系统工程师实战

# XFS必须启用ftype参数，比如硬盘分区 /dev/sda1
mkfs.xfs -n ftype=1 -f $硬盘分区

# 挂载硬盘分区，用于存储Docker数据
echo `ll /dev/disk/by-uuid/|grep $硬盘分区|awk '{print "UUID="$9" /data                   xfs     defaults        0 0"}'` >> /etc/fstab

# 自动挂载所有分区
mount -a

# 验证挂载
df -h|grep /data

mkdir -p /data/var/lib/docker

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

# 稳定版本内核
yum --enablerepo=elrepo-kernel install kernel-ml
# 长期支持版本内核
yum --enablerepo=elrepo-kernel install kernel-lt


# 查找内核启动项
grep "menuentry 'CentOS Linux" /boot/grub2/grub.cfg|awk -F "'" '{print $2}'
grep "menuentry 'CentOS Linux" /boot/efi/EFI/centos/grub.cfg|awk -F "'" '{print $2}'

# 设置默认内核版本
grub2-set-default 'CentOS Linux (4.4.112-1.el7.elrepo.x86_64) 7 (Core)'

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
cp /boot/efi/EFI/centos/grub.cfg /boot/efi/EFI/centos/grub.cfg.bak

grub2-mkconfig -o /boot/grub2/grub.cfg
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

重启服务器。

yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

yum-config-manager \
    --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install -y docker-ce

modprobe br_netfilter
echo br_netfilter >> /etc/modules-load.d/modules.conf

echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

mkdir -p /etc/docker
cat << EOF > /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://registry.docker-cn.com",
    "https://hub-mirror.c.163.com"
  ],
  "data-root": "/var/lib/docker",
  "storage-driver": "overlay2",
  "dns" : [
    "223.5.5.5",
    "223.6.6.6"
  ]
}
EOF

systemctl enable docker
systemctl start docker

docker info

docker network create --subnet=10.10.10.0/16 --gateway=10.10.10.1 fifilyu
docker network inspect fifilyu

# XFS必须启用ftype参数，比如硬盘分区 /dev/sda1
mkfs.xfs -n ftype=1 -f $硬盘分区

# 挂载硬盘分区，用于存储Docker数据
echo `ll /dev/disk/by-uuid/|grep $硬盘分区|awk '{print "UUID="$9" /data                   xfs     defaults        0 0"}'` >> /etc/fstab

# 自动挂载所有分区
mount -a

# 验证挂载
df -h|grep /data

mkdir -p /data/var/lib/docker

dnf install -y yum-utils

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

dnf install -y docker-ce docker-ce-cli containerd.io

systemctl enable docker

echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

mkdir -p /etc/docker
cat << EOF > /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://registry.docker-cn.com",
    "https://dockerhub.azk8s.cn",
    "https://hub-mirror.c.163.com"
  ],
  "data-root": "/var/lib/docker",
  "storage-driver": "overlay2",
  "dns" : [
    "223.5.5.5",
    "223.6.6.6"
  ]
}
EOF

systemctl restart docker

[root@dell7 ~]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.18.0-147.8.1.el8_1.x86_64
 Operating System: CentOS Linux 8 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.46GiB
 Name: dell7
 ID: WFX3:WXWH:WPML:VRCA:QRTN:LGCB:6UBM:V73O:QEGU:KADY:V3FH:E4Q6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://hub-mirror.c.163.com/
 Live Restore Enabled: false

docker pull hello-world

[root@dell7 ~]# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
0e03bdcc26d7: Already exists
Digest: sha256:e7c70bb24b462baa86c102610182e3efcb12a04854e8c582838d92970a09f323
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest

docker run --name hello hello-world

[root@dell7 ~]# docker run --name hello hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

......

docker ps -a

[root@dell7 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
59cc42b09fce        hello-world         "/hello"            24 seconds ago      Exited (0) 22 seconds ago                       hello

docker rm hello

apt install apache2-utils pwgen

yum install -y httpd-tools pwgen
# 或
dnf install -y httpd-tools pwgen

git_password=`pwgen -s 20`
echo $git_password

# 添加第一个用户时，创建 /etc/nginx/.htpasswd  文件
echo $git_password | htpasswd -i -c /etc/nginx/.htpasswd git

server {
    location / {
        # 一旦当前作用域设置proxy_set_header，全局设置即刻失效，注意补全所有需要的Header
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:1034;
    }
}

http {
    log_format  main  '$host $server_port $remote_addr - $remote_user [$time_local] "$request" '
                      '$status $request_time $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $realip_remote_addr';

    log_format  postdata  '$host $server_port $remote_addr - $remote_user [$time_local] "$request" '
                      '$status $request_time $body_bytes_sent "$http_referer" ""'
                      '"$http_user_agent" "$http_x_forwarded_for" $realip_remote_addr "$request_body"';

    set_real_ip_from 0.0.0.0/0;
    real_ip_header X-Real-IP;
    real_ip_recursive on;
}

mkdir -p /var/lib/postgres/data
chown -R postgres:postgres /var/lib/postgres
su - postgres -c "initdb --locale en_US.UTF-8 -D '/var/lib/postgres/data'"

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust

systemctl enable postgresql

systemctl start postgresql

systemctl status postgresql

sudo su - postgres

[fifilyu@ryzen7 ~]$ sudo su - postgres
[sudo] fifilyu 的密码：

[postgres@ryzen7 ~]$ id
用户id=88(postgres) 组id=88(postgres) 组=88(postgres)

sudo su - postgres -c psql

[fifilyu@ryzen7 ~]$ sudo su - postgres -c psql
[sudo] fifilyu 的密码：

psql (13.4)
输入 "help" 来获取帮助信息.

postgres=#

create user foo with password 'password';

[fifilyu@ryzen7 ~]$ sudo su - postgres -c psql
[sudo] fifilyu 的密码：
psql (13.4)
输入 "help" 来获取帮助信息.

postgres=# create user foo with password 'password';
CREATE ROLE
postgres=#

create database testdb owner foo;

[fifilyu@ryzen7 ~]$ sudo su - postgres -c psql
[sudo] fifilyu 的密码：
psql (13.4)
输入 "help" 来获取帮助信息.

postgres=# create database testdb owner foo;
CREATE DATABASE
postgres=#

[fifilyu@ryzen7 ~]$ psql -h 127.0.0.1 -U foo testdb
用户 foo 的口令：
psql (13.4)
输入 "help" 来获取帮助信息.

testdb=>

[fifilyu@ryzen7 ~]$ psql -h 127.0.0.1 -U foo testdb
用户 foo 的口令：
psql: 错误: FATAL:  password authentication failed for user "foo"

pg_dump --inserts -h 127.0.0.1 -U foo testdb -f testdb.sql

psql -h 127.0.0.1 -U foo testdb -f testdb.sql

select relname, pg_size_pretty(pg_relation_size(relid)) from pg_stat_user_tables where schemaname='public' order by pg_relation_size(relid) desc;

zpmod=> select relname, pg_size_pretty(pg_relation_size(relid)) from pg_stat_user_tables where schemaname='public' order by pg_relation_size(relid) desc;
  relname  | pg_size_pretty
-----------+----------------
 node      | 8192 bytes
 node_attr | 0 bytes
(2 行记录)

dd if=/dev/zero of=/dev/null

find . -type d|xargs  -d '\n' chmod 755

find . -type f|xargs  -d '\n' chmod 644

useradd --comment  "Python User" --user-group --no-create-home --shell /usr/bin/nologin  python

find . -type f -exec chmod 644 -- {} +

perl -i -p -E 'BEGIN{undef $/;} s/;\r\nINSERT INTO `[a-zA-Z0-9_]+` VALUES \(/, \(/smg' unilive.sql.test

sort -t ' ' \
    -k 6.2,6.3n \
    -k 6.5,6.7M \
    -k 6.9,6.12n \
    -k 6.14,6.15n \
    -k 6.17,6.18n \
    -k 6.20,6.21n \
    access.log

default via 192.168.0.1 dev eth0 proto dhcp metric 100
169.254.169.254 via 192.168.0.1 dev eth0 proto dhcp metric 100
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.68 metric 100
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.26 metric 101

ip rule

ip route add default via 192.168.1.1 dev eth1 table 20
ip route add 192.168.1.0/24 dev eth1 table 20
ip rule add from 192.168.1.175 table 20

ip rule

ip route show table 20

ping -I 192.168.1.175 223.5.5.5

cat << EOF >> /etc/rc.local
# wait for nics up
sleep 5
# Add v4 routes for eth1
ip route flush table 20
ip route add default via 192.168.1.1 dev eth1 table 20
ip route add 192.168.1.0/24 dev eth1 table 20
ip rule add from 192.168.1.175 table 20
EOF

yum install -y virt-manager libvirt virt-install qemu-kvm bridge-utils

# lsmod | grep kvm

kvm_intel       138567  0
kvm             441119  1 kvm_intel

systemctl start libvirtd

systemctl enable libvirtd

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

systemctl unmask NetworkManager
systemctl start NetworkManager
systemctl status NetworkManager

nmcli c add type bridge autoconnect yes con-name br1 ifname br1
nmcli c modify br1 bridge.stp no
nmcli c modify br1 ipv6.method ignore
nmcli c modify br1 ipv4.addresses 182.131.21.23/28 ipv4.method manual
nmcli c modify br1 ipv4.gateway 182.131.21.1
nmcli c modify br1 ipv4.dns "223.5.5.5 223.6.6.6"

cat << EOF > /tmp/set_br1.sh
nmcli c delete em1
nmcli c add type bridge-slave autoconnect yes con-name em1 ifname em1 master br1
nmcli c up br1
EOF

chmod 755 /tmp/set_br1.sh
sh /tmp/set_br1.sh &
rm -f /tmp/set_br1.sh

# osinfo-query os|grep -i centos
 centos6.0            | CentOS 6.0                                         | 6.0      | http://centos.org/centos/6.0
 centos6.1            | CentOS 6.1                                         | 6.1      | http://centos.org/centos/6.1
 centos6.2            | CentOS 6.2                                         | 6.2      | http://centos.org/centos/6.2
 centos6.3            | CentOS 6.3                                         | 6.3      | http://centos.org/centos/6.3
 centos6.4            | CentOS 6.4                                         | 6.4      | http://centos.org/centos/6.4
 centos6.5            | CentOS 6.5                                         | 6.5      | http://centos.org/centos/6.5
 centos7.0            | CentOS 7.0                                         | 7.0      | http://centos.org/centos/7.0

# osinfo-query os|grep -i 2008
 mandriva2008.0       | Mandriva Linux 2008                                | 2008.0   | http://mandriva.com/mandriva/2008.0
 mandriva2008.1       | Mandriva Linux 2008 Spring                         | 2008.1   | http://mandriva.com/mandriva/2008.1
 win2k8               | Microsoft Windows Server 2008                      | 6.0      | http://microsoft.com/win/2k8
 win2k8r2             | Microsoft Windows Server 2008 R2                   | 6.1      | http://microsoft.com/win/2k8r2

# osinfo-query os|grep -i 2012
 win2k12              | Microsoft Windows Server 2012                      | 6.3      | http://microsoft.com/win/2k12
 win2k12r2            | Microsoft Windows Server 2012 R2                   | 6.3      | http://microsoft.com/win/2k12r2

qemu-img create -f qcow2 /data/libvirt/images/192168100009.img 30G

virt-install \
--name 192168100009 \
--ram 4096 \
--disk path=/data/libvirt/images/192168100009.img,size=30 \
--vcpus 4 \
--cpu host-model,topology.sockets=1,topology.cores=4,topology.threads=1 \
--os-variant centos6 \
--network bridge=br0 \
--console pty,target_type=serial \
--cdrom=/var/lib/libvirt/images/CentOS-7-x86_64-Minimal-1511.iso \
--graphics vnc,password=aC8W5It9nOyrXchH,port=-1,listen=0.0.0.0

virt-install \
--name tpl_win2k12r2 \
--ram 4048 \
--disk path=/data/libvirt/images/tpl_win2k12r2_hd0.img,size=100 \
--vcpus 4 \
--vcpus 4 \
--cpu host-model,topology.sockets=1,topology.cores=4,topology.threads=1 \
--os-variant win2k12r2 \
--network bridge=virbr0 \
--console pty,target_type=serial \
--cdrom=/data/libvirt/iso/win2k12r2.iso \
--graphics vnc,password=aC8W5It9nOyrXchH,port=-1,listen=0.0.0.0

# 从已经存在的镜像文件(tpl_win2k12r2.img)创建虚拟机
virt-install \
--name tpl_win2k12r2 \
--ram 4048 \
--disk path=/data/libvirt/images/tpl_win2k12r2.img \
--vcpus 4 \
--cpu host-model,topology.sockets=1,topology.cores=4,topology.threads=1 \
--os-variant win2k12r2 \
--network bridge=virbr0 \
--console pty,target_type=serial \
--import \
--graphics vnc,password=aC8W5It9nOyrXchH,port=-1,listen=0.0.0.0

  <os>
    <bootmenu enable='yes'/>
  </os>

  <cpu mode='host-passthrough' />

    <interface type='bridge'>
      <mac address='52:54:00:3e:61:be'/>
      <source bridge='br1'/>
      <target dev='priweb1_wan'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:3e:61:bf'/>
      <source bridge='virbr0'/>
      <target dev='priweb1_lan'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </interface>
    <serial type='pty'>

cat << EOF > guest-device.xml
<disk type='block' device='cdrom'>
  <driver name='qemu' type='raw'/>
  <target dev='vdc' bus='sata'/>
  <readonly/>
</disk>
EOF

virsh attach-device --config tpl_win2k12r2 guest-device.xml

virsh change-media tpl_win2k12r2 vdc /data/libvirt/iso/win2k12r2.iso

iptables -t nat -A PREROUTING -d 182.131.21.23/32 -p tcp -m tcp --dport 23389 -j DNAT --to-destination 192.168.122.2:3389
iptables -t nat -A PREROUTING -d 182.131.21.23/32 -p tcp -m tcp --dport 322 -j DNAT --to-destination 192.168.122.3:22
iptables -I FORWARD -p tcp -m multiport -d 192.168.122.0/24 -o virbr0 --dports 21,22,3389  -j ACCEPT
service iptables save

brctl delif br0 ${vpsname}
brctl addif br1 ${vpsname}

iptables -t nat -A PREROUTING -p udp -m udp --sport 67 -j DROP
iptables -t nat -A FORWARD -o enp5s0f0 -p stp -j DROP
iptables -t nat -A OUTPUT -o enp5s0f0 -p stp -j DROP
iptables -t nat -A POSTROUTING -p udp -m udp --dport 67 -j DROP

firewall-cmd --permanent --direct --passthrough ipv4  -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 10.162.xxx.xxx
[source, bash]

yum install -y https://dev.mysql.com/get/mysql80-community-release-el7-7.noarch.rpm

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql*

yum-config-manager --disable mysql-connectors-community | egrep '(\[mysql-connectors-community\])|enabled'
yum-config-manager --disable mysql-tools-community | egrep '(\[mysql-tools-community\])|enabled'
yum-config-manager --disable mysql80-community | egrep '(\[mysql80-community\])|enabled'

yum --enablerepo=mysql57-community install -y mysql-community-server

mkdir -p /var/log/mysqld
touch /var/log/mysqld/error.log
chown -R mysql:mysql /var/log/mysqld

crudini --set --existing /etc/my.cnf mysqld log-error /var/log/mysqld/error.log

mkdir -p /data/mysql

crudini --set --existing /etc/my.cnf mysqld datadir /data/mysql

crudini --set /etc/my.cnf mysqld default-storage-engine InnoDB
crudini --set /etc/my.cnf mysqld disabled_storage_engines '"MyISAM"'

crudini --set /etc/my.cnf mysqld bind-address 0.0.0.0
crudini --set /etc/my.cnf mysqld max_connections 1000

crudini --set /etc/my.cnf mysqld general_log OFF
crudini --set /etc/my.cnf mysqld general_log_file /var/log/mysqld/general.log

crudini --set /etc/my.cnf mysqld long_query_time 3
crudini --set /etc/my.cnf mysqld slow_query_log ON
crudini --set /etc/my.cnf mysqld slow_query_log_file /var/log/mysqld/slow_query.log

# 开启兼容模式，兼容老MySQL代码，比如使用空字符串代替NULL插入数据
crudini --set /etc/my.cnf mysqld sql_mode '""'

crudini --set /etc/my.cnf mysqld skip-name-resolve 'OFF'

crudini --set /etc/my.cnf mysqldump max_allowed_packet 100M
echo "quick" >> /etc/my.cnf
echo "quote-names" >> /etc/my.cnf

systemctl enable mysqld

systemctl start mysqld

systemctl status mysqld

MYSQL_TMP_ROOT_PASSWORD=$(grep 'A temporary password' /var/log/mysqld/error.log | tail -n 1 | awk '{print $NF}')

export BY_MYSQL_ROOT_PASSWORD=$(pwgen -csnB 10)_$(pwgen -csnB 10)
# 永久保存临时配置（重新登录或重启都有效）
sed -i '/export BY_/d' ~/.bash_profile && env | grep BY_ | awk '{print "export "$1}' >> ~/.bash_profile

echo -e "  MySQL用户名：root\nMySQL临时密码：${MYSQL_TMP_ROOT_PASSWORD}\n  MySQL新密码：${BY_MYSQL_ROOT_PASSWORD}"

mysqladmin -uroot -p"${MYSQL_TMP_ROOT_PASSWORD}" password ${BY_MYSQL_ROOT_PASSWORD}

mysql -e "uninstall plugin validate_password;"

mysql -e "update mysql.user set host='%'  where user='root';flush privileges;"
mysql -e "CREATE USER 'repl'@'%' IDENTIFIED BY 'Wielae7eg6Ae9ebayiec';"
mysql -e "GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%' WITH GRANT OPTION;"
mysql -e "show master status;"

systemctl stop mysqld

tar zcf /tmp/mysql.tar.gz -C /data mysql

systemct start mysqld

cd /tmp && python3 -m http.server

wget x.x.x.x:8000/mysql.tar.gz -O mysql.tar.gz
rm -r /data/mysql
tar xf mysql.tar.gz -C /data

echo -e "[auto]\nserver-uuid=$(uuidgen)" > /data/mysql/auto.cnf
rm -f /data/mysql/*.log

systemctl start mysqld

# 因为是冷复制 master_auto_position=1
mysql -e "change master to master_port=3306, master_host='x.x.x.x', master_user='repl', master_password='Wielae7eg6Ae9ebayiec', master_auto_position=1;"

mysql -e "start slave;"

mysql -e "show slave status\G;"

*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: x.x.x.x
                  Master_User: repl
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000005
          Read_Master_Log_Pos: 353
               Relay_Log_File: relay-log.000004
                Relay_Log_Pos: 454
        Relay_Master_Log_File: mysql-bin.000005
             Slave_IO_Running: Yes (1)
            Slave_SQL_Running: Yes (2)
              Replicate_Do_DB:
          Replicate_Ignore_DB:
           Replicate_Do_Table:
       Replicate_Ignore_Table:
      Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
                   Last_Errno: 0
                   Last_Error:
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 353
              Relay_Log_Space: 695
              Until_Condition: None
               Until_Log_File:
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File:
           Master_SSL_CA_Path:
              Master_SSL_Cert:
            Master_SSL_Cipher:
               Master_SSL_Key:
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error:
               Last_SQL_Errno: 0
               Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
             Master_Server_Id: 1
                  Master_UUID: 2a7f13cc-76fb-11ee-8d0e-fa163e0b63c7
             Master_Info_File: /data/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates (3)
           Master_Retry_Count: 86400
                  Master_Bind:
      Last_IO_Error_Timestamp:
     Last_SQL_Error_Timestamp:
               Master_SSL_Crl:
           Master_SSL_Crlpath:
           Retrieved_Gtid_Set: 2a7f13cc-76fb-11ee-8d0e-fa163e0b63c7:7
            Executed_Gtid_Set: 2a7f13cc-76fb-11ee-8d0e-fa163e0b63c7:1-7,
fc414685-9b00-4294-a441-750fabb9d141:1-2
                Auto_Position: 1
         Replicate_Rewrite_DB:
                 Channel_Name:
           Master_TLS_Version:

# 设置临时密码
mysqladmin -uroot -p'旧密码' password "1qaz@2wsX"

# MySQL 5.7
mysql -uroot -p'1qaz@2wsX' -e "uninstall plugin validate_password;"
# MySQL 8.0
mysql -uroot -p'1qaz@2wsX' -e "UNINSTALL COMPONENT 'file://component_validate_password';"

# 设置新密码
mysqladmin -uroot -p'1qaz@2wsX' password '新密码'

CREATE DATABASE db_name DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;

CREATE USER 'dummy'@'localhost';

CREATE USER 'finley'@'localhost' IDENTIFIED BY 'password';

GRANT ALL ON *.* TO 'finley'@'localhost' WITH GRANT OPTION;

use mysql
update user set host = '%'  where user ='root';
flush privileges;

use mysql
ALTER USER 'root'@'%' IDENTIFIED BY 'geek';
flush privileges;

use mysql
grant all privileges on *.*  to root@"172.17.%.%" identified by "geek";
update user set Grant_priv='Y' where User='root' and Host='172.17.%.%';
flush privileges;

mysql_config_editor set --login-path=client --host=localhost --user=root --password

mysql_config_editor print

mysql --login-path=client db_name

mysql db_name

mysql> show variables like 'collation%';
+----------------------+--------------------+
| Variable_name        | Value              |
+----------------------+--------------------+
| collation_connection | utf8mb4_unicode_ci |
| collation_database   | utf8mb4_unicode_ci |
| collation_server     | utf8mb4_unicode_ci |
+----------------------+--------------------+
3 rows in set (0.00 sec)

mysql> show variables like 'character%';
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8mb4                    |
| character_set_connection | utf8mb4                    |
| character_set_database   | utf8mb4                    |
| character_set_filesystem | binary                     |
| character_set_results    | utf8mb4                    |
| character_set_server     | utf8mb4                    |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

mysql> show create database ghibli;
+----------+----------------------------------------------------------------------------------------------------------------------------------+
| Database | Create Database                                                                                                                  |
+----------+----------------------------------------------------------------------------------------------------------------------------------+
| ghibli   | CREATE DATABASE `ghibli` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */ /*!80016 DEFAULT ENCRYPTION='N' */ |
+----------+----------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> show create table pre_ucenter_memberfields;
Current database: db_name

+-----------------------------------------------------------------+
| Table                    | Create Table|
+-----------------------------------------------------------------+
| pre_ucenter_memberfields | CREATE TABLE `pre_ucenter_memberfields` (
  `uid` mediumint(8) unsigned NOT NULL DEFAULT '0',
  `blacklist` text NOT NULL,
  PRIMARY KEY (`uid`)
) ENGINE=InnoDB DEFAULT CHARSET=gbk |
+-----------------------------------------------------------------+
1 row in set (0.98 sec)

ALTER TABLE table_name CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

ALTER DATABASE db_name CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci;

# 导出数据库
mysqldump db_name > db_name_dump.sql

# 导出数据库并压缩
mysqldump db_name | gzip > db_name_$(date +%Y_%m_%d_%H_%M_%S).sql.gz

# 导出不带create table的表数据，每行一个INSERT INTO
mysqldump db_name table_name --no-create-info --extended-insert=false

# 每行一个INSERT INTO，替换成INSERT IGNORE INTO，用于合并同表的数据
# 如果表ID存在，则跳过插入
mysqldump db_name table_name --no-create-info --extended-insert=false | grep -E '(INSERT INTO)|LOCK' |sed 's/INSERT INTO /INSERT IGNORE INTO /'

# 导入SQL文件
mysql db_name < db_name_dump.sql

set profiling=on;
show profiles;
show profile for query query_id;

# 开启SQL日志
#
set global general_log = ON;
set gloabl general_log_file = /var/lib/mysql/hostname.log;
show global variables like '%general_log%';

# 开启慢查询
set global long_query_time = 10;
set global slow_query_log = ON;
set gloabl slow_query_log_file = /var/lib/mysql/hostname-slow.log;
show global variables like '%_query_%';

[mysqld]
general_log = ON
general_log_file = /var/lib/mysql/general.log

long-query-time = 10
slow_query_log = ON
slow_query_log_file = /var/lib/mysql/slow.log

SHOW INDEX FROM TBLNAME;

CREATE INDEX ev_info_createBy_IDX USING BTREE ON ttd.ev_info (createBy);

DROP INDEX index_name ON talbe_name;

cfdisk

mkfs.ext4 /dev/sda1

mkswap /dev/sda2

swapon /dev/sda2

mount /dev/sda1 /mnt

# 获得WIFI网卡名称 wlan0  和 WIFI硬件名称 phy0
device list

device wlan0 set-property Powered on
adapter phy0 set-property Powered on

# 不会有任何屏幕输出
station wlan0 scan

# 列表WIFI清单
station wlan0 get-networks

# 会提示输入连接密码，其中 GEEKCAMP_5G 是选择的WIFI SSID
station wlan0 connect GEEKCAMP_5G

# 查看WIFI连接
station  wlan0 show

# 退出iwd Shell
exit

ping qq.com

cat << EOF > /etc/pacman.d/mirrorlist
Server = https://mirrors.163.com/archlinux/\$repo/os/\$arch
EOF

pacstrap /mnt base

genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt

cat << EOF > /etc/pacman.d/mirrorlist
Server = https://mirrors.163.com/archlinux/\$repo/os/\$arch
EOF

pacman -S vim

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
echo "zh_CN.GB18030 GB18030" >> /etc/locale.gen
echo "zh_CN.GBK GBK" >> /etc/locale.gen
echo "zh_CN.UTF-8 UTF-8" >> /etc/locale.gen
echo "zh_CN GB2312" >> /etc/locale.gen

locale-gen

echo "LANG=en_US.UTF-8" > /etc/locale.conf

echo "KEYMAP=us" > /etc/vconsole.conf

echo 'archlinux' > /etc/hostname

echo '127.0.0.1 localhost' > /etc/hosts
# 添加主机名对应的设置
echo '127.0.0.1 archlinux' >> /etc/hosts

passwd

useradd -m 你的用户名

passwd 你的用户名

pacman -S sudo

echo '你的用户名   ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

# 更新软件包索引
pacman -Syy

# 桌面环境
pacman -S gnome vim networkmanager

# WIFI驱动
pacman -S linux-firmware

# 拼音输入法
pacman -S ibus-sunpinyin sunpinyin sunpinyin-data

# 显卡驱动
pacman -S xf86-video-fbdev xf86-video-intel xf86-video-vesa xf86-video-ati xf86-video-amdgpu

# 汉字字体
pacman -S wqy-microhei wqy-zenhei

# 开机启动
systemctl enable NetworkManager
systemctl enable gdm

exit

reboot

# 进入root
sudo -i

cat << EOF >> /etc/pacman.conf

[archlinuxcn]
Server = https://mirrors.cloud.tencent.com/archlinuxcn/\$arch
SigLevel = Optional TrustAll

EOF

exit

sudo pacman -Syy

sudo pacman -S archlinuxcn-keyring

sudo pacman -S gedit vim screen thunderbird thunderbird-i18n-zh-cn openssh bash-completion cmake git curl wget filezilla gcc make mlocate nginx ntp p7zip rsync virtualbox virtualbox-guest-iso virtualbox-host-dkms file-roller parted sshpass rdesktop qt5-base qt6-base fakeroot yay openssl wireshark-qt base-devel code gnome-terminal os-prober

yay -S google-chrome

# GNOME 桌面设置
gsettings set org.gnome.nautilus.preferences always-use-location-entry true
gsettings set org.gnome.nautilus.preferences default-sort-order name
gsettings set org.gtk.Settings.FileChooser sort-directories-first true
gsettings set org.gnome.desktop.interface clock-show-date true
gsettings set org.gnome.desktop.interface clock-show-seconds true
# Ctrl+Shift+Alt+R 录像时，30秒后自动结束。设置为0,不限制
gsettings set org.gnome.settings-daemon.plugins.media-keys max-screencast-length 0
# 禁用最近文件访问记录
gsettings set org.gnome.desktop.privacy remember-recent-files false

# virtualbox 设置
sudo gpasswd -a root vboxusers
sudo gpasswd -a $USER vboxusers
# wireshark 设置
sudo gpasswd -a root wireshark
sudo gpasswd -a $USER wireshark

# 系统日志
sudo gpasswd -a $USER adm
sudo gpasswd -a $USER systemd-journal
sudo gpasswd -a $USER wheel

# docker
#sudo gpasswd -a $USER docker

sudo grpunconv

# 开机启动
sudo systemctl enable systemd-timesyncd
sudo systemctl start systemd-timesyncd
sudo systemctl enable sshd
sudo systemctl mask tmp.mount

$ ldd /usr/bin/mysqld
	linux-vdso.so.1 (0x00007fff4dd95000)
	libjemalloc.so.2 => /usr/lib/libjemalloc.so.2 (0x00007fd61d6d0000)
	libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fd61d6ae000)
	libicuuc.so.64 => /usr/lib/libicuuc.so.64 (0x00007fd61d4d6000)
	libicui18n.so.64 => /usr/lib/libicui18n.so.64 (0x00007fd61d1e1000)
	libevent_core-2.1.so.7 => /usr/lib/libevent_core-2.1.so.7 (0x00007fd61d1a8000)
	libprotobuf-lite.so.18 => not found
	librt.so.1 => /usr/lib/librt.so.1 (0x00007fd61d0fe000)

$ pkgfile libprotobuf-lite.so
extra/protobuf

$ sudo pacman -Fy libprotobuf-lite.so
:: 正在同步软件包数据库...
 core 已经是最新版本
 extra 已经是最新版本
 community 已经是最新版本
 multilib 已经是最新版本
 archlinuxcn 已经是最新版本
extra/protobuf 3.10.0-1 [已安装: 3.10.0-1]
    usr/lib/libprotobuf-lite.so

$ sudo pacman -Ql protobuf|grep libprotobuf-lite.so
protobuf /usr/lib/libprotobuf-lite.so
protobuf /usr/lib/libprotobuf-lite.so.21
protobuf /usr/lib/libprotobuf-lite.so.21.0.0

$ ldconfig -p|grep libprotobuf-lite.so
	libprotobuf-lite.so.21 (libc6,x86-64) => /usr/lib/libprotobuf-lite.so.21
	libprotobuf-lite.so (libc6,x86-64) => /usr/lib/libprotobuf-lite.so

rm -f protobuf-3.7.0-1-x86_64.pkg.tar.xz
wget https://archive.archlinux.org/packages/p/protobuf/protobuf-3.7.0-1-x86_64.pkg.tar.xz
sudo pacman -U protobuf-3.7.0-1-x86_64.pkg.tar.xz

$ ldconfig -p|grep libprotobuf-lite.so
	libprotobuf-lite.so.18 (libc6,x86-64) => /usr/lib/libprotobuf-lite.so.18
	libprotobuf-lite.so (libc6,x86-64) => /usr/lib/libprotobuf-lite.so

$ ldd /usr/bin/mysqld|grep libprotobuf-lite.so
	libprotobuf-lite.so.18 => /usr/lib/libprotobuf-lite.so.18 (0x00007f209f7b2000)

$ sudo pacman -Syu
[sudo] mk 的密码：
:: 正在同步软件包数据库...
 core 已经是最新版本
 extra 已经是最新版本
 community 已经是最新版本
 multilib 已经是最新版本
 archlinuxcn 已经是最新版本
:: 正在进行全面系统更新...
警告：protobuf：忽略软件包升级 (3.7.0-1 => 3.10.0-1)
 今日无事可做

rm -rf ~/.cache/thumbnails/fail

sudo pacman -S gst-libav

systemctl enable cups-browsed
systemctl enable org.cups.cupsd

# 将当前用户加入打印机管理员组，否则无法添加打印机提示 “已禁止”
sed -i "s/^SystemGroup sys root wheel$/SystemGroup sys root wheel $USER/" /etc/cups/cups-files.conf

systemctl restart cups-browsed
systemctl restart org.cups.cupsd

# 安装打印机驱动
pacman -S hplip

# 查看支持的型号
pacman -Ql hplip

[ ! -d "~/downloads/" ] && mkdir ~/downloads/
cd ~/downloads/
git clone https://github.com/xuxueli/xxl-job.git
cd xxl-job
mvn -T 4 package

[ ! -d "/data/xxl-job/admin" ] && mkdir -p /data/xxl-job/admin
[ ! -d "/data/xxl-job/executor" ] && mkdir -p /data/xxl-job/executor
[ ! -d "/data/applogs" ] && mkdir -p /data/applogs

echo y | cp xxl-job-admin/target/xxl-job-admin-2.2.0-SNAPSHOT.jar /data/xxl-job/admin
echo y | cp xxl-job-admin/src/main/resources/application.properties /data/xxl-job/admin

echo y | cp xxl-job-executor-samples/xxl-job-executor-sample-springboot/target/xxl-job-executor-sample-springboot-2.2.0-SNAPSHOT.jar /data/xxl-job/executor
echo y | cp xxl-job-executor-samples/xxl-job-executor-sample-springboot/src/main/resources/application.properties /data/xxl-job/executor

[root@geekcamp xxl-job]# find /data/xxl-job/*
/data/xxl-job/admin
/data/xxl-job/admin/xxl-job-admin-2.2.0-SNAPSHOT.jar
/data/xxl-job/admin/application.properties
/data/xxl-job/executor
/data/xxl-job/executor/xxl-job-executor-sample-springboot-2.2.0-SNAPSHOT.jar
/data/xxl-job/executor/application.properties

systemctl enable xxl_job_admin
systemctl start xxl_job_admin

[root@geekcamp xxl-job]# systemctl status xxl_job_admin
● xxl_job.service - XXL-JOB Service
   Loaded: loaded (/usr/lib/systemd/system/xxl_job.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-01-16 13:56:05 CST; 1s ago
 Main PID: 3015 (java)
   CGroup: /system.slice/xxl_job.service
           └─3015 /usr/bin/java -Dserver.port=8080 -Dspring.config.location=/data/xxl-job/application.properties -jar /data/xxl-job/xxl-job-admin-2.2.0-SNA...

Jan 16 13:56:05 geekcamp systemd[1]: Started XXL-JOB Service.

[root@geekcamp xxl-job]# ss -antpl|grep 8080
LISTEN     0      100       [::]:8080                  [::]:*                   users:(("java",pid=2288,fd=21))

systemctl enable xxl_job_executor
systemctl start xxl_job_executor

[root@localhost admin]# systemctl status xxl_job_executor
● xxl_job_client.service - XXL-JOB Client
   Loaded: loaded (/usr/lib/systemd/system/xxl_job_client.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-01-16 18:49:43 CST; 4s ago
 Main PID: 2876 (java)
   CGroup: /system.slice/xxl_job_client.service
           └─2876 /usr/bin/java -Dserver.port=8081 -Dspring.config.location=/data/xxl-job/executor/application.properties -jar /data/xxl-job/executor/xxl-j...

Jan 16 18:49:43 localhost.localdomain systemd[1]: Started XXL-JOB Client.

[root@localhost admin]# ss -antpl|grep 8081
LISTEN     0      100       [::]:8081                  [::]:*                   users:(("java",pid=4679,fd=11))

npm install --global vue-cli
echo "export PATH=\$PATH:~/.npm-global/bin/" >> ~/.bashrc
source ~/.bashrc
vue init webpack demo_project

npm run dev

npm run build

$ tree dist/
dist/
├── index.html
└── static
    ├── css
    │   ├── app.30790115300ab27614ce176899523b62.css
    │   └── app.30790115300ab27614ce176899523b62.css.map
    └── js
        ├── app.2b6e1782b7cdd8e0b86c.js
        ├── app.2b6e1782b7cdd8e0b86c.js.map
        ├── manifest.2ae2e69a05c33dfc65f8.js
        ├── manifest.2ae2e69a05c33dfc65f8.js.map
        ├── vendor.dc2a748e035f2d805547.js
        └── vendor.dc2a748e035f2d805547.js.map

rm -f ~/anaconda-ks.cfg  ~/install.log  ~/install.log.syslog

#禁止关闭显示器 archlinux wiki 提及的方法
echo -ne "\033[9;0]" >> /etc/issue
# 重启，cat /sys/module/kernel/parameters/consoleblank 为空表示生效

yum install -y epel-release

yum install -y iproute rsync yum-utils tree pwgen vim-enhanced wget curl screen bzip2 tcpdump unzip tar xz bash-completion-extras mlocate strace telnet iftop iotop

# PHP 7
yum install -y centos-release-scl

#查看主机名
hostnamectl status

#修改主机名
hostnamectl set-hostname 主机名

#删除ipv6的localhost配置
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
echo "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 $(hostname)" > /etc/hosts

#禁用SELINUX，必须重启才能生效
echo SELINUX=disabled>/etc/selinux/config
echo SELINUXTYPE=targeted>>/etc/selinux/config

#最大可以打开的文件
echo "*               soft   nofile            65535" >> /etc/security/limits.conf
echo "*               hard   nofile            65535" >> /etc/security/limits.conf

# ssh登录时，登录ip被会反向解析为域名，导致ssh登录缓慢
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/" /etc/ssh/sshd_config
sed -i "s/GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/" /etc/ssh/sshd_config
sed -i "s/#MaxAuthTries 6/MaxAuthTries 10/" /etc/ssh/sshd_config
# server每隔30秒发送一次请求给client，然后client响应，从而保持连接
sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 30/" /etc/ssh/sshd_config
# server发出请求后，客户端没有响应得次数达到3，就自动断开连接，正常情况下，client不会不响应
sed -i "s/#ClientAliveCountMax 3/ClientAliveCountMax 10/" /etc/ssh/sshd_config

#支持gbk文件显示
echo "set fencs=utf-8,gbk" >> /etc/vimrc

#设定系统时区
yes|cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#时间同步
yum install -y chrony
systemctl enable chronyd --now

#如果是x86_64系统，排除32位包
echo "exclude=*.i386 *.i586 *.i686" >> /etc/yum.conf

#disable IPv6
echo "net.ipv6.conf.all.disable_ipv6 = 1" >>  /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >>  /etc/sysctl.conf

#允许网络转发，主要是给iptables使用
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

#如果你想使用自己的 iptables 静态防火墙规则, 那么请安装 iptables-services 并且禁用 firewalld ，启用 iptables
yum install -y iptables-services
systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables --now

iptables -F
iptables-save >/etc/sysconfig/iptables

yum install -y xmlstarlet crudini

pip312 install --root-user-action=ignore -U yq toml-cli

wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /usr/local/bin/jq
chmod 755 /usr/local/bin/jq

rm -f ~/anaconda-ks.cfg

dnf install -y epel-release

dnf install -y iproute rsync yum-utils tree pwgen vim-enhanced wget curl screen lbzip2 tcpdump unzip tar xz bash-completion mlocate strace telnet iftop iotop

dnf install -y dnf-plugins-core
# The CodeReady Linux Builder repository contains additional packages for use by developers.
dnf config-manager --set-enabled crb
# dnf repo-pkgs crb list


#禁用SELINUX，必须重启才能生效
echo SELINUX=disabled>/etc/selinux/config
echo SELINUXTYPE=targeted>>/etc/selinux/config

#最大可以打开的文件
echo "*               soft   nofile            65535" >> /etc/security/limits.conf
echo "*               hard   nofile            65535" >> /etc/security/limits.conf

# ssh登录时，登录ip被会反向解析为域名，导致ssh登录缓慢
sed -i "s/#UseDNS no/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/#GSSAPIAuthentication no/GSSAPIAuthentication no/" /etc/ssh/sshd_config
sed -i "s/#GSSAPICleanupCredentials no/GSSAPICleanupCredentials no/" /etc/ssh/sshd_config
sed -i "s/#MaxAuthTries 6/MaxAuthTries 10/" /etc/ssh/sshd_config
# server每隔30秒发送一次请求给client，然后client响应，从而保持连接
sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 30/" /etc/ssh/sshd_config
# server发出请求后，客户端没有响应得次数达到3，就自动断开连接，正常情况下，client不会不响应
sed -i "s/#ClientAliveCountMax 3/ClientAliveCountMax 10/" /etc/ssh/sshd_config

#支持gbk文件显示
echo "set fencs=utf-8,gbk" >> /etc/vimrc

#设定系统时区
yes|cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#时间同步
dnf install -y systemd-timesyncd
systemctl enable systemd-timesyncd --now

#如果是x86_64系统，排除32位包
echo "exclude=*.i386 *.i586 *.i686" >> /etc/yum.conf

#disable IPv6
echo "net.ipv6.conf.all.disable_ipv6 = 1" >>  /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >>  /etc/sysctl.conf

#允许网络转发，主要是给iptables使用
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

#如果你想使用自己的 iptables 静态防火墙规则, 那么请安装 iptables-services 并且禁用 firewalld ，启用 iptables
dnf install -y iptables-services
systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables --now

iptables -F
iptables-save >/etc/sysconfig/iptables

dnf install -y xmlstarlet crudini

dnf install -y python3.11 python3.11-pip

pip3.11 install --root-user-action=ignore -U yq toml-cli

wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /usr/local/bin/jq
chmod 755 /usr/local/bin/jq

cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

yum install -y nginx

echo y|cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default

cat << EOF > /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

worker_rlimit_nofile 65535;

events {
    worker_connections 65535;
}

http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    log_format  main  '\$host \$server_port \$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$request_time \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    server_names_hash_bucket_size 128;
    server_name_in_redirect off;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;

    client_header_timeout  3m;
    client_body_timeout    3m;
    client_max_body_size 50m;
    client_body_buffer_size 256k;
    send_timeout           3m;

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types image/svg+xml application/x-font-wof text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript;
    gzip_vary on;

    proxy_redirect off;
    proxy_set_header Host \$host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header REMOTE-HOST \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_connect_timeout 60;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    proxy_buffer_size 256k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
    #让代理服务端不要主动关闭客户端的连接，协助处理499返回代码问题
    proxy_ignore_client_abort on;

    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;

    index index.html index.htm index.php default.html default.htm default.php;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}
EOF

mkdir /etc/nginx/conf.d

cat << EOF > /etc/nginx/conf.d/default.conf
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}
EOF

nginx -t && rm -f /var/run/nginx.pid

systemctl start nginx

# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 14:02:31 CST; 1h 18min ago
 Main PID: 15759 (nginx)
   CGroup: /system.slice/nginx.service
           ├─15759 nginx: master process /usr/sbin/nginx
           └─17285 nginx: worker process

Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ nginx[15753]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ nginx[15753]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Failed to parse PID from file /run/nginx.pid: Invalid argument
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started The nginx HTTP and reverse proxy server.


# ss -antpl|grep nginx
LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=17285,fd=6),("nginx",pid=15759,fd=6))
LISTEN     0      128         :::80                      :::*                   users:(("nginx",pid=17285,fd=7),("nginx",pid=15759,fd=7))

systemctl enable nginx

yum install -y mariadb-server

cp /etc/my.cnf /etc/my.cnf.default

cat << EOF > /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

max_allowed_packet=20M
max_heap_table_size = 100M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
tmp_table_size = 100M

# 查询缓存
#query_cache_limit=4M
#query_cache_type=on
#query_cache_size=2G

bind-address = 127.0.0.1
# 跳过主机名解析，比如localhost，foo.com之类，加速访问
skip-name-resolve

# SQL执行日志
general_log=off
general_log_file=/var/log/mariadb/general.log

# SQL慢查询日志
slow_query_log=off
slow_query_log_file=/var/log/mariadb/slowquery.log
long_query_time = 5

max_connections = 1000

# 兼容老MySQL代码，比如使用空字符串代替NULL插入数据
sql_mode = ""

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
EOF

sed -i '16 aquick\nquote-names\nmax_allowed_packet = 100M' /etc/my.cnf.d/mysql-clients.cnf

touch /var/log/mariadb/general.log /var/log/mariadb/slowquery.log
chown mysql:mysql /var/log/mariadb/general.log /var/log/mariadb/slowquery.log

systemctl enable mariadb

systemctl start mariadb

# systemctl status mariadb
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 14:18:12 CST; 1h 7min ago
  Process: 16688 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 16653 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 16687 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─16687 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─17043 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.lo...

Nov 29 14:18:10 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting MariaDB database server...
Nov 29 14:18:10 iZ6weebcmroarpx8rrxscrZ mariadb-prepare-db-dir[16653]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Nov 29 14:18:11 iZ6weebcmroarpx8rrxscrZ mysqld_safe[16687]: 191129 14:18:11 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 29 14:18:11 iZ6weebcmroarpx8rrxscrZ mysqld_safe[16687]: 191129 14:18:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Nov 29 14:18:12 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started MariaDB database server.

# ss -antpl|grep mysql
LISTEN     0      50     127.0.0.1:3306                     *:*                   users:(("mysqld",pid=17043,fd=14))

mysqladmin -uroot password "geek"

mysql -uroot -pgeek -e 'show databases;'
mysql -uroot -pgeek -e 'drop database test;'
mysql -uroot -pgeek mysql -e 'delete from db;'
mysql -uroot -pgeek mysql -e 'delete from user where Password="";'
mysql -uroot -pgeek -e 'flush privileges;'

yum install -y centos-release-scl

yum install -y rh-php72 \
    rh-php72-php  \
    rh-php72-php-bcmath \
    rh-php72-php-fpm \
    rh-php72-php-gd \
    rh-php72-php-intl \
    rh-php72-php-mbstring \
    rh-php72-php-mysqlnd \
    rh-php72-php-opcache \
    rh-php72-php-pdo \
    rh-php72-php-pecl-apcu \
    rh-php72-php-xmlrpc \
    rh-php72-php-devel

scl enable rh-php72 bash

# php -v
PHP 7.2.24 (cli) (built: Nov  4 2019 10:23:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.24, Copyright (c) 1999-2018, by Zend Technologies

cp /etc/opt/rh/rh-php72/php.ini /etc/opt/rh/rh-php72/php.ini.default

# 启用 '<? ... ?>' 代码风格
sed -i '197s/short_open_tag = Off/short_open_tag = On/' /etc/opt/rh/rh-php72/php.ini

# 禁止一些危险性高的函数
sed -i '314s/disable_functions =/disable_functions = system,exec,shell_exec,passthru,set_time_limit,ini_alter,dl,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,virtual,socket_create,mail,eval/' /etc/opt/rh/rh-php72/php.ini

# 配置中国时区
sed -i '902s#;date.timezone =#date.timezone = Asia/Shanghai#' /etc/opt/rh/rh-php72/php.ini

systemctl enable rh-php72-php-fpm

systemctl start rh-php72-php-fpm

# systemctl status rh-php72-php-fpm
● rh-php72-php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/rh-php72-php-fpm.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 13:36:03 CST; 1h 56min ago
 Main PID: 15360 (php-fpm)
   Status: "Processes active: 0, idle: 6, Requests: 56, slow: 0, Traffic: 0req/sec"
   CGroup: /system.slice/rh-php72-php-fpm.service
           ├─15360 php-fpm: master process (/etc/opt/rh/rh-php72/php-fpm.conf)
           ├─15361 php-fpm: pool www
           ├─15362 php-fpm: pool www
           ├─15363 php-fpm: pool www
           ├─15364 php-fpm: pool www
           ├─15365 php-fpm: pool www
           └─17211 php-fpm: pool www

Nov 29 13:36:03 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting The PHP FastCGI Process Manager...
Nov 29 13:36:03 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started The PHP FastCGI Process Manager.

# ss -antpl|grep php-fpm
LISTEN     0      128    127.0.0.1:9000                     *:*                   users:(("php-fpm",pid=17211,fd=9),("php-fpm",pid=15365,fd=9),("php-fpm",pid=15364,fd=9),("php-fpm",pid=15363,fd=9),("php-fpm",pid=15362,fd=9),("php-fpm",pid=15361,fd=9),("php-fpm",pid=15360,fd=7))

mysql -uroot -pgeek -e 'create database drupal;grant all privileges on drupal.*  to drupal@"localhost" identified by "drupal_password";flush privileges;'

cat << EOF > /etc/nginx/conf.d/drupal.foo.com.conf
server {
    listen       80;

    server_name  drupal.foo.com;
    root         /data/web/drupal.foo.com;
    error_log /var/log/nginx/drupal.foo.com_error.log;
    access_log /var/log/nginx/drupal.foo.com_access.log  main;

    location / {
        try_files \$uri /index.php\$is_args\$query_string;
    }

    location ~ \.php\$ {
        try_files \$uri \$uri/ 404;

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }
}
EOF

# 重载Nginx配置
nginx -t && nginx -s reload

mkdir -p /data/web/drupal.foo.com

# 使用 -O 参数指定保存文件名，会强制覆盖已经存在的文件
wget https://ftp.drupal.org/files/projects/drupal-8.7.10.tar.gz -O drupal-8.7.10.tar.gz
tar xf drupal-8.7.10.tar.gz

mv drupal-8.7.10/* /data/web/drupal.foo.com
rm -rf drupal-8.7.10
chown -R apache:nginx /data/web/drupal.foo.com
chmod -R 755 /data/web/drupal.foo.com

echo '47.74.60.161 drupal.foo.com' >> /etc/hosts

dnf install -y epel-release

dnf install -y nginx

echo y|cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.defaultv

cat << EOF > /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

worker_rlimit_nofile 65535;

events {
    worker_connections 65535;
}

http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    log_format  main  '\$host \$server_port \$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$request_time \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    server_names_hash_bucket_size 128;
    server_name_in_redirect off;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;

    client_header_timeout  3m;
    client_body_timeout    3m;
    client_max_body_size 50m;
    client_body_buffer_size 256k;
    send_timeout           3m;

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types image/svg+xml application/x-font-wof text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript;
    gzip_vary on;

    proxy_redirect off;
    proxy_set_header Host \$host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header REMOTE-HOST \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_connect_timeout 60;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    proxy_buffer_size 256k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
    #让代理服务端不要主动关闭客户端的连接，协助处理499返回代码问题
    proxy_ignore_client_abort on;

    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;

    index index.html index.htm index.php default.html default.htm default.php;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}
EOF

mkdir /etc/nginx/conf.d

cat << EOF > /etc/nginx/conf.d/default.conf
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}
EOF

nginx -t

systemctl start nginx

systemctl status nginx

systemctl enable nginx

nginx -v

dnf install -y mariadb-server

cp /etc/my.cnf /etc/my.cnf.default

cat << EOF > /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

max_allowed_packet=20M
max_heap_table_size = 100M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
tmp_table_size = 100M

# 查询缓存
#query_cache_limit=4M
#query_cache_type=on
#query_cache_size=2G

bind-address = 127.0.0.1
# 跳过主机名解析，比如localhost，foo.com之类，加速访问
skip-name-resolve

# SQL执行日志
general_log=off
general_log_file=/var/log/mariadb/general.log

# SQL慢查询日志
slow_query_log=off
slow_query_log_file=/var/log/mariadb/slowquery.log
long_query_time = 5

max_connections = 1000

# 兼容老MySQL代码，比如使用空字符串代替NULL插入数据
sql_mode = ""

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
EOF

systemctl enable mariadb

systemctl start mariadb

systemctl status mariadb

mysqladmin -uroot password "geek"

mysql -uroot -pgeek -e 'show databases;'
mysql -uroot -pgeek -e 'drop database test;'
mysql -uroot -pgeek mysql -e 'delete from db;'
mysql -uroot -pgeek mysql -e 'delete from user where Password="";'
mysql -uroot -pgeek -e 'flush privileges;'

dnf install -y \
  php  \
  php-bcmath \
  php-fpm \
  php-gd \
  php-intl \
  php-mbstring \
  php-mysqlnd \
  php-opcache \
  php-pdo \
  php-pecl-apcu \
  php-xmlrpc \
  php-devel \
  php-json

sed -i '197s/short_open_tag = Off/short_open_tag = On/' /etc/php.ini

# 禁止一些危险性高的函数
sed -i '314s/disable_functions =/disable_functions = system,exec,shell_exec,passthru,set_time_limit,ini_alter,dl,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,virtual,socket_create,mail,eval/' /etc/php.ini

# 配置中国时区
sed -i '902s#;date.timezone =#date.timezone = Asia/Shanghai#' /etc/php.ini

systemctl enable php-fpm

systemctl start php-fpm

systemctl status php-fpm

mysql -uroot -pgeek -e 'create database drupal;grant all privileges on drupal.* to drupal@"localhost" identified by "drupal_password";flush privileges;'

cat << EOF > /etc/nginx/conf.d/drupal.foo.com.conf
server {
    listen       80;

    server_name  drupal.foo.com;
    root         /data/web/drupal.foo.com;
    error_log /var/log/nginx/drupal.foo.com_error.log;
    access_log /var/log/nginx/drupal.foo.com_access.log  main;

    location / {
        try_files \$uri /index.php\$is_args\$query_string;
    }

    location ~ \.php\$ {
        try_files \$uri \$uri/ 404;

        fastcgi_pass unix://run/php-fpm/www.sock;
        include fastcgi.conf;
    }
}
EOF

mkdir -p /data/web/drupal.foo.com

wget https://ftp.drupal.org/files/projects/drupal-8.7.10.tar.gz -O drupal-8.7.10.tar.gz
tar xf drupal-8.7.10.tar.gz
mv drupal-8.7.10/* /data/web/drupal.foo.com
rm -rf drupal-8.7.10
chown -R apache:nginx /data/web/drupal.foo.com
chmod -R 755 /data/web/drupal.foo.com

echo '47.74.60.161 drupal.foo.com' >> /etc/hosts

ln -s /usr/local/mosquitto-1.6.9/bin/* /usr/local/bin/
ln -s /usr/local/mosquitto-1.6.9/sbin/* /usr/local/bin/

echo /usr/local/mosquitto-1.6.9/lib/ >> /etc/ld.so.conf
ldconfig

useradd -c "mosquitto server user" -d /var/lib/mosquitto -s /sbin/nologin  mosquitto

cp /etc/mosquitto/mosquitto.conf.example /etc/mosquitto/mosquitto.conf
touch /etc/mosquitto/pwfile /etc/mosquitto/aclfile /var/log/mosquitto.log
chown mosquitto:mosquitto /var/log/mosquitto.log

sed -i '588s/#log_dest stderr/log_dest file \/var\/log\/mosquitto.log/' /etc/mosquitto/mosquitto.conf
sed -i '669s/# password_file/password_file \/etc\/mosquitto\/pwfile/' /etc/mosquitto/mosquitto.conf
sed -i '728s/#acl_file/acl_file \/etc\/mosquitto\/aclfile/' /etc/mosquitto/mosquitto.conf
sed -i '651s/#allow_anonymous true/allow_anonymous false/' /etc/mosquitto/mosquitto.conf

cat << EOF > /usr/lib/systemd/system/mosquitto.service
[Unit]
Description=Eclipse Mosquitto - An open source MQTT broker
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking

User=mosquitto
Group=mosquitto
ExecStart=/usr/local/mosquitto-1.6.9/sbin/mosquitto -d -c /etc/mosquitto/mosquitto.conf -v

[Install]
WantedBy=multi-user.target
EOF

systemctl enable mosquitto

systemctl start mosquitto
systemctl status mosquitto

mosquitto_passwd -b /etc/mosquitto/pwfile foo 'ugnCy55jZpJj0Xnh0ucS'

cat << EOF > /etc/mosquitto/aclfile
# This affects access control for clients with no username.
topic read \$SYS/#

# This affects all clients.
pattern readwrite #
EOF

mkdir -p ~/downloads
cd ~/downloads

wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -O ffmpeg-release-amd64-static.tar.xz
tar xf ffmpeg-release-amd64-static.tar.xz

rm -rf /usr/local/ffmpeg-6.0
mv ffmpeg-6.0-amd64-static /usr/local/ffmpeg-6.0/

mkdir -p /usr/local/ffmpeg-6.0/bin
mv /usr/local/ffmpeg-6.0/ffmpeg /usr/local/ffmpeg-6.0/bin/
mv /usr/local/ffmpeg-6.0/ffprobe /usr/local/ffmpeg-6.0/bin/
mv /usr/local/ffmpeg-6.0/qt-faststart /usr/local/ffmpeg-6.0/bin/

/usr/local/ffmpeg-6.0/bin/ffmpeg -version

ffmpeg version 6.0-static https://johnvansickle.com/ffmpeg/  Copyright (c) 2000-2023 the FFmpeg developers
built with gcc 8 (Debian 8.3.0-6)
configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
libavutil      58.  2.100 / 58.  2.100
libavcodec     60.  3.100 / 60.  3.100
libavformat    60.  3.100 / 60.  3.100
libavdevice    60.  1.100 / 60.  1.100
libavfilter     9.  3.100 /  9.  3.100
libswscale      7.  1.100 /  7.  1.100
libswresample   4. 10.100 /  4. 10.100
libpostproc    57.  1.100 / 57.  1.100

ffmpeg -i 'BLACKPINK - Really.mp4'  -vn -ar 44100 -ac 2 -b:a 192k 'BLACKPINK - Really.mp3'

echo "file '/run/media/BOA_LIVE_TOUR2014/BDMV/STREAM/00004.m2ts'" > m2ts_list.txt
echo "file '/run/media/BOA_LIVE_TOUR2014/BDMV/STREAM/00005.m2ts'" >> m2ts_list.txt

ffmpeg -f concat -safe 0 -i m2ts_list.txt  -vcodec copy -acodec pcm_s24le output.mkv

pip install git-filter-repo

ls ~/.local/bin/git-filter-repo

echo 'export PATH=$PATH:~/.local/bin' >> ~/.bashrc

source ~/.bashrc

# 请自行替换以下信息
echo '作者 <新邮箱> <旧邮箱>' > ~/.mailmap

git filter-repo --mailmap ~/.mailmap --force

git push origin  master --force

git push test master

java -jar target/gs-spring-boot-0.1.0.jar

cd statistics
javac -cp src/:/usr/share/java/postgresql-jdbc-8.4.704.jar -d bin/ src/statistics/Test.java

cd statistics
java -cp ./bin:/usr/share/java/postgresql-jdbc-8.4.704.jar statistics.Test

logging:
  file: logs/application-debug.log
  pattern:
    console: "%d %-5level %logger : %msg%n"
    file: "%d %-5level [%thread] %logger : %msg%n"
  level:
    org.springframework.web: ERROR
    com.howtodoinjava: DEBUG
    org.hibernate: ERROR

logging:
  file: logs/application-debug.log
  pattern:
    console: "%d %-5level %logger : %msg%n"
    file: "%d %-5level [%thread] %logger : %msg%n"
  level:
    org.springframework.web: ERROR
    com.howtodoinjava: INFO
    org.hibernate: ERROR

$ java -jar -Dspring.profiles.active=prod spring-boot-demo.jar

java -jar -Ddebug=true target/server-1.0-SNAPSHOT.jar

java -jar -Dtrace=true target/server-1.0-SNAPSHOT.jar

java -jar -Dserver.tomcat.basedir=tomcat -Dserver.tomcat.accesslog.enabled=true target/server-1.0-SNAPSHOT.jar

dnf install -y curl policycoreutils openssh-server
# Check if opening the firewall is needed with: systemctl status firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
systemctl reload firewalld


dnf install -y postfix
systemctl enable postfix
systemctl start postfix

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

EXTERNAL_URL="http://0.0.0.0:8000"  dnf install -y gitlab-ce

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

yumdownloader --urls gitlab-ce

Repository epel is listed more than once in the configuration
Extra Packages for Enterprise Linux Modular 8 - x86_64                                                                                                        2.7 kB/s |  10 kB     00:03
Extra Packages for Enterprise Linux Modular 8 - x86_64                                                                                                         28 kB/s | 116 kB     00:04
gitlab_gitlab-ce                                                                                                                                               77  B/s | 862  B     00:11
gitlab_gitlab-ce-source                                                                                                                                       100  B/s | 862  B     00:08
https://packages.gitlab.com/gitlab/gitlab-ce/el/8/x86_64/gitlab-ce-12.10.2-ce.0.el8.x86_64.rpm

wget -c https://packages.gitlab.com/gitlab/gitlab-ce/el/8/x86_64/gitlab-ce-12.10.2-ce.0.el8.x86_64.rpm

EXTERNAL_URL="http://0.0.0.0:8000"  dnf install -y gitlab-ce-12.10.2-ce.0.el8.x86_64.rpm

Repository epel is listed more than once in the configuration
Last metadata expiration check: 0:00:44 ago on Sat 02 May 2020 01:42:36 PM CST.
Dependencies resolved.
=================================================================================================
 Package          Architecture          Version          Repository          Size
=================================================================================================
Installing:
 gitlab-ce        x86_64                12.10.2-ce.0.el8 @commandline        789 M

Transaction Summary
=================================================================================================
Install  1 Package

Total size: 789 M
Installed size: 1.7 G
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                      1/1
  Running scriptlet: gitlab-ce-12.10.2-ce.0.el8.x86_64                                                                    1/1
  Installing       : gitlab-ce-12.10.2-ce.0.el8.x86_64                                                                    1/1
  Running scriptlet: gitlab-ce-12.10.2-ce.0.el8.x86_64                                                                    1/1
It looks like GitLab has not been configured yet; skipping the upgrade script.

       *.                  *.
      ***                 ***
     *****               *****
    .******             *******
    ********            ********
   ,,,,,,,,,***********,,,,,,,,,
  ,,,,,,,,,,,*********,,,,,,,,,,,
  .,,,,,,,,,,,*******,,,,,,,,,,,,
      ,,,,,,,,,*****,,,,,,,,,.
         ,,,,,,,****,,,,,,
            .,,,***,,,,
                ,*,.



     _______ __  __          __
    / ____(_) /_/ /   ____ _/ /_
   / / __/ / __/ /   / __ `/ __ \
  / /_/ / / /_/ /___/ /_/ / /_/ /
  \____/_/\__/_____/\__,_/_.___/


Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
  sudo gitlab-ctl reconfigure

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md


  Verifying        : gitlab-ce-12.10.2-ce.0.el8.x86_64                                                                    1/1

Installed:
  gitlab-ce-12.10.2-ce.0.el8.x86_64

Complete!

gitlab-ctl reconfigure

gitlab-ctl restart

# 禁用默认配置
sed -i 's/^external_url /#external_url /g' /etc/gitlab/gitlab.rb

cat << EOF >> /etc/gitlab/gitlab.rb
# 禁止k8s相关模块
gitlab_kas['enable'] = false

# 禁止默认功能设置
gitlab_rails['gitlab_default_projects_features_wiki'] = false
gitlab_rails['gitlab_default_projects_features_builds'] = false

gitlab_rails['gitlab_host'] = 'git.xxx.com'
gitlab_rails['gitlab_port'] = 443
gitlab_rails['gitlab_https'] = true

gitlab_rails['gitlab_ssh_host'] = 'git.xxx.com'
gitlab_rails['gitlab_shell_ssh_port'] = 22

# 禁用自动签发免费HTTPS证书
letsencrypt['enable'] = false

# 禁用签发证书后，需要显式启用Nginx服务
nginx['enable'] = true
# 禁用Nginx的HTTPS配置
nginx['redirect_http_to_https'] = false
nginx['listen_https'] = false

# Nginx端口监听配置
nginx['listen_addresses'] = ['127.0.0.1']
nginx['listen_port'] = 8000

git_data_dirs({
    "default" => {
        "path" => "/data/gitlab_data"
    }
})
EOF

# 重新生成配置并重启
gitlab-ctl reconfigure && gitlab-ctl restart

# 确认Nginx服务状态
ss -antpl|grep 8000

server {
    listen 2035 ssl http2;
    server_name git.xxx.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/letsencrypt/live/xxx.com/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    # 替换URL，解决README.md之类无法加载的问题
    sub_filter 'http://git.xxx.com'  'https://git.xxx.com';
    sub_filter_once off;
    sub_filter_last_modified on;
    # 替换 text/html application/json HTTP响应包中的内容
    sub_filter_types application/json;

    location / {
        auth_basic           "Administrator’s Area";
        auth_basic_user_file /etc/nginx/.htpasswd;

        # 一旦当前作用域设置proxy_set_header，全局设置即刻失效，注意补全所有需要的Header
        # 必须设置，否则新建项目后，会302跳转到http的80端口
        proxy_set_header Host git.xxx.com:443;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:1034;
    }

    location ~ ^/\.git/? {
        return 404;
    }
}

nginx -t && nginx -s reload

set name geek

get name

del name

exists name

# 为给定 key 设置过期时间，以秒计
expire name

# 查找所有符合给定模式( pattern)的 key
keys rts:*

# 同时设置一个或多个 key-value 对

mset key1 value1 [key2 value2]

# 获取所有(一个或多个)给定 key 的值
mget key1 [key2]

# 将 key 中储存的数字值增一
incr key
# 将 key 中储存的数字值减一
decr key

# 将 key 所储存的值加上给定的增量值（increment）
incrby key increment
# key 所储存的值减去给定的减量值（decrement）
decrby key decrement

# 将一个或多个值插入到列表头部
lpush key_list value1 value2
lpush key_list value3

# 获取列表长度
llen key_list


LRANGE runoobkey 0 10

# 移出并获取列表的第一个元素
lpop key_list

# 向集合添加一个或多个成员
sadd key_set  value1

# 获取集合的成员数
scard key

# 返回集合中的所有成员
smembers key

ZADD leaderboard:455 100 user:1
ZADD leaderboard:455 75 user:2
ZADD leaderboard:455 101 user:3
ZADD leaderboard:455 15 user:4
ZADD leaderboard:455 275 user:2


ZRANGE leaderboard:455 0 2 REV WITHSCORES

ZREVRANK leaderboard:455 user:2

del area_info_a area_info_b

redis-cli --scan --pattern users:* | xargs redis-cli unlink

yum install -y libffi-devel bzip2-devel readline-devel ncurses-devel gdbm-devel tkinter tcl-devel tcl libuuid-devel zlib-devel zlib xz-devel xz tk-devel tk  glibc-devel

test -L /usr/local/python3 || ln -s python-3.12.2 /usr/local/python3
test -L /usr/local/python3/bin/pip312 || ln -s pip3 /usr/local/python3/bin/pip312
test -L /usr/local/python3/bin/python312 || ln -s python3 /usr/local/python3/bin/python312

echo "export PATH=/usr/local/python3/bin:\${PATH}" > /etc/profile.d/python3.sh

source /etc/profile

echo $PATH|sed 's/:/\n/g'|sort -u|grep python

pip312 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip312 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

yum install -y libffi-devel bzip2-devel readline-devel ncurses-devel gdbm-devel tkinter tcl-devel tcl libuuid-devel zlib-devel zlib xz-devel xz tk-devel tk openssl-devel sqlite-devel glibc-devel

test -L /usr/local/python3 || ln -s python-3.12.2 /usr/local/python3
test -L /usr/local/python3/bin/pip312 || ln -s pip3 /usr/local/python3/bin/pip312
test -L /usr/local/python3/bin/python312 || ln -s python3 /usr/local/python3/bin/python312

echo "export PATH=/usr/local/python3/bin:\${PATH}" > /etc/profile.d/python3.sh
source /etc/profile

pip312 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip312 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

dnf install -y dnf-plugins-core
# for libnsl2-devel
dnf config-manager --set-enabled powertools
dnf install -y libnsl2-devel

dnf install -y libffi-devel bzip2-devel readline-devel ncurses-devel gdbm-devel tcl-devel tcl libuuid-devel zlib-devel zlib xz-devel xz tk-devel tk openssl-devel sqlite-devel glibc-devel

mkdir -p ~/downloads
dnf install -y gcc gcc-c++ make

cd  ~/downloads
wget https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tar.xz -O Python-3.12.2.tar.xz
tar xf Python-3.12.2.tar.xz
cd Python-3.12.2

./configure --prefix=/usr/local/python-3.12.2 \
    --enable-optimizations \
    --with-ensurepip \
    --enable-loadable-sqlite-extensions
make
make install

wget https://dl.cdgeekcamp.com/centos/8/python/3/python-3.12.2-1.el8.x86_64.tar.gz -O python-3.12.2-1.el8.x86_64.tar.gz

tar xf python-3.12.2-1.el8.x86_64.tar.gz

rm -rf /usr/local/python-3.12.2
mv python-3.12.2 /usr/local/python-3.12.2

test -L /usr/local/python3 || ln -s python-3.12.2 /usr/local/python3
test -L /usr/local/python3/bin/pip312 || ln -s pip3 /usr/local/python3/bin/pip312
test -L /usr/local/python3/bin/python312 || ln -s python3 /usr/local/python3/bin/python312

echo "export PATH=/usr/local/python3/bin:\${PATH}" > /etc/profile.d/python3.sh
source /etc/profile

pip312 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip312 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

dnf install -y dnf-plugins-core
# for libnsl2-devel and gdbm-devel
dnf config-manager --set-enabled crb
dnf install -y gdbm-devel libnsl2-devel

dnf install -y libffi-devel bzip2-devel readline-devel ncurses-devel tcl-devel tcl libuuid-devel zlib-devel zlib xz-devel xz tk-devel tk openssl-devel sqlite-devel

mkdir -p ~/downloads
dnf install -y gcc gcc-c++ make

cd  ~/downloads
wget https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tar.xz -O Python-3.12.2.tar.xz
tar xf Python-3.12.2.tar.xz
cd Python-3.12.2

./configure --prefix=/usr/local/python-3.12.2 \
    --enable-optimizations \
    --with-ensurepip \
    --enable-loadable-sqlite-extensions
make
make install

wget https://dl.cdgeekcamp.com/centos/9/python/3/python-3.12.2-1.el9.x86_64.tar.gz -O python-3.12.2-1.el9.x86_64.tar.gz

tar xf python-3.12.2-1.el9.x86_64.tar.gz

rm -rf /usr/local/python-3.12.2
mv python-3.12.2 /usr/local/python-3.12.2

test -L /usr/local/python3 || ln -s python-3.12.2 /usr/local/python3
test -L /usr/local/python3/bin/pip312 || ln -s pip3 /usr/local/python3/bin/pip312
test -L /usr/local/python3/bin/python312 || ln -s python3 /usr/local/python3/bin/python312

echo "export PATH=/usr/local/python3/bin:\${PATH}" > /etc/profile.d/python3.sh
source /etc/profile

pip312 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip312 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

apt install -y libssl-dev libffi-dev zlib1g-dev tk-dev libsqlite3-dev libbz2-dev ncurses-dev liblzma-dev uuid-dev libreadline-dev libgdbm-dev

apt install -y libgdbm-compat-dev

# 可选一
wget https://dl.cdgeekcamp.com/ubuntu/16.04/openssl-1.1.1n-1~ubuntu16.04_amd64.tar.gz -O openssl-1.1.1n-1~ubuntu16.04_amd64.tar.gz
tar xf openssl-1.1.1n-1~ubuntu16.04_amd64.tar.gz
rm -rf /usr/local/openssl-1.1.1n
mv openssl-1.1.1n/ /usr/local/openssl-1.1.1n

echo '/usr/local/openssl-1.1.1n/lib' > /etc/ld.so.conf.d/openssl-1.1.1n.conf
ldconfig
ldconfig -p|grep openssl-1.1.1n

wget https://dl.cdgeekcamp.com/ubuntu/16.04/python-3.12.2-1~ubuntu16.04_amd64.tar.gz -O python-3.12.2-1~ubuntu16.04_amd64.tar.gz


# 可选二
wget https://dl.cdgeekcamp.com/ubuntu/18.04/python-3.12.2-1~ubuntu18.04_amd64.tar.gz -O python-3.12.2-1~ubuntu18.04_amd64.tar.gz
# 可选三
wget https://dl.cdgeekcamp.com/ubuntu/22.04/python-3.12.2-1~ubuntu22.04_amd64.tar.gz -O python-3.12.2-1~ubuntu22.04_amd64.tar.gz

tar xf python-3.12.2-1~ubuntu*04_amd64.tar.gz

rm -rf /usr/local/python-3.12.2
mv python-3.12.2 /usr/local/python-3.12.2

test -L /usr/local/python3 || ln -s python-3.12.2 /usr/local/python3
test -L /usr/local/python3/bin/pip312 || ln -s pip3 /usr/local/python3/bin/pip312
test -L /usr/local/python3/bin/python312 || ln -s python3 /usr/local/python3/bin/python312

echo "export PATH=/usr/local/python3/bin:\${PATH}" > /etc/profile.d/python3.sh
source /etc/profile

pip312 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip312 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

# 允许在venv以外对安装包、卸载包
pip config set global.break-system-packages true
# 安装包时，不使用隔离模式。正常情况下，建议使用 `pip install --no-build-isolation xxx` 方式
pip config set global.no-build-isolation true

[distutils]
index-servers=
    pypi
    testpypi

[pypi]
username: <用户名>
password: <密码>

[testpypi]
repository: https://test.pypi.org/legacy/
username: <用户名>
password: <密码>

python3 -m pip install -U setuptools wheel

python3 setup.py bdist_wheel

dist/
  example_pkg_YOUR_USERNAME_HERE-0.0.1-py3-none-any.whl
  example_pkg_YOUR_USERNAME_HERE-0.0.1.tar.gz

python3 -m pip install -U twine

twine upload --repository-url https://test.pypi.org/legacy/ dist/*

twine upload --config-file ~/.pypirc -r testpypi dist/*

python3 -m pip install -i https://test.pypi.org/simple/ --no-deps example-pkg-YOUR-USERNAME-HERE

import example_pkg

twine upload dist/*

python3 -m pip install -i https://pypi.org/simple/ example-pkg

pip install 'jmespath>=0.9.3,<1.0.0'

Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Collecting alibaba-cloud-python-sdk-v2 (from -r requirements.txt (line 2))
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6a/67/0244b84f93699e67af65bd18d79c090f09cb1af7c2f363586440190dd6c6/alibaba-cloud-python-sdk-v2-1.0.6.tar.gz (793 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 793.4/793.4 kB 2.7 MB/s eta 0:00:00
  Preparing metadata (setup.py) ... erroress-exited-with-er
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [15 lines of output]
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-800r4u6_/alibaba-cloud-python-sdk-v2_e4a92643a9c349fb8482118c5b1dae7e/setup.py", line 19, in <module>
          VERSION = __import__("alibabacloud").__version__
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "/tmp/pip-install-800r4u6_/alibaba-cloud-python-sdk-v2_e4a92643a9c349fb8482118c5b1dae7e/alibabacloud/__init__.py", line 20, in <module>
          from alibabacloud.client import ClientConfig
        File "/tmp/pip-install-800r4u6_/alibaba-cloud-python-sdk-v2_e4a92643a9c349fb8482118c5b1dae7e/alibabacloud/client.py", line 21, in <module>
          import alibabacloud.retry.retry_policy as retry_policy
        File "/tmp/pip-install-800r4u6_/alibaba-cloud-python-sdk-v2_e4a92643a9c349fb8482118c5b1dae7e/alibabacloud/retry/retry_policy.py", line 15, in <module>
          from alibabacloud.retry.retry_condition import *
        File "/tmp/pip-install-800r4u6_/alibaba-cloud-python-sdk-v2_e4a92643a9c349fb8482118c5b1dae7e/alibabacloud/retry/retry_condition.py", line 15, in <module>
          import jmespath
      ModuleNotFoundError: No module named 'jmespath'
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

$ pip show jmespath
Name: jmespath
Version: 0.10.0
Summary: JSON Matching Expressions
Home-page: https://github.com/jmespath/jmespath.py
Author: James Saryerwinnie
Author-email: js@jamesls.com
License: MIT
Location: /home/lyuqiang/.local/lib/python3.11/site-packages
Requires:
Required-by: alibaba-cloud-python-sdk-v2

$ pip install --help | grep iso
  --no-build-isolation        Disable isolation when building a modern source
  --isolated                  Run pip in an isolated mode, ignoring

pip install --no-build-isolation alibaba-cloud-python-sdk-v2

sudo pacman -S axel

wget https://github.com/axel-download-accelerator/axel/releases/download/v2.17.8/axel-2.17.8.tar.gz -O axel-2.17.8.tar.gz
tar xf axel-2.17.8.tar.gz
cd axel-2.17.8

dnf install -y make gcc openssl-devel autoconf

./configure --prefix=/usr/local/axel-2.17.8
make && make install

ln -s /usr/local/axel-2.17.8/bin/axel /usr/local/bin/axel

certbot certonly  -d *.xxx.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
    cancel): webmaster@xxx.com

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
    agree in order to register with the ACME server at
    https://acme-v02.api.letsencrypt.org/directory
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (A)gree/(C)ancel: A

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Would you be willing to share your email address with the Electronic Frontier
    Foundation, a founding partner of the Let's Encrypt project and the non-profit
    organization that develops Certbot? We'd like to send you email about our work
    encrypting the web, EFF news, campaigns, and ways to support digital freedom.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: Y
    Obtaining a new certificate
    Performing the following challenges:
    dns-01 challenge for xxx.com

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NOTE: The IP of this machine will be publicly logged as having requested this
    certificate. If you're running certbot in manual mode on a machine that is not
    your server, please ensure you're okay with that.

    Are you OK with your IP being logged?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: Y

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Please deploy a DNS TXT record under the name
    _acme-challenge.xxx.com with the following value:

    1EfqEsqE3pbZqiJmxpHvEkM0XdUhvqW5w4lWb46zMjM

    Before continuing, verify the record is deployed.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Press Enter to Continue

dig _acme-challenge.xxx.com TXT

; <<>> DiG 9.16.2 <<>> _acme-challenge.xxx.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64914
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.xxx.com.	IN	TXT

;; ANSWER SECTION:
_acme-challenge.xxx.com. 596 IN	TXT	"1EfqEsqE3pbZqiJmxpHvEkM0XdUhvqW5w4lWb46zMjM"

;; Query time: 10 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: 六 5月 02 14:59:39 CST 2020
;; MSG SIZE  rcvd: 103

    Before continuing, verify the record is deployed.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Press Enter to Continue
    Waiting for verification...
    Cleaning up challenges

    IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/xxx.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/xxx.com/privkey.pem
    Your cert will expire on 2020-07-31. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew *all* of your certificates, run
    "certbot renew"
    - If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le

cat << EOF > /etc/nginx/conf.d/www.xxx.com.conf
server {
    listen 80;
    server_name www.xxx.com;
    root /data/web/www.xxx.com;

    location / {
        return 301 https://www.xxx.com;
    }

    location ^~ /.well-known/acme-challenge/ {
       default_type "text/plain";
    }

    location = /.well-known/acme-challenge/ {
       return 404;
    }
}
EOF

nginx -s reload

certbot certonly --email webmaster@xxx.com -w /data/web/www.xxx.com -d www.xxx.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
2: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for www.xxx.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.xxx.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.xxx.com/privkey.pem
This certificate expires on 2023-05-17.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

openssl dhparam -dsaparam -out /etc/letsencrypt/live/www.xxx.com/dhparam.pem 2048

cat << EOF > /etc/nginx/conf.d/xxx.com_ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name *.xxx.com;
    root /data/web/xxx.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/letsencrypt/live/xxx.com/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    # nginx: Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
    # certbot: If you’re using OCSP stapling with Nginx >= 1.3.7, chain.pem should be provided as the ssl_trusted_certificate to validate OCSP responses.
    ssl_trusted_certificate /etc/letsencrypt/live/xxx.com/chain.pem;


    location ~ ^/\.git/? {
        return 404;
    }
}
EOF

nginx -s reload

cat << EOF > /etc/systemd/system/letsencrypt.service
[Unit]
Description=Let's Encrypt renewal

[Service]
Type=oneshot
# ExecStart=/usr/local/bin/certbot renew

# 自动修改阿里云域名解析，完成证书续签
ExecStart=/usr/local/bin/certbot renew --manual --preferred-challenges=dns --manual-auth-hook '/data/LetsEncryptAliDnsTool/app.py --auth' --manual-cleanup-hook '/data/LetsEncryptAliDnsTool/app.py --cleanup'

ExecStartPost=/usr/sbin/nginx -s reload

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /etc/systemd/system/letsencrypt.service
[Unit]
Description=Let's Encrypt renewal

[Service]
Type=oneshot
ExecStart=/usr/local/bin/certbot renew
ExecStartPost=/usr/sbin/nginx -s reload

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /etc/systemd/system/letsencrypt.timer
[Unit]
Description=Monthly renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target
EOF

systemctl daemon-reload

systemctl enable letsencrypt.service
systemctl enable letsencrypt.timer

systemctl start letsencrypt.timer

systemctl list-timers letsencrypt.timer

# file foo.png
foo.png: PNG image data, 425 x 239, 8-bit/color RGB, non-interlaced

# file bar.jpg
bar.jpg: JPEG image data, JFIF standard 1.01 (1)

# identify foo.png
foo.png PNG 425x239 425x239+0+0 8-bit sRGB 143444B 0.000u 0:00.000

# identify bar.jpg
bar.jpg JPEG 540x1080 540x1080+0+0 8-bit sRGB 50405B 0.000u 0:00.000

convert foo.png bar.jpg

convert foo.png -resize 50% quz.png

convert foo.png -quality 50% quz.png

mogrify -resize 50% *.jpg

mogrify -quality 50% foo.jpg

mkdir -p ~/downloads
cd ~/downloads

wget -c https://www.inet.no/dante/sslfiles/dante-1.4.2/tgz-prod.dante-1.4.2-rhel72-amd64-64bit-gcc.tar.gz
tar xf tgz-prod.dante-1.4.2-rhel72-amd64-64bit-gcc.tar.gz

cp -r usr/ /

# 测试
sockd --help

useradd -r -s /bin/false  sockd

cat << EOF > /etc/sockd.conf
# \$Id: sockd.conf,v 1.52.10.2 2014/09/03 14:49:13 michaels Exp \$
#
# A sample sockd.conf
#
#
# The config file is divided into three parts;
#    1) server settings
#    2) rules
#    3) routes
#
# The recommended order is:
#   Server settings:
#               logoutput
#               internal
#               external
#               socksmethod
#               clientmethod
#               users
#               compatibility
#               extension
#               timeout
#               srchost
#
#  Rules:
#        client block/pass
#                from to
#                libwrap
#                log
#
#     block/pass
#                from to
#                socksmethod
#                command
#                libwrap
#                log
#                protocol
#                proxyprotocol
#
#  Routes:

# the server will log both via syslog, to stdout and to /var/log/sockd.log
#logoutput: syslog stdout /var/log/sockd.log
#logoutput: stderr
logoutput: /var/log/sockd.log

# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
#internal: 10.1.1.1 port = 1080
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080
internal: 0.0.0.0 port = 1080

# all outgoing connections from the server will use the IP address
# 195.168.1.1
#external: 192.168.1.1
external: eth0

# list over acceptable authentication methods, order of preference.
# An authentication method not set here will never be selected.
#
# If the socksmethod field is not set in a rule, the global
# socksmethod is filled in for that rule.
#

# methods for socks-rules.
#socksmethod: username none #rfc931

# methods for client-rules.
# The default of "none" permits anonymous access.
clientmethod: none

#or if you want to allow rfc931 (ident) too
#socksmethod: username rfc931 none

#or for PAM authentication
#socksmethod: pam

# The default of "none" permits anonymous access.
socksmethod: none

#
# User identities, an important section.
#

# when doing something that can require privilege, it will use the
# userid "sockd".
user.privileged: sockd

# when running as usual, it will use the unprivileged userid of "sockd".
user.unprivileged: sockd

# If you are not using libwrap, no need for the below line, so leave
# it commented.
# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands?  "libwrap".
#user.libwrap: libwrap


#
# Some options to help clients with compatibility:
#

# when a client connection comes in the socks server will try to use
# the same port as the client is using, when the socks server
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports as well.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport

# If you are using the Inferno Nettverk bind extension and have trouble
# running servers via the server, you might try setting this.
#compatibility: reuseaddr

#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind


#
# Misc options.
#

# how many seconds can pass from when a client connects til it has
# sent us it's request?  Adjust according to your network performance
# and methods supported.
#timeout.negotiate: 30   # on a lan, this should be enough.

# how many seconds can the client and it's peer idle without sending
# any data before we dump it?  Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
#timeout.io: 0 # or perhaps 86400, for a day.

# do you want to accept connections from addresses without
# dns info?  what about addresses having a mismatch in dns info?
#srchost: nounknown nomismatch

#
# The actual rules.  There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server.  I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socks server is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socks request.
#
# "from:" is the source address in both contexts.
#


#
# The "client" rules.  All our clients come from the net 10.0.0.0/8.
#

# Allow our clients, also provides an example of the port range command.
#client pass {
#        from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#        clientmethod: rfc931 # match all idented users that also are in passwordfile
#}

# This is identical to above, but allows clients without a rfc931 (ident)
# too.  In practice this means the socks server will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
#client pass {
#        from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#}

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}


# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us.  This is the default
# but if you give the rule yourself, you can specify details.
#client block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}


# the rules controlling what clients are allowed what requests
#

# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
#socks block {
#        from: 0.0.0.0/0 to: lo0
#        log: connect error
#}

# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
#socks block {
#        from: 0.0.0.0/0 to: 172.16.0.0/12
#        libwrap: spawn finger @%a
#        log: connect error
#}

# unless you need it, you could block any bind requests.
#socks block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        command: bind
#        log: connect error
#}

# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
#socks pass {
#        from: 10.0.0.0/8 to: 0.0.0.0/0
#        command: bind
#        log: connect error
#}

# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packet based.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway.  The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
#socks pass {
#        from: 0.0.0.0/0 to: 10.0.0.0/8
#        command: bindreply udpreply
#        log: connect error
#}


# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#socks pass {
#        from: 10.0.0.0/8 to: .example.com port = http
#        log: connect error
#        clientmethod: username
#}


# block any other http connects to the example.com domain.
#socks block {
#        from: 0.0.0.0/0 to: .example.com port = http
#        log: connect error
#}

# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
#socks pass {
#        from: 10.0.0.0/8 to: 0.0.0.0/0
#        protocol: tcp udp
#}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}

# last line, block everyone else.  This is the default but if you provide
# one  yourself you can specify your own logging/actions
#socks block {
#        from: 0.0.0.0/0 to: 0.0.0.0/0
#        log: connect error
#}

# route all http connects via an upstream socks server, aka "server-chaining".
#route {
# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
#}
EOF

sockd -f /etc/sockd.conf -D

mkdir -p ~/downloads
cd ~/downloads

mkdir -p /usr/local/frp/{bin,etc} /usr/local/frp/etc/conf.d
useradd --no-create-home -s /sbin/nologin frp

wget https://github.com/fatedier/frp/releases/download/v0.52.1/frp_0.52.1_linux_amd64.tar.gz -O frp_0.52.1_linux_amd64.tar.gz

tar xf frp_0.52.1_linux_amd64.tar.gz

rm -rf /usr/local/frp
cd frp_0.52.1_linux_amd64
cp frpc frps /usr/local/frp/bin
cp *.toml /usr/local/frp/etc

find /usr/local/frp/

toml set --toml-path /usr/local/frp/etc/frps.toml "bindAddr" 0.0.0.0
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "bindPort" 1840
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "kcpBindPort" 1840
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "vhostHTTPPort" 1080
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "vhostHTTPSPort" 1443
toml set --toml-path /usr/local/frp/etc/frps.toml "auth.method" token
toml set --toml-path /usr/local/frp/etc/frps.toml "auth.token" eeY8oe2Shaegeivaec5y

toml set --toml-path /usr/local/frp/etc/frps.toml "log.to" /var/log/frps.log
toml set --toml-path /usr/local/frp/etc/frps.toml "log.level" info
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "log.maxDays" 3

toml set --toml-path /usr/local/frp/etc/frps.toml "webServer.addr" 127.0.0.1
toml set --toml-path /usr/local/frp/etc/frps.toml --to-int "webServer.port" 1940
toml set --toml-path /usr/local/frp/etc/frps.toml "webServer.user" frpletnat
toml set --toml-path /usr/local/frp/etc/frps.toml "webServer.password" aez6uJ9aQuae9saeKi1i

#toml unset --toml-path /usr/local/frp/etc/frps.toml "httpPlugins"


cat << EOF > /usr/lib/systemd/system/frps.service
[Unit]
Description=Frp Server Service
After=network.target

[Service]
Type=simple
User=frp
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/frp/bin/frps -c /usr/local/frp/etc/frps.toml

[Install]
WantedBy=multi-user.target
EOF

touch /var/log/frps.log
chown frp /var/log/frps.log
systemctl enable frps --now

systemctl status frps

cat /var/log/frps.log

toml set --toml-path /usr/local/frp/etc/frpc.toml "user" FrpLessNat
toml set --toml-path /usr/local/frp/etc/frpc.toml "serverAddr" 18.162.123.80
toml set --toml-path /usr/local/frp/etc/frpc.toml --to-int "serverPort" 1840
toml set --toml-path /usr/local/frp/etc/frpc.toml "transport.protocol" kcp
toml set --toml-path /usr/local/frp/etc/frpc.toml "auth.method" token
toml set --toml-path /usr/local/frp/etc/frpc.toml "auth.token" eeY8oe2Shaegeivaec5y

toml set --toml-path /usr/local/frp/etc/frpc.toml "log.to" /var/log/frpc.log
toml set --toml-path /usr/local/frp/etc/frpc.toml "log.level" info
toml set --toml-path /usr/local/frp/etc/frpc.toml --to-int "log.maxDays" 3

toml set --toml-path /usr/local/frp/etc/frpc.toml "webServer.addr" 127.0.0.1
toml set --toml-path /usr/local/frp/etc/frpc.toml --to-int "webServer.port" 1940
toml set --toml-path /usr/local/frp/etc/frpc.toml "webServer.user" frpletnat
toml set --toml-path /usr/local/frp/etc/frpc.toml "webServer.password" aez6uJ9aQuae9saeKi1i

toml set --toml-path /usr/local/frp/etc/frpc.toml --to-array "includes" '["/usr/local/frp/etc/conf.d/*.toml"]'
toml unset --toml-path /usr/local/frp/etc/frpc.toml "proxies"
toml unset --toml-path /usr/local/frp/etc/frpc.toml "visitors"

cat << EOF > /usr/lib/systemd/system/frpc.service
[Unit]
Description=Frp Client Service
After=network.target

[Service]
Type=simple
User=frp
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/frp/bin/frpc -c /usr/local/frp/etc/frpc.toml
ExecReload=/usr/local/frp/bin/frpc reload -c /usr/local/frp/etc/frpc.toml

[Install]
WantedBy=multi-user.target
EOF

touch /var/log/frpc.log
chown frp /var/log/frpc.log
systemctl enable frpc --now

systemctl status frpc

cat /var/log/frpc.log

cat << EOF > /usr/local/frp/etc/conf.d/ssh_x.x.x.x_22.toml
[[proxies]]
name = "ssh_x.x.x.x_22"
type = "tcp"
localIP = "x.x.x.x"
localPort = 22
remotePort = 40022
EOF

tail -f  /var/log/frpc.log

npm config set registry https://registry.npm.taobao.org

cd /data/workspace/admin-vue-web
npm install
npm run build

cat << EOF > ~/.gradle/init.gradle
allprojects{
    repositories {
        mavenLocal()

        maven { url 'https://maven.aliyun.com/repository/public/' }
        maven { url 'https://maven.aliyun.com/repository/spring/'}
        maven { url 'https://maven.aliyun.com/repository/google/'}
        maven { url 'https://maven.aliyun.com/repository/gradle-plugin/'}
        maven { url 'https://maven.aliyun.com/repository/spring-plugin/'}
        maven { url 'https://maven.aliyun.com/repository/grails-core/'}
        maven { url 'https://maven.aliyun.com/repository/apache-snapshots/'}

        mavenCentral()
    }
}
EOF

yum install -y epel

yum install -y java-11-openjdk java-11-openjdk-devel java-11-openjdk-headless

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

cat << EOF > /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
EOF

yum --disablerepo="*" --enablerepo="elasticsearch" list available

Available Packages
apm-server.x86_64                              8.10.4-1                          elasticsearch
auditbeat.x86_64                               8.10.4-1                          elasticsearch
elastic-agent.x86_64                           8.10.4-1                          elasticsearch
elasticsearch.x86_64                           8.10.4-1                          elasticsearch
enterprise-search.x86_64                       8.10.4-1                          elasticsearch
filebeat.x86_64                                8.10.4-1                          elasticsearch
heartbeat-elastic.x86_64                       8.10.4-1                          elasticsearch
kibana.x86_64                                  8.10.4-1                          elasticsearch
logstash.x86_64                                1:8.10.4-1                        elasticsearch
metricbeat.x86_64                              8.10.4-1                          elasticsearch
packetbeat.x86_64                              8.10.4-1                          elasticsearch
pf-host-agent.x86_64                           8.10.4-1                          elasticsearch

network.host: 192.168.0.4

discovery.seed_hosts: ["192.168.0.0/24"]`

yum --disablerepo="*" --enablerepo="elasticsearch" install -y logstash

curl -H "Content-Type: application/json" -X PUT 'http://localhost:9200/wecompany/employee/1?pretty' -d '
{
    "first_name" : "John",
    "last_name" :  "Smith",
    "age" :        25,
    "about" :      "I love to go rock climbing",
    "interests": [ "sports", "music" ]
}
'

curl -H "Content-Type: application/json" -X PUT 'http://localhost:9200/wecompany/employee/2?pretty' -d '
{
    "first_name" :  "Jane",
    "last_name" :   "Smith",
    "age" :         32,
    "about" :       "I like to collect rock albums",
    "interests":  [ "music" ]
}
'

curl -H "Content-Type: application/json" -X PUT 'http://localhost:9200/wecompany/employee/3?pretty' -d '
{
    "first_name" :  "Douglas",
    "last_name" :   "Fir",
    "age" :         35,
    "about":        "I like to build cabinets",
    "interests":  [ "forestry" ]
}
'

{
  "_index" : "wecompany",
  "_type" : "employee",
  "_id" : "1",
  "_version" : 1,
  "found" : true,
  "_source" : {
    "first_name" : "John",
    "last_name" : "Smith",
    "age" : 25,
    "about" : "I love to go rock climbing",
    "interests" : [
      "sports",
      "music"
    ]
  }
}

{
  "took" : 204,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "2",
        "_score" : 0.2876821,
        "_source" : {
          "first_name" : "Jane",
          "last_name" : "Smith",
          "age" : 32,
          "about" : "I like to collect rock albums",
          "interests" : [
            "music"
          ]
        }
      },
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "1",
        "_score" : 0.2876821,
        "_source" : {
          "first_name" : "John",
          "last_name" : "Smith",
          "age" : 25,
          "about" : "I love to go rock climbing",
          "interests" : [
            "sports",
            "music"
          ]
        }
      }
    ]
  }
}

curl -H "Content-Type: application/json" -X GET 'http://localhost:9200/wecompany/employee/_search?pretty' -d '
{
    "query" :  {
        "match" : {
            "last_name" : "Smith"
        }
    }
}
'

返回结果同上

curl -H "Content-Type: application/json" -X GET 'http://localhost:9200/wecompany/employee/_search?pretty' -d '
{
    "query": {
        "bool": {
            "must": {
                "match": {
                    "last_name": "smith"
                }
            },
            "filter": {
                "range": {
                    "age": {
                        "gt": 30
                    }
                }
            }
        }
    }
}
'

{
  "took" : 39,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 1,
    "max_score" : 0.2876821,
    "hits" : [
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "2",
        "_score" : 0.2876821,
        "_source" : {
          "first_name" : "Jane",
          "last_name" : "Smith",
          "age" : 32,
          "about" : "I like to collect rock albums",
          "interests" : [
            "music"
          ]
        }
      }
    ]
  }
}

curl -H "Content-Type: application/json" -X GET 'http://localhost:9200/wecompany/employee/_search?pretty' -d '
{
    "query" :  {
        "match" : {
            "about" : "rock climbing"
        }
    }
}
'

{
  "took" : 10,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 2,
    "max_score" : 0.5753642,
    "hits" : [
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "1",
        "_score" : 0.5753642,
        "_source" : {
          "first_name" : "John",
          "last_name" : "Smith",
          "age" : 25,
          "about" : "I love to go rock climbing",
          "interests" : [
            "sports",
            "music"
          ]
        }
      },
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "2",
        "_score" : 0.2876821,
        "_source" : {
          "first_name" : "Jane",
          "last_name" : "Smith",
          "age" : 32,
          "about" : "I like to collect rock albums",
          "interests" : [
            "music"
          ]
        }
      }
    ]
  }
}

{
"query" :{ ... }
    "highlight" : {
            "fields" : {
                "about" : {}
            }
        }
}

curl -H "Content-Type: application/json" -X GET 'http://localhost:9200/wecompany/employee/_search?pretty' -d '
{
    "aggs": {
        "all_interests": {
            "terms": { "field": "interests.keyword" }
        }
    }
}
'

{
  "took" : 72,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 3,
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "2",
        "_score" : 1.0,
        "_source" : {
          "first_name" : "Jane",
          "last_name" : "Smith",
          "age" : 32,
          "about" : "I like to collect rock albums",
          "interests" : [
            "music"
          ]
        }
      },
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "1",
        "_score" : 1.0,
        "_source" : {
          "first_name" : "John",
          "last_name" : "Smith",
          "age" : 25,
          "about" : "I love to go rock climbing",
          "interests" : [
            "sports",
            "music"
          ]
        }
      },
      {
        "_index" : "wecompany",
        "_type" : "employee",
        "_id" : "3",
        "_score" : 1.0,
        "_source" : {
          "first_name" : "Douglas",
          "last_name" : "Fir",
          "age" : 35,
          "about" : "I like to build cabinets",
          "interests" : [
            "forestry"
          ]
        }
      }
    ]
  },
  "aggregations" : {
    "all_interests" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "music",
          "doc_count" : 2
        },
        {
          "key" : "forestry",
          "doc_count" : 1
        },
        {
          "key" : "sports",
          "doc_count" : 1
        }
      ]
    }
  }
}

GET /megacorp/employee/_search
{
  "query": {
    "match": {
      "last_name": "smith"
    }
  },
  "aggs": {
    "all_interests": {
      "terms": {
        "field": "interests.keyword"
      }
    }
  }
}

{
  ...
  "hits": {
    ...
  },
  "aggregations": {
    "all_interests": {
      "buckets": [
        {
          "key": "music",
          "doc_count": 2
        {
          "key": "sports",
          "doc_count": 1
        }
      ]
    }
  }
}

GET /megacorp/employee/_search
{
  "aggs": {
    "all_interests": {
      "terms": {
        "field": "interests.keyword"
      },
      "aggs": {
        "avg_age": {
          "avg": {
            "field": "age"
          }
        }
      }
    }
  }
}

{
  ...
  "hits": {
    ...
  },
  "all_interests": {
    "buckets": [
      {
        "key": "music",
        "doc_count": 2,
        "avg_age": {
          "value": 28.5
        }
      },
      {
        "key": "forestry",
        "doc_count": 1,
        "avg_age": {
          "value": 35
        }
      },
      {
        "key": "sports",
        "doc_count": 1,
        "avg_age": {
          "value": 25
        }
      }
    ]
  }
}

curl -H "Content-Type: application/json" -X PUT 'http://localhost:9200/wecompany/employee/2?pretty' -d '
{
    "first_name" :  "Jane",
    "last_name" :   "Smith",
    "age" :         33,
    "about" :       "I like to collect rock albums",
    "interests":  [ "music" ]
}
'

curl -H "Content-Type: application/json" -X DELETE 'http://localhost:9200/wecompany/employee/1?pretty'

{
  "query": {
    "match": {
      "tweet": "elasticsearch"
    }
  }
}

{
  "bool": {
    "must": {
      "match": {
        "tweet": "elasticsearch"
      }
    },
    "must_not": {
      "match": {
        "name": "mary"
      }
    },
    "should": {
      "match": {
        "tweet": "full text"
      }
    }
  }
}

{
  "bool": {
    "must": {
      "match": {
        "email": "business opportunity"
      }
    },
    "should": [
      {
        "match": {
          "starred": true
        }
      },
      {
        "bool": {
          "must": {
            "folder": "inbox"
          },
          "must_not": {
            "spam": true
          }
        }
      }
    ],
    "minimum_should_match": 1
  }
}