Submitted by admin on 2017, June 8, 10:37 AM
Submitted by admin on 2017, April 30, 12:40 PM
sed -i 's@^#Include conf/extra/httpd-ssl@Include conf/extra/httpd-ssl@' /www/wdlinux/apache/conf/httpd.conf
1,强制主站所有Web使用(全局站点)
如果要强制主站使用HTTPS,我们可以这样修改httpd配置文件:
# vim /etc/httpd/conf/httpd.conf
ServerName www.example.com:80
Redirect permanent / https://www.example.com
2,强制虚拟主机(单个站点)
如果要强制单个站点在虚拟主机上使用HTTPS,对于HTTP可以按照下面进行配置:
# vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerName proxy.mimvp.com
Redirect permanent / https://proxy.mimvp.com/
</VirtualHost>
如果你想让你的用户访问你的webapp时只使用安全的HTTPS协议,而不是没加密过的HTTP协议,可以这样配置Apache:
在<Virtualhost *:80>里面加入如下内容:
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
然后重启Apache, done!
Submitted by admin on 2017, April 25, 11:44 PM
https://imququ.com/post/letsencrypt-certificate.html
Submitted by admin on 2013, April 17, 5:00 PM
日志里有如下
[Fri Mar 15 21:47:47 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:48 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:49 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:50 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:51 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:52 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:53 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:54 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:55 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:56 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:57 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:58 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:47:59 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:48:00 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:48:01 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
[Fri Mar 15 21:48:02 2013] [warn] (101)Network is unreachable: connect to listener on [::]:5858
Submitted by admin on 2013, March 30, 8:48 PM
http://www.webta.org/projects/apachetop/
Apachetop is a curses-based top-like display for Apache information, including requests per second, bytes per second, most popular URLs, etc.
Apachetop watches a logfile generated by Apache (in standard common or combined logformat, although it doesn't (yet) make use of any of the extra fields in combined) and generates human-parsable output in realtime.
安装很简单
#yum -y install readline-devel
# wget http://www.webta.org/apachetop/apachetop-0.12.6.tar.gz
# tar xzvf apachetop-0.12.6.tar.gz
# cd apachetop-0.12.6
# ./configure
# make
# make install
分析查看日志的时候
apachetop -f access.log
下面是用法说明:
当执行之后,还有命令可以切换显示状态:
Submitted by admin on 2013, March 21, 11:43 AM
1、使用SSH登陆服务器2、输入命令: ps ax ,会列出所有的进程,找出对应的进程,类似“21045 ? Ss 0:00 /usr/local/bin/memcached -d -m 100 -u root -l 192.168.1.11 -p 12000 -c 256 ?CP /tmp/memcached.pid”。记下开头的id,如前面的21045.3、输入命令关闭进程:kill 210454、重新启动进程
如果要清空memcache的items,常用的办法是什么?杀掉重启?如果有n台memcache需要重启怎么办?挨个做一遍?
很简单,假设memcached运行在本地的11211端口,那么跑一下命令行:
$ echo ”flush_all” | nc localhost 11211
注:flush并不会将items删除,只是将所有的items标记为expired。
第一、连接:telnet 127.0.0.1 11211
第二、按回车键
第三、flush_all 后回车
控制台显示OK,表示操作成功
说明:
1、清空所有键值
flush_all
注:flush并不会将items删除,只是将所有的items标记为expired,因此这时memcache依旧占用所有内存。
2、退出
quit
Submitted by admin on 2013, March 21, 8:27 AM
Apache Banner的隐藏方法,
修改httpd.conf文件,设置以下选项:
ServerTokens ProductOnly
ServerSignature Off
关闭trace-method
TraceEnable off
另外apache可以在编译的时候,故意混淆banner信息,达到隐藏的目的
ServerSignature apache生成的一些页面底部,比如404页面,文件列表页面等等。
ServerTokens指向被用来设置Server的http头回响。设置为Prod可以让HTTP头回响显示成这样….
Server: Apache
apache禁止访问目录列表- -
编辑httpd.conf
把下面配置项改成
Options Indexes FollowSymlinks MultiViews
Options FollowSymlinks MultiViews
即拿掉Indexes,重新启动apache
隐藏http头信息中看到php的版本信息
在php.ini中设置 expose_php = Off
Submitted by admin on 2013, March 15, 7:59 PM
Google 开发的 gperftools 包含四个工具,分别是:TCMalloc、heap-checker、heap-profiler 和 cpu-profiler,TCMalloc是 gperftools 的其中一个工具,用于优化C++写的多线程应用,与标准的glibc库的malloc相比,TCMalloc在内存的分配效率和速度要高,可以在高并发的情况下很好的控制内存的使用,提高服务器的性能,降低负载。
使用 TCMalloc 优化 Nginx 和 MySQL 的内存管理,性能将会有一定程度的提升,特别是对MYSQL服务器高并发下情况下的性能。
安装 libunwind 库
如果系统是64位的需要先安装libunwind库,32位系统则不需要安装。
libunwind 库为基于64位CPU和操作系统的程序提供了基本的堆栈辗转开解功能,其中包括用于输出堆栈跟踪的API、用于以编程方式辗转开解堆栈的API以及支持C++异常处理机制的API。
wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.0.1.tar.gz
tar -zxvf libunwind-1.0.1.tar.gz
cd libunwind-1.0.1/
CFLAGS=-fPIC ./configure
make CFLAGS=-fPIC
make CFLAGS=-fPIC install
cd ../
gperftools 的安装
gperftools 项目网站 http://code.google.com/p/gperftools/
wget http://gperftools.googlecode.com/files/gperftools-2.0.tar.gz
tar -zxvf gperftools-2.0.tar.gz
cd gperftools-2.0
./configure --prefix=/usr/local --enable-frame-pointers
make
make install
cd ../
如果是32位系统,可以不添加 –enable-frame-pointers,如果是64位系统,并且之前没有安装libunwind,那么一定要添加 –enable-frame-pointers 参数。
echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf
/sbin/ldconfig
为 gperftools 添加线程目录:
mkdir /tmp/tcmalloc
chmod 0777 /tmp/tcmalloc
使用gperftools优化Nginx:
为了使 Nginx 支持 gperftools,增加参数 –with-google_perftools_module 重新编译Nginx。
修改/usr/local/nginx/conf/nginx.conf
在pid这行的下面添加
google_perftools_profiles /tmp/tcmalloc;
重新启动nginx
使用gperftools优化MYSQL:
查找文件 /usr/local/mysql/bin/mysqld_safe
在# executing mysqld_safe 下面加上
export LD_PRELOAD=/usr/local/lib/libtcmalloc.so
重新启动MYSQL
验证 tcmalloc 是否运行:
lsof -n | grep tcmalloc