linux share anti complaints server

vgcreate volume indicates that the partition name vgcreate vg001 / dev / sda3

When using centos host, When found with vim -bash: vim: command not found. Only use vi. So how to install it vim?
輸入 rpm -qa|grep vim 命令, If vim has been installed correctly,Will return the following three lines of code:

If a less certain of them,For example, the vim-enhanced,On command yum -y install vim-enhanced to install:

If the above three do not return a, Can directly use the command yum -y install vim *

Libmcrypt related to the establishment of soft link library，In preparation for compilation mcrypt。Because mcrypt rely libmcrypt。

#If CENTOS 5.6(64Place)

The following program code

ln -sf /usr/local/lib/libmcrypt.la /usr/lib64/libmcrypt.la
ln -sf /usr/local/lib/libmcrypt.so /usr/lib64/libmcrypt.so
ln -sf /usr/local/lib/libmcrypt.so.4 /usr/lib64/libmcrypt.so.4
ln -sf /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib64/libmcrypt.so.4.4.8
ln -sf /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -sf /usr/local/lib/libiconv.so.2 /usr/lib64/libiconv.so.2
ldconfig

#If CENTOS 5.6(32Place)

The following program code

ln -sf /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
ln -sf /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
ln -sf /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
ln -sf /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
ln -sf /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
ln -sf /usr/local/lib/libiconv.so.2 /usr/lib/libiconv.so.2
ldconfig

mhash(hash encryption algorithms library)

The following program code

tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make
make install
cd ..

Establish libmhash associated libraries soft connection，In preparation for compilation mcrypt。mcrypt also depends libmhash。

#If CENTOS 5.6(64Place)

The following program code

ln -sf /usr/local/lib/libmhash.a /usr/lib64/libmhash.a
ln -sf /usr/local/lib/libmhash.la /usr/lib64/libmhash.la
ln -sf /usr/local/lib/libmhash.so /usr/lib64/libmhash.so
ln -sf /usr/local/lib/libmhash.so.2 /usr/lib64/libmhash.so.2
ln -sf /usr/local/lib/libmhash.so.2.0.1 /usr/lib64/libmhash.so.2.0.1
ldconfig

#If CENTOS 5.6(32Place)

The following program code

ln -sf /usr/local/lib/libmhash.a /usr/lib/libmhash.a
ln -sf /usr/local/lib/libmhash.la /usr/lib/libmhash.la
ln -sf /usr/local/lib/libmhash.so /usr/lib/libmhash.so
ln -sf /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
ln -sf /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
ldconfig

Yesterday there was a client who wants his website to block all IP from China and from China to visit redirected to a predetermined page (or site)。Orthodox approach should be used apache + mod_geoip or nginx + http_geoip_module do，But I found that the customers use the apache / directAdmin / suexec，suexec and seems to have a problem with mod_geoip，VPSee do not want to move a large client configuration，We intend to use iptables to implement this requirement。The idea is that，Using iptables to all traffic from China to guide site 81 port，And start listening on port 81 on apache，Put a predetermined page (or site)。

First IPdeny Download to country code-programmed list of IP addresses，Such as downloading cn.zone：

# wget http://www.ipdeny.com/ipblocks/data/countries/cn.zone

After obtaining all the required IP addresses，Read cn.zone file with the following script line by line and added to the iptables：

#!/bin/bash
# Redirect traffic from a specific country to a specific page
# written by vpsee.com

COUNTRY="cn"
YOURIP="1.2.3.4"

if [ "$(id -u)" != "0" ]; then
   echo "you must be root" 1>&2
   exit 1
fi

iptables -F
iptables -X
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT

# Redirect incoming http (80) from China to 81
for c in $COUNTRY
do
        country_file=$c.zone

        IPS=$(egrep -v "^#|^$" $country_file)
        for ip in $IPS
        do
           echo "redirecting $ip"
           iptables -t nat -I PREROUTING -p tcp --dport 80 -s $ip -j DNAT \
                   --to-destination $YOURIP:81
        done
done

iptables-save > /etc/sysconfig/iptables
chmod go-r /etc/sysconfig/iptables
service iptables restart

After this IP from China YOURIP visit the site will be automatically redirected to YOURIP:81 This port，We then modify the apache configuration，Add a Listen 81 DocumentRoot and well placed inside a predetermined page (or site) will be able to

Direct omit the above steps

CentOS system：

yum install flex byacc libpcap ncurses ncurses-devel

wget ftp://fr2.rpmfind.net/linux/dag/redhat/el5/en/i386/dag/RPMS/iftop-0.17-1.el5.rf.i386.rpm

rpm -ivh iftop-0.17-1.el5.rf.i386.rpm

1)Jump Intranet
-A PREROUTING -d 222.66.99.201 -p tcp -m tcp –dport 8800 -j DNAT –to-destination 192.168.84.46:3389
-A POSTROUTING -d 192.168.84.46 -p tcp -m tcp –dport 3389 -j SNAT –to-source 192.168.84.48
-A PREROUTING -p tcp -d external network IP –dport 8800 -j DNAT –to $ IP network：3389
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 8080 -j DNAT –to WINIP:3389
iptables -t nat -A POSTROUTING -o eth1 -j SNAT –to internal NIC IP
2)Port Jump example operation
-A PREROUTING -i eth1 -p tcp -m state –state NEW -m tcp –dport 80 -j REDIRECT –to-ports 8080
3)Examples of open port operations
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 6060 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
4)Continuous open ports
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 7070:7079 -j ACCEPT
The 80-port 8080 point to a file on the port IPTABLES
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
iptables -A INPUT -p tcp -m state –state NEW –dport 80 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 443 -j REDIRECT –to-ports 8443
iptables -A INPUT -p tcp -m state –state NEW –dport 443 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
Prevent the synchronization of packet flooding (Sync Flood)
# iptables -A FORWARD -p tcp –syn -m limit –limit 1/s -j ACCEPT
It was also writing
#iptables -A INPUT -p tcp –syn -m limit –limit 1/s -j ACCEPT
–limit 1/s
Limit the number of concurrent syn 1 per second，You can modify according to their needs
Prevent all kinds of port scanning
# iptables -A FORWARD -p tcp –tcp-flags SYN,ACK,END,RST RST -m limit –limit 1/s -j ACCEPT
Ping洪水攻击（Ping of Death）
# iptables -A FORWARD -p icmp –icmp-type echo-request -m limit –limit 1/s -j ACCEPT
iptables shield single IP
iptables -I INPUT -s 203.231.1.191 -p tcp –dport 22 -j DROP
iptables -A FORWARD -d 218.241.156.95 -j DROP
iptables-save > /etc/sysconfig/iptables
iptables -A INPUT　–dport 21 -s 219.142.192.187 -j ACCEPT // allows only one IP access
# Generated by iptables-save v1.2.8 on Tue Jan 23 14:49:09 2007
*nat
:PREROUTING ACCEPT [133:37589]
:POSTROUTING ACCEPT [26:2387]
:OUTPUT ACCEPT [26:2387]
-A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
COMMIT
# Completed on Tue Jan 23 14:49:09 2007
# Generated by iptables-save v1.2.8 on Tue Jan 23 14:49:09 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [62834:18310016]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Jan 23 14:49:09 2007
# 211.93.113.33 address only allow users to access ftp server (port 21)：
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -s 211.93.113.33 i eth1 -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
Blocked QQGAME：iptables -I FORWARD -m string –something bm –string “qqgame” -j DROP
Block QQ Pet：iptables -I FORWARD -m string –something bm –string “qqpet” -j DROP
1)For complete blockade of all ports; iptables -I INPUT -s 65.55.44.100 -j DROP; (65.55.44.100 blocked access to all ports of the machine)
iptables -I OUTPUT -d 65.55.44.100 -j DROP; (Blockade native access to all ports 65.55.44.100)
2)Completely blocked for a specific protocol and port;iptables -I INPUT -p TCP –dport 25 -j DROP; (INPUT 25 port blockade,The unit will not receive messages)
iptables -I OUTPUT -p TCP –dport 25 -j DROP; (OUTPUT 25 port blockade,The unit will not send mail)
iptables -I INPUT -s 65.55.44.100 -p TCP –dport 25 -j DROP; (65.55.44.100 blocked access to the port of the machine 25)
3)Blocked for some specific protocols; #Ban all TCP connections,Allow only certain IP can access the machine via TCP:
iptables -I INPUT -p TCP -j DROP; (This machine prohibit all incoming connections through TCP protocol)
iptables -I INPUT -s 137.189.3.8 -p TCP -j ACCEPT; (137.189.3.8 allowed to enter the unit through a TCP protocol)
iptables -I INPUT -s ! 137.189.3.8 -p TCP -j DROP; (Only allowed to enter 137.189.3.8,Equivalent to a few words,But can only open one IP)
#Open all TCP connections,But prohibit certain IP can be accessed via TCP native:
iptables -I INPUT -p TCP -j ACCEPT; (Allow all protocols into the native TCP connection)
iptables -I INPUT -s 137.189.3.8 -p TCP -j DROP; (Prohibition 137.189.3.8 via TCP protocol into the native)
iptables -I INPUT -s ! 137.189.3.8 -p TCP -j ACCEPT; (It is equivalent to the first two sentences,But only one IP ban)
4)Blocked for some specific protocol and port; #Open TCP port 80 connections,However, the prohibition of certain IP access through TCP port 80:
iptables -I INPUT -p TCP –dport 80 -j ACCEPT; (Allow all IP access to the native port 80)
iptables -I INPUT -s 210.245.191.162 -p TCP –dport 80 -j DROP; (Prohibit access to 210.245.191.162 port 80)
iptables -I INPUT -s ! 210.245.191.162 -p TCP –dport 80 -j ACCEPT; (It is equivalent to the first two sentences,But only one IP ban)
#Prohibit TCP connections to port 80,Open only certain IP access through TCP port 80:
iptables -I INPUT -p TCP –dport 80 -j DROP; (Ban all IP access to port 80 of the machine)
iptables -I INPUT -s 210.245.191.162 -p TCP –dport 80 -j ACCEPT; (210.245.191.162 allow access to port 80)
iptables -I INPUT -s ! 210.245.191.162 -p TCP –dport 80 -j DROP; (It is equivalent to the first two sentences,But only one IP into the open)
#Prohibition native browser external websites through TCP port 80,203.194.162.10 sites only allow access:
iptables -I OUTPUT -p tcp –dport 80 -j DROP; (OUTPUT 80 port blockade,The machine will not be able Liu cable external sites)
iptables -I OUTPUT -p tcp -d 203.194.162.10 –dport 80 -j ACCEPT; (203.194.162.10 allows native access port 80)
iptables -I OUTPUT -p tcp -d ! 203.194.162.10 –dport 80 -j DROP; (It is equivalent to the first two sentences,But only allow access to one IP)
sysctl -w net.ipv4.icmp_echo_ignore_all=1(禁ping)
Open forward and mapping
echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp –dport 2222 -j DNAT –to-destination 192.168.1.156:22
Remember the gateway machine to be forwarded to the specified forwarding machine
Manually add the gateway
route add default gw xxx.xxx.xxx.xXX

First look at their own systems with 32-bit or 64-bit!
32Bit systems：
1.“cd /usr/local/”
2.“wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz” 3.”tar xvfz ioncube_loaders_lin_x86.tar.gz”
64Bit systems:
1.”cd /usr/local/ ”
2.”wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz”
3."Tar xvfz ioncube_loaders_lin_x86-64.tar.gz" pay attention to your system is what OK! Remove quotes
After the run，Login directAdmin background click the file to edit down to the last php.ini，Edit，In the first line of the configuration file Zend plus
“zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so” 然后保存，OK! The following should pay more attention to pull! After executing the above is no effect! Back DirectAdmin Control Panel Home service status httpd point third point is to re-re-import means import profile，And then view the loaded php.ini to see ioncube I use PHP5.2，If you are installing a 5.1 or 4.1 to be amended accordingly!

Lvm Linux mount under the same name and resolve conflict
Use the new hard disk to install the system in Linux，Installed after the original hard disk and then mount，Partition format for the system-wide default partition，The system is used by default
Is lvm format，And the default volumes are VolGroup00
Use pvs view is shown below：
[root@localhost ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup00 lvm2 a- 136.62G 0
/dev / sdb2 VolGroup00 has lvm2- 136.62G 0
Positive confirmation can not find two VG，But with the same name，How to mount it?
The solution is，The original VG renamed，Settlement of the conflict can mount。
Rename format：[You are prompted to：
[root@localhost ~]# vgrename VolGroup00 VolGroup01
Found more than one VG called VolGroup00. Please supply VG uuid.
The reason is the presence of two VolGroup00，He has modified approach prompted to specify VG uuid to。
The command to view the VG uuid：
[root@localhost ~]# vgs -v
Finding all volume groups
Finding volume group “VolGroup00”
Finding volume group “VolGroup00”
VG Attr Ext #PV #LV #SN VSize VFree VG UUID
VolGroup00 wz–n- 32.00M 1 2 0 136.62G 0 dcHa6G-abU2-Xfq8-EPBm-jBLj-SF18-O5uH0U
VolGroup00 wz–n- 32.00M 1 2 0 136.62G 0 OF8g7h PQJB 9D9z yPxn 1kfY Advq YbNHJ9
Later found VG uuid，Execution renamed again：
[root@localhost ~]# vgrename OF8g7h-PQJB-9D9z-yPxn-1kfY-Advq-YbNHJ9 VolGroup01
Volume group “VolGroup00” still has active LVs
After successfully modified，Then perform：lvscan
[root@localhost ~]# lvscan
inactive '/ dev / VolGroup01 / LogVol00’ [130.84 GB] inherit
inactive '/ dev / VolGroup01 / LogVol01’ [5.78 GB] inherit
ACTIVE '/ dev / VolGroup00 / LogVol00’ [130.84 GB] inherit
ACTIVE '/ dev / VolGroup00 / LogVol01’ [5.78 GB] inherit
You can see the newly revised VolGroup01 is inactive status。
Then use the vgchange load VolGroup01
[root@localhost ~]# vgchange -ay /dev/VolGroup01
2 logical volume(s) in volume group “VolGroup01” now active
Finally, you can mount
[root@localhost ~]# mount /dev/VolGroup01/LogVol00 /mnt/old
At this point，Completed。
Lvm Linux mount under the same name and resolve conflict

[root@all /]# fdisk -l
Disk /dev/hdc: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/hdc1 * 1 13 104391 83 Linux
/dev/hdc2 14 9729 78043770 8e Linux LVM

Disk / dev / hda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/hda1 * 1 255 2048256 83 Linux
/dev/hda2 256 3934 29551567+ 83 Linux
/dev/hda3 3935 4444 4096575 83 Linux
/dev/hda4 4445 4865 3381682+ f Win95 Ext’d (LBA)
/dev/hda5 4445 4699 2048256 83 Linux
/dev/hda6 4700 4801 819283+ 83 Linux
/dev/hda7 4802 4865 514048+ 82 Linux swap
[root@all /]# mount /dev/hdc2 /mnt/cdrom
mount: you must specify the filesystem type
mount outlet when the above error!Who gives a hint!Thank you!

Reply：

1.First with vgscan
2.vgchange -ay
3.lvscan
4.mount

To the third step of the time it will show if the normal state lv two hard drives are active，Until then

#mount -t ext3 /dev/VGname/LVname /mnt/cdrom

You can be successful。

This article comes from CSDN blog，Reproduced, please indicate the source：http://blog.csdn.net/qiudakun/archive/2010/03/01/5336754.aspx

Under Zencart solve cache delete cache directory

one，Download and install
01.cd /usr/local/src

02.wget http://www.configserver.com/free/csf.tgz

03.tar -zxvf csf.tgz

04.cd csf

05../install.sh
two，CSF configuration
To HypeVm and normal use of lxadmin，Need to add 777 *，888*5558 port and support
1，配置端口（/etc/csf/csf.conf）
Increase TCP port supports (HypeVm and Lxadmin required)：7776,7777,7778,7779,8886,8887,8888,8889,5558

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,7776,7777,7778,7779,8886,8887,8888,8889,5558”

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,53,80,110,113,443,7776,7777,7778,7779,8886,8887,8888,8889,5558”

2，打开MONOLITHIC_KERNEL支持（/etc/csf/csf.conf）

01.# One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel

02.# modules are not available. If this happens, FTP passive mode (PASV) won’t

03.# work. In such circumstances you will have to open a hole in your firewall and

04.# configure the FTP daemon to use that same hole. For example, with pure-ftpd

05.# you could add the port range 30000:35000 to TCP_IN and add the following line

06.# to /etc/pure-ftpd.conf (without the leading #):

07.# PassivePortRange 30000 35000

08.# Then restart pure-ftpd and csf and passive FTP should then work

09.MONOLITHIC_KERNEL = “1”

3，If you want to be able to ping the server with your HyperVm，Need to set (/etc/csf/csf.conf)：

01.# Allow incoming PING

02.ICMP_IN = “1”.

4，If you are using virtualization technology OpenVz，You need to add the following statement to your file /etc/csf/csfpre.sh：
01.iptables -A INPUT -i venet0 -j ACCEPT

02.iptables -A OUTPUT -o venet0 -j ACCEPT

03.iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0

04.iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

Note 1：/etc / csf / csfpre.sh may not exist，You need to create it。Each time you run the CSF will execute this file。

three，CSF test
01.service csf start

If the words，Turn off the test function (Configuration /etc/csf/csf.conf)
01.# Testing flag – enables a CRON job that clears iptables incase of

02.# configuration problems when you start csf. This should be enabled until you

03.# are sure that the firewall works – i.e. incase you get locked out of your

04.# server! Then do remember to set it to 0 and restart csf when you’re sure

05.# everything is OK. Stopping csf will remove the line from /etc/crontab

06.TESTING = “0”

four、Restart CSF
01.service csf restart

Fives、Advanced configuration (/etc/csf/csf.conf)
You can turn off the tracking process and the user process。
01.PT_USERTIME = “0”

02.PT_LIMIT = “0”

03.PT_USERPROC = “0”

E.g：Permissions for all directories under a recursive directory should be set to 755，Each directory can be modified，But this is too much trouble，Also write

find -type d -exec chmod 755 {} \;
same，All files in the directory permissions recursively into 644 may perform such:

find -type f -exec chmod 644 {} \;

1.Complete directory password protection — The original author of the package inside,And can not do,The reason is that no judge status code 401.
2.Pseudo-static function — Whether you are ending or in html”/” The end of the URL address,The existence of the file / directory nginx will determine in advance the file system,If there is no,It will match the apache backend. The backend settings apache .htaccess file in accordance with,On display pages,Nginx front-end to get the content after compression,Visitors then passed to the browser.
3.Access log records accurate — The installation package author,Is nginx and apache share the same log file records .nginx recording static pages of information access,apache record dynamic page access information,Theoretically feasible, but in actual use,I found the problem. The problem is that a breach of the match when the suffix .html,At the same query front-end and back-end nginx apache. This resulted in duplicate log. Another is the number does not match any suffix,Only the front end of the process and records the visitor's request,It will initiate a request to query the back-end, but not because of the large file transfer is completed soon,So even set keepalive not help. In my installation package,I will be back-end user configuration Africa encryption port journaling canceled,Nginx entirely recorded by the distal end.
4.Log cutting issues — The problem from the front said the first 3:00 modifications,If you just modify the first 3:00 without performing this step,You will encounter a problem:When performing user access logs and cut into statistics page displayed to the user to see,The system will automatically delete the user's log,Cause the log access to the information after it lost nginx until the next reboot. After tracking log statistics cpanel process,Find / usr / local / cpanel / bin / safeapacherestart line. This line of action is to allow apache log after cutting can be safely restarted. The solution is to change a way of restarting nginx,I will be adding information to restart apache nginx restart command,After apache only need to perform command operations on it.
5.Pan-domain name resolution — cpanel support pan-domain name resolution,But also in terms of business as the host,Pan is also a feature of the domain name,We need to use it, but the author's version and my version before modifying,And no support for this conduct,Once the client has a pan-binding domain,We will not start the nginx,All users of the site affected. So this update contains this feature.
6.Proxy_cache based caching system — This is what I added,An optional feature. Delete cached method can follow squidclient manner. Unbuffered installed version http://icodex.org/public_nocache.tar

Also note,Netizens mentioned that string is a prompt to restart nginx after. This is a warning message prompts you to name the host for errors,It does not affect the use of.

Installation method and the same as the original author, please do the following installation!

cd /usr/local/src
wget http://icodex.org/public.tar
tar xf public.tar
cd publicnginx
./nginxinstaller install

After installing,Restart nginx,Excuting an order:/etc / init.d / nginx restart.Nginx configuration files are in / etc / nginx among,Each user binding domain(Additional fields,Subdomains etc.)They are in the / etc / nginx / vhosts

Uninstall:

After entering publicnginx execution ./nginxinstaller uninstall directory.

1) After the restart to take effect
Open： chkconfig iptables on
shut down： chkconfig iptables off

2) With immediate effect，After the restart failure
Open： service iptables start
shut down： service iptables stop

It should be noted that for other services under Linux can be performed using the above command to open and close operations。

When you turn the firewall，Make the following settings，Open the relevant port，
Modify / etc / sysconfig / iptables file，Add the following：
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

On the server to take a good hard drive，Boot linux，Log in as root。

For example, I added a new SCSI hard disk，It needs to be divided into three zones：

#fdisk /dev/sdb

进入fdisk模式：

Command (m for help):p  //查看新硬盘的分区

Command (m for help):n  //创建新分区


可以用m命令来看fdisk命令的内部命令；n command to create a new partition；d command to delete an existing partition；p command to display partition list；t command to change the partition type ID number；l command displays a list partition ID numbers；a command to specify the boot partition；w command to modify the partition table will save it to play a role。 


Command action

   e   extended   //输入e为创建扩展分区

   p   primary partition (1-4)   //Enter p to create a primary partition，这里我们选择p


Partion number(1-4)：1  //The first extended partition，按你需求可以最多分4个主分区

First Cylinder(1-1014,default 1):  1  //第一个主分区起始的磁盘块数

Last cylindet or +siza or +sizeM or +sizeK: +1024MB  //可以是以MB为单位的数字或者以


磁盘块数，Here we enter + 1024MB partition size expressed as 1G。

So we have created a partition，If you want to create more partitions can be created according to the above steps to continue。

After the partition is created with the Save w。

Command (m for help): w

The partition table has been altered!


Calling ioctl() to re-read partition table.

Syncing disks.

This partition End，We would also like to format

#mkfs -t ext3 -c / dev / sdb1 // If you have multiple partitions，Modify the zoning so sdb2

After the format we need to mount the partition，

#mkdir www // Create / www directory，我们将把新的分区挂到www下

#mount /dev/sdb1 /www  //将/dev/sdb1挂载到/www

# df  //用df命令进行查看

Filesystem           1K-blocks      Used Available Use% Mounted on

/dev/sda2              3771316   1388956   2190788  39% /

/dev / sda1               101089      9463     86407  10% /boot

none                     62988         0     62988   0% /dev/shm

/dev/sdb1               485906      8239    452580   2% /see www //，这就是我们刚


才新挂载的分区

Here we are nearing completion of，But if we are to end this case，We have to restart the server after each

Manually mount，This is very troublesome，We need to modify / etc / fstab file to automatically mount。

#vi / etc / fstab

At the end of the file add the following to fill：

/dev/sdb1               /www                    ext3    defaults        1 2

If more than one partition can be modified sdb1 and / www，After modification save，Restart server。

This work we add a new hard disk is over。