静怡家园

#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH # Check if user is root if [ $(id -u) != "0" ]; then     echo "Error: You must be root to run this script!"     exit 1 fi clear echo "+----------------------------------------------------------+" echo "|Author:jingyihome                                         |" echo "+----------------------------------------------------------+" echo "|E-mail:webmaster@zhanghaijun.com                          |" echo "+----------------------------------------------------------+" echo "|Website:http://www.zhanghaijun.com                        |" echo "+----------------------------------------------------------+" echo "|Usage: ./proftpd.sh or ./proftpd.sh install|uninstall     |" echo "+----------------------------------------------------------+" cur_dir=$(pwd) Proftpd_Ver='proftpd-1.3.6rc2' installdir="/usr/local/proftpd" Install_Proftpd() {     echo -e "\033[32m Installing dependent packages... \033[0m"       yum -y install make gcc gcc-c++ gcc-g77 openssl openssl-devel wget     echo -e "\033[32m Download files... \033[0m"     cd ${cur_dir}/     wget --no-check-certificate https://soft.loveyan.com/ftp/proftpd/${Proftpd_Ver}.tar.gz ${cur_dir}/${Proftpd_Ver}.tar.gz     if [ $? -eq 0 ]; then         echo "Download ${Proftpd_Ver}.tar.gz successfully!"     else         wget ftp://ftp.proftpd.org/distrib/source/${Proftpd_Ver}.tar.gz ${cur_dir}/${Proftpd_Ver}.tar.gz     fi     echo -e "\033[32m Installing proftpd... \033[0m"     tar xzvf ${Proftpd_Ver}.tar.gz ${Proftpd_Ver}     cd ${Proftpd_Ver}     ./configure --prefix=${installdir}     make && make install     cd ${cur_dir}/     echo -e "\033[32m Create configure files... \033[0m"     mv ${installdir}/etc/proftpd.conf ${installdir}/etc/bak_proftpd.conf     wget --no-check-certificate https://soft.loveyan.com/ftp/proftpd/proftpd.conf     if [ $? -eq 0 ]; then          sed -i "s#/usr/local/ftp/proftpd#${installdir}#g" ${cur_dir}/proftpd.conf          mv ${cur_dir}/proftpd.conf ${installdir}/etc/     else         echo -e "\033[31m Download proftpd.conf failed! \033[0m"         exit 1     fi     if [ -L /etc/init.d/proftpd ]; then         rm -f /etc/init.d/proftpd     fi     wget --no-check-certificate https://soft.loveyan.com/ftp/proftpd/proftpdinit     if [ $? -eq 0 ]; then          sed -i "s#/usr/local/ftp/proftpd#${installdir}#g" ${cur_dir}/proftpdinit          mv ${cur_dir}/proftpdinit /etc/init.d/proftpd          chmod +x /etc/init.d/proftpd          touch ${installdir}/etc/ftpd.passwd          chmod 600 ${installdir}/etc/ftpd.passwd     else         echo -e "\033[31m Download proftpdinit failed! \033[0m"         exit 1     fi     rm -rf ${cur_dir}/${Proftpd_Ver}     if [ -s /sbin/iptables ]; then        /sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT        /sbin/iptables -I INPUT -p tcp --dport 50000:53000 -j ACCEPT     else        echo -e "\033[32m iptables was not installed! \033[0m"     fi     service iptables save     if [[ -s ${installdir}/sbin/proftpd && -s ${installdir}/etc/proftpd.conf && -s /etc/init.d/proftpd ]]; then         echo "Starting proftpd..."         /etc/init.d/proftpd start         ln -s ${installdir}/bin/ftpasswd /bin/ftpasswd         echo "+----------------------------------------------------------------------------------------------------------------------------+"         echo "| Install ProFTPd completed,enjoy it!"         echo "| =>use:ftpasswd --passwd --file=${installdir}/etc/ftpd.passwd --name=X --uid=X --gid=X --home=dir --shell=/bin/false"         echo "+----------------------------------------------------------------------------------------------------------------------------+"         echo "| For more information please visit http://www.zhanghaijun.com/post/975/"         echo "+----------------------------------------------------------------------------------------------------------------------------+"     else         echo -e "\033[31m Proftpd install failed! \033[0m"     fi } Uninstall_Proftpd() {     if [ ! -f $installdir/sbin/proftpd ]; then         echo -e "\033[31m Proftpd was not installed! \033[0m"         exit 1     fi     echo "Stop proftpd..."     /etc/init.d/proftpd stop     echo "Remove service..."     rm -f /etc/init.d/proftpd     echo "Delete files..."     rm -rf ${installdir}     rm -rf /bin/ftpasswd     /sbin/iptables -D INPUT -p tcp --dport 21 -j ACCEPT     /sbin/iptables -D INPUT -p tcp --dport 50000:53000 -j ACCEPT     service iptables save     echo "Proftpd uninstall completed." } action=$1 [ -z $1 ] && action=install case "$action" in install)     Install_Proftpd 2>&1 | tee /root/proftpd-install.log     ;; uninstall)     Uninstall_Proftpd     ;; *)     echo -e "\033[31m error! [${action}] \033[0m"     echo -e "\033[32m Usage: `basename $0` {install|uninstall} \033[0m"     ;; esac

#!/bin/bash # # chkconfig: 2345 85 15 # description: ProFTPd is an FTP server # processname: proftpd # Author:   jingyihome # E-mail:   webmaster@zhanghaijun.com # Website:  https://www.zhanghaijun.com # ProFTPd Settings PROFTPD="/usr/local/ftp/proftpd/sbin/proftpd" PROCONF="/usr/local/ftp/proftpd/etc/proftpd.conf" PROPID="/usr/local/ftp/proftpd/var/proftpd.pid" RETVAL=0 prog="ProFTPd" start() {     echo -n $"Starting $prog... "     $PROFTPD -c $PROCONF     if [ "$?" = 0 ] ; then         echo " done"     else         echo " failed"     fi } stop() {     echo -n $"Stopping $prog...  "     if [ ! -e $PROPID ]; then         echo -n $"$prog is not running."         exit 1     fi     kill `cat $PROPID`     if [ "$?" = 0 ] ; then         echo " done"     else         echo " failed"     fi } restart(){     echo $"Restarting $prog..."     $0 stop     sleep 2     $0 start } status(){     if [ -e $PROPID ]; then         echo $"$prog is running."     else         echo $"$prog is not running."     fi } case "$1" in     start)         start         ;;     stop)         stop         ;;     restart)         restart         ;;     status)         status         ;;   *)         echo $"Usage: $0 {start|stop|restart|status}" esac

Nginx支持单IP多域名SSL证书需要OpenSSL支持，由于CentOS5.X系统自带的OpenSSL版本太低不支持，所以首先需要编译安装一个高版本的openssl，CentOS 6.X的系统自带的openssl版本大于0.98以上，一般编译好的nginx都是支持的。

检查nginx是否支持TLS SNI support：
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.2
TLS SNI support disabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

TLS SNI support disabled 这样是不支持的。

查看openssl的版本：
[root@localhost ~]# openssl version -a OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 built on: Tue May 31 06:58:30 CDT 2016 platform: linux-x86_64 options:  bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(ptr2) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM OPENSSLDIR: "/etc/pki/tls" engines:  dynamic

下面开始升级openssl：
wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
tar xzvf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config --prefix=/usr/local/openssl/ enable-shared enable-tlsext
make && make install

检查openssl的版本：
[root@localhost ~]# /usr/local/openssl/bin/openssl version -a OpenSSL 1.0.2h  21 Dec 2016 built on: reproducible build, date unspecified platform: linux-x86_64 options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/usr/local/openssl/ssl"

编译nginx：
wget http://nginx.org/download/nginx-1.10.2.tar.gz tar xzvf nginx-1.10.2.tar.gz cd nginx-1.10.2/ ./configure --user=www --group=www --prefix=/usr/local/nginx --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module make && make install

检查现在是否支持TLS SNI support：
[root@localhost ~]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.10.2 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-55) built with OpenSSL 1.0.2h  21 Dec 2016 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-openssl=/usr/local/openssl --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module

TLS SNI support enabled 现在已经支持了，再添加几个https的站点都正常了。

软件版本：OpenSSL 1.0.2h  nginx/1.10.2
错误信息：

其实/usr/local/openssl/目录下面根本没有.openssl这个目录，找不到相关文件肯定会报错的了。
解决方法也很简单：

把31行到34行中的.openssl删除

保存之后，再make就编译通过了。

错误发生在内部测试使用的ESXI主机上的虚拟机，因为之前的ESXI主机raid卡和温度传感器报错，机器不能正常启动，所以就把磁盘换到另一台配置一样的机器上，启动之后ubuntu、freebsd、debian8、solaris、centos7虚拟机都连接正常，唯独两台CentOS 6.8系统的虚拟机不能连接，于是使用VMware vSphere Client连接ESXI打开控制台登录系统，执行ifconfig发现只剩下：


执行 /etc/init.d/network restart

执行 ifconfig -a 发现没有eth0，却有一个eth1，原来是mac地址变化了，知道是什么问题就好办了，不重启机器你可以把eth1的mac地址记下，cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 然后把里面的eth0改为eth1，HWADDR改为eth1的mac地址，然后service network restart或ifup eth1 就可以了。

如果你的机器可以重启，可以使用以下方法：
vi /etc/sysconfig/network-scripts/ifcfg-eth0 把里面的HWADDR改为eth1的mac地址之后保存。
vi /etc/udev/rules.d/70-persistent-net.rules 你会发现有两行配置，把eth0的那一行删除，把eth1改为eth0之后保存，类似于下面这样：


使用第二种方法的可以把/etc/sysconfig/network-scripts/ifcfg-eth1删了，或者设置为开机不启动，然后执行init 6 或者reboot重新启动虚拟机，虚拟机重新启动之后网络正常了。