月度归档:2014年10月

Linux: Find out how many file descriptors are being used

While administrating a box, you may wanted to find out what a processes is doing and find out how many file descriptors (fd) are being used. You will surprised to find out that process does open all sort of files: => Actual log file => /dev files => UNIX Sockets => Network sockets => Library files /lib /lib64 => Executables and other programs etc The best way to find out this information is use lsof command or explore /proc/PID directory for each running processes (including kernel processes), containing information about that process. 继续阅读

Nginx: Too Many Open Files Error And Solution

I‘m getting the following error in my nginx server error log file:

2010/04/16 13:24:16 [crit] 21974#0: *3188937 open() “/usr/local/nginx/html/50x.html” failed (24: Too many open files), client: 88.x.y.z, server: example.com, request: “GET /file/images/background.jpg HTTP/1.1”, upstream: “http://10.8.4.227:81//file/images/background.jpg”, host: “example.com”

2010/12/21 12:39:25 [crit] 20157#0: *230260 open() “/usr/local/nginx/html/50x.html” failed (24: Too many open files), client: 58.245.186.49, server: example.com, request: “GET /style/all.css HTTP/1.1”, host: “example.com”, referrer: “http://domain.com/x.php?…

2010/12/21 12:39:25 [alert] 20157#0: accept() failed (24: Too many open files)

继续阅读

Nginx限制IP,限制目录访问的设置

Nginx限制IP,限制目录访问的设置

根据nginx的文档:

ngx_http_access_module

This module provides a simple host-based access control.

Module ngx_http_access_module makes it possible to control access for specific IP-addresses of clients. Rules are checked in the order of their record to the first match.

Example configuration

location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
deny all;
}

In the above example access is only granted to networks 10.1.1.0/16 and 192.168.1.0/24 with the exception of the address 192.168.1.1.

When implementing many rules, it is generally better to use the ngx_http_geo_module.

根据这个文档,比如我要限制private这个目录的访问,用如下规则

location /private {
allow 192.168.1.0/24;
deny all;
}
location ~ \.php$ {
include fastcgi.conf;
}

这个时候实验会发现,private目录下的php之外的文件确实只有192.168.1.0这个网段的机器访问,但是php文件却依然可以访问,这是为什么哪? 因为nginx的匹配方式是正则表达式优先级比较高。因此PHP解析用的是正则表达式进行匹配,而要限制的目录如果不是用正则表达式,所以,就算是要限制的目录,因为PHP还是能被匹配到,所以,还是解析PHP了。 所以,如果想解决的话,需要把目录也写成正则匹配,而且要放在PHP的前面,否则就会先匹配PHP。

location ~ ^/private/ {
allow 192.168.1.0/24;
deny all;
}
location ~ \.php$ {
include fastcgi.conf;
}

改成这样以后,会发现php文件提示打开、保存,我点了保存以后,下载回来的文件就是明文的源代码。这又是为什么哪? 根据nginx的文档:

location

syntax: location [=|~|~*|^~] /uri/ { … }

default: no

context: server

This directive allows different configurations depending on the URI. It can be configured using both conventional strings and regular expressions. To use regular expressions, you must use the prefix ~* for case insensitive match and ~ for case sensitive match.

To determine which location directive matches a particular query, the conventional strings are checked first. Conventional strings match the beginning portion of the query and are case-sensitive – the most specific match will be used (see below on how nginx determines this). Afterwards, regular expressions are checked in the order defined in the configuration file. The first regular expression to match the query will stop the search. If no regular expression matches are found, the result from the convention string search is used.

在location中使用正则表达式去匹配的话,第一个匹配上的就不会再去匹配别的规则了,因此下面的那个匹配php文件的规则实际上被忽略了,因此php文件访问的时候就提示是打开还是保存了。

因此解决办法就是:单独把private目录下的php文件限制也写到规则里面,而且在php文件解析的规则之前:

location /private/ {
allow 192.168.1.0/24;
deny all;
}
location ~ ^/private/.*\.php$ {
allow 192.168.1.0/24;
deny all; include fastcgi.conf;
}
location ~ \.php$ {
include fastcgi.conf;
}

这样就可以实现我们的要求了,private目录下的文件都严格按照ip限制来访问,php文件也可以解析。

实例:

默认站点结构:

117.25.230.147 允许所有访问

117.25.230.147/test 限制访问

# Default site
server
{
listen       80;
server_name  117.25.230.147;
index index.html index.htm index.php;
root  /usr/local/apache/htdocs/noexist/;
location ^~ /test {
allow 117.25.229.128/27;
allow 117.25.230.128/27;
allow 117.57.251.32/27;
deny all;
location ~ .*\.php$
{
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
include        fcgi.conf;

}
}
location ~ \.php$
{
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#include        fastcgi_params;
include        fcgi.conf;
}
access_log  off;
}

Linux Shell Scripting Tutorial (LSST) v2.0

Introduction

This tutorial is a beginners handbook for new Linux users / Sys admins and school students studying Linux or computer science. This book is licensed under“Creative Commons Attribution Noncommercial Share Alike 3.0 Unported”.

Linux Shell Scripting Tutorial (LSST) v2.0

Written by Vivek Gite. Copyright 1999-2010 Vivek Gite and its contributors. Some rights reserved. 继续阅读

IIS 7 HTTP status code

当您试图通过使用 HTTP 访问一台正在运行 Internet 信息服务 (IIS) 7.0 的服务器上的内容时,IIS 7.0 返回一个表示该响应的状态的数字代码。HTTP 状态代码记录在 IIS 日志中。此外,HTTP 状态代码可能会显示在客户端浏览器中。

HTTP 状态代码可能表示请求是否成功或不成功。HTTP 状态代码也可能显示请求成功的确切原因。 继续阅读

Database Manager

IIS Database Manager allows you to easily manage your local and remote databases from within IIS Manager. IIS Database Manager automatically discovers databases based on the Web server or application configuration and also provides the ability to connect to any database on the network. Once connected, IIS Database Manager provides a full array of administrative functionalities including managing tables, views, stored procedures and data as well as running ad hoc queries. IIS Database Manager provides support for Microsoft SQL Server and MySQL. In addition, because IIS Database Manager is an extension of IIS Manager, administrators can securely delegate the management of databases to authorized local or remote users, without having to open additional management ports on the server. 继续阅读

mysql driver could not create database instance object(bind dlz)

bind dlz(mysql)运行过程时出现如下错误:

Nov 24 10:35:01 lbbackup named[4155]: starting BIND 9.7.1-P2 -u named -c /usr/local/bind/etc/named.conf.mysql
Nov 24 10:35:01 lbbackup named[4155]: built with ‘–prefix=/usr/local/bind’ ‘–with-dlz-mysql=/usr/local/mysql’ ‘–enable-threads=no
‘ ‘–enable-largefile’
Nov 24 10:35:01 lbbackup named[4155]: using up to 4096 sockets
Nov 24 10:35:01 lbbackup named[4155]: loading configuration from ‘/usr/local/bind/etc/named.conf.mysql’
Nov 24 10:35:01 lbbackup named[4155]: reading built-in trusted keys from file ‘/usr/local/bind/etc/bind.keys’
Nov 24 10:35:01 lbbackup named[4155]: using default UDP/IPv4 port range: [1024, 65535]
Nov 24 10:35:01 lbbackup named[4155]: using default UDP/IPv6 port range: [1024, 65535]
Nov 24 10:35:01 lbbackup named[4155]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 24 10:35:01 lbbackup named[4155]: listening on IPv4 interface eth0, 192.168.146.155#53
Nov 24 10:35:01 lbbackup named[4155]: listening on IPv4 interface eth1, 10.0.0.155#53
Nov 24 10:35:01 lbbackup named[4155]: Required root permissions to open ‘/usr/local/bind/var/run/named.pid’.
Nov 24 10:35:01 lbbackup named[4155]: Please check file and directory permissions or reconfigure the filename.
Nov 24 10:35:01 lbbackup named[4155]: generating session key for dynamic DNS
Nov 24 10:35:01 lbbackup named[4155]: Loading ‘Mysql zone’ using driver mysql
Nov 24 10:35:01 lbbackup named[4155]: Required token $zone$ not found.
Nov 24 10:35:01 lbbackup named[4155]: Could not build all nodes query list
Nov 24 10:35:01 lbbackup named[4155]: mysql driver could not create database instanceobject.
段错误 (core dumped) #加-g -d 1时出现

继续阅读

linux双向文件同步工具Unison的使用

 一、Unison简介

Unison是windows和unix平台下都可以使用的文件同步工具,它能使两个文件夹(本地或网络上的)保持内容的一致。unison拥有其它一些同步工具或文件系统的相同特性,但也有自己的特点:
  • 跨平台使用;
  • 对内核和用户权限没有特别要求;
  • unison是双向的,它能自动处理两分拷贝中更新没有冲突的部分,有冲突的部分将会显示出来让用户选择更新策略;
  • 只要是能连通的两台主机,就可以运行unison,可以直接使用socket连接或安全的ssh连接方式,对带宽的要求不高,使用类似rsync的压缩传输协议。
Unison有文字界面和图形界面,这里只介绍如何在文字界面下使用.

继续阅读

Make a Web Application Highly Available with IP Failover, Heartbeat, Pacemaker, and DRBD on Fedora 13

High availability refers to the practice of keeping online resources available through node failure or system maintenance. This guide will demonstrate a method for using two Linodes to keep a website online, even when the node initially hosting it is powered off. IP failover, HeartbeatExternal Link 3.0,PacemakerExternal Link 1.1, DRBDExternal Link (Distributed Replicated Block Device), MySQLExternal Link and ApacheExternal Link 2.2 will be used for this example configuration.

As high availability is a complex topic with many methods available for achieving various goals, it should be noted that the method discussed here may not be appropriate for some use cases. However, it should provide a good foundation for developing a customized HA solution. 继续阅读

WinForm应用程序自动升级实现

最近单位开发一个项目,其中需要用到自动升级功能。因为自动升级是一个比较常用的功能,可能会在很多程序中用到,于是,我就想写一个自动升级的组件,在应用程序中,只需要引用这个自动升级组件,并添加少量代码,即可实现自动升级功能。因为我们的程序中可能包含多个exe或者dll文件,所以要支持多文件的更新。 继续阅读