Linux 的 stdin, stdout 以及stderr

今天终于有时间来仔细看下stdin,stdout和stderr了

标准输入重定向(STDIN,文件描述符为 0):默认从键盘输入,也可从其他文件或命令中输入。
标准输出重定向(STDOUT,文件描述符为 1):默认输出到屏幕。
错误输出重定向(STDERR,文件描述符为 2):默认输出到屏幕。

“stdout”按理来说应该表示为”1>”, 我们可以默认的写成”>”, 重定向stderr可以用”2>”来表示

./error.sh 2> capture.txt

表示把错误信息重定向到capture.txt

./error.sh 1> capture.txt 2> error.txt

表示把标准输出定向到capture.txt, 把错误定向到error.txt

./error.sh > capture.txt 2&>1

capture.txt 表示标准输出重定向到capture.txt,  2>&1, 表示“redirect stream 2, stderr, to the same destination that stream 1, stdout, is being redirected to”

总结一下:

输入重定向:
命令 < 文件 将文件作为命令的标准输入
命令 << 分隔符 从标准输入中读入,直到遇见分隔符才停止
命令 < A1 > A2 将文件A1作为命令的标准输入并将标准输出到文件A2

 

命令 > 文件 将标准输出重定向到一个文件中(清空原有文件的数据)
命令 2> 文件 将错误输出重定向到一个文件中(清空原有文件的数据)
命令 >> 文件 将标准输出重定向到一个文件中(追加到原有内容的后面)
命令 2>> 文件 将错误输出重定向到一个文件中(追加到原有内容的后面)
命令 >> 文件 2>&1 或 命令 &>> 文件 将标准输出与错误输出共同写入到文件中(追加到原有内容的后面)

askubuntu.com上面有个老外写了一个解释,非常的好记:

List:
command > output.txt
The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten.

command >> output.txt
The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

command 2> output.txt
The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten.

command 2>> output.txt
The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

command &> output.txt
Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, it gets overwritten.

command &>> output.txt
Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, the new data will get appended to the end of the file..

command | tee output.txt
The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, it gets overwritten.

command | tee -a output.txt
The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

(*)
Bash has no shorthand syntax that allows piping only StdErr to a second command, which would be needed here in combination with tee again to complete the table. If you really need something like that, please look at "How to pipe stderr, and not stdout?" on Stack Overflow for some ways how this can be done e.g. by swapping streams or using process substitution.

command |& tee output.txt
Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, it gets overwritten.

command |& tee -a output.txt
Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

Centos 7 通过nginx repo 安装的nginx的配置解析

[[email protected] ~]# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

我们可以看到nginx官方就是使用的Centos/RHEL官方自带的repo里的gcc来编译的, gcc 版本是4.8.5, openssl 也是官方repo里面自带的1.0.2k的版本(1.1.1以后的版本支持更多的加密方式)

因此nginx 的配置路径为:

nginx path prefix: "/etc/nginx"
nginx binary file: "/usr/sbin/nginx"
nginx modules path: "/usr/lib64/nginx/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/var/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/cache/nginx/client_temp"
nginx http proxy temporary files: "/var/cache/nginx/proxy_temp"
nginx http fastcgi temporary files: "/var/cache/nginx/fastcgi_temp"
nginx http uwsgi temporary files: "/var/cache/nginx/uwsgi_temp"
nginx http scgi temporary files: "/var/cache/nginx/scgi_temp"

下面看看usergroup

vi /etc/password
nginx:x:997:995:nginx user:/var/cache/nginx:/sbin/nologin

看看user group history

[[email protected] ~]# grep nginx /var/log/secure
Dec 7 11:36:28 vultr groupadd[1162]: group added to /etc/group: name=nginx, GID=995
Dec 7 11:36:28 vultr groupadd[1162]: group added to /etc/gshadow: name=nginx
Dec 7 11:36:28 vultr groupadd[1162]: new group: name=nginx, GID=995
Dec 7 11:36:28 vultr useradd[1167]: new user: name=nginx, UID=997, GID=995, home=/var/cache/nginx, shell=/sbin/nologin

看看nginx service

vi /usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

 

 

Online.net Pro-4-M Benchmark

online的这台机器好像和esxi 有兼容性问题,不管了,先测试再说。

安装好ESXi,在使用vmware native driver 的情况下:

----------------------------------------------------------------------
CPU model : Intel(R) Xeon(R) CPU E3-1245 v5 @ 3.50GHz
Number of cores : 4
CPU frequency : 3504.000 MHz
Total size of Disk : 47.0 GB (1.2 GB Used)
Total amount of Mem : 3902 MB (165 MB Used)
Total amount of Swap : 3967 MB (0 MB Used)
System uptime : 0 days, 0 hour 3 min
Load average : 0.52, 0.20, 0.08
OS : CentOS 7.6.1810
Arch : x86_64 (64 Bit)
Kernel : 3.10.0-957.el7.x86_64
----------------------------------------------------------------------
I/O speed(1st run) : 499 MB/s
I/O speed(2nd run) : 498 MB/s
I/O speed(3rd run) : 497 MB/s
Average I/O speed : 498.0 MB/s

阿里轻量云香港

阿里轻量云香港测试IP为149.129.84.1,新加坡测试IP: 149.129.49.31

移动联通直连,但是电信去程为NTT,回程为CN2

被用来服务国内的移动和联通客户还是很不错的

阿里轻量云和普通ECS的区别就是没有内网IP(自带的内网IP无法和ECS的内网互联),另外也没有那2G的防御

同样的腾讯云香港的测试IP为119.28.11.12

还有华为云香港的测试IP为159.138.33.92

GCP的CDN 35.244.179.64

K2P刷官改

K2P A2版因为强大的可玩性,遭到了很多玩家的吹捧,而事实上也确实如此,记住K2P 要收的话一定要收A2版

如果侧重于玩,那么openwrt无疑是最好的选择,可是如果仅仅是为了跑稳定的服务,那么K2P官改无疑是最好的选择.

K2P的破解,随着K2P自带系统的不断升级,越来越难,现在的K2P一般自带的是V22.5.7.85

本方法适用于最新的K2P MTK 22.8.5.189、22.10.2.23、22.10.2.24固件。

一般来说,只需使用下面的第一个工具,刷入breed然后下载固件,在breed里刷入固件即可

更多

Bind 的 forwarding 和 recursion

很少接触bind的各种服务,可是几乎每年都会用到一次两次,每次都得重新搜索bind 的文档,太麻烦了。。下面是在stackoverflow上看到关于bind 的forwarding 和 recursion 的描述,写的很好.

Forwarding: just passes the DNS query to another DNS server (e.g. your ISP’s). Home routers use forwarding to pass DNS queries from your home network’s clients to your ISP’s DNS servers. For example, for foo.example.com, a forwarding DNS server would first check its cache (did it already ask this question before), and if the answer is not in its cache, it would ask its forwarder (your ISP’s DNS server) for the answer, which would respond with either a cached response, or would perform recursion until it figured out the answer.

Recursion: or caching server, the DNS server receiving the query takes it upon itself to figure out the answer to that query by recursively querying authoritative DNS servers for that domain. For example, for foo.example.com, a recursor would first query the root servers for what DNS servers are responsible for the .com TLD, then it would ask those servers for example.com, then it would query the servers for example.com for foo.example.com, finally getting the answer to the original query.

In terms of security, you should separate recursors/forwarders (typically DNS servers used to service a bunch of clients) and authoritative DNS servers (typically these are responsible ONLY for answering queries re: domains that they are authoritative for – these servers will NOT perform recursive queries for anyone).

在centos 7上安装bind 并把它设置为resursor server 最简单了,直接 yum install bind bind-utils就可以了,bind 的默认named.conf 就是一个完整只适用于本机localhost 的 resursor server 设置

防止阿里云备案被撤销

鉴于国内BT的备案的制度,阿里云更为甚之。。。

在阿里云备案的域名,如果没有把IP指向阿里云,也被会阿里云警告

因此最好的办法就是把IP只想阿里云并且模拟一些流量

打开centos 的crontab,可以设置如下crojob,来模拟真实的流量:

0 2 * * * curl -s www.domain1.com > /dev/null 2>&1 >/dev/null 2>&1
0 3 * * * curl -s www.domain2.com > /dev/null 2>&1 >/dev/null 2>&1
0 4 * * * curl -s www.domain3.cn > /dev/null 2>&1 >/dev/null 2>&1
0 5 * * * curl -s www.domain4.cn > /dev/null 2>&1 >/dev/null 2>&1

国内cloud安装军哥LNMP1.6

02-18-2019 Updated: 军哥已经修复了这个问题. 

 

军哥的LNMP准时在1月1号更新了,之前一直在国外的cloud上安装,所以没有遇到任何问题

但是今天在阿里云的深圳机房上安装,确发现了一个小的问题

具体说来就是在LNMP1.6上安装boost的时候,boost 的安装被写入了mysql 的config,mysql 会自动从internet上下boost并且安装配置boost.

问题就出现这里,mysql下载boost,是从sourceforge上下载boost

下载地址:

http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz

阿里云连sourceforge速度超慢,时间一长就会被程序自动timeout了, 不得不说这是国内的悲哀。。。

解决这个办法还是比较简单的,就是提前下载号boost1.59到/root/lnmp1.6/src下面,也就是你的lnmp文件夹下面的src里面就可以了

下载地址:

http://soft.vpser.net/lib/boost/

需要注意的是,lnmp1.6需要是tar.bz2的boost

删除阿里云自带的云盾,监控服务等等

其他的系统我不太清楚,但是aliyun的centos模板自带许多阿里云的服务,比如说云盾,cloudwatch等等,而这些往往是我们不愿意透露出去的,因此需要一上来就删掉这些服务,而这些服务往往还像牛皮癣,很难删的完完整整

下面的操作都是在aliyun 深圳机房的一台安装了centos 7的轻量云上操作的

卸载阿里云监控

wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
sudo ./uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
sudo ./quartz_uninstall.sh

其实quartz的uninstall中已经包含了aegis的卸载命令

删除残留

sudo pkill aliyun-service
sudo rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
sudo rm -rf /usr/sbin/aliyun*
sudo rm -rf /etc/systemd/system/aliyun.service
sudo rm -rf /usr/local/aegis*

 

屏蔽云盾IP

如果用iptables,可用如下命令

iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP

如果用防火墙,可以直接屏蔽下面的IP

140.205.201.0/28
140.205.201.16/29
140.205.201.32/28
140.205.225.192/29
140.205.225.200/30
140.205.225.184/29
140.205.225.183/32
140.205.225.206/32
140.205.225.205/32

最后删除云监控cloudwatch 需要注意的是,centos安装的是go版本的云监控

可以参考这个官方页面

http://help.aliyun.com/document_detail/97929.html

也可以直接使用下面的命令:

/usr/local/cloudmonitor/CmsGoAgent.linux-amd64 stop && \
/usr/local/cloudmonitor/CmsGoAgent.linux-amd64 uninstall && \
rm -rf /usr/local/cloudmonitor

如果你的centos安装的是java版本的话,可以使用

/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh stop
/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh remove && \
rm -rf /usr/local/cloudmonitor