Category: Linux

Linux Shell 手记

下面的例子展示了如何向脚本传递参数、脚本如何获取参数、if else判断、变量的使用等基本内容。

#!/bin/bash
 
# 如果参数个数大于1
if [[ $# -lt 1 ]]; then
	echo "args count must > 1"
	echo "Uage: bash +x example01.sh [args...]"
	exit
fi
 
# 获取传递的参数并赋值给arg
arg=$1
 
if [[ $arg -gt 10 ]]; then
	echo "$arg > 10"
else
	echo "$arg < 10"
fi

这个脚本的调用方式如下:

bash +x example01.sh 5

下面的例子展示了数组、函数、循环等基本使用。

#!/bin/bash
 
if [[ $# -lt 1 ]]; then
	echo "args count must > 1"
	echo "Uage: bash +x example01.sh [args...]"
	exit
fi
 
# 当前命令行所有参数。置于双引号中,表示个别参数
args=$@
 
for arg in $args; do
	echo $arg
done
 
function fun() {
	echo $1
}
 
fun "hello shell"
 
fun2() {
	echo "Linux"
}
 
fun2

注意,函数fun中的$1,获取的是函数参数,不是脚本调用时传入的参数。$@ 是获取脚本调用时传入的参数列表。

while 循环以及其他几种循环、case、表达式expr的使用

#!/bin/bash
 
if [[ $# -lt 1 ]]; then
	echo "args count must > 1"
	echo "Uage: bash +x example01.sh [args...]"
	exit
fi
 
case $1 in
	"install" )
		echo "operation type is install"
	;;
	"uninstall" )
		echo "operation type is uninstall"
	;;
	* )
		echo "operation type is not support"
	;;
esac
 
for ((i=0;i<3;i++))
do
	if ((i==1))
	then
			continue
	fi
	echo $i
done
 
for i in `seq 5`
do
	echo "loop $i"
done

注意这里的case * 并不是所有,而是输入值不在case中,相当于default. 在循环中可以使用continue/break等关键字,非常类似java等其他语言的循环。
Read more

JSP环境搭建 centos Tomcat 9

软件包下载地址:

JAVA环境安装

yum -y update  # 升级系统
cd /usr/local
wget http://javadl.sun.com/webapps/download/AutoDL?BundleId=111741 -O jre.tar.gz
tar zxvf jre.tar.gz
chown root:root jre1.8.0_66 # 默认的权限貌似不一样

echo "export JAVA_HOME=/usr/local/jre1.8.0_66" >> /etc/profile     # 写入JAVA_HOME
echo "export CLASSPATH=.:%JAVA_HOME%/lib/dt.jar:%JAVA_HOME%/lib/tools.jar" >> /etc/profile # 写入JAVA_CLASSPATH
source /etc/profile  # 立即生效
env |grep JAVA # 查看是否生效
#JAVA_HOME=/usr/local/jre1.8.0_66
#CLASSPATH=.:%JAVA_HOME%/lib/dt.jar:%JAVA_HOME%/lib/tools.jar

ln -s /usr/local/jre1.8.0_66/bin/java /sbin/java # 创建程序快捷方式,否则会提示找不到程序

java -version
#java version "1.8.0_66"
#Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
#Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

Tomcat 安装

# 生产环境最好还是Tomcat 7合适!
wget http://mirrors.hust.edu.cn/apache/tomcat/tomcat-9/v9.0.0.M1/bin/apache-tomcat-9.0.0.M1.tar.gz
tar zxvf apache-tomcat-9.0.0.M1.tar.gz
mv apache-tomcat-9.0.0.M1 tomcat
/usr/local/tomcat/bin/startup.sh #启动服务器
#Using CATALINA_BASE:   /usr/local/tomcat
#Using CATALINA_HOME:   /usr/local/tomcat
#Using CATALINA_TMPDIR: /usr/local/tomcat/temp
#Using JRE_HOME:        /usr/local/jre1.8.0_66
#Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
#Tomcat started.
/usr/local/tomcat/bin/shutdown.sh # 关闭服务器

Read more

AlphaSSL Wildcard SSL 证书安装记

昨天在某宝买了一个AlphaSSL Wildcard SSL的通配符证书,一切顺利,一会就收到了。

首先要使用通配符证书必须保证服务器支持SNI。Nginx可以使用 nginx -V来查看是否支持

[root@WebServer nginx]# nginx -V
nginx version: nginx/1.9.5
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-ipv6 --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module

如果支持那么就好办了,直接配置吧。。附上我的配置

# 以下为server段内容
listen 443 ssl http2;
keepalive_timeout   	20;
server_name test.bcsytv.com;
index index.html index.htm index.php default.html default.htm default.php;
root  /home/wwwroot/test;

ssl 						on;
ssl_certificate 			/usr/local/nginx/conf/vhost/test.crt;
ssl_certificate_key 		/usr/local/nginx/conf/vhost/test.key;
ssl_dhparam 				/usr/local/nginx/conf/vhost/dhparam.pem;

ssl_protocols 				TLSv1.2 TLSv1.1 TLSv1;
ssl_stapling 				on;
ssl_stapling_verify 		on;
resolver 					8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 			10s;
ssl_ciphers 				"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_session_cache       	shared:SSL:10m;
ssl_session_timeout     	10m;
ssl_prefer_server_ciphers 	on;
# 以下参数是个超级坑爹的东西!!千万不要尝试!
#ssl_session_tickets 		off;

# 强制使用HTTPS,includeSubdomains是否指定子域名
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

# 不允许被任何页面嵌入
add_header X-Frame-Options DENY;

# 禁用浏览器的类型猜测行为
add_header X-Content-Type-Options nosniff;

小花絮:

直接给的证书是不带中级证书的,我们需要合并。。假如你收到的证书是demo.crt

wget https://jalena.bcsytv.com/Upfiles/2015/11/alpha.crt && cat alpha.crt >> demo.crt

dhparam.pem生成命令

openssl dhparam -out dhparam.pem 4096

ok。

Centos 批量设置权限

最近服务器总是出现问题,php文件的执行权限居然是777,真是见鬼。

直接使用chmod -R设置权限结果导致服务器上全部网站都是403了(文件没有权限)

想直接设置php这类的文件权限为644,文件夹为745呢,chmod又不支持。。

突然想到可以结合find命令配合管道来执行。

# 利用find -type 定义文件类型,查找到对应的类型,传递给chmod来进行权限设置
# f 表示普通文件, d 表示文件夹
# 第一行表示直接结合-exec来执行命令,第二行表示搜索出匹配的类型传递给chmod来分配权限
# 设置文件权限
find -type f -exec chmod 644 {} \;
find -type f|xargs chmod 644

# 设置文件夹权限
find -type d -exec chmod 745 {} \;
find -type d|xargs chmod 745

Nginx 部署Comodo Positive SSL证书

生成2048位key

root@sg:/etc/nginx# openssl genrsa -out ssl2.me.key 2048
Generating RSA private key, 2048 bit long modulus
......+++
..................................................................................................................................+++
e is 65537 (0x10001)

生成SCR文件

root@sg:/etc/nginx# openssl req -new -key ssl2.me.key -out ssl2.me.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN  (这里输入两位大写字母的国家代码 CN是中国)
State or Province Name (full name) [Some-State]:BJ (这里省份 可以填写简称,一般填写拼音)
Locality Name (eg, city) []:BJ  (这里是城市可以填写简称,一般填拼音)
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ssl2 (组织或公司名)
Organizational Unit Name (eg, section) []: (不填写直接回车)
Common Name (eg, YOUR name) []:ssl2.me  (输入使用ssl的域名,一般不带www)
Email Address []:admin@ssl2.me (填写邮箱,有时候证书是发送到这个邮箱)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  (不填写直接回车)
An optional company name []:  (不填写直接回车)

Read more