分类 服务器 下的文章

最近,发现网站的数据库连接不上,而且持续有一段时间了。主要还是平时太少管理网站,所以隔了几天才发现。
重启后,数据库恢复正常,但一分钟不到,内存不足,又挂了。
经过排查,原来是没使用swap虚拟内存。开启后,妥妥的稳定运行。

关闭配置文件/etc/fstab中所有的交换空间

sudo swapoff -a

一、创建交换分区的文件:增加2G大小的交换分区

sudo dd if=/dev/zero of=/var/swapfile bs=1M count=2048
  • if 代表输入文件。如果不指定if,默认就会从stdin中读取输入。
  • of 代表输出文件。如果不指定of,默认就会将stdout作为默认输出。
  • bs 代表字节为单位的块大小。
  • count 代表被复制的块数。
  • /dev/zero 是一个字符设备,会不断返回0值字节(\0)。

块大小可以使用的计量单位表

单位大小代码
字节1Bc
字节2Bw
512Bb
千字节1024Bk
兆字节1024KBM
吉字节1024MBG

二、设置交换分区文件

sudo mkswap /var/swapfile

三、启用交换分区

sudo swapon /var/swapfile

四、写入/etc/fstab,以便在引导时启用

echo '/var/swapfile swap swap defaults 0 0'>>sudo /etc/fstab

五、查看swap的情况

free -m

最近做一个项目,需要用到Gmail邮箱发送邮件,但发现发送不出去。
排查问题时,需要用到dig命令,但使用时,却提醒我dig命令不存在~
那就安装吧,习惯性的运行yum install dig,却提示我没这个包?
微信截图_20181017092818.png

经过查找资料,原来dig命令属于bind-utils工具包,安装这个包之后就可以使用dig命令了。

yum install bind-utils

作为一个习惯追新的人,最近把nginx升级到了1.15.2,修改站点配置并重新加载配置文件时,发现报警告。
虽然不影响正常,也不是处女座,但还是看不顺眼,经过一番百度 Google,终于找到原因和解决方法!

报错内容

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/vhost/test.ll00.cn:24

原因

新版本不推荐使用ssl指令,所以会发出一段警告。使用listen 443 ssl;代替

解决方法

在配置文件里,找到ssl on;,将其注释掉

# ssl on;

然后修改监听端口处的配置后面加上ssl

listen 443 ssl;

相关Nginx更新日志:

Changes with nginx 1.15.0                                        05 Jun 2018

    *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
       "listen" directive should be used instead.

    *) Change: now nginx detects missing SSL certificates during
       configuration testing when using the "ssl" parameter of the "listen"
       directive.

    *) Feature: now the stream module can handle multiple incoming UDP
       datagrams from a client within a single session.

    *) Bugfix: it was possible to specify an incorrect response code in the
       "proxy_cache_valid" directive.

    *) Bugfix: nginx could not be built by gcc 8.1.

    *) Bugfix: logging to syslog stopped on local IP address changes.

    *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
       the bug had appeared in 1.13.8.

    *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
       in logs during binary upgrade when using unix domain listen sockets
       on FreeBSD.

    *) Bugfix: nginx could not be built on Fedora 28 Linux.

    *) Bugfix: request processing rate might exceed configured rate when
       using the "limit_req" directive.

    *) Bugfix: in handling of client addresses when using unix domain listen
       sockets to work with datagrams on Linux.

    *) Bugfix: in memory allocation error handling.

Install 'net-tools' and 'wget' packages on CentOS 7:

yum install net-tools wget

https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html

Type wget followed by the pasted URL:

wget <paste copied url>

Install downloaded package on RedHat/CentOS/Fedora system:

rpm -Uvh openvpn-as-2.1.12-CentOS7.x86_64.rpm

The installation process should then commence and finish. The output may look like this:

The Access Server has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Please enter "passwd openvpn" to set the initial administrative password, then login as "openvpn" to continue configuration here: https://192.168.70.222:943/admin To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool. Access Server web UIs are available here: Admin UI: https://192.168.47.222:943/admin Client UI: https://192.168.47.222:943/

The Access Server tries to adapt itself to the network configuration it finds. But if you have a complex network setup you may need to run the ovpn-init tool to reconfigure to listen to another network interface. It's worth mentioning that the ovpn-init tool can be used to wipe all OpenVPN Access Server configuration with the --force option in case you make a mistake during initial setup. Don't use the --force option on an existing installation unless you can live with losing all configuration and certificates and want to start over. Also, the program will ask for a license key, but you do not have to enter one. If no valid license key is found it will just assume a demonstration mode where all functions work but you're limited to 2 simultaneous VPN tunnel connections.
Finishing configuration and using the product
Once the program is installed it will automatically configure itself with some standard settings. The installation process will also tell you where to find the client web service, which is the web based GUI that you can use to log on and connect to the Access Server, and where to find the admin web service, which is where you can log on as an administrative user and manage the configuration, certificate, users, etcetera, in the web based GUI. Usually the client UI is at the address of your server, for example https://192.168.70.222/. The admin UI is usually at the /admin/ address, for example https://192.168.70.222/admin/. Please note that the web services by default actually run on port TCP 943, so you can visit them at https://192.168.70.222:943/ and https://192.168.70.222:943/ as well. The OpenVPN TCP daemon that runs on TCP port 443 redirects incoming browser requests so that it is slightly easier for users to open the web interface.

Initially a single administrative user is added to the system. But it has no password set and therefore cannot be used yet. To use it a password must be set first:

passwd openvpn

You can now point your web browser at the admin UI web interface. Because the Access Server comes with a self-signed SSL certificate to begin with, you will receive a warning in the browser like "Invalid certificate" or "Cannot verify identity of the server". You will have to confirm that you wish to continue to the web interface. You will then see the login screen and you can then enter the username openvpn and the password you have just set with the "passwd openvpn" command.

https://docs.openvpn.net/getting-started/installing-openvpn-access-server-on-a-linux-operating-system/