Nginx反向代理基于主机名的多虚拟主机

 未分类  No Responses »
3 月 192014
 

通过Nginx进行反向代理后,仅能访问基于主机名的多个Virtual Host中的默认主机

cn.linuxcache.com
tw.linuxcache.com
hk.linuxcache.com

 

location / {
#root html;
#index index.html index.htm;
proxy_pass http://apache;
proxy_set_header Host $host;
}
错误分析

2014/03/20 15:24:16 [error] 28803#0: *237 upstream sent too big header while reading response header from upstream, client: 192.168.197.111, server: 192.168.197.65, request: “GET / HTTP/1.1”, upstream: “http://192.168.197.62:80/”, host: “cn.linuxcache.com”

proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;

错误分析

nginx-name-based-virtual-host-01

VMware tools 中断安装后问题分析

 未分类  No Responses »
3 月 182014
 

[root@ftp vmware-tools-distrib]# ./vmware-install.pl
A previous installation of VMware Tools has been detected.

The previous installation was made by the tar installer (version 4).

Keeping the tar4 installer database format.

You have a version of VMware Tools installed. Continuing this install will
first uninstall the currently installed version. Do you wish to continue?
(yes/no) [yes]

Error: Unable to find the binary installation directory (answer BINDIR)
in the installer database file “/etc/vmware-tools/locations”.

Uninstall failed. Please correct the failure and re run the install.

Execution aborted.

[root@ftp vmware-tools-distrib]#

 

[root@ftp bin]# ./vmware-uninstall-tools.pl
Uninstalling the tar installation of VMware Tools.

The removal of VMware Tools 8.6.11 build-1310128 for Linux completed
successfully. Thank you for having tried this software.

[root@ftp bin]#

vsftpd使用NFS存储并实现服务隔离

 未分类  No Responses »
3 月 182014
 

192.168.197.55

192.168.197.59

yum update

[root@localhost ~]# mkdir /ftpmount
[root@localhost ~]# mkdir -p /ftpmount/linuxcache/www

[root@localhost ~]# yum install nfs-utils
[root@localhost ~]# mount -t nfs 192.168.197.59:/data/linuxcache/www /ftpmount/linuxcache/www/

[root@localhost ~]# vi /etc/fstab
192.168.197.59:/data/linuxcache/www /ftpmount/linuxcahe/www nfs defaults 0 0

[root@localhost ~]# vi /etc/sysconfig/network

HOSTNAME=ftp.hk.linuxcache-cloud.net

192.168.197.55 ftp ftp.hk.linuxcache-cloud.net
[root@ftp ~]# yum install vsftpd

[root@ftp vsftpd]# cp vsftpd.conf vsftpd.conf.backup

#201403191322
guest_enable=YES
guest_username=nfsnobody
user_config_dir=/etc/vsftpd/users

[root@ftp vsftpd]# vi /etc/pam.d/vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth required pam_userdb.so db=/etc/vsftpd/vftpuser
account required pam_userdb.so db=/etc/vsftpd/vftpuser

 

[root@ftp vsftpd]# vi vftpuser.txt
vftpuser01
vftptgbyhn

[root@ftp vsftpd]# db_load -T -t hash -f /etc/vsftpd/vftpuser.txt /etc/vsftpd/vftpuser.db
[root@ftp vsftpd]#

[root@ftp vsftpd]# chmod 600 vftpuser.*
[root@ftp vsftpd]# pwd
/etc/vsftpd
[root@ftp vsftpd]# mkdir users
[root@ftp vsftpd]# vi users/vftpuser01
local_root=/ftpmount/linuxcache/www
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022

[root@ftp ~]# chkconfig –list vsftpd
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@ftp ~]# chkconfig –level 35 vsftpd on

[root@ftp ~]# iptables -I INPUT -p tcp –dport 21 -j ACCEPT

使用cronolog定时截断生成日志

 未分类  No Responses »
3 月 052014
 

……

[root@http01 ~]# yum install wget

[root@http01 ~]# wget http://cronolog.org/download/cronolog-1.6.2.tar.gz

[root@http01 cronolog-1.6.2]# yum install gcc
[root@http01 cronolog-1.6.2]# ./configure –prefix=/usr/local/cronolog
[root@http01 cronolog-1.6.2]# make
[root@http01 cronolog-1.6.2]# make install

相关下载:
(1) Cronolog 1.6.2

ASA5505 双ISP线路(双WAN)接入配置

 未分类  No Responses »
2 月 262014
 

双WAN线路接入,不同服务通过映射走不同WAN口进入内部网络
链路冗余,主线路中断后流量切换至第二条线路(出站)

通过show run查看接口和VLAN划分情况

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.15.1 255.255.255.0
 !
interface Vlan2
 nameif outside
 security-level 0
 ip address 192.168.3.100 255.255.252.0
 !
interface Vlan3
 nameif outside1
 security-level 0
 ip address 172.16.19.2 255.255.255.0

定义两个网络对象

object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network obj_172
 subnet 0.0.0.0 0.0.0.0

用来进行OUTSIDE口IP映射的内部主机192.168.15.11 端口3389

OUTSIDE(0/0)口IP 192.168.3.100 使用的映射IP 192.168.3.101
OUTSIDE1(0/1)口IP 172.16.19.2 使用的映射IP 172.16.19.13

object network 192.168.15.11
 host 192.168.15.11
object network 192.168.15.11-2
 host 192.168.15.11
object-group service 192.168.3.101
 service-object tcp-udp destination eq 3389
object-group service 172.16.19.13
 service-object tcp-udp destination eq 3389

访问控制列表规则

access-list outside_access extended permit object-group 192.168.3.101 any object 192.168.15.11
access-list outside_access extended permit object-group 172.16.19.13 any object 192.168.15.11-2
access-list outside_access_in extended permit ip any any

NAT规则

object network obj_any
 nat (inside,outside) dynamic interface
object network 192.168.15.11
 nat (inside,outside) static 192.168.3.101 dns
object network obj_172
 nat (inside,outside1) dynamic interface
object network 192.168.15.11-2
 nat (inside,outside1) static 172.16.19.13 dns

在接口上应用规则

access-group outside_access_in in interface outside control-plane
access-group outside_access in interface outside
access-group outside_access_in in interface outside1 control-plane
access-group outside_access in interface outside1

两条外部接口的静态路由,默认路由接口为OUTSIDE(0/0)

route outside 0.0.0.0 0.0.0.0 192.168.1.254 1
route outside1 0.0.0.0 0.0.0.0 172.16.19.1 2

Cisco C2960G交换机VLan及Trunk配置

 未分类  No Responses »
2 月 212014
 

Switch#show run
Building configuration…

Current configuration : 4399 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$U1PF$YnQ2uAaiC1YK6UZIkDAeV.
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
crypto pki trustpoint TP-self-signed-1979330816
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1979330816
revocation-check none
rsakeypair TP-self-signed-1979330816
!
!
crypto pki certificate chain TP-self-signed-1979330816
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393739 33333038 3136301E 170D3933 30333031 30303031
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39373933
33303831 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DDE1 913626E2 19F3DDA8 5F258129 D06B5954 5F8FEAD0 486F5CCA 5B1F0D84
75112D9C A499D22B 43402FF8 27BA06BA 38BE32B8 17EB1AFA 4E2CFBA8 25B123F3
9CB7A5C0 9A874B8D F673622B 30DAF4DF 27A657FC 8DBC4DC3 9BF9700E 3C055E4F
7ED26B5C CBE1C956 999BACDD 9D7A465D A9EB0530 953964C0 ACA0EF13 08081350
9B910203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 14374436
B41F70D7 AE9DB2F2 F465D9B9 B4536F55 2A301D06 03551D0E 04160414 374436B4
1F70D7AE 9DB2F2F4 65D9B9B4 536F552A 300D0609 2A864886 F70D0101 04050003
818100D9 66FD616B 342193AB 9C8A7BEB 7A130BC1 16F9A1F1 325539F3 0432D77C
9B3175A1 463315A3 4DA71799 9EE07075 3F166684 BE5EC920 651A4D06 31149E88
63EE9B1A 385A340D CF4A3186 A317033A 7BCF1CE2 55B6EC0E F5C2F9AD 3A6CFEC7
2E320916 BB702AFD 7CF954A3 95B6225A D79DAB79 870E40A5 95AEAB0A 041494F7 163F1A
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface GigabitEthernet0/3
switchport mode trunk
!
interface GigabitEthernet0/4
switchport mode trunk
!
interface GigabitEthernet0/5
switchport mode trunk
!
interface GigabitEthernet0/6
switchport mode trunk
!
interface GigabitEthernet0/7
switchport mode trunk
!
interface GigabitEthernet0/8
switchport mode trunk
!
interface GigabitEthernet0/9
switchport mode trunk
!
interface GigabitEthernet0/10
switchport mode trunk
!
interface GigabitEthernet0/11
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/22
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/23
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/24
switchport access vlan 11
switchport mode access
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan11
ip address 192.168.11.254 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.11.1
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
logging synchronous
line vty 0 4
password *******
login
line vty 5 15
login
!
end

使用SSH管理Dell iDRAC远程控制卡

 未分类  No Responses »
1 月 212014
 

使用SSH命令行方式管理Dell iDRAC远程控制卡

登录 用户名root默认密码calvin
login as: root
root@192.168.15.80’s password:
WARNING: Default password is configured. Dell highly recommends changing user root’s password immediately
/admin1-> help
[Usage]
show   [<options>] [<target>] [<properties>]
[<propertyname>== <propertyvalue>]
set    [<options>] [<target>] <propertyname>=<value>
cd     [<options>] [<target>]
create [<options>] <target> [<property of new target>=<value>]
[<property of new target>=<value>]
delete [<options>] <target>
exit   [<options>]
reset  [<options>] [<target>]
start  [<options>] [<target>]
stop   [<options>] [<target>]
version [<options>]
help   [<options>] [<help topics>]
load -source <URI> [<options>] [<target>]
dump -destination <URI> [<options>] [<target>]

/admin1->

进入远程控制卡的管理模式
/admin1-> racadm
racadm>>

查看用户帐户信息
racadm>>racadm getconfig -g cfgUserAdmin -i 2 -v
racadm_commands_options_objects

racadm getconfig -g cfgUserAdmin -i 2 -v
# cfgUserAdminIndex=2
cfgUserAdminUserName=root
# cfgUserAdminPassword=******** (Write-Only)
cfgUserAdminEnable=1 (TRUE)
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4 (4)
cfgUserAdminIpmiSerialPrivilege=4 (4)
cfgUserAdminSolEnable=1 (TRUE)

racadm>>

修改root用户的密码

racadm>>racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 calvin
racadm_commands_options_objects

racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 calvin
Object value modified successfully

racadm>>

使用浏览器管理Dell iDRAC远程控制卡,需Firefox 浏览器,使用IE登录提示帐户错误无法登录

 Older Entries  Newer Entries