About FastCGI

 未分类  No Responses »
5 月 072013
 

About FastCGI

FastCGI is simple because it is actually CGI with only a few extensions.
Like CGI, FastCGI is also language-independent. For instance, FastCGI provides a way to improve the performance of the thousands of Perl applications that have been written for the Web.
Like CGI, FastCGI runs applications in processes isolated from the core Web server, which provides greater security than APIs. (APIs link application code into the core Web server, which means that a bug in one API-based application can corrupt another application or the core server; a malicious API-based application can, for example, steal key security secrets from another application or the core server.)
Although FastCGI cannot duplicate the universality of CGI overnight, the FastCGI developers are committed to propagating FastCGI as an open standard. To that end, free FastCGI application libraries (C/C++, Java, Perl, Tcl) and upgrade modules for popular free servers (Apache, ISS, Lighttpd) are available.
Like CGI, FastCGI is not tied to the internal architecture of any Web server and is therefore stable even when server technology changes. An API reflects the internal architecture of a Web server, so when that architecture changes, so does the API.

Not only does FastCGI restore the strengths of CGI, it also adds two new benefits:

Distributed computing: Companies can run their FastCGI application on a different machine from the one on which they run their Web server. Distributed computing is a proven technique for scaling, linking to existing corporate systems, improving system availability, and improving security via compartmentalization, such as firewalls.
Multiple and extensible roles: CGI applications compute the response to an HTTP request. FastCGI applications can do that and more, such as perform modular authentication and authorization checks and translate data from one type to another. FastCGI is designed so that more roles can be introduced in the future.

http://www.fastcgi.com/drupal/

Nginx与Apache并行处理web请求

 未分类  No Responses »
5 月 062013
 

编译安装apache

[root@localhost ~]# yum install perl gcc make
[root@localhost ~]# groupadd -r apache
[root@localhost ~]# useradd -r -M -g apache apache
[root@localhost ~]# tar xzf httpd-2.2.24.tar.gz
[root@localhost ~]# cd httpd-2.2.24
[root@localhost httpd-2.2.24]# ./configure --prefix=/usr/local/apache \
 > --enable-so --enable-rewrite
[root@localhost httpd-2.2.24]# make
[root@localhost httpd-2.2.24]# make install

编译安装php

[root@localhost ~]# tar xzf php-5.2.17.tar.gz
[root@localhost ~]# cd php-5.2.17
[root@localhost php-5.2.17]# yum install libxml2-devel
[root@localhost php-5.2.17]# yum install gd-devel libpng-devel libjpeg-devel
[root@localhost php-5.2.17]# ./configure --prefix=/usr/local/php \
 > --with-apxs2=/usr/local/apache/bin/apxs \
 > --enable-fastcgi --enable-mbstring \
 > --with-gd=/usr/ --with-png-dir=/usr/ --with-jpeg-dir=/usr/
[root@localhost php-5.2.17]# make
[root@localhost php-5.2.17]# make install
[root@localhost php-5.2.17]# cp php.ini-dist /usr/local/php/lib/php.ini

编译安装nginx

[root@localhost ~]# tar xzf nginx-1.4.0.tar.gz
[root@localhost ~]# tar xzf openssl-1.0.1e.tar.gz
[root@localhost ~]# tar xzf zlib-1.2.8.tar.gz
[root@localhost ~]# tar xzf pcre-8.32.tar.gz
[root@localhost nginx-1.4.0]# cd nginx-1.4.0
[root@localhost nginx-1.4.0]# yum install gcc-c++
[root@localhost nginx-1.4.0]# ./configure --prefix=/usr/local/nginx \
 > --with-http_stub_status_module --with-http_ssl_module \
 > --with-pcre=../pcre-8.32/ --with-zlib=../zlib-1.2.8 \
 > --with-openssl=../openssl-1.0.1e
[root@localhost nginx-1.4.0]# make
[root@localhost nginx-1.4.0]# make install

修改nginx配置文件

#location ~ \.php$ {
 #    proxy_pass   http://127.0.0.1;
 #}
location ~ \.php$ {
 proxy_pass   http://127.0.0.1:8080;
 }

修改apache配置文件

[root@localhost ~]# vi /usr/local/apache/conf/httpd.conf
 Listen 8080
User apache
Group apache
ServerName 127.0.0.1:8080
<IfModule dir_module>
 DirectoryIndex index.php
</IfModule>
AddType application/x-httpd-php .php
#DocumentRoot "/usr/local/apache/htdocs"
DocumentRoot "/usr/local/nginx/html"
#<Directory "/usr/local/apache/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride None
#    Order allow,deny
#    Allow from all
#</Directory>
<Directory "/usr/local/nginx/html">
 Options Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

启动apache并查看监听

[root@localhost ~]# /usr/local/apache/bin/apachectl start
[root@localhost ~]# netstat -lutn |grep 8080
 tcp        0      0 :::8080                     :::*                        LISTEN
[root@localhost ~]#

启动nginx并查看监听

[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# netstat -lut |grep http
 tcp        0      0 *:http                      *:*                         LISTEN
[root@localhost ~]#

创建php测试文件

[root@localhost ~]# vi /usr/local/nginx/html/hello.php
 <?php phpinfo(); ?>

nginx-apache-0201

访问http://192.168.244.135/index.html后的nginx日志记录

[root@localhost ~]# cat /usr/local/nginx/logs/access.log
192.168.244.1 - - [06/May/2013:16:53:22 +0800] "GET / HTTP/1.1" 200 612 "-"
 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0"

nginx-apache-0202

访问http://192.168.244.135/hello.php后的apache日志记录

[root@localhost ~]# cat /usr/local/apache/logs/access_log
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET /hello.php HTTP/1.0" 200 43026
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2524
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2146

freeradius服务器基本安装与配置

 未分类  No Responses »
5 月 022013
 

yum install gcc make openssl-devel

[root@localhost etc]# cd /usr/local/fr/etc/raddb/
[root@localhost raddb]# ls
acct_users                 clients.conf       ldap.attrmap    sites-available
attrs                      dictionary         modules         sites-enabled
attrs.access_challenge     eap.conf           policy.conf     sql
attrs.access_reject        example.pl         policy.txt      sql.conf
attrs.accounting_response  experimental.conf  preproxy_users  sqlippool.conf
attrs.pre-proxy            hints              proxy.conf      templates.conf
certs                      huntgroups         radiusd.conf    users
[root@localhost raddb]# vi users

testing Cleartext-Password :=”password”

[root@localhost raddb]# ../../bin/radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 185 to 127.0.0.1 port 1812
User-Name = “testing”
User-Password = “password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=185, length=20
[root@localhost raddb]#

VMware vSphere 5.1 的新增功能

 未分类  No Responses »
4 月 272013
 

 

VMware vSphere 5.1 的新增功能

 

计算
更大型的虚拟机 — 虚拟机现在可以增长到任何以前版本的2倍,甚至可以支持最高级的应用。虚拟机现在可以拥有多达 64 个虚拟 CPU (vCPU) 和 1 TB 虚拟 RAM (vRAM)。新的虚拟机格式 — vSphere 5.1 中,虚拟机格式(版本 9)具有若干新功能,包括支持更大型的虚拟机、CPU 性能计数器和为增强性能设计的虚拟共享图形加速功能。
存储
针对虚拟桌面基础架构 (VDI) 的灵活、有效利用空间的存储— 新的磁盘格式实现了虚拟桌面空间利用率和 I/O 吞吐量之间的良好平衡。

网络
vSphere 分布式交换机 — 增强功能(例如网络运行状况检查、配置备份和还原、回滚和恢复以及链路聚合控制协议)支持并提供了更多企业级的网络连接功能,为云计算奠定了更加坚实的基础。支持单根 I/O 虚拟化 (SR-IOV) — 对 SR-IOV 的支持优化了复杂应用的性能。

可用性
vSphere vMotion® — 利用 vMotion 的优势(零停机迁移),且无需共享存储配置。这项新的 vMotion 功能可应用于整个网络。
vSphere 数据保护 — 针对虚拟机简单而经济高效的备份和还原。vSphere Data Protection 是基于 EMC Avamar 技术构建的新解决方案,它允许管理员使用内置的重复数据消除功能将虚拟机数据备份到磁盘上,且无需任何代理。本功能取代了 vSphere 之前版本中的 vSphere Data Recovery 产品。
vSphere Replication — vSphere Replication 实现了基于LAN 或 WAN 的、独立于磁盘阵列的虚拟机数据的有效复制。vSphere Replication 简化了管理,实现了虚拟机级的复制并将 RPO 降至最快 15 分钟。
针对 VMware Tools 的零停机升级 — 您将 VMware Tools升级到 5.1 版本后,将来再升级到更高版本时,就不会要求您重启计算机。

 

安全性
VMware vShield Endpoint™ — 提供了适用于任何工作负载且经过验证的端点安全解决方案,并且实现方法简单、有效、支持云计算。 vShield Endpoint 使第三方端点安全解决方案不再需要在虚拟机上使用代理,将部分保护功能分流到安全虚拟设备,并将运行扫描的影响降至最低。
自动化
vSphere Storage DRS™ 和配置文件驱动的存储 — 与VMware vCloud® Director™ 的最新集成,实现了私有云环境下更好的存储效率和自动化。
vSphere Auto Deploy™ — 提供了两种新方法用于在环境中部署新的 vSphere 主机,大大提高了 Auto Deploy 流程的可用性。

管理(使用 vCenter Server)
vSphere Web Client — vSphere Web Client 现在是 vSphere的核心管理界面。这种灵活、功能强大的新型界面能够提供快捷方式导航、自定义标记、增强的可扩展性,并且可以通过支持 Internet Explorer 或 Firefox 的设备在任何地方执行管理操作,因此简化了 vSphere 控制工作。
vCenter 单点登录 — 允许用户登录一次后不必再进行身份验证就能访问 vCenter 的所有实例和层面,显著简化了 vSphere管理。
vCenter Orchestrator — Orchestrator 简化了 vCenter Server中强大的工作流引擎的安装和配置。新设计的工作流增强了易用性,而且还可以直接从新的 vSphere Web Client 启动。

 

MySQL 5.5与5.6版本新特性变化

 未分类  No Responses »
4 月 272013
 

优化器的改进

MySQL Optimizer 团队做了大量的工作为了不断的提升 SQL 查询的效率,主要体现在索引条件pushdown以及多范围的读数据。索引条件的pushdown的意思是将 WHERE 条件语句移到存储引擎中去处理,可降低过载;而多范围读意味着当查询使用第二索引时,将进行磁盘块的排序。
InnoDB 改进

MySQL InnoDB 存储引擎团队主要提供了 NoSQL 的访问接口,可通过 Memcached 的 API 直接访问 InnoDB 的表。
使用 memcached API 直接访问 NoSQL

此举可大幅提升 Web 应用中的数据访问性能,适合一些简单的查询。
更好的复制

MySQL 复制模块团队主要改进了数据完整性和可用性以及性能方面的提升。
Performance Schema

Performance Schema 是在 5.5 版本中引入的,5.6 做了改进,提供新功能包括:表锁、表I/O 以及表锁等待。

Continue reading »

Subversion

 未分类  No Responses »
4 月 262013
 

yum install subversion

[root@localhost /]# svnadmin create /svn/repo1/
[root@localhost /]# ls /svn/repo1/
conf  db  format  hooks  locks  README.txt

[root@szvs-v04 conf]# vi svnserve.conf
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz

svn://192.168.1.92/repo1

duser01/dpass01

[/]
duser01 = rw

[svn:/repo1]
duser01 = rw

svnserve -d -r /svn/

VSFTP虚拟账户配置

 未分类  VSFTP虚拟账户配置已关闭评论
4 月 232013
 

vsftpd

[root@localhost ~]# yum install vsftpd

备份原始配置文件并启用以下配置

[root@localhost ~]# cd /etc/vsftpd/
[root@localhost vsftpd]# mv vsftpd.conf vsftpd.conf.backup
[root@localhost vsftpd]# vi vsftpd.conf
anon_world_readable_only=NO
anonymous_enable=NO
chroot_local_user=YES
guest_enable=NO
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=192.168.244.128
local_enable=YES
max_clients=100
max_per_ip=2
nopriv_user=ftp
pam_service_name=vsftpd
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/ftpusers
xferlog_enable=YES
anon_umask=0027
local_umask=022
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=NO
download_enable=NO

修改PAM认证模块配置
vi /etc/pam.d/vsftpd
auth    required pam_userdb.so db=/etc/vsftpd/accounts
account required pam_userdb.so db=/etc/vsftpd/accounts

添加虚拟帐号及密码
[root@localhost vsftpd]# vi accounts.list
abc
123
cba
321

生成加密的虚拟账户数据库
# db_load -T -t hash -f  /etc/vsftpd/accounts.list /etc/vsftpd/accounts.db

# chmod 600 /etc/vsftpd/accounts.db

创建用户配置文件
[root@localhost vsftpd]# mkdir users
[root@localhost vsftpd]# vi /etc/vsftpd/users/abc
local_root=/vusers/abc/
dirlist_enable=YES
download_enable=YES
write_enable=YES

创建用户目录
[root@localhost vsftpd]# mkdir /vusers
[root@localhost vsftpd]# useradd -d /vusers/abc -s /sbin/nologin abc
[root@localhost vsftpd]# chmod 750 /vusers/abc/

使用Windows FTP客户端登录测试

C:\Users\Harvey>ftp 192.168.244.128
 连接到 192.168.244.128。
 220 (vsFTPd 2.2.2)
 用户(192.168.244.128:(none)): abc
 331 Please specify the password.
 密码:
 230 Login successful.
 ftp> ls
 200 PORT command successful. Consider using PASV.
 150 Here comes the directory listing.
 226 Directory send OK.
 ftp> quit
 221 Goodbye.

C:\Users\Harvey>

Git版本控制工具安装

 未分类  No Responses »
4 月 222013
 

yum install zlib-devel perl perl-devel tk gettext

错误分析

cache.h:19:18: warning: zlib.h: No such file or directory

yum install zlib-devel

make[1]: /usr/bin/perl: Command not found

yum install perl perl-devel

GITGUI_VERSION = 0.16.0.15.gf6dd78
* new locations or Tcl/Tk interpreter
GEN git-gui
INDEX lib/
* tclsh failed; using unoptimized loading
MSGFMT    po/de.msg make[1]: *** [po/de.msg] Error 127
make: *** [all] Error 2

yum install tk

/bin/sh: msgfmt: command not found
make: *** [po/build/locale/da/LC_MESSAGES/git.mo] Error 127

yum install gettext

Apache server status性能数据分析

 未分类  No Responses »
4 月 192013
 

登录被监控主机修改Apache配置文件

login as: root
 root@192.168.1.90's password:
 Last login: Thu Apr 18 14:42:33 2013 from 192.168.1.151
 [root@localhost ~]# vi /etc/httpd/conf/httpd.conf

开启

ExtendedStatus On

#<Location /server-status>
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .example.com
#</Location>

Allow from 192.168.1.151

[root@localhost ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@localhost ~]#
apache-server-status-01

login as: root
root@192.168.1.91’s password:
Last login: Thu Apr 18 09:11:58 2013 from 192.168.1.151

使用Apache Bench测试工具对指定页面连续发送10万次请求

[root@mail ~]# ab -n 100000 http://192.168.1.90/faq.php
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.1.90 (be patient)
Completed 10000 requests
Completed 20000 requests
^C

Server Software:        Apache/2.2.15
Server Hostname:        192.168.1.90
Server Port:            80

Document Path:          /faq.php
Document Length:        9372 bytes

Concurrency Level:      1
Time taken for tests:   206.254 seconds
Complete requests:      23142
Failed requests:        0
Write errors:           0
Total transferred:      222834318 bytes
HTML transferred:       216886824 bytes
Requests per second:    112.20 [#/sec] (mean)
Time per request:       8.913 [ms] (mean)
Time per request:       8.913 [ms] (mean, across all concurrent requests)
Transfer rate:          1055.07 [Kbytes/sec] received

Connection Times (ms)
min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       1
Processing:     9    9   1.2      9     103
Waiting:        8    8   0.1      8      13
Total:          9    9   1.2      9     103

Percentage of the requests served within a certain time (ms)
50%      9
66%      9
75%      9
80%      9
90%      9
95%      9
98%      9
99%      9
100%    103 (longest request)
[root@mail ~]# ab -n 100000 http://192.168.1.90/faq.php
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.1.90 (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests

Server Software:        Apache/2.2.15
Server Hostname:        192.168.1.90
Server Port:            80

Document Path:          /faq.php
Document Length:        9372 bytes

Concurrency Level:      1
Time taken for tests:   888.851 seconds
Complete requests:      100000
Failed requests:        0
Write errors:           0
Total transferred:      962900000 bytes
HTML transferred:       937200000 bytes
Requests per second:    112.50 [#/sec] (mean)
Time per request:       8.889 [ms] (mean)
Time per request:       8.889 [ms] (mean, across all concurrent requests)
Transfer rate:          1057.92 [Kbytes/sec] received

Connection Times (ms)
min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       5
Processing:     9    9   0.5      9      44
Waiting:        8    8   0.2      8      39
Total:          9    9   0.5      9      44

Percentage of the requests served within a certain time (ms)
50%      9
66%      9
75%      9
80%      9
90%      9
95%      9
98%      9
99%      9
100%     44 (longest request)
[root@mail ~]#

http://IP/server-status?refresh=N
apache-server-status-02

 

apache-server-status-03

“_” Waiting for Connection,
“S” Starting up,
“R” Reading Request,
“W” Sending Reply,
“K” Keepalive (read),
“D” DNS Lookup,
“C” Closing connection,
“L” Logging,
“G” Gracefully finishing,
“I” Idle cleanup of worker,
“.” Open slot with no current process

apache-server-status-04 apache-server-status-05

Srv    Child Server number – generation
PID    OS process ID
Acc    Number of accesses this connection / this child / this slot
M    Mode of operation
CPU    CPU usage, number of seconds
SS    Seconds since beginning of most recent request
Req    Milliseconds required to process most recent request
Conn    Kilobytes transferred this connection
Child    Megabytes transferred this child
Slot    Total megabytes transferred this slot

 Older Entries  Newer Entries