May
17
[AutoAPM作者:张宴 版本:v1.0.5 最后修改:2007.02.19 转载请注明出处:http://blog.s135.com]
因工作需要,编写了一个在Linux操作系统下自动从源码包编译安装Apache2.0.59、PHP5.2.1(支持freetype、libpng、jpegsrc、gd、libxml扩展)、MySQL5.0.33、ZendOptimizer3.2.2的bash脚本——AutoAPM,源代码完全公开,可根据自己的需要修改(命令行下tar zxvf autoapm-1.0.4.tar.gz解压缩后,vi autoapm即可)。
脚本前列的基本配置信息说明:
#---------------------config start-------------------------
mysql_tar_gz_name="mysql-5.0.33.tar.gz"
#MySQL的源码压缩包
mysql_source_dir_name="mysql-5.0.33"
#tar zxvf解压MySQL源码压缩包后的默认目录名
mysql_download_url="http://www.vista.ac.cn/autoapm/src/1.0.5/mysql-5.0.33.tar.gz"
#MySQL源码压缩包的下载网址
#---------------------config end---------------------------
使用说明:
在Linux字符界面中用wget http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz下载autoapm压缩包,然后用tar zxvf autoapm-1.0.4.tar.gz解压,最后输入./autoapm执行即可。
接下来会提示要您选择源码包来源,如果当前目录中有相应的源码包,可选择Current directory.,如果没有,可选择Download from Internet.,脚本会根据配置信息中的下载地址自动下载源码包并编译安装。编译安装的时间需要20至50分钟。
脚本源码:http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.src.txt
下载地址:http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz
AutoAPM 1.0.5 for Linux Written by Zhang Yan, SINA Corp., Beijing, China
A tool to auto-compile & install Apache, PHP, MySQL on Linux from sources
For more information please visit http://autoapm.vista.ac.cn
Usage:
[root@sina var]# wget http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz
[root@sina var]# tar zxvf autoapm-1.0.5.tar.gz
[root@sina var]# ./autoapm
The path of some dirs (If install to /opt/sina):
Apache dir: /opt/sina/apache/
Webpages dir: /opt/sina/apache/htdocs/
MySQL dir: /opt/sina/mysql/
PHP dir: /opt/sina/php/
The path of some files (If install to /opt/sina):
apachectl: /opt/sina/apache/bin/apachectl
httpd.conf: /opt/sina/apache/conf/httpd.conf
mysql: /opt/sina/mysql/bin/mysql
my.cnf: /etc/my.cnf
php: /opt/sina/php/php
php.ini: /opt/sina/php/etc/php.ini (Before install ZendOptimizer?)
php.ini: /opt/sina/zend/etc/php.ini (After install ZendOptimizer?)
Restart Apache: service httpd restart
Restart MySQL: service mysql restart
更新记录:
2007.01.19 AutoAPM v1.0.5 修正了源码包下载链接
2007.01.15 AutoAPM v1.0.4 第一个公开版本
因工作需要,编写了一个在Linux操作系统下自动从源码包编译安装Apache2.0.59、PHP5.2.1(支持freetype、libpng、jpegsrc、gd、libxml扩展)、MySQL5.0.33、ZendOptimizer3.2.2的bash脚本——AutoAPM,源代码完全公开,可根据自己的需要修改(命令行下tar zxvf autoapm-1.0.4.tar.gz解压缩后,vi autoapm即可)。
脚本前列的基本配置信息说明:
#---------------------config start-------------------------
mysql_tar_gz_name="mysql-5.0.33.tar.gz"
#MySQL的源码压缩包
mysql_source_dir_name="mysql-5.0.33"
#tar zxvf解压MySQL源码压缩包后的默认目录名
mysql_download_url="http://www.vista.ac.cn/autoapm/src/1.0.5/mysql-5.0.33.tar.gz"
#MySQL源码压缩包的下载网址
#---------------------config end---------------------------
使用说明:
在Linux字符界面中用wget http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz下载autoapm压缩包,然后用tar zxvf autoapm-1.0.4.tar.gz解压,最后输入./autoapm执行即可。
接下来会提示要您选择源码包来源,如果当前目录中有相应的源码包,可选择Current directory.,如果没有,可选择Download from Internet.,脚本会根据配置信息中的下载地址自动下载源码包并编译安装。编译安装的时间需要20至50分钟。
脚本源码:http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.src.txt
下载地址:http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz
AutoAPM 1.0.5 for Linux Written by Zhang Yan, SINA Corp., Beijing, China
A tool to auto-compile & install Apache, PHP, MySQL on Linux from sources
For more information please visit http://autoapm.vista.ac.cn
Usage:
[root@sina var]# wget http://www.vista.ac.cn/autoapm/down/autoapm-1.0.5.tar.gz
[root@sina var]# tar zxvf autoapm-1.0.5.tar.gz
[root@sina var]# ./autoapm
The path of some dirs (If install to /opt/sina):
Apache dir: /opt/sina/apache/
Webpages dir: /opt/sina/apache/htdocs/
MySQL dir: /opt/sina/mysql/
PHP dir: /opt/sina/php/
The path of some files (If install to /opt/sina):
apachectl: /opt/sina/apache/bin/apachectl
httpd.conf: /opt/sina/apache/conf/httpd.conf
mysql: /opt/sina/mysql/bin/mysql
my.cnf: /etc/my.cnf
php: /opt/sina/php/php
php.ini: /opt/sina/php/etc/php.ini (Before install ZendOptimizer?)
php.ini: /opt/sina/zend/etc/php.ini (After install ZendOptimizer?)
Restart Apache: service httpd restart
Restart MySQL: service mysql restart
更新记录:
2007.01.19 AutoAPM v1.0.5 修正了源码包下载链接
2007.01.15 AutoAPM v1.0.4 第一个公开版本
May
17
操作系统:Linux
一、安装eaccelerator-0.9.5(同时支持ZendOptimizer-3.2.2)
1、首先安装ZendOptimizer-3.2.2
# wget http://www.vista.ac.cn/linux/down/ZendOptimizer/ZendOptimizer-3.2.2-linux-glibc21-i386.tar.gz
# tar zxvf ZendOptimizer-3.2.2-linux-glibc21-i386.tar.gz
# cd ZendOptimizer-3.2.2-linux-glibc21-i386
# ./install.sh
在Please specify the location for installing ZendOptimizer:提示后输入ZendOptimizer安装路径,例如/data/webserver/zend
在Confirm the location of your php.ini file:提示后输入php.ini文件所在目录,例如/data/webserver/php/etc
在Specify the full path to the Apache control utility (apachectl):提示输入apachectl绝对路径,例如/data/webserver/apache/bin/apachectl
2、再安装eaccelerator-0.9.5加速软件
# wget http://www.vista.ac.cn/linux/down/eaccelerator/eaccelerator-0.9.5.tar.bz2
# tar jxvf eaccelerator-0.9.5.tar.bz2
# cd eaccelerator-0.9.5
指定php所在路径:
# export PHP_PREFIX="/data/webserver/php"
# $PHP_PREFIX/bin/phpize
# ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
# make
# make install
这时会将eaccelerator安装到php目录中,屏幕会显示eaccelerator.so所在路径,例如:
Installing shared extensions: /data/webserver/php/lib/php/extensions/no-debug-zts-20060613/
记住这个路径。
eaccelerator即可以安装为PHP扩展,也可以安装为zend扩展,以下安装为PHP扩展。
如果存在/etc/php.d目录,需要拷贝eaccelerator.ini到该目录下,然后修改缺省值。如果不存在,修改php.ini,在[zend]之前加入以下内容(注:必须放在[zend]之前):
[eaccelerator]
extension="/data/webserver/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/data/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
建立缓存目录:
# mkdir -p /data/cache/eaccelerator
# chmod 0777 /data/cache/eaccelerator
重启Apache:
# service httpd restart
3、检查ZendOptimizer和eaccelerator是否安装成功
创建一个phpinfo.php文件,内容如下:
phpinfo();
?>
将该文件放置到网站目录,在浏览器中访问,如果出现以下内容则安装成功:
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with eAccelerator v0.9.5, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with Zend Extension Manager v1.0.11, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies
二、eaccelerator配置信息详解(根据官方英文说明翻译)
extension="/data/webserver/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so"
解释:PHP扩展eaccelerator.so的路径。
--------------------
eaccelerator.shm_size="32"
解释:eaccelerator可使用的共享内存大小(单位为MB)。
在Linux下,单个进程的最大内存使用量受/proc/sys/kernel/shmmax中设置的数字限制(单位为字节),例如CentOS 4.4的shmmax默认值为33554432字节(33554432bytes/1024/1024=32MB)。
临时更改该值:
# echo 字节数 > /proc/sys/kernel/shmmax
按照以上方法更改,在每次重启系统时,该值会被自动还原。如果想永久更改,可以修改/etc/sysctl.conf文件,设置:
kernel.shmmax = 字节数
--------------------
eaccelerator.cache_dir="/data/cache/eaccelerator"
解释:缓存路径,可以使用命令mkdir -p /data/cache/eaccelerator创建该目录,然后使用命令chmod 0777 /data/cache/eaccelerator设置该目录权限为0777
--------------------
eaccelerator.enable="1"
解释:打开或者关闭eaccelerator。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.optimizer="1"
解释:打开或者关闭代码优化,开启可以加快代码的执行速度。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.check_mtime="1"
解释:当打开此项时,eaccelerator会在每次请求时检查php文件的修改时间,看其是否被修改过,这会耗费一点时间,如果php文件被修改过,eaccelerator会重新编译缓存该php文件。当关闭此项时,如果php文件被修改,则需要手工删除eaccelerator缓存,才能显示被修改的php文件。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.debug="0"
解释:打开或者关闭调试记录。当打开时,eaccelerator会将对一个缓存文件的每次请求都写进log。打开此项只对调试eaccelerator是否有BUG时有益处。"1"指打开,"0"指关闭。默认值为"0"。
--------------------
eaccelerator.filter=""
解释:决定哪些PHP文件应该被缓存。可以指定一个范围(比如"*.php *.phtml"),这样被指定的文件就会被缓存。如果该范围以!开头,被指定的文件就不会被缓存。默认值为"",表示缓存所有的PHP文件。
--------------------
eaccelerator.shm_max="0"
解释:一个用户使用例如eaccelerator_put之类的函数能够往共享内存中加载的最大数据。默认值为"0",表示不限制。(单位为字节)
--------------------
eaccelerator.shm_ttl="0"
解释:当没有足够的空闲共享内存去尝试缓冲一个新脚本时,将删除至少在shm_ttl秒之前没有被访问过的文件。默认值为"0",表示不尝试从共享内存中删除任何旧的脚本。(单位为秒)
--------------------
eaccelerator.shm_prune_period="0"
解释:当没有足够的空闲共享内存去尝试缓冲一个新脚本时,将删所有旧脚本,前提是这个尝试在超过shm_prune_period秒之前被执行过。默认值为"0",表示不尝试从共享内存中删除任何旧的脚本。(单位为秒)
--------------------
eaccelerator.shm_only="0"
解释:打开或者关闭在磁盘上缓存编译过的脚本。这个参数对会话数据和内容缓存没有效果。默认值为"0",表示使用磁盘和共享内存来缓存。
--------------------
eaccelerator.compress="1"
解释:打开或者关闭缓存内容压缩。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.compress_level="9"
解释:内存压缩的级别。默认值为"9",表示最大压缩。
参考资料:
1、Installing from source (http://www.eaccelerator.net/wiki/InstallFromSource)
2、eAccelerator settings (http://www.eaccelerator.net/wiki/Settings)
一、安装eaccelerator-0.9.5(同时支持ZendOptimizer-3.2.2)
1、首先安装ZendOptimizer-3.2.2
# wget http://www.vista.ac.cn/linux/down/ZendOptimizer/ZendOptimizer-3.2.2-linux-glibc21-i386.tar.gz
# tar zxvf ZendOptimizer-3.2.2-linux-glibc21-i386.tar.gz
# cd ZendOptimizer-3.2.2-linux-glibc21-i386
# ./install.sh
在Please specify the location for installing ZendOptimizer:提示后输入ZendOptimizer安装路径,例如/data/webserver/zend
在Confirm the location of your php.ini file:提示后输入php.ini文件所在目录,例如/data/webserver/php/etc
在Specify the full path to the Apache control utility (apachectl):提示输入apachectl绝对路径,例如/data/webserver/apache/bin/apachectl
2、再安装eaccelerator-0.9.5加速软件
# wget http://www.vista.ac.cn/linux/down/eaccelerator/eaccelerator-0.9.5.tar.bz2
# tar jxvf eaccelerator-0.9.5.tar.bz2
# cd eaccelerator-0.9.5
指定php所在路径:
# export PHP_PREFIX="/data/webserver/php"
# $PHP_PREFIX/bin/phpize
# ./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
# make
# make install
这时会将eaccelerator安装到php目录中,屏幕会显示eaccelerator.so所在路径,例如:
Installing shared extensions: /data/webserver/php/lib/php/extensions/no-debug-zts-20060613/
记住这个路径。
eaccelerator即可以安装为PHP扩展,也可以安装为zend扩展,以下安装为PHP扩展。
如果存在/etc/php.d目录,需要拷贝eaccelerator.ini到该目录下,然后修改缺省值。如果不存在,修改php.ini,在[zend]之前加入以下内容(注:必须放在[zend]之前):
[eaccelerator]
extension="/data/webserver/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/data/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
建立缓存目录:
# mkdir -p /data/cache/eaccelerator
# chmod 0777 /data/cache/eaccelerator
重启Apache:
# service httpd restart
3、检查ZendOptimizer和eaccelerator是否安装成功
创建一个phpinfo.php文件,内容如下:
phpinfo();
?>
将该文件放置到网站目录,在浏览器中访问,如果出现以下内容则安装成功:
This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with eAccelerator v0.9.5, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with Zend Extension Manager v1.0.11, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies
二、eaccelerator配置信息详解(根据官方英文说明翻译)
extension="/data/webserver/php/lib/php/extensions/no-debug-zts-20060613/eaccelerator.so"
解释:PHP扩展eaccelerator.so的路径。
--------------------
eaccelerator.shm_size="32"
解释:eaccelerator可使用的共享内存大小(单位为MB)。
在Linux下,单个进程的最大内存使用量受/proc/sys/kernel/shmmax中设置的数字限制(单位为字节),例如CentOS 4.4的shmmax默认值为33554432字节(33554432bytes/1024/1024=32MB)。
临时更改该值:
# echo 字节数 > /proc/sys/kernel/shmmax
按照以上方法更改,在每次重启系统时,该值会被自动还原。如果想永久更改,可以修改/etc/sysctl.conf文件,设置:
kernel.shmmax = 字节数
--------------------
eaccelerator.cache_dir="/data/cache/eaccelerator"
解释:缓存路径,可以使用命令mkdir -p /data/cache/eaccelerator创建该目录,然后使用命令chmod 0777 /data/cache/eaccelerator设置该目录权限为0777
--------------------
eaccelerator.enable="1"
解释:打开或者关闭eaccelerator。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.optimizer="1"
解释:打开或者关闭代码优化,开启可以加快代码的执行速度。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.check_mtime="1"
解释:当打开此项时,eaccelerator会在每次请求时检查php文件的修改时间,看其是否被修改过,这会耗费一点时间,如果php文件被修改过,eaccelerator会重新编译缓存该php文件。当关闭此项时,如果php文件被修改,则需要手工删除eaccelerator缓存,才能显示被修改的php文件。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.debug="0"
解释:打开或者关闭调试记录。当打开时,eaccelerator会将对一个缓存文件的每次请求都写进log。打开此项只对调试eaccelerator是否有BUG时有益处。"1"指打开,"0"指关闭。默认值为"0"。
--------------------
eaccelerator.filter=""
解释:决定哪些PHP文件应该被缓存。可以指定一个范围(比如"*.php *.phtml"),这样被指定的文件就会被缓存。如果该范围以!开头,被指定的文件就不会被缓存。默认值为"",表示缓存所有的PHP文件。
--------------------
eaccelerator.shm_max="0"
解释:一个用户使用例如eaccelerator_put之类的函数能够往共享内存中加载的最大数据。默认值为"0",表示不限制。(单位为字节)
--------------------
eaccelerator.shm_ttl="0"
解释:当没有足够的空闲共享内存去尝试缓冲一个新脚本时,将删除至少在shm_ttl秒之前没有被访问过的文件。默认值为"0",表示不尝试从共享内存中删除任何旧的脚本。(单位为秒)
--------------------
eaccelerator.shm_prune_period="0"
解释:当没有足够的空闲共享内存去尝试缓冲一个新脚本时,将删所有旧脚本,前提是这个尝试在超过shm_prune_period秒之前被执行过。默认值为"0",表示不尝试从共享内存中删除任何旧的脚本。(单位为秒)
--------------------
eaccelerator.shm_only="0"
解释:打开或者关闭在磁盘上缓存编译过的脚本。这个参数对会话数据和内容缓存没有效果。默认值为"0",表示使用磁盘和共享内存来缓存。
--------------------
eaccelerator.compress="1"
解释:打开或者关闭缓存内容压缩。"1"指打开,"0"指关闭。默认值为"1"。
--------------------
eaccelerator.compress_level="9"
解释:内存压缩的级别。默认值为"9",表示最大压缩。
参考资料:
1、Installing from source (http://www.eaccelerator.net/wiki/InstallFromSource)
2、eAccelerator settings (http://www.eaccelerator.net/wiki/Settings)
May
17
今天有机会去了趟中国网通北京西单机房,也终于见识了价值50~100万人民币的“F5 BIG-IP 负载均衡交换机”,以下是我对F5 BIG-IP的一些认识:
1、F5 BIG-IP是一台对流量和内容进行管理分配的设备,它提供12种灵活的算法将所有流量均衡的分配到各个服务器,而面对用户,只是一台虚拟服务器。
2、F5 BIG-IP可以确认应用程序能否对请求返回对应的数据。假如F5 BIG-IP后面的某一台服务器发生服务停止、死机等故障,F5会检查出来并将该服务器标识为宕机,从而不将用户的访问请求传送到该台发生故障的服务器上。这样,只要其它的服务器正常,用户的访问就不会受到影响。宕机一旦修复,F5 BIG-IP就会自动查证应用已能对客户请求作出正确响应并恢复向该服务器传送。
3、F5 BIG-IP通过OneConnection连接优化技术,卸载服务器端的处理压力,提升服务器处理性能。
4、F5 BIG-IP通过流量整形和Qos机制区分和保证重要应用的带宽和服务等级。
F5性能不错,但价格也不低,低成本实现网站负载均衡的方法之一是:DNS轮循。相比于F5 BIG-IP负载均衡交换机,DNS轮循的处理性能要低,而且负载并不很均衡。如果有服务器倒掉,DNS不能马上将该服务器从列表中摘除。搜狐目前使用的是DNS轮循技术,“nslookup www.sohu.com”可以发现有以下IP:61.135.179.130, 61.135.179.132, 61.135.179.147, 61.135.179.148, 61.135.179.152, 61.135.179.153, 61.135.179.170, 61.135.179.171, 61.135.179.172, 61.135.179.173, 61.135.179.174, 61.135.179.175, 61.135.179.176, 61.135.150.63, 61.135.150.114。随便访问其中的一个IP地址可知,这些服务器都是squid/2.5.STABLE14软件实现的反向代理服务器。
1、F5 BIG-IP是一台对流量和内容进行管理分配的设备,它提供12种灵活的算法将所有流量均衡的分配到各个服务器,而面对用户,只是一台虚拟服务器。
2、F5 BIG-IP可以确认应用程序能否对请求返回对应的数据。假如F5 BIG-IP后面的某一台服务器发生服务停止、死机等故障,F5会检查出来并将该服务器标识为宕机,从而不将用户的访问请求传送到该台发生故障的服务器上。这样,只要其它的服务器正常,用户的访问就不会受到影响。宕机一旦修复,F5 BIG-IP就会自动查证应用已能对客户请求作出正确响应并恢复向该服务器传送。
3、F5 BIG-IP通过OneConnection连接优化技术,卸载服务器端的处理压力,提升服务器处理性能。
4、F5 BIG-IP通过流量整形和Qos机制区分和保证重要应用的带宽和服务等级。
F5性能不错,但价格也不低,低成本实现网站负载均衡的方法之一是:DNS轮循。相比于F5 BIG-IP负载均衡交换机,DNS轮循的处理性能要低,而且负载并不很均衡。如果有服务器倒掉,DNS不能马上将该服务器从列表中摘除。搜狐目前使用的是DNS轮循技术,“nslookup www.sohu.com”可以发现有以下IP:61.135.179.130, 61.135.179.132, 61.135.179.147, 61.135.179.148, 61.135.179.152, 61.135.179.153, 61.135.179.170, 61.135.179.171, 61.135.179.172, 61.135.179.173, 61.135.179.174, 61.135.179.175, 61.135.179.176, 61.135.150.63, 61.135.150.114。随便访问其中的一个IP地址可知,这些服务器都是squid/2.5.STABLE14软件实现的反向代理服务器。
May
17
1、事先安装好Apache
2、安装awstats的命令(将awstats安装在/opt/awstats目录)
mkdir -p /var/lib/awstats
cd /opt
wget http://www.awstats.cn/files/awstats-6.6.tar.gz
tar zxvf awstats-6.6.tar.gz
mv awstats-6.6 awstats
cd awstats/tools/
perl awstats_configure.pl
3、Perl脚本awstats_configure.pl安装过程(以下内容引用AWStats英文使用说明)
(1)
-----> Running OS detected: Linux, BSD or Unix
Warning: AWStats standard directory on Linux OS is '/usr/local/awstats'.
If you want to use standard directory, you should first move all content
of AWStats distribution from current directory:
/opt/awstats
to standard directory:
/usr/local/awstats
And then, run configure.pl from this location.
Do you want to continue setup from this NON standard directory [yN] ?
这时选择y回车。
(2)
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
第一次使用请输入Apache的httpd.conf路径,例如/opt/sina/apache/conf/httpd.conf
以后如果再使用perl awstats_configure.pl生成配置文件,则可以输入none跳过。
(3)
-----> Check and complete web server config file '/opt/sina/apache/conf/httpd.conf'
Warning: You Apache config file contains directives to write 'common' log files
This means that some features can't work (os, browsers and keywords detection).
Do you want me to setup Apache to write 'combined' log files [y/N] ?
选择y,将日志记录方式由CustomLog /yourlogpath/yourlogfile common改为更详细的CustomLog /yourlogpath/yourlogfile combined
(4)
-----> Update model config file '/opt/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?
创建一个新的配置文件,选择y
(5)
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>
输入站点名称,例如sina
(6)
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
输入AWStats配置文件存放路径,一般直接回车则使用默认路径/etc/awstats
(7)
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/opt/awstats/wwwroot/cgi-bin/awstats.pl -update -config=sina
Or if you have several config files and prefer having only one command:
/opt/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
按回车键继续
(8)
A SIMPLE config file has been created: /opt/awstats/etc/awstats.sina.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'sina' with command:
> perl awstats.pl -update -config=sina
You can also read your statistics for 'sina' with URL:
> http://localhost/awstats/awstats.pl?config=sina
Press ENTER to finish...
按回车键结束
4、修改awstats.sina.conf配置
vi /etc/awstats/awstats.sina.conf
按?,在之后输入要搜索的内容LogFile="
然后按Ins键,找到LogFile="/var/log/httpd/access_log"
改为要分析的Apache日志路径与文件名。
(1)多日志合并分析(例:新浪播客其中两台服务器2月6日的日志30.0206.vblog.log与31.0206.vblog.log)
LogFile="/opt/awstats/tools/logresolvemerge.pl /var/apachelogs/30.0206.vblog.log /var/apachelogs/31.0206.vblog.log|"
或
LogFile="/opt/awstats/tools/logresolvemerge.pl /var/apachelogs/*.0206.vblog.log|"
(2)分析使用gzip压缩过的日志文件
LogFile="gzip -d
5、更新分析报告
perl /opt/awstats/wwwroot/cgi-bin/awstats.pl -config=sina -update
如果出现以下错误提示,很大可能是Apache的Log文件中存在以前CustomLog /yourlogpath/yourlogfile common生成的日志,删除掉这些行的日志即可:
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 "http://www.fromserver.com/from.htm" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
6、查看分析报告
http://localhost/awstats/awstats.pl?config=sina
这里的sina对应/etc/awstats/awstats.sina.conf中的sina
附:
(1)参考资料:AWStats logfile analyzer 6.6 Documentation -- AWStats Installation, Configuration and Reporting (http://www.awstats.cn/docs/awstats_setup.html)
(2)测试环境:在DELL PowerEdge 2950 服务器+CentOS 4.4 Linux操作系统+Apache 2.0.59下测试通过。
2、安装awstats的命令(将awstats安装在/opt/awstats目录)
mkdir -p /var/lib/awstats
cd /opt
wget http://www.awstats.cn/files/awstats-6.6.tar.gz
tar zxvf awstats-6.6.tar.gz
mv awstats-6.6 awstats
cd awstats/tools/
perl awstats_configure.pl
3、Perl脚本awstats_configure.pl安装过程(以下内容引用AWStats英文使用说明)
(1)
-----> Running OS detected: Linux, BSD or Unix
Warning: AWStats standard directory on Linux OS is '/usr/local/awstats'.
If you want to use standard directory, you should first move all content
of AWStats distribution from current directory:
/opt/awstats
to standard directory:
/usr/local/awstats
And then, run configure.pl from this location.
Do you want to continue setup from this NON standard directory [yN] ?
这时选择y回车。
(2)
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
第一次使用请输入Apache的httpd.conf路径,例如/opt/sina/apache/conf/httpd.conf
以后如果再使用perl awstats_configure.pl生成配置文件,则可以输入none跳过。
(3)
-----> Check and complete web server config file '/opt/sina/apache/conf/httpd.conf'
Warning: You Apache config file contains directives to write 'common' log files
This means that some features can't work (os, browsers and keywords detection).
Do you want me to setup Apache to write 'combined' log files [y/N] ?
选择y,将日志记录方式由CustomLog /yourlogpath/yourlogfile common改为更详细的CustomLog /yourlogpath/yourlogfile combined
(4)
-----> Update model config file '/opt/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?
创建一个新的配置文件,选择y
(5)
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>
输入站点名称,例如sina
(6)
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
输入AWStats配置文件存放路径,一般直接回车则使用默认路径/etc/awstats
(7)
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/opt/awstats/wwwroot/cgi-bin/awstats.pl -update -config=sina
Or if you have several config files and prefer having only one command:
/opt/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
按回车键继续
(8)
A SIMPLE config file has been created: /opt/awstats/etc/awstats.sina.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'sina' with command:
> perl awstats.pl -update -config=sina
You can also read your statistics for 'sina' with URL:
> http://localhost/awstats/awstats.pl?config=sina
Press ENTER to finish...
按回车键结束
4、修改awstats.sina.conf配置
vi /etc/awstats/awstats.sina.conf
按?,在之后输入要搜索的内容LogFile="
然后按Ins键,找到LogFile="/var/log/httpd/access_log"
改为要分析的Apache日志路径与文件名。
(1)多日志合并分析(例:新浪播客其中两台服务器2月6日的日志30.0206.vblog.log与31.0206.vblog.log)
LogFile="/opt/awstats/tools/logresolvemerge.pl /var/apachelogs/30.0206.vblog.log /var/apachelogs/31.0206.vblog.log|"
或
LogFile="/opt/awstats/tools/logresolvemerge.pl /var/apachelogs/*.0206.vblog.log|"
(2)分析使用gzip压缩过的日志文件
LogFile="gzip -d
5、更新分析报告
perl /opt/awstats/wwwroot/cgi-bin/awstats.pl -config=sina -update
如果出现以下错误提示,很大可能是Apache的Log文件中存在以前CustomLog /yourlogpath/yourlogfile common生成的日志,删除掉这些行的日志即可:
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 "http://www.fromserver.com/from.htm" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
6、查看分析报告
http://localhost/awstats/awstats.pl?config=sina
这里的sina对应/etc/awstats/awstats.sina.conf中的sina
附:
(1)参考资料:AWStats logfile analyzer 6.6 Documentation -- AWStats Installation, Configuration and Reporting (http://www.awstats.cn/docs/awstats_setup.html)
(2)测试环境:在DELL PowerEdge 2950 服务器+CentOS 4.4 Linux操作系统+Apache 2.0.59下测试通过。
May
17
需要的软件包:
1、安装加密软件包
[root@localhost ~]#rpm -ivh lzo-2.02-3.el5.kb.i386.rpm
2、安装openvpn
[root@localhost ~]#rpm -ivh openvpn-2.1-0.20.rc4.el5.kb.i386.rpm
3、复制生成证书密钥的文件夹
[root@localhost ~]#cp -r /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/
4、复制范例的配制文件
[root@localhost ~]#cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn/
5、生成证书key
(1)初始化PKI
[root@localhost ~]# cd /etc/openvpn/2.0/
[root@localhost 2.0]# vi vars
修改正在面几项
export KEY_COUNTRY=”CN”(注:国家)
export KEY_PROVINCE=”SX”(注:省份)
export KEY_CITY=”XA”(注:城市)
export KEY_ORG=”VPN-TEST”(注:公司名称)
export KEY_EMAIL=”[email protected]”(注:电子邮件)
[root@localhost 2.0]#env |grep KEY(先查看一下,看到是没有)
[root@localhost 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/2.0/keys
(注:如果你已经运行了./clean-all,就运行rm -rf /etc/openvpn/2.0/keys 删除)
[root@localhost 2.0]# env |grep KEY
KEY_EXPIRE=3650
[email protected]
KEY_SIZE=1024
KEY_DIR=/etc/openvpn/2.0/keys
KEY_CITY=XA
KEY_PROVINCE=SX
KEY_ORG=VPN-TEST
KEY_CONFIG=/etc/openvpn/2.0/openssl.cnf
KEY_COUNTRY=CN
[root@localhost 2.0]#
[root@localhost 2.0]# ./clean-all (这时会在当前目录生成一个keys的目录)
生成ca文件
[root@localhost 2.0]# ./build-ca
Generating a 1024 bit RSA private key
….++++++
..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [VPN-TEST CA]:server(注意一定要添server)
Email Address [[email protected]]:
[root@localhost 2.0]# ls keys/ (可以看到keys下生成了ca.crt ca.key 两个文件)
(2)生成server key
[root@localhost 2.0]# ./build-key-server server
Generating a 1024 bit RSA private key
………..++++++
…………………………………………………++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [server]:server
Email Address [[email protected]]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:boobooke(注:密码一定要添)
An optional company name []:
Using configuration from /etc/openvpn/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’SX’
localityName :PRINTABLE:’XA’
organizationName :PRINTABLE:’VPN-TEST’
organizationalUnitName:PRINTABLE:’vpn’
commonName :PRINTABLE:’server’
emailAddress :IA5STRING:’[email protected]’
Certificate is to be certified until Dec 31 13:40:06 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost 2.0]#
[root@localhost 2.0]# ls keys/ (可以看到生成了server.crt server.csr server.key)
(3)生成客户端 key
[root@localhost 2.0]# ./build-key client1
Generating a 1024 bit RSA private key
……………………………..++++++
…..++++++
writing new private key to ‘client1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [client1]:
Email Address [[email protected]]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:boobooke
An optional company name []:
Using configuration from /etc/openvpn/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’SX’
localityName :PRINTABLE:’XA’
organizationName :PRINTABLE:’VPN-TEST’
organizationalUnitName:PRINTABLE:’vpn’
commonName :PRINTABLE:’client1′
emailAddress :IA5STRING:’[email protected]’
Certificate is to be certified until Dec 31 13:43:36 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
以上选项要和那个server的保持一致。
[root@localhost 2.0]# ls keys/ (可以看到生成了 client1.crt client1.key client1.csr )
生成Diffie Hellman
[root@localhost 2.0]# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
………………………………………………………………………………………………………………………………………………+……………………………………………+……………………………………+………………………………………………………+……..+………………………….+………………………………………….+…………………………………………………..
………………………………………+………………………………………………………………..+……………………………………………………………………………………………….+……………………….+……………+……………………………………………..+…………………..+……….+……….+.+………..+…………………………………..+………+…………………………………+…………………………………………+…………………….+…………………….+……………………………………………………………….+…………………………………+…..+……………………………………….+……………………+………………………………………….++*++*++*
[root@localhost 2.0]#
创建服务端配置文件
将keys下的 ca.crt server.crt server.key dh1024.pem 拷贝到/etc/openvpn下。
配制/etc/openvpn/server.conf
[root@localhost openvpn]# vi server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
push “dhcp-option DNS “202.98.5.68″
“server.conf” 16L, 249C written
[root@localhost openvpn]#
启动服务
[root@localhost openvpn]# service openvpn restart
服务启动后用ifconfig查看 可以看到有一个新的接口tun0
[root@localhost openvpn]# ifconfig
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2804 (2.7 KiB) TX bytes:18332 (17.9 KiB)
Windows上的客户端的设置
安装openvpn软件
copy 服务器上的/etc/openvpn/2.0/keys/下的ca.crt ca.key client1.crt client1.csr client1.key 到C:\Program Files\OpenVPN\config下
copy C:\Program Files\OpenVPN\sample-config\client.ovpn 到C:\Program Files\OpenVPN\config下
使用记事本编辑client.ovpn
client
dev tun
proto udp
remote 222.161.0.93 1194
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
1、安装加密软件包
[root@localhost ~]#rpm -ivh lzo-2.02-3.el5.kb.i386.rpm
2、安装openvpn
[root@localhost ~]#rpm -ivh openvpn-2.1-0.20.rc4.el5.kb.i386.rpm
3、复制生成证书密钥的文件夹
[root@localhost ~]#cp -r /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/
4、复制范例的配制文件
[root@localhost ~]#cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn/
5、生成证书key
(1)初始化PKI
[root@localhost ~]# cd /etc/openvpn/2.0/
[root@localhost 2.0]# vi vars
修改正在面几项
export KEY_COUNTRY=”CN”(注:国家)
export KEY_PROVINCE=”SX”(注:省份)
export KEY_CITY=”XA”(注:城市)
export KEY_ORG=”VPN-TEST”(注:公司名称)
export KEY_EMAIL=”[email protected]”(注:电子邮件)
[root@localhost 2.0]#env |grep KEY(先查看一下,看到是没有)
[root@localhost 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/2.0/keys
(注:如果你已经运行了./clean-all,就运行rm -rf /etc/openvpn/2.0/keys 删除)
[root@localhost 2.0]# env |grep KEY
KEY_EXPIRE=3650
[email protected]
KEY_SIZE=1024
KEY_DIR=/etc/openvpn/2.0/keys
KEY_CITY=XA
KEY_PROVINCE=SX
KEY_ORG=VPN-TEST
KEY_CONFIG=/etc/openvpn/2.0/openssl.cnf
KEY_COUNTRY=CN
[root@localhost 2.0]#
[root@localhost 2.0]# ./clean-all (这时会在当前目录生成一个keys的目录)
生成ca文件
[root@localhost 2.0]# ./build-ca
Generating a 1024 bit RSA private key
….++++++
..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [VPN-TEST CA]:server(注意一定要添server)
Email Address [[email protected]]:
[root@localhost 2.0]# ls keys/ (可以看到keys下生成了ca.crt ca.key 两个文件)
(2)生成server key
[root@localhost 2.0]# ./build-key-server server
Generating a 1024 bit RSA private key
………..++++++
…………………………………………………++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [server]:server
Email Address [[email protected]]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:boobooke(注:密码一定要添)
An optional company name []:
Using configuration from /etc/openvpn/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’SX’
localityName :PRINTABLE:’XA’
organizationName :PRINTABLE:’VPN-TEST’
organizationalUnitName:PRINTABLE:’vpn’
commonName :PRINTABLE:’server’
emailAddress :IA5STRING:’[email protected]’
Certificate is to be certified until Dec 31 13:40:06 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost 2.0]#
[root@localhost 2.0]# ls keys/ (可以看到生成了server.crt server.csr server.key)
(3)生成客户端 key
[root@localhost 2.0]# ./build-key client1
Generating a 1024 bit RSA private key
……………………………..++++++
…..++++++
writing new private key to ‘client1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SX]:
Locality Name (eg, city) [XA]:
Organization Name (eg, company) [VPN-TEST]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server’s hostname) [client1]:
Email Address [[email protected]]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:boobooke
An optional company name []:
Using configuration from /etc/openvpn/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’SX’
localityName :PRINTABLE:’XA’
organizationName :PRINTABLE:’VPN-TEST’
organizationalUnitName:PRINTABLE:’vpn’
commonName :PRINTABLE:’client1′
emailAddress :IA5STRING:’[email protected]’
Certificate is to be certified until Dec 31 13:43:36 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
以上选项要和那个server的保持一致。
[root@localhost 2.0]# ls keys/ (可以看到生成了 client1.crt client1.key client1.csr )
生成Diffie Hellman
[root@localhost 2.0]# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
………………………………………………………………………………………………………………………………………………+……………………………………………+……………………………………+………………………………………………………+……..+………………………….+………………………………………….+…………………………………………………..
………………………………………+………………………………………………………………..+……………………………………………………………………………………………….+……………………….+……………+……………………………………………..+…………………..+……….+……….+.+………..+…………………………………..+………+…………………………………+…………………………………………+…………………….+…………………….+……………………………………………………………….+…………………………………+…..+……………………………………….+……………………+………………………………………….++*++*++*
[root@localhost 2.0]#
创建服务端配置文件
将keys下的 ca.crt server.crt server.key dh1024.pem 拷贝到/etc/openvpn下。
配制/etc/openvpn/server.conf
[root@localhost openvpn]# vi server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
push “dhcp-option DNS “202.98.5.68″
“server.conf” 16L, 249C written
[root@localhost openvpn]#
启动服务
[root@localhost openvpn]# service openvpn restart
服务启动后用ifconfig查看 可以看到有一个新的接口tun0
[root@localhost openvpn]# ifconfig
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2804 (2.7 KiB) TX bytes:18332 (17.9 KiB)
Windows上的客户端的设置
安装openvpn软件
copy 服务器上的/etc/openvpn/2.0/keys/下的ca.crt ca.key client1.crt client1.csr client1.key 到C:\Program Files\OpenVPN\config下
copy C:\Program Files\OpenVPN\sample-config\client.ovpn 到C:\Program Files\OpenVPN\config下
使用记事本编辑client.ovpn
client
dev tun
proto udp
remote 222.161.0.93 1194
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
