下载脚本 http://www.castaglia.org/openssl/contrib/cert-tool ,修改cert-tool中openssl的路径,用这个脚本调用OpenSSL自签名颁发一个证书
cert-tool --create-ca=serverca --signing-ca=self
cert-tool --create-cert=server --signing-ca=serverca.cert.pem --signing-key=serverca.key.pem
修改proftpd.conf,增加TLS配置
TLSEngine on #开启TLS
TLSLog /var/log/proftpd-tls.log #TLS日志
TLSProtocol SSLv23 #允许使用SSLv3和TLSv1
TLSRSACertificateFile /usr/local/etc/server.cert.pem #cert-tool生成的证书
TLSRSACertificateKeyFile /usr/local/etc/server.key.pem #cert-tool生成的key
TLSCACertificateFile /usr/local/etc/serverca.cert.pem #cert-tool生成的CA证书
TLSVerifyClient off #不验证客户端证书。如要启用客户端证书验证,则需要用TLSCACertificateFile这个CA来颁发客户端证书
TLSRenegotiate required off #不强制要求重协商
另外加密传输需要使用FTP命令PROT,如果Deny ALL过,需要Allow
分类: xNix
解决 FreeBSD SSH 乱码
编辑 /etc/login.conf 增加一个language
enutf8|enutf8 Users Accounts:\
:charset=UTF-8:\
:lang=en_US.UTF-8:\
:tc=default:
vipw 编辑ssh登录的用户,在gid后面增加这个language
yaoge123:$1$***:1001:1001:enutf8:0:0:User &:/home/yaoge123:/bin/sh
Apache和ProFTPD的Order区别
| Order Allow,Deny | Apache | ProFTPD |
| 仅匹配Allow | Allow | Allow |
| 仅匹配Deny | Deny | Deny |
| 没有匹配 | 默认Deny | 默认Allow |
| 匹配Allow和Deny | 最后匹配Deny | 首先匹配Allow |
| Order Deny,Allow | Apache | ProFTPD |
| 仅匹配Allow | Allow | Allow |
| 仅匹配Deny | Deny | Deny |
| 没有匹配 | 默认Allow | 默认Deny |
| 匹配Allow和Deny | 最后匹配Allow | 首先匹配Deny |
参考:
http://httpd.apache.org/docs/1.3/mod/mod_access.html
http://www.proftpd.org/docs/directives/linked/config_ref_Order.html
http://www.proftpd.org/docs/howto/Limit.html
FreeBSD Tomcat 安装后注意事项
编辑 /usr/local/etc/rc.d/tomcat6
在java_command=中增加如下内容禁用IPv6
-Djava.net.preferIPv4Stack="true" \
-Djava.net.preferIPv4Address="true" \
相关版本信息:
Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14 OpenSSL/0.9.8k DAV/2 PHP/5.2.12 with Suhosin-Patch mod_jk/1.2.30
javavmwrapper-2.3.4
diablo-jdk-1.6.0.07.02_8
jdk-1.6.0.3p4_14
tomcat-6.0.24
tomcat-native-1.1.20
mod_jk-ap2-1.2.30_1
FreeBSD下ZFS RaidZ硬盘替换扩容实践
创建一个raidz1的ZFS pool
test# zpool create zfspool raidz da1 da2 da3
test# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
zfspool 23.9G 192K 23.9G 0% ONLINE –
test# zpool status
pool: zfspool
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
zfspool ONLINE 0 0 0
raidz1 ONLINE 0 0 0
da1 ONLINE 0 0 0
da2 ONLINE 0 0 0
da3 ONLINE 0 0 0
errors: No known data errors
用更大的da4、da5、da6替换原来小的da1、da2、da3 Continue reading
FreeBSD下ZFS mirror升降级、硬盘替换和在线/离线扩容实践
创建一个非冗余的ZFS pool
test# zpool create zfspool da1
test# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
zfspool 7.94G 110K 7.94G 0% ONLINE –
test# zpool status
pool: zfspool
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
zfspool ONLINE 0 0 0
da1 ONLINE 0 0 0
errors: No known data errors
增加一个盘,升级为双路mirror
test# zpool attach zfspool da1 da2
test# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
zfspool 7.94G 112K 7.94G 0% ONLINE –
test# zpool status
pool: zfspool
state: ONLINE
scrub: resilver completed with 0 errors on Tue Jul 21 21:24:27 2009
config:
NAME STATE READ WRITE CKSUM
zfspool ONLINE 0 0 0
mirror ONLINE 0 0 0
da1 ONLINE 0 0 0
da2 ONLINE 0 0 0
errors: No known data errors
如果想直接建立一个双路mirror的ZFS pool用
test# zpool create zfspool mirror da1 da2
再增加一个盘,升级为三路mirror Continue reading
openSUSE 安装 VMware Tools 之前的准备
openSUSE 11.2:
安装make, gcc, kernel-source
/usr/bin/vmware-config-tools.pl –clobber-kernel-modules=vmci –clobber-kernel-modules=vsock –clobber-kernel-modules=vmxnet3 –clobber-kernel-modules=pvscsi –clobber-kernel-modules=vmmemctl –clobber-kernel-modules=vmhgfs –clobber-kernel-modules=vmxnet –clobber-kernel-modules=vmblock
openSUSE 11.1:
删除/lib/modules/2.6.27.7-9-default/updates中的vmxnet.ko vmblock.ko vmmemctl.ko vmhgfs.ko vmci.ko vmsync.ko 这些文件
安装make, gcc, kernel-source
openSUSE 10.3:
安装less, psmisc, make, gcc, kernel-source
FreeBSD下PT client选择
HDChina和HDBits上可用的client有Azureus、 BitTornado、 KTorrent、 rtorrent、 Transmission、 uTorrent。uTorrent需要Wine;Azureus(Vuze)和KTorrent需要X,因此都不考虑了。BitTornado 0.3.18 HDChina不认,Transmission 1.61 HDBits不认。rtorrent里凡是没有下载完成的任务,重启后都需要重新hash,Transmission则没有该问题,而且且速度比rtorrent要快。难道用uTorrent + samba?
FreeBSD使用VMware Tools无法关闭电源
FreeBSD安装了VMware Tools以后,可以通过VI关闭客户机,但是系统停留在“The operating system has halted.Please press any key to reboot.”不能够自动关闭电源。解决方法为
ee /usr/local/etc/rc.d/vmware-tools.sh
查找vmware_start_guestd()可见
vmware_start_guestd() {
cd "$vmdb_answer_SBINDIR" && "$vmdb_answer_SBINDIR"/vmware-guestd \
--background "$GUESTD_PID_FILE"
}
在vmware-guestd命令下增加参数–halt-command “/sbin/shutdown -p now”,修改为
vmware_start_guestd() {
cd "$vmdb_answer_SBINDIR" && "$vmdb_answer_SBINDIR"/vmware-guestd \
--background "$GUESTD_PID_FILE" --halt-command "/sbin/shutdown -p now"
}
保存退出。执行 /usr/local/etc/rc.d/vmware-tools.sh restart,重启vmware tools即可。
FreeBSD下ZFS在线替换硬盘扩容实践
替换前
test# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
zfspool 9.94G 1.96G 7.98G 19% ONLINE –
用da2替换da1,都是/dev/下的设备
test# zpool replace zfspool da1 da2
开始替换了
test# zpool status
pool: zfspool
state: ONLINE
status: One or more devices is currently being resilvered. The pool will
continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
scrub: resilver in progress, 15.24% done, 0h4m to go
config:
NAME STATE READ WRITE CKSUM
zfspool ONLINE 0 0 0
replacing ONLINE 0 0 0
da1 ONLINE 0 0 0
da2 ONLINE 0 0 0
errors: No known data errors
替换完成了
test# zpool status
pool: zfspool
state: ONLINE
scrub: resilver completed with 0 errors on Sat May 9 16:49:35 2009
config:
NAME STATE READ WRITE CKSUM
zfspool ONLINE 0 0 0
da2 ONLINE 0 0 0
errors: No known data errors
容量增加了
test# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
zfspool 17.9G 1.96G 16.0G 10% ONLINE –
整个过程中应用没有中断