推荐文章

Liunx 磁盘扩容踩坑总结

html

Liunx 磁盘扩容踩坑总结查看当前磁盘使用[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# df -hFilesystem Size Used Avail Use% Mounted on/dev/xvda1 40G 36G 2.8G 93% /tmpfs 1003M 0 1003M 0% /dev/shm/dev/xvdb1 20G 16G 2.8G 86% /home/www/dev/xvdc 15G 15G 0 100% /home/svn我们在阿里云扩容/dev/xvdc 这个盘之后查看磁盘详解[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# fdisk -lDisk /dev/xvda: 42.9 GB, 42949672960 bytes255 heads, 63 sectors/track, 5221 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk identifier: 0x00071419 Device Boot Start End Blocks Id System/dev/xvda1 * 1 5222 41940992 83 LinuxDisk /dev/xvdb: 64.4 GB, 64424509440 bytes255 heads, 63 sectors/track, 7832 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk identifier: 0x453417b4 Device Boot Start End Blocks Id System/dev/xvdb1 1 2610 20964793+ 83 LinuxDisk /dev/xvdc: 32.2 GB, 32212254720 bytes255 heads, 63 sectors/track, 3916 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk identifier: 0x00000000Disk /dev/xvdc doesn't contain a valid partition table强制检查磁盘使用情况[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# e2fsck -f /dev/xvdce2fsck 1.41.12 (17-May-2010)Pass 1: Checking inodes, blocks, and sizesPass 2: Checking directory structurePass 3: Checking directory connectivity/lost+found not found. Create<y>? yesPass 4: Checking reference countsPass 5: Checking group summary information/dev/xvdc: ***** FILE SYSTEM WAS MODIFIED *****/dev/xvdc: 343096/983040 files (3.1% non-contiguous), 3788579/3932160 blocks重定义磁盘大小[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# resize2fs /dev/xvdcresize2fs 1.41.12 (17-May-2010)Resizing the filesystem on /dev/xvdc to 7864320 (4k) blocks.The filesystem on /dev/xvdc is now 7864320 blocks long.重新挂载光驱[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# mount /dev/xvdc /home/svn查询磁盘使用情况[root@iZ2zebzrd1fwcb8kj2g8xiZ ~]# df -hFilesystem Size Used Avail Use% Mounted on/dev/xvda1 40G 36G 2.8G 93% /tmpfs 1003M 0 1003M 0% /dev/shm/dev/xvdb1 20G 16G 2.8G 86% /home/www/dev/xvdc 30G 15G 14G 51% /home/svn注:磁盘格式一定要用ext4ext3文件系统一级子目录的个数默认为32000个,去掉.目录(代表当前目录)和..目录(代表上级目录),实际只能建31998个,ext3文件系统下单个目录里的最大文件数无特别的限制,是受限于所在文件系统的inode数

21

2018/09

在Liunx上安装Java环境JDK

html

java Jdk的安装安装Java环境首先检测是否安装javajava -version echo $JAVA_HOME如果java的版本过低,建议安装高版本,下面安装的是java 1.8cd /opt/ wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u66-b17/jdk-8u66-linux-x64.tar.gz" tar xzf jdk-8u66-linux-x64.tar.gzcd /opt/jdk1.8.0_66/ alternatives --install /usr/bin/java java /opt/jdk1.8.0_66/bin/java 2 alternatives --config java运行了上面的,会初选一个选择的地方,我的机器显示:There are 3 programs which provide 'java'. Selection Command ----------------------------------------------- 1 /opt/jdk1.7.0_71/bin/java +2 /opt/jdk1.8.0_45/bin/java 3 /opt/jdk1.8.0_51/bin/java 4 /opt/jdk1.8.0_66/bin/java Enter to keep the current selection[+], or type selection number: 4我们安装的是jdk1.8.0.66 所以,我选择的是4,这个看具体情况,jdk1.8.0.66 是第几个,就选择那个数字。alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_66/bin/jar 2 alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_66/bin/javac 2 alternatives --set jar /opt/jdk1.8.0_66/bin/jar alternatives --set javac /opt/jdk1.8.0_66/bin/javac安装完成,检查版本java -version java version "1.8.0_66" Java(TM) SE Runtime Environment (build 1.8.0_66-b17) Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)保存到文件 /etc/environment中,当服务器重启的时候加载:vi /etc/profile export JAVA_HOME=/opt/jdk1.8.0_66 export JRE_HOME=/opt/jdk1.8.0_66/jre export PATH=$PATH:/opt/jdk1.8.0_66/bin:/opt/jdk1.8.0_66/jre/bin重启linuxreboot查看是否安装成功java -version echo $JAVA_HOME

09

2018/05

Liunx搭建VPN shell 脚本

html

Liunx搭建VPN shell 脚本我总结了一个sell脚本#!/bin/bash############################################################## ## This is a PPTP and L2TP VPN installation for CentOS 7 ## Version: 1.1.1 20160507 ## Author: Bon Hoo ## Website: http://www.ccwebsite.com ## ###############################################################检测是否是root用户if [[ $(id -u) != "0" ]]; then printf "\e[42m\e[31mError: You must be root to run this install script.\e[0m\n" exit 1fi#检测是否是CentOS 7或者RHEL 7if [[ $(grep "release 7." /etc/redhat-release 2>/dev/null | wc -l) -eq 0 ]]; then printf "\e[42m\e[31mError: Your OS is NOT CentOS 7 or RHEL 7.\e[0m\n" printf "\e[42m\e[31mThis install script is ONLY for CentOS 7 and RHEL 7.\e[0m\n" exit 1ficlearprintf "############################################################## ## This is a PPTP and L2TP VPN installation for CentOS 7 ## Version: 1.1.1 20160507 ## Author: Bon Hoo ## Website: http://www.ccwebsite.com ## ##############################################################"#获取服务器IPserverip=$(ifconfig -a |grep -w "inet"| grep -v "127.0.0.1" |awk '{print $2;}')printf "\e[33m$serverip\e[0m is the server IP?"printf "If \e[33m$serverip\e[0m is \e[33mcorrect\e[0m, press enter directly."printf "If \e[33m$serverip\e[0m is \e[33mincorrect\e[0m, please input your server IP."printf "(Default server IP: \e[33m$serverip\e[0m):"read serveriptmpif [[ -n "$serveriptmp" ]]; then serverip=$serveriptmpfi#获取网卡接口名称ethlist=$(ifconfig | grep ": flags" | cut -d ":" -f1)eth=$(printf "$ethlist\n" | head -n 1)if [[ $(printf "$ethlist\n" | wc -l) -gt 2 ]]; then echo ====================================== echo "Network Interface list:" printf "\e[33m$ethlist\e[0m\n" echo ====================================== echo "Which network interface you want to listen for ocserv?" printf "Default network interface is \e[33m$eth\e[0m, let it blank to use default network interface: " read ethtmp if [ -n "$ethtmp" ]; then eth=$ethtmp fifi#设置VPN拨号后分配的IP段iprange="10.0.1"echo "Please input IP-Range:"printf "(Default IP-Range: \e[33m$iprange\e[0m): "read iprangetmpif [[ -n "$iprangetmp" ]]; then iprange=$iprangetmpfi#设置预共享密钥mypsk="ueibo.cn"echo "Please input PSK:"printf "(Default PSK: \e[33mueibo.cn\e[0m): "read mypsktmpif [[ -n "$mypsktmp" ]]; then mypsk=$mypsktmpfi#设置VPN用户名username="ueibo.com"echo "Please input VPN username:"printf "(Default VPN username: \e[33mueibo.com\e[0m): "read usernametmpif [[ -n "$usernametmp" ]]; then username=$usernametmpfi#随机密码randstr() { index=0 str="" for i in {a..z}; do arr[index]=$i; index=$(expr ${index} + 1); done for i in {A..Z}; do arr[index]=$i; index=$(expr ${index} + 1); done for i in {0..9}; do arr[index]=$i; index=$(expr ${index} + 1); done for i in {1..10}; do str="$str${arr[$RANDOM%$index]}"; done echo $str}#设置VPN用户密码password=$(randstr)printf "Please input \e[33m$username\e[0m's password:\n"printf "Default password is \e[33m$password\e[0m, let it blank to use default password: "read passwordtmpif [[ -n "$passwordtmp" ]]; then password=$passwordtmpficlear#打印配置参数clearecho "Server IP:"echo "$serverip"echoecho "Server Local IP:"echo "$iprange.1"echoecho "Client Remote IP Range:"echo "$iprange.10-$iprange.254"echoecho "PSK:"echo "$mypsk"echoecho "Press any key to start..."get_char() { SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY}char=$(get_char)clearmknod /dev/random c 1 9#更新组件yum update -y#安装epel源yum install epel-release -y#安装依赖的组件yum install -y openswan ppp pptpd xl2tpd wget#创建ipsec.conf配置文件rm -f /etc/ipsec.confcat >>/etc/ipsec.conf<<EOF# /etc/ipsec.conf - Libreswan IPsec configuration file# This file: /etc/ipsec.conf## Enable when using this configuration file with openswan instead of libreswan#version 2## Manual: ipsec.conf.5# basic configurationconfig setup # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes # exclude networks used on server side by adding %v4:!a.b.c.0/24 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 # OE is now off by default. Uncomment and change to on, to enable. oe=off # which IPsec stack to use. auto will try netkey, then klips then mast protostack=netkey force_keepalive=yes keep_alive=1800conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNATconn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=$serverip leftid=$serverip leftprotoport=17/1701 right=%any rightprotoport=17/%any dpddelay=40 dpdtimeout=130 dpdaction=clear leftnexthop=%defaultroute rightnexthop=%defaultroute ike=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256 phase2alg=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256 sha2-truncbug=yes# For example connections, see your distribution's documentation directory,# or the documentation which could be located at# /usr/share/docs/libreswan-3.*/ or look at https://www.libreswan.org/## There is also a lot of information in the manual page, "man ipsec.conf"# You may put your configuration (.conf) file in the "/etc/ipsec.d/" directory# by uncommenting this line#include /etc/ipsec.d/*.confEOF#设置预共享密钥配置文件rm -f /etc/ipsec.secretscat >>/etc/ipsec.secrets<<EOF#include /etc/ipsec.d/*.secrets$serverip %any: PSK "$mypsk"EOF#创建pptpd.conf配置文件rm -f /etc/pptpd.confcat >>/etc/pptpd.conf<<EOF#ppp /usr/sbin/pppdoption /etc/ppp/options.pptpd#debug# stimeout 10#noipparamlogwtmp#vrf test#bcrelay eth1#delegate#connections 100localip $iprange.2remoteip $iprange.200-254EOF#创建xl2tpd.conf配置文件mkdir -p /etc/xl2tpdrm -f /etc/xl2tpd/xl2tpd.confcat >>/etc/xl2tpd/xl2tpd.conf<<EOF;; This is a minimal sample xl2tpd configuration file for use; with L2TP over IPsec.;; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec; clients connect. In this example, the internal (protected) network; is 192.168.1.0/24. A special IP range within this network is reserved; for the remote clients: 192.168.1.128/25; (i.e. 192.168.1.128 ... 192.168.1.254);; The listen-addr parameter can be used if you want to bind the L2TP daemon; to a specific IP address instead of to all interfaces. For instance,; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99); will be used by xl2tpd as its address on pppX interfaces.[global]; ipsec saref = yeslisten-addr = $serveripauth file = /etc/ppp/chap-secretsport = 1701[lns default]ip range = $iprange.10-$iprange.199local ip = $iprange.1refuse chap = yesrefuse pap = yesrequire authentication = yesname = L2TPVPNppp debug = yespppoptfile = /etc/ppp/options.xl2tpdlength bit = yesEOF#创建options.pptpd配置文件mkdir -p /etc/ppprm -f /etc/ppp/options.pptpdcat >>/etc/ppp/options.pptpd<<EOF# Authenticationname pptpd#chapms-strip-domain# Encryption# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o# {{{refuse-paprefuse-chaprefuse-mschap# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.require-mschap-v2# Require MPPE 128-bit encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)require-mppe-128# }}}# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o# {{{#-chap#-chapms# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.#+chapms-v2# Require MPPE encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)#mppe-40 # enable either 40-bit or 128-bit, not both#mppe-128#mppe-stateless# }}}ms-dns 8.8.4.4ms-dns 8.8.8.8#ms-wins 10.0.0.3#ms-wins 10.0.0.4proxyarp#10.8.0.100# Logging#debug#dumplocknobsdcompnovjnovjccompnologfdEOF#创建options.xl2tpd配置文件rm -f /etc/ppp/options.xl2tpdcat >>/etc/ppp/options.xl2tpd<<EOF#require-pap#require-chap#require-mschapipcp-accept-localipcp-accept-remoterequire-mschap-v2ms-dns 8.8.8.8ms-dns 8.8.4.4asyncmap 0authcrtsctslockhide-passwordmodemdebugname l2tpdproxyarplcp-echo-interval 30lcp-echo-failure 4mtu 1400noccpconnect-delay 5000# To allow authentication against a Windows domain EXAMPLE, and require the# user to be in a group "VPN Users". Requires the samba-winbind package# require-mschap-v2# plugin winbind.so# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\VPN Users"'# You need to join the domain on the server, for example using samba:# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.htmlEOF#创建chap-secrets配置文件,即用户列表及密码rm -f /etc/ppp/chap-secretscat >>/etc/ppp/chap-secrets<<EOF# Secrets for authentication using CHAP# client server secret IP addresses$username pptpd $password *$username l2tpd $password *EOFServerIP: 47.93.56.87username: ueibo.compassword: K872ozFAY5PSK: ueibo.cn#修改系统配置,允许IP转发sysctl -w net.ipv4.ip_forward=1sysctl -w net.ipv4.conf.all.rp_filter=0sysctl -w net.ipv4.conf.default.rp_filter=0sysctl -w net.ipv4.conf.$eth.rp_filter=0sysctl -w net.ipv4.conf.all.send_redirects=0sysctl -w net.ipv4.conf.default.send_redirects=0sysctl -w net.ipv4.conf.all.accept_redirects=0sysctl -w net.ipv4.conf.default.accept_redirects=0cat >>/etc/sysctl.conf<<EOFnet.ipv4.ip_forward = 1net.ipv4.conf.all.rp_filter = 0net.ipv4.conf.default.rp_filter = 0net.ipv4.conf.$eth.rp_filter = 0net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.default.accept_redirects = 0EOF#允许防火墙端口cat >>/usr/lib/firewalld/services/pptpd.xml<<EOF<?xml version="1.0" encoding="utf-8"?><service> <short>pptpd</short> <description>PPTP and Fuck the GFW</description> <port protocol="tcp" port="1723"/></service>EOFcat >>/usr/lib/firewalld/services/l2tpd.xml<<EOF<?xml version="1.0" encoding="utf-8"?><service> <short>l2tpd</short> <description>L2TP IPSec</description> <port protocol="udp" port="500"/> <port protocol="udp" port="4500"/> <port protocol="udp" port="1701"/></service>EOF#centos7.0版本的防火墙#systemctl start firewalld#firewall-cmd --reload#firewall-cmd --permanent --add-service=pptpd#firewall-cmd --permanent --add-service=l2tpd#firewall-cmd --permanent --add-service=ipsec#firewall-cmd --permanent --add-masquerade#firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -p tcp -i ppp+ -j TCPMSS --syn --set-mss 1356#firewall-cmd --reload#centos7.0以下版本的防火墙iptables --table nat --append POSTROUTING --jump MASQUERADEiptables -t nat -A POSTROUTING -s $iprange.0/24 -o $eth -j MASQUERADEiptables -t nat -A POSTROUTING -s $iprange.0/24 -j SNAT --to-source $serveripiptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356service iptables save#允许开机启动systemctl enable pptpd ipsec xl2tpdsystemctl restart pptpd ipsec xl2tpdclear#测试ipsecipsec verifyprintf "############################################################## ## This is a PPTP and L2TP VPN installation for CentOS 7 ## Version: 1.1.1 20160507 ## Author: Bon Hoo ## Website: http://www.ccwebsite.com ## ##############################################################if there are no [FAILED] above, then you canconnect to your L2TP VPN Server with the defaultuser/password below:ServerIP: $serveripusername: $usernamepassword: $passwordPSK: $mypsk"把以上代码放在shell文件中,执行!

17

2017/06

Liunx搭建VPN

html

http://www.xiukee.com/show_530564.html接下来怎么办?不懂Linux会不会死?不会滴。命令都在这里了。先安装pptpd服务,就是VPN连接的软件模块。输入:yum install ppp iptables pptpd <!--more-->安装完成之后,你就得开始好好干活了:A:编辑pptpd.conf:输入:vi /etc/pptpd.conf找到localip,去掉下面字段前面的#,然后保存退出。localip 192.168.0.1remoteip 192.168.0.234-238,192.168.0.245Tips:不会用vi编辑器怎么办?用上下键移动光标到需要修的那一行,按“i”键进入插入编辑状态,修改完成之后,按“esc”键退出编辑,直接在键盘上输入“:wq”即可保存退出。编辑options.pptpdvi /etc/ppp/options.pptpd搜索ms-dns,去掉搜索到的两行ms-dns前面的#,并修改为下面的字段ms-dns 8.8.8.8ms-dns 8.8.4.4然后是加入VPN的帐号密码,需要编辑/etc/ppp/chap-secrets设置:vi /etc/ppp/chap-secrets添加一行,按照下面格式输入:用户名 pptpd 密码 *保存退出,配置内核。vi /etc/sysctl.conf在这个文件里面加入一行:net.ipv4.ip_forward=1,然后保存退出。输入:sysctl -p 让刚才的设置生效。输入:iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT —to-source 47.93.56.87请注意最后的参数并不是那一段中文哦,而是你的服务器的IP地址。去阿里云的管理平台看。然后输入:chmod +x /etc/rc.d/rc.local编辑系统配置:vi /etc/rc.d/rc.local把刚才那个iptables的命令加入进去。保存退出。启动vpn链接的服务:systemctl start pptpd让它开机自启动:chkconfig pptpd on万事大吉,整个过程大概30分钟就能搞定。之后的VPN设置也很容易,你有了IP地址和用户名密码,直接设置好了就行。

17

2017/06