为了安全,数据每天备份是非常有必要的,之前cron一直跑的很顺利,最近发现每天ftp上的备份数据都不完整,找来找去没找到原因,直接跑备份脚本又完全没问题
具体现象:备份脚本第一行执行不完整,而后面的会被继续,ftp上就会有个不完整的备份文件
断断续续Google了一两周,没结果,最后问朋友,也没搞定,不过有句话到时启发我了,问我的脚本需不需要输出,我想想不需要,就把脚本输出写到/dev/null了,今早起来看ftp,嘿~就对了
不知道是不是cron能接受的脚本输出有限,超过就撑爆然后打断。
最近闲着无聊,看了下/var/log/secure,那简直壮观的没的话说,每天都能好几百次穷举暴力攻击,不过估计都是在猜测一些比较简单的密码,每ip也就拿么几十次尝试
所以,是时候稍微动动手了 vi /etc/ssh/sshd_config
LoginGraceTime 5
Port 21212
ListenAddress 0.0.0.0:21212
IgnoreUserKnownHosts yes
然后重启sshd,现在绝大多数盲扫已经与你无关了,现在先别急着断开,还有很重要的事情
为了更加安全,现在可以禁用root远程登陆,当然,很多时候连上去都是为了做些配置修改的,因此,直接禁用root然后用su就显得有些多此一举了,所以需要让root用户只能用公钥私钥验证登陆就比较方便了
PermitRootLogin without-password
添上这一段后,把生成好的root公钥丢上去,然后就完事了
生成ssh用密钥对:ssh-keygen -t dsa -b 1024 -f /user/keys,密码留空,然后cp /user/keys.pub /user/.ssh/authorized_keys,把keys拉回本地然后删除
拿下来的keys已经可以在基于openssh的客户端上用了,如果要给putty用,还需要用putty自带的工具转一下格式
最近又被垃圾服务商折腾了,ftp备份居然不完整,最后决定用rsync做backup,避免一切意外情况- –
呃。。其实有点标题党,不过确实只有3大步骤- –
1.在需要备份的服务器上生成ssh用密钥对:ssh-keygen -t dsa -b 1024 -f /user/keys,密码留空,然后cp /user/keys.pub /user/.ssh/authorized_keys,如果已经有密钥对了跳过此步
2.把上面生成的私钥keys丢到备份服务器上,然后尝试首次同步,为了加速同步,可以先把所有文件搬到备份机,然后增量就很快了:
rsync -avz -e “ssh -i /user/keys” root@remote_server_ip:/remote_path /local_path
3.写入crontab实现自动备份
crontab -e,把这一段丢进去:@daily rsync -avz -e “ssh -i /user/keys” root@remote_server_ip:/remote_path /local_path
如此高压之下,nginx依旧表示蛋定,不得不服气- –
有空了研究下详细的参数,继续优化
测试环境:两个相距5跳的vps,ping下来1.2ms
被测试vps:512M内存,1024M的burst,openvz,跑完3000个测试load接近2
网页是博客首页,已经用w3 total cache静态化
[root@vps ~]#ab -c 100 -n 3000 http://johnliu.info/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking johnliu.info (be patient)
Completed 300 requests
Completed 600 requests
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Finished 3000 requests
Server Software: nginx/0.8.53
Server Hostname: johnliu.info
Server Port: 80
Document Path: /
Document Length: 32170 bytes
Concurrency Level: 100
Time taken for tests: 10.576416 seconds
Complete requests: 3000
Failed requests: 0
Write errors: 0
Total transferred: 97896000 bytes
HTML transferred: 96510000 bytes
Requests per second: 283.65 [#/sec] (mean)
Time per request: 352.547 [ms] (mean)
Time per request: 3.525 [ms] (mean, across all concurrent requests)
Transfer rate: 9039.07 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 60 395.1 7 3012
Processing: 49 268 85.3 268 2438
Waiting: 21 228 75.8 225 2415
Total: 51 328 404.6 275 3981
Percentage of the requests served within a certain time (ms)
50% 275
66% 293
75% 302
80% 308
90% 334
95% 362
98% 783
99% 3273
100% 3981 (longest request)
当时我就震惊了,居然有vps可以在24跳之后
ping -c 10 69.194.193.10
PING 69.194.193.10 (69.194.193.10): 56 data bytes
64 bytes from 69.194.193.10: icmp_seq=0 ttl=39 time=346.678 ms
64 bytes from 69.194.193.10: icmp_seq=1 ttl=39 time=347.852 ms
Request timeout for icmp_seq 2
64 bytes from 69.194.193.10: icmp_seq=3 ttl=39 time=346.919 ms
64 bytes from 69.194.193.10: icmp_seq=4 ttl=39 time=347.288 ms
64 bytes from 69.194.193.10: icmp_seq=5 ttl=39 time=347.643 ms
64 bytes from 69.194.193.10: icmp_seq=6 ttl=39 time=347.530 ms
64 bytes from 69.194.193.10: icmp_seq=7 ttl=39 time=347.325 ms
64 bytes from 69.194.193.10: icmp_seq=8 ttl=39 time=350.973 ms
— 69.194.193.10 ping statistics —
10 packets transmitted, 8 packets received, 20.0% packet loss
round-trip min/avg/max/stddev = 346.678/347.776/350.973/1.259 ms
traceroute 69.194.193.10
traceroute to 69.194.193.10 (69.194.193.10), 64 hops max, 52 byte packets
1 router (192.168.1.1) 2.081 ms 0.780 ms 0.745 ms
2 reverse.gdsz.cncnet.net (220.249.240.1) 159.016 ms 14.006 ms 30.284 ms
3 120.80.199.209 (120.80.199.209) 7.601 ms 8.884 ms 8.398 ms
4 120.80.198.161 (120.80.198.161) 9.629 ms 8.127 ms 9.853 ms
5 120.80.0.177 (120.80.0.177) 14.498 ms 13.422 ms 13.361 ms
6 219.158.19.77 (219.158.19.77) 15.434 ms 13.862 ms 14.777 ms
7 219.158.4.89 (219.158.4.89) 84.508 ms 67.957 ms 67.473 ms
8 219.158.4.162 (219.158.4.162) 68.866 ms 68.720 ms 69.484 ms
9 sl-st20-sj-15-0-1.sprintlink.net (144.223.242.81) 271.461 ms 273.240 ms 277.230 ms
10 sl-st30-sj-0-0-2-0.sprintlink.net (144.232.0.208) 272.401 ms 273.826 ms 277.634 ms
11 sl-st31-sj-0-8-0-0.sprintlink.net (144.232.3.29) 242.735 ms
sl-st31-sj-0-8-2-0.sprintlink.net (144.232.3.30) 225.602 ms
sl-st31-sj-0-12-0-3.sprintlink.net (144.232.3.33) 229.353 ms
12 * sl-xocomm-337432-0.sprintlink.net (144.223.1.2) 375.140 ms 471.434 ms
13 vb2000d1.rar3.sanjose-ca.us.xo.net (207.88.13.98) 408.976 ms 412.283 ms 407.439 ms
14 te-2-0-0.rar3.washington-dc.us.xo.net (207.88.12.70) 439.822 ms 441.770 ms 444.518 ms
15 ae0d0.mcr1.newark-nj.us.xo.net (216.156.0.22) 476.545 ms 473.820 ms 473.274 ms
16 ae1d0.mcr1.nyc-ny.us.xo.net (216.156.1.9) 463.897 ms 464.069 ms 461.836 ms
17 207.239.51.86 (207.239.51.86) 303.557 ms 304.349 ms 305.248 ms
18 edge-09-teb1.us.as19318.net (66.45.224.183) 305.153 ms 305.844 ms 304.002 ms
19 209.250.226.70 (209.250.226.70) 305.978 ms 307.005 ms 306.427 ms
20 66.45.226.114 (66.45.226.114) 306.943 ms 304.059 ms 304.846 ms
21 testipnj.vpscolo.com (69.194.193.10) 304.967 ms 305.429 ms 304.949 ms