Nginx开启fastcgi_cache缓存加速

user  www www;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events
    {
        use epoll;
        worker_connections 65535;
        multi_accept on;
    }
    
http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;
        keepalive_timeout 60;
        tcp_nodelay on;
        
        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;
        access_log off;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
        
        #cache设置
        fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
        fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=fastcgi_cache:32m inactive=10m max_size=50g;
        fastcgi_cache_key "$scheme$request_method$host$request_uri";
        fastcgi_cache_methods GET HEAD;
        fastcgi_cache fastcgi_cache; 
        fastcgi_cache_valid 200 302 1h; 
        fastcgi_cache_valid 301 1d; 
        fastcgi_cache_valid any 10m;
        fastcgi_cache_use_stale error timeout invalid_header http_500;
        #忽略一切nocache申明,避免不缓存伪静态等
        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        fastcgi_ignore_client_abort on;
        #发送头信息到客户端 - 一般是浏览器
        add_header X-Cache-CFC "$upstream_cache_status - $upstream_response_time";

server
    {
        listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
        server_name www.2dan.cc;
        index index.html index.htm index.php;
        root  /home/wwwroot/default;

        #error_page   404   /404.html;
        include enable-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }
        set $skip_cache 0;
        #post访问不缓存
        if ($request_method = POST) {
            set $skip_cache 1;
        }   
        #动态查询不缓存
        if ($query_string != "") {
            set $skip_cache 1;
        }   
        #后台等特定页面不缓存
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
            set $skip_cache 1;
        }   
        #对登录用户、评论过的用户不展示缓存
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $skip_cache 1;
        }
        location ~ [^/]\.php(/|$) {
            try_files $uri =404;
            fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
            #新增的缓存规则
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
        }
        access_log  /home/wwwlogs/access.log;
    }
}

CentOS只更新安全补丁

1、安装yum插件:

yum install yum-security

2、检查安全更新

yum --security check-update

3、只安装安全更新

yum update --security

4、检查特定软件有无安全更新

yum list-security software_name

5、列出更新的详细信息

yum info-security software_name

Let's Encrypt_openssl.so: undefined symbol: OPENSSL_sk_num错误解决

Let's Encrypt会自动安装在用户宿主目录~/.local/下,今天在续期证书时报错:

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 13, in <module>
    from acme import jose
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
    from acme.jose import util
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/util.py", line 5, in <module>
    import OpenSSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: OPENSSL_sk_num

原因是pip编译安装相应模块时调用到系统的openssl库,而系统openssl不支持OPENSSL_sk_num

由于我之前已经编译过新版的openssl放在/usr/local/openssl下,将第一步自动安装上的openssl-devel包删除,然后pip重新安装cryptographypyopenssl即可。注意:需先清除安装缓存目录,否则安装时不会重新编译。

yum remove openssl-devel
cd ~/.local/share/letsencrypt/bin/
pip uninstall cryptography pyopenssl -y
pip install --upgrade pip
rm -rf ~/.cache/
pip install cryptography pyopenssl
ldd ~/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so

此时已经链接到编译的openssl库上,这样再执行命令便不会报错。

免费SSL安全证书Let's Encrypt(certbot)安装使用教程

Let's Encrypt是很火的一个免费SSL证书发行项目,自动化发行证书,证书有90天的有效期。适合个人使用或者临时使用,不用再忍受自签发证书不受浏览器信赖的提示。去年二蛋曾经记录过Let's Encrypt的使用教程,但是Let's Encrypt已经发布了新的工具certbot,虽然是新工具,但是生成证书的使用方法和参数是基本一致的,证书续期更简单了。但是目前看certbot在一些老版本的Linux发行版上的兼容性还是有问题的,特别是在CentOS 5上,因为python版本过低是无法使用的,CentOS 6上需要先安装epel才行。

安装方法:

如果是CentOS 6、7,先执行:

yum install epel-release
cd /root
wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

./certbot-auto -n只是用来安装依赖包的,也可以跳过直接到下面的生成证书的步骤,国内VPS或服务器上使用的话建议先修改为国内的pip源。

单域名生成证书:

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc

多域名单目录生成单证书:(一个网站多个域名使用同一个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc

多域名多目录生成多个证书:(一次生成多个域名的多个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc -w /home/wwwroot/www.caibaoz.com -d www.caibaoz.com -d caibaoz.com

- 阅读剩余部分 -

  1. 1
  2. ...
  3. 16
  4. 17
  5. 18
  6. ...
  7. 52