Powered by Typecho)))
Optimized by EAimTY
全球最大HTTPs证书提供商之一的Let's Encrypt根证书于9月30日过期,如果你不幸跟我一样未能在9.30日之前更新系统根证书,将导致系统更新失败以及众多的程序运行异常。
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 201.0.222.9 443]
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
一般的监控系统只是监测证书的有效期,并不会太多注意到根证书的有效期,监控系统也不会发出提示预警。因此,网站运维人员应尽快自查正在使用的 Let's Encrypt品牌证书,或尽快更新其他品牌的证书
解决办法,删掉对应过期根证书,重新拉新的。
sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
sudo update-ca-certificates
打印原始日志
btmon
root@deepin:~# hciconfig -a
hci0: Type: Primary Bus: USB
BD Address: 00:1A:7D:DA:71:13 ACL MTU: 679:8 SCO MTU: 48:16
DOWN
RX bytes:734 acl:0 sco:0 events:24 errors:0
TX bytes:74 acl:0 sco:0 commands:24 errors:0
Features: 0xbf 0x3e 0x4d 0xfa 0xdb 0x3d 0x7b 0xc7
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy:
Link mode: SLAVE ACCEPT
参考:
安装编译所需要的库:
apt-get install libxml2-dev libmcrypt-dev libssl-dev libldap2-dev libmhash-dev libmysqlclient-dev libcurl4-openssl-dev libpng-dev libjpeg-dev libsasl2-dev
安装libevent
cd ~/src
wget http://monkey.org/~provos/libevent-1.4.13-stable.tar.gz
tar xf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure --enable-shared
make
make installulimit -SHn 65535
安装pcre
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.00.tar.gz
tar zxvf pcre-8.00.tar.gz
cd pcre-8.00/
./configure
make && make install
安装libunwind#否则无法安装Google-perftools
cd /libunwind-0.99
./configure --enableshared
make
make install
安装google-perftools#mysql和nginx需要(64位必须加--enable-frame-pointers)
wget http://google-perftools.googlecode.com/files/google-perftools-1.5.tar.gz
./configure --enableshared --enable-frame-pointers
make
make install
下载purge #清除缓存用的
wget http://labs.frickle.com/files/ngx_cache_purge-1.0.tar.gz
tar zxvf ngx_cache_purge-1.0.tar.gzwget http://nginx.org/download/nginx-0.8.32.tar.gz
tar zxvf nginx-0.8.32.tar.gz
cd nginx-0.8.32/
cd ../
./configure --prefix=/zh/nginx --user=www-data --group=www-data --with-rtsig_module --with-select_module --with-poll_module --with-ipv6 --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --http-client-body-temp-path=/tmp/nginx/client --http-proxy-temp-path=/tmp/nginx/proxy --http-fastcgi-temp-path=/tmp/nginx/fastcgi --with-google_perftools_module --add-module=/home/web_package/ngx_cache_purge-1.0
启动nginx错误解决办法
1:error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory
解决方法,在/lib中创建一个symbol link到/usr/local/pcre/lib/libpcre.so.0
sudo ln -s /usr/local/pcre/lib/libpcre.so.0 /lib
2:error while loading shared libraries: libprofiler.so.0: cannot open shared object file: No such file or directory
安装ImageMagick
cd ~/src
apt-get build-dep imagemagick
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
tar xf ImageMagick.tar.gz
cd ImageMagick-6.5.8-6/
./configure
make
aptitude install libperl-dev
make installapt-get build-dep php
wget http://cn2.php.net/get/php-5.3.1.tar.bz2/from/this/mirror
tar xf php-5.3.1.tar.bz2
#下载imagick
cd ~/src
wget http://pecl.php.net/get/imagick-2.3.0.tgz
tar xf imagick-2.3.0.tgz
cp -R imagick-2.3.0 php-5.3.1/ext/imagick
cd php-5.3.1
./buildconf --force
#下载php-fpm
apt-get install batch
wget http://launchpad.net/php-fpm/master/0.6/+download/php-fpm-0.6~5.3.1.tar.gz
$ tar -xzf php-fpm-0.6~5.3.1.tar.gz
$ php-fpm-0.6-5.3.1/generate-fpm-patch
$ patch -d php-5.3.1 -p1$ cd php-5.3.1
$ ./buildconf --force./configure --prefix=/zh/php5 --with-fpm --with-libxml-dir=/usr --with-fpm-bin=/zh/php5/fpm --with-fpm-conf=/zh/php5/etc --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GUN --with-config-file-path=/zh/php5/etc --with-config-file-scan-dir=/zh/php5/etc --with-openssl --with-zlib --enable-bcmath --enable-calendar --with-curl --with-curlwrappers --enable-exif --enable-ftp --disable-rpath --with-gd --with-jpeg-dir --with-png-dir --enable-gd-native-ttf --with-gettext --with-mhash --with-imagick --with-imap --with-imap-ssl --with-ldap --enable-mbstring --with-mcrypt --with-mysql=mysqlnd --enable-mbregex --with-mysql-sock --with-mysqli --with-pdo-mysql --with-pdo-sqlite --enable-soap --enable-sockets --enable-sqlite-utf8 --enable-sysvsem --with-xmlrpc --enable-zip --without-pear --enable-shmop --enable-pcntl --with-libevent=shared --with-kerberos
make
make install
安装记录
molyx:/home/web_package/php-5.3.1# make install
Installing PHP SAPI module: fpm
Installing PHP CLI binary: /zh/php5/bin/
Installing PHP CLI man page: /zh/php5/man/man1/
Installing build environment: /zh/php5/lib/php/build/
Installing header files: /zh/php5/include/php/
Installing helper programs: /zh/php5/bin/
program: phpize
program: php-config
Installing man pages: /zh/php5/man/man1/
page: phpize.1
page: php-config.1
/home/web_package/php-5.3.1/build/shtool install -c ext/phar/phar.phar /zh/php5/bin
ln -s -f /zh/php5/bin/phar.phar /zh/php5/bin/pharupdate-rc.d php-fpm defaults
sed -i "s/nobody/www-data/g" /etc/php-fpm.conf
/etc/init.d/php-fpm start
make install
cp php.ini-dist /zh/php5/etc/php.ini
ln -s /zh/php5/sbin/php-fpm /etc/init.d/php-fpm
update-rc.d -f php-fpm defaults
编译后的php安装在/opt/php下面,php的配置文件是/opt/php/lib/php.ini
和其他Linux下不同,在Debian下这时候启动php-fpm会失败,原因是在Debian下php-fpm的配置文件中必须指定运行时的用户才行。
优化php-fpm
编辑php-fpm的配置文件/etc/php-fpm.conf,
* 去掉display_errors参数的注释,修改参数值为1
* 去掉sendmail_path参数的注释
* 去掉user,group参数的注释
* 修改max_children参数的值为10
安装php加速器eAccelerator
tar jxf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3
apt-get install -y autoconf
/zh/php5/bin/phpize
./configure --with-php-config=/zh/php5/bin/php-config --enable-eaccelerator --enable-shared
make
make install
mkdir /tmp/php/eaccelerator_cache
然后重启php-fpm,在phpinfo()页面中应该能看到eaccelerator的信息了。
附录:
memcache模块安装:
/zh/php5/bin/phpize
./configure --enable-memcache --enable-shared --with-php-config=/zh/php5/bin/php-config
make
make install
Suhosin模块安装:
/zh/php5/bin/phpize
./configure --with-php-config=/zh/php5/bin/php-config --enable-shared --enable-suhosin
make
make install
extension_dir = "/zh/php5/lib/php/extensions/no-debug-non-zts-20090626"
;suhosin module
[suhosin]
extension=suhosin.so
;memcache module
[memcache]
extension=memcache.so
;eaccelerator module
[eaccelerator]
;zend_extension="/zh/php5/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/php/eaccelerator_cache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="3600"
eaccelerator.shm_prune_period="3600"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
错误解决
1:utf8_mime2text() has new signature, but U8T_CANONICAL is missing
安装c-client
apt-get install libc-client-dev
2:configure: error: libevent.a could not be found. Stop.
使用参数--with-libevent=shared
3:This c-client library is built with Kerberos support.
添加 --with-kerberos to your configure line. Check config.log for details
下载mysql源码包到指定目录
molyx:~# tar zxvf mysql-5.1.42.tar.gzmolyx:~# cd mysql-5.1.42
添加mysql运行用户/用户组
molyx:~# groupadd mysqldmolyx:~# useradd -g mysqld -s /bin/false -c "Mysql Server Runner" mysqld
创建mysql安装目录和数据存放目录
molyx:~# mkdir /usr/local/mysqldmolyx:~# mkdir /var/mysqldata
安装gcc和ncurses
molyx:~# apt-get install gccmolyx:~/ncurses-5.7# apt-get install g++molyx:~# apt-get install libncurses5-dev
编译mysql
./configure --prefix=/usr/local/mysqld --enable-assembler --with-charset=utf8 --with-extra-charsets=all --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=max-no-ndb --enable-shared --with-tcp-port=3306 --with-mysqld-user=mysqld --with-low-memory --with-mysqlmanager
安装并初始化环境
molyx:/home/web_package/mysql-5.1.42# make molyx:/home/web_package/mysql-5.1.42# make installmolyx:/home/web_package/mysql-5.1.42# cp support-files/my-medium.cnf /usr/local/mysqld/etc/my.cnf
更改目录权限
molyx:/home/web_package/mysql-5.1.42# chown -R mysqld /usr/local/mysqld molyx:/home/web_package/mysql-5.1.42# chown -R mysqld /var/mysqldata molyx:/home/web_package/mysql-5.1.42# chown -R mysqld:mysqld /usr/local/mysqld molyx:/home/web_package/mysql-5.1.42# chown -R mysqld:mysqld /var/mysqldata molyx:/home/web_package/mysql-5.1.42# chmod 711 /usr/local/mysqld molyx:/home/web_package/mysql-5.1.42# chmod 711 /var/mysqldata
初始化数据库
molyx:/home/web_package/mysql-5.1.42# /usr/local/mysqld/bin/mysql_install_db --user=mysqld --datadir=/var/mysqldata --basedir=/usr/local/mysqld --skip-name-resolve --defaults-file=/usr/local/mysqld/etc/my.cnf
参考资料http://tianzui.blog.bokee.net/bloggermodule/blog_viewblog.do?id=3901792http://xfenoo.blog.51cto.com/747433/255572错误解决:
g++: yes: No such file or directorymake[3]: *** [mysqld] Error 1make[3]: Leaving directory `/home/mysql/src/mysql-5.1.41/sql'make[2]: *** [all-recursive] Error 1make[2]: Leaving directory `/home/mysql/src/mysql-5.1.41/sql'make[1]: *** [all] Error 2make[1]: Leaving directory `/home/mysql/src/mysql-5.1.41/sql'make: *** [all-recursive] Error 1
加入参数CXXFLAGS="-fPIC"
CXXFLAGS="-fPIC" ./configure --prefix=/usr/local/mysqld --enable-assembler --with-charset=utf8 --with-extra-charsets=all --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-plugins=max-no-ndb --enable-shared --with-tcp-port=3306 --with-mysqld-user=mysqld --with-low-memory --with-mysqlmanager
dpkg – Debian 包安装工具
apt-get – APT 的命令行前端
aptitude – APT 的高级的字符和命令行前端
synaptic – 图形界面的 APT 前端
dselect – 使用菜单界面的包管理工具
tasksel – Task 安装工具
这些工具不是用来取代对方的,比如 dselect 同时使用 APT 和 dpkg。
APT 使用 /var/lib/apt/lists/* 来跟踪可用的软件包,而 dpkg 使用的是 /var/lib/dpkg/available。如果你使用了 aptitude 或者其他 APT 前端来安装软件包,同时你希望使用 dselect 来安装软件包,请不要忘记使用 dselect 菜单上的 [U]pdate (或者运行"dselect update") 来更新 /var/lib/dpkg/available。
在处理依赖关系上 apt-get 会自动下载安装依赖的软件包,但是不会处理所安装软件推荐的或者建议的软件包。
相反 aptitude 可以设置成安装所安装软件推荐的或者建议的软件包。
dselect 给使用者列出所安装软件推荐或建议的软件包,可以进行单独选择。
3.1.2 方便的工具
dpkg-reconfigure - 重新配置已安装的软件包
(如果它是使用 debconf 进行配置的)
dpkg-source - 管理源码包
dpkg-buildpackage - 自动生成包文件
apt-cache - 在本地缓冲区检查包文件