# пользователь и группа от которого запускается процесс
user www www;
# 3 рабочих процесса
worker_processes 3;
# Лог для ошибок
error_log logs/error.log;
events {
# максимум рабочих соединений
worker_connections 1024;
# Метод обработки соединений
# kqueue — эффективный метод, используемый во FreeBSD
# Подробнее http://sysoev.ru/nginx/docs/events.html
use kqueue;
}
http {
# Подключаем таблицу mime
include mime.types;
# mime-тип по умолчанию
default_type application/octet-stream;
# Формат лог файла
#log_format main '$remote_addr - $remote_user [$time_local] $request '
# '"$status" $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# Лог доступа всего веб-сервера
#access_log logs/access.log main;
# Директива задаёт таймаут при чтении заголовка запроса клиента
client_header_timeout 3m;
# Директива задаёт таймаут при чтении тела запроса клиента
client_body_timeout 3m;
# Директива задаёт таймаут при передаче ответа клиенту
send_timeout 3m;
# Директива задаёт таймаут, в течение которого keep-alive соединение с клиентом не будет закрыто со стороны сервера
keepalive_timeout 2m;
# Директива разрешает или запрещает использовать sendfile()
sendfile on;
# Директива разрешает или запрещает использовать опции TCP_NOPUSH во FreeBSD
# Подробнее http://sysoev.ru/nginx/docs/http/ngx_http_core_module.html#keepalive_timeout
#tcp_nopush on;
# Директива задаёт размер буфера для чтения заголовка запроса клиента
#client_header_buffer_size 1k;
# Директива задаёт максимальное число и размер буферов для чтения большого заголовка запроса клиента
#large_client_header_buffers 4 4k;
# Модуль позволяет описывать группы серверов, которые могут использоваться
# в директивах proxy_pass и fastcgi_pass.
upstream backend {
# Директива задаёт имя и параметры сервера. Обратите внимание, мы будем
# использовать имя "backend" в директиве proxy_pass
server 127.0.0.1:88;
}
server {
# Слушать 80 порт
listen 80;
# Использовать следующие хосты
server_name pyha.ru www.pyha.ru;
# Кодировка
#charset koi8-r;
# Лог доступа для конкретного виртуального хоста
#access_log logs/host.access.log main;
# Максимальный размер тела запроса клиента
client_max_body_size 101M;
# Разруливаем статику и динамку, смотрите описание ниже в этой статье!
location ~* \.(jpg|jpeg|gif|png|ico|css|bmp|swf|js)$ {
root /home/pyha/pyha.ru;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 180;
}
# Адрес страницы 404-ой ошибки, далее все ошибки по аналогии
#error_page 404 /404.html;
# Аналогично 404, только при этом назначается псевдоним 50x.html для всех
# 50x-тых ошибок и далее перенаправляется все на "root"
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# корневая директория
root /usr/local/www/nginx-dist;
}
}
}
Взято з http://adw0rd.ru/2009/nginx-and-apache-install/
вівторок, 23 червня 2009 р.
четвер, 11 червня 2009 р.
файловый редактор в mc
Почему-то в любимом mc в ubuntu 8.10 по умолчанию встал редактор nano
cd /home/.mc
sudo nano ini
Далее находим строчку
use_internal_edit=0
заменяем 0 на 1
сохраняем ctrl+x
жмём Y
и запускаем MC ^)
souece:
http://brandykov.blogspot.com/2009/02/mc.html
cd /home/.mc
sudo nano ini
Далее находим строчку
use_internal_edit=0
заменяем 0 на 1
сохраняем ctrl+x
жмём Y
и запускаем MC ^)
souece:
http://brandykov.blogspot.com/2009/02/mc.html
четвер, 4 червня 2009 р.
DNS За 15 хвилин
Сервер:
OS debian 5
ip 192.168.1.1
zone org.ua (для прикладу :) )
Насам перед потрібно встановити сам DNS сервер. В якості сервера я обрав bind, отже приступимо.
#aptitude install bind9
Дочекавшись закінчення процедури інсталяції робимо наступне.
#/etc/init.d/bind9 stop
Тепер можемо приступидо до зміни конфігураційних файлів.
#nano /etc/bind/named.conf.local
Зараз нам потрібно створити файли зон які ми вказали в named.conf.local, а саме db.org.ua та db.org.ua.rev
db.org.ua:
;
; BIND data file for broadcast zone org.ua
;
$TTL 604800
@ IN SOA org.ua. root.org.ua. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.org.ua.
ns A 127.0.0.1
ns A 192.168.1.1
gw A 192.168.1.1
web A 192.168.1.2
db.org.ua.rev
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA org.ua. root.org.ua. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1 PTR ns.org.ua.
2 PTR web.org.ua.
після чого потібно внести запис про DNS сервер в /etc/resolv.conf
#nano /etc/resolv.conf
Запускаємо сервер
#/etc/init.d/bind9 start
Перевіряємо
~# dig ns.org.ua
; <<>> DiG 9.3.4-P1.1 <<>> ns.org.ua
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.org.ua. IN A
;; ANSWER SECTION:
ns.org.ua. 604800 IN A 192.168.1.1
ns.org.ua. 604800 IN A 127.0.0.1
;; AUTHORITY SECTION:
org.ua. 604800 IN NS ns.org.ua.
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jun 4 15:47:32 2009
;; MSG SIZE rcvd: 73
OS debian 5
ip 192.168.1.1
zone org.ua (для прикладу :) )
Насам перед потрібно встановити сам DNS сервер. В якості сервера я обрав bind, отже приступимо.
#aptitude install bind9
Дочекавшись закінчення процедури інсталяції робимо наступне.
#/etc/init.d/bind9 stop
Тепер можемо приступидо до зміни конфігураційних файлів.
#nano /etc/bind/named.conf.local
zone "org.ua" {
type master;
file "/etc/bind/db.org.ua";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.org.ua.rev";
};
Зараз нам потрібно створити файли зон які ми вказали в named.conf.local, а саме db.org.ua та db.org.ua.rev
db.org.ua:
;
; BIND data file for broadcast zone org.ua
;
$TTL 604800
@ IN SOA org.ua. root.org.ua. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.org.ua.
ns A 127.0.0.1
ns A 192.168.1.1
gw A 192.168.1.1
web A 192.168.1.2
db.org.ua.rev
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA org.ua. root.org.ua. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1 PTR ns.org.ua.
2 PTR web.org.ua.
після чого потібно внести запис про DNS сервер в /etc/resolv.conf
#nano /etc/resolv.conf
search org.ua
nameserver 127.0.0.1
nameserver 192.168.1.1
Запускаємо сервер
#/etc/init.d/bind9 start
Перевіряємо
~# dig ns.org.ua
; <<>> DiG 9.3.4-P1.1 <<>> ns.org.ua
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.org.ua. IN A
;; ANSWER SECTION:
ns.org.ua. 604800 IN A 192.168.1.1
ns.org.ua. 604800 IN A 127.0.0.1
;; AUTHORITY SECTION:
org.ua. 604800 IN NS ns.org.ua.
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jun 4 15:47:32 2009
;; MSG SIZE rcvd: 73
/etc/network/interfaces
######################################################################
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
#
# A "#" character in the very first column makes the rest of the line
# be ignored. Blank lines are ignored. Lines may be indented freely.
# A "\" character at the very end of the line indicates the next line
# should be treated as a continuation of the current one.
#
# The "pre-up", "up", "down" and "post-down" options are valid for all
# interfaces, and may be specified multiple times. All other options
# may only be specified once.
#
# See the interfaces(5) manpage for information on what options are
# available.
######################################################################
# We always want the loopback interface.
#
# auto lo
# iface lo inet loopback
# An example ethernet card setup: (broadcast and gateway are optional)
#
# auto eth0
# iface eth0 inet static
# address 192.168.0.42
# network 192.168.0.0
# netmask 255.255.255.0
# broadcast 192.168.0.255
# gateway 192.168.0.1
# A more complicated ethernet setup, with a less common netmask, and a downright
# weird broadcast address: (the "up" lines are executed verbatim when the
# interface is brought up, the "down" lines when it's brought down)
#
# auto eth0
# iface eth0 inet static
# address 192.168.1.42
# network 192.168.1.0
# netmask 255.255.255.128
# broadcast 192.168.1.0
# up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
# up route add default gw 192.168.1.200
# down route del default gw 192.168.1.200
# down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
# A more complicated ethernet setup with a single ethernet card with
# two interfaces.
# Note: This happens to work since ifconfig handles it that way, not because
# ifup/down handles the ':' any differently.
# Warning: There is a known bug if you do this, since the state will not
# be properly defined if you try to 'ifdown eth0' when both interfaces
# are up. The ifconfig program will not remove eth0 but it will be
# removed from the interfaces state so you will see it up until you execute:
# 'ifdown eth0:1 ; ifup eth0; ifdown eth0'
# BTW, this is "bug" #193679 (it's not really a bug, it's more of a
# limitation)
#
# auto eth0 eth0:1
# iface eth0 inet static
# address 192.168.0.100
# network 192.168.0.0
# netmask 255.255.255.0
# broadcast 192.168.0.255
# gateway 192.168.0.1
# iface eth0:1 inet static
# address 192.168.0.200
# network 192.168.0.0
# netmask 255.255.255.0
# "pre-up" and "post-down" commands are also available. In addition, the
# exit status of these commands are checked, and if any fail, configuration
# (or deconfiguration) is aborted. So:
#
# auto eth0
# iface eth0 inet dhcp
# pre-up [ -f /etc/network/local-network-ok ]
#
# will allow you to only have eth0 brought up when the file
# /etc/network/local-network-ok exists.
# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet. If their MAC addresses get swapped (because an
# updated kernel uses a different order when probing for network cards,
# say), then they don't get brought up at all.
#
# auto eth0 eth1
# iface eth0 inet static
# address 192.168.42.1
# netmask 255.255.255.0
# pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66
# pre-up /usr/local/sbin/enable-masq
# iface eth1 inet dhcp
# pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF
# pre-up /usr/local/sbin/firewall
# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet, identified by MAC address rather than interface
# name:
#
# auto eth0 eth1
# mapping eth0 eth1
# script /path/to/get-mac-address.sh
# map 11:22:33:44:55:66 lan
# map AA:BB:CC:DD:EE:FF internet
# iface lan inet static
# address 192.168.42.1
# netmask 255.255.255.0
# pre-up /usr/local/sbin/enable-masq $IFACE
# iface internet inet dhcp
# pre-up /usr/local/sbin/firewall $IFACE
# A PCMCIA interface for a laptop that is used in different locations:
# (note the lack of an "auto" line for any of these)
#
# mapping eth0
# script /path/to/pcmcia-compat.sh
# map home,*,*,* home
# map work,*,*,00:11:22:33:44:55 work-wireless
# map work,*,*,01:12:23:34:45:50 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
# address 10.15.43.23
# netmask 255.255.255.0
# gateway 10.15.43.1
#
# Note, this won't work unless you specifically change the file
# /etc/pcmcia/network to look more like:
#
# if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi
# get_info $DEVICE
# case "$ACTION" in
# 'start')
# /sbin/ifup $DEVICE
# ;;
# 'stop')
# /sbin/ifdown $DEVICE
# ;;
# esac
# exit 0
# An alternate way of doing the same thing: (in this case identifying
# where the laptop is is done by configuring the interface as various
# options, and seeing if a computer that is known to be on each particular
# network will respond to pings. The various numbers here need to be chosen
# with a great deal of care.)
#
# mapping eth0
# script /path/to/ping-places.sh
# map 192.168.42.254/24 192.168.42.1 home
# map 10.15.43.254/24 10.15.43.1 work-wireless
# map 10.15.43.23/24 10.15.43.1 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
# address 10.15.43.23
# netmask 255.255.255.0
# gateway 10.15.43.1
#
# Note that the ping-places script requires the iproute package installed,
# and the same changes to /etc/pcmcia/network are required for this as for
# the previous example.
# Set up an interface to read all the traffic on the network. This
# configuration can be useful to setup Network Intrusion Detection
# sensors in 'stealth'-type configuration. This prevents the NIDS
# system to be a direct target in a hostile network since they have
# no IP address on the network. Notice, however, that there have been
# known bugs over time in sensors part of NIDS (for example see
# DSA-297 related to Snort) and remote buffer overflows might even be
# triggered by network packet processing.
#
# auto eth0
# iface eth0 inet manual
# up ifconfig $IFACE 0.0.0.0 up
# up ip link set $IFACE promisc on
# down ip link set $IFACE promisc off
# down ifconfig $IFACE down
# Set up an interface which will not be allocated an IP address by
# ifupdown but will be configured through external programs. This
# can be useful to setup interfaces configured through other programs,
# like, for example, PPPOE scripts.
#
# auto eth0
# iface eth0 inet manual
# up ifconfig $IFACE 0.0.0.0 up
# up /usr/local/bin/myconfigscript
# down ifconfig $IFACE down
Джерело: http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
#
# A "#" character in the very first column makes the rest of the line
# be ignored. Blank lines are ignored. Lines may be indented freely.
# A "\" character at the very end of the line indicates the next line
# should be treated as a continuation of the current one.
#
# The "pre-up", "up", "down" and "post-down" options are valid for all
# interfaces, and may be specified multiple times. All other options
# may only be specified once.
#
# See the interfaces(5) manpage for information on what options are
# available.
######################################################################
# We always want the loopback interface.
#
# auto lo
# iface lo inet loopback
# An example ethernet card setup: (broadcast and gateway are optional)
#
# auto eth0
# iface eth0 inet static
# address 192.168.0.42
# network 192.168.0.0
# netmask 255.255.255.0
# broadcast 192.168.0.255
# gateway 192.168.0.1
# A more complicated ethernet setup, with a less common netmask, and a downright
# weird broadcast address: (the "up" lines are executed verbatim when the
# interface is brought up, the "down" lines when it's brought down)
#
# auto eth0
# iface eth0 inet static
# address 192.168.1.42
# network 192.168.1.0
# netmask 255.255.255.128
# broadcast 192.168.1.0
# up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
# up route add default gw 192.168.1.200
# down route del default gw 192.168.1.200
# down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
# A more complicated ethernet setup with a single ethernet card with
# two interfaces.
# Note: This happens to work since ifconfig handles it that way, not because
# ifup/down handles the ':' any differently.
# Warning: There is a known bug if you do this, since the state will not
# be properly defined if you try to 'ifdown eth0' when both interfaces
# are up. The ifconfig program will not remove eth0 but it will be
# removed from the interfaces state so you will see it up until you execute:
# 'ifdown eth0:1 ; ifup eth0; ifdown eth0'
# BTW, this is "bug" #193679 (it's not really a bug, it's more of a
# limitation)
#
# auto eth0 eth0:1
# iface eth0 inet static
# address 192.168.0.100
# network 192.168.0.0
# netmask 255.255.255.0
# broadcast 192.168.0.255
# gateway 192.168.0.1
# iface eth0:1 inet static
# address 192.168.0.200
# network 192.168.0.0
# netmask 255.255.255.0
# "pre-up" and "post-down" commands are also available. In addition, the
# exit status of these commands are checked, and if any fail, configuration
# (or deconfiguration) is aborted. So:
#
# auto eth0
# iface eth0 inet dhcp
# pre-up [ -f /etc/network/local-network-ok ]
#
# will allow you to only have eth0 brought up when the file
# /etc/network/local-network-ok exists.
# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet. If their MAC addresses get swapped (because an
# updated kernel uses a different order when probing for network cards,
# say), then they don't get brought up at all.
#
# auto eth0 eth1
# iface eth0 inet static
# address 192.168.42.1
# netmask 255.255.255.0
# pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66
# pre-up /usr/local/sbin/enable-masq
# iface eth1 inet dhcp
# pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF
# pre-up /usr/local/sbin/firewall
# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet, identified by MAC address rather than interface
# name:
#
# auto eth0 eth1
# mapping eth0 eth1
# script /path/to/get-mac-address.sh
# map 11:22:33:44:55:66 lan
# map AA:BB:CC:DD:EE:FF internet
# iface lan inet static
# address 192.168.42.1
# netmask 255.255.255.0
# pre-up /usr/local/sbin/enable-masq $IFACE
# iface internet inet dhcp
# pre-up /usr/local/sbin/firewall $IFACE
# A PCMCIA interface for a laptop that is used in different locations:
# (note the lack of an "auto" line for any of these)
#
# mapping eth0
# script /path/to/pcmcia-compat.sh
# map home,*,*,* home
# map work,*,*,00:11:22:33:44:55 work-wireless
# map work,*,*,01:12:23:34:45:50 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
# address 10.15.43.23
# netmask 255.255.255.0
# gateway 10.15.43.1
#
# Note, this won't work unless you specifically change the file
# /etc/pcmcia/network to look more like:
#
# if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi
# get_info $DEVICE
# case "$ACTION" in
# 'start')
# /sbin/ifup $DEVICE
# ;;
# 'stop')
# /sbin/ifdown $DEVICE
# ;;
# esac
# exit 0
# An alternate way of doing the same thing: (in this case identifying
# where the laptop is is done by configuring the interface as various
# options, and seeing if a computer that is known to be on each particular
# network will respond to pings. The various numbers here need to be chosen
# with a great deal of care.)
#
# mapping eth0
# script /path/to/ping-places.sh
# map 192.168.42.254/24 192.168.42.1 home
# map 10.15.43.254/24 10.15.43.1 work-wireless
# map 10.15.43.23/24 10.15.43.1 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
# address 10.15.43.23
# netmask 255.255.255.0
# gateway 10.15.43.1
#
# Note that the ping-places script requires the iproute package installed,
# and the same changes to /etc/pcmcia/network are required for this as for
# the previous example.
# Set up an interface to read all the traffic on the network. This
# configuration can be useful to setup Network Intrusion Detection
# sensors in 'stealth'-type configuration. This prevents the NIDS
# system to be a direct target in a hostile network since they have
# no IP address on the network. Notice, however, that there have been
# known bugs over time in sensors part of NIDS (for example see
# DSA-297 related to Snort) and remote buffer overflows might even be
# triggered by network packet processing.
#
# auto eth0
# iface eth0 inet manual
# up ifconfig $IFACE 0.0.0.0 up
# up ip link set $IFACE promisc on
# down ip link set $IFACE promisc off
# down ifconfig $IFACE down
# Set up an interface which will not be allocated an IP address by
# ifupdown but will be configured through external programs. This
# can be useful to setup interfaces configured through other programs,
# like, for example, PPPOE scripts.
#
# auto eth0
# iface eth0 inet manual
# up ifconfig $IFACE 0.0.0.0 up
# up /usr/local/bin/myconfigscript
# down ifconfig $IFACE down
Джерело: http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
Підписатися на:
Дописи (Atom)