prefix=/opt/nginx --add-module=$WORK_DIR/ngx_http_proxy_connect_module --user=apache --group=apache --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_v2_module --with-http_dav_module --with-http_flv_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_random_index_module --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install

cd  ~
[ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
groupadd apache
useradd -g apache -s /sbin/nologin -c "apache" apache

下面是一个正向代理的配置文件示例: 

server {
     listen  0.0.0.0:10713;

     access_log logs/10713.access.log;
     error_log logs/10713.error.log;

     resolver                       114.114.114.114  ipv6=off; # 关闭ipv6 解决可能会出现失败的问题

     proxy_connect;
     proxy_connect_allow            all; # 允许所有接口通过该端口转发
     proxy_connect_connect_timeout  100s;
     proxy_connect_read_timeout     100s;
     proxy_connect_send_timeout     100s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$http_host;  # 这儿的设置可以解决代理非常规端口的问题
         proxy_set_header Host $host;
     }
 }

参考: https://github.com/chobits/ngx_http_proxy_connect_module