Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

postfix admin

This article mainly describes the postfix common command and mail queue management:

Postfix has the following four message queues, are managed by the management of the process of unified management:

maildrop: local mail placed in maildrop, but also copied to incoming.
incoming: Places messages that are arriving at the queue or managing the process that have not yet been discovered.
active: places the queue management process has been opened and is ready to deliver the message, the queue has a length limit.
deferred: Place messages that can not be delivered. May be delayed sending mail
Start postfix

/usr/sbin/postfix start
Stop postfix

/usr/sbin/postfix stop
Check the postfix configuration file

/usr/sbin/postfix check
Displays the configuration information that Postfix currently takes effect

postconf -n
Re-read the postfix configuration file

/ usr / sbin / postfix reload
View messages in the queue:

mailq
postqueue -p
View the queue size

mailq | wc – l
postqueue -p | wc -l
View the contents of the message

postcat -q Queue_ID
Force the sending of messages in the queue

/ usr / sbin / postfix flush
postqueue -f
Suspended sending messages in the queue

postsuper – h Queue_ID
postsuper- h ALL deferred
Unblock sent messages

postsuper – H Queue_ID
postsuper -H ALL deferred
Rejoining the queue:

postsuper – r Queue_ID
postsuper -r ALL
Delete the specified message

postsuper -d Queue_ID
Empty the messages in the queue

postsuper -d ALL
# Delete the message in the queue (in the deferred list of messages, delete the mail file directly, you can see which letters were deleted):

postsuper – d ALL deferred
find / var / spool / postfix / deferred -type f -exec rm – vf {} \;
# find / var / spool / postfix / defer -type f -exec rm -vf {} \;
List all problem mail (currently all messages that can not be sent)

find / var / spool / postfix / deferred -type f -exec ls -l – time -style = +% Y-% m-% d_% H:% M:% S {} \;
Delete messages that have not been sent for 3 days

find / var / spool / postfix / deferred -type f -mtime + 3 -exec rm -f {} \;
Delete bounce records for more than 5 days of mail (more than 5 days in the “defer” list)

find /var/spool/postfix/defer -type f -mtime + 5 -exec rm -f {} \;

# Here are some related logs

View the system log:

tail -f / var / log / messages
Check the e-mail log: basically very comprehensive, almost all of the mail problems encountered can be handled by the log

tail -f / var / log / maillog
maildrop related

tail -f /var/log/maildrop.log
clamd related

tail -f / var / log / clamav / clamd.log
tail -f /var/log/clamav/freshclam.log

Mariadb centos 7.4

Mariadb centos 7.4

vi /etc/yum.repos.d/Mariadb.repo

# MariaDB 10.1 CentOS repository list
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

yum -y install MariaDB-server MariaDB-client

systemctl start mysql.service

mysql_secure_installation

Enter current password for root (enter for none):

Set root password? [Y/n] y

New password:

Re-enter new password:

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] n

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

firewall

firewall-cmd –state

not running?firewall

systemctl start firewalld

running

3306
firewall-cmd –zone=public –add-port=3306/tcp –permanent
firewall-cmd –reload

2. root MariaDB

Mariadb
mysql -uroot -p
use mysql;
Grant all on *.* to ‘root’@’%’ identified by ‘root@test123’ with grant option;
flush privileges;

Docker issue x509: certificate has expired or is not yet valid

root@clusterserver3 ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos …
Pulling repository docker.io/library/centos
Error while pulling image: Get https://index.docker.io/v1/repositories/library/centos/images: x509: certificate has expired or is not yet valid
[root@clusterserver3 ~]# update-ca-trust extract

RabbitMQ installation deployment

RabbitMQ installation deployment

This article mainly introduces the installation of rabbitmq-server-3.6.12 deployment

# Check if the old version of the software has been installed

rpm-qa | grep erlang
rpm -qa | grep rabbitmq
# If yum installed before the rabbitmq may have the old version of the software, you need to uninstall and then install

yum remove erlang-R14B erlang-erts -y
# Configure rabbitmq required yum source (epel source)

su -c ‘ rpm -Uvh http: // download. Fedora project.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm ‘
# Install the specified version of rabbitmq

wget http: // www.rabbitmq.com/releases/erlang/erlang-19.0.4-1.el6.x86_64.rpm
wget http: // www.rabbitmq.com/releases/rabbitmq-server/v3.6.12/rabbitmq -server-3.6.12-1.el6.noarch.rpm
yum install erlang- 19.0 . 4 – 1 .el6.x86_64.rpm – y
yum install rabbitmq-server- 3.6 . 12 – 1 .el6.noarch.rpm -y
# Start rabbitmq and configure the boot from the start

service rabbitmq- server start
ps -ef | grep rabbitmq
chkconfig rabbitmq – server on
chkconfig –list rabbitmq-server
# Set the rabbitmq enabled feature

rabbitmq- plugins enable rabbitmq_management
service rabbitmq -server restart
# The default user password for the guest, you can create a new rabbitmq user and authorize

rabbitmqctl add_user admin 123456
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p ” / ” admin ” . * ” ” . * ” ” . * ”
# Create other users nice

rabbitmqctl add_user nice 123456
rabbitmqctl add_vhost nice
rabbitmqctl set_user_tags nice administrator
rabbitmqctl set_permissions -p ” nice ” nice ” . * ” ” . * ” ” . * ”
Can visit: http: // IP: 15672

complete

CentOS7 install iptables firewall

CentOS 7 default firewall is not iptables, but firewall

Install iptable iptable-service

# First check whether the installation of iptables
service iptables status
# install iptables
yum install-y iptables
# upgrade iptables
yum update iptables
# install iptables-services
yum install iptables-services

Disable / stop the built-in firewalld service

# Stop the firewalld service
systemctl stop firewalld
# Disable the firewalld service
systemctl mask firewalld

Set up existing rules

# View iptables existing rules
iptables -L-n
# first allow all, otherwise there may be a cup
iptables -P INPUT ACCEPT
# clear all default rules
iptables-F
# clear all custom rules
iptables-X
# all counters 0
iptables -Z
# Allows packets from the lo interface (local access)
iptables -A INPUT -i lo -j ACCEPT
# open 22 port
iptables -A INPUT -p tcp -dport 22 -j ACCEPT
# open 21 port (FTP)
-A -p TCP –dport the INPUT iptables 21 is -j ACCEPT
# open port 80 (the HTTP)
iptables -A 80 –dport the INPUT -p TCP -j ACCEPT
# open port 443 (the HTTPS)
iptables -A the INPUT -p TCP – -dport 443 -j ACCEPT
# Allow ping
iptables -A INPUT -p icmp –icmp-type 8 -j ACCEPT
# Allow the return data after the native request RELATED, which is set for FTP
iptables -A INPUT -m state –state RELATED, ESTABLISHED -j ACCEPT
# other inbound discarded
iptables -P INPUT DROP
# all outbound all green
iptables -P OUTPUT ACCEPT
# all forwarded
iptables -P FORWARD DROP

Other rules set

Iptables -P INPUT
-p tcp -s 45.96.174.68 -j ACCEPT
# Filter all requests that are not above rules
iptables -P INPUT DROP
# To block an IP, if you want to add an intranet ip trusted (accept all of its TCP requests) Use the following command:
iptables -I INPUT -s ***. ***. ***. *** -j DROP
# To unblock an IP, use the following command:
iptables -D INPUT -s * **. ***. ***. *** -j DROP

Save the rule settings

# Save the above rules
service iptables save

Open the iptables service

# Register iptables service
# equivalent to the previous chkconfig iptables on
systemctl enable iptables.service
# Open service
systemctl start iptables.service
# View status
systemctl status iptables.service

Solve vsftpd iptables open, can not use the passive mode of the problem

1. First modify or add the following in / etc / sysconfig / iptables-config

# Add the following, note that the order can not be exchanged
IPTABLES_MODULES = “ip_conntrack_ftp”
IPTABLES_MODULES = “ip_nat_ftp”

2. Reset the iptables settings

iptables -A INPUT -m state –state RELATED, ESTABLISHED -j ACCEPT

The following is a complete setup script

#! / bin / SH
iptables -P the INPUT ACCEPT
iptables -F
iptables the -X-
iptables the -Z
iptables -A the INPUT LO -i -j ACCEPT
iptables -A –dport 22 is the INPUT -p TCP -j ACCEPT
iptables -A the INPUT -p tcp –dport 21 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
iptables -A INPUT -p icmp –icmp-type 8 – j ACCEPT
iptables -A INPUT -m state –state RELATED, ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
service iptables save
systemctl restart iptables.service

CentOS 7 installs MySQL5.7.19

Environment: Virtual Machine + CentOS 7

1. download binary package, the following mysql-5.7.19-linux-glibc2.12-x86_64.tar.gz link is the official website

cd /usr/local/src

wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.19-linux-glibc2.12-x86_64.tar.gz
2. extract, rename

[root@beta src]# tar zxvf mysql-5.7.19-linux-glibc2.12-x86_64.tar.gz

[root@beta src]# ls
index.html?id=471614 mysql-5.7.19-linux-glibc2.12-x86_64 mysql-5.7.19-linux-glibc2.12-x86_64.tar.gz
[root@beta src]# mv mysql-5.7.19-linux-glibc2.12-x86_64 /usr/local/mysql
3. Initialize

[root@beta mysql]# useradd -M -s /sbin/nologin mysql

[root@beta mysql]# ls
bin COPYING docs include lib man README share support-files
[root@beta mysql]# mkdir -p /usr/local/mysql/data/mysql
[root@beta mysql]# chown mysql /usr/local/mysql/data/mysql
The following step attention to the last sentence:

[root@beta mysql]# ./bin/mysqld –initialize –user=mysql –datadir=/usr/local/mysql/data/mysql
2017-09-27T03:44:47.999985Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use –explicit_defaults_for_timestamp server option (see documentation for more details).
2017-09-27T03:44:49.011240Z 0 [Warning] InnoDB: New log files created, LSN=45790
2017-09-27T03:44:49.180334Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2017-09-27T03:44:49.245777Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 3649ce8c-a336-11e7-a43f-000c292b2832.
2017-09-27T03:44:49.266053Z 0 [Warning] Gtid table is not ready to be used. Table ‘mysql.gtid_executed’ cannot be opened.
2017-09-27T03:44:49.268172Z 1 [Note] A temporary password is generated for root@localhost: ADB&yGx-d8ab

ADB&yGx-d8ab
Then execute:

[root@beta mysql]# ./bin/mysql_ssl_rsa_setup –datadir=usr/local/mysql/data/mysql
Generating a 2048 bit RSA private key
………………….+++
…+++
writing new private key to ‘ca-key.pem’
—–
Generating a 2048 bit RSA private key
…………………….+++
…………………………………………………………………….+++
writing new private key to ‘server-key.pem’
—–
Generating a 2048 bit RSA private key
………………..+++
…………………..+++
writing new private key to ‘client-key.pem’
4. Copy the configuration file and startup script

First check whether there is /etc/my.cnf, if not

cp support-files/my-default.cnf /etc/my.cnf
Edit /etc/my.cnf, focus on the following changes, the other as far as possible comment out:

basedir = /usr/local/mysql
datadir = //usr/local/mysql/data/mysql
socket = /tmp/mysql.sock
2. Start the script

cp support-files/mysql.server /etc/init.d/mysqld
Edit /etc/init.d/mysqld, only modify the following:

basedir=/usr/local/mysql
datadir=/data/mysql
Add /etc/init.d/mysqld to the startup item:

[root@beta mysql]# chkconfig –add mysqld
[root@beta mysql]# chkconfig –list

systemd ‘systemctl list-unit-files’?
target
systemctl list-dependencies [target]?

5. Start the service

/etc/init.d/mysqld start
6. Set the root password

Log in with the initial password (see step 3 above)

/usr/local/mysql/bin/mysql -uroot -p‘’ #-p?’’
Appears mysql>, enter set password = password (‘new password’);

Exit, login with new password

2. Forget the initial password

To /etc/my.cnf/[mysqld] Add a line below skip-grant-tables, restart mysqld: /etc/init.d/mysqld restart

[mysqld]
skip-grant-tables
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data/mysql
socket=/tmp/mysql.sock

[root@beta ~]# /etc/init.d/mysqld restart
Shutting down MySQL.. SUCCESS!
Starting MySQL.. SUCCESS!
Re-login mysql:

[root@beta ~]# /usr/local/mysql/bin/mysql -uroot
mysql> enter: update mysql.user set authentication_string = password (‘123333’) where user = ‘root’;

mysql> update mysql.user set authentication_string=password(‘123333′) where user=’root’;
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1
Quit, delete my.cnf added skip-grant-tables, restart mysqld

New password re-login mysql:

[root@beta ~]# /usr/local/mysql/bin/mysql -uroot -p’123333′
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.7.19 MySQL Community Server (GPL)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

Tomcat commonly used in the tuning

Tomcat commonly used in the tuning

In the usual use of Apache, Nginx or other related to the provision of Web services software has a corresponding performance module tuning changes, and in Tomcat also has a corresponding performance tuning modified configuration, here is simply to say more commonly used Several Tomcat in the performance tuning configuration parameters in the Tomcat tuning parameters can be divided into two parts: 1, in the Tomcat binary folder bin directory catalina.sh or catalina.bat add modify configuration tomcat Use the operating parameters; 2, in the Tom folder conf folder configuration changes server.xml in the container.

One, tomcat use the operating parameters catalina.sh tuning

Modify the catalina.sh script, add the modified JAVA_OPTS variable Parameters:
JAVA_OPTS = “$ JAVA_OPTS -Xms3072m -Xmx3072m -Xmn1536m \
-XX: PermSize = 384m -XX: MaxPermSize = 384m -XX: + UseConcMarkSweepGC \
-XX: + UseCMSCompactAtFullCollection -XX : CMSMaxAbortablePrecleanTime = 500 \
-XX: + CMSClassUnloadingEnabled -XX: + CMSClassUnloadingEnabled -Djava.util.logging.manager = org.apache.juli.ClassLoaderLogManager ”

-server: tomcat default is a java -client model to run, the server means that your tomcat is the real production mode in the operation of the better performance
-Xms-Xmx: JVM memory settings, JVM initial The allocated heap memory is specified by -Xms and defaults to 1/64 of the physical memory. The maximum allocated heap memory for the JVM is specified by -Xmx, which is 1/4 of the physical memory by default. When the default free heap memory is less than 40%, the JVM will increase the heap until the maximum limit of -Xmx. When the
free heap memory is greater than 70%, the JVM will reduce the heap until the minimum limit of -Xms. It is recommended to set the maximum and minimum Conducive to the JVM garbage collection mechanism
-Xmn: set the new generation, the size of the heap = new generation size + older generation size + lasting generation size. This value has a significant impact on system performance. Sun’s official recommendation for the entire heap 3/8
-XX: Whenever the JDK version is upgraded, your JVM will use the latest addition of the optimization technology –
XX: PermSize: set non-heap memory initial Value, the default is the physical memory of the 1/64
-XX: MaxPermSize: set the eternal generation memory initial size, that is, the maximum non-heap memory size, the default is the physical memory 1 /
4XX: + UseConcMarkSweepGC: CMS gc, this feature Only jdk1.5 that follow-up version has the function, it uses the gc estimate trigger and heap occupancy trigger
-XX: + UseCMSCompactAtFullCollection: in the case of the use of concurrent gc, to prevent memoryfragmention, the live object to organize the memory fragments to reduce
-XX: + UseParNewGC: on the new generation of multi-threaded parallel recovery, so close fast-
XX: + CMSClassUnloadingEnabled: CMS collector will not be the default generation of garbage collection
-XX: CMSMaxAbortablePrecleanTime: CMS GC needs to go through more steps to complete a GC action, in the case of minor GC more frequent, it is likely to cause the CMS GC has not yet completed, resulting in concurrent mode failure, you can-xX: CMSMaxAbortablePrecleanTime set Small values ??to ensure that CMS GC completes object recovery as soon as possible and avoids concurrent mode failure, especially in versions of JDK 5.0 +, 6.0+ on CMS-concurrent-abortable-preclean-start and CMS-concurrent-abortable -preclean These two steps may take a long time, resulting in the recovery of the old generation of objects for a long time before being recovered, this is a Sun JDK CMS GC bug

Second, Tomcat server.xml configuration file

The common configuration performance tuning configuration in Tomcat is as follows:

connectionTimeout: timeout time in milliseconds, the default value is 60000, that is, 60 seconds
maxThreads: tomcat: the maximum number of threads starting, the default value of 200
minSpareThreads: Tomcat initialization to create the number of threads. Default value 4
maxProcessors: Tomcat runtime to create the maximum number of threads, the default value of 75, generally based on the actual production environment to modify
acceptCount: tomcat started when the maximum number of threads to accept the number of queued requests, the default value of 100, web server allows the maximum number of connections is also subject to the operating system kernel parameter settings, usually Windows is about 2000, Linux is about 1000, usually the same as the value set
maxThreads enableLookups: whether the anti-check domain name, the default value is true. In order to improve the processing power, should be set to false
compression: compressed transmission, the value on / off / force, the default value off
redirectPort: SSL redirect port, the default 8443

In short, in the usual need to modify the actual production conditions, Tomcat reasonable performance tuning, Tomcat will be the overall performance will be greatly improved.

Enable linux root access on Microsoft Azure Cloud

Enable linux root access on Microsoft Azure Cloud

How to enable linux root access on Microsoft Azure Cloud
1. Login via ssh using your sudo user on your Microsoft Azure linux server
2. Now login as root user
1 Lines

[root@mohan ~]# sudo su –
3. check if root access is set (LOCK means that root access is disabled)
1 Lines

[root@mohan ~]# grep root /etc/shadow
Result:
root:*LOCK*:14600::::::
4. enable root access (as root user enter command passwd)
1 Lines

[root@mohan ~]# passwd
5. Now enter your password and root access is enabled.
You can check this by using command “grep root /etc/shadow”
That’s all folks

1. Login via ssh using your sudo user
2. Now login as root user
Code: [Select]
sudo su –

3. check if root access is set (LOCK means that root access is disabled)
Code: [Select]
[root@Linux ~]# grep root /etc/shadow
root:*LOCK*:14600::::::

4. enable root access (as root user enter command passwd)
Code: [Select]
[root@Linux ~]# passwd

now enter your password and root access is enabled, you can check this by using command “grep root /etc/shadow”

Install docker ce on centos 7

Installing Docker On CentOS 7 / RHEL 7

Docker is a container virtualization technology that has gained widespread popularity in recent times; it offers a more efficient way to deploy the application. With Docker, the applications reside inside the container on top of the Linux operating system. Docker uses Kernel features such as cgroups and namespace to allow an independent container to run on single os instance.

Install from Docker (Official):
Docker is now available in two editions,

Community Edition (CE)
Enterprise Edition (EE)
Here, we will install Docker Comunity Edition (CE).

Uninstall older versions of Dockers, named “docker” or “docker-engine” along with associated dependencies.

# yum -y remove docker-common docker container-selinux docker-selinux docker-engine
Do not worry about the contents inside /var/lib/docker/, all will be preserved.

The Docker Comunity package is now called “docker-ce“. Let’s add the CE repository for docker installation.

# yum -y install wget
# wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
Install the latest version of Docker CE using the following command.

# yum -y install docker-ce

# yum -y install docker
Working with Docker:
Now you have Docker installed onto your machine, start the Docker service in case if it is not started automatically after the installation

# systemctl start docker.service

# systemctl enable docker.service

Step 1 | Remove Old Versions

$ sudo yum remove docker docker-common docker-selinux docker-engine
Step 2 | Install Required Packages

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
Step 3 | Setup the Docker CE Repository

$ sudo yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
Step 4 | Update the Packages

$ sudo yum update
Step 5 |Install specific version (Production recommended)

$ sudo yum list docker-ce.x86_64 –showduplicates | sort -r

Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
Available Packages

$ sudo yum install docker-ce-
Step 6 | Install through respository

$ sudo yum install docker-ce
Step 7 | Start Docker

$ sudo systemctl start docker
Step 8 | Verify the Installation

$ sudo docker run hello-world

Change default Image and Container location in Docker

What to do if you have existing containers and images?

If you want the existing containers and images to be migrated to the new location, don’t reload the service daemon and start the docker service, right after modifying docker.conf, move the existing data in /var/lib/docker to the new location. And create a symlink.

Note: I have not tried the following since there was no need for me to keep existing containers and images. But these steps should work; If you are facing any trouble or aware of any alternative method please comment. I will then modify the post. Please take a backup before venturing further.

# cp –rp /var/lib/docker /mnt/new_volume
# ln -s /mnt/new_volume /var/lib/docker
After this reload daemon and start docker service,

# sudo systemctl daemon-reload
# sudo systemctl start docker

CHANGE OPENSSH PORT OR LISTEN TO MULTIPLE SSH PORTS

OpenSSH usually listens on TCP port 22. However, there are some people who wish to change OpenSSH port to avoid brute-force bot attacks or to avoid from being blocked by restrictive firewall.

To change OpenSSH port, one only need to edit “/etc/ssh/sshd_config” file and change the port at “Port 22” to something else, like “Port 8080” or “Port 443”

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 8080
Save, and restart ssh server.

sudo service ssh restart
Additionally you can also configure OpenSSH to listen to multiple port (usually to avoid restrictive firewall rules)

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22
Port 8080
Port 443
The example above shows a configuration which lets OpenSSH to listen to port 22, 443 (TLS/SSL) and port 8080 (HTTP-PROXY), these are the ports that usually unblocked by corporate firewall.

Don’t forget to restart ssh service as soon as you’ve save the file!!

Page 4 of 163« First...23456...102030...Last »