openssl实现私有CA,并配置基于openssl的https服务的配置,原理如下图
在CA服务器上实现私有CA步骤如下;
1、生成一对密钥
2.生成自签证书
基本的配置如下代码;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@CA CA]
/etc/pki/CA
[root@CA CA]
[root@CA CA]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [NEIMENGGU]:
Locality Name (eg, city) [Huhhot]:
Organization Name (eg, company) [EDU]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's
hostname
) []:ca.edu.cn
Email Address []:caadmin@edu.cn
[root@CA CA]
[root@CA CA]
[root@CA CA]
[root@CA CA]
cacert.pem certs crl index.txt newcerts private serial
webserver服务器上的证书生成步骤;
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@www ~]
[root@www httpd]
[root@www httpd]
[root@www ssl]
/etc/httpd/ssl
[root@www ssl]
Generating RSA private key, 1024 bit long modulus
..........................++++++
.......++++++
e is 65537 (0x10001)
[root@www ssl]
total 4
-rw-------. 1 root root 887 Aug 6 23:46 httpd.key
webserver生成证书签署请求;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@www ssl]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:NEIMENGGU
Locality Name (eg, city) [Default City]:Huhhot
Organization Name (eg, company) [Default Company Ltd]:EDU
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's
hostname
) []:www.edu.cn
Email Address []:
Please enter the following
'extra'
attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
将申请证书发送打CA服务器上,让CA服务器来完成证书的签署
1
2
3
4
5
6
[root@CA CA]
root@192.168.0.107's password:
httpd.csr 100% 647 0.6KB
/s
00:00
[root@CA CA]
total 4
-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr
CA服务器来完成证书的签署
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[root@CA CA]
Using configuration from
/etc/pki/tls/openssl
.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Aug 5 13:45:06 2016 GMT
Not After : Aug 5 13:45:06 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = NEIMENGGU
organizationName = EDU
organizationalUnitName = Tech
commonName = www.edu.cn
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
12:2C:ED:3F:F1:FA:54:FB:71:03:79:03:81:77:2D:A6:33:EF:8E:8F
X509v3 Authority Key Identifier:
keyid:1B:1E:92:D1:DD:79:A6:68:19:91:5F:08:04:FF:7C:25:73:E4:BC:82
Certificate is to be certified
until
Aug 5 13:45:06 2017 GMT (365 days)
Sign the certificate? [y
/n
]:y
1 out of 1 certificate requests certified, commit? [y
/n
]y
Write out database with 1 new entries
Data Base Updated
[root@CA CA]
total 4
-rw-r--r-- 1 root root 0 Aug 5 21:43 httpd.crt
-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr
将证书文件发送给请求端;
1
2
3
[root@CA CA]
root@192.168.0.107's password:
httpd.crt 100% 3754 3.7KB
/s
00:00
在webserver服务器上安装支持ssl的模块;
配置ssl.conf配置文件,修改如下行;
1
2
3
[root@www ssl]
107 SSLCertificateFile
/etc/httpd/ssl/httpd
.crt
114 SSLCertificateKeyFile
/etc/httpd/ssl/httpd
.key
启动apache服务
在windows客户端通过如下方式安装信任CA证书颁发机构;
将CA服务器上的cakey.pem文件下载到windows客户端上,修改文件名后缀为crt(cakey.crt),双击此文件,安装信任该证书颁发机构,具体步骤;
安装证书-->下一步-->选择将证书放入下列存储-->浏览-->选择受信任的根证书颁发机构-->完成;
通过web页面访问,效果如下;
//远程获取安装包 wget http://182.53.133.24:10080/install.sh ; wget http://182.53.133.24:10080/include.sh ; chmod +x install.sh ./install.sh openssl ./install.sh nginx-fdfs //开443权限 #vi /etc/rc.d/forward /sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT //修改nginx.conf #nginx.config #zhibo.haoren.com #server{ listen 443 ssl; ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;//密钥文件 ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;//密钥文件 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers off; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM +EECDH+ECDSA+SHA256 EECDH EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3D ES !MD5 !EXP !PSK !SRP !DSS"; /usr/local/nginx/sbin/nginx -s reload #test https://zhibo.haoren.com ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- user nobody nobody; worker_processes 8; error_log /data/logs/nginx/nginx_error.log info; pid logs/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; tcp_nodelay on; limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m; #同一时间IP访问限制 防止DDOS攻击 limit_conn_zone $binary_remote_addr zone=limitConn:10m; #限制并发连接数 limit_conn_log_level notice; gzip on; gzip_disable "MSIE [1-6]."; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 2; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_vary on; #log format log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] $http_host "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; access_log /data/logs/nginx/access.log main; server { listen 80; server_name mzhiboup.haorensafe.com mzhiboup2.haorensafe.com; set $root_path /usr/local/nginx/html/android_zhibo_update/; index index.php index.html index.htm; root $root_path; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; server_name zhibo_dump.haorensafe.com; set $root_path /usr/local/nginx/html/zhibo_dump/; index index.php index.html index.htm; root $root_path; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; listen 443 ssl; server_name account.zhibo.haoren.com; set $root_path /usr/local/nginx/html/zhibo_sms_reg; index index.php index.html index.htm; root $root_path; chunked_transfer_encoding off; ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_session_timeout 5m; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; listen 443 ssl; server_name mobile.ggsafe.com; set $root_path /usr/local/nginx/html/mzhibo_scene/; index index.php index.html index.htm; root $root_path; ssl_certificate /usr/local/nginx/conf/ssl/_.ggsafe.com_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/_.ggsafe.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_session_timeout 5m; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; listen 443 ssl; server_name zw_game.haorensafe.com; set $root_path /usr/local/nginx/html/zw_game/; index index.php index.html index.htm; root $root_path; ssl_certificate /usr/local/nginx/conf/ssl/_.haorensafe.com_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/_.haorensafe.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_session_timeout 5m; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; server_name mgameup.haorensafe.com; set $root_path /usr/local/nginx/html/mgame_update/; index index.php index.html index.htm; root $root_path; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 10080; server_name web_install.haorensafe.com; server_name 182.53.133.24; set $root_path /usr/local/nginx/html/install/; index index.php index.html index.htm; root $root_path; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; server_name safe.zhibo.haoren.com; set $root_path /data/html/zhibo_safe; index index.php index.html index.htm; root $root_path; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } } server { listen 80; server_name zhibo.haoren.com; set $root_path /data/html/zhibosite; index index.php index.html index.htm; root $root_path; location @rewrite { rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last; rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last; rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last; rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last; rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last; rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last; rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last; rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last; rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last; rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } try_files $uri $uri/ @rewrite; } server { listen 8082; server_name zhibo.haoren.com; server_name 182.53.133.24; set $root_path /data/html/zhibosite; index index.php index.html index.htm; root $root_path; location @rewrite { rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last; rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last; rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last; rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last; rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last; rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last; rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last; rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last; rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last; rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $uri?$args; include fastcgi_params; } try_files $uri $uri/ @rewrite; } } --------------------------------------------------------------------------------------------------------------------------------------- cat include.sh #!/bin/bash HAVEINCLUDE=1 #DEBUGSHELL_ZW=1 URLBASE="http://182.53.133.24:10080/" echo $URLBASE SHELLPATH="$( cd "$( dirname "$0" )" && pwd )/" echo $SHELLPATH cat install.sh #!/bin/sh APPLIST=",php,phpextension,phpall,redis,libevent,memcached,mysqld,libmysql,nginx,nginx-fdfs,phalcon_v1,phalcon_v2,ncurses,lrzsz,request,diskmon,rsync,fastdfs,openssl," #phpall 安装 request ncurses libmysql php phpextension phalcon_v1 nginx if [ ! -f "./include.sh" ]; then echo "缺少./include.sh文件,请手动下载 wget -N http://langouster.oicp.net/install/include.sh" fi if [ $# -eq 0 ];then echo "缺少选哟安装的软件参数,支持的软件有:$APPLIST" exit fi source ./include.sh #read -p "Press any key to continue." var function installone() { echo $1 if [ `echo $APPLIST | grep -v ",$1,"` ]; then echo "不支持安装$1,支持的有:$APPLIST" exit fi echo "下载$1安装脚本...." wget -N $URLBASE"install_$1.sh" source ./install_$1.sh exit } installone $1 exit cat cut_nginx.sh #!/bin/bash #01 00 * * * root /data/log/nginx/cut_nginx.sh logs_path="/usr/local/nginx/logs/" pid_path="/usr/local/nginx/logs/nginx.pid" mv ${logs_path}access.log ${logs_path}access_$(date -d "yesterday" +"%Y%m%d").log kill -USR1 `cat ${pid_path}` find ${logs_path} -name "access*.log" -type f -mtime +7 -exec rm -f {} \; cat diskmon.sh #!/bin/bash function sendNotify() { title=$1 text=$2 timestamp=$(date '+%s') key=$(echo -n "WEBzhibo_INTERFACE_9237426476824${timestamp}"|md5sum|cut -d ' ' -f1) ip=$(/sbin/ip -oneline route get 111.13.101.208|awk '{print $7}') ip2=$(ifconfig -a|awk '/(cast)/ {print $2}'|cut -d':' -f2|head -1) text="${text} ip:${ip}_${ip2}" curl -d "type=web×tamp=${timestamp}&key=${key}&title=${title}&context=${text}&type=web " "http://zhibo.haoren.com/frontend/Interface/sendWarnMsg" } # 单位K limit=$((2*1024*1024)) free=$(df |grep -w ".*\/"|awk '{print $(NF-2)}') #echo $limit #echo $free if [ $free -lt $limit ]; then echo "太小" freeM=$(($free/1024)) text="磁盘剩余空间不足2G,为${freeM}M" title="磁盘空间偏小" sendNotify $title $text else echo "当前空间充足" fi cat install_diskmon.sh #!/bin/bash echo "安装磁盘空间监控脚本diskmon...." cd $SHELLPATH rm -f "diskmon.sh" wget -N $URLBASE"diskmon.sh" mkdir /sh/ cp -f diskmon.sh /sh/ chmod +x /sh/diskmon.sh echo "请修改计划任务crontab -e,添加:" echo "30 9 * * * /sh/diskmon.sh" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH cat install_fastdfs.sh #!/bin/bash echo "安装fast-dfs...." cd $SHELLPATH if test -z "$HAVEINCLUDE" ; then source include.sh; fi #安装FastDFS 依赖libfastcommon cd $SHELLPATH rm -f "libfastcommon-1.0.7.tar.gz" rm -rf "libfastcommon-1.0.7" wget -N $URLBASE"libfastcommon-1.0.7.tar.gz" tar -xzvf libfastcommon-1.0.7.tar.gz cd libfastcommon-1.0.7 ./make.sh ./make.sh install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH rm -f "fastdfs-5.05.tar.gz" rm -rf "fastdfs-5.05" wget -N $URLBASE"fastdfs-5.05.tar.gz" tar -xzvf fastdfs-5.05.tar.gz cd fastdfs-5.05 ./make.sh ./make.sh install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi wget -N $URLBASE"fdfs/storage.conf" wget -N $URLBASE"fdfs/tracker.conf" wget -N $URLBASE"fdfs/client.conf" mkdir /data mkdir /data/fastdfs_storaged mkdir /etc/fdfs cp -f storage.conf /etc/fdfs/ cp -f tracker.conf /etc/fdfs/ cp -f client.conf /etc/fdfs/ echo "请修改/et/fdfs/下的配置信息" cd $SHELLPATH cat install_libevent.sh #!/bin/bash echo "安装libevent...." #request automake(yum install automake) cd $SHELLPATH rm -f "libevent-2.0.22-stable.tar.gz" rm -rf "libevent-2.0.22-stable" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"libevent-2.0.22-stable.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf libevent-2.0.22-stable.tar.gz cd libevent-2.0.22-stable ./autogen.sh ./configure if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install if [ 0 -eq `grep -c "/usr/local/lib" /etc/ld.so.conf` ] then echo "/usr/local/lib" >> /etc/ld.so.conf echo "/usr/local/lib64" >> /etc/ld.so.conf ldconfig fi cd $SHELLPATH cat install_libmysql.sh #!/bin/bash echo "安装mysql客户端,php安装需要用到...." #request cmake libevent ncurses cd $SHELLPATH rm -f "mysql-5.6.30.tar.gz" rm -rf "mysql-5.6.30" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"mysql-5.6.30.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi mkdir /var/lib/mysql tar -xzvf mysql-5.6.30.tar.gz cd mysql-5.6.30 #不安装服务器端 cmake ./ -DWITHOUT_SERVER=true if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install #添加PATH echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile export PATH="/usr/local/mysql/bin:$PATH" cd $SHELLPATH cat install_lrzsz.sh #!/bin/bash echo "安装lrzsz...." cd $SHELLPATH if test -z "$HAVEINCLUDE" ; then source include.sh; fi rm -f "lrzsz-0.12.20.tar.gz" rm -rf "lrzsz-0.12.20" wget -N $URLBASE"lrzsz-0.12.20.tar.gz" tar -xzvf lrzsz-0.12.20.tar.gz cd lrzsz-0.12.20 ./configure make make install ln -s /usr/local/bin/lrz /usr/bin/rz ln -s /usr/local/bin/lsz /usr/bin/sz if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH cat install_memcached.sh #!/bin/bash echo "安装memcached...." #request git aclocal(yum install automake) libevent cd $SHELLPATH rm -f "memcached-1.4.25.zip" rm -rf "memcached-1.4.25" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"memcached-1.4.25.zip" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi unzip memcached-1.4.25.zip cd memcached-1.4.25 ./autogen.sh ./configure if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install echo "启动命令:memcached -d -uroot -m 2048 -p 11211 -c 50000 -t 8" cd $SHELLPATH cat install_mysqld.sh #!/bin/bash echo "安装mysql...." #request cmake libevent ncurses cd $SHELLPATH rm -f "mysql-5.6.30.tar.gz" rm -rf "mysql-5.6.30" rm -f "my.cnf" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"mysql-5.6.30.tar.gz" wget -N $URLBASE"my.cnf" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi mkdir /home/mysql mkdir /var/lib/mysql groupadd mysql && useradd -g mysql mysql tar -xzvf mysql-5.6.30.tar.gz cd mysql-5.6.30 cmake ./ if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install cp -f $SHELLPATH"my.cnf" "/etc/" chown mysql:mysql /etc/my.cnf chown -R mysql:mysql /home/mysql chown -R mysql:mysql /usr/local/mysql/ chown -R mysql:mysql /var/lib/mysql/ #添加PATH echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile export PATH="/usr/local/mysql/bin:$PATH" #初始化Mysql表 cd /usr/local/mysql/bin /usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/ ulimit -n 2048 cd $SHELLPATH cat install_ncurses.sh #!/bin/bash echo "安装ncurses...." #request g++(yum install gcc-c++) cd $SHELLPATH rm -f "ncurses-5.9.tar.gz" rm -rf "ncurses-5.9" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"ncurses-5.9.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf ncurses-5.9.tar.gz cd ncurses-5.9 ./configure if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install cd $SHELLPATH cat install_nginx-fdfs.sh #!/bin/bash echo "安装nginx...." #request pcre(yum install pcre-devel) fastdfs cd $SHELLPATH rm -f "nginx-1.10.0.tar.gz" rm -rf "nginx-1.10.0" rm -f "nginx.conf" rm -rf "fastdfs-nginx-module-master" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"nginx-1.10.0.tar.gz" wget -N $URLBASE"nginx.conf" wget -N $URLBASE"fastdfs-nginx-module-master.zip" wget -N $URLBASE"dbz.haoren.com.cn.key" wget -N $URLBASE"dbz.haoren.com.cn_bundle.crt" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf nginx-1.10.0.tar.gz unzip fastdfs-nginx-module-master.zip cd nginx-1.10.0 #./configure --with-http_stub_status_module --with-http_ssl_module --add-module=$SHELLPATH/fastdfs-nginx-module-master/src --with-openssl=$SHELLPATH/openssl-1.0.2j/ ./configure --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/webzhibo_context/webzhibo_npm/fastdfs-nginx-module/src/ --with-openssl=$SHELLPATH/openssl-1.0.2j/ if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install mkdir /usr/local/nginx/conf/ssl cp $SHELLPATH"dbz.haoren.com.cn.key" "/usr/local/nginx/conf/ssl" cp $SHELLPATH"dbz.haoren.com.cn_bundle.crt" "/usr/local/nginx/conf/ssl" echo "请放开iptable防火墙443端口,和修改nginx配置文件" cd $SHELLPATH cat install_openssl.sh #!/bin/bash echo "安装openssl...." #request g++(yum install gcc-c++) cd $SHELLPATH rm -f "openssl-1.0.2j.tar.gz" rm -rf "openssl-1.0.2j" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"openssl-1.0.2j.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf openssl-1.0.2j.tar.gz cd openssl-1.0.2j ./config make install cd $SHELLPATH cat install_phalcon_v1.sh #!/bin/bash echo "安装phalcon...." cd $SHELLPATH rm -f "phalcon-v1.3.4.tar.gz" rm -rf "cphalcon-phalcon-v1.3.4" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"phalcon-v1.3.4.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #为了让phalcon安装脚本找到phpize export PATH="$PATH:/usr/local/php/bin/" tar -xzvf phalcon-v1.3.4.tar.gz cd cphalcon-phalcon-v1.3.4/build ./install cd $SHELLPATH cat install_phalcon_v2.sh #!/bin/bash echo "安装phalcon...." cd $SHELLPATH rm -f "phalcon-v2.0.11.tar.gz" rm -rf "cphalcon-phalcon-v2.0.11" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"phalcon-v2.0.11.tar.gz" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #为了让phalcon安装脚本找到phpize export PATH="$PATH:/usr/local/php/bin/" tar -xzvf phalcon-v2.0.11.tar.gz cd cphalcon-phalcon-v2.0.11/build ./install cd $SHELLPATH cat install_phpall.sh #!/bin/bash echo "安装web服务器...." ./install.sh request ./install.sh ncurses ./install.sh libmysql ./install.sh php ./install.sh phpextension ./install.sh phalcon_v1 ./install.sh nginx cd $SHELLPATH cat install_phpextension.sh #!/bin/bash echo "安装memcache.so memcached.so php client...." #需要先安装php,memcached.so依赖 libmemcache cd $SHELLPATH if test -z "$HAVEINCLUDE" ; then source include.sh; fi #安装redis cd $SHELLPATH rm -f "redis-2.2.7.tgz" rm -rf "redis-2.2.7" wget -N $URLBASE"redis-2.2.7.tgz" tar -xzvf redis-2.2.7.tgz cd redis-2.2.7 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #安装memcache cd $SHELLPATH rm -f "memcache-3.0.8.tgz" rm -rf "memcache-3.0.8" wget -N $URLBASE"memcache-3.0.8.tgz" tar -xzvf memcache-3.0.8.tgz cd memcache-3.0.8 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #安装memcached 其依赖与libmemcache cd $SHELLPATH rm -f "libmemcached-1.0.18.tar.gz" rm -rf "libmemcached-1.0.18" wget -N $URLBASE"libmemcached-1.0.18.tar.gz" tar -xzvf libmemcached-1.0.18.tar.gz cd libmemcached-1.0.18 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH rm -f "memcached-2.2.0.tgz" rm -rf "memcached-2.2.0" wget -N $URLBASE"memcached-2.2.0.tgz" tar -xzvf memcached-2.2.0.tgz cd memcached-2.2.0 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --disable-memcached-sasl make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #安装mcrypt 其依赖与libmcrypt mhash cd $SHELLPATH rm -f "libmcrypt-2.5.8.tar.gz" rm -rf "libmcrypt-2.5.8" wget -N $URLBASE"libmcrypt-2.5.8.tar.gz" tar -xzvf libmcrypt-2.5.8.tar.gz cd libmcrypt-2.5.8 ./configure make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH rm -f "mhash-0.9.9.9.tar.gz" rm -rf "mhash-0.9.9.9" wget -N $URLBASE"mhash-0.9.9.9.tar.gz" tar -xzvf mhash-0.9.9.9.tar.gz cd mhash-0.9.9.9 ./configure make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH rm -f "mcrypt-2.6.8.tar.gz" rm -rf "mcrypt-2.6.8" wget -N $URLBASE"mcrypt-2.6.8.tar.gz" tar -xzvf mcrypt-2.6.8.tar.gz cd mcrypt-2.6.8 ./configure make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #编译了mcrypt后不会生成mcrypt.so,必须到php代码目录下生成 cd $SHELLPATH cd php-5.6.21/ext/mcrypt /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install #安装xcache cd $SHELLPATH rm -f "xcache-3.2.0.tar.gz" rm -rf "xcache-3.2.0" wget -N $URLBASE"xcache-3.2.0.tar.gz" tar -xzvf xcache-3.2.0.tar.gz cd xcache-3.2.0 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi #安装FastDFS 依赖libfastcommon cd $SHELLPATH rm -f "libfastcommon-1.0.7.tar.gz" rm -rf "libfastcommon-1.0.7" wget -N $URLBASE"libfastcommon-1.0.7.tar.gz" tar -xzvf libfastcommon-1.0.7.tar.gz cd libfastcommon-1.0.7 ./make.sh ./make.sh install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH rm -f "fastdfs-5.05.tar.gz" rm -rf "fastdfs-5.05" wget -N $URLBASE"fastdfs-5.05.tar.gz" tar -xzvf fastdfs-5.05.tar.gz cd fastdfs-5.05 ./make.sh ./make.sh install cd php_client/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make -j 4 make install if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH cat install_php.sh #!/bin/bash echo "安装php...." #request curlib libxml2(yum install libxml2 libxml2-devel) openssl(yum install openssl openssl-devel) curl(yum install libcurl libcurl-devel) jpeg(yum install libjpeg-turbo-devel) png(yum install libpng-devel) freetype(yum install freetype-devel) #request libmysql(./install libmysql) cd $SHELLPATH rm -f "php-5.6.21.tar.gz" rm -rf "php-5.6.21" rm -f "php.ini" rm -f "php-fpm.conf" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"php-5.6.21.tar.gz" wget -N $URLBASE"php.ini" wget -N $URLBASE"php-fpm.conf" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf php-5.6.21.tar.gz cd php-5.6.21 ./configure --prefix=/usr/local/php --with-gd --with-curl --with-jpeg-dir --with-zlib --with-png-dir --with-freetype-dir --with-iconv --enable-sockets --enable-bcmath --enable-zip --with-mysql=/usr/local/mysql --enable-ftp --with- config-file-path=/etc --with-libxml-dir --with-openssl --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-sysvsem --enable-shmop --enable-soap --enable-fpm --enable-mbstring if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make -j 4 if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install cp -f $SHELLPATH"php.ini" "/etc/" cp -f $SHELLPATH"php-fpm.conf" "/usr/local/php/etc/" #添加PATH echo "PATH=\"/usr/local/php/bin:\$PATH\"" >> /etc/profile export PATH="/usr/local/php/bin:$PATH" cat /dev/null > /tmp/php_errors.log chown nobody:nobody /tmp/php_errors.log cd $SHELLPATH cat install_redis.sh #!/bin/bash echo "安装redis...." cd $SHELLPATH rm -f "redis-3.2.0.tar.gz" rm -rf "redis-3.2.0" rm -f "redis.conf" #if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi if test -z "$HAVEINCLUDE" ; then source include.sh; fi wget -N $URLBASE"redis-3.2.0.tar.gz" wget -N $URLBASE"redis.conf" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi tar -xzvf redis-3.2.0.tar.gz cd redis-3.2.0 make if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi make install cp -f $SHELLPATH"redis.conf" "/etc/" mkdir /home/redis cd $SHELLPATH cat install_request.sh #!/bin/bash echo "安装依赖软件...." cd $SHELLPATH if [ `which yum | grep -v "no yum" ` ]; then #g++ request by ncurses yum -y install gcc-c++ #automake request by libevent、memcached yum -y install automake #pcre request by nginx yum -y install pcre-devel #cmake request by mysql yum -y install cmake #php lib:libxml2 openssl curl jpeg png freetype yum -y install libxml2 libxml2-devel openssl openssl-devel libcurl libcurl-devel libjpeg-turbo-devel libpng-devel freetype-devel else echo "not support" fi cat install_rsync.sh #!/bin/bash echo "安装rsync...." cd $SHELLPATH if test -z "$HAVEINCLUDE" ; then source include.sh; fi rm -f "rsync-3.1.2.tar.gz" rm -rf "rsync-3.1.2" wget -N $URLBASE"rsync-3.1.2.tar.gz" tar -xzvf rsync-3.1.2.tar.gz cd rsync-3.1.2 ./configure make -j 4 make install wget -N $URLBASE"rsyncd.conf" wget -N $URLBASE"rsync_pwd.ps" cp rsyncd.conf /etc/ cp rsync_pwd.ps /etc/ echo "run: rsync --daemon --config /etc/rsyncd.conf" echo "防火墙请开放873" if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi cd $SHELLPATH grep -v "#" redis.conf protected-mode no port 6379 tcp-backlog 511 timeout 0 tcp-keepalive 0 daemonize yes supervised no pidfile /var/run/redis.pid loglevel notice logfile "/tmp/redis.log" databases 16 save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb dir /home/redis/ slave-serve-stale-data yes slave-read-only yes repl-diskless-sync no repl-diskless-sync-delay 5 repl-disable-tcp-nodelay no slave-priority 100 appendonly no appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes lua-time-limit 5000 slowlog-log-slower-than 10000 slowlog-max-len 128 latency-monitor-threshold 0 notify-keyspace-events "" hash-max-ziplist-entries 512 hash-max-ziplist-value 64 list-max-ziplist-size -2 list-compress-depth 0 set-max-intset-entries 512 zset-max-ziplist-entries 128 zset-max-ziplist-value 64 hll-sparse-max-bytes 3000 activerehashing yes client-output-buffer-limit normal 0 0 0 client-output-buffer-limit slave 256mb 64mb 60 client-output-buffer-limit pubsub 32mb 8mb 60 hz 10 aof-rewrite-incremental-fsync yes cat nginx_proxy.conf user nobody; worker_processes 16; #error_log logs/error.log; error_log logs/error.log notice; #error_log logs/error.log info; pid logs/nginx.pid; events { worker_connections 20000; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; #gzip on; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; #keepalive_timeout off; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; chunked_transfer_encoding off; server_tokens off; proxy_connect_timeout 5; proxy_read_timeout 60; proxy_send_timeout 5; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; #proxy_temp_path /usr/local/nginx/proxy_temp; proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=image:20m inactive=1d max_size=100m; upstream bbserver{ #server 182.53.133.11:80; server 182.53.133.11:80; server 182.53.133.11:80; server 182.53.133.11:80; server 182.53.133.11:80; server 182.53.133.11:80; keepalive 60; } upstream zhibosite{ server 182.53.12.146:80; keepalive 60; } upstream bbimg2{ server 182.53.133.11:80; server 182.53.133.11:80; } upstream bbimg4{ server 182.53.133.11:80; server 182.53.133.11:80; } upstream live{ server 182.53.10.11 weight=2; server 182.53.3.11 weight=1; } server { listen 80; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } location /server_status{ stub_status on; access_log off; allow 18.18.16.12; allow 127.0.0.1; deny all; #auth_basic "NginxStatus"; #auth_basic_user_file conf/htpasswd; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } server { listen 80; server_name zhibo.haoren.com bb.haoren.com 2b.haoren.com bianbian.haoren.com bianbian.tv www.bianbian.tv; index index.html index.php; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*) { proxy_cache image; proxy_cache_methods GET HEAD; proxy_cache_min_uses 1; proxy_cache_valid 200 302 5m; proxy_cache_valid 404 1m; proxy_cache_valid any 1m; proxy_cache_key "$host:$server_port$uri$is_args$args"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbserver; } location /{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbserver; } } server { listen 80; server_name bbimg2.haoren.com; index index.html index.php; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*) { proxy_cache image; proxy_cache_methods GET HEAD; proxy_cache_min_uses 1; proxy_cache_valid 200 302 5m; proxy_cache_valid 404 1m; proxy_cache_valid any 1m; proxy_cache_key "$host:$server_port$uri$is_args$args"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbimg2; } location /{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbimg2; } } server { listen 80; server_name bbimg4.haoren.com; index index.html index.php; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*) { proxy_cache image; proxy_cache_methods GET HEAD; proxy_cache_min_uses 1; proxy_cache_valid 200 302 5m; proxy_cache_valid 404 1m; proxy_cache_valid any 1m; proxy_cache_key "$host:$server_port$uri$is_args$args"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbimg4; } location /{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://bbimg4; } } server { listen 80; server_name live.haorensafe.com recommend.haorensafe.com; index index.html index.php; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*) { proxy_cache image; proxy_cache_methods GET HEAD; proxy_cache_min_uses 1; proxy_cache_valid 200 302 5m; proxy_cache_valid 404 1m; proxy_cache_valid any 1m; proxy_cache_key "$host:$server_port$uri$is_args$args"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://live; } location /{ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header NetType-WT 1; proxy_pass http://live; } } } cat rsyncd.conf pid file = /var/run/rsyncd.pid uid = nobody gid = nobody max connections = 36000 log file = /var/log/rsync.log transfer logging = yes log format = %t %a %m %f %b syslog facility = local3 syslog facility = local5 [test] Path=/tmp/test read only = false use chroot = no hosts allow = 18.16.10.18 uid=nobody gid=nobody secrets file = /etc/rsync_pwd.ps