格式: major.minor.maintenance.build
配置参考地址: http://php.net/manual/zh/ini.list.php
PHP_INI_USER
和 PHP_INI_ALL
可以被 .user.ini 和 ini_set 还有 nginx 设置PHP_INI_PERDIR
可在 php.ini, .htaccess 或 httpd.conf 中设定PHP_INI_SYSTEM
可在 php.ini 或 httpd.conf 中设定PHP_ADMIN_VALUE
设置 php.ini 的值, 优先级高于 .user.inifastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/:/home/wwwlogs/php_seaslog/";
user_ini.filename = ".user.ini"
cat /proc/sys/fs/file-max
查看, 默认值是根据内存大小自动设置, 一般为内存为 x KB, 则描述符数量为 x/10# 查看
cat /proc/sys/fs/file-max
# 临时设置
echo 1000000 > /proc/sys/fs/file-max
# 永久设置
vi /etc/sysctl.conf
fs.file-max = 1000000
/etc/security/limits.conf
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
# soft 查看
ulimit -Sn
# hard 查看
ulimit -Hn
# 临时设置
## soft
ulimit -Sn 160000
## hard
ulimit -Hn 160000
# 同时设置
ulimit -n 180000
# 配置文件
cat >>/etc/security/limits.conf<
wget https://soft.vpser.net/datebase/mysql/mysql-5.7.26.tar.gz
tar xzf mysql-5.7.26.tar.gz
wget https://soft.vpser.net/lib/boost/boost_1_59_0.tar.bz2
tar jxf boost_1_59_0.tar.bz2
# 编译安装
cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DSYSCONFDIR=/etc -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8mb4 -DDEFAULT_COLLATION=utf8mb4_general_ci -DWITH_EMBEDDED_SERVER=1 -DENABLED_LOCAL_INFILE=1 -DWITH_BOOST=${cur_dir}/src/boost_${Get_Boost_Ver}
make -j `grep 'processor' /proc/cpuinfo | wc -l`
if [ $? -ne 0 ]; then
make
fi
make install
# 用户组
groupadd mysql
useradd -s /sbin/nologin -M -g mysql mysql
chown -R mysql:mysql ${MySQL_Data_Dir}
# 初始化数据库
/usr/local/mysql/bin/mysqld --initialize-insecure --basedir=/usr/local/mysql --datadir=${MySQL_Data_Dir} --user=mysql
chgrp -R mysql /usr/local/mysql/.
\cp support-files/mysql.server /etc/init.d/mysql
# 可执行权限
chmod 755 /etc/init.d/mysql
# 添加动态库
cat > /etc/ld.so.conf.d/mysql.conf<
# 设置密码
UPDATE mysql.user SET authentication_string=PASSWORD('${DB_Root_Password}') WHERE User='root';
# 删除匿名用户
DELETE FROM mysql.user WHERE User='';
# 删除远程登录用户
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# 删除测试数据库
DROP DATABASE test;
# 刷新权限
FLUSH PRIVILEGES;
# 编译安装 --disable-fileinfo
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-config-file-scan-dir=/usr/local/php/conf.d --enable-fpm --with-fpm-user=www --with-fpm-group=www --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir --with-freetype-dir=/usr/local/freetype --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-mbstring --enable-intl --enable-pcntl --with-mcrypt --enable-ftp --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --with-gettext --enable-opcache --with-xsl
make ZEND_EXTRA_LIBS='-liconv' -j `grep 'processor' /proc/cpuinfo | wc -l`
if [ $? -ne 0 ]; then
make ZEND_EXTRA_LIBS='-liconv'
fi
make install
# 创建执行命令软连接
ln -sf /usr/local/php/bin/php /usr/bin/php
ln -sf /usr/local/php/bin/phpize /usr/bin/phpize
ln -sf /usr/local/php/bin/pear /usr/bin/pear
ln -sf /usr/local/php/bin/pecl /usr/bin/pecl
if [ "${Stack}" = "lnmp" ]; then
ln -sf /usr/local/php/sbin/php-fpm /usr/bin/php-fpm
fi
rm -f /usr/local/php/conf.d/*
# 设置包管理使用的 php.ini
pear config-set php_ini /usr/local/php/etc/php.ini
pecl config-set php_ini /usr/local/php/etc/php.ini
# 安装 composer
curl -sS --connect-timeout 30 -m 60 https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# 添加启动任务
\cp ${cur_dir}/src/${Php_Ver}/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
cat >phpinfo.php<
eof
groupadd www
useradd -s /sbin/nologin -g www www
Nginx_With_Openssl=--with-openssl=${cur_dir}/src/${Openssl_New_Ver} --with-openssl-opt='enable-weak-ssl-ciphers'
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module ${Nginx_With_Openssl} ${Nginx_Module_Lua} ${NginxMAOpt} ${Nginx_Modules_Options}
location /lua
{
default_type text/html;
content_by_lua 'ngx.say("hello world")';
}
--disable-fileinfo
backup.sh
数据备份check502.sh
校验地址否是 502 网关错误cut_nginx_logs.sh
nginx 日志切割denyhosts_removeip.sh
解除 denyhost 屏蔽denyhosts.sh
预防 SSH 暴力破解的fail2ban.sh
防止暴力破解remove_disable_function.sh
删除预定义禁用函数remove_open_basedir_restriction.sh
删除 open_basedir 的限制reset_mysql_root_password.sh
重置密码/usr/local/php
/etc/init.d/nginx
/etc/init.d/msyql
/etc/init.d/php-fpm
/usr/local/zend
/etc/my.cnf
/bin/lnmp
# 编译参数
php -i|grep configure
# 扩展地址
/usr/local/php/bin/php-config --extension-dir
# 卸载
rpm -e php-mysql php-cli php-gd php-common php --nodeps
# 查看编译参数
nginx -V
# 版本
/usr/local/mysql/bin/mysql_config --version
# 校验密码是否正常
Make_TempMycnf()
{
cat >~/.my.cnf<
## 检查 yum 的配置, 是否有不包含的 repo
sed -i 's:exclude=.*:exclude=:g' /etc/yum.conf
计算当前目录剩余空间, 单位 G
#!/usr/bin/env python
import os
dir = os.path.dirname(__file__)
disk = os.statvfs(dir)
Avail = disk.f_bavail * disk.f_bsize / (1024*1024*1024)
print(int(Avail))
iptables -I INPUT 1 -i lo -j ACCEPT
# 已经创建的连接和封包和本机有关的连接匹配规则
iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT 6 -p tcp --dport 3306 -j DROP
iptables -I INPUT 7 -p icmp -m icmp --icmp-type 8 -j ACCEPT
yum -y install iptables-services
service iptables save
service iptables reload
if command -v firewalld >/dev/null 2>&1; then
systemctl stop firewalld
systemctl disable firewalld
fi
chkconfig --add iptables
chkconfig iptables on
# 排除 mysql
sed -i 's#/etc/init.d/mysql.*##' /bin/lnmp
https://soft.vpser.net/web/libiconv/libiconv-1.15.tar.gz
https://soft.vpser.net/web/libmcrypt/libmcrypt-2.5.8.tar.gz
https://soft.vpser.net/web/mcrypt/mcrypt-2.6.8.tar.gz
https://soft.vpser.net/web/mhash/mhash-0.9.9.9.tar.bz2
https://soft.vpser.net/web/nginx/nginx-1.16.1.tar.gz
https://soft.vpser.net/web/php/php-7.1.33.tar.bz2
https://soft.vpser.net/datebase/mysql/mysql-5.7.26.tar.gz
https://soft.vpser.net/datebase/phpmyadmin/phpMyAdmin-4.9.1-all-languages.tar.xz
https://soft.vpser.net/prober/p.tar.gz
https://soft.vpser.net/lib/openssl/openssl-1.0.2t.tar.gz
https://soft.vpser.net/lib/boost/boost_1_59_0.tar.bz2
https://soft.vpser.net/web/php/composer/composer.phar
[ `free -m | grep Mem | awk '{print $2}'` -le 1024 ]
cat /etc/*-release
free -m | grep Mem | awk '{print $2}'
free -m | grep Swap | awk '{print $2}'
df -h
openssl version
echo "$(python2 -c 'import platform; print platform.linux_distribution()[1]')"
lsb_release -rs
if grep -Eqi "CentOS" /etc/issue || grep -Eq "CentOS" /etc/*-release; then
DISTRO='CentOS'
PM='yum'
elif grep -Eqi "Red Hat Enterprise Linux" /etc/issue || grep -Eq "Red Hat Enterprise Linux" /etc/*-release; then
DISTRO='RHEL'
PM='yum'
elif grep -Eqi "Aliyun" /etc/issue || grep -Eq "Aliyun" /etc/*-release; then
DISTRO='Aliyun'
PM='yum'
elif grep -Eqi "Fedora" /etc/issue || grep -Eq "Fedora" /etc/*-release; then
DISTRO='Fedora'
PM='yum'
elif grep -Eqi "Amazon Linux" /etc/issue || grep -Eq "Amazon Linux" /etc/*-release; then
DISTRO='Amazon'
PM='yum'
elif grep -Eqi "Debian" /etc/issue || grep -Eq "Debian" /etc/*-release; then
DISTRO='Debian'
PM='apt'
elif grep -Eqi "Ubuntu" /etc/issue || grep -Eq "Ubuntu" /etc/*-release; then
DISTRO='Ubuntu'
PM='apt'
elif grep -Eqi "Raspbian" /etc/issue || grep -Eq "Raspbian" /etc/*-release; then
DISTRO='Raspbian'
PM='apt'
elif grep -Eqi "Deepin" /etc/issue || grep -Eq "Deepin" /etc/*-release; then
DISTRO='Deepin'
PM='apt'
elif grep -Eqi "Mint" /etc/issue || grep -Eq "Mint" /etc/*-release; then
DISTRO='Mint'
PM='apt'
elif grep -Eqi "Kali" /etc/issue || grep -Eq "Kali" /etc/*-release; then
DISTRO='Kali'
PM='apt'
else
DISTRO='unknow'
fi
判断是否是版本 7.*
[ grep -Eqi "release 7." /etc/redhat-release ]
# 64位的系统中int类型还是4字节的,但是long已变成了8字节
if [[ `getconf WORD_BIT` = '32' && `getconf LONG_BIT` = '64' ]] ; then
Is_64bit='y'
else
Is_64bit='n'
fi
if uname -m | grep -Eqi "arm|aarch64"; then
Is_ARM='y'
fi
curl -sSk --connect-timeout 30 -m 60 https://ip.vpser.net/country
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
DD_Count=1024
echo "Add Swap file..."
dd if=/dev/zero of=/var/swapfile bs=1M count=${DD_Count}
chmod 0600 /var/swapfile
echo "Enable Swap..."
/sbin/mkswap /var/swapfile
/sbin/swapon /var/swapfile
if [ $? -eq 0 ]; then
[ `grep -L '/var/swapfile' '/etc/fstab'` ] && echo "/var/swapfile swap swap defaults 0 0" >>/etc/fstab
/sbin/swapon -s
else
rm -f /var/swapfile
echo "Add Swap Failed!"
fi
if [ -s /etc/selinux/config ]; then
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
fi
ulimit -v unlimited
if [ `grep -L "/lib" '/etc/ld.so.conf'` ]; then
echo "/lib" >> /etc/ld.so.conf
fi
if [ `grep -L '/usr/lib' '/etc/ld.so.conf'` ]; then
echo "/usr/lib" >> /etc/ld.so.conf
##echo "/usr/lib/openssl/engines" >> /etc/ld.so.conf
fi
if [ -d "/usr/lib64" ] && [ `grep -L '/usr/lib64' '/etc/ld.so.conf'` ]; then
echo "/usr/lib64" >> /etc/ld.so.conf
##echo "/usr/lib64/openssl/engines" >> /etc/ld.so.conf
fi
if [ `grep -L '/usr/local/lib' '/etc/ld.so.conf'` ]; then
echo "/usr/local/lib" >> /etc/ld.so.conf
fi
cat >>/etc/security/limits.conf<> /etc/sysctl.conf
# 开启
chkconfig --add lnmp
chkconfig lnmp on
# 关闭
chkconfig lnmp off
chkconfig --del lnmp
if ps aux | grep "yum" | grep -qv "grep"; then
# 判断命令是否存在
if command -v killall >/dev/null 2>&1; then
# 关闭程序
killall yum
else
# 关闭程序
kill `pidof yum`
fi
fi
kill `pidof yum`
killall yum
[[ "${DBSelect}" =~ ^[6789]|10$ ]]
echo "lnmp.org##$RANDOM"
[[ -d "${DirName}" ]] && rm -rf ${DirName}
eval echo "${DISTRO} \${${DISTRO}_Version}"
local -a
case "${InstallInnodb}" in
[yY][eE][sS]|[yY])
echo "${InstallInnodb}"
;;
[nN][oO]|[nN])
echo "${InstallInnodb}"
;;
*)
echo "${InstallInnodb}"
esac
echo ${version[0]:=0} | sed 's/^0*//'
version=1.2.3.4
OLDIFS=${IFS} && IFS=. && version=(${version}) && IFS=${OLDIFS}
local -a sorted=($(printf "%s\n%s" "${v1}" "${v2}" | sort ))
if [ "${v1}" == "${sorted[0]}" ]; then echo -1; else echo 1; fi
Color_Text()
{
echo -e " \e[0;$2m$1\e[0m"
}
Echo_Red()
{
echo $(Color_Text "$1" "31")
}
Echo_Green()
{
echo $(Color_Text "$1" "32")
}
Echo_Yellow()
{
echo $(Color_Text "$1" "33")
}
Echo_Blue()
{
echo $(Color_Text "$1" "34")
}
if [ -z ${LNMP_Auto} ]; then
echo ""
Echo_Green "Press any key to install...or Press Ctrl+c to cancel"
OLDCONFIG=`stty -g`
stty -icanon -echo min 1 time 0
dd count=1 2>/dev/null
stty ${OLDCONFIG}
fi
Download_Files()
{
local URL=$1
local FileName=$2
if [ -s "${FileName}" ]; then
echo "${FileName} [found]"
else
echo "Notice: ${FileName} not found!!!download now..."
wget -c --progress=bar:force --prefer-family=IPv4 --no-check-certificate ${URL}
fi
}
Make_Install()
{
# 尝试多进程编译
make -j `grep 'processor' /proc/cpuinfo | wc -l`
if [ $? -ne 0 ]; then
make
fi
make install
}
Tar_Cd()
{
local FileName=$1
local DirName=$2
cd ${cur_dir}/src
[[ -d "${DirName}" ]] && rm -rf ${DirName}
echo "Uncompress ${FileName}..."
tar zxf ${FileName}
if [ -n "${DirName}" ]; then
echo "cd ${DirName}..."
cd ${DirName}
fi
}
sed -i 's/LNMPORG/LNMP.org_0'$RANDOM`date '+%s'`$RANDOM'9_VPSer.net/g' config.inc.php
Sleep_Sec()
{
seconds=$1
while [ "${seconds}" -ge "0" ];do
echo -ne "\r \r"
echo -n ${seconds}
seconds=$(($seconds - 1))
sleep 1
done
echo -ne "\r"
}
while :;do
read -p "Enter website root directory: " website_root
if [ -d "${website_root}" ]; then
# TODO: something
break
else
echo "${website_root} is not directory or not exist!"
fi
done
clear
echo "+-------------------------------------------------------------------+"
echo "| Remove PHP disable functions for LNMP, Written by Licess |"
echo "+-------------------------------------------------------------------+"
echo "| A tool to remove PHP disable_functions for LNMP |"
echo "+-------------------------------------------------------------------+"
echo "| For more information please visit https://lnmp.org |"
echo "+-------------------------------------------------------------------+"
echo "| Usage: ./remove_disable_function.sh |"
echo "+-------------------------------------------------------------------+"
if grep -Eqi '^127.0.0.1[[:space:]]*localhost' /etc/hosts; then
echo "Hosts: ok."
else
## 添加 localhost 环路到配置文件
echo "127.0.0.1 localhost.localdomain localhost" >> /etc/hosts
fi
pingresult=`ping -c1 lnmp.org 2>&1`
echo "${pingresult}"
if echo "${pingresult}" | grep -q "unknown host"; then
echo "DNS...fail"
echo "Writing nameserver to /etc/resolv.conf ..."
echo -e "nameserver 208.67.220.220\nnameserver 114.114.114.114" > /etc/resolv.conf
else
echo "DNS...ok"
fi
echo -e "nameserver 208.67.220.220\nnameserver 114.114.114.114" > /etc/resolv.conf
\cp a b
mkdir -p /usr/local/php/{etc,conf.d}
curl -sS --connect-timeout 30 -m 60 https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
#!/bin/bash
# -*- tab-width: 2; encoding: utf-8 -*-
## @file version_compare
## Compare [semantic] versions in Bash, comparable to PHP's version_compare function.
# ------------------------------------------------------------------
## @author Mark Carver
## @copyright MIT
## @version 1.0.0
## @see http://php.net/manual/en/function.version-compare.php
APP_NAME=$(basename ${0})
APP_VERSION="1.0.0"
# Version compare
function version_compare () {
# Default to a failed comparison result.
local -i result=1;
# Ensure there are two versions to compare.
[ $# -lt 2 ] || [ -z "${1}" ] || [ -z "${2}" ] && echo "${FUNCNAME[0]} requires a minimum of two arguments to compare versions." &>/dev/stderr && return ${result}
# Determine the operation to perform, if any.
local op="${3}"
# Convert passed versions into values for comparison.
local v1=$(version_compare_convert ${1})
local v2=$(version_compare_convert ${2})
# Immediately return when comparing version equality (which doesn't require sorting).
if [ -z "${op}" ]; then
[ "${v1}" == "${v2}" ] && echo 0 && return;
else
if [ "${op}" == "!=" ] || [ "${op}" == "<>" ] || [ "${op}" == "ne" ]; then
if [ "${v1}" != "${v2}" ]; then let result=0; fi;
return ${result};
elif [ "${op}" == "=" ] || [ "${op}" == "==" ] || [ "${op}" == "eq" ]; then
if [ "${v1}" == "${v2}" ]; then let result=0; fi;
return ${result};
elif [ "${op}" == "le" ] || [ "${op}" == "<=" ] || [ "${op}" == "ge" ] || [ "${op}" == ">=" ] && [ "${v1}" == "${v2}" ]; then
if [ "${v1}" == "${v2}" ]; then let result=0; fi;
return ${result};
fi
fi
# If we get to this point, the versions should be different.
# Immediately return if they're the same.
[ "${v1}" == "${v2}" ] && return ${result}
local sort='sort'
# If only one version has a pre-release label, reverse sorting so
# the version without one can take precedence.
[[ "${v1}" == *"-"* ]] && [[ "${v2}" != *"-"* ]] || [[ "${v2}" == *"-"* ]] && [[ "${v1}" != *"-"* ]] && sort="${sort} -r"
# Sort the versions.
local -a sorted=($(printf "%s\n%s" "${v1}" "${v2}" | ${sort}))
# No operator passed, indicate which direction the comparison leans.
if [ -z "${op}" ]; then
if [ "${v1}" == "${sorted[0]}" ]; then echo -1; else echo 1; fi
return
fi
case "${op}" in
"<" | "lt" | "<=" | "le") if [ "${v1}" == "${sorted[0]}" ]; then let result=0; fi;;
">" | "gt" | ">=" | "ge") if [ "${v1}" == "${sorted[1]}" ]; then let result=0; fi;;
esac
return ${result}
}
# Converts a version string to an integer that is used for comparison purposes.
function version_compare_convert () {
local version="${@}"
# Remove any build meta information as it should not be used per semver spec.
version="${version%+*}"
# Extract any pre-release label.
local prerelease
[[ "${version}" = *"-"* ]] && prerelease=${version##*-}
[ -n "${prerelease}" ] && prerelease="-${prerelease}"
version="${version%%-*}"
# Separate version (minus pre-release label) into an array using periods as the separator.
local OLDIFS=${IFS} && local IFS=. && version=(${version%-*}) && IFS=${OLDIFS}
# Unfortunately, we must use sed to strip of leading zeros here.
local major=$(echo ${version[0]:=0} | sed 's/^0*//')
local minor=$(echo ${version[1]:=0} | sed 's/^0*//')
local patch=$(echo ${version[2]:=0} | sed 's/^0*//')
local build=$(echo ${version[3]:=0} | sed 's/^0*//')
# Combine the version parts and pad everything with zeros, except major.
printf "%s%04d%04d%04d%s\n" "${major}" "${minor}" "${patch}" "${build}" "${prerelease}"
}
# Color Support
# See: http://unix.stackexchange.com/a/10065
if test -t 1; then
ncolors=$(tput colors)
if test -n "$ncolors" && test $ncolors -ge 8; then
bold="$(tput bold)" && underline="$(tput smul)" && standout="$(tput smso)" && normal="$(tput sgr0)"
black="$(tput setaf 0)" && red="$(tput setaf 1)" && green="$(tput setaf 2)" && yellow="$(tput setaf 3)"
blue="$(tput setaf 4)" && magenta="$(tput setaf 5)" && cyan="$(tput setaf 6)" && white="$(tput setaf 7)"
fi
fi
function version_compare_usage {
echo "${bold}${APP_NAME} (${APP_VERSION})${normal}"
echo "Compare [semantic] versions in Bash, comparable to PHP's version_compare function."
echo
echo " - When ${cyan}${normal} is NOT provided, ${APP_NAME} will output (print to /dev/stdout):"
echo " -1: ${cyan}${normal} is lower than ${cyan}${normal}"
echo " 0: ${cyan}${normal} and ${cyan}${normal} are equal"
echo " 1: ${cyan}${normal} is lower than ${cyan}${normal}"
echo
}
# Do not continue if sourced.
[[ ${0} != "$BASH_SOURCE" ]] && return
# Process options.
while getopts ":hV" opt; do
case $opt in
h) version_compare_usage && exit;;
V) echo "${APP_VERSION}" && exit;;
\?|*) echo "${red}${APP_NAME}: illegal option: -- ${OPTARG}${normal}" >&2 && echo && version_compare_usage && exit 64;;
esac
done
shift $((OPTIND-1)) # Remove parsed options.
# Allow script to be invoked as a CLI "command" by proxying arguments to the internal function.
[ $# -gt 0 ] && version_compare ${@}
# 下载地址
Download_Mirror='https://soft.vpser.net'
# 检查镜像
Check_Mirror
# 数据库
DBSelect
DB_Root_Password
InstallInnodb
# php
PHPSelect
# 不安装-1
SelectMalloc
# 自动安装
LNMP_Auto