CentOS5.3安装lighttpd1.4.23全过程
[
2009/11/05 13:53 | by suibing ]
2009/11/05 13:53 | by suibing ]
一、Download and install lighttpd
Java代码
# cd /opt
# wget [http://www.lighttpd.net/download/lighttpd-1.4.23.tar.gz]
# tar jxvf lighttpd-1.4.23.tar.gz
# cd lighttpd-1.4.23
# ./configure --prefix=/usr/local/lighttpd
# cd /opt
# wget [http://www.lighttpd.net/download/lighttpd-1.4.23.tar.gz]
# tar jxvf lighttpd-1.4.23.tar.gz
# cd lighttpd-1.4.23
# ./configure --prefix=/usr/local/lighttpd
some error as this:
configure: error: pcre-config not found, install the pcre-devel package or bui with --without-pcre
configure: error: zlib-headers and/or libs where not found, install them or build with --without-zlib
二、Install all nessary development libraries
You need to install following libraries to compile required modules and features:
glib2-devel : Gnome header files for version 2 of the GLib library
openssl-devel – Used by core and SSL support
pcre-devel - Used by mod_redirect, mod_rewrite,
bzip2-devel - Use by compress-bzip2
zlib-devel - Used by compress-gzip and compress-deflate. It contains the header files and libraries.
Java代码
yum install gcc glib2-devel openssl-devel pcre-devel bzip2-devel gzip-devel zlib-devel
yum install gcc glib2-devel openssl-devel pcre-devel bzip2-devel gzip-devel zlib-devel
三、install
Java代码
# ./configure --prefix=/usr/local/lighttpd
# make
# make install
# ./configure --prefix=/usr/local/lighttpd
# make
# make install
四、Configure lighttpd
Java代码
# cp doc/sysconfig.lighttpd /etc/sysconfig/lighttp
拷贝配置文件
# mkdir /etc/lighttpd
# cp doc/lighttpd.conf /etc/lighttpd/lighttpd.conf
修改配置文件服务路径
# mkdir -p /www/yoursite/data1
# vi /etc/lighttpd/lighttpd.conf
server.document-root = "/srv/www/htdocs/" -> server.document-root = "/www/yoursite/data1"
拷贝启动脚本
# cp doc/rc.lighttpd.redhat /etc/init.d/lighttpd
修改启动脚本中的lighttpd的安装位置
# vi /etc/init.d/lighttpd
lighttpd="/usr/sbin/lighttpd" -> ighttpd="/usr/local/lighttpd/sbin/lighttpd"
看是否能启动
# /etc/init.d/lighttpd start
可能会出现opening errorlog '/var/log/lighttpd/error.log' failed: No such file or directory
日志文件不存在,设置一个正确的路径就好了。
# mkdir -p /var/log/lighttpd
添加到开机自动启动服务
# chkconfig lighttpd on
Java代码
# cd /opt
# wget [http://www.lighttpd.net/download/lighttpd-1.4.23.tar.gz]
# tar jxvf lighttpd-1.4.23.tar.gz
# cd lighttpd-1.4.23
# ./configure --prefix=/usr/local/lighttpd
# cd /opt
# wget [http://www.lighttpd.net/download/lighttpd-1.4.23.tar.gz]
# tar jxvf lighttpd-1.4.23.tar.gz
# cd lighttpd-1.4.23
# ./configure --prefix=/usr/local/lighttpd
some error as this:
configure: error: pcre-config not found, install the pcre-devel package or bui with --without-pcre
configure: error: zlib-headers and/or libs where not found, install them or build with --without-zlib
二、Install all nessary development libraries
You need to install following libraries to compile required modules and features:
glib2-devel : Gnome header files for version 2 of the GLib library
openssl-devel – Used by core and SSL support
pcre-devel - Used by mod_redirect, mod_rewrite,
bzip2-devel - Use by compress-bzip2
zlib-devel - Used by compress-gzip and compress-deflate. It contains the header files and libraries.
Java代码
yum install gcc glib2-devel openssl-devel pcre-devel bzip2-devel gzip-devel zlib-devel
yum install gcc glib2-devel openssl-devel pcre-devel bzip2-devel gzip-devel zlib-devel
三、install
Java代码
# ./configure --prefix=/usr/local/lighttpd
# make
# make install
# ./configure --prefix=/usr/local/lighttpd
# make
# make install
四、Configure lighttpd
Java代码
# cp doc/sysconfig.lighttpd /etc/sysconfig/lighttp
拷贝配置文件
# mkdir /etc/lighttpd
# cp doc/lighttpd.conf /etc/lighttpd/lighttpd.conf
修改配置文件服务路径
# mkdir -p /www/yoursite/data1
# vi /etc/lighttpd/lighttpd.conf
server.document-root = "/srv/www/htdocs/" -> server.document-root = "/www/yoursite/data1"
拷贝启动脚本
# cp doc/rc.lighttpd.redhat /etc/init.d/lighttpd
修改启动脚本中的lighttpd的安装位置
# vi /etc/init.d/lighttpd
lighttpd="/usr/sbin/lighttpd" -> ighttpd="/usr/local/lighttpd/sbin/lighttpd"
看是否能启动
# /etc/init.d/lighttpd start
可能会出现opening errorlog '/var/log/lighttpd/error.log' failed: No such file or directory
日志文件不存在,设置一个正确的路径就好了。
# mkdir -p /var/log/lighttpd
添加到开机自动启动服务
# chkconfig lighttpd on
MYSQL 的 MASTER到MASTER的主主循环同步
[ 2009/10/26 17:06 | by suibing ]
2009/10/26 17:06 | by suibing ]
以前抽空做的MYSQL 的主主同步。
不过心理做好准备,对性能会有一定的影响!
把步骤写下来,至于会出现的什么问题,以后随时更新。这里我同步的数据库是TEST
1、环境描述。
主机:192.168.0.231(A)
主机:192.168.0.232(B)
MYSQL 版本为5.1.21
2、授权用户。
A:
mysql> grant replication slave,file on *.* to 'repl1'@'192.168.0.232' identified
by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
B:
mysql> grant replication slave,file on *.* to 'repl2'@'192.168.0.231' identified
by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
然后都停止MYSQL 服务器。
3、配置文件。
在两个机器上的my.cnf里面都开启二进制日志 。
A:
user = mysql
log-bin=mysql-bin
server-id = 1
binlog-do-db=test
binlog-ignore-db=mysql
replicate-do-db=test
replicate-ignore-db=mysql
log-slave-updates
slave-skip-errors=all
sync_binlog=1
auto_increment_increment=2
auto_increment_offset=1
B:
user = mysql
log-bin=mysql-bin
server-id = 2
binlog-do-db=test
binlog-ignore-db=mysql
replicate-do-db=test
replicate-ignore-db=mysql
log-slave-updates
slave-skip-errors=all
sync_binlog=1
auto_increment_increment=2
auto_increment_offset=2至于这些参数的说明具体看手册。
红色的部分非常重要,如果一个MASTER 挂掉的话,另外一个马上接管。
紫红色的部分指的是服务器频繁的刷新日志。这个保证了在其中一台挂掉的话,日志刷新到另外一台。从而保证了数据的同步 。
4、重新启动MYSQL服务器。
在A和B上执行相同的步骤
[root@localhost ~]# /usr/local/mysql/bin/mysqld_safe &
[1] 4264
[root@localhost ~]# 071213 14:53:20 mysqld_safe Logging to '/usr/local/mysql/data/localhost.localdomain.err'.
/usr/local/mysql/bin/mysqld_safe: line 366: [: -eq: unary operator expected
071213 14:53:20 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
5、进入MYSQL的SHELL。
A:
mysql> flush tables with read lock\G
Query OK, 0 rows affected (0.00 sec)
mysql> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000007
Position: 528
Binlog_Do_DB: test
Binlog_Ignore_DB: mysql
1 row in set (0.00 sec)
B:
mysql> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
mysql> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000004
Position: 595
Binlog_Do_DB: test
Binlog_Ignore_DB: mysql
1 row in set (0.00 sec)
然后备份自己的数据,保持两个机器的数据一致。
方法很多。完了后看下一步。
6、在各自机器上执行CHANGE MASTER TO命令。
A:
mysql> change master to
-> master_host='192.168.0.232',
-> master_user='repl2',
-> master_password='123456',
-> master_log_file='mysql-bin.000004',
-> master_log_pos=595;
Query OK, 0 rows affected (0.01 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
B:
mysql> change master to
-> master_host='192.168.0.231',
-> master_user='repl1',
-> master_password='123456',
-> master_log_file='mysql-bin.000007',
-> master_log_pos=528;
Query OK, 0 rows affected (0.01 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
7、查看各自机器上的IO进程和 SLAVE进程是否都开启。
A:
mysql> show processlist\G
*************************** 1. row ***************************
Id: 2
User: repl
Host: 192.168.0.232:54475
db: NULL
Command: Binlog Dump
Time: 1590
State: Has sent all binlog to slave; waiting for binlog to be updated
Info: NULL
*************************** 2. row ***************************
Id: 3
User: system user
Host:
db: NULL
Command: Connect
Time: 1350
State: Waiting for master to send event
Info: NULL
*************************** 3. row ***************************
Id: 4
User: system user
Host:
db: NULL
Command: Connect
Time: 1149
State: Has read all relay log; waiting for the slave I/O thread to update it
Info: NULL
*************************** 4. row ***************************
Id: 5
User: root
Host: localhost
db: test
Command: Query
Time: 0
State: NULL
Info: show processlist
4 rows in set (0.00 sec)
B:
mysql> show processlist\G
*************************** 1. row ***************************
Id: 1
User: system user
Host:
db: NULL
Command: Connect
Time: 2130
State: Waiting for master to send event
Info: NULL
*************************** 2. row ***************************
Id: 2
User: system user
Host:
db: NULL
Command: Connect
Time: 1223
State: Has read all relay log; waiting for the slave I/O thread to update it
Info: NULL
*************************** 3. row ***************************
Id: 4
User: root
Host: localhost
db: test
Command: Query
Time: 0
State: NULL
Info: show processlist
*************************** 4. row ***************************
Id: 5
User: repl2
Host: 192.168.0.231:50718
db: NULL
Command: Binlog Dump
Time: 1398
State: Has sent all binlog to slave; waiting for binlog to be updated
Info: NULL
4 rows in set (0.00 sec)
如果红色部分没有出现,检查DATA目录下的错误文件。
8、释放掉各自的锁,然后进行插数据测试。
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
插入之前两个机器表的对比:
A:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t22 |
+----------------+
B:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t22 |
+----------------+
从A机器上进行插入
A:
mysql> create table t11_replicas
-> (id int not null auto_increment primary key,
-> str varchar(255) not null) engine myisam;
Query OK, 0 rows affected (0.01 sec)
mysql> insert into t11_replicas(str) values
-> ('This is a master to master test table');
Query OK, 1 row affected (0.01 sec)
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t11_replicas |
| t22 |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
+----+---------------------------------------+
1 row in set (0.00 sec)
现在来看B机器:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t11_replicas |
| t22 |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
+----+---------------------------------------+
1 row in set (0.00 sec)
现在反过来从B机器上插入数据:
B:
mysql> insert into t11_replicas(str) values('This is a test 2');
Query OK, 1 row affected (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
| 2 | This is a test 2 |
+----+---------------------------------------+
2 rows in set (0.00 sec)
我们来看A
A:
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
| 2 | This is a test 2 |
+----+---------------------------------------+
2 rows in set (0.00 sec)
好了。现在两个表互相为MASTER。
多MASTER自增字段冲突的问题。
具体文章见:
http://dev.mysql.com/tech-resources/articles/advanced-mysql-replication.html
在邮件列表中看到有人讨论在线同步与忽略库与表的问题,具体看:
http://dev.mysql.com/doc/refman/5.1/en/replication-rules.html
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/yueliangdao0608/archive/2008/10/29/3173231.aspx
不过心理做好准备,对性能会有一定的影响!
把步骤写下来,至于会出现的什么问题,以后随时更新。这里我同步的数据库是TEST
1、环境描述。
主机:192.168.0.231(A)
主机:192.168.0.232(B)
MYSQL 版本为5.1.21
2、授权用户。
A:
mysql> grant replication slave,file on *.* to 'repl1'@'192.168.0.232' identified
by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
B:
mysql> grant replication slave,file on *.* to 'repl2'@'192.168.0.231' identified
by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
然后都停止MYSQL 服务器。
3、配置文件。
在两个机器上的my.cnf里面都开启二进制日志 。
A:
user = mysql
log-bin=mysql-bin
server-id = 1
binlog-do-db=test
binlog-ignore-db=mysql
replicate-do-db=test
replicate-ignore-db=mysql
log-slave-updates
slave-skip-errors=all
sync_binlog=1
auto_increment_increment=2
auto_increment_offset=1
B:
user = mysql
log-bin=mysql-bin
server-id = 2
binlog-do-db=test
binlog-ignore-db=mysql
replicate-do-db=test
replicate-ignore-db=mysql
log-slave-updates
slave-skip-errors=all
sync_binlog=1
auto_increment_increment=2
auto_increment_offset=2至于这些参数的说明具体看手册。
红色的部分非常重要,如果一个MASTER 挂掉的话,另外一个马上接管。
紫红色的部分指的是服务器频繁的刷新日志。这个保证了在其中一台挂掉的话,日志刷新到另外一台。从而保证了数据的同步 。
4、重新启动MYSQL服务器。
在A和B上执行相同的步骤
[root@localhost ~]# /usr/local/mysql/bin/mysqld_safe &
[1] 4264
[root@localhost ~]# 071213 14:53:20 mysqld_safe Logging to '/usr/local/mysql/data/localhost.localdomain.err'.
/usr/local/mysql/bin/mysqld_safe: line 366: [: -eq: unary operator expected
071213 14:53:20 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
5、进入MYSQL的SHELL。
A:
mysql> flush tables with read lock\G
Query OK, 0 rows affected (0.00 sec)
mysql> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000007
Position: 528
Binlog_Do_DB: test
Binlog_Ignore_DB: mysql
1 row in set (0.00 sec)
B:
mysql> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
mysql> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000004
Position: 595
Binlog_Do_DB: test
Binlog_Ignore_DB: mysql
1 row in set (0.00 sec)
然后备份自己的数据,保持两个机器的数据一致。
方法很多。完了后看下一步。
6、在各自机器上执行CHANGE MASTER TO命令。
A:
mysql> change master to
-> master_host='192.168.0.232',
-> master_user='repl2',
-> master_password='123456',
-> master_log_file='mysql-bin.000004',
-> master_log_pos=595;
Query OK, 0 rows affected (0.01 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
B:
mysql> change master to
-> master_host='192.168.0.231',
-> master_user='repl1',
-> master_password='123456',
-> master_log_file='mysql-bin.000007',
-> master_log_pos=528;
Query OK, 0 rows affected (0.01 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
7、查看各自机器上的IO进程和 SLAVE进程是否都开启。
A:
mysql> show processlist\G
*************************** 1. row ***************************
Id: 2
User: repl
Host: 192.168.0.232:54475
db: NULL
Command: Binlog Dump
Time: 1590
State: Has sent all binlog to slave; waiting for binlog to be updated
Info: NULL
*************************** 2. row ***************************
Id: 3
User: system user
Host:
db: NULL
Command: Connect
Time: 1350
State: Waiting for master to send event
Info: NULL
*************************** 3. row ***************************
Id: 4
User: system user
Host:
db: NULL
Command: Connect
Time: 1149
State: Has read all relay log; waiting for the slave I/O thread to update it
Info: NULL
*************************** 4. row ***************************
Id: 5
User: root
Host: localhost
db: test
Command: Query
Time: 0
State: NULL
Info: show processlist
4 rows in set (0.00 sec)
B:
mysql> show processlist\G
*************************** 1. row ***************************
Id: 1
User: system user
Host:
db: NULL
Command: Connect
Time: 2130
State: Waiting for master to send event
Info: NULL
*************************** 2. row ***************************
Id: 2
User: system user
Host:
db: NULL
Command: Connect
Time: 1223
State: Has read all relay log; waiting for the slave I/O thread to update it
Info: NULL
*************************** 3. row ***************************
Id: 4
User: root
Host: localhost
db: test
Command: Query
Time: 0
State: NULL
Info: show processlist
*************************** 4. row ***************************
Id: 5
User: repl2
Host: 192.168.0.231:50718
db: NULL
Command: Binlog Dump
Time: 1398
State: Has sent all binlog to slave; waiting for binlog to be updated
Info: NULL
4 rows in set (0.00 sec)
如果红色部分没有出现,检查DATA目录下的错误文件。
8、释放掉各自的锁,然后进行插数据测试。
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
插入之前两个机器表的对比:
A:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t22 |
+----------------+
B:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t22 |
+----------------+
从A机器上进行插入
A:
mysql> create table t11_replicas
-> (id int not null auto_increment primary key,
-> str varchar(255) not null) engine myisam;
Query OK, 0 rows affected (0.01 sec)
mysql> insert into t11_replicas(str) values
-> ('This is a master to master test table');
Query OK, 1 row affected (0.01 sec)
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t11_replicas |
| t22 |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
+----+---------------------------------------+
1 row in set (0.00 sec)
现在来看B机器:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t11_innodb |
| t11_replicas |
| t22 |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
+----+---------------------------------------+
1 row in set (0.00 sec)
现在反过来从B机器上插入数据:
B:
mysql> insert into t11_replicas(str) values('This is a test 2');
Query OK, 1 row affected (0.00 sec)
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
| 2 | This is a test 2 |
+----+---------------------------------------+
2 rows in set (0.00 sec)
我们来看A
A:
mysql> select * from t11_replicas;
+----+---------------------------------------+
| id | str |
+----+---------------------------------------+
| 1 | This is a master to master test table |
| 2 | This is a test 2 |
+----+---------------------------------------+
2 rows in set (0.00 sec)
好了。现在两个表互相为MASTER。
多MASTER自增字段冲突的问题。
具体文章见:
http://dev.mysql.com/tech-resources/articles/advanced-mysql-replication.html
在邮件列表中看到有人讨论在线同步与忽略库与表的问题,具体看:
http://dev.mysql.com/doc/refman/5.1/en/replication-rules.html
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/yueliangdao0608/archive/2008/10/29/3173231.aspx
从堪萨斯机房挪到加州的机房,ping好了很多,路由节点少了进10个,但是下载速度却下降了,因为这个是10M的带宽的,原来是20M,不过对我来说也足够了,这个可以安装pptpd,终于有自己的VPN的,上网畅通了哈哈,推荐使用opendns解析域名==》首选DNS服务器和备用DNS服务器分别设置为208.67.222.222和208.67.220.220
XEN vps centos 安装pptpd(vpn)--pptpd安装攻略!顺便研究下freeradius
[ 2009/10/13 15:28 | by suibing ]
2009/10/13 15:28 | by suibing ]
1.你所需要的软件
升级内核是为了待会安装一个内核模块增加对mppe的支持。这样才能支持pptp拨号。
pppd ppp拨号服务器
pptpd 在pppd拨号的基础上增加pptpd的支持
freeradius 作拨号用户验证的。
mysql 增加freeradius的数据库支持
2。确定你的内核是否支持mppe
如果显示ok,那么恭喜,你的内核已经具备了mppe支持。请到第4部分
3。升级内核支持mppe
wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
wget http://poptop.sourceforge.net/yum/stable/packages/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
dkms是一个新的软件,能让你在不编译内核的基础上,外挂一些内核的模块。
kernel_ppp_mppe就是mppe支持的内核模块了。
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
以上二个是为CENTOS加载MPPE[MICROSOFT的加密协议] ..不安装的话就不能使用加密连接
ok后重起你的系统
4。安装pppd
yum install ppp
或者
rpm -Uvh ppp-2.4.2-b3.i386.rpm
5。安装pptpd
(1)使用yum安装
# vim /etc/yum.repos.d/Doylenet.repo
[doylenet]
name=Doylenet custom repository for CentOS
baseurl=http://files.doylenet.net/linux/yum/centos/5/i386/doylenet/
gpgcheck=1
gpgkey=http://files.doylenet.net/linux/yum/centos/RPM-GPG-KEY-rdoyle
enabled=1
# yum update
# yum install pptpd
(2)
rpm -ivh pptpd-1.1.3-4.i386.rpm
6。配置你的pppd和pptpd
pppd的默认配置文件在 /etc/ppp
pptpd的配置文件在 /etc/pptpd.conf
pptpd和pppd的关系好比 pptpd是pppd的外挂一样。
6.1
/etc/pptpd.conf中需要配置的地方只有几个
你首先要确定下面这个
ppp /usr/local/sbin/pppd
他给pptpd指名了pppd的所在
option /etc/ppp/options.pptpd
这个说明了pptpd在ppp下的配置
在最后面添加
localip 10.8.8.1
remoteip 10.8.8.2-245
localip是pptpd的对外服务的ip,也就是客户端需要拨号的ip(这个待测,有人说是VPN服务器地址,究竟是外网ip还是内网ip,等待测试)
remoteip是拨号服务器分配给拨号用户的ip ,可以用-表示ip范围
6.2
配置/etc/ppp/options.pptpd
为了测试,请打开debug和dump
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
dump
默认的信息会写在/var/log/messages
添加DNS
ms-dns 202.96.209.6
以下是配置说明:
#相当于身份验证时的域,一定要和/etc/ppp/chap-secrets中的内容对应,下面会讲到。
name pptpd
#传输加密。ppp-2.4.2以上的版本只支持MPPE加密,内核模块为 ppp_mppe.o
#拒绝pap身份验证
refuse-pap
#拒绝chap身份验证
refuse-chap
#拒绝mschap身份验证
refuse-mschap
#采用mschap-v2(Microsoft Challenge Handshake Authentication Protocol, Version 2)身份验证方式
require-mschap-v2
#注意在采用mschap-v2身份验证方式时要使用MPPE进行加密
require-mppe-128
#给客户端分配DNS地址和WINS服务器地址
ms-dns 202.99.96.68
#ms-wins 10.0.0.4
#启动ARP代理,如果分配给客户端的IP地址与内网网卡在一个子网就需要启用ARP代理。
Proxyarp
6.3
编辑 /etc/ppp/chap-secrets
添加一个测试用户
第一个test是用户,第二个test是密码 ,*表示任意ip
pptpd表示和/etc/ppp/options.pptpd中的name 部分的pptpd要匹配,一般不用修改,我们只是
测试以下pptpd是否正常。
6.4
打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
/sbin/iptables -A INPUT -p gre -j ACCEPT
iptables -A POSTROUTING -t nat -s 10.8.8.0/24 -o eth0 -j MASQUERADE
即可
7。测试你的pptpd
如果是默认安装,你在任意路径打pptpd就可以了。
如果成功,你就会在
/var/log/messages里面看到
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Manager process started
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Maximum of 100 connections available
然后你可以在任意一个win2k系统上建立一个vpn连接,用pptp方式的,用户名用上面设置的,这样你就能拨号了
而且ip就是你在上面所设置的ip
现在复查以下log文件
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Manager process started
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Maximum of 100 connections available
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection started
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Starting call (launching pppd, opening GRE)
Feb 10 09:55:06 kdfng pppd[940]: pppd options in effect:
Feb 10 09:55:06 kdfng pppd[940]: debug # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: nologfd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: dump # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mschap-v2 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-pap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-chap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-mschap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: name pptpd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: 115200 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: lock # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: local # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: ipparam 192.168.8.53 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: 192.168.8.22:10.10.110.1 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: nobsdcomp # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mppe-128 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: pppd 2.4.4b1 started by root, uid 0
Feb 10 09:55:06 kdfng pppd[940]: Using interface ppp0
Feb 10 09:55:06 kdfng pppd[940]: Connect: ppp0 <--> /dev/pts/1
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Feb 10 09:55:06 kdfng pppd[940]: MPPE 128-bit stateless compression enabled
Feb 10 09:55:08 kdfng pppd[940]: local IP address 192.168.8.22
Feb 10 09:55:08 kdfng pppd[940]: remote IP address 10.10.110.1
Feb 10 09:55:17 kdfng pppd[940]: LCP terminated by peer (^Z^HEO^@
Feb 10 09:55:17 kdfng pppd[940]: Sent 0 bytes, received 3492 bytes.
Feb 10 09:55:17 kdfng pppd[940]: Modem hangup
Feb 10 09:55:17 kdfng pppd[940]: Connection terminated.
Feb 10 09:55:17 kdfng pppd[940]: Exit.
Feb 10 09:55:17 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection finished
这样你的pptpd就配置完成了。
检查PPP是否支持MPPE,用以下命令检查PPP是否支持MPPE:
strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
注意:
如果一直提示619或者800错误查看日志发现
pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: mknod /dev/ppp c 108 0
运行
就正常一些了,后面继续
如果启动不了,请使用以下配置
# vi /etc/pptpd.conf
============================= pptpd.conf ==========================
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: stimeout
#
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: debug
#
# Turns on (more) debugging to syslog
#
#debug
# TAG: bcrelay <if>;
#
# Turns on broadcast relay to clients from interface <if>;
# Not yet implemented this way. Read README.bcrelay
#
#bcrelay ppp0
# TAG: localip
# TAG: remoteip
localip 10.8.8.1
remoteip 10.8.8.2-254
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
============================= pptpd.conf ==========================
# vi /etc/ppp/options.pptpd
=========================== options.pptpd =========================
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
auth
proxyarp
bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
#-chapms
#+chapms-v2
#mppe-128
#mppe-stateless
require-mschap-v2
require-mppe
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins 192.168.0.1
ms-dns 202.96.209.5
=========================== options.pptpd =========================
8 启用 nat
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1
升级内核是为了待会安装一个内核模块增加对mppe的支持。这样才能支持pptp拨号。
pppd ppp拨号服务器
pptpd 在pppd拨号的基础上增加pptpd的支持
freeradius 作拨号用户验证的。
mysql 增加freeradius的数据库支持
2。确定你的内核是否支持mppe
modprobe ppp-compress-18 && echo ok
如果显示ok,那么恭喜,你的内核已经具备了mppe支持。请到第4部分
3。升级内核支持mppe
wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
wget http://poptop.sourceforge.net/yum/stable/packages/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
dkms是一个新的软件,能让你在不编译内核的基础上,外挂一些内核的模块。
kernel_ppp_mppe就是mppe支持的内核模块了。
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
以上二个是为CENTOS加载MPPE[MICROSOFT的加密协议] ..不安装的话就不能使用加密连接
ok后重起你的系统
4。安装pppd
yum install ppp
或者
rpm -Uvh ppp-2.4.2-b3.i386.rpm
5。安装pptpd
(1)使用yum安装
# vim /etc/yum.repos.d/Doylenet.repo
[doylenet]
name=Doylenet custom repository for CentOS
baseurl=http://files.doylenet.net/linux/yum/centos/5/i386/doylenet/
gpgcheck=1
gpgkey=http://files.doylenet.net/linux/yum/centos/RPM-GPG-KEY-rdoyle
enabled=1
# yum update
# yum install pptpd
(2)
rpm -ivh pptpd-1.1.3-4.i386.rpm
6。配置你的pppd和pptpd
pppd的默认配置文件在 /etc/ppp
pptpd的配置文件在 /etc/pptpd.conf
pptpd和pppd的关系好比 pptpd是pppd的外挂一样。
6.1
/etc/pptpd.conf中需要配置的地方只有几个
你首先要确定下面这个
ppp /usr/local/sbin/pppd
他给pptpd指名了pppd的所在
option /etc/ppp/options.pptpd
这个说明了pptpd在ppp下的配置
在最后面添加
localip 10.8.8.1
remoteip 10.8.8.2-245
localip是pptpd的对外服务的ip,也就是客户端需要拨号的ip(这个待测,有人说是VPN服务器地址,究竟是外网ip还是内网ip,等待测试)
remoteip是拨号服务器分配给拨号用户的ip ,可以用-表示ip范围
6.2
配置/etc/ppp/options.pptpd
为了测试,请打开debug和dump
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
dump
默认的信息会写在/var/log/messages
添加DNS
ms-dns 202.96.209.6
以下是配置说明:
#相当于身份验证时的域,一定要和/etc/ppp/chap-secrets中的内容对应,下面会讲到。
name pptpd
#传输加密。ppp-2.4.2以上的版本只支持MPPE加密,内核模块为 ppp_mppe.o
#拒绝pap身份验证
refuse-pap
#拒绝chap身份验证
refuse-chap
#拒绝mschap身份验证
refuse-mschap
#采用mschap-v2(Microsoft Challenge Handshake Authentication Protocol, Version 2)身份验证方式
require-mschap-v2
#注意在采用mschap-v2身份验证方式时要使用MPPE进行加密
require-mppe-128
#给客户端分配DNS地址和WINS服务器地址
ms-dns 202.99.96.68
#ms-wins 10.0.0.4
#启动ARP代理,如果分配给客户端的IP地址与内网网卡在一个子网就需要启用ARP代理。
Proxyarp
6.3
编辑 /etc/ppp/chap-secrets
添加一个测试用户
# Secrets for authentication using CHAP
# client server secret IP addresses
"test" pptpd "test" *
# client server secret IP addresses
"test" pptpd "test" *
第一个test是用户,第二个test是密码 ,*表示任意ip
pptpd表示和/etc/ppp/options.pptpd中的name 部分的pptpd要匹配,一般不用修改,我们只是
测试以下pptpd是否正常。
6.4
打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
/sbin/iptables -A INPUT -p gre -j ACCEPT
iptables -A POSTROUTING -t nat -s 10.8.8.0/24 -o eth0 -j MASQUERADE
即可
7。测试你的pptpd
如果是默认安装,你在任意路径打pptpd就可以了。
如果成功,你就会在
/var/log/messages里面看到
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Manager process started
Feb 10 09:51:46 kdfng pptpd[926]: MGR: Maximum of 100 connections available
然后你可以在任意一个win2k系统上建立一个vpn连接,用pptp方式的,用户名用上面设置的,这样你就能拨号了
而且ip就是你在上面所设置的ip
现在复查以下log文件
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Manager process started
Feb 10 09:54:53 kdfng pptpd[937]: MGR: Maximum of 100 connections available
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection started
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Starting call (launching pppd, opening GRE)
Feb 10 09:55:06 kdfng pppd[940]: pppd options in effect:
Feb 10 09:55:06 kdfng pppd[940]: debug # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: nologfd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: dump # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mschap-v2 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-pap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-chap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: refuse-mschap # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: name pptpd # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: 115200 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: lock # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: local # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: ipparam 192.168.8.53 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: 192.168.8.22:10.10.110.1 # (from command line)
Feb 10 09:55:06 kdfng pppd[940]: nobsdcomp # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: require-mppe-128 # (from /etc/ppp/options.pptpd)
Feb 10 09:55:06 kdfng pppd[940]: pppd 2.4.4b1 started by root, uid 0
Feb 10 09:55:06 kdfng pppd[940]: Using interface ppp0
Feb 10 09:55:06 kdfng pppd[940]: Connect: ppp0 <--> /dev/pts/1
Feb 10 09:55:06 kdfng pptpd[939]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Feb 10 09:55:06 kdfng pppd[940]: MPPE 128-bit stateless compression enabled
Feb 10 09:55:08 kdfng pppd[940]: local IP address 192.168.8.22
Feb 10 09:55:08 kdfng pppd[940]: remote IP address 10.10.110.1
Feb 10 09:55:17 kdfng pppd[940]: LCP terminated by peer (^Z^HEO^@
Feb 10 09:55:17 kdfng pppd[940]: Sent 0 bytes, received 3492 bytes.
Feb 10 09:55:17 kdfng pppd[940]: Modem hangup
Feb 10 09:55:17 kdfng pppd[940]: Connection terminated.
Feb 10 09:55:17 kdfng pppd[940]: Exit.
Feb 10 09:55:17 kdfng pptpd[939]: CTRL: Client 192.168.8.53 control connection finished
这样你的pptpd就配置完成了。
检查PPP是否支持MPPE,用以下命令检查PPP是否支持MPPE:
strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
注意:
如果一直提示619或者800错误查看日志发现
pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: mknod /dev/ppp c 108 0
运行
mknod /dev/ppp c 108 0
就正常一些了,后面继续
如果启动不了,请使用以下配置
# vi /etc/pptpd.conf
============================= pptpd.conf ==========================
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: stimeout
#
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: debug
#
# Turns on (more) debugging to syslog
#
#debug
# TAG: bcrelay <if>;
#
# Turns on broadcast relay to clients from interface <if>;
# Not yet implemented this way. Read README.bcrelay
#
#bcrelay ppp0
# TAG: localip
# TAG: remoteip
localip 10.8.8.1
remoteip 10.8.8.2-254
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
============================= pptpd.conf ==========================
# vi /etc/ppp/options.pptpd
=========================== options.pptpd =========================
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
auth
proxyarp
bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
#-chapms
#+chapms-v2
#mppe-128
#mppe-stateless
require-mschap-v2
require-mppe
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins 192.168.0.1
ms-dns 202.96.209.5
=========================== options.pptpd =========================
8 启用 nat
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1
解决安装kloxo以后无法重启的bug
[ 2009/10/11 23:44 | by suibing ]
2009/10/11 23:44 | by suibing ]
发现centos安装kloxo新版本后使用reboot或者shutdown -r now 命令不能重启vps,只能关机,这对没有面板的vps来说是致命的,还好teamvps有hypervm可以手动启动,不过EDh的网速比较好,比较看重这个,于是查询资料发现安装kloxo的vps需要用init 6来重启
以下是解释
Init 6是重新启动机器,reboot也是重新启动机器。
对这两个操作使用man命令看到的内容如下:
init 6 Stop the operating system and reboot to the
state defined by the initdefault entry in
/etc/inittab.
reboot - reboot performs a sync(1M) operation on the disks, and then a
multi- user reboot is initiated. See init(1M) for details.
"init 6" 基于一系列/etc/inittab文件,并且每个应用都会有一个相应shutdown脚本。
'init 6' 调用一系列shutdown脚本(/etc/rc0.d/K*)来使系统优雅关机;
'reboot'并不执行这些过程,reboot更是一个kernel级别的命令,不对应用使用shutdown脚本。 .
我们应该在通常情况下使用 init 6,在出问题的状况下或强制重启时使用reboot.。
看来以后要用init 6来重启vps
/etc/inittab的运行级
# 0 - 停机(千万不要把initdefault 设置为0 )
# 1 - 单用户模式
# 2 - 多用户,但是没有网络
# 3 - 完全多用户模式
# 4 - 没有用到
# 5 - X11
# 6 - 重新启动 (千万不要把initdefault 设置为6 )
有VPS或者独立主机的检查一下/etc/inittab文件,initdefault应该是3,如果是5的话,会多运行X11图形界面的程序。这样会浪费你不少的内存,Linux服务器不需要图形界面,ssh和web界面足够了。有些机房的生手装的系统,都带图形界面。
以下是解释
Init 6是重新启动机器,reboot也是重新启动机器。
对这两个操作使用man命令看到的内容如下:
init 6 Stop the operating system and reboot to the
state defined by the initdefault entry in
/etc/inittab.
reboot - reboot performs a sync(1M) operation on the disks, and then a
multi- user reboot is initiated. See init(1M) for details.
"init 6" 基于一系列/etc/inittab文件,并且每个应用都会有一个相应shutdown脚本。
'init 6' 调用一系列shutdown脚本(/etc/rc0.d/K*)来使系统优雅关机;
'reboot'并不执行这些过程,reboot更是一个kernel级别的命令,不对应用使用shutdown脚本。 .
我们应该在通常情况下使用 init 6,在出问题的状况下或强制重启时使用reboot.。
看来以后要用init 6来重启vps
/etc/inittab的运行级
# 0 - 停机(千万不要把initdefault 设置为0 )
# 1 - 单用户模式
# 2 - 多用户,但是没有网络
# 3 - 完全多用户模式
# 4 - 没有用到
# 5 - X11
# 6 - 重新启动 (千万不要把initdefault 设置为6 )
有VPS或者独立主机的检查一下/etc/inittab文件,initdefault应该是3,如果是5的话,会多运行X11图形界面的程序。这样会浪费你不少的内存,Linux服务器不需要图形界面,ssh和web界面足够了。有些机房的生手装的系统,都带图形界面。
