当你年老时,你是否常常想,要是年轻时多努力下该好。
一、基本操作
# 查看防火墙状态 service iptables status # 停止防火墙 service iptables stop # 启动防火墙 service iptables start # 重启防火墙 service iptables restart # 永久关闭防火墙 chkconfig iptables off # 永久关闭后重启 chkconfig iptables on
2、查看防火墙状态,防火墙处于开启状态并且只开放了22端口
3、开启80端口
vim /etc/sysconfig/iptables # 加入如下代码,比着两葫芦画瓢 :) -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 保存退出后重启防火墙 service iptables restart
=================== 分割线 ===================
其他开启其他端口亦是如此。
https://www.cnblogs.com/xxoome/p/6884376.html
1、使用方向键 上下,可以查看命令历史记录
2、使用clear 清屏
I recognize that Up/Down will give you the command history. But, how do you look at past output by scrolling up and down?
I have used Shift+Page Up/Page Down, Alt+Shift+Up/Down and Page Up/Page Downbut none of these seem to work.
How do you scroll up/down on the Linux console?
Shift+Fn+ UP or DOWN on a Macbook will allow you to scroll.
或者
SHIFT+Page Up and SHIFT+Page Down. If it doesn’t work try this and then it should:
Go the terminal program, and make sure
Edit/Profile Preferences/Scrolling/Scrollback/Unlimited
is checked.The exact location of this option might be somewhere different though, I see that you are using Redhat.
当然直接用SSH客户端连接服务器就能直接翻页scroll 和复制粘贴了。
yum 下载慢,用 ctrl + c 取消 yum安装。我取消下载,然后重新下载速度就变快了 = _ =
配置国内yum源
系统默认的yum 源速度往往不尽人意,为了达到快速安装的目的,在这里修改yum源为国内源。
上海交通大学yum源
参考:https://www.cnblogs.com/mchina/archive/2013/01/04/2842275.html
感觉:不需要啊,因为 CentOS-Base.repo 采用的是 镜像源下载,理论上自动化,哪个下载点快,就用哪个的啊。↓↓↓↓↓
[base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/altarch/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@www ~]# ping www.baidu.com ping: www.baidu.com: Name or service not known
如果ping域名的时候出现ping:unknown host xxx.xxx
但是ping IP地址的时候可以通的话
可知是dns服务器没有配置好,
查看一下配置文件/etc/resolv.conf,里面是否有nameserver xxx.xxx.xxx.xxx,比如使用dns服务器 nameserver 8.8.8.8,如果有,修改一个可用的dns服务器,如8.8.8.8或者4.4.4.4,保存退出即可!
当然,如果连ip都ping 8.8.8.8都ping不通的话,那么就说明网络配置有问题:可以这样解决:
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3 #注 网络配置文件名可能会有不同,在输入到ifcfg时,可以连续按两下tab键,获取提示,比如我的机器 为 ifcfg-enp0s3
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp0s3 UUID=098aaea2-65b0-49b7-821d-1fe636293b46 DEVICE=enp0s3 ONBOOT=yes #### 刚打开这一行是 no ,我编辑改成了yes,只需要按 i 就能编辑,编辑完按esc退出编辑模式,然后按:wq保存文件 [注意:是英文的冒号] ZONE=public
centos6系统下 service network restart centos7系统下[速度有点慢2秒钟左右] systemctl restart network
[root@localhost ~]# ping baidu.com PING baidu.com (39.156.69.79) 56(84) bytes of data. 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=53 time=39.6 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=53 time=78.5 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=53 time=71.8 ms 64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=4 ttl=53 time=136 ms ### 按 contrl键 + c键 取消
还可以自定义DNS
vi /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4
ifconfig 安装
##### 如果查看本机,发现没有 ifconfig 命令行 [root@localhost ~]# ifconfig -bash: ifconfig: command not found [root@localhost ~]# ##### 首先确认下是否是环境变量没有ifconfig 引起。 [root@localhost ~]# ls /sbin/ifconfig ls: cannot access /sbin/ifconfig: No such file or directory [root@localhost ~]# ##### 以上确定了系统是没有安装ifconfig,下面我们来安装 ##### locale是本地语言设置问题可忽略 [root@localhost ~]# yum install ifconfig Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.huaweicloud.com * extras: centosx4.centos.org * updates: mirrors.huaweicloud.com No package ifconfig available. Error: Nothing to do [root@localhost ~]# ### 提示没有ifconfig安装包。我们再使用yum search ifconfig来搜索下ifconfig的相关 [root@localhost ~]# yum search ifconfig Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.huaweicloud.com * extras: mirror-hk.koddos.net * updates: mirrors.huaweicloud.com =================================== Matched: ifconfig ==================================== net-tools.i686 : Basic networking tools [root@localhost ~]# ##### 查看ifconfig匹配的是net-tools.i686包 yum install net-tools.i686 -y
ifconfig使用
### 使用ifconfig命令,可以查看本地IP,下面这个是 没有联网时的
[root@localhost ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 08:00:38:56:29:2c txqueuelen 1000 (Ethernet)
RX packets 95 bytes 9319 (9.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 104 bytes 9383 (9.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 152 bytes 13024 (12.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 152 bytes 13024 (12.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
### 下面这个是 联网 成功的 本机IP是 192.168.1.128
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.128 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fd38::3d2:a2b7:39cb:278a prefixlen 64 scopeid 0x20<link>
ether 08:00:38:56:29:2c txqueuelen 1000 (Ethernet)
RX packets 111 bytes 11112 (10.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 124 bytes 11293 (11.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 156 bytes 13368 (13.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 156 bytes 13368 (13.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip addr 命令(也可以查看本机ip)
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:38:56:29:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.128/24 brd 192.168.1.255 scope global noprefixroute dynamic enp0s3
valid_lft 5226sec preferred_lft 5226sec
inet6 fd38::3d2:a2b7:39cb:278a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]#
netstat和ss命令(也可以查看本机ip)
输入ifconfig命令查看是否有内网ip地址,如果没有,那么配置一下: eth0是设备名,具体看ifconfig 显示的设备名。
ifconfig eth0 192.168.1.100 netmask 255.0.0.0 up
另外使用route命令查看一下当前的默认网关,如果没有,也配置一个,
route add default gw 192.168.1.1
配置好这两个以后,就可以正常的ping通网络了,如果还不能ping www.baidu.com,那么就要去查看dns服务器啦
参考:
https://blog.csdn.net/qq_30180559/article/details/79535596
https://jingyan.baidu.com/article/eb9f7b6d42636d869364e8c9.html
https://blog.csdn.net/menlinshuangxi/article/details/7968955
之前为了方便连接到公网服务器,在本地SSH 客户端设置了socket代理。这样能加速访问服务器。
但是有一天,要访问局域网时,因为默认开了代理的缘故,本机SSH 无法连接到 局域网内的centos服务器。【其实是开了centos虚拟机,网络配置是桥接】
只要将本地的SSH取消socket代理就行了,这样就能访问局域网内的服务器了。
正常情况下,有两个启动项,一个是“正常启动”,另一个是“救援模式启动”(rescue)。
如果启动项多于2个,说明当前系统有旧内核未删除。原因是CentOS更新后不会自动删除旧内核。
默认以新内核启动,可以在启动选项中临时选择,也可以修改配置永久指定。
[root@CentOS-7 ~]# uname -r # 查看当前内核版本
3.10.0-693.5.2.el7.x86_64
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# cat /boot/grub2/grub.cfg |grep "menuentry " # 查看所有可用内核
menuentry 'CentOS Linux (3.10.0-693.5.2.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-327.el7.x86_64-advanced-88ae7d3d-ffaf-4402-9d44-56b6845789e4' {
menuentry 'CentOS Linux (3.10.0-327.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-327.el7.x86_64-advanced-88ae7d3d-ffaf-4402-9d44-56b6845789e4' {
menuentry 'CentOS Linux (0-rescue-8405cda22c0b421db40478edcf9c1fb2) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-8405cda22c0b421db40478edcf9c1fb2-advanced-88ae7d3d-ffaf-4402-9d44-56b6845789e4' {
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# grub2-set-default 'CentOS Linux (3.10.0-327.el7.x86_64) 7 (Core)'
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# grub2-editenv list # 查看内核修改结果
saved_entry=CentOS Linux (3.10.0-327.el7.x86_64) 7 (Core)
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# uname -r # 查看当前内核版本
3.10.0-693.5.2.el7.x86_64
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# rpm -qa |grep kernel-[0-9] # 查看全部内核包
kernel-3.10.0-693.5.2.el7.x86_64
kernel-3.10.0-327.el7.x86_64
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# yum remove kernel-3.10.0-327.el7.x86_64 # 删除指定的无用内核
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-327.el7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Removing:
kernel x86_64 3.10.0-327.el7 @anaconda 136 M
Transaction Summary
=============================================================================================================================================================
Remove 1 Package
Installed size: 136 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : kernel-3.10.0-327.el7.x86_64 1/1
Verifying : kernel-3.10.0-327.el7.x86_64 1/1
Removed:
kernel.x86_64 0:3.10.0-327.el7
Complete!
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# rpm -qa |grep kernel-[0-9] # 查看全部内核包
kernel-3.10.0-693.5.2.el7.x86_64
[root@CentOS-7 ~]#
[root@CentOS-7 ~]# cat /boot/grub2/grub.cfg |grep "menuentry "
menuentry 'CentOS Linux (3.10.0-693.5.2.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-327.el7.x86_64-advanced-88ae7d3d-ffaf-4402-9d44-56b6845789e4' {
menuentry 'CentOS Linux (0-rescue-8405cda22c0b421db40478edcf9c1fb2) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-8405cda22c0b421db40478edcf9c1fb2-advanced-88ae7d3d-ffaf-4402-9d44-56b6845789e4' {
[root@CentOS-7 ~]#
来自:https://www.cnblogs.com/anliven/p/7944842.html
lsof -i:443 /usr/share/nginx/html /etc/nginx/conf.d /var/log/nginx/error.log vim /etc/nginx/conf.d/www.huaijiujia.com.conf systemctl restart nginx [root@superguy ~]# hostnamectl set-hostname amazon.com [root@superguy ~]# ## 非 ss 流量端口 转发 --failover www.amazon.com:443 vim /etc/php-fpm.d/www.conf systemctl restart php-fpm chmod 777 /dev/shm/php-fcgi.sock ls -al /dev/shm/php-fcgi.sock top journalctl -xe vim /etc/systemd/system/obfs-server.service systemctl daemon-reload systemctl restart obfs-server
su root 可以切换成root 用户
shell编程
变量赋值时,等号两侧不能有空格!!!
注意 expr 运算符间要有空格 expr a + b
条件判断 : [ a>b ] []条件框 前后都要有空格
注意:$[] 这个 是获取表达式结果 []前后 不需要空格
(()) 出现在 运算式 循环式 中
while 循环后面 别忘记 打空格
while [ 条件判断式 ] do
程序
done
===================================
9.test或[]的使用,也不一定要有if
例如
#!/bin/bash
var1=20
var2=22
[ "$var1" -ne "$var2" ] && echo "$var1 is not equal to $var2"
home=/home
[ -d $home ] || echo "$home directory does not exist"
注意:
&&:前一个操作失败,后一个就不再执行
|| : 前一个操作成功,后一个就不再执行
===================================
在实际使用时,下面两种写法都是正确的。
date "+%Y_%m_%d_%H%M%S"
date +%Y_%m_%d_%H%M%S
${ } 的一些特异功能:
${变量名} 和 $变量名 效果是一样的,只是为了显示好看点。
假设我们定义了一个变量为:
file=/dir1/dir2/dir3/my.file.txt
我们可以用 ${ } 分别替换获得不同的值:
${file#*/}:拿掉第一条 / 及其左边的字符串:dir1/dir2/dir3/my.file.txt
${file##*/}:拿掉最后一条 / 及其左边的字符串:my.file.txt
${file#*.}:拿掉第一个 . 及其左边的字符串:file.txt
${file##*.}:拿掉最后一个 . 及其左边的字符串:txt
${file%/*}:拿掉最后条 / 及其右边的字符串:/dir1/dir2/dir3
${file%%/*}:拿掉第一条 / 及其右边的字符串:(空值)
${file%.*}:拿掉最后一个 . 及其右边的字符串:/dir1/dir2/dir3/my.file
${file%%.*}:拿掉第一个 . 及其右边的字符串:/dir1/dir2/dir3/my
github 最近禁用了 tls1.0 加密协议,而此时mac系统上,旧版sublime,下载时会出现报错。查看sublime控制台报错信息:
Package info was unavailable last time crawler ran. Error downloading repository. HTTP exception InvalidCertificateException (Host api.github.com returned an invalid certificate ([SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:548))) downloading https://api.github.com/repos/rust-lang/sublime-rust.
然后查到:github 的问题贴
简单来说就是,mac版 sublime 用的下载模块是 urllib ,而urllib 是python自带的标准库,里面有ssl模块。而旧版python的ssl模块,采用ssl1.0连接服务器,所以导致高版本的ssl服务器拒绝连接。
解决办法是:打开sublime的
preferences->Package settings->Package control->Settings – User
添加如下代码:【也就是知道下载模块的第一优先级是使用 crul 模块】
"downloader_precedence":
{
"osx":
[
"curl",
"urllib",
"wget"
]
},
urllib是Python自带的标准库,无需安装,直接可以用。
提供了如下功能:
爬虫所需要的功能,基本上在urllib中都能找到,学习这个标准库,可以更加深入的理解后面更加便利的requests库。
python 2.7 代码使用如下:
# request:GET
import urllib
response = urllib.urlopen('http://www.baidu.com')
print(response.read().decode('utf-8'))
英文问题讨论解析:
The problem is that the crawler is running on an old OS and Python 3.3, which doesn’t support TLS 1.2. wbond is already on it.
=====================================================
Python 3.3’s _ssl module uses the OpenSSL API in such a way that a connection to a TLS 1.2 server is not possible. It doesn’t use the TLS 1.1 or TLS 1.2 constants, but rather a constant for TLS 1.0. This results in GitHub rejecting the connection since it uses an insecure version of the TLS protocol.
Windows users by default use the WinInetDownloader, which uses the wininet library, and Microsoft’s TLS stack, so as long as they are running a recent build of Windows, they will have TLS 1.2.
Mac and Linux users default to using urllib, which utilizes the Python _ssl module.
因为mac 现在主要用 LibreSSL,openssl的更新没有及时。
如果需要更新,可以用brew来安装 openssl,并将其设置为 系统默认的openssl。
cooldeMacBook-Pro:~ cool$ brew install openssl Updating Homebrew... ==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2p.el_capitan.bottle.tar. ######################################################################## 100.0% ==> Pouring openssl-1.0.2p.el_capitan.bottle.tar.gz ==> Caveats A CA file has been bootstrapped using certificates from the SystemRoots keychain. To add additional certificates (e.g. the certificates added in the System keychain), place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash openssl is keg-only, which means it was not symlinked into /usr/local, because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries. If you need to have openssl first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile For compilers to find openssl you may need to set: export LDFLAGS="-L/usr/local/opt/openssl/lib" export CPPFLAGS="-I/usr/local/opt/openssl/include" ==> Summary ? /usr/local/Cellar/openssl/1.0.2p: 1,793 files, 12.2MB cooldeMacBook-Pro:~ cool$ openssl version OpenSSL 0.9.8zh 14 Jan 2016 cooldeMacBook-Pro:~ cool$
调用方法一:更新系统环境变量:
cooldeMacBook-Pro:~ cool$ echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile cooldeMacBook-Pro:~ cool$ source ~/.bash_profile cooldeMacBook-Pro:~ cool$ openssl version OpenSSL 1.0.2p 14 Aug 2018
调用方法二:
1、删除了.bash_profile中 的用户配置路径 openssl,
2、找到系统 /usr/bin/openssl 重命名乱连接,做备份 /usr/bin/openssl.bak
3、查看 新版openssl的安装目录:
cooldeMacBook-Pro:~ cool$ ls -l /usr/local/opt/openssl lrwxr-xr-x 1 cool admin 24 Oct 29 21:06 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.2p
4、备份原来的/usr/bin/openssl,并重新设置系统openssl的软连接:
cooldeMacBook-Pro:~ cool$ sudo ln -s /usr/local/Cellar/openssl/1.0.2p/bin/openssl /usr/bin/openssl Password: cooldeMacBook-Pro:~ cool$
关于python中的 ssl版本问题:
urllib是Python自带的标准库,无需安装,直接可以用。而urllib 是python自带的标准库,里面有ssl模块。也就是说python自带的的ssl模块与系统的openssl软件是无关的,版本号当然可以不相同。
cooldeMacBook-Pro:~ cool$ python -c "import ssl; print(ssl.OPENSSL_VERSION)" OpenSSL 0.9.8zh 14 Jan 2016 cooldeMacBook-Pro:~ cool$ python Python 2.7.10 (default, Oct 23 2015, 19:19:21) [GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> ssl.OPENSSL_VERSION 'OpenSSL 0.9.8zh 14 Jan 2016' >>>
所以使用 旧版本的 urllib 库的 爬虫只支持ssl 1.0协议,导致ssl高版本协议的服务器拒绝与其连接。
HTTP exception InvalidCertificateException (Host codeload.github.com returned an invalid certificate ([SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:548))) downloading https://codeload.github.com/seanliang/ConvertToUTF8/zip/1.2.11.