分类目录归档：Linux

Linux…

[原] QNAP和ESXi支持UPS关机

最近搞了i5-7200软路由，把iKuai、LEDE、ubuntu、windows装到了ESXi的虚拟机里，前面两个还好说（写盘不多，断电问题不大），后面两个虚拟机断电可吃不消。于是研究怎么能让ESXi支持UPS下自动关机。
基本照着这篇搞的（不过他应该是Nut Client老版本，核心在于把 UPS server设成: qnapups@qnap的ip地址）

https://www.snbforums.com/threads/using-qnap-ups-server-to-signal-other-devices.17551/

Client NUT pour ESXi 5 et 6

标签: ESXi, QNAP

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] 终极解决QNAP的跨网后ddns问题

发表评论

上次说的解决方案：https://www.jianshu.com/p/272054ed178b
还是可以工作，不过每次都要手动填挺烦的。最近QNAP ddns的api换ip也挺勤快的。
于是研究了一下：
# nslookup core2.api.myqnapcloud.com | grep ‘Address ‘
Address 1: 52.0.98.168
Address 2: 3.216.22.135
Address 3: 34.235.250.228
Address 4: 107.21.3.202
Address 5: 54.209.222.24
Address 6: 52.201.140.187

再通过lede的uci把上面nslookup出来的ip填到你懂的配置文件里：
# uci add_list 你懂的.@access_control[0].wan_bp_ips=’52.6.174.252’

最终的一行命令如下（吐槽一下BusyBox很多命令或者参数不支持）：
# nslookup core2.api.myqnapcloud.com | grep -oE ‘Address \d+: ([^:]{7,16})’ | cut -c12-30 | while read ip; do uci add_lis
t 你懂的.@access_control[0].wan_bp_ips=”$ip”; done; uci commit 你懂的
>>>
uci add_list 你懂的.@access_control[0].wan_bp_ips=107.21.3.202
uci add_list 你懂的.@access_control[0].wan_bp_ips=54.209.222.24
uci add_list 你懂的.@access_control[0].wan_bp_ips=34.235.250.228
uci add_list 你懂的.@access_control[0].wan_bp_ips=52.0.98.168
uci add_list 你懂的.@access_control[0].wan_bp_ips=52.201.140.187
uci add_list 你懂的.@access_control[0].wan_bp_ips=3.216.22.135
uci commit 你懂的

以后就省事了

标签: Linux, QNAP

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] QNAP NAS的一些使用技巧

发表评论

发在了jianshu：https://www.jianshu.com/u/64dcf3bbdf16

标签: QNAP

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] 配置linux iptables NAT方式端口映射远程桌面到内网windows

发表评论

好吧，标题比较拗口。想象这样一种场景：
外网—-linux（可以是路由器、也可以是物理机）—-内网—-windows
那么外网怎么能远程桌面到内网的windows呢，简单来说，就是通过配置linux的nat端口映射到windows的3389端口：

NETPC="inner.ip"
NETPORT="443"
OUTIP="outer.ip"

iptables -A INPUT -j ACCEPT -p tcp -d $OUTIP --dport $NETPORT
iptables -t nat -A PREROUTING -p tcp -m tcp -d $OUTIP --dport $NETPORT -j DNAT --to-destination $NETPC:3389
iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NETPC --dport 3389 -j SNAT --to-source $OUTIP
iptables -A FORWARD -i eth0 -s $OUTIP -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -o eth0 -d $OUTIP -p tcp --dport $NETPORT -j ACCEPT

NETPC="inner.ip"

NETPORT="443"

OUTIP="outer.ip"

iptables -A INPUT -j ACCEPT -p tcp -d $OUTIP --dport $NETPORT

iptables -t nat -A PREROUTING -p tcp -m tcp -d $OUTIP --dport $NETPORT -j DNAT --to-destination $NETPC:3389

iptables -t nat -A POSTROUTING -p tcp -m tcp -d $NETPC --dport 3389 -j SNAT --to-source $OUTIP

iptables -A FORWARD -i eth0 -s $OUTIP -p tcp --dport 3389 -j ACCEPT

iptables -A FORWARD -o eth0 -d $OUTIP -p tcp --dport $NETPORT -j ACCEPT

默认linux没有开启转发，需要先开启：

sysctl -w net.ipv4.ip_forward=1

1	sysctl -w net.ipv4.ip_forward=1

标签: iptables, Linux, nat, portmap

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[唉] 又被垃圾评论攻占了，开启注册用户才能发表评论

1条回复

上月信用卡莫名刷出了美金，还百撕不得骑姐呢。。。
看了账单才知道是Amazon的aws ec2主机扣了我的费用，才知道原来ec2的免费策略是有各种各样限额的。
包括流量、IO。。。
一般是不会超的，不过要是也像我这种情况，被垃圾评论攻占的话。。。
ec的免费IO是一个月2百万次，但是怎么算IO呢，嗯，open一次算一次。
我给你解释一下一条垃圾评论大概会占用几次IO：
众所周知php为进程退出就清空所有上下文模式，所以一个访问：
看你include了多少php文件，就有几次IO，插件判断是垃圾评论吧，访问数据库吧，web日志，。。。

现在不得不开启注册用户才能发表评论模式了，然后注册表单里用了google的reCAPTCHA，先看看顶不顶得住。
附图一张：

其实我在此之前还写了个脚本自动添加Spam的ip到iptables的禁封列表里，结果发现太长了这个列表，会搞得服务器卡的一笔。贴在这里看需要的朋友吧：

$ cat makebanip.sh
wget http://www.stopforumspam.com/downloads/bannedips.zip
unzip bannedips.zip
php makebanip.php
chmod +x banip.sh

$ cat makebanip.sh

wget http://www.stopforumspam.com/downloads/bannedips.zip

unzip bannedips.zip

php makebanip.php

chmod +x banip.sh

$ cat makebanip.php
<?php
$ips = explode(',', file_get_contents('bannedips.csv'));

$fp = fopen('banip.sh', 'w');
fwrite($fp, "iptables -F\n");
foreach ($ips as $ip) { 
	if (strlen($ip) > 7) {
		fwrite($fp, "iptables -A INPUT -j DROP -s $ip\n");
	}
}
fclose($fp);

$ cat makebanip.php

<?php

$ips = explode(',', file_get_contents('bannedips.csv'));

$fp = fopen('banip.sh', 'w');

fwrite($fp, "iptables -F\n");

foreach ($ips as $ip) {

if (strlen($ip) > 7) {

fwrite($fp, "iptables -A INPUT -j DROP -s $ip\n");

}

fclose($fp);

另外这个主题的作者是根据Akismet的spam清单里的ip地址来过滤的（不过他放到了nginx的deny ip里，其实也可以，不过iptables可能更前端一些）

标签: amazon, iptables, Linux, reCAPTCHA, spam

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] ubuntu下重装mysql

发表评论

好吧，记不清什么原因了，似乎是用apt-get remove mysql-server卸掉了mysql，然后手动删除了部分mysql的配置文件（好吧，先鄙视自己不用apt-get purge）
不过后来又要用到，于是再install，这时候死活装不上。
基本错误是这样，提示install成功了，不过起不来：
service mysql start start: Rejected send message

然后用apt-get remove mysql-server mysql-client，就install不了了：

apt-get install mysql-server mysql-client：
...
invoke-rc.d: unknown initscript, /etc/init.d/mysql not found
...

apt-get install mysql-server mysql-client：

...

invoke-rc.d: unknown initscript, /etc/init.d/mysql not found

...

好吧，它提示/etc/init.d/mysql找不到，后来搜了一下，假装给他一个:

vi /etc/init.d/mysql
内容：
#!/bin/true
chmod 755 /etc/init.d/mysql

vi /etc/init.d/mysql

内容：

#!/bin/true

chmod 755 /etc/init.d/mysql

再次 apt-get remove –purge mysql-server mysql-client
总算清掉了，再一次安装成功：

root@localhost:~# apt-get install mysql-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libgsasl7 guile-1.8-libs libntlm0
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  mysql-server-5.5
Suggested packages:
  tinyca mailx
The following NEW packages will be installed:
  mysql-server mysql-server-5.5
0 upgraded, 2 newly installed, 0 to remove and 3 not upgraded.
Need to get 8,840 kB/8,852 kB of archives.
After this operation, 32.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ precise-updates/main mysql-server-5.5 amd64 5.5.37-0ubuntu0.12.04.1 [8,840 kB]
Fetched 8,840 kB in 1s (8,782 kB/s)           
Preconfiguring packages ...
Selecting previously unselected package mysql-server-5.5.
(Reading database ... 80928 files and directories currently installed.)
Unpacking mysql-server-5.5 (from .../mysql-server-5.5_5.5.37-0ubuntu0.12.04.1_amd64.deb) ...
Selecting previously unselected package mysql-server.
Unpacking mysql-server (from .../mysql-server_5.5.37-0ubuntu0.12.04.1_all.deb) ...
Processing triggers for ureadahead ...
Processing triggers for man-db ...
Setting up mysql-server-5.5 (5.5.37-0ubuntu0.12.04.1) ...
140606  9:25:05 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
mysql start/running, process 25510
Setting up mysql-server (5.5.37-0ubuntu0.12.04.1) ...

root@localhost:~# apt-get install mysql-server

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following packages were automatically installed and are no longer required:

libgsasl7 guile-1.8-libs libntlm0

Use 'apt-get autoremove' to remove them.

The following extra packages will be installed:

mysql-server-5.5

Suggested packages:

tinyca mailx

The following NEW packages will be installed:

mysql-server mysql-server-5.5

0 upgraded, 2 newly installed, 0 to remove and 3 not upgraded.

Need to get 8,840 kB/8,852 kB of archives.

After this operation, 32.8 MB of additional disk space will be used.

Do you want to continue [Y/n]? y

Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ precise-updates/main mysql-server-5.5 amd64 5.5.37-0ubuntu0.12.04.1 [8,840 kB]

Fetched 8,840 kB in 1s (8,782 kB/s)

Preconfiguring packages ...

Selecting previously unselected package mysql-server-5.5.

(Reading database ... 80928 files and directories currently installed.)

Unpacking mysql-server-5.5 (from .../mysql-server-5.5_5.5.37-0ubuntu0.12.04.1_amd64.deb) ...

Selecting previously unselected package mysql-server.

Unpacking mysql-server (from .../mysql-server_5.5.37-0ubuntu0.12.04.1_all.deb) ...

Processing triggers for ureadahead ...

Processing triggers for man-db ...

Setting up mysql-server-5.5 (5.5.37-0ubuntu0.12.04.1) ...

140606 9:25:05 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.

mysql start/running, process 25510

Setting up mysql-server (5.5.37-0ubuntu0.12.04.1) ...

标签: mysql, ubuntu

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] 根据自定义http header控制nginx选择反向代理服务器

发表评论

好吧。本来想多写点的，现在没时间，太监了。
说下核心：客户端自定义的http header，在nginx的配置文件里能直接读取到。
条件：header必须用减号“-”分隔单词，nginx里面会转换为对应的下划线“_”连接的小写单词。
nginx配置：

location / {
  if ($http_my_custom_header ~ (\d+) ) { 
    rewrite / http://google.com/ last;
  } 
}

location / {

if ($http_my_custom_header ~ (\d+) ) {

rewrite / http://google.com/ last;

}

测试：

wget --header="my-custom-header:1" -d https://blog.bbdd.ltd

DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2014-04-28 09:48:40--  https://blog.bbdd.ltd/
Resolving bianbian.org (bianbian.org)... 172.31.30.70
Caching bianbian.org => 172.31.30.70
Connecting to bianbian.org (bianbian.org)|172.31.30.70|:80... connected.
Created socket 3.
Releasing 0x084e3e18 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: bianbian.org
Connection: Keep-Alive
my-custom-header: 1

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.1.19
Date: Mon, 28 Apr 2014 09:48:40 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://google.com

wget --header="my-custom-header:1" -d https://blog.bbdd.ltd

DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'

--2014-04-28 09:48:40-- https://blog.bbdd.ltd/

Resolving bianbian.org (bianbian.org)... 172.31.30.70

Caching bianbian.org => 172.31.30.70

Connecting to bianbian.org (bianbian.org)|172.31.30.70|:80... connected.

Created socket 3.

Releasing 0x084e3e18 (new refcount 1).

---request begin---

GET / HTTP/1.1

User-Agent: Wget/1.13.4 (linux-gnu)

Accept: */*

Host: bianbian.org

Connection: Keep-Alive

my-custom-header: 1

---request end---

HTTP request sent, awaiting response...

---response begin---

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.1.19

Date: Mon, 28 Apr 2014 09:48:40 GMT

Content-Type: text/html

Content-Length: 161

Connection: keep-alive

Location: http://google.com

标签: header, nginx, proxy

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] Installing Nagios 4.0.5 on nginx and Ubuntu 12.04

发表评论

Nagios® Core™ is an Open Source system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better.Nagios Core was originally designed to run under Linux, although it should work under most other unices as well.

以下是2014-4-17安装记录：

== 服务端 ==

安装依赖包：（其实不装也能安装成功，就是部分功能会disabled）

sudo apt-get install build-essential libssl-dev \
libgd2-xpm-dev libpng12-dev php5-gd libgd2-xpm

1 2	sudo apt-get install build-essential libssl-dev \ libgd2-xpm-dev libpng12-dev php5-gd libgd2-xpm

用户组：

sudo adduser --system --no-create-home --disabled-login --group nagios
sudo groupadd nagcmd
sudo usermod -G nagcmd nagios
sudo usermod -a -G nagcmd www-data

sudo adduser --system --no-create-home --disabled-login --group nagios

sudo groupadd nagcmd

sudo usermod -G nagcmd nagios

sudo usermod -a -G nagcmd www-data

从 http://www.nagios.org/download/ 下载解压：

cd /tmp
mkdir nagios
cd nagios
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.5.tar.gz
wget http://www.nagios-plugins.org/download/nagios-plugins-2.0.1.tar.gz
tar zxf nagios-4.0.5.tar.gz
tar zxf nagios-plugins-2.0.1.tar.gz

cd /tmp

mkdir nagios

cd nagios

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.5.tar.gz

wget http://www.nagios-plugins.org/download/nagios-plugins-2.0.1.tar.gz

tar zxf nagios-4.0.5.tar.gz

tar zxf nagios-plugins-2.0.1.tar.gz

编译安装：

cd /tmp/nagios/nagios-4.0.5
./configure --prefix=/opt/nagios --sysconfdir=/etc/nagios \
--with-nagios-user=nagios --with-nagios-group=nagios \
--with-command-user=nagios --with-command-group=nagcmd
make all
sudo make install
sudo make install-init
sudo make install-config
sudo make install-commandmode

cd /tmp/nagios/nagios-4.0.5

./configure --prefix=/opt/nagios --sysconfdir=/etc/nagios \

--with-nagios-user=nagios --with-nagios-group=nagios \

--with-command-user=nagios --with-command-group=nagcmd

make all

sudo make install

sudo make install-init

sudo make install-config

sudo make install-commandmode

建立htpasswd.users，这个如果装了apache2有htpasswd这个命令，不然可以用某个python脚本：
（如果服务器不想装python，可以找台有python的服务器；或者找台装了apache的机器运行htpasswd；或者装个httpd不启动也没关系）
（生成的htpasswd.users是个文本文件，复制到服务器的 /etc/nagios/htpasswd.users）

wget http://trac.edgewall.org/export/10791/trunk/contrib/htpasswd.py
chmod +x htpasswd.py
./htpasswd.py -c -b /etc/nagios/htpasswd.users nagiosadmin "password"

wget http://trac.edgewall.org/export/10791/trunk/contrib/htpasswd.py

chmod +x htpasswd.py

./htpasswd.py -c -b /etc/nagios/htpasswd.users nagiosadmin "password"

修改联系人email，在contacts.cfg的email那里（34行）

sudo vi /etc/nagios/objects/contacts.cfg

1	sudo vi /etc/nagios/objects/contacts.cfg

安装mail报警通知所需包（安装时选择”Internet Site”；输入域名）
（注意：不装这个mail包编译nagios-plugins-2.0.1会error，但是编译nagios-plugins-2.0没问题。。。）

sudo apt-get install mailutils postfix
sudo ln -s /usr/bin/mail /bin/mail

1 2	sudo apt-get install mailutils postfix sudo ln -s /usr/bin/mail /bin/mail

安装插件：

cd /tmp/nagios/nagios-plugins-2.0.1
./configure --prefix=/opt/nagios --with-nagios-user=nagios --with-nagios-group=nagios
make
sudo make install
sudo chown -R nagios:nagios /opt/nagios

cd /tmp/nagios/nagios-plugins-2.0.1

./configure --prefix=/opt/nagios --with-nagios-user=nagios --with-nagios-group=nagios

make

sudo make install

sudo chown -R nagios:nagios /opt/nagios

启动nagios

sudo ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios
sudo service nagios start

1 2	sudo ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios sudo service nagios start

安装fcgi

sudo apt-get install spawn-fcgi fcgiwrap

1	sudo apt-get install spawn-fcgi fcgiwrap

编辑nginx.conf

sudo vi /etc/nginx/sites-enabled/nagios

1	sudo vi /etc/nginx/sites-enabled/nagios

其中对/nagios/开头的地址进行了rewrite，（nagios内部很多页面是写死/nagios/开头的，导致images、css等出不来）

server {
  server_name nagios.bianbian.org;
  access_log  /var/log/nginx/nagios.access.log;
  error_log   /var/log/nginx/nagios.error.log;

  auth_basic            "Restricted Nagios Area!";
  auth_basic_user_file  /etc/nagios/htpasswd.users;

  root    /opt/nagios/share/;

  location ~ ^/nagios/ {
    rewrite ^/nagios/(.*) /$1 permanent;
  }

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php5-fpm.socket;
  }

  location ~ \.cgi$ {
    root /opt/nagios/sbin/;
    rewrite ^/cgi-bin/(.*)\.cgi /$1.cgi break;
    fastcgi_param AUTH_USER $remote_user;
    fastcgi_param REMOTE_USER $remote_user;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/fcgiwrap.socket;
  }
}

server {

server_name nagios.bianbian.org;

access_log /var/log/nginx/nagios.access.log;

error_log /var/log/nginx/nagios.error.log;

auth_basic "Restricted Nagios Area!";

auth_basic_user_file /etc/nagios/htpasswd.users;

root /opt/nagios/share/;

location ~ ^/nagios/ {

rewrite ^/nagios/(.*) /$1 permanent;

}

location ~ \.php$ {

include fastcgi_params;

fastcgi_pass unix:/var/run/php5-fpm.socket;

}

location ~ \.cgi$ {

root /opt/nagios/sbin/;

rewrite ^/cgi-bin/(.*)\.cgi /$1.cgi break;

fastcgi_param AUTH_USER $remote_user;

fastcgi_param REMOTE_USER $remote_user;

include fastcgi_params;

fastcgi_pass unix:/var/run/fcgiwrap.socket;

}

启动服务

sudo service nagios start

1	sudo service nagios start

登录后就看到nagios的监控界面了

标签: Nagios, nginx, utuntu, 安装

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] OpenSSL在多线程环境下的使用（避免core dump）

发表评论

OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func.
OpenSSL 是线程安全的，前提是必须注册两个回调函数。其中根据 Openssl 的版本不同，会有不同版本的 threadid 回调函数。
如果不注册回调函数，多线程下压力一大必挂无疑。基本都是core dump：
libcrypto.so
下面贴主要代码，如何注册使用这两个回调函数：
.h

//声明
#ifndef OPENSSL_VERSION_1_0_0
    #define OPENSSL_VERSION_1_0_0 0x10000000L
#endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
    void ssl_threadid_function_callback(CRYPTO_THREADID* id);
#else
    unsigned long ssl_threadid_function_callback_deprecated();
#endif
    void ssl_lock_callback(int mode, int type, char *file, int line);

//声明

#ifndef OPENSSL_VERSION_1_0_0

#define OPENSSL_VERSION_1_0_0 0x10000000L

#endif

#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0

void ssl_threadid_function_callback(CRYPTO_THREADID* id);

#else

unsigned long ssl_threadid_function_callback_deprecated();

#endif

void ssl_lock_callback(int mode, int type, char *file, int line);

.c
我这里用的是libuv，所以代码里是uv_mutex_t*，如果是pthreads，就换成 pthread_mutex_t*；相应的 uv_thread_self() 换成 pthread_self()

//存lock的
static uv_mutex_t* ssl_locks;

//初始化
ssl_locks = calloc(CRYPTO_num_locks(), sizeof(uv_mutex_t));
for (int i=0; i< CRYPTO_num_locks(); i++) {
    uv_mutex_init(&(ssl_locks[i]));
}
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
    CRYPTO_THREADID_set_callback(ssl_threadid_function_callback);
#else
    CRYPTO_set_id_callback(ssl_threadid_function_callback_deprecated);
#endif
CRYPTO_set_locking_callback(ssl_lock_callback);

//销毁
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
    CRYPTO_THREADID_set_callback(NULL);
#else
    CRYPTO_set_id_callback(NULL);
#endif
CRYPTO_set_locking_callback(NULL);
for (int i=0; i < CRYPTO_num_locks(); i++) {
    uv_mutex_destroy(&(ssl_locks[i]));
}
free(ssl_locks);

//回调函数
#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0
void ssl_threadid_function_callback(CRYPTO_THREADID* id) {
    CRYPTO_THREADID_set_numeric(id, (unsigned long)uv_thread_self());
}
#else
unsigned long ssl_threadid_function_callback_deprecated() {
    return (unsigned long)uv_thread_self();
}
#endif

void ssl_lock_callback(int mode, int type, char *file, int line) {
    if (mode & CRYPTO_LOCK) {
        uv_mutex_lock(&(ssl_locks[type]));
        LOGT("ssl locked: [type] %d, [file] %s, [line] %d", type, file, line);
    } else {
        uv_mutex_unlock(&(ssl_locks[type]));
        LOGT("ssl unlock: [type] %d, [file] %s, [line] %d", type, file, line);
    }
}

//存lock的

static uv_mutex_t* ssl_locks;

//初始化

ssl_locks = calloc(CRYPTO_num_locks(), sizeof(uv_mutex_t));

for (int i=0; i< CRYPTO_num_locks(); i++) {

uv_mutex_init(&(ssl_locks[i]));

}

#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0

CRYPTO_THREADID_set_callback(ssl_threadid_function_callback);

#else

CRYPTO_set_id_callback(ssl_threadid_function_callback_deprecated);

#endif

CRYPTO_set_locking_callback(ssl_lock_callback);

//销毁

#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0

CRYPTO_THREADID_set_callback(NULL);

#else

CRYPTO_set_id_callback(NULL);

#endif

CRYPTO_set_locking_callback(NULL);

for (int i=0; i < CRYPTO_num_locks(); i++) {

uv_mutex_destroy(&(ssl_locks[i]));

}

free(ssl_locks);

//回调函数

#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_1_0_0

void ssl_threadid_function_callback(CRYPTO_THREADID* id) {

CRYPTO_THREADID_set_numeric(id, (unsigned long)uv_thread_self());

}

#else

unsigned long ssl_threadid_function_callback_deprecated() {

return (unsigned long)uv_thread_self();

}

#endif

void ssl_lock_callback(int mode, int type, char *file, int line) {

if (mode & CRYPTO_LOCK) {

uv_mutex_lock(&(ssl_locks[type]));

LOGT("ssl locked: [type] %d, [file] %s, [line] %d", type, file, line);

} else {

uv_mutex_unlock(&(ssl_locks[type]));

LOGT("ssl unlock: [type] %d, [file] %s, [line] %d", type, file, line);

}

打开Trace日志，果然一堆lock的坑啊。。。。
…
… ssl locked: [type] 16, [file] ssl_lib.c, [line] 512
… ssl unlock: [type] 16, [file] ssl_lib.c, [line] 512
… ssl locked: [type] 2, [file] ex_data.c, [line] 304
… ssl unlock: [type] 2, [file] ex_data.c, [line] 325
… ssl locked: [type] 2, [file] ex_data.c, [line] 500
… ssl unlock: [type] 2, [file] ex_data.c, [line] 511
…

简单看了下OpenSSL的基本算法源码，可能OpenSSL当年实现的时候内存比较精贵，所以很多算法都是static的内存块，不停new free内存，所以多线程下必须用各种lock。
内存如此便宜的现如今，这种实现方法显然不符合多线程、高并发的潮流了。。。

参考：
http://www.openssl.org/docs/crypto/threads.html
http://blog.csdn.net/yasi_xi/article/details/19125103

标签: libuv, openssl, Tips

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] Nagios-xi在CentOS的安装tips (web server是nginx)

发表评论

1）./fullinstall会报各种包依赖错误。(其实是 ./1-prereqs 这一步）
需要先卸载原来的mysql、php，反正哪些包依赖错误就卸掉原来的。

2）Nagios默认的httpd是apache，所以默认安装各种出错。修改 ./xi-sys.cfg
把 httpd='httpd'改成 httpd='nginx'

3）./A-subcomponents
Nagios的subcomponents里面很多install / post-install脚本还是写死的
service httpd restart，要改成 service $httpd restart
（nagioscore、nrdp），nagiosmobile是php写的安装脚本，不改没关系（不影响结果，不过会执行不下去）
反正按subcomponents的install脚本照着来，如果每个都确认解压或者复制成功，不用重头执行A-subcomponents，
直接 touch installed.subcomponents 算了

4）./B-installxi
跟上面3）的问题一样，httpd 改成 $httpd

5）./E-importnagiosql
因为apache的conf和nginx完全不同（而前面步骤Nagios装的是apache的conf），这一步需要访问
http://localhost/nagiosql/index.php 肯定出错，导致这一步出问题。
在/etc/nginx/nginx.conf内新增一行：
include /etc/nginx/conf.d/nagiosxi.conf;
在/etc/nginx/conf.d/下新建nagiosxi.conf，参照/etc/httpd/conf.d/nagiosql.conf设置：

server {
        listen 80;
        server_name localhost;

        location /nagiosql {
                root /var/www/html/nagiosql;
        }

    location ~ \.php$ {
         fastcgi_pass   127.0.0.1:9000;
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include        fastcgi_params;
    }
}

server {

listen 80;

server_name localhost;

location /nagiosql {

root /var/www/html/nagiosql;

}

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

（待续）

标签: centos, Nagios, nginx, Tips

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] netty 4.0.17.Final使用epoll模式的几个bug

1条回复

netty支持linux的epoll是4.0.17.Final引入的新功能，不过测试使用发现几个bug。暂记如下：

[已解决的]
使用epoll时channel关闭错误

java.nio.channels.ClosedChannelException: null
        at io.netty.channel.epoll.Native.readAddress(Native Method)

1 2	java.nio.channels.ClosedChannelException: null at io.netty.channel.epoll.Native.readAddress(Native Method)

原因：Native.finishConnect()中有bug
见这里：https://github.com/netty/netty/issues/2280
下载最新代码编译package可解决。包括编译Native的c代码：

gcc -fPIC -shared -o libnetty-transport-native-epoll.so -I/jdk/include/ io_netty_channel_epoll_Native.c

1	gcc -fPIC -shared -o libnetty-transport-native-epoll.so -I/jdk/include/ io_netty_channel_epoll_Native.c

[未解决的]
使用epoll时channel中取不到localAddress()和remoteAddress()

Channel channel = channelHandlerContext.channel();
log.warn("channel {} isActive {}", channel, channel.isActive());
log.warn("localAddress {}", channel.localAddress());
log.warn("remoteAddress {}", channel.remoteAddress());

Channel channel = channelHandlerContext.channel();

log.warn("channel {} isActive {}", channel, channel.isActive());

log.warn("localAddress {}", channel.localAddress());

log.warn("remoteAddress {}", channel.remoteAddress());

log:

18:10:27.076 176719 [nioEventLoopGroup-5-1]  WARN  c.v.b.c.ClientChannelNetty4Impl [118] - channel [id: 0x892e0c3c] isActive true
18:10:27.077 176720 [nioEventLoopGroup-5-1]  WARN  c.v.b.c.ClientChannelNetty4Impl [119] - localAddress null
18:10:27.077 176720 [nioEventLoopGroup-5-1]  WARN  c.v.b.c.ClientChannelNetty4Impl [120] - remoteAddress null

18:10:27.076 176719 [nioEventLoopGroup-5-1] WARN c.v.b.c.ClientChannelNetty4Impl [118] - channel [id: 0x892e0c3c] isActive true

18:10:27.077 176720 [nioEventLoopGroup-5-1] WARN c.v.b.c.ClientChannelNetty4Impl [119] - localAddress null

18:10:27.077 176720 [nioEventLoopGroup-5-1] WARN c.v.b.c.ClientChannelNetty4Impl [120] - remoteAddress null

github上有相关的issue: https://github.com/netty/netty/issues/2262
虽然标记为已解决，但编译4.0最新的代码（4.0.18.Final-SNAPSHOT）错误仍在。
先记录下，明天再来看怎么回事。

标签: bug, epoll, netty

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] 给VMWare下的Linux硬盘扩容

发表评论

之前安装的时候硬盘设小了，后面发现不够用，于是需要给硬盘扩容。记录下来，希望有用。
首先在VMware中选择Edit Virtual mache settings，Utilities下拉框中找到Expand，进行扩容。
这是第一步，不过在Linux底下是没有变化的（相当于硬盘最后增加了部分未分配的空间）。
然后在Linux底下使用fdisk进行重新分表操作。

fdisk /dev/sda

1	fdisk /dev/sda

具体没有记录，我这里的操作主要是：
d 删除扩展分区（否则无法建新分区），n e 新建扩展分区（选择所有容量），n 新建分区（所有容量），w 写入新分区表
因为新增加的空间位于硬盘最后，重建分区不会造成内容丢失。
重启，不过发现大小还是没变：

[root@localhost /]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2             3.9G  3.3G  398M  90% /
tmpfs                 504M  148K  504M   1% /dev/shm
/dev/sda1              49M   41M  5.5M  89% /boot
/dev/sda5             4.1G  2.6G  1.3G  68% /home

[root@localhost /]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda2 3.9G 3.3G 398M 90% /

tmpfs 504M 148K 504M 1% /dev/shm

/dev/sda1 49M 41M 5.5M 89% /boot

/dev/sda5 4.1G 2.6G 1.3G 68% /home

需要再使用resize2fs命令：

[root@localhost /]# resize2fs /dev/sda5
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/sda5 is mounted on /home; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/sda5 to 1592320 (4k) blocks.
The filesystem on /dev/sda5 is now 1592320 blocks long.

[root@localhost /]# resize2fs /dev/sda5

resize2fs 1.41.12 (17-May-2010)

Filesystem at /dev/sda5 is mounted on /home; on-line resizing required

old desc_blocks = 1, new_desc_blocks = 1

Performing an on-line resize of /dev/sda5 to 1592320 (4k) blocks.

The filesystem on /dev/sda5 is now 1592320 blocks long.

这下就好了：

[root@localhost /]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2             3.9G  3.3G  398M  90% /
tmpfs                 504M   80K  504M   1% /dev/shm
/dev/sda1              49M   41M  5.5M  89% /boot
/dev/sda5             6.0G  2.6G  3.2G  46% /home

[root@localhost /]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda2 3.9G 3.3G 398M 90% /

tmpfs 504M 80K 504M 1% /dev/shm

/dev/sda1 49M 41M 5.5M 89% /boot

/dev/sda5 6.0G 2.6G 3.2G 46% /home

标签: Linux, vmware

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] /libtool: line xxx: X–tag=CC: command not found的问题解决

发表评论

今天编译rsl，是在一台完全空白的ubuntu上（对，完全空白，连gcc也没有）。
apt-get install gcc autoconf automake libtool
略过不表。
make的时候，一直提示如下错误：
/libtool: line 646: X–tag=CC: command not found
…
google了半天，终于找到这个：
http://processors.wiki.ti.com/index.php/DMAI_GStreamer_Plug-In_Getting_Started_Guide

../libtool: line 763: X–tag=CC: command not found
The libtool on your host computer is causing the problem (using $(echo) when it is not defined). Either install an older libtool version (1.5.26) or define the echo environment variable.

export echo=echo

1	export echo=echo

标签: libtool, Linux

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] 减小nginx编译后的文件大小 (Reduce file size of nginx)

发表评论

默认的nginx编译选项里居然是用debug模式(-g)的（debug模式会插入很多跟踪和ASSERT之类），编译以后一个nginx有好几兆。
去掉nginx的debug模式编译，编译以后只有375K（nginx-0.5.33, gcc4）。
在 auto/cc/gcc，最后几行有：
# debug
CFLAGS=”$CFLAGS -g”
注释掉或删掉这几行，重新编译即可。-g参数用法详见这篇blog：[原]Linux下的c/c++ GDB调试

Nginx uses debug mode (-g) in compiling by default, which result in several MB of it’s size.
After debug disabled, the file size of nginx reduced to 375K (nginx-0.5.33, gcc4).
open auto/cc/gcc, find this at last several lines:
# debug
CFLAGS=”$CFLAGS -g”
delete it, and recompile. More of -g: Linux c/c++ GDB debug

标签: debug, gcc, nginx, 编译

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

[原] Slackware忘记root密码的解决

发表评论

除了用光盘外，如果使用LILO（默认）作引导，还有如下办法：
出现LILO选择画面时，输入：“Linux init=/bin/bash rw”
开头的”Linux”对应LILO里的label（名称）
引导后出现如下的提示符：
bash-3.00#
运行passwd命令输入新密码即可

有人问这不是很不安全吗？Faint啊，人家都到机器旁边了，要硬盘有硬盘…

标签: lilo, slackware, 密码

遵守创作共用协议，转载请链接形式注明来自https://blog.bbdd.ltd 做人要厚道

bianbian coding life

关注技术, 偶尔动动手

分类目录归档：Linux

[原] QNAP和ESXi支持UPS关机

[原] 终极解决QNAP的跨网后ddns问题

[原] QNAP NAS的一些使用技巧

[原] 配置linux iptables NAT方式端口映射远程桌面到内网windows

[唉] 又被垃圾评论攻占了，开启注册用户才能发表评论

[原] ubuntu下重装mysql

[原] 根据自定义http header控制nginx选择反向代理服务器

[原] Installing Nagios 4.0.5 on nginx and Ubuntu 12.04

[原] OpenSSL在多线程环境下的使用（避免core dump）

[原] Nagios-xi在CentOS的安装tips (web server是nginx)

[原] netty 4.0.17.Final使用epoll模式的几个bug

[原] 给VMWare下的Linux硬盘扩容

[原] /libtool: line xxx: X–tag=CC: command not found的问题解决

[原] 减小nginx编译后的文件大小 (Reduce file size of nginx)

[原] Slackware忘记root密码的解决