разметка :
/ 4G /tmp 5G /usr 15G /var 25G swap 8G
все остальное под /usr/home home - отдельным разделом от остальных
ставим порты, больше ничего(мин. установка), разрешаем ssh логин.
# adduser
# /usr/sbin/ntpdate 194.186.254.22 195.2.64.5
# pkg_add -r cvsup-without-gui
# cd /etc # ee supfile54
пишем туда:
*default host=cvsup.ch.FreeBSD.org *default base=/usr/local/etc/cvsup *default prefix=/usr *default release=cvs *default delete use-rel-suffix *default compress src-all tag=RELENG_5_4
# cp -Rv /usr/src /usr/src53
# cvsup -g -L 2 /root/supfile54
# cd /usr/src # rm -rf /usr/obj/* # make buildworld
# make buildkernel
# make installkernel
# reboot
# fsck -p # mount -u / # mount -a -t ufs # adjkerntz -i # cd /usr/src # mergemaster -p # make installworld # mergemaster -a # reboot
# ee /usr/src/sys/i386/conf/GENERIC
добавляем в конфиг
options MPTABLE_FORCE_HTT
options SMP
options QUOTA # Enable Quota
собираем и устанавливаем ядро:
# cd /usr/src # make buildkernel # make installkernel # reboot
# ee /etc/fstab
/home ufs rw,userquota,groupquota
/tmp ufs rw,nosuid,nodev,noexec, nosymfollow (mysql хуй работает)
# mv /var/tmp/* /tmp/ && rm -rf /var/tmp && ln -s /tmp /var/tmp
# ee /etc/rc.conf
добавляем строчки
enable_quotas="YES" check_quotas="YES"
# cp /usr/share/examples/cvsup/ports-supfile /etc/ports-supfile
# ee /etc/ports-supfile
заменяем строчку
*default host=cvsup.ch.FreeBSD.org
# cvsup -g -L 2 /root/ports-supfile # cd /usr/ports/sysutils/portupgrade # make install clean # portupgrade -af
# cd /usr/ports/editors/vim-lite/ # make install clean # cp /usr/local/share/vim/vim70/vimrc_example.vim /root/.vimrc # vim ~/.cshrc setenv LSCOLORS ExFxCxDxBxegedabagacad setenv CLICOLOR 1 alias vi vim alias h history 25 alias j jobs -l alias la ls -a alias lf ls -FA alias ll ls -lA alias less less -M alias df df -h alias du du -h alias j jobs -l alias la ls -a alias lf ls -FA alias ll ls -lA # A righteous umask umask 22 set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin $HOME/bin) setenv EDITOR vim setenv PAGER more setenv BLOCKSIZE K if ($?prompt) then # An interactive shell -- set some stuff up set prompt = "\n%{\033[36m%}%m: %{\033[1;32m%}%~ %{\033[0m%}# " set autolist ambigous ... # cat > /usr/local/bin/portops #!/bin/sh # portopts - скрипт просмотра опций сборки порта # Скопируйте скрипт в /usr/local/bin, сделайте его исполняемым # (chmod a+x portopts), затем перейдите в # каталог порта и выполните команду "portopts" # # Порт можно указать и в командной строке: portopts www/apache13 # if [ -z "$1" ]; then P="." else P="/usr/ports/$1" fi cat ${P}/Makefile* | grep "defined(" | sed "s/(\!//g" | \ awk -F"(" '{print $2}' | awk -F")" '{print $1}' | \ sort | uniq ^D # chmod +x /usr/local/bin/portops
# cd /usr/ports/java/diablo-jdk15 # make install clean
# fetch http://apache.mirrormax.net/tomcat/tomcat-5/v5.5.17/bin/apache-tomcat-5.5.17.tar.gz # tar zxf apache-tomcat-5.5.17.tar.gz # ln -s apache-tomcat-5.5.17 jakarta-tomcat # ln -s /usr/local/jakarta-tomcat/bin/catalina.sh /usr/local/etc/rc.d/catalina.sh # chmod +x /usr/local/jakarta-tomcat/bin/catalina.sh # vi /usr/local/jakarta-tomcat/bin/catalina.sh JAVA_HOME=/usr/local/diablo-jdk1.5.0 JAVA_OPTS="-Xmx512m -Xss128k -Djava.awt.headless=true" # cat > /usr/local/jakarta-tomcat/bin/tomcat_restart <code bash> #!/bin/sh # -*- mode: Fundamental; tab-width: 4; -*- # ex:ts=4 # # Jakarta Tomcat startup script. # # $FreeBSD: ports/www/jakarta-tomcat4/files/startup.sh,v 1.4 2002/05/08 21:54:06 znerd Exp $ #tomcat4 # Set some variables MYSELF=`basename $0` case "$1" in start) #echo -n ' ' su -f -m root -c "exec /usr/local/jakarta-tomcat5.0/bin/startup.sh" >/dev/null && echo -n 'tomcat' ;; stop) #echo -n ' ' su -f -m root -c "exec /usr/local/jakarta-tomcat5.0/bin/shutdown.sh" >/dev/null 2>&1 ; echo -n 'tomcat' ;; *) echo "" echo "Usage: ${MYSELF} { start | stop }" echo "" exit 64 ;; esac CTRL+D # chmod +x /usr/local/jakarta-tomcat/bin/tomcat_restart # vi /usr/local/jakarta-tomcat/conf/server.xml ... Connector port="8080" -> Connector port="8180" ... <Host name="alvier.pchighway.com" debug="0" appBase="/home2/slayer/public_html" unpackWARs="true" autoDeploy="true" reloadable="true"> <Alias>193.192.249.49</Alias> <Context path="" docBase="." debug="0" reloadable="true" crossContext="true"/> </Host> </Engine> </Service> </Server>
# cd /home # mkdir cpins # cd cpins # wget http://layer1.cpanel.net/latest # sh latest
Server Contact E-Mail Address -> payment@pchighway.com Default cPanel Theme -> x Default Home Directory -> /home Main Shared Virtual Host IP -> 193.192.249.49 Hostname -> alvier.pchighway.com (+ create in some other whm) Primary Nameserver -> dns1.pchighway.com Secondary Nameserver -> dns3.pchighway.com CGI Script Alias -> y Apache Access Log Style -> combined MySQL root password -> SOMETHING!!! Tweak Settings -> Awstats Stats, Delete each domain's access logs after stats run, Use jailshell as the default shell for all new accounts and modified accounts, # /scripts/mysqlup # /scripts/upcp --force # /scripts/upcp --force # /scripts/upcp --force ... (пока не встанет imap/pop ;-))) ) # /scripts/upcp --force
WHM - configure cluster
Enable Dns Clustering → save
Add a new server to the cluster
Server Ip Address:
195.141.101.5, 195.141.101.4
Server Remote Access Key → взять из http://195.141.101.4(5):2086/scripts/setrhash
Dns Role → synchronize changes на обоих
FTP Configuration→ disable ftp anonymous login
# cd /usr/local/cpinst # wget http://thesuki.org/php-4.4.2.tar.bz2 # tar jxf php-4.4.2.tar.bz2 # cd php-4.4.2 # './configure' '--with-apxs=/usr/local/apache/bin/apxs' '--prefix=/usr/local' '--with-xml' '--with-mm' '--enable-bcmath' '--enable-calendar' '--with-curl' '--with-dom' '--with-dom-xslt' '--with-dom-exslt' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-gettext' '--with-iconv' '--with-imap=/usr/local/imap-2004g' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-mcrypt' '--with-mhash' '--enable-magic-quotes' '--with-mm' '--with-mysqli' '--with-mysql=/usr/local' '--with-openssl' '--enable-discard-path' '--with-pear' '--with-pspell' '--enable-xslt' '--with-xslt-sablot' '--enable-sockets' '--enable-track-vars' '--with-ttf' '--with-freetype-dir=/usr/local' '--enable-gd-native-ttf' '--enable-versioning' '--enable-wddx' '--with-xmlrpc' '--with-zip' '--with-zlib' # make -j4 # make install # make clean # /scripts/restartsrv_apache # cd /usr/ports/distfiles # wget http://downloads.zend.com/optimizer/3.0.1/ZendOptimizer-3.0.1-freebsd5.4-i386.tar.gz # tar zxf ZendOptimizer-3.0.1-freebsd5.4-i386.tar.gz # cd ZendOptimizer-3.0.1-freebsd5.4-i386 # ./install-tty
# cd /usr/ports/www/mod_jk # ln -s /usr/local/apache/bin/apxs /usr/local/sbin/apxs # make PREFIX=/usr/local install clean # vi /usr/local/apache/conf/httpd.conf LoadModule jk_module libexec/mod_jk.so AddModule mod_jk.c JkWorkersFile /usr/local/jakarta-tomcat/conf/workers.properties JkLogFile /usr/local/apache/logs/jk.log JkLogLevel info # cat > /usr/local/jakarta-tomcat/conf/workers.properties workers.tomcat_home=/usr/local/jakarta-tomcat workers.CATALINA_HOME=/usr/local/jakarta-tomcat workers.java_home=/usr/local/diablo-jdk1.5.0 workers.CLASSPATH=/usr/local/jakarta-tomcat/common/lib/*.jar #:/usr/local/diablo-jdk1.5.0/jre/lib/rt.jar:/usr/local/diablo-jdk1.5.0/jre/lib/javaplugin.jar:/usr/local/diablo-jdk1.5.0/jre/lib/sunrsasign.jar ps=/ worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009 ^D # /scripts/restartsrv_apache
# cat > /etc/my.cnf [mysqld] default-character-set=cp1251 big-tables socket=/tmp/mysql.sock max_connections=3000 key_buffer=128M myisam_sort_buffer_size=64M join_buffer_size=4M read_buffer_size=4M sort_buffer_size=16M table_cache=1024 thread_cache_size=64 wait_timeout=200 connect_timeout=10 max_allowed_packet=32M max_connect_errors=100 max_heap_table_size=64M query_cache_limit=4M query_cache_size=64M query_cache_type=1 back_log=240 skip-locking record_buffer=4M thread_concurrency=2 [mysqld_safe] open_files_limit = 8192 [mysqldump] quick max_allowed_packet = 128M [myisamchk] key_buffer=128M sort_buffer=128M read_buffer=128M write_buffer=128M [client] socket=/tmp/mysql.sock ^D # /scripts/restartsrv_mysql
# vi /etc/newsyslog /usr/local/apache/logs/mod_jk.log 664 5 * 24 J /usr/local/apache/logs/httpd.pid 1 /usr/local/apache/logs/access_log 664 7 * 24 J /usr/local/apache/logs/httpd.pid 1 /usr/local/apache/logs/error_log 664 7 * 24 J /usr/local/apache/logs/httpd.pid 1 /var/log/exim/mainlog mailnull:mailnull 640 5 * 24 Z /var/log/exim/rejectlog mailnull:mailnull 640 5 * 24 Z
# cat >> /etc/crontab 10 */1 * * * root /usr/sbin/ntpdate 194.186.254.22 195.2.64.5 > /dev/null 2>&1 07 */1 * * * root /usr/local/etc/rc.d/mailqueue 14 2 * * 3 root /usr/local/bin/cvsup -g -z -L 0 /etc/ports-supfile ^D
# cat > /usr/local/etc/rc.d/mailqueue #!/bin/sh rm -Rf /var/spool/exim/msglog/* rm -Rf /var/spool/exim_incoming/msglog/* rm -Rf /var/spool/exim/input/* ^D # chmod 711 /usr/local/etc/rc.d/mailqueue
# ifconfig em0 alias 1.1.1.249 netmask 255.255.255.0 # cat >> /etc/rc.local /sbin/ifconfig em0 alias 1.1.1.249 netmask 255.255.255.0 ^D
# sysctl net.inet.tcp.blackhole=2 # sysctl net.inet.udp.blackhole=1
# vi /etc/sysctl.conf
security.bsd.see_other_uids=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1