Category Archives: web系统

4月 13

nginx 区分移动设备配置

Posted on by

  当期需求,要将来访请求区分开,pc使用页面展示,android和iphone转向相应的页面,配置如下,文中连接只是为了演示:
server {
listen 80;
access_log off;
server_name simonzhang.net www.simonzhang.net ;
modern_browser unlisted;
set $ismob 0;
if ( $http_user_agent ~ “^((.*iPhone.*)|(.*iOS.*)|(.*Safari.*))$”) {
set $ismob 1;
rewrite ^(.*) http://www.simonzhang.net/?page_id=782 break;
}
if ( $http_user_agent ~ “^((.*Android.*))$”) {
set $ismob 1;
rewrite ^(.*) http://www.pixshow.net/robots.txt break;
}
if ( $http_user_agent ~ “^((.*Windows NT.*)|(.*Intel Mac OS.*))$”) {
set $ismob 1;
rewrite ^(.*) http://www.simonzhang.net/ break;
}
rewrite ^(.*) http://www.pixshow.net/ break;
}

注:此类配置并不能百分之百区分出设备,毕竟有写设备还是不守规矩。

3月 28

nagios 安装调试

Posted on by

[整理人:张子萌 2010-04]

需要准备软件如下:
centos

nagios-3.2.0
nagios-plugin-1.4.14

除了nagios还需要安装以下软件
apache2 安装路径为/usr/local/apache
perl
gcc 编译工作系统默认即可,如果没有安装推荐使用yum安装。
php nagios3.2页面需要php环境
yum install gcc glibc glibc-common
绘制图表需要安装以下包
freetype-2.3.5.tar.gz
libiconv-1.11.tar.gz
libmcrypt-2.5.7.tar.gz
libpng-1.2.10.tar.bz2
jpegsrc.v6b.tar.gz
gd-2.0.35.tar.gz
可以使用yum或者源码安装。
以上绘图包和apache安装可以参照:http://simon-zzm.blog.163.com/blog/static/88809522201028104721790/

1. 建组建帐号nagios

# groupadd nagios
# groupadd apache
# useradd -g nagios -G apache nagios
# useradd -g apache -G nagios apache

2. 编译安装nagios

# tar zxvf nagios-3.2.0.tar.gz
# cd nagios-3.2.0
# ./configure –prefix=/usr/local/nagios
–with-command-group=nagios
–with-httpd-conf=/usr/local/apache/conf/
# make all
# make install
# make install-init
# make install-config
# make install-commandmode
# make install-webconf

3. 装nagios-plugin-1.4.13

# tar zxvf nagios-plugin-1.4.14.tar.gz
# cd nagios-plugin-1.4.14
# ./configure –prefix=/usr/local/nagios –with-nagios-user=nagios –with-nagios-group=nagios
# make
# make install

注:centos4 上安装时
在checking for redhat spopen problem…停住。
需要添加–enable-redhat-pthread-workaround参数

4. 创建web登录nagios账号

# cd /usr/local/apache/bin
# ./htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin ;创建一个登录WEB的帐号

5. 配置nagios和apache整合
本文使用虚拟机配置。
# cd /usr/local/apache/conf/extra/
# vi httpd-vhosts.conf

配置apache的cgi ,在httpd-vhosts.conf后增加配置如下:

ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Alias /nagios /usr/local/nagios/share

Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

首先测试配置文件是否正确
# /usr/local/apache/bin/apachectl configtest

重启apache
# /usr/local/apache/bin/apachectl stop
# /usr/local/apache/bin/apachectl start

6. 启动nagios

测试nagios配置是否可用
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

如果可用启动服务
# /etc/init.d/nagios start

现在你可以通过浏览器访问监控的界面了,http://x.x.x.x/nagios

7. 定义监控组

7.1 建立test监控组,监控192.268.1.103服务器。

在/usr/local/nagios/etc/目录下建立test目录,并定义主机.
监控192.168.1.103服务器的配置文件名为test_1_103.cfg.
# mkdir -p /usr/local/nagios/etc/test
# vi /usr/local/nagios/etc/testgroup.cfg
# 定义主机
define host{
use test-host
alias test Linux Server
address test_1_103; 如多个文件可以用逗号分开
}

7.2 建立监控文件
# vi /usr/local/nagios/etc/test_1_103.cfg
# 定义Ping远程Linux主机
define service{
use test-service ; 这个名字要和监控模板中一样,见7.3
host_name test;
service_description PING;
check_command check_ping!100.0,20%!500.0,60% ;check_ping命令在commands.cfg中定义,后跟两个参数,命令及参数间用!分割。
}
# 检查远程Linux主机根分区使用情况,必须安装nrpe并在/usr/local/nagios/etc/objects/commands.cfg中定义,见第8部分。
define service{
use generic-service ; Name of service template to use
host_name sectop
service_description Root Partition
check_command check_nrpe!check_disk_root
}
# 检查远程Linux主机的登录人数
define service{
use generic-service ; Name of service template to use
host_name sectop
service_description Current Users
check_command check_nrpe!check_users
}
# 检查远程Linux的主机的负载
define service{
use generic-service ; Name of service template to use
host_name sectop
service_description Current Load
check_command check_nrpe!check_load
}
# 检查远程Linux主机swap分区使用情况
define service{
&nb
sp; use generic-service ; Name of service template to use
host_name sectop
service_description Swap Usage
check_command check_nrpe!check_swap
}
# 检查远程Linux主机的SSH服务
define service{
use generic-service ; Name of service template to use
host_name sectop
service_description SSH
check_command check_ssh
notifications_enabled 1 ;0为不发送告警信息 1为发送

}
# 检查远程Linux主机的HTTP服务
define service{
use generic-service ; Name of service template to use
host_name sectop
service_description HTTP
check_command check_http
notifications_enabled 1 ;0为不发送告警信息 1为发送
}

7.3 定义监控组的模板
# vi /usr/local/nagios/etc/objects/templates.cfg

define contact{
name test-contact ; The name of this contact template
service_notification_period 24×7 ; service notifications can be sent anytime
host_notification_period 24×7 ; host notifications can be sent anytime
service_notification_options w,u,c,r,f,s ; send notifications for all service states, flapping events, and scheduled downtime events
host_notification_options d,u,r,f,s ; send notifications for all host states, flapping events, and scheduled downtime events
service_notification_commands notify-service-by-email ; send service notifications via email
host_notification_commands notify-host-by-email ; send host notifications via email
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL CONTACT, JUST A TEMPLATE!
}

define host{
name test-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
notification_period 24×7 ; Send host notifications at any time
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL HOST, JUST A TEMPLATE!
}

define host{
name te
st-server ; The name of this host template
use test-host ; This template inherits other values from the generic-host template
check_period 24×7 ; By default, Linux hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
notification_interval 120 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL HOST, JUST A TEMPLATE!
}

define service{
name test-service ; The ‘name’ of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service ‘freshness’
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24×7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the serv
ice up to 3 times in order to determine its final (hard) state
normal_check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the ‘admins’ group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24×7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}

7.4 修改告警模板
# vi vi /usr/local/nagios/etc/objects/contact.cfg
define contact{
contact_name nagiosadmin ; Short name of user
use test-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email admin@mail.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}

define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin
}

7.5 添加加载项

在nagios.cfg配置文件中开启对/usr/local/nagios/etc/test/加载
cfg_dir=/usr/local/nagios/etc/test/testgroups.cfg
cfg_dir=/usr/local/nagios/etc/test/test_1_103.cfg

测试nagios配置是否可用
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

如果重启服务
# /etc/init.d/nagios restart

8. 安装nrpe
nrpe用于和远程服务器交互使用。
nrpe分为两部分:一部分是运行在client端。一部分运行在客户端

8.1 nagios服务器上安装
#tar xzvf nrpe-2.12.tar.gz
#cd nrpe-2.12
#./configure
#make all
#make install-plugin #服务器端只要安装nrpe监控插件就行

在/usr/local/nagios/etc/objects/commands.cfg中定义check_nrpe命令
#vi /usr/local/nagios/etc/objects/commands.cfg
添加如下
# ‘check_nrpe ‘ command definition
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

8.2 在要监控的客户端上
参照 1 中在客户服务器上建立nagios用户组和nagios用户
# tar xzvf nagios-plugins-1.4.14.tar.gz
# cd nagios-plugins-1.4.14
# ./configure –prefix=/usr/local/nagios
# make
# make install
# chown -R nagios:nagios /usr/local/nagios/

# tar xzvf nrpe-2.12.tar.gz
# cd nrpe-2.12
# ./configure –prefix=/usr/local/nagios
# make all
# make install-plugin
# make install-daemon
# make install-daemon-config
修改配置文件
# vi /usr/local/nagios/etc/nrpe.cfg #修改nrpe配置文件,允许Nagios监控服务器监控本机

allowed_hosts=127.0.0.1,192.168.0.19 #此处IP为监控服务器的地址,如多个地址可以使用逗号分隔

启动客户端
#/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
查看端口是否已经监听
#netstat -tln #查看端口
tcp 0 0 0.0.0.0:5666 0.0.0.0:*

添加随系统启动,启动nrep客户端
#vi /etc/rc.d/rc.local
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

9. 设置被监控的windows服务器。
找了个NSClient++-windows*.msi的安装包,安装完毕修改配置,在nagios服务器也需要配
置,此处不做详解。

附录:
1. 配置nagios及其plugins

/usr/local/nagios/etc下的文件
#控制cgi访问的配置文件
cgi.cfg

#Nagios主配置文件
nagios.cfg

#resource.cfg定义了一些变量,以便被其它文件引用,如$USER1$
resource.cfg

# objects是一个目录,用于定义Nagios对象
objects

/usr/local/nagios/etc/objects下的文件

#命令

3月 21

Nginx服务使用的脚本

Posted on by

[编写人:张子萌 2010]

Nginx服务器时使用的脚本.

1.在nginx日志出现错误后发送告警邮件,使用该脚本会在nginx的sbin目录下产生last_error_log,错误文件格式

为nginx默认

#!/bin/sh
##############################################
# AUTHOR: simon-zzm
# back log
# Ver : 1.0 For Production
# description:
# 2010-03-12 simon-zzm@163.com
##############################################
######set ip Email base path
IP=172.2.2.2
admin_mail=simon-zzm@163.com
base_path=/usr/local/nginx

###run
cut_error_log=`/bin/cat ${base_path}/sbin/last_error_log`
last_error_log=`/usr/bin/tail -1 ${base_path}/logs/error.log|/bin/cut -c 1-19`
if [ “$cut_error_log” != “$last_error_log” ];then
/usr/bin/tail -5 ${base_path}/logs/error.log>$base_path/sbin/mail1.txt
/bin/mail -s $IP_nginx_error_log $admin_mail<$base_path/sbin/mail1.txt
/bin/rm -rf $base_path/sbin/mail1.txt
echo $last_error_log>${base_path}/sbin/last_error_log
fi

2.nginx日志切割,每个小时切割一个日志,

#!/bin/sh

##############################################

# AUTHOR: simon-zzm

# back log

# Ver : 1.0 For Production

# description:

# 2010-03-12 simon-zzm@163.com

##############################################

###set base path、use every an hour to cut log
log_dir=”/usr/local/nginx/logs”
date_dir=`date +%Y%m%d%H`

###run
/bin/mv ${log_dir}/access.log ${log_dir}/access_${date_dir}.log
/bin/kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`

3.日志备份部分参照通用性日志备份

http://simon-zzm.blog.163.com/blog/static/88809522201021523828112/

3月 16

squid 配置 和常用命令

Posted on by

【收集整理:张子萌 2009-11-2】

设置为缓荐服务器
cache_mem 30 M #内存使用大小。一般来说如果系统有内存,设置该值为(n/)3M。现在是3G 所以这里1G
cache_swap_low 90
cache_swap_high 95
max_open_disk_fds 0 #允许最大打开文件数量,0 无限制
minimum_object_size 0 KB #磁盘cache中最小的object的大小(低于这个值则不缓存)
maximum_object_size 20000 KB #磁盘cache中最大的object的大小(超过这个值则不缓存)
maximum_object_size_in_memory 4096 KB #装入内存缓存的文件大小,默认值是8K,超过8K的文件都不装入内存,可以在这里设成4M

cache_swap_low 90 #最小允许使用swap 90%
cache_swap_high 95 #最多允许使用swap 95%
cache_dir ufs /tmp1 10000 16 256 #磁盘缓存的类型和目录,大小,一二级目录的设置,这里磁盘缓存大小是10G
#ufs是一种文件存储方式 因为os一般都是从内存获取数据 那么内存的东西必须最后写的硬盘上
#sync 同步的时候用的ufs 那么squid也是一样
#ufs一般是同时写入内存和硬盘
#注意:size是按照M为单位的也就这个目录中最大存储容量的上限

acl QUERY urlpath_regex -i cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe #-i为不区分大小写
cache deny QUERY #设置不想缓存的目录或者文件类型

cache_mgr webmaster@test.com #管理员邮箱

###相关日志记录,可以设为none成不记录日志####
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log combined

http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host ip_address # WEB服务器的IP地址
httpd_accel_single_host on # 设置转发为缓冲的请求到一台单独的机器
httpd_accel_port 81 # WEB服务器的端口
httpd_accel_uses_host_header off # 完成单台WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理
cache_peer www.XXXXX.com parent 80 0 no-query originserver name=www #定义不同的父节点,将节点设为no-query以及originserver说明这些节点是实际服务器
cache_peer_domain www.XXXXX.com #设定不同域名转发到不同的cache_peer上,如果没有这项.不同域名的域名可能被分发到同一台服务器上.
hierarchy_stoplist cgi-bin ? #用来强制某些特定的对象不被缓存,主要是处于安全的目的。

refresh_pattern . 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload #更新cache规则
client_lifetime 120 minute #最大客户连接时间 120分钟
cache_mgr sky@test.com #指定当缓冲出现问题时向缓冲管理者发送告警信息的地址信息
request_entities off #禁止非http的标准请求,防止攻击
acl buggy_server url_regex ^http://…. http:// #只允许http的请求
# 设定可以访问的域名别名
acl HostA dstdomain www.XXXX.com
acl HostB dstdomain bbs.XXXX.com
# 加速器采用http协议在8000端口监听
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 8000
acl all src 0.0.0.0/0.0.0.0 #允许所有IP访问
acl manager proto http #manager url协议为http
acl localhost src 127.0.0.1/255.255.255.255 #允午本机IP
acl to_localhost dst 127.0.0.1 #允午目的地址为本机IP
acl Safe_ports port 80 # 允许安全更新的端口为80
acl CONNECT method CONNECT #请求方法以CONNECT
http_access allow all #允许所有人使用该代理.因为这里是代理加速web服务器
http_reply_access allow all #允许所有客户端使用该代理
acl OverConnLimit maxconn 16 #限制每个IP最大允许16个连接,防止攻击
http_access deny OverConnLimit
icp_access deny all #禁止从邻居服务器缓冲内发送和接收ICP请求.
miss_access allow all #允许直接更新请求
ident_lookup_access deny all #禁止lookup检查DNS

half_closed_clients off #半关闭状态的TCP连接,设为off,则一旦从客户端返回“no more data to read”的信息,squid就立即关闭该连接
refresh_pattern .htm 0 25% 8 #设置htm文件过期时间为10分钟

一些关于squid调试的命令:
1,初始化squid.conf 里配置的 cache 目录
#squid/sbin/squid -z
如果有错误提示,请检查 cache目录的权限。

2. squid.conf 排错,即验证 squid.conf 的语法和配置。
#squid/sbin/squid -k parse
如果squid.conf 有语法或配置错误,这里会返回提示你,如果没有返回,恭喜,可以尝试启动squid。

3.在前台启动squid,并输出启动过程。
#squid/sbin/squid -N -d1
如果有到 ready to server reques,启动成功。
然后 ctrl + c,停止squid,并以后台运行的方式启动。

4.启动squid在后台运行。
#squid/sbin/squid -s
可以通过ps -ef|grep squid 来查看系统进程。

5.停止 squid
#squid/sbin/squid -k shutdown

6.重引导修改过的 squid.conf
#squid/sbin/squid -k reconfigure
修改squid.conf配置后,先检查配置文件是否正确,然后再执行此指令,即可让squid按新quid.conf 来运行。

7.把squid添加到系统启动项 编辑
/etc/rc.d/rc.local 添加如下行:
/usr/local/squid/sbin/squid -s

8.查看你的日志文档。
#more /usr/local/squid/var/logs/access.log | grep TCP_MEM_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到内存中,并返回给访问用户。
#more /usr/local/squid/var/logs/access.log | grep TCP_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到cache目录中

3月 15

日志 压缩 备份 定时删除脚本

Posted on by

[编写整理:simonzhang 2010-03-15 2012-04-08修改]

  在linux下有大量日志需要压缩备份,并定期清理长期保存的备份日志。对于多处日志存放使用数组进行循环处理。脚本修改好后,设置定时任务即可。

#!/bin/sh
##############################################
# AUTHOR: simonzhang
# back log
# Ver : 1.1 For Production
# description: 
# 2010-03-12  
##############################################
####### set log patch
log_path=("/usr/local/nginx/logs/" "/usr/local/tomcat6/logs/" )
####### set backup log patch
bak_log_path=("/usr/local/nginx/logs/back" "/usr/local/tomcat6/logs/back")

####### set backup  3 day ago log
backupdays=3

#######clear 180 day ago compress log
deletedays=180

#######  start
for (( i=0 ; i<${#log_path[@]} ; i++ ))
do
        cd ${log_path[i]}
    if [ ! -f ${bak_log_path[i]} ] ; then
            /bin/mkdir -p ${bak_log_path[i]}
    fi
        /usr/bin/find  * -ctime +$backupdays -maxdepth 0 -not -name *.pid -not -name error* -exec zip -m {}.zip  {} \;
        /bin/mv *.zip ${bak_log_path[$i]}
        cd ${bak_log_path[$i]}
        echo /usr/bin/find  * -ctime +$deletedays -maxdepth 0 -exec rm {} \;
done
############  end