カテゴリーアーカイブ:CentOS

CentOS7.8 setup

コメントを残す
update 
cat /etc/redhat-release
yum update
history 
shopt
vi /etc/profile.d/history.sh

HISTTIMEFORMAT='%F %T '
HISTSIZE=100000
HISTFILESIZE=100000
HISTIGNORE='history:pwd:ls:ls *:ll:w:top:df *'      # 保存しないコマンド
PROMPT_COMMAND='history -a; history -c; history -r' # 履歴のリアルタイム反映
timezone 
ll /etc/localtime
timedatectl
date

timedatectl set-timezone Asia/Tokyo
apache 
systemctl status apache
systemctl status httpd

yum install epel-release
yum install https://repo.ius.io/ius-release-el7.rpm

vi /etc/yum.repos.d/epel.repo
vi /etc/yum.repos.d/ius.repo
enabled=0

yum install centos-logos.noarch mailcap openldap-devel expat-devel libdb-devel openssl perl
yum --enablerepo=epel install nghttp2 brotli
yum install --disablerepo=base,extras,updates --enablerepo=ius httpd httpd-devel mod_ssl
yum list | grep httpd
systemctl start httpd
systemctl enable httpd.service

httpd -h
httpd -S
httpd -t -D DUMP_VHOSTS
httpd -t -D DUMP_RUN_CFG
httpd -v
httpd -V
httpd -l
httpd -t -D DUMP_MODULES
httpd -M
httpd -t -D DUMP_INCLUDES

ll /var/log/httpd/
less /etc/logrotate.conf
less /etc/logrotate.d/httpd

mkdir /var/www/html/php
chmod 777 /var/www/html/php/
ps aux | grep httpd
systemctl reload httpd
systemctl status httpd
systemctl restart httpd
systemctl status httpd
php5.4 
yum info php
rpm -q --changelog php | grep CVE | less

yum install php
php -v
php -r 'phpinfo();'  | less
php modules 
php -m | less
yum list --enablerepo=epel | grep php | less
yum install php-bcmath
php -m | less

vi bcmath.php
php bcmath.php
vi gettext.php
php gettext.php
vi gettext.php
php /var/www/html/php/phpinfo.php | less
yum list --enablerepo=epel | grep php | less
yum install php-pgsql
vi postgresql.php
php postgresql.php
mkdir php
vi *.php php/.
mv *.php php/.

php -m | less
yum install --enablerepo=epel php-pecl-redis
php -m | less
vi redis.php
php redis.php
php -m | less
postgresql13 
yum install postgresql
yum install centos-release-scl
yum repolist -q
yum repolist all | less
vi /etc/yum.repos.d/CentOS-SCLo-scl.repo
vi /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
↓
enabled=0

yum repolist all | less
yum repolist -q
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install postgresql13-contrib
yum install postgresql13-devel

yum repolist -q
yum install --enablerepo=epel postgresql13-devel
systemctl enable postgresql-13.service
ll /var/lib/pgsql/13/data/
PGSETUP_INITDB_OPTIONS="-E UTF8 --no-locale" /usr/pgsql-13/bin/postgresql-13-setup initdb
ll /var/lib/pgsql/13/data/
su - postgres

vi /var/lib/pgsql/.pgsql_profile
↓
PATH=/usr/pgsql-13/bin:$PATH
export PATH

which psql
psql -v
psql --version
/usr/pgsql-13/bin/psql --version
ls /bin/psql
ll /bin/psql
ll /etc/alternatives/pgsql-psql
pg_ctl
source .bash_profile

psql -l
psql -U postgres
createuser --login --pwprompt centos
createdb --owner=centos centos
systemctl start postgresql-13
ps aux | grep master
psql -U postgres
psql -l
redis6.2 
yum list | grep redis
yum list --enablerepo=epel | grep redis
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
vi /etc/yum.repos.d/remi.repo
vi /etc/yum.repos.d/remi-safe.repo
↓
enabled=0

yum info --enablerepo=epel,remi redis
yum install --enablerepo=epel,remi redis
less /usr/lib/systemd/system/redis.service
systemctl status redis
systemctl enable redis
systemctl status redis
ps aux | grep redis
systemctl start redis
ps aux | grep redis
redis-cli ping
systemctl status redis

less /etc/logrotate.d/redis
pure-ftpd1.0.43 
yum list | grep pure | less
yum list --enablerepo=epel | grep pure | less
cat /etc/redhat-release
yum update centos-release
→アップデート無し

yum repolist all | less
yum info --enablerepo=C7.0.1406-base pure-ftpd
yum search --enablerepo=C7.0.1406-base ftp
yum search ftp | less
yum install pure-ftpd
yum repolist all | less
yum list --enablerepo=epel | grep pure

cd /usr/local/src/
yum install wget
wget https://download.pureftpd.org/pub/pure-ftpd/releases/obsolete/pure-ftpd-1.0.43.tar.gz
tar xvzf pure-ftpd-1.0.43.tar.gz
cd pure-ftpd-1.0.43
yum install gcc
yum install openssl-devel
./configure --with-everything --with-paranoidmsg --without-capabilities --with-virtualchroot --with-uploadscript --with-tls
make
make install

https://gist.githubusercontent.com/zrong/c9588a17ccb15e75fdf7/raw/a24c563bfe0cdc238952ce24f560a8de42631c0f/pure-ftpd.sh

systemctl status pure-ftpd
cp configuration-file/pure-ftpd.conf /etc/.
cp configuration-file/pure-config.py /usr/local/bin/.
vi /etc/init.d/pure-ftpd
chmod 755 /etc/init.d/pure-ftpd
chmod 755 /usr/local/bin/pure-config.py
/etc/init.d/pure-ftpd start
ps aux | grep pure
yum install ftp
ftp localhost
java1.8.0 
yum list | grep java | less
yum install java-1.8.0-openjdk
java -version
node.js14 
yum list --enablerepo=epel | grep node | less
curl -fsSL https://rpm.nodesource.com/setup_14.x | bash -
vi /etc/yum.repos.d/nodesource-el7.repo
yum list | grep node
yum list | grep node | less
yum install nodejs
node -v
npm install forever -g
vi index.js
node index.js
forever start index.js
ll
vi node.js
mkdir node.js
mv index.js node.js/.

s3cmd

コメントを残す

cd /usr/local/src/
wget “http://sourceforge.net/projects/s3tools/files/latest/download?source=files”
mv download\?source\=files s3cmd-1.6.0.tar.gz
tar xvzf s3cmd-1.6.0.tar.gz
cd s3cmd-1.6.0
yum install python-setuptools
python ./setup.py install
s3cmd

 

[nilesflow@tk2-234-26954 glusterfs]$ s3cmd –configure
Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.

Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key: xxx
Secret Key: yyy
Default Region [US]: us-west-2

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: zzz
Path to GPG program [/usr/bin/gpg]:

When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [Yes]:

New settings:
Access Key: xxx
Secret Key: yyy
Default Region: us-west-2
Encryption password: zzz
Path to GPG program: /usr/bin/gpg
Use HTTPS protocol: True
HTTP Proxy server name:
HTTP Proxy server port: 0

Test access with supplied credentials? [Y/n] Y
Please wait, attempting to list all buckets…
Success. Your access key and secret key worked fine 🙂

Now verifying that encryption works…
Success. Encryption and decryption worked fine 🙂

Save settings? [y/N] y
Configuration saved to ‘/home/nilesflow/.s3cfg’

 

★PUT

[nilesflow@tk2-234-26954 s3cmd]$ s3cmd put s3cmd.txt s3://nilesflowfirstbucket
‘s3cmd.txt’ -> ‘s3://nilesflowfirstbucket/s3cmd.txt’ [1 of 1]
6 of 6 100% in 0s 72.27 B/s done
‘s3cmd.txt’ -> ‘s3://nilesflowfirstbucket/s3cmd.txt’ [1 of 1]
6 of 6 100% in 0s 42.13 B/s done

 

★マルチパートアップロード 50MB

[nilesflow@tk2-234-26954 s3cmd]$ dd if=/dev/zero of=s3cmd-50MB bs=50MB count=1
1+0 records in
1+0 records out
50000000 bytes (50 MB) copied, 0.191449 s, 261 MB/s
[nilesflow@tk2-234-26954 s3cmd]$ ll

[nilesflow@tk2-234-26954 s3cmd]$ s3cmd put –multipart-chunk-size-mb=5 s3cmd-50MB s3://nilesflowfirstbucket
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 1 of 10, 5MB]
5242880 of 5242880 100% in 0s 14.18 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 2 of 10, 5MB]
5242880 of 5242880 100% in 0s 14.37 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 3 of 10, 5MB]
5242880 of 5242880 100% in 0s 15.60 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 4 of 10, 5MB]
5242880 of 5242880 100% in 0s 12.77 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 5 of 10, 5MB]
5242880 of 5242880 100% in 0s 15.85 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 6 of 10, 5MB]
5242880 of 5242880 100% in 0s 15.12 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 7 of 10, 5MB]
5242880 of 5242880 100% in 0s 18.30 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 8 of 10, 5MB]
5242880 of 5242880 100% in 0s 10.19 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 9 of 10, 5MB]
5242880 of 5242880 100% in 0s 15.32 MB/s done
‘s3cmd-50MB’ -> ‘s3://nilesflowfirstbucket/s3cmd-50MB’ [part 10 of 10, 2MB]
2814080 of 2814080 100% in 0s 5.10 MB/s done

file or database

コメントを残す

#ファイルとDatabaseの書き込みの差

 

#filesystem read→write

10000ファイル

1.24ms

0.00012ms/req

 

#filesystem append

10000ファイル

0.26852 ms
3.0E-5ms/req

 

#psql insert

1000 insert

0.52306 ms
0.00052ms/req

※ ×10レコードでも大差無い

 

#psql insert

10000 insert

4.29751 ms
0.00043ms/req

pure-ftpd インストール postgres認証

コメントを残す

wget pure-ftpd-1.0.32

※1.0.42は、configure で、autoconfでエラー

※yum install (1.0.30)でも動作

 

cd pure-ftpd-1.0.32

./configure –with-pam –with-pgsql=/var/lib/pgsql

make

make install

cp xxx /etc/init.d/pure-ftpd-src

cp xxx /etc/pure-ftpd/pure-ftpd-src.conf

PGSQLConfigFile               /etc/pure-ftpd/pureftpd-pgsql.conf

PAMAuthentication             no

UnixAuthentication            no

CreateHomeDir               yes

 

/etc/pure-ftpd/pureftpd-pgsql.conf

諸々

SELECT “Password” FROM users WHERE “User”=’\L’

ダブルクォーテーションが必要

vsftpd posgres pam_pgsql

コメントを残す

postreqsql のインストール

yum install postgresql-server

# pam_pgsql をbuildするため

yum install postgresql-client

yum install postgresql-contrib

yum install postgresql-devel

 

pam_pgsqlのインストール

cd /usr/local/src/

wget https://github.com/pam-pgsql/pam-pgsql/archive/release-0.7.3.2.zip

unzip release-0.7.3.2.zip

cd pam-pgsql-release-0.7.3.2/

./autogen.sh

./configure –libdir=/lib64

#pamのlibが入っている

make

make install

# /usr/local/lib/security/pam_pgsql.so

 

vsftpd on postgresql

# su – postgres
-bash-4.1$ createuser vsftpd
新しいロールをスーパーユーザとしますか? (y/n)y
パスワード:

-bash-4.1$ psql -U postgres
ユーザ postgres のパスワード:

postgres=# alter user vsftpd with password ‘vsftpd’;
ALTER ROLE

-bash-4.1$ createdb vsftpd -U vsftpd
パスワード:

-bash-4.1$ psql -U vsftpd
ユーザ vsftpd のパスワード:

vsftpd=# CREATE TABLE “accounts”(
vsftpd(# “i_id” SERIAL,
vsftpd(# “s_username” VARCHAR(30) NOT NULL,
vsftpd(# “s_password” VARCHAR(50),
vsftpd(# “b_expired” BOOLEAN DEFAULT false,
vsftpd(# CONSTRAINT “accounts_s_username_key” UNIQUE(“s_username”)
vsftpd(# );
NOTICE: CREATE TABLEはシリアル列”accounts.i_id”用に暗黙的なシーケンス”accounts_i_id_seq”を作成します。
NOTICE: CREATE TABLE / UNIQUEはテーブル”accounts”に暗黙的なインデックス”accounts_s_username_key”を作成します
CREATE TABLE

vsftpd=# insert into accounts(s_username, s_password) values(‘xxxx’,md5(‘yyyyy’));

 

vsftpd設定

vi /etc/vsftpd/vsftpd.conf

pam_service_name=vsftpd

anonymous_enable=NO

virtual_use_local_privs=YES
guest_enable=YES
local_root=/home/nilesflow/vsftpd_root/$USER
hide_ids=YES
guest_username=nilesflow
user_sub_token=$USER

chroot_local_user=YES

dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
log_ftp_protocol=YES

 

vsftpd pam設定

vi /etc/pam.d/vsftpd

auth required pam_pgsql.so config_file=/etc/pam_pgsql_vsftpd.conf
account required pam_pgsql.so config_file=/etc/pam_pgsql_vsftpd.conf

 

vsftpd pam postgresql 設定

vi /etc/pam_pgsql_vsftpd.conf

debug
pw_type = md5
connect = hostaddr=127.0.0.1 port=5432 dbname=xxxxx user=xxxxx password=xxxxx connect_timeout=15
auth_query = select s_password from accounts where s_username = %u
acct_query = select b_expired as acc_expired, 0 as acc_new_pwreq, (s_password ISNULL OR s_password = ”) as user_password from accounts where s_username = %u

 

ディレクトリ作成

mkdir /home/nilesflow/vsftpd_root/nilesflow

 

local_rootでディレクトリ自動作成できないのが。。。

 

ディレクトリ作成できないのは、直接 secutil.c をいじればできるが(以下適当)

retval = str_mkdir(p_ext_dir_str, 0775);
chmod(str_getbuf(p_ext_dir_str), 0775);
retval = chown(str_getbuf(p_ext_dir_str), 0, 0);

Node.js foreverd daemon logrotate

コメントを残す

foreverをサービスとして起動

CentOS6.6、CentOS7.1

 

init.dの起動スクリプト+logrotate設定

https://github.com/nilesflow/centosetc

 

ログは、/var/log/foreverd.log

Node.jsログは、指定の場所に。

start の2重起動防止。

注意点は、foreverのHOMEディレクトリ。

HOME=xxxxxx

daemonの場合、ログインユーザでないため、/var/forever/.forever

ログインユーザの場合、/home/xxxxx/.forever

となる。

 

コマンドラインからの場合は、以下で参照可能。

HOME=xxxxxx forever list

※通常ユーザの場合、不要。

 

起動ユーザは、ログインユーザとdaemonに対応

forever-service はログ出力が制御できなかった。

initd-forever は、少し不足

 

以下のスクリプトを流用させてもらった

http://multix.jp/daemon-nodejs/

CentOS6.6 クライアント証明書 curl wget

コメントを残す

クライアント証明書にパスフレーズが含まれていると、

curlがエラーとなる

openssl pkcs12 -in client.pfx -out client.cert.pem -clcerts

curl https://xxxxx/ –cacert /etc/pki/CA/cacert.pem -E /etc/pki/CA/client/private/client.cert.pem
curl: (58) Unable to load client key -8178

curl https://xxxxx/ –cacert /etc/pki/CA/cacert.pem –cert /etc/pki/CA/client/certs/client.crt
curl: (58) Unable to load client key -8178.

curl https://xxxxx/ –cacert /etc/pki/CA/cacert.pem –cert /etc/pki/CA/client/certs/client.crt –key /etc/pki/CA/client/private/client.key
curl: (58) Unable to load client key -8178.

 

以下参照。

http://hogem.hatenablog.com/entry/2015/09/28/233000

http://stackoverflow.com/questions/20969241/curl-58-unable-to-load-client-key-8178

 

パスフレーズを外すと成功した

openssl rsa -in myclient.dev.furoom.net.key -out client.key.nopass
curl https://xxxxx/ –cacert /etc/pki/CA/cacert.pem –cert /etc/pki/CA/client/certs/client.crt –key /etc/pki/CA/client/private/client.key.nopass
→OK

 

wgetはパスフレーズ有りで成功した

wget -O – https://xxxxx/ –ca-certificate /etc/pki/CA/cacert.pem –certificate /etc/pki/CA/client/private/client.cert.pem

 

 

 

Nginx

コメントを残す