301 Moved Permanently:该方式将所有的 HTTP 请求重定向到 HTTPS 上,并且该重定向是永久性的。客户端在收到 301 响应后,会自动将 HTTP 请求转为 GET 请求,同时将请求地址修改为重定向后的地址。这意味着,如果原始请求是 POST 请求,那么 301 重定向会将其转变为 GET 请求。此外,浏览器会缓存 301 响应,下一次请求时会直接跳转到 HTTPS 上。
302 Found / 303 See Other:这两种方式将所有的 HTTP 请求临时性地重定向到 HTTPS 上。302 Found 的响应会将请求方法保持不变,同时将请求地址修改为重定向后的地址。而 303 See Other 则会将所有请求方法转变为 GET 方法,并将请求地址修改为重定向后的地址。这两种方式都不会缓存响应,下一次请求时会再次发起请求。
307 Temporary Redirect:该方式将所有的 HTTP 请求临时性地重定向到 HTTPS 上,并且会保留原始的请求方法。这意味着,如果原始请求是 POST 请求,那么重定向后的请求仍然是 POST 请求。同时,请求地址也会被修改为重定向后的地址。与 302 Found 类似,307 Temporary Redirect 不会缓存响应,下一次请求时会再次发起请求。
iptables开放内网端口4505和4506 iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 -m multiport –dports 4505,4506 -j ACCEPT /etc/init.d/iptables save
启动 /etc/init.d/salt-master start
开机启动 chkconfig salt-master on chkconfig –list salt-master
查看当前salt版本 salt –version salt 3000.5
查看当前salt组件版本 salt –versions-report Salt Version: Salt: 3000.5
Dependency Versions: cffi: Not Installed cherrypy: Not Installed dateutil: Not Installed docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 2.8.1 libgit2: Not Installed M2Crypto: Not Installed Mako: Not Installed msgpack-pure: Not Installed msgpack-python: 0.6.2 mysql-python: Not Installed pycparser: Not Installed pycrypto: 2.6.1 pycryptodome: Not Installed pygit2: Not Installed Python: 2.7.13 (default, May 8 2020, 22:36:22) python-gnupg: Not Installed PyYAML: 3.11 PyZMQ: 14.5.0 smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.0.5
System Versions: dist: centos 6.7 Final locale: UTF-8 machine: x86_64 release: 2.6———.el6.x86_64 system: Linux version: CentOS 6.7 Final
3.安装 minion 端
在minion机 配置yum源 wget -O /etc/yum.repos.d/salt.repo https://archive.repo.saltproject.io/yum/redhat/6/x86_64/saltstack-rhel6.repo sed -i ‘s/repo.saltstack.com/archive.repo.saltproject.io/g’ /etc/yum.repos.d/salt.repo
yum list |grep salt
修复[Errno 14]ssl错误 Loading mirror speeds from cached hostfile https://archive.repo.saltproject.io/yum/redhat/6/x86_64/latest/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. 关闭salt源,修改salt.repo 将里面的enabled=1改成enabled=0 sed -i ‘s/enabled=1/enabled=0/g’ /etc/yum.repos.d/salt.repo sed -n ‘/^enabled=/p’ /etc/yum.repos.d/salt.repo
默认的规则是使用glob匹配minion id salt ‘‘ test.ping salt ‘node‘ test.ping 正则表达式 salt ‘node[1|2]’ test.ping salt ‘node[!2]’ test.ping salt -E ‘server[1-3]’ test.ping salt -E ‘node(1|2)’ test.ping 指定列表 salt -L ‘server2,server3’ test.ping 指定ip salt -S ‘192.168.0.13’ test.ping 指定ip段 salt -S ‘192.168.0.0/24’ test.ping
测试 salt ‘*’ test.echo ‘hello’
网络 https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.network.html salt ‘‘ network.ping baidu.com # 使用ping命令测试到某主机的连通性 salt ‘‘ network.connect baidu.com 80 # #测试minion至某一台服务器的网络是否连通 salt ‘‘ network.default_route #查看默认路由 network.get_route #查询到一个目标网络的路由信息 network.netstat #返回所有打开的端口和状态 network.routes #返回当前路由表 salt ‘‘ network.get_hostname # 获取主机名 salt ‘‘ network.active_tcp # 返回所有活动的tcp连接 salt ‘‘ network.ip_addrs # 返回一个IPv4的地址列表 salt ‘‘ network.get_fqdn # 查看主机的fqdn(完全限定域名) salt ‘‘ network.interfaces
salt ‘‘ service.available sshd # 查看ssh服务是否可达 salt ‘‘ service.get_all # 查看所有启动的服务 salt ‘‘ service.status nginx # 查看指定服务是否在线 salt ‘‘ state.show_top # 查看top_file情况 salt ‘*’ disk.usage
查看进程 salt c1g-w01 cmd.run ‘ps aux|grep titanagent’ c1g-w01:
查看chconfig zabbix是否开启 salt ‘c1g-w01’ cmd.run ‘chkconfig –list|grep zabbix_agentd’ salt -N bak cmd.run ‘chkconfig –list|grep zabbix_agentd’ salt ‘*’ cmd.run ‘chkconfig –list|grep zabbix_agentd’
echo 'no-poll' >> /etc/dnsmasq.conf
echo 'strict-order' >> /etc/dnsmasq.conf
echo 'resolv-file=/etc/dnsmasq.d/resolv.dnsmasq.conf' >> /etc/dnsmasq.conf
echo 'addn-hosts=/etc/dnsmasq.d/dnsmasq.hosts' >> /etc/dnsmasq.conf
echo 'log-queries' >> /etc/dnsmasq.conf
echo 'cache-size=1024' >> /etc/dnsmasq.conf
echo 'listen-address=127.0.0.1,10.100.131.1' >> /etc/dnsmasq.conf
cp /etc/hosts /etc/dnsmasq.d/dnsmasq.hosts
vi /etc/resolv.conf
nameserver 127.0.0.1
vi /etc/dnsmasq.d/resolv.dnsmasq.conf
nameserver 114.114.114.114
nameserver 223.5.5.5
dnsmasq --test
dnsmasq: syntax check OK.
/etc/init.d/dnsmasq start
chkconfig dnsmasq on
iptables -A INPUT -p tcp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT
/etc/init.d/iptables save
客户端 vi /etc/resolv.conf nameserver 192.168.0.56
dnsmasq -v Dnsmasq version 2.48 Copyright (C) 2000-2009 Simon Kelley Compile time options IPv6 GNU-getopt DBus no-I18N DHCP TFTP “–bind-interfaces with SO_BINDTODEVICE”
This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free software, and you are welcome to redistribute it under the terms of the GNU General Public License, version 2 or 3.
checking for a Python interpreter with version >= 2.5… none configure: error: no suitable Python interpreter found configure: error: ./configure.gnu failed for modules/afamqp/rabbitmq-c
tar -zxvf eventlog_0.2.12.tar.gz cd eventlog-0.2.12 ./configure –prefix=/usr/local/eventlog_0.2.12 make && make install cd /usr/local/ ln -s eventlog_0.2.12 eventlog cd –
2.安装libol mv files?path=%2Flibol%2F0.3%2Flibol-0.3.18.tar.gz libol-0.3.18.tar.gz tar -zxvf libol-0.3.18.tar.gz cd libol-0.3.18 ./configure –prefix=/usr/local/libol-0.3.18 make && make install cd /usr/local/ ln -s libol-0.3.18 libol cd –
tar -zxvf syslog-ng_3.3.9.tar.gz cd syslog-ng-3.3.9 ./configure –prefix=/usr/local/syslog-ng_3.3.9 –with-libol=/usr/local/libol/ –enable-pcre –disable-ipv6 make && make install cd /usr/local/ ln -s syslog-ng_3.3.9 syslog-ng
/usr/local/syslog-ng_3.3.9/sbin/syslog-ng -V
二.方式1配置
vi /opt/nginx/conf/nginx.conf access_log syslog:local5:notice:/dev/log:adminsyslog.c1gstudio.com access ;
Some settings on your machine make Composer unable to work properly. Make sure that you fix the issues listed below and run this script again:
The phar extension is missing. Install it or recompile php without –disable-phar
–with-curlwrappers 错误 PHP was compiled with –with-curlwrappers which will cause issues with HTTP authentication and GitHub. Recompile it without this flag if possible
Loading composer repositories with package information Updating dependencies (including require-dev) Package operations: 1 install, 0 updates, 0 removals
Installing php-amqplib/php-amqplib (v2.8.1): Downloading (failed) Downloading (failed) Downloading (failed) Failed to download php-amqplib/php-amqplib from dist: Th e “https://api.github.com/repos/php-amqplib/php-amqplib/zipball/84449ffd3f5a7466 bbee3946facb3746ff11f075″ file could not be downloaded: SSL operation failed wit h code 1. OpenSSL Error messages: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Failed to enable crypto failed to open stream: operation failed Now trying to download from source
wget –no-check-certificate https://www.openssl.org/source/openssl-1.1.1l.tar.gz tar -zxvf openssl-1.1.1l.tar.gz cd openssl-1.1.1l ./config shared zlib make && make install
openssl version openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
openssl version OpenSSL 1.1.1l 24 Aug 2021
3.安装pcre
pcre没找到,编辑时加上–with-pcre=../pcre-8.30 \ 0.10/src/ngx_stream_lua_regex.c:205: undefined reference to `pcre_jit_stack_alloc’ collect2: ld returned 1 exit status
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.30.tar.gz tar xzvf pcre-8.30.tar.gz cd pcre-8.30 ./configure –enable-utf8 –enable-unicode-properties make make install ln -s /lib64/libpcre.so.0.0.1 /lib64/libpcre.so.1
4.下载ngx_cache_purge清缓组件
wget http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz tar zxvf ngx_cache_purge-2.3.tar.gz
5.安装openresty
wget https://openresty.org/download/openresty-1.19.9.1.tar.gz tar zxvf openresty-1.19.9.1.tar.gz cd openresty-1.19.9.1
伪装openresty为xcdn sed -i ‘s/”openresty/”xcdn/g’ bundle/nginx-1.19.9/src/core/nginx.h sed -i “s#Server: openresty#Server: xcdn#” bundle/nginx-1.19.9/src/http/ngx_http_header_filter_module.c sed -i “s#\”
配置时一些错误 nginx: [alert] failed to load the ‘resty.core’ module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module ‘resty.core’ not found: no field package.preload[‘resty.core’] no file ‘/opt/nginx/conf/waf/resty/core.lua’ no file ‘/opt/openresty-1.19.9.1/lualib/resty/resty/core.lua’ no file ‘/opt/openresty-1.19.9.1/site/lualib/resty/core.so’ no file ‘/opt/openresty-1.19.9.1/lualib/resty/core.so’ no file ‘./resty/core.so’ no file ‘/usr/local/lib/lua/5.1/resty/core.so’ no file ‘/opt/openresty-1.19.9.1/luajit/lib/lua/5.1/resty/core.so’ no file ‘/usr/local/lib/lua/5.1/loadall.so’ no file ‘/opt/openresty-1.19.9.1/site/lualib/resty.so’ no file ‘/opt/openresty-1.19.9.1/lualib/resty.so’ no file ‘./resty.so’ no file ‘/usr/local/lib/lua/5.1/resty.so’ no file ‘/opt/openresty-1.19.9.1/luajit/lib/lua/5.1/resty.so’ no file ‘/usr/local/lib/lua/5.1/loadall.so’) in /opt/openresty-1.19.9.1/nginx/conf/nginx.conf:214
–without-lua_cjson disable the lua-cjson library –without-lua_tablepool disable the lua-tablepool library (and by consequence, the lua-resty-shell library) –without-lua_redis_parser disable the lua-redis-parser library –without-lua_rds_parser disable the lua-rds-parser library –without-lua_resty_dns disable the lua-resty-dns library –without-lua_resty_memcached disable the lua-resty-memcached library –without-lua_resty_redis disable the lua-resty-redis library –without-lua_resty_mysql disable the lua-resty-mysql library –without-lua_resty_upload disable the lua-resty-upload library –without-lua_resty_upstream_healthcheck disable the lua-resty-upstream-healthcheck library –without-lua_resty_string disable the lua-resty-string library –without-lua_resty_websocket disable the lua-resty-websocket library –without-lua_resty_limit_traffic disable the lua-resty-limit-traffic library –without-lua_resty_lock disable the lua-resty-lock library –without-lua_resty_lrucache disable the lua-resty-lrucache library –without-lua_resty_signal disable the lua-resty-signal library (and by consequence, the lua-resty-shell library) –without-lua_resty_shell disable the lua-resty-shell library –without-lua_resty_core disable the lua-resty-core library
–with-luajit=DIR use the external LuaJIT 2.1 installation specified by DIR –with-luajit-xcflags=FLAGS Specify extra C compiler flags for LuaJIT 2.1 –with-luajit-ldflags=FLAGS Specify extra C linker flags for LuaJIT 2.1 –without-luajit-lua52 Turns off the LuaJIT extensions from Lua 5.2 that may break backward compatibility –without-luajit-gc64 Turns off the LuaJIT GC64 mode (which is enabled by default on x86_64)
–with-libdrizzle=DIR specify the libdrizzle 1.0 (or drizzle) installation prefix –with-libpq=DIR specify the libpq (or postgresql) installation prefix –with-pg_config=PATH specify the path of the pg_config utility
Options directly inherited from nginx
–sbin-path=PATH set nginx binary pathname –modules-path=PATH set modules path –conf-path=PATH set nginx.conf pathname –error-log-path=PATH set error log pathname –pid-path=PATH set nginx.pid pathname –lock-path=PATH set nginx.lock pathname
–user=USER set non-privileged user for worker processes –group=GROUP set non-privileged group for worker processes
–build=NAME set build name –builddir=DIR set build directory
–with-http_perl_module enable ngx_http_perl_module –with-http_perl_module=dynamic enable dynamic ngx_http_perl_module –with-perl_modules_path=PATH set Perl modules path –with-perl=PATH set perl binary pathname
–http-log-path=PATH set http access log pathname –http-client-body-temp-path=PATH set path to store http client request body temporary files –http-proxy-temp-path=PATH set path to store http proxy temporary files –http-fastcgi-temp-path=PATH set path to store http fastcgi temporary files –http-uwsgi-temp-path=PATH set path to store http uwsgi temporary files –http-scgi-temp-path=PATH set path to store http scgi temporary files
–without-http disable HTTP server –without-http-cache disable HTTP cache
–with-cc=PATH set C compiler pathname –with-cpp=PATH set C preprocessor pathname –with-cc-opt=OPTIONS set additional C compiler options –with-ld-opt=OPTIONS set additional linker options –with-cpu-opt=CPU build for the specified CPU, valid values: pentium, pentiumpro, pentium3, pentium4, athlon, opteron, sparc32, sparc64, ppc64
–without-pcre disable PCRE library usage –with-pcre force PCRE library usage –with-pcre=DIR set path to PCRE library sources –with-pcre-opt=OPTIONS set additional build options for PCRE –with-pcre-jit build PCRE with JIT compilation support
–with-zlib=DIR set path to zlib library sources –with-zlib-opt=OPTIONS set additional build options for zlib –with-zlib-asm=CPU use zlib assembler sources optimized for the specified CPU, valid values: pentium, pentiumpro
–with-libatomic force libatomic_ops library usage –with-libatomic=DIR set path to libatomic_ops library sources
–with-openssl=DIR set path to OpenSSL library sources –with-openssl-opt=OPTIONS set additional build options for OpenSSL
–dry-run dry running the configure, for testing only –platform=PLATFORM forcibly specify a platform name, for testing only
安装jemalloc是可能出现autoconf版本不够高 configure.ac:2: error: Autoconf version 2.68 or higher is required configure.ac:2: the top level autom4te: /usr/bin/m4 failed with exit status: 63 Error 0 in autoconf
升级autoconf yum -y install autogen autoconf Package autoconf-2.63-5.1.el6.noarch already installed and latest version Nothing to do
wget -O jemalloc-5.2.1.tar.gz https://github.com/jemalloc/jemalloc/archive/refs/tags/5.2.1.tar.gz tar -xf jemalloc-5.2.1.tar.gz && cd jemalloc-5.2.1 ./autogen.sh
make -j8 make install
如果/usr/local/lib 没在ldconfig中 echo ‘/usr/local/lib’ > /etc/ld.so.conf.d/local.conf ldconfig cd ..
3、lua安装
curl -R -O http://www.lua.org/ftp/lua-5.4.3.tar.gz tar zxf lua-5.4.3.tar.gz cd lua-5.4.3 make linux make install cd ..
4、安装luajit
然后从https://github.com/openresty/luajit2下载安装 https://github.com/openresty/luajit2/archive/refs/heads/v2.1-agentzh.zip unzip luajit2-2.1-agentzh.zip cd luajit2-2.1-agentzh make && make install cd ..
近期评论