記得將 user (自己的帳號) 加入 wheel 的這個 GROUP 裏面。
http://www.openfoundry.org/tech-column/8309
修改 /etc/rc.conf
伺服器換新 ip 時:
更改網卡 ip : 修改 /etc/rc.conf
改 ip: #nano /etc/hosts , 192.168.1.2 f f.xxx.edu.tw //增加一行:"Your IP" "hostname" "hostname+domain" (改成新 ip)
改 ip: phpmyadmin 目錄下的 config.inc.php ,裏面有一行 $cfg['PmaAbsoluteUri'] = 'http://11.22.33.44/phpmyadmin/'; 改成新 ip
以下是設置ssh之方法:
1.修改/etc/ssh/sshd_config
改為:
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
存檔離開
2.修改/etc/inetd.conf
將以下的註解拿掉
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
存檔離開
3.在/etc/rc.conf加入
sshd_enable="YES"
存檔離開
4.輸入
/etc/rc.d/sshd restart
重啟sshd
Apache/2.2.25 (FreeBSD) PHP/5.4.17 mod_ssl/2.2.25 OpenSSL/0.9.8y DAV/2
查 mysql 版本
#mysql -V
mysql Ver 14.14 Distrib 5.5.33, for FreeBSD9.2 (amd64) using 5.2
# make install clean
重裝指令:
# make config reinstall clean
# cd /usr/ports/lang/php5
# make config install clean
勾選APACHE Build Apache module
# cd /usr/ports/lang/php5-extensions
# make config install clean
勾選 GD、MYSQL、MySQLI、MBSTRING、ZIP 和 ZLIB
找 ports 裏跟 php5 有關的:
find /usr/ports -type d -iname "php5-*"
/usr/ports/lang/php5-extensions
/usr/ports/ftp/php5-curl
/usr/ports/ftp/php5-ftp
/usr/ports/sysutils/php5-posix
/usr/ports/sysutils/php5-fileinfo
/usr/ports/www/php5-session
/usr/ports/www/php5-tidy
/usr/ports/math/php5-gmp
/usr/ports/math/php5-bcmath
/usr/ports/net-mgmt/php5-snmp
/usr/ports/net/php5-soap
/usr/ports/net/php5-xmlrpc
/usr/ports/net/php5-ldap
/usr/ports/net/php5-sockets
/usr/ports/databases/php5-mysqli
/usr/ports/databases/php5-sybase_ct
/usr/ports/databases/php5-mssql
/usr/ports/databases/php5-redis
/usr/ports/databases/php5-sqlite3
/usr/ports/databases/php5-pdo_dblib
/usr/ports/databases/php5-pdo_odbc
/usr/ports/databases/php5-pdo_pgsql
/usr/ports/databases/php5-pdo_sqlite
/usr/ports/databases/php5-pdo_firebird
/usr/ports/databases/php5-interbase
/usr/ports/databases/php5-pgsql
/usr/ports/databases/php5-odbc
/usr/ports/databases/php5-pdo
/usr/ports/databases/php5-dba
/usr/ports/databases/php5-propel
/usr/ports/databases/php5-mysql
/usr/ports/databases/php5-pdo_cassandra
/usr/ports/databases/php5-pdo_mysql
/usr/ports/databases/php5-creole
/usr/ports/chinese/php5-cconv
/usr/ports/archivers/php5-phar
/usr/ports/archivers/php5-bz2
/usr/ports/archivers/php5-zlib
/usr/ports/archivers/php5-zip
/usr/ports/mail/php5-imap
/usr/ports/security/php5-openssl
/usr/ports/security/php5-hash
/usr/ports/security/php5-filter
/usr/ports/security/php5-mcrypt
/usr/ports/devel/php5-sysvsem
/usr/ports/devel/php5-thrift
/usr/ports/devel/php5-shmop
/usr/ports/devel/php5-blitz-devel
/usr/ports/devel/php5-json
/usr/ports/devel/php5-ice
/usr/ports/devel/php5-readline
/usr/ports/devel/php5-dav
/usr/ports/devel/php5-pcntl
/usr/ports/devel/php5-sysvmsg
/usr/ports/devel/php5-msgpack
/usr/ports/devel/php5-gettext
/usr/ports/devel/php5-sysvshm
/usr/ports/devel/php5-blitz
/usr/ports/devel/php5-tokenizer
/usr/ports/devel/php5-geshi
/usr/ports/devel/php5-pinba
/usr/ports/misc/php5-calendar
/usr/ports/japanese/php5-mecab
/usr/ports/textproc/php5-xmlwriter
/usr/ports/textproc/php5-pspell
/usr/ports/textproc/php5-wddx
/usr/ports/textproc/php5-dom
/usr/ports/textproc/php5-xsl
/usr/ports/textproc/php5-ctype
/usr/ports/textproc/php5-simplexml
/usr/ports/textproc/php5-xml
/usr/ports/textproc/php5-xmlreader
/usr/ports/converters/php5-recode
/usr/ports/converters/php5-mbstring
/usr/ports/converters/php5-iconv
/usr/ports/converters/php5-bsdconv
/usr/ports/graphics/php5-gd
/usr/ports/graphics/php5-exif
/usr/ports/graphics/php5-swfed
/usr/ports/graphics/php5-chartdirector
/usr/ports/graphics/php5-ffmpeg
安裝 extention 示例:
如 fileinfo extension 供 joomla 的 userport 使用 >
cd /usr/ports/sysutils/php5-fileinfo (ports 的目錄請參考上面引用文字段落)
make install clean
nano /usr/local/etc/php/extensions.ini (看最後一行有沒有出現 extension=fileinfo.so)
重啟 apache22
到 joomla 後台看 php info 中 fileinfo 模組有無被啟用。
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
以利往後的修改。
/usr/local/etc/php.ini 改以下幾個地方:
memory_limit = 228M
post_max_size = 80M
upload_max_filesize = 20M
date.timezone = "Asia/Taipei"
short_open_tag = On
;不顯示php版本
expose_php = off
;限制 JavaScript 存取 cookies
session.cookie_httponly=1
;修正 joomla 錯誤訊息
upload_tmp_dir = /tmp
存檔,重啟 apache22
#/usr/local/etc/rc.d/apache22 restart
#nano /etc/my.cnf
query_cache_type = 1 (query-cache-type有三種值:0 (disable / off), 1 (enable / on) and 2 (on demand))
query_cache_size = 64M
#log-bin=mysql-bin
#binlog_format=mixed
#(不要肥大的 log 檔)
http://wangheng.org/clear-the-mysql-log-bin-log.html
http://www.dk101.com/Discuz/viewthread.php?tid=160181#.U_U_V7ySwvz
http://dev.mysql.com/doc/refman/5.0/en/log-file-maintenance.html
http://www.lemoda.net/mysql/move-db/index.html
http://www.cyberciti.biz/tips/enable-the-query-cache-in-mysql-to-improve-performance.html
重啟 mysql:
#/usr/local/etc/rc.d/mysql-server start
mysql-bin.000001、mysql- bin.000002等文件佔用了 /var/db/mysql/ 空間
執行 /usr/local/bin/mysql -u root -p
輸入密碼,在 mysql> 符號下輸入:
reset master;
另外一個肥大檔 /var/db/mysql/filename.err 利用指令清掉檔案中的內容:
cat /dev/null > /var/db/mysql/filename.err
# vi /usr/local/etc/apache22/httpd.conf
在AddType區段加入
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
加入隱藏伺服器版本的控制項:
ServerSignature Off
ServerTokens Prod
LimitRequestFieldSize 16380
LogLevel crit
將
DirectoryIndex index.html
改成
DirectoryIndex index.php index.html index.htm
存檔。
加速網頁:
啟用:
LoadModule deflate_module libexec/apache22/mod_deflate.so
並在最後加上這段:
<ifmodule mod_deflate.c>
DeflateCompressionLevel 6
#AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE js css svg
#Skip browsers with known problems
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</ifmodule>
重啟 apache22
參考 http://yblog.org/archive/index.php/5318
設定一開機啟動 Apache & MySQL
# vi /etc/rc.conf
加入這三行
apache22_enable="YES"
apache22_http_accept_enable="YES"
mysql_enable="YES"
存檔
重啟 apache22
在 /usr/local/www/apache22/data 裡新增一個檔案叫 phpinfo.php,內容如下
<?php phpinfo(); ?>
以瀏覽器測試該網頁。
安裝 mysql
#cd /usr/ports/databases/mysql55-server
#make WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_unicode_ci BUILD_OPTIMIZED=yes install clean
出現錯誤 mysql_install_db FATAL ERROR: Could not find ./bin/my_print_defaults
參考:http://blog.ijun.org/2011/02/mysqlinstalldb-fatal-error-could-not.html
// look for binary path.
# which mysql_install_db
/usr/local/bin/mysql_install_db
// look for binary path.
# which my_print_defaults
/usr/local/bin/my_print_defaults
// set basedir to /usr/local
# /usr/local/bin/mysql_install_db --basedir=/usr/local
/usr/local/bin/mysqladmin -u root password 'new-password'
/usr/local/bin/mysqladmin -u root -h f password 'new-password'
Alternatively you can run:
/usr/local/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr/local ; /usr/local/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/local/mysql-test ; perl mysql-test-run.pl
#/usr/local/bin/mysqladmin -u root password 'new-password'
#/usr/local/bin/mysqladmin -u root -h f password 'new-password'
列出所有安裝的 ports:
#pkg_version -v
解除安裝 mysql-server:
#pkg_delete mysql-server-5.5.33
重裝 mysql-server:
#cd /usr/ports/databases/mysql55-server
#make install clean
開啟 mysql-server:
#/usr/local/etc/rc.d/mysql-server start
設mysql-server 的 root 帳號的密碼:
#/usr/local/bin/mysqladmin -u root password 'your-password'
http://www.iceflatline.com/2011/11/how-to-install-apache-mysql-php-and-phpmyadmin-on-freebsd/
複製預設的設定檔,之後由 /etc/my.cnf 中去設定:
# cp /usr/local/share/mysql/my-huge.cnf /etc/my.cnf
測試登入一下 MySQL,有出現 mysql> 指令符號再輸入 exit 退出,可登入、退出表示正常,登入指令為:
# mysql -u root -p
以下參考段落引用自:
http://jerry2yang.wordpress.com/2013/02/08/freebsd-install-lamp-server/
===================================
1. 安裝 MySQL ~ 設定編碼為 unicode
===================================
# cd /usr/ports/databases/mysql50-server
# make WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_unicode_ci BUILD_OPTIMIZED=yes install clean
安裝好之後,我們要產生 MySQL 一開始所要用的 Database,預設會裝在 /var/db/mysql 裡 ( 若不想裝在預設的地方,安裝時下參數 –localstatedir=/path/to/your/location )
# rehash
# mysql_install_db
複製 MySQL 的系統設定檔到 /etc 下
# cp /usr/local/share/mysql/my-xxx.cnf /etc/my.cnf
設定 MySQL 資料庫權限,並且啟動它
# chown -R mysql:mysql /var/db/mysql
# echo “mysql_enable=yes” >> /etc/rc.conf
# /usr/local/etc/rc.d/mysql-server start
設定 MySQL Root 的密碼
# mysqladmin -u root password 新密碼
若是更新舊的版本,就稍微注意一下
Remember to run mysql_upgrade (with the optional –datadir=<dbdir> flag) the first time you start the MySQL server after an upgrade from an earlier version.
最後我們可以測試登入一下 MySQL,有出現以下畫面就 OK
# mysql -u root -p
Enter password: (請輸入密碼)
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.60-log FreeBSD port: mysql-server-5.1.60
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql>
===================================
2. 安裝 Apache
===================================
# cd /usr/ports/www/apache22
# make install clean
===================================
3. 安裝 PHP
===================================
# cd /usr/ports/lang/php5
# make config install clean
記得要勾選此選項喔,不然 Apache 會不認得 PHP
APACHE Build Apache module
再安裝 PHP Extensions
# cd /usr/ports/lang/php5-extensions
# make config install clean
建議加勾選 GD、MYSQL、MySQLI、MBSTRING、ZIP 和 ZLIB
===================================
4. 修改設定檔
===================================
首先設定 PHP 的設定檔,以後就是設定 php.ini 這檔
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
修改 Apache 的設定
# vi /usr/local/etc/apache22/httpd.conf
在最上面加入
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
找到
DirectoryIndex index.html
把它變成
DirectoryIndex index.php index.html index.htm
設定一開機啟動 Apache & MySQL
# vi /etc/rc.conf
加入這三行
apache22_enable="YES"
apache22_http_accept_enable="YES"
mysql_enable="YES"
在 /usr/local/www/apache22/data 裡新增一個檔案叫 index.php,內容如下
<?php phpinfo(); ?>
將整個 phpmyadmin 的目錄移到新的 freebsd 伺服器,然後修改 config.inc.php 檔案,將設定中的 ip 主機資料修改,參考如下:
/*
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
/* Added by user below */
$cfg['PmaAbsoluteUri'] = 'http://11.22.33.44/phpmyadmin/';
/* Added by user above */
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
/* Select mysql if your server does not have mysqli */
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
phpmyadmin 的安全設定:
於 httpd.conf 中加入一段限定只能一個class c 的網段 163.ip.ip.0/24 進來 phpmyadmin
<Directory "/usr/local/www/apache22/data/phpmyadmin">
Order deny,allow
Deny from all
Allow from 163.ip.ip.0/24
</Directory>
重啟 apache22
# cd /usr/ports/www/eaccelerator/
#make install clean
安裝完會有說明,說加入什麼字串於 php.ini 中
# vi /usr/local/etc/php.ini —> 加入下列此行到 php.ini 檔案中
zend_extension="/usr/local/lib/php/20100525/eaccelerator.so"
(上面這行不要照抄,版號日期可能不一樣,以裝完 port 顯示的為主)
接下來照安裝完的說明下三個指令:
# mkdir /tmp/eaccelerator
# chown www /tmp/eaccelerator
# chmod 0700 /tmp/eaccelerator
重啟 apache
# /usr/local/etc/rc.d/apache22 restart
#php -m
看模組有沒有載入。
或用 phpinfo.php 來看詳細的 eAccelerator 運作狀況。
#php -v
看 php 版本。
httpd-error.log 中有大量的 EACCELERATOR hit:"/usr/local/www/horde/imp/config/servers.php" 訊息,占空間,以下修正之:
# vi /usr/local/etc/php.ini —> 加入下列到 php.ini 檔案中
zend_extension="/usr/local/lib/php/20100525/eaccelerator.so"
eaccelerator.debug=0
重啟 apache ,以便減少 log 的大小。
加入段落:
# Apache
/var/log/httpd-access.log 644 7 * @T00 B /var/run/httpd.pid 30
/var/log/httpd-error.log 644 7 * @T00 B /var/run/httpd.pid 30
上面的格式解釋為:
logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
7 為 只保留 7 個紀錄檔。
@T00 是凌晨執行換紀錄檔
B 表示存為二進位檔案。可換為 JC ,意思是建立壓縮檔。
看更多的設定法:
man 5 newsyslog.conf
看設定是否ok:
#newsyslog -v
看到:
/var/log/httpd-access.log <7>: --> will trim at Fri Jan 17 00:00:00 2014
/var/log/httpd-error.log <7>: --> will trim at Fri Jan 17 00:00:00 2014
表示成功了。
寫完新文章,前台介面出現兩次錯誤訊息:
下列的發信位址錯誤: user-name@xxjh.xx.tw
下列的發信位址錯誤: user-name@xxjh.xx.tw
英文版的前台介面的錯誤訊息為:
The following from address failed:user-name@xxjh.xx.tw
The following from address failed:user-name@xxjh.xx.tw
找了原因,原來是 php 中的 openssl extension 並未成功啟動,是/usr/local/etc/php/extensions.ini 這個檔有一行寫錯,把 zlib 和 openssl 連在一起了。(應該是原來 ports 就有問題)
#nano /usr/local/etc/php/extensions.ini
用 ; 分號註解掉一行,然後加入正確的如下:
;extension=zlib.soextension=openssl.so
extension=openssl.so
extension=zlib.so
php -m|grep openssl
沒有錯誤訊息,直接顯示:
openssl
才是正確的。
重啟 apache22。
然後用 joomla 的 php 資訊看,或用 phpinfo.php 看,應該會有段落如:
OpenSSL support
OpenSSL Library Version
OpenSSL Header Version
enabled
OpenSSL 0.9.8y 5 Feb 2013
OpenSSL 0.9.8y 5 Feb 2013
才正常。
測試:發一篇新文章,看會不會寄信到信箱。不會出現錯誤訊息如:下列的發信位址錯誤: user-name@xxjh.xx.tw
# whereis vim
vim: /usr/ports/editors/vim
# cd /usr/ports/editors/vim
# make install clean
# rehash
解決方向鍵及 backspace 錯誤,並加上顏色 http://140.111.74.38/blog/post/2/273 :
#vi /root/.vimrc
set cindent
set hls
set nocompatible
set sw=2
set bs=2
syntax on
highlight Comment ctermfg=darkcyan
highlight Search term=reverse ctermbg=4 ctermfg=7
如果要讓新建立的使用者都能套用這一個設定,可以把檔案儲存成 dot.vimrc,並複製到 /usr/share/skel 目錄之下
# cp /root/.vimrc /usr/share/skel/dot.vimrc
cd /usr/ports/editors/nano
make install clean
ln -s /usr/local/bin/nano /usr/bin/nano
rehash
註: nano 有時候在長行的時候編輯會變斷行,因而產生錯誤…
可改用 vim
或改用windows 上 winscp 開啟 Notepad ++
重新設定 ip 時,必需再把下面三個文件再編輯一次,apache 才會正常啟動。
http://www.freebsdmadeeasy.com/tutorials/web-server/configure-apache-web-server-on-freebsd.php
EDIT 三個文件:/etc/rc.conf /usr/local/etc/apache22/httpd.conf /etc/hosts
/etc/rc.conf中的hostname
#nano /etc/rc.conf
hostname="f" //確認或設定hostname
/usr/local/etc/apache22/httpd.conf中的ServerName
#nano /usr/local/etc/apache22/httpd.conf
Servername f.xxx.edu.tw:80 //找到ServerName,並修改成自己的hostname+domain
/etc/hosts
#nano /etc/hosts
192.168.1.2 f f.xxx.edu.tw //增加一行:"Your IP" "hostname" "hostname+domain"
啟動apache22
#/usr/local/etc/rc.d/apache22 start
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.
apache 的網頁目錄在:
/usr/local/www/apache22/data/
修正無法使用delete鍵 (按 delete 會跑出~波浪符號)之問題:
#nano /root/.cshrc
在 bindkey 最後一行後面加上:
bindkey "\e[1~" beginning-of-line # Home
bindkey "\e[7~" beginning-of-line # Home rxvt
bindkey "\e[2~" overwrite-mode # Ins
bindkey "\e[3~" delete-char # Delete
bindkey "\e[4~" end-of-line # End
bindkey "\e[8~" end-of-line # End rxvt
存檔
下指令使其生效:
#source .cshrc
或
關機:
#shutdown -h now poweroff
重開。
參考:
http://www.onlinehowto.net/make-home-end-and-delete-keys-work-on-freebsd/647
舊資料:
http://note.tc.edu.tw/220.html
先透過 phpmyadmin 建立 joomla 帳號及資料庫。並讓 joomla 帳號能管理 joomla 的資料庫。
透過 phpmyadmin 匯入 joomla 資料庫。
將 html 檔匯到新伺服器 root 目錄下,解壓。
在管理本機安裝 notepad ++ ,於 winscp 程式中設定預設編輯程式為 notepad ++
透過 winscp 打開 joomla 目錄,編輯 configuration.php ,將 $log_path , $tmp_path 改成正確的位置 (freebsd 為 /usr/local/www/apache22/data/logs 及 /usr/local/www/apache22/data/tmp )。
改權限:
#cd /usr/local/www/apache22/data
#chown -R www:www *
#chown www:www .htaccess
PHP 設定,於網站後台中 > 系統資訊 > php 設定 中看,若與下面不一樣,則修改 /usr/local/etc/php.ini:
安全模式 關閉
開啟底層目錄 沒有
顯示錯誤 關閉
快速啟動標籤 開啟
檔案上傳 開啟
魔術引號 (Magic Quotes) 關閉
全局註冊 關閉
輸出緩衝 開啟
Session 儲存位置 /var/lib/php/session (此為 CentOS 設定,FreeBSD 可修改 /usr/local/etc/php.ini 中的一行,將行前的分號;刪除,改為: session.save_path = "/tmp" ,存檔重啟 apache22)
Session 自動開始 0
XML 開啟 是
Zlib 開啟 是
原生ZIP開啟 是
已關閉功能 沒有
Mbstring 啟動 是
Iconv 可利用 是
robot.txt 的設定:需不需要再擋其他目錄 (attachments?)
修改 AllowOverride 設定:
#nano /usr/local/etc/apache22/httpd.conf
修改 AllowOverride None 改為 AloowOverride All
重啟 apache22
修改備份 script
mysqldump --user=root -p mydb > /backup/mydb.sql
以上指令會使用 mysqldump 將 mydb 備份到 /backup/mydb.sql,在輸入指令後,需要輸入 MySQL 的 root 密碼。
要復原資料,只要一句指令便完成:
mysql --user=root -p mydb < /backup/mydb.sql
(使用"mysqldump"來復原,應為筆誤,改成上述指令才對)
mysql --user=root -p mydb < /backup/mydb.sql 時的錯誤訊息:
MySQL said: Documentation
#1050 - Table 'addons' already exists
解法:
進入 phpmyadmin 將 joomla db 清空 tables
joomla db 資料庫更改名字為 joomla1。
按左手邊的 joomla1 資料庫,然後按右上的「匯入」。
將 sql 檔 (或壓縮檔) 匯入,都照預設值 utf-8 即可。
再把 joomla1 改名字回來 joomla。
參考:
#vi /root/.cshrc
在 setenv 段落中加入:
setenv LC_CTYPE en_US.ISO8859-1
setenv LC_ALL zh_TW.UTF-8
setenv LANG zh_TW.UTF-8
#reboot
SSH 連線軟體 Putty 設定:
Change Settings > Translation > Character set translation on received data > 選UTF-8
winscp 連線設定(解決從 centos 放檔名是 utf-8 編碼的文件,用 winscp 上傳至 freebsd 檔名卻變亂碼的現象):
winscp login > 點 freebsd 連線 > edit > Environment > UTF-8 encoding for filenames > 選 On (不要選 Auto) > Save (save profile) > login again.
2014-05 更新:
由於 tar 的機制備份出來的 gz 檔,解開時中文有亂碼,查了一下解決方式,只能用 7zip 或 rar 的方式來備份。
安裝 p7zip:
cd /usr/ports/archive/p7zip
make install clean
安裝 rar:
cd /usr/ports/archive/rar
make install clean
cd /usr/ports/archive/unrar
make install clean
使用 rar : rar a -r filename.rar /source/directory
測試後發現兩個程式都不能保留 permission 的資料。但 7ZIP 的壓縮比比較好,所以選擇 7za 作為備份程式。
p7zip 只能作單檔的處理,經過測試其 7za 指令,如 http://www.freebsd.org/cgi/man.cgi?query=7z&manpath=FreeBSD+9.0-RELEASE+and+Ports&format=html 所說的:
Backup and limitations
DO NOT USE the 7-zip format for backup purpose on Linux/Unix because :
- 7-zip does not store the owner/group of the file.
On Linux/Unix, in order to backup directories you must use tar :
- to backup a directory : tar cf - directory | 7za a -si direc-
tory.tar.7z
- to restore your backup : 7za x -so directory.tar.7z | tar xf -
If you want to send files and directories (not the owner of file) to
others Unix/MacOS/Windows users, you can use the 7-zip format.
example : 7za a directory.7z directory
Do not use "-r" because this flag does not do what you think.
Do not use directory/* because of ".*" files (example : "directory/*"
does not match "directory/.profile")
tar cf - directory | 7za a -si direc-tory.tar.7z 並不能保留中文檔名。
利用 7za a filename.7z /source/directory
來作備份。
並改寫了定時備份程式。
7za a filename.7z /source/directory -xr!exclude-directory-name 排除特定檔案匣。
7za x filename.7z 這個指令是用來解壓縮的。
crontab -e
務必加入 LANG="zh_TW.UTF-8" 這一行,否則 cron 還是認不得中文,定時執行時還是產生中文檔名亂碼 (雖然手動執行script時候是正常無亂碼的)。以指令得知登入環境語言參數: echo $LANG
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
LANG="zh_TW.UTF-8"
1 5 * * * /root/rsync2mirror.sh
1 4 * * * /root/html-folder-backup
30 4 * * * /root/mysqlbackup
1 6 1 * * /root/monthly-delete.sh
重啟 crond: /etc/rc.d/cron restart
1. 設定 Rsync Daemon
為了讓 Server 端啟動 rsyncd ,請在 /etc/rc.conf 加入這行 :
rsyncd_enable="YES"
2. 請編輯 /usr/local/etc/rsyncd.conf ,更改裡面的設定,詳細參數使用可以 man rsyncd.conf 。
**** chown root:wheel rsyncd.passwd
**** chmod 600 rsyncd.passwd
以上面的範例,Server 端的設定如下:
######################################
pid file = /var/run/rsyncd.pid
#lock file = /var/run/rsync.lock
#log file = /var/log/rsyncd.log
uid = user-id
gid = user-group-id
use chroot = no
max connections = 4
[freebsd9-sync]
path = /home/user-name
#freebsd 下 /home/user-name 同 /usr/home/user-name
comment = sync html and mysql data in server f.nnjh.tn.edu.tw
#ignore errors
read only = no
#list = no
auth users = wyvern2000
secrets file = /root/rsyncd.passwd
#[anonmirror]
#path = /anon-mirror
#comment = Anonymous Mirror
#ignore errors
#read only = yes
#list = no
#[mirror1]
#path = /mirror1
#comment = Account login mirror1
#ignore errors
#read only = yes
#list = no
#auth users = joehorn
#secrets file = /usr/local/etc/rsync.passwd
#[mirror2]
#path = /mirror2
#comment = Account login mirror2
#ignore errors
#read only = yes
#list = no
#auth users = joehorn, leobbs
#secrets file = /usr/local/etc/rsync.passwd
##################################
###backup config### //註解
[web] //module name
comment = backup dmz web //說明
path = /home/backup/web //存放備份資料的目錄
auth users = weithenn //認證帳號 (也就是之後要設定於 rsyncd.secrets 內的帳號)
uid = nobody //以 uid nobody 來啟動 rsync server (所以 /home/backup/web 的 owner 要設為 nobody)
gid = nogroup //以 gid nogroup 來啟動 rsync server (所以 /home/backup/web 的 group 要設為 nogroup)
secrets file = /usr/local/etc/rsyncd.secrets //密碼檔存放路徑
read only = no //是否設定為唯讀
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz //不要對這些附檔名的檔案做壓縮
3. 接下來建立帳號密碼檔。 若依照上方之設定,則是必須建立 /root/rsync.passwd 這個檔案,檔案內容如下 (密碼可以另設跟command line登入的密碼不一樣的,因為rsyncd只會檢查 /root/rsync.passwd 的密碼設定。client端的rsync.secrets則要跟server端的rsync.passwd帳密要吻合):
user-name:passwd
rsyncd 為了保護您資料的安全,避免洩漏,將會強制要求您將帳號密碼檔的讀寫權限設定為 640 或 600 。 根據範例,將是使用以下指令:
# chmod 600 /root/rsync.passwd
4. 啟動 Rsync Daemon
於 Server 端啟動 rsyncd ,請使用以下指令:
# /usr/local/etc/rc.d/rsyncd.sh start
service resyncd start
編寫 /usr/local/etc/rsyncd.conf 前需先知道備份目標的目錄所屬的 uid 及 gid 。若不知 uid 及 gid,可輸入:
id username
id -u username
id -g username
id -G username
可知道 username 所屬的 uid 及 gid。
因為我們用 client 端的 username 去 rsync,因此sync過去 server 端,server 端也必需要有此 user 的帳號及他有權限讀寫的資料匣。 sync 過去的檔案,權限也會保持 user 的 uid 及 gid ,要注意回復檔案至 html 或 mysql 的 data 時,以chown更改檔案的 uid 及 gid 。
安裝
#cd /usr/ports/net/rsync
#make install clean
version 為 3.0.9_3
server 為 centos,設定:
S1:確認 rsync 是否安裝:yum info rsync
S2:設定防火牆 開啟 22(ssh), 873(rsync) ports
修改 /etc/sysconfig/iptables
-A Firewall-rules -m state --state NEW -s 140.113.1.1 -m tcp -p tcp --dport 22 -j ACCEPT
-A Firewall-rules -m state --state NEW -s 140.113.1.1 -m tcp -p tcp --dport 873 -j ACCEPT
要把上面的 140.113.1.1 改成你 client 的 IP
重新啟動 FW
/etc/init.d/iptables restart
檢查規則
/sbin/iptables -L -n
另外啟 /etc/sysconfig/ip6tables 編輯。
重新啟動fw
#service ip6tables restart
S3:設定(新增) /etc/rsyncd.conf
這個檔案預設是不存在的,你可能要新增他。
[server1] ; 目的主機代號
path = /home/username/backup ; 要備份的路徑
auth users = username ; 驗證的帳號,密碼在另一個檔案
secrets file = /etc/rsyncd.secrets ; 密碼檔
read only = no ; 非唯讀模式複製
uid=0 ; 0=root
gid=0 ; 0=root
S4:設定(新增) /etc/rsyncd.secrets (這個的檔名,當然是跟著前一個設定檔)
username:onespasswd ;帳號:密碼,以明文方式儲存
S5:把密碼檔設成 -rw------- 600 模式
#chmod 600 /etc/rsyncd.secrets
#chown root:root /etc/rsyncd.secrets
S6:修改 /etc/xinetd.d/rsync
檢視 disable 設定,disable = no 代表要啟動 rsync,反之disable = yes 表示不用 rsync
重啟 rsync 服務
#service xinetd restart
接下來從 freebsd rsync 到 centos 伺服器上,並設定每日 cron job 進行:
參考 http://blog.weithenn.org/2009/05/freebsdrsync.html
指令為 #/usr/local/bin/rsync -avzP --delete --password-file=/any-folder/rsyncd.secrets /source-folder-name username@YOUR.IP.ADDRESS::rsync-module
確認成功後,設定 crontab:
#vi /root/rsync2centos.sh //建立同步 Web 資料的 script 內容如下
#!/bin/sh
/usr/local/bin/rsync -avzP --delete --password-file=/any-folder/rsyncd.secrets /source-folder-name username@YOUR.IP.ADDRESS::rsync-module
#chmod +x rsync2centos.sh
編輯排程,設定排程每天晚上 12 點執行 rsync2centos.sh 的 script 內容 (也就是每天自動同步 Web 資料回來)
#crontab -e
0 0 * * * /home/weithenn/rsyncweb.sh
#crontab -l
觀看 crontab 其檔案會放在 /var/cron/tabs/ 下,並以 username 命檔案名。
crontab -e 的時候,delete 字元後,應該按 esc 鍵,然後再按 i 鍵來插入文字(每刪一次就要作一次 ecs 加 i)。
====
rsync 指令排除多檔案:
rsync -avrzHPS --delete --password-file=rsyncd.secrets --exclude-from '/folder/exclude.txt' --delete-excluded SROURCE destination
--exclude-from '/folder/exclude.txt' 訂定排除清單檔案。
--delete-excluded 刪除目的地被排除的檔案。
exclude.txt 的內容:
一行一個條件,可用 * 和相對路徑,不可以用絕對路徑。如下:
.gvfs
mcse/projects/Rails/podcast3/trunk/log/development.log
將 freebsd 的 vdi 磁碟備份,到另一台 virtualbox 掛載該 vdi 磁碟。
重設該備援 host 名稱 (參考下面 edit 三個文件,設與正式機器不同的主機名稱)。
啟動備援 host 的 apache 及 mysql-server 看能否順利啟動。
將 freebsd 正式機器以 rsync script 同步到備援機器。
在備援機器下執行下面的同步程式 (參考下面)。
正式機器有問題時的 SOP:
正式機器關機
將備援機器的 ip 更改為原正式機器的 ip,host 名稱更改為原正式機器的名稱 (參考下面重新 edit 三個文件,改成原本正式的主機名稱及 ip 對應),重新開機。
將備援機器的 apache22 啟動。
將備援機器的 mysql-server 重新啟動。(以免讀到 cache 的東西)
在備援機器上看網站是否有問題。
等正式機器排除問題,再回復所有設定。
EDIT 三個文件:/etc/rc.conf /usr/local/etc/apache22/httpd.conf /etc/hosts
/etc/rc.conf中的hostname 和 ip
#nano /etc/rc.conf
hostname="f" //確認或設定hostname
修改 ipv4 及 ipv6
/usr/local/etc/apache22/httpd.conf中的ServerName
#nano /usr/local/etc/apache22/httpd.conf
Servername f.xxx.edu.tw:80 //找到ServerName,並修改成自己的hostname+domain
/etc/hosts
#nano /etc/hosts
192.168.1.2 f f.xxx.edu.tw //增加一行:"Your IP" "hostname" "hostname+domain"
啟動apache22
#/usr/local/etc/rc.d/apache22 start
rsync server 端的同步程式 (/root/restore.sh):
#!/bin/sh
#同步 client 所 rsync 過來的檔案。
#/var/db/mysql/hostname.* 因為每一台都不一樣,所以必須以下面方式處理。
mv /var/db/mysql/hostname.* /var/db/.
/usr/local/bin/rsync -avzP --delete /home/wyvern2000/data/ /usr/local/www/apache22/data/.
/usr/local/bin/rsync -avzP --delete /home/wyvern2000/mysql/ /var/db/mysql/.
mv /var/db/hostname.* /var/db/mysql/.
chown root:wheel /usr/local/www/apache22/data
chown -R www:www /usr/local/www/apache22/data/*
chown -R mysql:mysql /var/db/mysql
/usr/local/etc/rc.d/apache22 stop
#關掉 apache 以免 google 來作 index,或暴露 httpd 的風險。等要服務時再手動啟用 apache22。
設定兩台的 crontab:
每小時的 5, 15, 25, 35, 45, 55 分,正式機器作 /root/rsync2backup.sh
每小時的 10, 20, 30, 40, 50, 0 分,備援機器作 /root/restore.sh
如此備援機器就能保有正式機器的10分鐘前的資料同步。
nano /etc/rc.conf
加入
#firewall
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
ipv6_network_interfaces="em0"
存檔
規則 (FreeBSD ipfw Firewall 比對的規則就是先符合的就Y,後來就不會再進行比對了!):
CMD RULE_NUMBER ACTION LOGGING SELECTION STATEFUL
action: allow accept pass permit
action: check-state
action: deny drop
selection 1: udp tcp icmp all (必選一)
selection 2: from src to dst (必寫)
(src/dst= any or me)
selection 3: port number (必寫)
selection 4: in out (必選一)
selection 5: via $IF (選用 optional)
selection 6: setup (選用 optional)
selection 7: keep-state (選用 optional)
nano /etc/ipfw.rules
內容如下:
# server
cmd="ipfw -q add"
ks="keep-state"
ipfw -q -f flush
#loopback
$cmd 10 allow all from any to any via lo0
$cmd 20 deny all from any to 127.0.0.0/8
$cmd 30 deny all from 127.0.0.0/8 to any
$cmd 40 deny tcp from any to any frag
## IPv6 stuff
$cmd 41 deny ip6 from any to ::1
$cmd 42 deny ip6 from ::1 to any
# stateful
$cmd 50 check-state
$cmd 60 allow tcp from any to any established
$cmd 70 allow all from any to any out keep-state
#$cmd 75 allow all from any to me in keep-state
# PING
$cmd 80 allow icmp from any to any
## IPv6 stuff: PING
#$cmd 81 allow ipv6-icmp from :: to ff02::/16
#$cmd 82 allow ipv6-icmp from fe80::/10 to fe80::/10
#$cmd 83 allow ipv6-icmp from fe80::/10 to ff02::/16
$cmd 84 allow ipv6-icmp from any to any
# services
#ftp
#$cmd 110 allow tcp from any to any 21 in
#$cmd 120 allow tcp from any to any 21 out
#ssh
$cmd 130 allow tcp from any to any 22 in
$cmd 140 allow tcp from any to any 22 out
#smtp
#$cmd 150 allow tcp from any to any 25 in
#$cmd 160 allow tcp from any to any 25 out
#dns
$cmd 170 allow udp from any to any 53 in keep-state
$cmd 175 allow tcp from any to any 53 in keep-state
$cmd 180 allow udp from any to any 53 out keep-state
$cmd 185 allow tcp from any to any 53 out keep-state
#http 以下四行意思是先堵特定ip再放行
$cmd 190 drop tcp from 163.xx.xx.xx/32 to any 80 in
$cmd 191 drop tcp from 163.xx.xx.xx/32 to any 80 out
$cmd 200 allow tcp from any to any 80 in keep-state
$cmd 210 allow tcp from any to any 80 out keep-state
#pop3
#$cmd 220 allow tcp from any to any 110 in
#$cmd 230 allow tcp from any to any 110 out
#ntp
#$cmd 240 allow udp from any to any 123 in
#$cmd 250 allow udp from any to any 123 out
#https
#$cmd 260 allow tcp from any to any 443 in
#$cmd 270 allow tcp from any to any 443 out
#snmp udp
$cmd 220 allow udp from any to any 161 in
$cmd 230 allow udp from any to any 161 out
#rsync
$cmd 240 allow tcp from any to any 873 in
$cmd 250 allow tcp from any to any 873 out
存檔。
執行 sh /etc/ipfw.rules
每次更新規則即執行上面的 script
#ipfw list
列出目前生效規則。
00010 allow ip from any to any via lo0
00020 deny ip from any to 127.0.0.0/8
00030 deny ip from 127.0.0.0/8 to any
00040 deny tcp from any to any frag
00041 deny ip6 from any to ::1
00042 deny ip6 from ::1 to any
00050 check-state
00060 allow tcp from any to any established
00070 allow ip from any to any out keep-state
00080 allow icmp from any to any
00084 allow ipv6-icmp from any to any
00130 allow tcp from any to any dst-port 22 in
00140 allow tcp from any to any dst-port 22 out
00170 allow udp from any to any dst-port 53 in keep-state
00175 allow tcp from any to any dst-port 53 in keep-state
00180 allow udp from any to any dst-port 53 out keep-state
00185 allow tcp from any to any dst-port 53 out keep-state
00200 allow tcp from any to any dst-port 80 in keep-state
00210 allow tcp from any to any dst-port 80 out keep-state
00220 allow udp from any to any dst-port 161 in
00230 allow udp from any to any dst-port 161 out
00240 allow tcp from any to any dst-port 873 in
00250 allow tcp from any to any dst-port 873 out
65535 deny ip from any to any
#ipfw show
秀現在進行的規則。The first column is indeed the rule number. The second column, however, is simply the amount of packets matched (in and out). Furthermore, the third column is a byte counter, not a packet counter. The fourth column is indeed the rule itself. (link)
00010 144 13572 allow ip from any to any via lo0
00020 0 0 deny ip from any to 127.0.0.0/8
00030 0 0 deny ip from 127.0.0.0/8 to any
00040 0 0 deny tcp from any to any frag
00041 0 0 deny ip6 from any to ::1
00042 0 0 deny ip6 from ::1 to any
00050 0 0 check-state
00060 153 35156 allow tcp from any to any established
00070 394 35080 allow ip from any to any out keep-state
00080 1 84 allow icmp from any to any
00084 46 3528 allow ipv6-icmp from any to any
00130 2 104 allow tcp from any to any dst-port 22 in
00140 0 0 allow tcp from any to any dst-port 22 out
00170 0 0 allow udp from any to any dst-port 53 in keep-state
00175 0 0 allow tcp from any to any dst-port 53 in keep-state
00180 0 0 allow udp from any to any dst-port 53 out keep-state
00185 0 0 allow tcp from any to any dst-port 53 out keep-state
00200 401 192726 allow tcp from any to any dst-port 80 in keep-state
00210 0 0 allow tcp from any to any dst-port 80 out keep-state
00220 57 4548 allow udp from any to any dst-port 161 in
00230 0 0 allow udp from any to any dst-port 161 out
00240 0 0 allow tcp from any to any dst-port 873 in
00250 0 0 allow tcp from any to any dst-port 873 out
65535 364 247809 deny ip from any to any
firewall 的開與關:
#/etc/rc.d/ipfw stop
#/etc/rc.d/ipfw start
#/etc/rc.d/ipfw restart
或:
#ipfw disable firewall
#ipfw enable firewall
編輯 /etc/resolve.conf
將 ipv4 的 dns server 資料移到 ipv6 前面,以避免開 firewall 時 ssh 登入過慢 (20秒左右的等待輸入密碼的時間) 的狀況發生。
另外,剛啟用 ipfw 時,不論是連 ssh 或 http 80 port,連線速度會較慢 (20秒左右的等待load網頁資料),因為 keep-state 的關係,之後連線速度會回復正常。
http://www.freebsd.org/doc/zh_TW/books/handbook/firewalls-ipfw.html (官方說明)
http://knowledgelayer.softlayer.com/procedure/set-simple-freebsd-firewall-using-ipfw (簡易規則)
http://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/ (在不使用 NAT 的狀況下,是不需要重新編 kernel 的)
http://www.kazame.net/2011/06/enabling-ipv6-and-configuring-ipfw-to-play-nice/ (http 和 icmp 在 ipv6 下的正常運行的設定,但要注意 /etc/rc.conf 中 ipv6_enable="YES" 這個設定己經在 freebsd 9 版是過時的了,不用加此設定)
2014-01-10 更新為更嚴格的規則,只開放特定網段或 ip 來連接:
# server
cmd="ipfw -q add"
ks="keep-state"
ipfw -q -f flush
#loopback
$cmd 10 allow all from any to any via lo0
$cmd 20 deny all from any to 127.0.0.0/8
$cmd 30 deny all from 127.0.0.0/8 to any
$cmd 40 deny tcp from any to any frag
## IPv6 stuff
$cmd 41 deny ip6 from any to ::1
$cmd 42 deny ip6 from ::1 to any
# stateful
$cmd 50 check-state
$cmd 60 allow tcp from any to any established
$cmd 70 allow all from any to any out keep-state
#$cmd 75 allow all from any to me in keep-state
# PING
$cmd 80 allow icmp from any to any
## IPv6 stuff: PING
#$cmd 81 allow ipv6-icmp from :: to ff02::/16
#$cmd 82 allow ipv6-icmp from fe80::/10 to fe80::/10
#$cmd 83 allow ipv6-icmp from fe80::/10 to ff02::/16
$cmd 84 allow ipv6-icmp from any to any
# services
#ftp
#$cmd 110 allow tcp from any to any 21 in
#$cmd 120 allow tcp from any to any 21 out
#ssh
$cmd 130 allow tcp from 163.xx.xx.0/24 to any 22 in
$cmd 131 allow tcp from 163.xx.xx.0/24 to any 22 out
$cmd 140 allow tcp from home-ip/32 to me 22 in
$cmd 141 allow tcp from home-ip/32 to me 22 out
#smtp
#$cmd 150 allow tcp from any to any 25 in
#$cmd 160 allow tcp from any to any 25 out
#dns
$cmd 170 allow udp from any to any 53 in keep-state
$cmd 175 allow tcp from any to any 53 in keep-state
$cmd 180 allow udp from any to any 53 out keep-state
$cmd 185 allow tcp from any to any 53 out keep-state
#http
$cmd 190 drop tcp from ip/32 to any 80 in
$cmd 191 drop tcp from ip/32 to any 80 out
$cmd 200 allow tcp from any to any 80 in keep-state
$cmd 210 allow tcp from any to any 80 out keep-state
#pop3
#$cmd 220 allow tcp from any to any 110 in
#$cmd 230 allow tcp from any to any 110 out
#ntp
#$cmd 240 allow udp from any to any 123 in
#$cmd 250 allow udp from any to any 123 out
#https
#$cmd 260 allow tcp from any to any 443 in
#$cmd 270 allow tcp from any to any 443 out
#snmp udp
$cmd 220 allow udp from 163.xx.xx.0/24 to any 161 in
$cmd 230 allow udp from 163.xx.xx.0/24 to any 161 out
#rsync
$cmd 240 allow tcp from 163.xx.xx.0/24 to any 873 in
$cmd 241 allow tcp from 163.xx.xx.0/24 to any 873 out
$cmd 250 allow tcp from home-ip/32 to any 873 in
$cmd 251 allow tcp from home-ip/32 to any 873 out
quote from
http://tomlee.co/2012/10/installing-freebsd-9-0-on-virtualbox/
All you need to do is shut the VM down & open up its settings. Change your System → Motherboard chipset from PIIX3 to ICH9, then start it back up again with the DVD ISO hooked up to your virtual DVD drive as you normally would. The install process should be pretty straightforward from there.
This suggestion was hidden away in this forum post, but they also suggest changing your IDE Controller type. This was problematic for me & led to an error (“mounting from cd9660 failed with error 19″) while trying to mount the installation media. Instead, I booted with my IDE Controller type set to PIIX4 (I think this is the default) & everything worked great.
freebsd 關機,於 virtualbox 的虛擬主機設定中,將主機版晶片改選 ICH9 , IDE 控制器改選 ICH6。 IO APIC 依舊維持預設值勾選。
CACTI advanced ping 模組對於 freebsd 9 的 80 port 會發出大量封包。取消,不要用這個功能。
freebsd 目前己設定擋 cacti 伺服器的 80 封包。
https://forums.freebsd.org/viewtopic.php?&t=10105 指出,cron 找不到 mysqldump 的位置,所以出錯,在 script 中及 crontab -e 中都要加入執行的路徑。
備份 script 示範如下,會在 /root/ 下面每天定期產出含日期為檔名的 gz 壓縮備份檔,解開就有 sql 檔在裏面,此 script 權限可設 chmod 700。
#!/bin/sh
#修改資料庫連線的設定值
myHost="localhost"
myUser="root"
myPass="password"
myDB="db"
#修改備份檔儲存位置與檔名
backup_path="/root/"
#檔名加上日期 20130114 以避免蓋掉前一天的
date=$(date +"%Y%m%d")
sql_file=$backup_path"backupDB."$date".sql"
echo "mysqldump..."
/usr/local/bin/mysqldump -h $myHost -u $myUser -p$myPass $myDB > $sql_file
echo $sql_file
echo "gzip..."
gzip -f $sql_file
注意:
script 以 #!/bin/sh 開頭
mysqldump 應給予完整路徑 /usr/loca/bin/mysqldump
下指令 crontab -e 後,將以下兩行加在文件的最前面:
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
新增並編輯 /etc/periodic/daily/190.ntpdate 檔,內容如下:
#!/bin/sh
echo
echo '主機校時:'
/usr/sbin/ntpdate tick.stdtime.gov.tw
chmod +x /etc/periodic/daily/190.ntpdate
http://freebsd.lab.mlc.edu.tw/faq/ntpdate.shtml
https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html
http://blog.wu-boy.com/2009/02/freebsd-%E5%88%A9%E7%94%A8-portmaster-%E5%8D%87%E7%B4%9A-php-526-528/
http://www.openfoundry.org/tech-column/8344
uname -rs (查看系統版本)
freebsd-update fetch (抓取安全性更新)
freebsd-update install (安裝更新程式)
reboot (重新開機)
uname -rs (查看系統版本是否為新版)
freebsd-update fetch (可再抓取安全性更新,確定 no updates needed )
解決 /boot/kernel/linker.hints 一直出現在 freebsd-update fetch 的訊息中,而重新 freebsd-update install 後也一直出現 /boot/kernel/linker.hints 待安裝的問題。
I had the same problem. This is what I did and it works.
Add this to [FILE]/etc/rc.conf[/FILE]:
CODE: SELECT ALL
kldxref_enable="YES"
kldxref_clobber="YES"
Also add this to [FILE]/etc/freebsd-update.conf[/FILE]:
CODE: SELECT ALL
IgnorePaths /boot/kernel/linker.hints
According to this thread http://forums.freebsd.org/showthread.php?t=1362 you should also enter in [FILE]/etc/rc.conf[/FILE]:
CODE: SELECT ALL
kldxref_module_path="/boot/kernel/;/boot/GENERIC"
and also include the same paths under the [FILE]IgnorePaths[/FILE] in [FILE]/etc/freebsd-update.conf[/FILE].
I haven't done that [del]cos[/del] because I was afraid it would stop future kernel updates. I am not sure that my little changes are necessary. I would be interested to see how other users have sorted this.
blazingice
Junior Member
Posts: 71
Joined: 03 Apr 2013, 11:42
Top
Postby recluce » 16 May 2013, 01:14
Thank you! The first two edits apparently are sufficient to resolve the problem for me.
/etc/rc.conf 加上兩行:
kldxref_enable="YES"
kldxref_clobber="YES"
/etc/freebsd-update.conf
加上一行:
IgnorePaths /boot/kernel/linker.hints
重新開機。
網站檔及資料庫檔,每天定期備份,被壓縮成 gz 檔備份在 /root/ 下。
欲開一個檔案匣 /root/monthly-backup/ 在每月1日時,將 /root/ 下的備份 (網站檔及資料庫檔) 放進去,只留每月15日的備份檔,還有16日以後的近期檔案。其他過久的備份檔則刪除,script 如下:
#!/bin/sh
source="/root/"
target="monthly-backup"
lastmonth=$(date +"%Y%m")
lastmonth=$((lastmonth-1))
cd $source
cd $target
rm -rf htmlFolder.*.gz
rm -rf joomlaDB.*.sql.gz
cd $source
mv *.gz $target
cd $target
mv "htmlFolder."$lastmonth"15.gz" "backup-htmlFolder."$lastmonth"15.gz"
mv "joomlaDB."$lastmonth"15.sql.gz" "backup-joomlaDB."$lastmonth"15.sql.gz"
rm -rf htmlFolder.*01.gz
rm -rf htmlFolder.*02.gz
rm -rf htmlFolder.*03.gz
rm -rf htmlFolder.*04.gz
rm -rf htmlFolder.*05.gz
rm -rf htmlFolder.*06.gz
rm -rf htmlFolder.*07.gz
rm -rf htmlFolder.*08.gz
rm -rf htmlFolder.*09.gz
rm -rf htmlFolder.*10.gz
rm -rf htmlFolder.*11.gz
rm -rf htmlFolder.*12.gz
rm -rf htmlFolder.*13.gz
rm -rf htmlFolder.*14.gz
rm -rf htmlFolder.*15.gz
rm -rf joomlaDB.*01.sql.gz
rm -rf joomlaDB.*02.sql.gz
rm -rf joomlaDB.*03.sql.gz
rm -rf joomlaDB.*04.sql.gz
rm -rf joomlaDB.*05.sql.gz
rm -rf joomlaDB.*06.sql.gz
rm -rf joomlaDB.*07.sql.gz
rm -rf joomlaDB.*08.sql.gz
rm -rf joomlaDB.*09.sql.gz
rm -rf joomlaDB.*10.sql.gz
rm -rf joomlaDB.*11.sql.gz
rm -rf joomlaDB.*12.sql.gz
rm -rf joomlaDB.*13.sql.gz
rm -rf joomlaDB.*14.sql.gz
rm -rf joomlaDB.*15.sql.gz
#!/bin/sh
source="/root/"
target="monthly-backup"
lastmonth=$(date +"%Y%m")
lastmonth=$((lastmonth-1))
cd $source
cd $target
rm -rf htmlFolder.*.7z
rm -rf joomlaDB.*.sql.gz
cd $source
mv *.7z $target
mv *.gz $target
cd $target
mv "htmlFolder."$lastmonth"15.7z" "backup-htmlFolder."$lastmonth"15.7z"
mv "joomlaDB."$lastmonth"15.sql.gz" "backup-joomlaDB."$lastmonth"15.sql.gz"
rm -rf htmlFolder.*01.7z
rm -rf htmlFolder.*02.7z
rm -rf htmlFolder.*03.7z
rm -rf htmlFolder.*04.7z
rm -rf htmlFolder.*05.7z
rm -rf htmlFolder.*06.7z
rm -rf htmlFolder.*07.7z
rm -rf htmlFolder.*08.7z
rm -rf htmlFolder.*09.7z
rm -rf htmlFolder.*10.7z
rm -rf htmlFolder.*11.7z
rm -rf htmlFolder.*12.7z
rm -rf htmlFolder.*13.7z
rm -rf htmlFolder.*14.7z
rm -rf htmlFolder.*15.7z
rm -rf joomlaDB.*01.sql.gz
rm -rf joomlaDB.*02.sql.gz
rm -rf joomlaDB.*03.sql.gz
rm -rf joomlaDB.*04.sql.gz
rm -rf joomlaDB.*05.sql.gz
rm -rf joomlaDB.*06.sql.gz
rm -rf joomlaDB.*07.sql.gz
rm -rf joomlaDB.*08.sql.gz
rm -rf joomlaDB.*09.sql.gz
rm -rf joomlaDB.*10.sql.gz
rm -rf joomlaDB.*11.sql.gz
rm -rf joomlaDB.*12.sql.gz
rm -rf joomlaDB.*13.sql.gz
rm -rf joomlaDB.*14.sql.gz
rm -rf joomlaDB.*15.sql.gz
設定每月1日執行這個 shell script 即可。
上面批次刪檔的語法可以改用有迴圈的 shell script 寫:
#!/bin/sh
#i=後面為啟始值。
#-le 後面接欲終止值。一定要比 i 啟始值大。
#expr $i + 後面數值則為累加值。
#pre補前置數字0
i=1
pre=0
h=htmlFolder.201404
tail=.gz
#
while [ $i -le 9 ]
do
#touch $h$pre$i$tail
rm -rf $h$pre$i$tail
i=`expr $i + 1`
done
#
i=10
while [ $i -le 15 ]
do
#touch $h$i$tail
rm -rf $h$i$tail
i=`expr $i + 1`
done
#
echo " .... ok!"
freebsd 缺陷1:
將 /etc/sysctl.conf 加入一行:net.ipv4.tcp_timestamps = 0
存檔跳出。
service sysctl restart
freebsd 缺陷2 (http://httpd.apache.org/docs/current/en/mod/core.html#traceenable):
nano /usr/local/etc/apache22/httpd.conf
加上最後一行:TraceEnable off
/usr/local/etc/rc.d/apache22 restart
參考: http://www.vmadmin.co.uk/linux/44-redhat/218-linuxhttptracktrace
Plugin Name: HTTP TRACE / TRACK Methods Allowed
To turn off track and trace methods globally on the server add the following line:
vim /etc/httpd/conf/httpd.conf
TraceEnable Off
To turn off track and trace methods for individual virtual hosts add the follwowing to the vhost config:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Check the apache config:
/usr/sbin/apachectl -t
Syntax OK
按 enter 進single user mode之後,就輸入下列指令,
#fsck -y
#mount -a
#shutdown -r now
重開後就OK了!
執行安全性更新 freebsd-update 。
檢查是否有備份到遠端機器 (log)。
檢查 /root/monthly-backup 是否過大需要刪除清理檔案。
檢查附件檔 attachments 檔案匣中的大小:圖檔壓縮、pdf 檔壓縮……處理完再放回伺服器原位。
檢查重要公告是否過期忘記拿下,幫忙拿下。
檢查發文的連結是否正常、個資資料是否隱藏。
試過移除mysql-server再重新安裝,無效。放棄原虛擬機系統。改用另一個vdi來作系統,再把sql檔和文件照片檔輸入新系統。
copy正常的vm中的vdi至virtual box主機上。放一份在home中。
創立新vm,先不加入硬碟vdi,將vbox的此vm環境cpu、ram等設成與原系統相同。試開機看看。(可開機,但無系統)
接下來把home的vdi檔copy至vm的檔案匣中。在vbox的vm設定裏,將硬碟設定進來,設定為開機碟。
接下來下指令,把vdi的硬碟編號重新設定。VBoxManage internalcommands sethduuid target.vdi
將vm開機,確定正常開機。
利用phpmyadmin介面將sql檔導入。(參考上面,需清空truncate資料、資料庫改名、匯入sql的壓縮資料、資料庫改名回來等步驟,部分table無法清空,可不理它。sql匯入時,等大約3分鐘…看起來像當機,別擔心)
曾經試過,用ftp或上傳程式無法完整復原apache中的文檔、照片檔,用以下方法復原最保險。
copy apache22的文檔備份(7z檔)至vm中的/root下。
將上面7z檔解壓縮至/root下。
將解完壓縮的整個檔案匣,以cp -R /source/. /target/. 指令拷貝至apache的data(target)中。
測試網站,ok。(在改ip前,網站的運作會有點慢。joomla可先設定網站關閉中,以禁止人員進入。)
用crontab -e修改備份機制。(壞掉的vm和新vm都要考量,並重新設定)
關掉壞的vm。
更改兩台的ip。(請參考上面)。
ipv6的網站運作剛開始會不正常,大約半小時後會正常運作。
應保留正常的vm的快照-->考慮定期備份vdi檔(但檔案實在很大)。
http://blog.cuicc.com/blog/2015/10/12/mysql-can-not-startup-after-loss-power/
分析mysql启动失败的原因,只能从log入手了,打开log发现最后的日志是
mysql.log
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
根据log查看了下,mysqld.sock是存在。google了下这个error,根据一些文档试了下,发现根本没有什么作用,也就是说这可能不是出错的原因。只好继续向前翻log,发现每次试图启动mysql时,都有大量如下日志,我怀疑是因为突然掉电,导致有些log没有写入系统,所以出现了序列号不一致情况。
mysql.log
...
InnoDB: Error: page 570 log sequence number 7289495
InnoDB: is in the future! Current system log sequence number 5574939.
InnoDB: Your database may be corrupt or you may have copied the InnoDB
InnoDB: tablespace but not the InnoDB log files. See
InnoDB: http://dev.mysql.com/doc/refman/5.5/en/forcing-innodb-recovery.html
InnoDB: for more information.
再次google这个error,发现了这样的一篇博文MySQL log is in the future!,这篇博文的方法简单易懂,但是首要问题是我的mysql无法启动,无法启动就不能备份数据。同时也看了下log中提到的Forcing InnoDB Recovery。
Forcing InnoDB Recovery提供了6个等级的修复模式,需要注意的是值大于3的时候,会对数据文件造成永久的破坏,不可恢复。六个等级的介绍摘抄如下:
Forcing InnoDB Recovery
1 (SRV_FORCE_IGNORE_CORRUPT)
Lets the server run even if it detects a corrupt page. Tries to make SELECT * FROM tbl_name jump over corrupt index records and pages, which helps in dumping tables.
2 (SRV_FORCE_NO_BACKGROUND)
Prevents the master thread and any purge threads from running. If a crash would occur during the purge operation, this recovery value prevents it.
3 (SRV_FORCE_NO_TRX_UNDO)
Does not run transaction rollbacks after crash recovery.
4 (SRV_FORCE_NO_IBUF_MERGE)
Prevents insert buffer merge operations. If they would cause a crash, does not do them. Does not calculate table statistics. This value can permanently corrupt data files. After using this value, be prepared to drop and recreate all secondary indexes.
5 (SRV_FORCE_NO_UNDO_LOG_SCAN)
Does not look at undo logs when starting the database: InnoDB treats even incomplete transactions as committed. This value can permanently corrupt data files.
6 (SRV_FORCE_NO_LOG_REDO)
Does not do the redo log roll-forward in connection with recovery. This value can permanently corrupt data files. Leaves database pages in an obsolete state, which in turn may introduce more corruption into B-trees and other database structures.
使用方法如下,在mysql配置文件中,添加或修改以下配置的值
my.cnf
[mysqld]
innodb_force_recovery = 1
根据查到的博文提到的方法,我的修复步骤如下:
因为我无法启动mysql,所以首先要想办法启动mysql,然后dump数据。从innodb_force_recovery的值1开始尝试,看mysql能否在该修复模式下启动,不到万不得已,不要尝试值为4及以上。
在我这里,mysql在值为2时可以启动,这是stop掉数据库,然后备份数据
sudo service mysql stop
mysqldump -u root -p --all-databases > all-databases.sql
删除掉出错的数据文件
mv ib_logfile0 ib_logfile0.bak
mv ib_logfile1 ib_logfile1.bak
mv ibdata1 ibdata1.bak
启动mysql,然后从备份文件恢复数据
sudo service mysql start
mysql -u root -p < all-databases.sql
因为在修复模式下,在插入数据时报错,也就是说此时是不能写入数据的。所以就关闭掉了修复模式
[mysqld]
innodb_force_recovery = 0
restart mysql后,再次恢复数据
sudo service mysql restart
mysql -u root -p < all-databases.sql
再次重启下mysql,现在mysql可以正常启动了,并且数据也回复成功。
使用方法如下,在mysql配置文件中,添加或修改以下配置的值
my.cnf
[mysqld]
innodb_force_recovery = 1
重啟mysql,成功
接下來不要像上文把 /var/db/mysql/ 下面的三個檔案改名。重開機,再利用phpmyadmin進行資料庫的匯入,才不會出問題。也不要清掉table,這方法沒用,請用下面方式import原來的資料庫。
(這步搞好久)
phpmysqladmin中,請重新建一個資料庫joomla1,將舊的資料庫改名joomlaold。將新建的資料庫匯入gz的備份檔(正常要三分鐘左右處理)。再將新建的資料庫joomla1改回正式連的資料庫名稱joomla。
tail -n 1000 /var/db/mysql/hostname.err 用這個unix指令看最後1000行錯誤記錄,然後才搜尋到上面的解法。
cannot connect mysql database (2)
解法:重啟伺服器 reboot -->重啟 mysql -->重啟 apache22 -->重啟伺服器 reboot
#reboot
#/usr/local/etc/rc.d/mysql-server restart
#/usr/local/etc/rc.d/apache22 restart
#reboot
指令:
#crontab -e
插入一行:
20 6 * * * /sbin/shutdown -r now
重啟cron
/etc/rc.d/cron restart
https://www.jianshu.com/p/7f7d3c04d609
觀察cpu
#top -P
觀察mysql
#mysql -u root -p
mysql>show full processlist
修改my.cnf
#nano /etc/my.cnf
query_cache_type = 1 (query-cache-type有三種值:0 (disable / off), 1 (enable / on) and 2 (on demand))
query_cache_size = 128M
thread_concurrency = 12
tmp_table_size = 200M
重啟mysqld