Category Archives: Deployment

Windows2008R2的FTP防火墙配置

Posted on by No Comments ↓

最近在Windows2008R2上架设了Windows的FPT服务。

但无论怎样配置防火墙,本地都可以访问,远程只能显示登录框,登录后就卡住不动了。

各种配置入站出站规则。
1、允许了端口
2、允许了服务通过Microsoft FTP Service

还是不行。

最后,增加了一条配置:
允许C:\Windows\System32\svchost.exe通过防火墙,一切正常了。

好吧。。。
虽然这样有风险,但至少管用。

生成xorg.conf文件

Posted on by No Comments ↓

1、生成xorg.conf文件

#如果有必要,停止gdm3
service gdm3 stop
#生成空白文件
Xorg -configure
#移动文件
mv ~/xorg.conf.new /etc/X11/xorg.conf
#修改文件,增加需要的分辨率
#如果有必要,开启gdm3
service gdm3 start

2、xorg.conf.new文件

Section "ServerLayout"
	Identifier     "X.org Configured"
	Screen      0  "Screen0" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
EndSection

Section "Files"
	ModulePath   "/usr/lib/xorg/modules"
	FontPath     "/usr/share/fonts/X11/misc"
	FontPath     "/usr/share/fonts/X11/cyrillic"
	FontPath     "/usr/share/fonts/X11/100dpi/:unscaled"
	FontPath     "/usr/share/fonts/X11/75dpi/:unscaled"
	FontPath     "/usr/share/fonts/X11/Type1"
	FontPath     "/usr/share/fonts/X11/100dpi"
	FontPath     "/usr/share/fonts/X11/75dpi"
	FontPath     "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
	FontPath     "built-ins"
EndSection

Section "Module"
	Load  "record"
	Load  "glx"
	Load  "extmod"
	Load  "dbe"
	Load  "dri"
	Load  "dri2"
EndSection

Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
EndSection

Section "InputDevice"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "auto"
	Option	    "Device" "/dev/input/mice"
	Option	    "ZAxisMapping" "4 5 6 7"
EndSection

Section "Monitor"
	Identifier   "Monitor0"
	VendorName   "Monitor Vendor"
	ModelName    "Monitor Model"
EndSection

Section "Device"
        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
        ### [arg]: arg optional
	Identifier  "Card0"
	Driver      "vboxvideo"
	VendorName  "InnoTek Systemberatung GmbH"
	BoardName   "VirtualBox Graphics Adapter"
	BusID       "PCI:0:2:0"
EndSection

Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	SubSection "Display"
		Viewport   0 0
		Depth     1
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     4
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     8
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     15
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     16
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
	EndSubSection
EndSection

3、新版xorg.conf文件

Section "ServerLayout"
	Identifier     "X.org Configured"
	Screen      0  "Screen0" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
EndSection

Section "Files"
	ModulePath   "/usr/lib/xorg/modules"
	FontPath     "/usr/share/fonts/X11/misc"
	FontPath     "/usr/share/fonts/X11/cyrillic"
	FontPath     "/usr/share/fonts/X11/100dpi/:unscaled"
	FontPath     "/usr/share/fonts/X11/75dpi/:unscaled"
	FontPath     "/usr/share/fonts/X11/Type1"
	FontPath     "/usr/share/fonts/X11/100dpi"
	FontPath     "/usr/share/fonts/X11/75dpi"
	FontPath     "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType"
	FontPath     "built-ins"
EndSection

Section "Module"
	Load  "record"
	Load  "glx"
	Load  "extmod"
	Load  "dbe"
	Load  "dri"
	Load  "dri2"
EndSection

Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
EndSection

Section "InputDevice"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "auto"
	Option	    "Device" "/dev/input/mice"
	Option	    "ZAxisMapping" "4 5 6 7"
EndSection

Section "Monitor"
	Identifier   "Monitor0"
	VendorName   "Monitor Vendor"
	ModelName    "Monitor Model"
EndSection

Section "Device"
        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
        ### [arg]: arg optional
	Identifier  "Card0"
	Driver      "vboxvideo"
	VendorName  "InnoTek Systemberatung GmbH"
	BoardName   "VirtualBox Graphics Adapter"
	BusID       "PCI:0:2:0"
EndSection

Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	SubSection "Display"
		Viewport   0 0
		Depth     1
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     4
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     8
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     15
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     16
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes	"1280x800" "1024x768" "800x600"
	EndSubSection
EndSection

Debian6 Squeeze修改Terminal分辨率

Posted on by No Comments ↓

试了不少方法,要么参数不支持,要不设置了没有用。

好吧,简单暴力一些。

编辑/boot/grub/grub.cfg,在启动参数前,增加两行:

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-amd64' --class debian --class gnu-linux --class gnu --class os {
	#第一行>>>>>>set gfxpayload=1024x768x24
	#第二行>>>>>>load_video
	insmod part_msdos
	insmod ext2
	set root='(hd0,msdos1)'
	search --no-floppy --fs-uuid --set a600ccdc-3768-464b-9b19-29ec051f93e5
	echo	'Loading Linux 2.6.32-5-amd64 ...'
	linux	/boot/vmlinuz-2.6.32-5-amd64 root=UUID=a600ccdc-3768-464b-9b19-29ec051f93e5 ro  quiet text
	echo	'Loading initial ramdisk ...'
	initrd	/boot/initrd.img-2.6.32-5-amd64
}
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os {
	set gfxpayload=1024x768
	insmod part_msdos
	insmod ext2
	set root='(hd0,msdos1)'
	search --no-floppy --fs-uuid --set a600ccdc-3768-464b-9b19-29ec051f93e5
	echo	'Loading Linux 2.6.32-5-amd64 ...'
	linux	/boot/vmlinuz-2.6.32-5-amd64 root=UUID=a600ccdc-3768-464b-9b19-29ec051f93e5 ro single 
	echo	'Loading initial ramdisk ...'
	initrd	/boot/initrd.img-2.6.32-5-amd64
}
### END /etc/grub.d/10_linux ###

修改后为:

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-amd64' --class debian --class gnu-linux --class gnu --class os {
	set gfxpayload=1024x768x24
	load_video
	insmod part_msdos
	insmod ext2
	set root='(hd0,msdos1)'
	search --no-floppy --fs-uuid --set a600ccdc-3768-464b-9b19-29ec051f93e5
	echo	'Loading Linux 2.6.32-5-amd64 ...'
	linux	/boot/vmlinuz-2.6.32-5-amd64 root=UUID=a600ccdc-3768-464b-9b19-29ec051f93e5 ro  quiet text
	echo	'Loading initial ramdisk ...'
	initrd	/boot/initrd.img-2.6.32-5-amd64
}
menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os {
	set gfxpayload=1024x768
	insmod part_msdos
	insmod ext2
	set root='(hd0,msdos1)'
	search --no-floppy --fs-uuid --set a600ccdc-3768-464b-9b19-29ec051f93e5
	echo	'Loading Linux 2.6.32-5-amd64 ...'
	linux	/boot/vmlinuz-2.6.32-5-amd64 root=UUID=a600ccdc-3768-464b-9b19-29ec051f93e5 ro single 
	echo	'Loading initial ramdisk ...'
	initrd	/boot/initrd.img-2.6.32-5-amd64
}
### END /etc/grub.d/10_linux ###

VMWare扩展及压缩虚拟磁盘

Posted on by No Comments ↓

1、扩展虚拟磁盘
1.1A我的xp虚拟机一共只有10G,我需要扩展到20G(要关虚拟机)

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -x 20GB "D:\VirtualMashines\VMware\WinXP\WinXP.vmdk"

1.1BVMWare10以后,可以直接在管理工具中
虚拟机-》设置-》硬盘-》实用工具-》扩展

1.2扩展后,开启虚拟机,自己到磁盘管理器中分配空间即可。

2、压缩WinXP虚拟磁盘(vmware-tools)
2.1管理工具(关闭虚拟机)
虚拟机-》设置-》硬盘-》实用工具-》碎片整理

2.2开启虚拟机
系统托盘图标-》vmware-tools-》压缩

3、压缩WinXP虚拟磁盘(vmware-vdiskmanager)
3.1需要到微软官网下载sdelete工具,然后在虚拟机中运行:

sdelete -z

3.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\WinXP\WinXP.vmdk"

4、压缩Debian虚拟磁盘:
4.1A在虚拟机中运行zerofree命令,需要将分区挂载为只读模式

apt-get install zerofree
umount /etc/home
zerofree /dev/sda6

4.1B在虚拟机中运行dd命令,需要将分区挂载为读写模式

dd if=/dev/zero of=/bigemptyfile
rm bigemptyfile

4.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\Debian8\Debian8.vmdk"

5、压缩FreeBSD虚拟磁盘:
5.1A在虚拟机中运行dd命令,需要将分区挂载为读写模式

dd if=/dev/zero of=bigemptyfile bs=1m
rm bigemptyfile

5.1B在虚拟机中运行dd命令,需要将分区挂载为读写模式(适用于影片空闲空间较小)

cat /dev/zero > bigemptyfile;sync;sleep 1;sync;
rm -f bigemptyfile

5.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\FreeBSD10\Debian8.vmdk"

Tomcat7安装为Windows Service

Posted on by No Comments ↓

Tomcat7采用服务模式运行,主要靠两个EXE和一个BAT文件:
Tomcat7w.exe用于配置、监控服务
Tomcat7.exe用于服务的安装、卸载、更新、运行、停止等
service.bat提供了一些预设的脚本方便大家安装卸载服务

1、Tomcat7w.exe //XX//ServiceName

#服务配置界面
Tomcat7w //ES//ServiceName
#服务监控
Tomcat7w //MS//ServiceName

2、Tomcat7.exe //XX//ServiceName

#命令行运行服务
Tomcat7 //TS//ServiceName
#启动服务
Tomcat7 //RS//ServiceName
#关闭服务
Tomcat7 //SS//ServiceName
#更新服务参数
Tomcat7 //US//ServiceName
#安装服务
Tomcat7 //IS//ServiceName
#删除服务
Tomcat7 //DS//ServiceName

其他可用参数有:

ParameterName Default Description
–Description Service name description (maximum 1024 characters)
–DisplayName ServiceName Service display name
–Install procrun.exe //RS//ServiceName Install image
–Startup manual Service startup mode can be either auto or manual
++DependsOn List of services that this service depend on. Dependent services
are separated using either # or ; characters
++Environment List of environment variables that will be provided to the service
in the form key=value. They are separated using either
# or ; characters. If you need to use either the #
or ; character within a value then the entire value must be
enclosed inside single quotes.
–User User account used for running executable. It is used only for
StartMode java or exe and enables running applications
as service under account without LogonAsService privilege.
–Password Password for user account set by –User parameter
–JavaHome JAVA_HOME Set a different JAVA_HOME than defined by JAVA_HOME environment
variable
–Jvm auto Use either auto (i.e. find the JVM from the Windows registry)
or specify the full path to the jvm.dll.
You can use the environment variable expansion here.
++JvmOptions -Xrs List of options in the form of -D or -X that will be
passed to the JVM. The options are separated using either
# or ; characters. (Not used in exe mode.)
–Classpath Set the Java classpath. (Not used in exe mode.)
–JvmMs Initial memory pool size in MB. (Not used in exe mode.)
–JvmMx Maximum memory pool size in MB. (Not used in exe mode.)
–JvmSs Thread stack size in KB. (Not used in exe mode.)
–StartMode One of jvm, Java or exe. The modes are:

  • jvm – start Java in-process. Depends on jvm.dll, see –Jvm.
  • Java – same as exe, but automatically uses the default Java
    executable, i.e. %JAVA_HOME%\bin\java.exe. Make sure JAVA_HOME is set
    correctly, or use –JavaHome to provide the correct location.
    If neither is set, procrun will try to find the default JDK (not JRE)
    from the Windows registry.
  • exe – run the image as a separate process
–StartImage Executable that will be run. Only applies to exe mode.
–StartPath Working path for the start image executable.
–StartClass Main Class that contains the startup method. Applies to the jvm and
Java modes. (Not used in exe mode.)
–StartMethod main Method name if differs then main
++StartParams List of parameters that will be passed to either StartImage or
StartClass. Parameters are separated using either # or
; character.
–StopMode One of jvm, Java or exe. See –StartMode
for further details.
–StopImage Executable that will be run on Stop service signal. Only applies to
exe mode.
–StopPath Working path for the stop image executable. Does not apply to jvm
mode.
–StopClass Main Class that will be used on Stop service signal. Applies to the
jvm and Java modes.
–StopMethod main Method name if differs then main
++StopParams List of parameters that will be passed to either StopImage or
StopClass. Parameters are separated using either # or
; character.
–StopTimeout No Timeout Defines the timeout in seconds that procrun waits for service to
exit gracefully.
–LogPath %SystemRoot%\System32\LogFiles\Apache Defines the path for logging. Creates the directory if necessary.
–LogPrefix commons-daemon Defines the service log filename prefix. The log file is created in the
LogPath directory with .YEAR-MONTH-DAY.log suffix
–LogLevel Info Defines the logging level and can be either Error,
Info, Warn or Debug. (Case insensitive).
–StdOutput Redirected stdout filename.
If named auto then file is created inside LogPath with the
name service-stdout.YEAR-MONTH-DAY.log.
–StdError Redirected stderr filename.
If named auto then file is created inside LogPath with the
name service-stderr.YEAR-MONTH-DAY.log.
–PidFile Defines the file name for storing the running process id. Actual file is
created in the LogPath directory

3、service.bat安装卸载服务

service.bat install/uninstall/remove ServiceName

4、启动关闭服务

net start ServiceName
net stop ServiceName

MuleESB3发布到Tomcat

Posted on by No Comments ↓

今天把Mule ESB集成到Tomcat时,出现了下面的错误:

Already in lifecycle phase 'start', cannot fire the same phase twice

解决方法:
把MuleESB官方网站建议的:

<listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>

替换为:

<listener-class>org.mule.config.builders.DeployableMuleXmlContextListener</listener-class>

就可以了

自签名证书HTTPS

Posted on by No Comments ↓

1、生成自签名的CA私钥及自签名证书,并导出为der、p12、jks格式

set OPENSSL_CONF=C:\ProgramerTools\OpenSSL-Win64\bin\openssl.cfg

#生成私钥
openssl genrsa 1024 > NMyCA1024.key

#生成自签名证书
openssl req -new -x509 -nodes -key NMyCA1024.key -days 1095 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024" > NMyCA1024.pem

#转der格式,生成trust store
openssl x509 -outform der -in NMyCA1024.pem -out NMyCA1024.crt
keytool -import -trustcacerts -file NMyCA1024.crt -keystore NMyCA1024_trust.jks -storepass 123456

#转p12格式,生成key sotre
openssl pkcs12 -export -out NMyCA1024.p12 -in NMyCA1024.pem -inkey NMyCA1024.key
keytool -importkeystore -srckeystore NMyCA1024.p12 -srcstoretype PKCS12 -deststoretype  JKS -destkeystore NMyCA1024_key.jks

2、生成网站私钥,并生成CA签名的证书,并导出为der、p12、jks格式

#生成私钥
openssl genrsa 1024 > server.key

#从CA请求证书
openssl req -new -key server.key -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=127.0.0.1" > server.csr

#生成CA签名的证书
openssl x509 -req -in server.csr -CA NMyCA1024.pem -CAkey NMyCA1024.key -CAcreateserial -days 365 > serversigned.crt

#生成trust store
keytool -import -trustcacerts -file serversigned.crt -keystore serversigned_trust.jks -storepass 123456

#转p12格式,生成key sotre
openssl pkcs12 -export -out serversigned.p12 -in serversigned.crt -inkey server.key
keytool -importkeystore -srckeystore serversigned.p12 -srcstoretype PKCS12 -deststoretype  JKS -destkeystore serversigned_key.jks

3、在server端使用serversigned.p12或serversigned_key.jks

4、在浏览器端,导入NMyCA1024.crt为CA根证书,浏览器就可以正常打开HTTPS网站了

5、如果是要用Java Client端进行认证,则需要将CA证书导入到对应JDK或JRE的CA列表中,用serversigned_trust.jks就可以正常访问了

keytool -import -trustcacerts -file NMyCA1024.crt -alias NMyCA1024 -keystore %JRE_HOME%\lib\security\cacerts -storepass changeit