2014-05-07
发表者 Venus
暂无评论

Nginx设置图片防盗链

切记，替换的图片地址要使用没有防盗链的网站图片，否则由于替换的图片其实也处于防盗链情况下，会造成仍旧无法显示设置的图片。
一、全站图片防盗链

在/usr/local/nginx/conf/nginx.conf文件要添加防盗链的server块里添加下面的代码：

location ~* \.(jpg|gif|png|swf|flv|wma|wmv|asf|mp3|mmf|zip|rar)$ {
expires      30d;
valid_referers none blocked *.rootop.org rootop.org;
if ($invalid_referer) {
rewrite ^/ http://imgs.rootop.org/images/denylink.jpg;
                      }
 }

测试一下配置是否OK
# /usr/local/nginx/sbin/nginx -t
the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/nginx/conf/nginx.conf test is successful

重启nginx。

说明：
1、将代码中的*.rootop.org rootop.org换成你自己的域名。
2、确保server段中只有一个location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$，否则可能导致代码无效。

如果有下面这段代码，请将其删除或者与上面的代码合并成一段否则不生效：
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
再次重启lnmp，发现防盗链设置已经生效。

二：针对图片目录防止盗链 #没测试

location /images/
{
alias /data/images/;
valid_referers none blocked server_names *.rootop.org rootop.org ;
if ($invalid_referer)
{
return 403;
}
}

三：使用第三方模块HttpAccessKeyModule实现Nginx防盗链 #没测试

实现方法如下：
1. 下载NginxHttpAccessKeyModule模块文件：Nginx-accesskey-2.0.3.tar.gz；http://wiki.nginx.org/File:Nginx-accesskey-2.0.3.tar.gz
2. 解压此文件后，找到nginx-accesskey-2.0.3下的config文件。编辑此文件：替换其中的”$HTTP_ACCESSKEY_MODULE”为”ngx_http_accesskey_module”；
3. 用以下参数重新编译nginx：

./configure –-add-module=../nginx-accesskey

4. 修改nginx的conf文件，添加以下几行：
location /download {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg “key”;
accesskey_signature “mypass$remote_addr”;
}
其中：
accesskey为模块开关；
accesskey_hashmethod为加密方式MD5或者SHA-1；
accesskey_arg为url中的关键字参数；
accesskey_signature为加密值，此处为mypass和访问IP构成的字符串。

访问测试脚本download.php：
$ipkey= md5(“mypass”.$_SERVER[‘REMOTE_ADDR’]);
$output_add_key=”<a href=http://www.domain.com/download/G3200507120520LM.rar?key=”.$ipkey.”>download_add_key</a><br />”;
$output_org_url=”<a href=http://www.domain.com/download/G3200507120520LM.rar>download_org_path</a><br />”;
echo $output_add_key;
echo $output_org_url;
?>
访问第一个download_add_key链接可以正常下载，第二个链接download_org_path会返回403 Forbidden错误。

参考：
NginxHttpAccessKeyModule http://wiki.nginx.org/NginxHttpAccessKeyModule#accesskey

2014-05-07
发表者 Venus
暂无评论

利用http_load测试Web引擎性能(转)

http_load是基于linux平台的性能测试工具，它体积非常小。它以并行复用的方式运行，可以测试web服务器的吞吐量与负载。

httpd_load官方站：http://www.acme.com/software/http_load/

下载http_load：

wget -c http://www.acme.com/software/http_load/http_load-12mar2006.tar.gz

yum -y install gcc gcc-c++            #安装GCC编辑器
tar xzvf http_load-12mar2006.tar.gz   #解压http_load压缩包
cd http_load-12mar2006                #进入http_load目录
mkdir /usr/local/man                  #创建目录
make && make install                  #编译并安装

http_load的参数：

参数	全称	含义
-p	-parallel	并发的用户进程数。
-f	-fetches	总计的访问次数
-r	-rate	含义是每秒的访问频率
-s	-seconds	连续的访问时间
url		网站连接地址或url文件

其中，“url”是http_load指定的url地址文件，可以一条url占用一行，url文件路径自定，进行压力测试的时候指定绝对url文件路径即可。

测试

http_load -p 1021 -s 10 /tmp/url     #url为刚刚新建的文件

SSH执行以上命令，则向www.kwx.gd并发1021个线程，时间为连续10秒。

41 fetches, 1020 max parallel, 851898 bytes, in 10.0008 seconds
# 一共请求连接41次，最大并发线程1020个，持续10.0008秒内，总传输速率为 851898bytes
20778 mean bytes/connection
#每次请求连接平均数据量（851898÷41）
4.09969 fetches/sec, 85183.3 bytes/sec
#每秒的响应请求连接数为4.09969个，每秒传输的数据为85183.3btyes/毫秒
msecs/connect: 264.607 mean, 269.482 max, 262.187 min
#每次连接平均响应时间：264.607毫秒，最大时间：269.482毫秒，最小时间：262.187毫秒
msecs/first-response: 1949.27 mean, 5394.21 max, 380.501 min
#每次连接平均返回时间：1949.27毫秒，最大时间：5394.21毫秒，最小时间：380.501毫秒
HTTP response codes:
code 200 -- 41
#HTTP返回码：200 ，一共41次。

测试结果中，主要参考fetches/sec、msecs/connect数值，即服务器每秒能够响应的查询次数的数值来衡量性能，当然，单纯数值判断并不准确，还要参考CPU、内存的等消耗综合考虑。

2014-05-07
发表者 Venus
暂无评论

webbench压力测试(转)

webbench最多可以模拟3万个并发连接去测试网站的负载能力，个人感觉要比Apache自带的ab压力测试工具好，安装使用也特别方便。

1、适用系统：Linux

2、编译安装：
wget http://blog.s135.com/soft/linux/webbench/webbench-1.5.tar.gz
tar zxvf webbench-1.5.tar.gz
cd webbench-1.5
make && make install

3、使用：
webbench -c 500 -t 30 http://127.0.0.1/test.jpg
参数说明：-c表示并发数，-t表示时间(秒)

4、测试结果示例：
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://127.0.0.1/test.jpg
500 clients, running 30 sec.

Speed=3230 pages/min, 11614212 bytes/sec.
Requests: 1615 susceed, 0 failed.

2014-05-07
发表者 Venus
暂无评论

开启nginx的NginxStatus监控功能

通过stub_status模块可以查看nginx的工作状态，主要是当前连接数等。处理的会话数。首先在编译nginx时，需要加上参数：

--with-http_stub_status_module

现有的nginx可以通过-V参数查看是否有stub_status模块：
[root@localhost ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
configure arguments: –prefix=/usr/local/nginx –with-http_stub_status_module

配置nginx.conf文件：
在server {}块中添加：

location /nginx-status {
allow 192.168.0.123; #允许访问的ip，可直接定义为allow all，删掉deny。
deny all;
stub_status on;
access_log off;
}

平滑重启nginx：
[root@localhost ~]# killall -s HUP nginx

然后访问 http://IPADDR/nginx-status 即可

Active connections: 当前Nginx正处理的活动连接数(对后端发起的活动连接数).
Server accepts handled requests: Nginx总共处理了16个连接,成功创建16次握手(证明中间没有失败的),总共处理了398个请求.
Reading: Nginx 读取到客户端的Header信息数.
Writing: Nginx 返回给客户端的Header信息数.
Waiting: 开启keep-alive的情况下,这个值等于 active – (reading + writing),意思就是Nginx已经处理完成,正在等候下一次请求指令的驻留连接.
所以,在访问效率高,请求很快被处理完毕的情况下,Waiting数比较多是正常的.如果reading +writing数较多,则说明并发访问量非常大,正在处理过程中.

2014-05-06
发表者 Venus
暂无评论

Install iRedMail on Red Hat Enterprise Linux, CentOS, Scientific Linux

从官网扒来的文档：http://www.iredmail.com/install_iredmail_on_rhel.html

System Requirements

WARNING: iRedMail is designed to be deployed on a FRESH server system, which means your server does NOT have mail related components installed, e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc. Otherwise it may override your existing files/configurations althought it will backup files before modifing, and it may be not working as expected.

To install iRedMail, you need:

A FRESH, working RHEL, CentOS, Scientific Linux system. Supported releases are listed on page Features of iRedMail.
At least 1GB of memory is required for production use.
#上面说了一通说需要一个全新安装的系统，不要安装mysql、openldap、postfix、dovecot、amavisd等等，总之就是很新鲜很新鲜的系统。啧啧，可以吃了。

Preparations

Set a fully qualified domain name (FQDN) hostname on your server

Enter command ‘hostname -f’ to view the current hostname:

$ hostname -f mx.example.com #设置主机名

On RHEL/CentOS/Scientific Linux, hostname is set in two files:

/etc/sysconfig/network: hostname setting

# Part of file: /etc/sysconfig/network #在redhat/centos之类的还需要改此文件。 
HOSTNAME=mx.example.com

/etc/hosts: hostname <=> IP address mapping. Warning: List the FQDN hostname as first item.

# Part of file: /etc/hosts  #通过hosts文件设置ip跟主机名的映射，主机名放在最前面！
127.0.0.1 mx.example.com demo localhost localhost.localdomain

Verify the FQDN hostname. If it wasn’t changed, please reboot server to make it work.

$ hostname -f mx.example.com #确认设置的是否正确！

Enable yum repositories for installing new packages

For CentOS or Scientific Linux, please enable CentOS/Scientific official yum repositories, and DISABLE all third-party yum repositories to avoid package conflict.
For Red Hat Enterprise Linux, please enable Red Hat Network to install packages, or create a local yum repository with DVD/CD ISO images.
上面这几句可以忽视，如果是redhat，需要自动用iso镜像做一个yum源，并启用。推荐还是用centos比较靠谱。

Download the latest release of iRedMail

Visit Download page to get the latest release of iRedMail.
Upload iRedMail to your mail server via ftp or scp or whatever method you can use, login to the server to install iRedMail. We assume you uploaded it to directory/root/iRedMail-x.y.z.tar.bz2 (replace x.y.z by the actual version number).
Uncompress iRedMail tarball:
下载iredmail，目前最新版：
http://www.iredmail.com/iRedMail-0.8.6.tar.bz2
下载完解压。

# tar xjf iRedMail-x.y.z.tar.bz2

Start iRedMail installer

It’s now ready to start iRedMail installer, it will ask you some simple questions, that’s all steps to setup a full-featured mail server.

For Chinese users: Our domain name “iredmail.org” is blocked in China mainland since Jun 04, 2011, please replace all ‘iredmail.org’ by its IP address “106.187.51.47” (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing “iRedMail.sh”.

上面说到，中国的用户你们听好了，我们的域iredmail.org在2011年被GFW毙了，需要修改iRedMail-x.y.z/pkgs/get_all.sh脚本中的域名改为ip，地址是106.187.51.47(www.iredmail.com)。好吧，在安装的时候发现这个ip访问速度很慢，我给改成了(www.iredmail.org的ip地址)：173.254.22.21

修改脚本：

[root@mail ~]# vim iRedMail-0.8.6/pkgs/get_all.sh

export IREDMAIL_MIRROR=”${IREDMAIL_MIRROR:=http://173.254.22.21}”

# cd /root/iRedMail-x.y.z/ 
# bash iRedMail.sh #直接运行脚本开始安装

Screenshots of installation:

1) Welcome and thanks for your use

2) Specify location to store all mailboxes. Default is /var/vmail/. #设置邮件存放路径

3) Choose backend used to store mail accounts. Please choose the one which you’re familiar with. You can manage mail accounts with iRedAdmin, our web-based iRedMail admin panel. #我比较喜欢用mysql存储账户信息。

4) If you choose to store mail accounts in OpenLDAP, iRedMail installer will ask you two questions about OpenLDAP.

4.1) LDAP suffix.

4.2) Password of LDAP root dn.

5) Set password of MySQL root user. MySQL is used to store data of other applications, e.g. Roundcube webmail, Policyd, Amavisd-new. If you choose to store mail accounts in MySQL, you will see this dialog too. #设置mysql的root密码

6) Add your first mail domain name #输入你的域名

7) Set password of admin account of your first mail domain. Note:

This account is used only for system administration, not a mail user. That means you CANNOT login to webmail with this account.
You can login to iRedAdmin (web-based iRedMail admin panel) with this account for mail accont management, login name is full email address.
Admin username is hard-coded, you can create new admins with iRedAdmin after installation completed. #设置postmaster的密码。最大权限。

8) Set password of first mail user of your first mail domain. Note:

This account is a normal mail user, that means you can login to webmail with this account, login name is full email address.
Username is hard-coded, you can create new mail users with iRedAdmin after installation completed.

9) Choose optional components #设置安装的组件

After answered these questions, iRedMail installer will ask your confirm to start installation. It will install and configure required packages automatically. Type ‘y’ or ‘Y’ (without quotes) and press ‘Enter’ to confirm.

Configuration completed. ************************************************************************* **************************** WARNING *********************************** ************************************************************************* * * * Please do remember to *REMOVE* configuration file after installation * * completed successfully. * * * * * /root/iRedMail-x.y.z/config * * ************************************************************************* <<< iRedMail >>> Continue? [Y|n] # <- Type 'Y' or 'y' here, and press 'Enter' to continue

Important things you should know after installation

Read file /root/iRedMail-x.y.z/iRedMail.tips first, it contains:
- URLs, usernames and passwords of web-based applications
- Location of mail serve related software configuration files
- Some other important and/or sensitive information
Setup DNS record for SPF #设置dns的spf记录
Setup DNS record for DKIM #设置dkim电子邮件验证标准

Access webmail and other web applications

After installation successfully completed, you can access web-based programs if you choose to install them. Replace ‘your_server’ below by your actual server name or IP address.

Component	URL	Accessible via HTTP	Accessible via HTTPS
Webmail	http://your_server/mail/ (or /webmail, /roundcube)
iRedAdmin (admin panel)	httpS://your_server/iredadmin/
phpMyAdmin	httpS://your_server/phpmyadmin/
phpLDAPadmin	httpS://your_server/phpldapadmin/
Awstats	httpS://your_server/awstats/awstats.pl?config=web (or ?config=smtp)

2025 年 5 月
一	二	三	四	五	六	日
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31