Share/kejilion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Init

Browse Source
This commit is contained in:
eddy
2025-11-07 10:56:56 +08:00
commit 9b79ff6203
31 changed files with 16368 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
CF-Under-Attack.sh Normal file
View File

@@ -0,0 +1,67 @@
#!/bin/bash
# 设置变量
EMAIL="AAAA"
API_KEY="BBBB"
ZONE_ID="CCCC"
LOAD_THRESHOLD=5.0 # 设置高负载阈值
TELEGRAM_BOT_TOKEN="输入TG机器人API"
CHAT_ID="输入TG用户ID"
# 获取当前系统负载
CURRENT_LOAD=$(uptime | awk -F'load average:' '{ print $2 }' | cut -d, -f1 | awk '{print $1}')
echo "当前系统负载: $CURRENT_LOAD"
send_tg_notification() {
local MESSAGE=$1
curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID" -d "text=$MESSAGE"
}
# 获取当前的“Under Attack”模式状态
STATUS=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/settings/security_level" \
-H "X-Auth-Email: $EMAIL" \
-H "X-Auth-Key: $API_KEY" \
-H "Content-Type: application/json" | jq -r '.result.value')
echo "当前的Under Attack模式状态: $STATUS"
# 检查系统负载是否高于阈值
if (( $(echo "$CURRENT_LOAD > $LOAD_THRESHOLD" | bc -l) )); then
if [ "$STATUS" != "under_attack" ]; then
echo "系统负载高于阈值开启Under Attack模式"
# send_tg_notification "系统负载高于阈值开启Under Attack模式"
NEW_STATUS="under_attack"
else
echo "系统负载高但Under Attack模式已经开启"
exit 0
fi
else
if [ "$STATUS" == "under_attack" ]; then
echo "系统负载低于阈值关闭Under Attack模式"
# send_tg_notification "系统负载低于阈值关闭Under Attack模式"
NEW_STATUS="high"
else
echo "系统负载低Under Attack模式已经关闭"
exit 0
fi
fi
# 更新“Under Attack”模式状态
RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/settings/security_level" \
-H "X-Auth-Email: $EMAIL" \
-H "X-Auth-Key: $API_KEY" \
-H "Content-Type: application/json" \
--data "{\"value\":\"$NEW_STATUS\"}")
if [[ $(echo $RESPONSE | jq -r '.success') == "true" ]]; then
echo "成功更新Under Attack模式状态为: $NEW_STATUS"
else
echo "更新Under Attack模式状态失败"
echo "响应: $RESPONSE"
fi

32
Limiting_Shut_down.sh Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
# 获取总的接收和发送流量
output=$(awk 'BEGIN { rx_total = 0; tx_total = 0 }
NR > 2 { rx_total += $2; tx_total += $10 }
END {
printf("%.0f Bytes %.0f Bytes", rx_total, tx_total);
}' /proc/net/dev)
# 获取接收和发送的流量数据
rx=$(echo "$output" | awk '{print $1}')
tx=$(echo "$output" | awk '{print $3}')
# 显示当前流量使用情况
echo "当前接收流量: $rx"
echo "当前发送流量: $tx"
threshold_gb=110
# 将GB转换为字节
threshold=$((threshold_gb * 1024 * 1024 * 1024))
# 检查是否达到流量阈值
if (( $rx > $threshold || $tx > $threshold )); then
echo "流量达到${threshold},正在关闭服务器..."
# 在此处执行关闭服务器的命令,例如:
shutdown -h now
# 或者
# systemctl poweroff
else
echo "当前流量未达到${threshold},继续监视..."
fi

32
PandoraNext/config.json Normal file
View File

@@ -0,0 +1,32 @@
{
"bind": "0.0.0.0:8181",
"tls": {
"enabled": false,
"cert_file": "",
"key_file": ""
},
"timeout": 600,
"proxy_url": "",
"license_id": "github",
"public_share": false,
"site_password": "",
"setup_password": "webgptpasswd",
"server_tokens": true,
"proxy_api_prefix": "",
"isolated_conv_title": "*",
"disable_signup": false,
"auto_conv_arkose": false,
"proxy_file_service": false,
"custom_doh_host": "",
"captcha": {
"provider": "",
"site_key": "",
"site_secret": "",
"site_login": false,
"setup_login": false,
"oai_username": false,
"oai_password": false,
"oai_signup": false
},
"whitelist": null
}

17
PandoraNext/tokens.json Normal file
View File

@@ -0,0 +1,17 @@
{
"test-1": {
"token": "access token / session token / refresh token",
"shared": true,
"show_user_info": false
},
"test-2": {
"token": "access token / session token / refresh token",
"shared": true,
"show_user_info": true,
"plus": true
},
"test2": {
"token": "access token / session token / refresh token / share token / username & password",
"password": "12345"
}
}

37
README.md Normal file
View File

@@ -0,0 +1,37 @@
# 科技lion一键脚本工具
## 介绍
科技Lion 的 Shell 脚本工具是一款全能脚本工具箱,专为 VPS 监控、测试和管理而设计。无论您是初学者还是经验丰富的用户,该工具都能为您提供便捷的解决方案。集成了独创的 Docker 管理功能让您轻松管理容器化应用LNMP建站解决方案 能帮助您快速搭建网站,站点优化,防御,备份还原迁移一应俱全;并且整合了各类系统工具面板的安装及使用,使系统维护变得更加简单。我们的目标是成为全网最优秀的 VPS 一键脚本工具,为用户提供高效、便捷的科技支持。
[视频介绍](https://www.youtube.com/watch?v=0o7oH3Dit70&t=211s)
***
### 科技lion一键脚本工具 的支持列表:
>Debian
>Ubuntu
>Cent OS
***
## 使用方法
### Debian / Ubuntu 安装下载工具
```bash
apt update -y && apt install -y curl
```
### CentOS 安装下载工具
```bash
apt update -y && apt install -y curl
```
***
### 一键脚本
```bash
curl -sS -O https://kejilion.pro/kejilion.sh && chmod +x kejilion.sh && ./kejilion.sh
```
or
```bash
curl -sS -O https://raw.githubusercontent.com/kejilion/sh/main/kejilion.sh && chmod +x kejilion.sh && ./kejilion.sh
```
***
### 觉得脚本还可以USTD TRC20打赏
![Snipaste_2024-01-17_18-01-52](https://github.com/kejilion/sh/assets/131984541/98cf2762-1bfb-4c33-af10-af0eda29fc20)

29
TG-SSH-check-notify.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# 获取登录信息
country=$(curl -s ipinfo.io/$public_ip/country)
isp_info=$(curl -s ipinfo.io/org | sed -e 's/\"//g' | awk -F' ' '{print $2}')
ipv4_address=$(curl -s ipv4.ip.sb)
masked_ip=$(echo $ipv4_address | awk -F'.' '{print "*."$3"."$4}')
IP=$(echo $SSH_CONNECTION | awk '{print $1}')
TIME=$(date +"%Y年%m月%d日 %H:%M:%S")
# 查询IP地址对应的地区信息
#LOCATION=$(curl -s https://ipapi.co/$IP/json/ | jq -r '.city')
LOCATION=$(curl -s "http://opendata.baidu.com/api.php?query=$IP&co=&resource_id=6006&oe=utf8&format=json" | jq -r '.data[0].location')
# 获取当前用户名
USERNAME=$(whoami)
# 发送Telegram消息
MESSAGE=" 登录信息:
登录机器:${isp_info}-${country}-${masked_ip}
登录名:$USERNAME
登录IP$IP
登录时间:$TIME
登录地区:$LOCATION"
curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID&text=$MESSAGE" > /dev/null 2>&1

100
TG-check-notify.sh Normal file
View File

@@ -0,0 +1,100 @@
#!/bin/bash
# 你需要配置Telegram Bot Token和Chat ID
TELEGRAM_BOT_TOKEN="输入TG的机器人API"
CHAT_ID="输入TG的接收通知的账号ID"
# 你可以修改监控阈值设置
CPU_THRESHOLD=70
MEMORY_THRESHOLD=70
DISK_THRESHOLD=70
NETWORK_THRESHOLD_GB=1000
# 获取设备信息的变量
country=$(curl -s ipinfo.io/$public_ip/country)
isp_info=$(curl -s ipinfo.io/org | sed -e 's/\"//g' | awk -F' ' '{print $2}')
ipv4_address=$(curl -s ipv4.ip.sb)
masked_ip=$(echo $ipv4_address | awk -F'.' '{print "*."$3"."$4}')
# 发送Telegram通知的函数
send_tg_notification() {
local MESSAGE=$1
curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID" -d "text=$MESSAGE"
}
# 获取CPU使用率
get_cpu_usage() {
awk '{u=$2+$4; t=$2+$4+$5; if (NR==1){u1=u; t1=t;} else printf "%.0f\n", (($2+$4-u1) * 100 / (t-t1))}' \
<(grep 'cpu ' /proc/stat) <(sleep 1; grep 'cpu ' /proc/stat)
}
# 获取内存使用率
get_memory_usage() {
free | awk '/Mem/ {printf("%.0f"), $3/$2 * 100}'
}
# 获取硬盘使用率
get_disk_usage() {
df / | awk 'NR==2 {print $5}' | sed 's/%//'
}
# 获取总的接收流量(字节数)
get_rx_bytes() {
awk 'BEGIN { rx_total = 0 }
NR > 2 { rx_total += $2 }
END {
printf("%.2f", rx_total / (1024 * 1024 * 1024));
}' /proc/net/dev
}
# 获取总的发送流量(字节数)
get_tx_bytes() {
awk 'BEGIN { tx_total = 0 }
NR > 2 { tx_total += $10 }
END {
printf("%.2f", tx_total / (1024 * 1024 * 1024));
}' /proc/net/dev
}
# 检查并发送通知
check_and_notify() {
local USAGE=$1
local TYPE=$2
local THRESHOLD=$3
local CURRENT_VALUE=$4
if (( $(echo "$USAGE > $THRESHOLD" | bc -l) )); then
send_tg_notification "警告: ${isp_info}-${country}-${masked_ip}$TYPE 使用率已达到 $USAGE%,超过阈值 $THRESHOLD%。"
fi
}
# 主循环
while true; do
CPU_USAGE=$(get_cpu_usage)
MEMORY_USAGE=$(get_memory_usage)
DISK_USAGE=$(get_disk_usage)
RX_GB=$(get_rx_bytes)
TX_GB=$(get_tx_bytes)
check_and_notify $CPU_USAGE "CPU" $CPU_THRESHOLD $CPU_USAGE
check_and_notify $MEMORY_USAGE "内存" $MEMORY_THRESHOLD $MEMORY_USAGE
check_and_notify $DISK_USAGE "硬盘" $DISK_THRESHOLD $DISK_USAGE
# 检查入站流量是否超过阈值
if (( $(echo "$RX_GB > $NETWORK_THRESHOLD_GB" | bc -l) )); then
send_tg_notification "警告: ${isp_info}-${country}-${masked_ip} 的入站流量已达到 ${RX_GB}GB超过阈值 ${NETWORK_THRESHOLD_GB}GB。"
fi
# 检查出站流量是否超过阈值
if (( $(echo "$TX_GB > $NETWORK_THRESHOLD_GB" | bc -l) )); then
send_tg_notification "警告: ${isp_info}-${country}-${masked_ip} 的出站流量已达到 ${TX_GB}GB超过阈值 ${NETWORK_THRESHOLD_GB}GB。"
fi
# 休眠5分钟
sleep 300
done

30
archive.key Normal file
View File

@@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQENBFhxW04BCAC61HuxBVf1XJiQjXu/DSAtVcnuK38geDoDjcqFtHskFy32NgJG
X118EFNym6noF+oibaSftI9yjHthWvMnYZ/+DPwd7YZhbAjBvxMIQCsP6cFVxrgc
VV8g+uh4TCfbpalDBFoncRhQCgkmDN9Vd4kIWRh6BHJuzpKB/h2KxUHZVEKgWlK2
dR1xUtbrc+kp8gLwPbxTgC3tZ4x2uMMMlnbyCMSRa5oJ/AvoW4W1XphKL9ivsFHM
PSQkUBDvgv2RPw+0XBxPy8SYE0r0onx0ZIpjJRTODt3bSV6/0owwlpNogV9bT8HY
kl3+w3mTwax6S1akHZuJtLkZS0uUBz1BHt5bABEBAAG0IVhhbk1vZCBLZXJuZWwg
PGtlcm5lbEB4YW5tb2Qub3JnPokBNwQTAQgAIQUCWHFbTgIbAwULCQgHAgYVCAkK
CwIEFgIDAQIeAQIXgAAKCRCG99Ce5zTmIwTmB/9/S4rmwU6efDgEaBDwBDbOfLBA
P2+kDpabjG4K+V4NSvDqlPN49KrI7C21jHghAa2VuTPbSZVQ9ziUd5DjX9OuXov8
CYVG+rrlG1UadHS8SBpgw0gNylEvo9/U6u0hl8mrbVOlpzu+eE+e4cMTHax2y580
fC2xmnM8wKgyRFEyVc6ilWU+UNTAeUFlg0YfU3cV1Ut4DzVFfamtNYg0p7Q/9MSy
VgFpt5C2U5prk4wi++51OgrtaNhMrUhzYXLINWVF6IrXhQ+mkI/FWXUZ0oyVo55v
+dQzuds/gos90q+tKyE514pYAmwQSftSjf+RmHOMpPQyMZZKSywrz4vlfveDuQEN
BFhxW04BCACs5bXq73MDb2+AsvNL2XkkbnzmE4K3k0gejB9OxrO+puAZn3wWyYIk
b0Op8qVUh+/FIiW/uFfmdFD8BypC3YkCNfg6e74f5TT3qQciccpMGy62teo3jfhT
T8E1OL1i76ALq7eNbByJKiKLBrTUDM6BDIeRZBWXQMase4+aqUAP47Kd/ByPsmCh
/pzb6yPdDPKwkspELssdPXYI7enddjQsCPoBko0j8CTPgKqMTeCuKMXCtD2gtRBN
eoVj4cbjZoZvBh8oJktzbYA8FX8eKdxIXhSP9MoVOPSWhxIQdwzkzUPK+0vUV8jA
NBTnGOkrRJPOHGPJWFWnTUGrzvcwi7czABEBAAGJAR8EGAEIAAkFAlhxW04CGwwA
CgkQhvfQnuc05iMIswgAmzSpCHFGKdkFLdC673FidJcL8adKFTO5Mpyholc5N8vG
ROJbpso+DpssF14NKoBfBWqPRgHxYzHakxHiNf0R2+EEwXH3rblzpx3PXzB0OgNe
T9T0UStrGgc9nZ8nZVURHZZ2z5zakEWS+rB2TiSxz3YArR3wiTHQW49G09uZvfp6
5Mim2w+eUxbQ689eT0DlDI1d2eDP/j5lrv1elsg3kBE2Awzdvi8DdGUpMFrSsYJw
WS85uZrwbeAs/nPO62wNIvAbbRsWnDg3AV3vc02eRvy52tTBY1W/67N02M4AxgPd
ukDDFZMifwa03yTHD/a57O4dFOnzsEVojBnbzQ7W7w==
=HKlF
-----END PGP PUBLIC KEY BLOCK-----

66
auto_cert_renewal-1.sh Normal file
View File

@@ -0,0 +1,66 @@
# 定义证书存储目录
certs_directory="/etc/letsencrypt/live/"
days_before_expiry=5 # 设置在证书到期前几天触发续签
# 遍历所有证书文件
for cert_dir in $certs_directory*; do
# 获取域名
domain=$(basename "$cert_dir")
# 忽略 README 目录
if [ "$domain" = "README" ]; then
continue
fi
# 输出正在检查的证书信息
echo "检查证书过期日期: ${domain}"
# 获取fullchain.pem文件路径
cert_file="${cert_dir}/fullchain.pem"
# 获取证书过期日期
expiration_date=$(openssl x509 -enddate -noout -in "${cert_file}" | cut -d "=" -f 2-)
# 输出证书过期日期
echo "过期日期: ${expiration_date}"
# 将日期转换为时间戳
expiration_timestamp=$(date -d "${expiration_date}" +%s)
current_timestamp=$(date +%s)
# 计算距离过期还有几天
days_until_expiry=$(( ($expiration_timestamp - $current_timestamp) / 86400 ))
# 检查是否需要续签(在满足续签条件的情况下)
if [ $days_until_expiry -le $days_before_expiry ]; then
echo "证书将在${days_before_expiry}天内过期,正在进行自动续签。"
# 停止 Nginx
docker stop nginx
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -F
# 续签证书
certbot certonly --standalone -d $domain --email your@email.com --agree-tos --no-eff-email --force-renewal
# 启动 Nginx
docker start nginx
echo "证书已成功续签。"
else
# 若未满足续签条件,则输出证书仍然有效
echo "证书仍然有效,距离过期还有 ${days_until_expiry} 天。"
fi
# 输出分隔线
echo "--------------------------"
done

62
auto_cert_renewal.sh Normal file
View File

@@ -0,0 +1,62 @@
# 定义证书存储目录
certs_directory="/home/web/certs/"
days_before_expiry=5 # 设置在证书到期前几天触发续签
# 遍历所有证书文件
for cert_file in $certs_directory*_cert.pem; do
# 获取域名
domain=$(basename "$cert_file" "_cert.pem")
# 输出正在检查的证书信息
echo "检查证书过期日期: ${domain}"
# 获取证书过期日期
expiration_date=$(openssl x509 -enddate -noout -in "${certs_directory}${domain}_cert.pem" | cut -d "=" -f 2-)
# 输出证书过期日期
echo "过期日期: ${expiration_date}"
# 将日期转换为时间戳
expiration_timestamp=$(date -d "${expiration_date}" +%s)
current_timestamp=$(date +%s)
# 计算距离过期还有几天
days_until_expiry=$(( ($expiration_timestamp - $current_timestamp) / 86400 ))
# 检查是否需要续签(在满足续签条件的情况下)
if [ $days_until_expiry -le $days_before_expiry ]; then
echo "证书将在${days_before_expiry}天内过期,正在进行自动续签。"
# 停止 Nginx
docker stop nginx
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -F
# 续签证书
# certbot certonly --standalone -d $domain --email your@email.com --agree-tos --no-eff-email --force-renewal
certbot certonly --standalone -d $domain --email your@email.com --agree-tos --no-eff-email --force-renewal --key-type ecdsa
# 复制续签后的证书和私钥
cp /etc/letsencrypt/live/$domain/fullchain.pem ${certs_directory}${domain}_cert.pem
cp /etc/letsencrypt/live/$domain/privkey.pem ${certs_directory}${domain}_key.pem
# 启动 Nginx
docker start nginx
echo "证书已成功续签。"
else
# 若未满足续签条件,则输出证书仍然有效
echo "证书仍然有效,距离过期还有 ${days_until_expiry} 天。"
fi
# 输出分隔线
echo "--------------------------"
done

10
beifen.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
# Create a tar archive of the web directory
cd /home/ && tar czvf web_$(date +"%Y%m%d%H%M%S").tar.gz web
# Transfer the tar archive to another VPS
cd /home/ && ls -t /home/*.tar.gz | head -1 | xargs -I {} sshpass -p 123456 scp -o StrictHostKeyChecking=no -P 22 {} root@0.0.0.0:/home/
# Keep only 5 tar archives and delete the rest
cd /home/ && ls -t /home/*.tar.gz | tail -n +4 | xargs -I {} rm {}

11
check_x86-64_psabi.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/awk -f
BEGIN {
while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1
if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1
if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2
if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3
if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4
if (level > 0) { print "CPU supports x86-64-v" level; exit level + 1 }
exit 1
}

54
client_config Normal file
View File

@@ -0,0 +1,54 @@
#在oci=begin和oci=end之间放入你的API配置信息 支持多个配置文件 机器人切换profile可更换操作配置
oci=begin
[DEFAULT]
user=ocid1.user.oc1..aaaaaaaaxxxxgwlg3xuzwgsaazxtzbozqq
fingerprint=b8:33:6f:xxxx:45:43:33
tenancy=ocid1.tenancy.oc1..aaaaaaaaxxx7x7h4ya
region=ap-singapore-1
key_file=写你的API密钥文件路径
[DEFAULT2]
user=ocid1.user.oc1..aaaaaaaaxxxxgwlg3xuzwgsaazxtzbozqq
fingerprint=b8:33:6f:xxxx:45:43:33
tenancy=ocid1.tenancy.oc1..aaaaaaaaxxx7x7h4ya
region=ap-singapore-1
key_file=写你的API密钥文件路径
oci=end
#用户信息 从 https://t.me/radiance_helper_bot 配置(bot可使用/raninfo命令随机生成)
#必传
username=
#必传
password=
#cloudflare 功能参数 非必传
#非必传 cloudflare邮箱
cf_email=
#非必传 cloudflare key 在我的个人资料->API令牌处->API密钥->Global API Key 获取
cf_account_key=
#非必填 本机ip和端口号 (进阶玩家选项 可填写域名) 不写将自动获取本机ip 并使用默认端口号9527 (小白用户建议不填) 如填写 格式为:https://xxx.xx:9527
local_address=
#非必填 url名称(默认为address 可在bot上修改)
local_url_name=
#非必填 启动模式 填写local为启动本地无公网IP模式(只要能联网即可) 不填或填其他 则启动端口模式
model=
#在azure=begin和azure=end之间放入你的azure的API配置信息 支持多个配置文件 机器人切换profile可更换操作配置 上传配置支持使用原格式({"appId":"xxx","password":"xxx"...})上传
azure=begin
[az001]
appId=551xxxx7-xxxx-xxxx-xxxx-b9xxxx60cc65
password=T618Q~.LIy_xxxxx~jm~xxxxxx
tenant=xxxx3713-xxxx-4cb5-xxxx-3001060xxxxx
azure=end

88
cloudflare.conf Normal file
View File

@@ -0,0 +1,88 @@
#
# Author: Mike Rushton
#
# IMPORTANT
#
# Please set jail.local's permission to 640 because it contains your CF API key.
#
# This action depends on curl (and optionally jq).
# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
#
# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account
#
# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2
[Definition]
# Option: actionstart
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
# API v1
#actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
# API v4
actionban = curl -s -o /dev/null -X POST <_cf_api_prms> \
-d '{"mode":"block","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"Fail2Ban <name>"}' \
<_cf_api_url>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
# API v1
#actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
# API v4
actionunban = id=$(curl -s -X GET <_cf_api_prms> \
"<_cf_api_url>?mode=block&configuration_target=<cftarget>&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%%20<name>" \
| { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })
if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found"; exit 0; fi;
curl -s -o /dev/null -X DELETE <_cf_api_prms> "<_cf_api_url>/$id"
_cf_api_url = https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
_cf_api_prms = -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' -H 'Content-Type: application/json'
[Init]
# If you like to use this action with mailing whois lines, you could use the composite action
# action_cf_mwl predefined in jail.conf, just define in your jail:
#
# action = %(action_cf_mwl)s
# # Your CF account e-mail
# cfemail =
# # Your CF API Key
# cfapikey =
cftoken = APIKEY00000
cfuser = kejilion@outlook.com
cftarget = ip
[Init?family=inet6]
cftarget = ip6

6499
cn/kejilion.sh Normal file
View File

File diff suppressed because it is too large Load Diff

0
custom_mysql_config-1.cnf Normal file
View File

36
custom_mysql_config.cnf Normal file
View File

@@ -0,0 +1,36 @@
[mysqld]
# 连接和线程管理
max_connections = 2048
thread_cache_size = 512
interactive_timeout = 30
wait_timeout = 30
# InnoDB设置
innodb_buffer_pool_size = 2048M
innodb_buffer_pool_instances = 2
innodb_log_buffer_size = 16M
innodb_log_file_size = 64M
innodb_lock_wait_timeout = 30
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 1
innodb_io_capacity = 1000
innodb_io_capacity_max = 2000
# 缓存和限制
table_open_cache = 2000
open_files_limit = 4000
tmp_table_size = 16M
max_heap_table_size = 16M
max_allowed_packet = 16M
# 缓冲区大小
sort_buffer_size = 4M
read_buffer_size = 2M
join_buffer_size = 2M
# --------------------------

5
fail2ban-nginx-cc.conf Normal file
View File

@@ -0,0 +1,5 @@
[Definition]
# failregex = ^<HOST> .* "(GET|POST|HEAD).*HTTP.*" (404|503) .*$
# failregex = ^<HOST> .* "(GET|POST|HEAD).*HTTP.*" (404|503|444) .*
failregex = ^<HOST> .* "(GET|POST|HEAD).*HTTP.*" ([45]\d\d) .*
ignoreregex =.*(robots.txt|favicon.ico|jpg|png)

6534
kejilion.sh Normal file
View File

File diff suppressed because it is too large Load Diff

511
kejilion_sh_log.txt Normal file
View File

@@ -0,0 +1,511 @@
脚本更新日志
------------------------
2023-8-13 v1.0.3
1.甲骨文云的DD脚本添加了Ubuntu 20.04的重装选项。
2.LDNMP建站开放了苹果CMS网站的搭建功能.
3.系统信息查询,增加了内核版本显示,美化了界面。
4.甲骨文脚本中添加了开启ROOT登录的选项。
------------------------
2023-8-13 v1.0.4
1.LDNMP建站开放了独角数卡网站的搭建功能.
2.LDNMP建站优化了备份全站到远端服务器的稳定性.
3.Docker管理全局状态信息添加了所有docker卷的显示.
------------------------
2023-8-14 v1.1
Docker管理器全面升级体验前所未有
-加入了docker容器管理面板
-加入了docker镜像管理面板
-加入了docker网络管理面板
-加入了docker卷管理面板
-删除docker时追加确认信息拒绝误操作
------------------------
2023-8-14 v1.2
1.新增了11选项加入了常用面板工具合集
-支持安装各种面板,包括: 宝塔宝塔国际版1panelNginx Proxy Manager等等满足更多人群的使用需求
2.优化了菜单效果
------------------------
2023-8-14 v1.3
新增了12选项我的工作区功能
-将为你提供5个后台运行的工作区用来执行后台任务。即使你断开SSH也不会中断
-非常有意思的功能,快去试试吧!
------------------------
2023-8-14 v1.3.2
新增了13选项系统工具
科技lion一键脚本可以通过设置快捷键唤醒打开了我设置的k作为脚本打开的快捷键无需复制长命令了
加入了ROOT密码修改切换成ROOT登录模式
系统设置中还有很多功能没开发,敬请期待!
------------------------
2023-8-15 v1.4
全面适配Centos系统实现UbuntuDebianCentos三大主流系统的适配
优化LDNMP中PHP输入数据最大时间解决WordPress网站导入部分主题失败的问题
------------------------
2023-8-15 v1.4.1
选项13系统工具中加入了安装Python最新版的选项感谢群友春风得意马蹄疾的投稿很好用
------------------------
2023-8-15 v1.4.2
docker管理中增加容器日志查看
选项13系统工具中加入了留言板的选项可以留下你的宝贵意见也可以在这里聊天贼好玩
------------------------
2023-8-15 v1.4.5
优化了信息查询运行效率
信息查询新增了地理位置显示
优化了脚本内系统判断机制!
------------------------
2023-8-16 v1.4.6
LDNMP建站中加入了删除站点删除数据库功能
------------------------
2023-8-16 v1.4.7
选项11中增加了一键搭建alist多存储文件列表工具的
选项11中增加了一键搭建网页版乌班图远程桌面
选项13中增加了开放所有端口功能
------------------------
2023-8-16 v1.4.8
系统信息查询中,终于可以显示总流量消耗了!总接收和总发送两个信息
------------------------
2023-8-17 v1.4.9
系统工具中新增SSH端口修改功能
系统工具中新增优化DNS地址功能
------------------------
2023-8-18 v1.5
系统性优化了代码,去除了无效的代码与空格
系统信息查询添加了系统时间
禁用ROOT账户创建新的账户更安全
------------------------
2023-8-18 v1.5.1
LDNMP加入了安装bingchatAI聊天网站
面板工具中添加了哪吒探针脚本整合
------------------------
2023-8-18 v1.5.2
LDNMP加入了更新LDNMP选项
------------------------
2023-8-19 v1.5.3
面板工具添加安装QB离线BT磁力下载面板
优化IP获取源
------------------------
2023-8-20 v1.5.4
面板工具已安装的工具支持状态检测,可以进行删除了!
------------------------
2023-8-21 v1.5.5
系统工具中添加优先ipv4/ipv6选项
系统工具中添加查看端口占用状态选项
------------------------
2023-8-21 v1.5.6
LDNMP建站添加了定时自动远程备份功能
------------------------
2023-8-22 v1.5.7
面板工具增加了邮件服务器搭建请确保服务器的25.80.443开放
------------------------
2023-8-23 v1.5.8
面板工具增加了聊天系统搭建
------------------------
2023-8-24 v1.5.9
面板工具增加了禅道项目管理软件搭建
------------------------
2023-8-24 v1.6
面板工具增加了青龙面板搭建
调整了面板工具列表的排版显示效果
------------------------
2023-8-27 v1.6.1
LDNMP大幅优化安装体验添加安装进度条和百分比显示太刁了
------------------------
2023-8-28 v1.6.2
docker管理可以显示容器所属网络并且可以加入网络和退出网络了
------------------------
2023-8-28 v1.6.3
系统工具中增加修改虚拟内存大小的选项
系统信息查询中显示虚拟内存占用
------------------------
2023-8-29 v1.6.4
面板工具加入cloudreve网盘的搭建
面板工具加入简单图床程序搭建
------------------------
2023-8-29 v1.6.5
LDNMP加入了高逼格的flarum论坛搭建
面板工具加入简单图床程序搭建
------------------------
2023-9-1 v1.6.6
LDNMP环境安装时用户密码将随机生成提升安全性安装环境更简单
LDNMP环境安装时如果安装过docker将自动跳过节省安装时间
LDNMP环境更新WordPress到6.3.1版本
------------------------
2023-9-1 v1.6.7
添加了账户管理功能,查看当前账户列表,添加删除账户,账号权限管理等
------------------------
2023-9-4 v1.6.8
独角数卡登录时报错,显示解决办法
------------------------
2023-9-6 v1.6.9
系统工具中添加随机用户密码生成器,方便懒得想用户名和密码的小伙伴
优化了所有搭建网站与面板后的信息复制体验
------------------------
2023-9-11 v1.7
面板工具中添加emby多媒体管理系统的搭建
------------------------
2023-9-15 v1.7.1
LDNMP建站中可以搭建Bitwarden密码管理平台了
------------------------
2023-9-18 v1.7.2
LDNMP建站将站点信息查询和站点管理合并
LDNMP站点管理中添加证书重新申请和站点更换域名的功能
------------------------
2023-9-25 v1.8
LDNMP建站增加了服务器与网站防护功能防御暴力破解防御网站被攻击
------------------------
2023-9-28 v1.8.2
LDNMP建站优化了运行速度和安全性增加了频率限制
LDNMP建站优化了防御程序的高可用性
------------------------
2023-10-3 v1.8.3
系统工具增加系统时区切换功能
------------------------
2023-10-7 v1.8.4
LDNMP建站添加halo博客网站搭建
------------------------
2023-10-12 v1.8.5
LDNMP建站添加优化LDNMP环境选项可以开启高性能模式大幅提升网站性能应对高并发
------------------------
2023-10-14 v1.8.6
面板工具增加了测速流量监控面板的安装
------------------------
2023-10-16 v1.8.7
系统工具中添加开启BBR3加速功能
------------------------
2023-10-18 v1.8.8
系统工具中优化BBR3加速安装流程可根据CPU型号自行安装适合的内核版本
------------------------
2023-10-19 v1.8.9
系统工具中BBRv3功能增加了更新内核和卸载内核功能
------------------------
2023-10-21 v1.9
开放端口相关优化
解决部分系统SSH端口切换后重启失联的问题
------------------------
2023-10-26 v1.9.1
LNMP建站管理中添加了站点缓存清理功能
面板工具中卸载对应应用时添加了应用目录一并删除,删除更彻底!
------------------------
2023-10-28 v1.9.2
系统工具中修复了虚拟内存大小重启后还原的问题
------------------------
2023-11-07 v1.9.3
面板工具中增加AdGuardHome去广告软件安装和管理
------------------------
2023-11-08 v1.9.4
系统工具添加了防火墙高级管理功能可以开关端口可以IP黑白名单
未来会上线地域黑白名单等高级功能
------------------------
2023-11-09 v1.9.5
系统工具中防火墙添加udp控制
------------------------
2023-11-10 v1.9.6
测试脚本合集增加了缝合怪一条龙测试
系统信息查询中添加了系统运行时长显示
------------------------
2023-11-10 v1.9.7
LDNMP建站增加typecho轻量博客的搭建
------------------------
2023-11-16 v1.9.8
面板工具中增加了在线office办公软件安装
------------------------
2023-11-21 v1.9.9
面板工具中增加了雷池WAF防火墙程序安装
------------------------
2023-11-28 v2.0
LDNMP建站中增加仅安装nginx的选项专门服务于站点重定向和站点反向代理
精简无用的代码,优化执行效率
------------------------
2023-11-29 v2.0.1
LDNMP建站改用cerbot申请证书更稳定更快速。弃用acme
------------------------
2023-11-30 v2.0.2
面板工具修复QB无法登录问题
面板工具修复RocketChat进入后无限加载问题
系统工具中添加修改主机名功能
系统工具中添加服务器重启功能
------------------------
2023-12-04 v2.0.3
LDNMP建站过程中增加了nginx自我检测修复功能
系统工具添加更新源切换功能,请先在测试环境使用
LDNMP建站增加自定义上传静态html界面功能
------------------------
2023-12-05 v2.0.4
LDNMP建站中仅安装nginx功能添加安装成功提示更优雅直观
LDNMP建站中仅安装nginx功能支持自动更新nginx版本
优化代码细节,定义调用函数,脚本执行更简洁,提升效率
------------------------
2023-12-07 v2.0.5
LDNMP在站点数据管理中增加查看站点分析报告功能可以对网站流量进行监控与分析
主菜单添加手动更新脚本功能
------------------------
2023-12-08 v2.0.6
主菜单中更新日志和脚本更新合并,更新时可以看到更新日志,更直觉
面板工具中新增了docker管理面板portainer的安装
面板工具中新增了VScode网页版的安装
------------------------
2023-12-15 v2.0.7
系统工具中添加了定时任务的管理功能
------------------------
2023-12-16 v2.0.8
大量安装软件的代码整合更简单快速安装各类软件包
优化选项4中的常用工具安装及使用体验已安装可以提示使用方法
选项4中新增多款实用工具如btop现代化监控工具安装即用q退出
------------------------
2023-12-18 v2.0.9
优化安装代码,全局调用,安装智能检测,安装软件更快
------------------------
2023-12-19 v2.1
选项4中,新增自定义安装卸载指定的工具
优化了清理逻辑,清理系统更快更干净
优化了卸载软件包的逻辑,根据系统执行卸载,更智能
优化主菜单到二级菜单的交互,二级菜单更沉浸,二级菜单箭头引导调整
------------------------
2023-12-20 v2.1.1
史诗级代码精简屎山大扫除脚本运行更快速脚本大小缩减20%
LDNMP安装环境时增加端口检测功能端口被占用会无法安装
面板工具中添加Uptime Kuma监控工具的安装
面板工具中添加Memos网页备忘录的安装
------------------------
2023-12-23 v2.1.2
面板工具中添加潘多拉GPT镜像站安装
------------------------
2023-12-26 v2.1.3
选项4常用工具中添加跑火车屏保俄罗斯方块贪吃蛇太空入侵者三款小游戏
------------------------
2023-12-30 v2.1.4
LDNMP增加了防止源站IP泄露机制保护源站IP与证书潜在安全隐患
------------------------
2024-01-04 v2.1.5
脚本添加了启动快捷键命令行输入k可以快速启动科技lion脚本工具
------------------------
2024-01-04 v2.1.6
脚本添加了启动快捷键命令行输入k可以快速启动科技lion脚本工具
面板工具1panel增加了已安装状态支持查看面板信息修改用户密码支持卸载面板
------------------------
2024-01-06 v2.1.7
面板工具增加了nextcloud网盘的搭建
------------------------
2024-01-09 v2.1.8
LDNMP建站增加对ipv6的建站支持解析v6地址建站据说提升站点安全性性能也有提升
------------------------
2024-01-10 v2.1.9
面板工具增加QD-Today定时任务管理框架的安装
------------------------
2024-01-12 v2.2
面板工具增加了Dockge容器堆栈管理面板的安装
面板工具增加了LibreSpeed轻量级测速工具的安装
优化了脚本快捷启动输入k快速启动脚本支持任何目录下使用
------------------------
2024-01-16 v2.2.1
主菜单添加14选项VPS集群控制系统可以一键操控所有VPS执行任务。
VPS集群控制属于测试版本请用闲置机器开始体验有任何问题欢迎留言反馈
------------------------
2024-01-17 v2.2.2
面板工具增加了搜索聚合网站的安装
优化了集群控制体验,集群环境备份还原卸载等功能上线
------------------------
2024-01-18 v2.2.3
面板工具增加了私有相册系统的安装
------------------------
2024-01-21 v2.2.4
面板工具增加了PDF工具大全应用的安装
------------------------
2024-01-23 v2.2.5
优化了LDNMP建站配置时进度条体验让读条不至于卡在一个地方很久。拆分配置环节让体验更加顺畅
------------------------
2024-01-25 v2.2.6
精简了LDNMP建站镜像大小采用官方alpine精简镜像包更快更轻更安全
脚本适配alpine系统
系统工具中重装系统选项升级增加了Debian11 Debian10 ubuntu22.04 centos7 alpine3.19 windows11的安装选项
------------------------
2024-01-30 v2.2.7
LDNMP建站更新halo2的安装版本到2.11
修复alpine系统下虚拟内存重启后失效的问题
优化alpine系统下docker安装体验安装docker应用时自动识别安装docker环境
修复alpine系统下CPU占用显示异常的问题
------------------------
2024-02-1 v2.2.8
主菜单临时增加p选项与幻兽帕鲁开服脚本联动
------------------------
2024-02-5 v2.2.9
修改主机名支持alpine系统
------------------------
2024-02-8 v2.3
面板工具增加了drawio在线绘图工具的安装
------------------------
2024-02-21 v2.3.1
主菜单选项12我的工作区增加至10个更利于多线程后台任务
------------------------
2024-02-26 v2.3.2
系统工具中的选项8中一键重装系统的体验进行优化重装时展示系统重装后的用户名密码和端口号
一键重装系统增加了更多Windows版本重装 11 10 2019 2022
一键重装系统增加了更多版本重装
一键重装Windows系统默认为中文版了
主菜单选项5的BBR管理适配了alpine的新界面
------------------------
2024-03-06 v2.3.3
系统工具中新增了host解析设置功能
优化了alpine系统的主机名修改逻辑
------------------------
2024-03-11 v2.3.4
系统工具中新增fail2banSSH防御程序防止你的SSH被暴力破解
------------------------
2024-03-20 v2.3.5
面板工具加入了PVE开小鸡的面板感谢oneclickvirt大佬的一键安装脚本
------------------------
2024-03-29 v2.3.6
LDNMP安装环境时提前设置1G虚拟内存提升建站环境安装速度和稳定性
------------------------
2024-04-01 v2.3.7
LDNMP改进了防御能力可以拦截404攻击守护网站安全。脚本进入选择10再选择35站点防御防御原来这么简单
------------------------
2024-04-02 v2.3.8
LDNMP站点防御接入cf添加了cloudflare模式添加了参数配置选项
------------------------
2024-04-07 v2.3.9
LDNMP申请域名证书解决证书链不完整的问题谢谢wuying2021分支提供思路已整合至主线版本
------------------------
2024-04-12 v2.4
面板工具中添加了24选项 webtop远程桌面程序alpine中文可视化桌面系统很好用
------------------------
2024-04-14 v2.4.1
面板工具中添加Sun-Panel导航面板的安装
LDNMP建站中halo镜像版本更新到最新版本
测试脚本合集中追加了两项nxtrace快速回程测试脚本 nxtrace指定IP回程测试脚本
测试脚本合集中追加了两项ludashi2020的三网线路测试
测试脚本合集界面重构,分类更清晰,方便未来扩展使用
------------------------
2024-04-18 v2.4.2
使用docker容器方式部署fail2ban防暴力破解程序ssh和nginx都能防御
优化了重启服务器的逻辑,增加了确认提示。
增加了dnf包管理的适配
安装BBRV3,cpu测速时将自动分配1024M的虚拟内存。
------------------------
2024-04-23 v2.4.3
面板工具中添加了34选项一个文件共享平台可以传文件传图片做分享链接用
------------------------
2024-04-26 v2.4.4
面板工具中添加了33选项一个极简朋友圈网页程序高仿微信朋友圈
------------------------
2024-04-29 v2.4.5
系统工具中添加了限流关机功能,到达限定流量后自动关机,针对小流量怕反撸的机型而设计!
------------------------
2024-04-30 v2.4.6
LDNMP建站分类调整将不需要安装PHP就能搭建的应用移至nginx区块中
LDNMP建站如果没装环境直接部署网站会弹出检测提示要求先装环境再建站
缩小脚本体积降了5kb整合了一些老大难代码模块化更顺畅小巧
------------------------
2024-05-04 v2.4.7
面板工具新增36选项加入了对AI聚合聊天网站的安装
------------------------
2024-05-05 v2.4.8
LDNMP增加了自定义PHP动态站点功能你可以上传自己的PHP项目
LDNMP站点管理中增加了编辑查看全局和站点配置
------------------------
2024-05-09 v2.4.9
LDNMP静态站点动态站点自定义搭建优化支持远程下载源码手动上传源码
修改主机名大小写Y的支持
检测脚本添加了xykt大佬的IP质量体检脚本非常美观实用的脚本
------------------------
2024-05-09 v2.4.10
更新脚本逻辑进行优化,可选择是否更新,并且显示当前和最新的版本号,更智能!
------------------------
2024-05-09 v2.5
重构并定义脚本中出现的红绿蓝黄灰白文字颜色,创建未来统一灵活调用文字颜色
面板工具中添加了MYIP工具箱面板可以查看当前使用的IP信息与状态
------------------------
2024-05-11 v2.5.1
对docker环境检测进行优化应用部署将会更稳定
对一些提示的文字颜色进行了优化,对一些警示文字进行红色黄色标注
------------------------
2024-05-13 v2.5.2
优化脚本更新日志显示逻辑会只显示最近更新日志。点击URL可查看所有日志。
优化时区设置,适配 alpine linux 系统。
系统工具新增了一条龙系统调优功能,一键搞定!
系统工具新增ROOT私钥登录模式更安全的登录模式。
------------------------
2024-05-16 v2.5.3
系统工具中一键重装增加了Windows7的专业安装支持。
系统工具中一键重装修改序号显示重复问题。
优化了ROOT密码登录修改后的兼容性问题。
LDNMP建站自定义动态站点支持自定义安装扩展。
------------------------
2024-05-17 v2.5.4
系统工具中定时任务添加了月任务,分钟任务的设定。
系统工具中定时任务添加了使用文本工具直接编辑定时任务的功能。
系统工具中修复了时区在centos中显示不正确的问题。
系统信息查询中添加了系统时区的显示。
系统工具功能列表调整为双列显示。
系统工具中修改DNS地址增加国外DNS和国内DNS选项。
------------------------
2024-05-20 v2.5.5
优化docker和docker-compose安装。
支持docker-compose新用法。
系统工具中一键重装系统优化了选单体验。
docker管理中新增切换docker源功能感谢LinuxMirrors团队的开源项目。
------------------------
2024-05-21 v2.5.6
证书全面采用ECC加密SSH证书域名证书等提升加解密效率和安全性
修改docker管理中的菜单文字拼写错误。
------------------------
2024-05-23 v2.5.7
工作区增加了自定义工作区用户可以设定自己命名的工作区可以创建N个工作区。
工作区菜单中溢出工作区卸载功能。
工作区状态改成工作区状态管理,可以删除删除工作区。
------------------------
2024-05-27 v2.5.8
面板工具中的应用支持ipv6的地址访问如果你小鸡有v6地址可以看到变化。
docker管理中添加了开启/关闭v6访问功能。如果v6应用无法访问可开启v6访问。
LDNMP建站增加了反向代理域名的功能。
------------------------
2024-05-29 v2.5.9
系统工具修复重装win7/server2022时无法安装的问题。
------------------------
2024-05-30 v2.5.10
LDNMP搭建自定义动态网站中添加导入宝塔1p数据库备份的环节。
------------------------
2024-06-11 v2.5.11
优化纯v6地址下安装certbot失败的问题。
------------------------
2024-06-18 v2.6.0
甲骨文云保活脚本更新将内存占用提升到20%
LDNMP建站提升申请域名证书的兼容性解决了部分申请证书失败的问题
修复了国内无法安装docker的问题
修复了国内无法拉取docker镜像的问题
docker管理中添加了修改daemon.json配置的选项
------------------------
2024-06-22 v2.6.1
系统工具改版了python环境的安装和版本管理功能原先只能安装最新版现在可以安装任意版本。
------------------------
2024-06-25 v2.6.2
LDNMP建站提升了多站点接入redis的兼容性。
LDNMP安装环境时修改了redis的内存限制为512m。
LDNMP安装环境时修改了redis的内存回收策略内存占大时对非热点数据进行释放。
LDNMP站点数据管理中清除缓存中接入redis缓存清理功能。
------------------------
2024-06-27 v2.6.3
系统工具中一键重装添加了Rocky,Alma,Fedora等发行版的重装。
LDNMP站点防御增加了自动检测高负载开启cf的5秒盾功能。
系统信息查询优化了部分系统CPU占用显示错误问题。
------------------------
2024-06-28 v2.6.4
系统工具中添加了TG监控预警功能当系统出现异常时通知用户。
------------------------
2024-06-30 v2.6.5
测试脚本合集中增加了i-abc多功能测速脚本可以多维度测速
系统工具中TG预警增加了SSH登录预警
------------------------
2024-07-03 v2.6.6
系统工具中增加了修复SSH漏洞功能感谢TG群@Peach0131大佬提供脚本支持
优化了系统更新清理的兼容性,支持更多发行版本的更新和清理。
面板工具中添加了小雅alist全家桶一键脚本 by DDS-Rem
------------------------
2024-07-05 v2.6.7
k的全局用法更新
k install nano wget | k add nano wget | k 安装 nano wget 使用这三个方式判断系统自动安装软件
k remove nano wget | k del nano wget | k 卸载 nano wget 使用这三个方式判断系统自动卸载软件
k update | k 更新 使用这两个方式判断系统自动更新系统
k clean | k 清理 使用这两个方式判断系统自动清理系统垃圾
k dd | k 重装 使用这两个方式可以快速打开重装面板
k bbr3 | k bbrv3 使用这两个方式可以快速打开BBRv3控制面板
未来还会增加更多k的快捷功能方便大家日常使用。
-----------------------

59
ldnmp.sh Normal file
View File

@@ -0,0 +1,59 @@
#!/bin/bash
# 获取用户输入,用于替换 docker-compose.yml 文件中的占位符
read -p "请输入 数据库ROOT密码" dbrootpasswd
read -p "请输入 数据库用户名:" dbuse
read -p "请输入 数据库用户密码:" dbusepasswd
# 更新并安装必要的软件包
DEBIAN_FRONTEND=noninteractive apt update -y
DEBIAN_FRONTEND=noninteractive apt full-upgrade -y
apt install -y curl wget sudo socat unzip tar htop
# 安装 Docker
curl -fsSL https://get.docker.com | sh
# 安装 Docker Compose
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
# 创建必要的目录和文件
cd /home && mkdir -p web/html web/mysql web/certs web/conf.d web/redis && touch web/docker-compose.yml
# 下载 docker-compose.yml 文件并进行替换
wget -O /home/web/docker-compose.yml https://raw.githubusercontent.com/kejilion/docker/main/LNMP-docker-compose-4.yml
# 在 docker-compose.yml 文件中进行替换
sed -i "s/webroot/$dbrootpasswd/g" /home/web/docker-compose.yml
sed -i "s/kejilionYYDS/$dbusepasswd/g" /home/web/docker-compose.yml
sed -i "s/kejilion/$dbuse/g" /home/web/docker-compose.yml
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
cd /home/web && docker-compose up -d
docker exec php apt update &&
docker exec php apt install -y libmariadb-dev-compat libmariadb-dev libzip-dev libmagickwand-dev imagemagick &&
docker exec php docker-php-ext-install mysqli pdo_mysql zip exif gd intl bcmath opcache &&
docker exec php pecl install imagick &&
docker exec php sh -c 'echo "extension=imagick.so" > /usr/local/etc/php/conf.d/imagick.ini' &&
docker exec php pecl install redis &&
docker exec php sh -c 'echo "extension=redis.so" > /usr/local/etc/php/conf.d/docker-php-ext-redis.ini' &&
docker exec php sh -c 'echo "upload_max_filesize=50M \n post_max_size=50M" > /usr/local/etc/php/conf.d/uploads.ini' &&
docker exec php sh -c 'echo "memory_limit=256M" > /usr/local/etc/php/conf.d/memory.ini'
docker exec php74 apt update &&
docker exec php74 apt install -y libmariadb-dev-compat libmariadb-dev libzip-dev libmagickwand-dev imagemagick &&
docker exec php74 docker-php-ext-install mysqli pdo_mysql zip gd intl bcmath opcache &&
docker exec php74 pecl install imagick &&
docker exec php74 sh -c 'echo "extension=imagick.so" > /usr/local/etc/php/conf.d/imagick.ini' &&
docker exec php74 pecl install redis &&
docker exec php74 sh -c 'echo "extension=redis.so" > /usr/local/etc/php/conf.d/docker-php-ext-redis.ini' &&
docker exec php74 sh -c 'echo "upload_max_filesize=50M \n post_max_size=50M" > /usr/local/etc/php/conf.d/uploads.ini' &&
docker exec php74 sh -c 'echo "memory_limit=256M" > /usr/local/etc/php/conf.d/memory.ini'

62
nginx.local Normal file
View File

@@ -0,0 +1,62 @@
[fail2ban-nginx-cc]
enabled = true
filter = fail2ban-nginx-cc
chain = DOCKER-USER
port = http,https
action = cloudflare
logpath = /home/web/log/nginx/access.log
maxretry = 3
bantime = 3600
findtime = 3600
ignoreip = 192.168.0.1/24
[nginx-http-auth]
enabled = true
chain = DOCKER-USER
mode = fallback
port = http,https
logpath = /home/web/log/nginx/error.log
[nginx-limit-req]
enabled = true
chain = DOCKER-USER
port = http,https
action = cloudflare
logpath = /home/web/log/nginx/error.log
[nginx-botsearch]
enabled = true
chain = DOCKER-USER
port = http,https
action = cloudflare
logpath = /home/web/log/nginx/error.log
[nginx-bad-request]
enabled = true
chain = DOCKER-USER
port = http,https
action = cloudflare
logpath = /home/web/log/nginx/access.log
[php-url-fopen]
enabled = true
chain = DOCKER-USER
port = http,https
action = cloudflare
logpath = /home/web/log/nginx/access.log

1
optimized_php.ini Normal file
View File

@@ -0,0 +1 @@

7
pal_backup.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
clear
mkdir -p /home/game
docker cp steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/ /home/game/palworld/
cd /home/game && tar czvf palworld_$(date +"%Y%m%d%H%M%S").tar.gz palworld
rm -rf /home/game/palworld/
echo -e "\033[0;32m游戏存档已导出存放在: /home/game/\033[0m"

13
pal_log.sh Normal file
View File

@@ -0,0 +1,13 @@
clear
echo "脚本更新日志"
echo "------------------------"
echo "2024-2-1 v1.0"
echo "风靡全球的幻兽帕鲁服务端管理面板上线!"
echo "------------------------"
echo "2024-2-2 v1.0.1"
echo "增加了游戏存档定时备份,可选每周,每天,每小时"
echo "主菜单增加了游戏服务安装状态以及开服情况的智能显示"
echo "主菜单增加k选项与科技lion官方脚本工具联动。"
echo "主菜单增加游戏配置修改功能"
echo "对脚本细节调优,体验更好"
echo "------------------------"

445
palworld.sh Normal file
View File

@@ -0,0 +1,445 @@
#!/bin/bash
ln -sf ~/palworld.sh /usr/local/bin/p
ip_address() {
ipv4_address=$(curl -s ipv4.ip.sb)
ipv6_address=$(curl -s --max-time 1 ipv6.ip.sb)
}
install() {
if [ $# -eq 0 ]; then
echo "未提供软件包参数!"
return 1
fi
for package in "$@"; do
if ! command -v "$package" &>/dev/null; then
if command -v apt &>/dev/null; then
apt update -y && apt install -y "$package"
elif command -v yum &>/dev/null; then
yum -y update && yum -y install "$package"
elif command -v apk &>/dev/null; then
apk update && apk add "$package"
else
echo "未知的包管理器!"
return 1
fi
fi
done
return 0
}
remove() {
if [ $# -eq 0 ]; then
echo "未提供软件包参数!"
return 1
fi
for package in "$@"; do
if command -v apt &>/dev/null; then
apt purge -y "$package"
elif command -v yum &>/dev/null; then
yum remove -y "$package"
elif command -v apk &>/dev/null; then
apk del "$package"
else
echo "未知的包管理器!"
return 1
fi
done
return 0
}
break_end() {
echo -e "\033[0;32m操作完成\033[0m"
echo "按任意键继续..."
read -n 1 -s -r -p ""
echo ""
clear
}
palworld() {
p
exit
}
install_add_docker() {
if [ -f "/etc/alpine-release" ]; then
apk update
apk add docker docker-compose
rc-update add docker default
service docker start
else
curl -fsSL https://get.docker.com | sh && ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin
systemctl start docker
systemctl enable docker
fi
}
install_docker() {
if ! command -v docker &>/dev/null; then
install_add_docker
else
echo "Docker 已经安装"
fi
}
pal_start() {
ip_address
tmux new -d -s my1 "docker exec -it steamcmd bash -c '/home/steam/Steam/steamapps/common/PalServer/PalServer.sh'"
echo -e "\033[0;32m幻兽帕鲁服务启动啦\033[0m"
echo -e "\033[0;32m游戏下载地址: https://store.steampowered.com/app/1623730\033[0m"
echo -e "\033[0;32m进入游戏连接:\033[93m $ipv4_address:8255 \033[0;32m开始冒险吧\033[0m"
}
pal_backup() {
cd ~
curl -sS -O https://kejilion.pro/pal_backup.sh && chmod +x pal_backup.sh
}
pal_install_status() {
CONTAINER_NAME="steamcmd"
# 检查容器是否已安装
if [ "$(docker ps -a -q -f name=$CONTAINER_NAME 2>/dev/null)" ]; then
container_status="\e[32m幻兽帕鲁服务已安装\e[0m" # 绿色
else
container_status="\e[90m幻兽帕鲁服务未安装\e[0m" # 灰色
fi
SESSION_NAME="my1"
ip_address
# 检查 tmux 中是否存在指定的工作区
if tmux has-session -t $SESSION_NAME 2>/dev/null; then
tmux_status="\e[32m已开服:\033[93m $ipv4_address:8255\e[0m" # 绿色
else
tmux_status="\e[90m未开服\e[0m" # 灰色
fi
}
while true; do
clear
pal_install_status
echo -e "\033[93m . . ."
echo "._ _.|. , _ ._.| _|"
echo "[_)(_]| \/\/ (_)[ |(_]"
echo "| "
echo -e "\033[96m幻兽帕鲁开服一键脚本工具v1.0.2 by KEJILION\033[0m"
echo -e "\033[96m-输入\033[93mp\033[96m可快速启动此脚本-\033[0m"
echo -e "$container_status $tmux_status"
echo "------------------------"
echo "1. 安装幻兽帕鲁服务"
echo "2. 开启幻兽帕鲁服务"
echo "3. 关闭幻兽帕鲁服务"
echo "4. 重启幻兽帕鲁服务"
echo "------------------------"
echo "5. 查看服务器状态"
echo "6. 设置虚拟内存"
echo "------------------------"
echo "7. 导出游戏存档"
echo "8. 导入游戏存档"
echo "9. 定时备份游戏存档"
echo "------------------------"
echo "10. 修改游戏配置"
echo "------------------------"
echo "11. 更新幻兽帕鲁服务"
echo "12. 卸载幻兽帕鲁服务"
echo "------------------------"
echo "k. 科技lion脚本工具箱"
echo "------------------------"
echo "00. 脚本更新"
echo "------------------------"
echo "0. 退出脚本"
echo "------------------------"
read -p "请输入你的选择: " choice
case $choice in
1)
clear
install_docker
install tmux
docker run -dit --name steamcmd -p 8255:8211/udp --restart=always cm2network/steamcmd
docker exec -it steamcmd bash -c "/home/steam/steamcmd/steamcmd.sh +login anonymous +app_update 2394010 validate +quit"
clear
pal_start
;;
2)
clear
docker start steamcmd > /dev/null 2>&1
pal_start
;;
3)
clear
tmux kill-session -t my1
docker stop steamcmd > /dev/null 2>&1
echo -e "\033[0;32m幻兽帕鲁服务已关闭\033[0m"
;;
4)
clear
tmux kill-session -t my1
docker restart steamcmd > /dev/null 2>&1
pal_start
;;
5)
clear
install btop
clear
btop
;;
6)
clear
swap_used=$(free -m | awk 'NR==3{print $3}')
swap_total=$(free -m | awk 'NR==3{print $2}')
if [ "$swap_total" -eq 0 ]; then
swap_percentage=0
else
swap_percentage=$((swap_used * 100 / swap_total))
fi
swap_info="${swap_used}MB/${swap_total}MB (${swap_percentage}%)"
echo "当前虚拟内存: $swap_info"
read -p "是否调整大小?(Y/N): " choice
case "$choice" in
[Yy])
# 输入新的虚拟内存大小
read -p "请输入虚拟内存大小MB: " new_swap
# 获取当前系统中所有的 swap 分区
swap_partitions=$(grep -E '^/dev/' /proc/swaps | awk '{print $1}')
# 遍历并删除所有的 swap 分区
for partition in $swap_partitions; do
swapoff "$partition"
wipefs -a "$partition" # 清除文件系统标识符
mkswap -f "$partition"
echo "已删除并重新创建 swap 分区: $partition"
done
# 确保 /swapfile 不再被使用
swapoff /swapfile
# 删除旧的 /swapfile
rm -f /swapfile
# 创建新的 swap 分区
dd if=/dev/zero of=/swapfile bs=1M count=$new_swap
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
if [ -f /etc/alpine-release ]; then
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
echo "nohup swapon /swapfile" >> /etc/local.d/swap.start
chmod +x /etc/local.d/swap.start
rc-update add local
else
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
fi
echo "虚拟内存大小已调整为${new_swap}MB"
;;
[Nn])
echo "已取消"
;;
*)
echo "无效的选择,请输入 Y 或 N。"
;;
esac
;;
7)
clear
mkdir -p /home/game
docker cp steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/ /home/game/palworld/ > /dev/null 2>&1
cd /home/game && tar czvf palworld_$(date +"%Y%m%d%H%M%S").tar.gz palworld > /dev/null 2>&1
rm -rf /home/game/palworld/
echo -e "\033[0;32m游戏存档已导出存放在: /home/game/\033[0m"
;;
8)
clear
tmux kill-session -t my1
docker exec -it steamcmd bash -c "rm -rf /home/steam/Steam/steamapps/common/PalServer/Pal/Saved/*"
cd /home/game/ && ls -t /home/game/*.tar.gz | head -1 | xargs -I {} tar -xzf {}
docker cp /home/game/palworld/Config steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/Config > /dev/null 2>&1
docker cp /home/game/palworld/ImGui steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/ImGui > /dev/null 2>&1
docker cp /home/game/palworld/SaveGames steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/SaveGames > /dev/null 2>&1
docker exec -it -u root steamcmd bash -c "chmod -R 777 /home/steam/Steam/steamapps/common/PalServer/Pal/Saved/"
rm -rf /home/game/palworld/
echo -e "\033[0;32m游戏存档已导入\033[0m"
docker restart steamcmd > /dev/null 2>&1
pal_start
;;
9)
clear
echo "幻兽帕鲁游戏存档定时备份"
echo "------------------------"
echo "1. 每周备份 2. 每天备份 3. 每小时备份"
echo "------------------------"
read -p "请输入你的选择: " dingshi
case $dingshi in
1)
pal_backup
(crontab -l ; echo "0 0 * * 1 ./pal_backup.sh") | crontab - > /dev/null 2>&1
echo "每周一备份,已设置"
;;
2)
pal_backup
(crontab -l ; echo "0 3 * * * ./pal_backup.sh") | crontab - > /dev/null 2>&1
echo "每天凌晨3点备份已设置"
;;
3)
pal_backup
(crontab -l ; echo "0 * * * * ./pal_backup.sh") | crontab - > /dev/null 2>&1
echo "每小时整点备份,已设置"
;;
*)
echo "已取消"
;;
esac
;;
10)
clear
tmux kill-session -t my1
cd ~ && curl -sS -O https://kejilion.pro/PalWorldSettings.ini
echo "配置游戏参数"
echo "------------------------"
read -p "设置加入的密码(回车默认无密码): " server_password
read -p "设置游戏难度: 1. 简单 2. 普通 3. 困难):" Difficulty
case $Difficulty in
1)
Difficulty=1
;;
2)
Difficulty=2
;;
3)
Difficulty=3
;;
*)
echo "-默认设置为普通难度"
Difficulty=2
;;
esac
read -p "经验值倍率: 回车默认1倍:" exp_rate
ExpRate=${exp_rate:-1}
read -p "死亡后掉落设置: 1. 掉落 2. 不掉落):" DeathPenalty
case $DeathPenalty in
1)
DeathPenalty=All
;;
2)
DeathPenalty=None
;;
*)
DeathPenalty=All
echo "-默认设置为掉落"
;;
esac
read -p "设置pvp模式: 1. 开启 2. 关闭):" pal_pvp
case $pal_pvp in
1)
pal_pvp=True
;;
2)
pal_pvp=False
;;
*)
pal_pvp=False
echo "-默认关闭pvp模式"
;;
esac
# 更新配置文件
sed -i "s/ServerPassword=\"\"/ServerPassword=\"$server_password\"/" ~/PalWorldSettings.ini
sed -i "s/Difficulty=2/Difficulty=$Difficulty/" ~/PalWorldSettings.ini
sed -i "s/ExpRate=1.000000/ExpRate=$ExpRate/" ~/PalWorldSettings.ini
sed -i "s/DeathPenalty=All/DeathPenalty=$DeathPenalty/" ~/PalWorldSettings.ini
sed -i "s/bEnablePlayerToPlayerDamage=False/bEnablePlayerToPlayerDamage=$pal_pvp/" ~/PalWorldSettings.ini
sed -i "s/bIsPvP=False/bIsPvP=$pal_pvp/" ~/PalWorldSettings.ini
echo "------------------------"
echo "配置文件已更新"
docker exec -it steamcmd bash -c "rm -f /home/steam/Steam/steamapps/common/PalServer/Pal/Saved/Config/LinuxServer/PalWorldSettings.ini"
docker cp ~/PalWorldSettings.ini steamcmd:/home/steam/Steam/steamapps/common/PalServer/Pal/Saved/Config/LinuxServer/ > /dev/null 2>&1
docker exec -it -u root steamcmd bash -c "chmod -R 777 /home/steam/Steam/steamapps/common/PalServer/Pal/Saved/"
rm -f ~/PalWorldSettings.ini
echo -e "\033[0;32m游戏配置已导入\033[0m"
docker restart steamcmd > /dev/null 2>&1
pal_start
;;
11)
clear
tmux kill-session -t my1
docker restart steamcmd > /dev/null 2>&1
docker exec -it steamcmd bash -c "/home/steam/steamcmd/steamcmd.sh +login anonymous +app_update 2394010 validate +quit"
clear
echo -e "\033[0;32m幻兽帕鲁已更新\033[0m"
pal_start
;;
12)
clear
docker rm -f steamcmd
docker rmi -f cm2network/steamcmd
;;
k)
cd ~
curl -sS -O https://kejilion.pro/kejilion.sh && chmod +x kejilion.sh && ./kejilion.sh
exit
;;
00)
cd ~
curl -sS -O https://kejilion.pro/pal_log.sh && chmod +x pal_log.sh && ./pal_log.sh
rm pal_log.sh
echo ""
curl -sS -O https://kejilion.pro/palworld.sh && chmod +x palworld.sh
echo "脚本已更新到最新版本!"
break_end
palworld
;;
0)
clear
exit
;;
*)
echo "无效的输入!"
;;
esac
break_end
done

5
sshd.local Normal file
View File

@@ -0,0 +1,5 @@
[sshd]
enabled = true
mode = normal
backend = systemd

422
update_log.sh Normal file
View File

@@ -0,0 +1,422 @@
clear
echo "脚本更新日志"
echo "------------------------"
echo "2023-8-13 v1.0.3"
echo "1.甲骨文云的DD脚本添加了Ubuntu 20.04的重装选项。"
echo "2.LDNMP建站开放了苹果CMS网站的搭建功能."
echo "3.系统信息查询,增加了内核版本显示,美化了界面。"
echo "4.甲骨文脚本中添加了开启ROOT登录的选项。"
echo "------------------------"
echo "2023-8-13 v1.0.4"
echo "1.LDNMP建站开放了独角数卡网站的搭建功能."
echo "2.LDNMP建站优化了备份全站到远端服务器的稳定性."
echo "3.Docker管理全局状态信息添加了所有docker卷的显示."
echo "------------------------"
echo "2023-8-14 v1.1"
echo "Docker管理器全面升级体验前所未有"
echo "-加入了docker容器管理面板"
echo "-加入了docker镜像管理面板"
echo "-加入了docker网络管理面板"
echo "-加入了docker卷管理面板"
echo "-删除docker时追加确认信息拒绝误操作"
echo "------------------------"
echo "2023-8-14 v1.2"
echo "1.新增了11选项加入了常用面板工具合集"
echo "-支持安装各种面板,包括: 宝塔宝塔国际版1panelNginx Proxy Manager等等满足更多人群的使用需求"
echo "2.优化了菜单效果"
echo "------------------------"
echo "2023-8-14 v1.3"
echo "新增了12选项我的工作区功能"
echo "-将为你提供5个后台运行的工作区用来执行后台任务。即使你断开SSH也不会中断"
echo "-非常有意思的功能,快去试试吧!"
echo "------------------------"
echo "2023-8-14 v1.3.2"
echo "新增了13选项系统工具"
echo "科技lion一键脚本可以通过设置快捷键唤醒打开了我设置的k作为脚本打开的快捷键无需复制长命令了"
echo "加入了ROOT密码修改切换成ROOT登录模式"
echo "系统设置中还有很多功能没开发,敬请期待!"
echo "------------------------"
echo "2023-8-15 v1.4"
echo "全面适配Centos系统实现UbuntuDebianCentos三大主流系统的适配"
echo "优化LDNMP中PHP输入数据最大时间解决WordPress网站导入部分主题失败的问题"
echo "------------------------"
echo "2023-8-15 v1.4.1"
echo "选项13系统工具中加入了安装Python最新版的选项感谢群友春风得意马蹄疾的投稿很好用"
echo "------------------------"
echo "2023-8-15 v1.4.2"
echo "docker管理中增加容器日志查看"
echo "选项13系统工具中加入了留言板的选项可以留下你的宝贵意见也可以在这里聊天贼好玩"
echo "------------------------"
echo "2023-8-15 v1.4.5"
echo "优化了信息查询运行效率"
echo "信息查询新增了地理位置显示"
echo "优化了脚本内系统判断机制!"
echo "------------------------"
echo "2023-8-16 v1.4.6"
echo "LDNMP建站中加入了删除站点删除数据库功能"
echo "------------------------"
echo "2023-8-16 v1.4.7"
echo "选项11中增加了一键搭建alist多存储文件列表工具的"
echo "选项11中增加了一键搭建网页版乌班图远程桌面"
echo "选项13中增加了开放所有端口功能"
echo "------------------------"
echo "2023-8-16 v1.4.8"
echo "系统信息查询中,终于可以显示总流量消耗了!总接收和总发送两个信息"
echo "------------------------"
echo "2023-8-17 v1.4.9"
echo "系统工具中新增SSH端口修改功能"
echo "系统工具中新增优化DNS地址功能"
echo "------------------------"
echo "2023-8-18 v1.5"
echo "系统性优化了代码,去除了无效的代码与空格"
echo "系统信息查询添加了系统时间"
echo "禁用ROOT账户创建新的账户更安全"
echo "------------------------"
echo "2023-8-18 v1.5.1"
echo "LDNMP加入了安装bingchatAI聊天网站"
echo "面板工具中添加了哪吒探针脚本整合"
echo "------------------------"
echo "2023-8-18 v1.5.2"
echo "LDNMP加入了更新LDNMP选项"
echo "------------------------"
echo "2023-8-19 v1.5.3"
echo "面板工具添加安装QB离线BT磁力下载面板"
echo "优化IP获取源"
echo "------------------------"
echo "2023-8-20 v1.5.4"
echo "面板工具已安装的工具支持状态检测,可以进行删除了!"
echo "------------------------"
echo "2023-8-21 v1.5.5"
echo "系统工具中添加优先ipv4/ipv6选项"
echo "系统工具中添加查看端口占用状态选项"
echo "------------------------"
echo "2023-8-21 v1.5.6"
echo "LDNMP建站添加了定时自动远程备份功能"
echo "------------------------"
echo "2023-8-22 v1.5.7"
echo "面板工具增加了邮件服务器搭建请确保服务器的25.80.443开放"
echo "------------------------"
echo "2023-8-23 v1.5.8"
echo "面板工具增加了聊天系统搭建"
echo "------------------------"
echo "2023-8-24 v1.5.9"
echo "面板工具增加了禅道项目管理软件搭建"
echo "------------------------"
echo "2023-8-24 v1.6"
echo "面板工具增加了青龙面板搭建"
echo "调整了面板工具列表的排版显示效果"
echo "------------------------"
echo "2023-8-27 v1.6.1"
echo "LDNMP大幅优化安装体验添加安装进度条和百分比显示太刁了"
echo "------------------------"
echo "2023-8-28 v1.6.2"
echo "docker管理可以显示容器所属网络并且可以加入网络和退出网络了"
echo "------------------------"
echo "2023-8-28 v1.6.3"
echo "系统工具中增加修改虚拟内存大小的选项"
echo "系统信息查询中显示虚拟内存占用"
echo "------------------------"
echo "2023-8-29 v1.6.4"
echo "面板工具加入cloudreve网盘的搭建"
echo "面板工具加入简单图床程序搭建"
echo "------------------------"
echo "2023-8-29 v1.6.5"
echo "LDNMP加入了高逼格的flarum论坛搭建"
echo "面板工具加入简单图床程序搭建"
echo "------------------------"
echo "2023-9-1 v1.6.6"
echo "LDNMP环境安装时用户密码将随机生成提升安全性安装环境更简单"
echo "LDNMP环境安装时如果安装过docker将自动跳过节省安装时间"
echo "LDNMP环境更新WordPress到6.3.1版本"
echo "------------------------"
echo "2023-9-1 v1.6.7"
echo "添加了账户管理功能,查看当前账户列表,添加删除账户,账号权限管理等"
echo "------------------------"
echo "2023-9-4 v1.6.8"
echo "独角数卡登录时报错,显示解决办法"
echo "------------------------"
echo "2023-9-6 v1.6.9"
echo "系统工具中添加随机用户密码生成器,方便懒得想用户名和密码的小伙伴"
echo "优化了所有搭建网站与面板后的信息复制体验"
echo "------------------------"
echo "2023-9-11 v1.7"
echo "面板工具中添加emby多媒体管理系统的搭建"
echo "------------------------"
echo "2023-9-15 v1.7.1"
echo "LDNMP建站中可以搭建Bitwarden密码管理平台了"
echo "------------------------"
echo "2023-9-18 v1.7.2"
echo "LDNMP建站将站点信息查询和站点管理合并"
echo "LDNMP站点管理中添加证书重新申请和站点更换域名的功能"
echo "------------------------"
echo "2023-9-25 v1.8"
echo "LDNMP建站增加了服务器与网站防护功能防御暴力破解防御网站被攻击"
echo "------------------------"
echo "2023-9-28 v1.8.2"
echo "LDNMP建站优化了运行速度和安全性增加了频率限制"
echo "LDNMP建站优化了防御程序的高可用性"
echo "------------------------"
echo "2023-10-3 v1.8.3"
echo "系统工具增加系统时区切换功能"
echo "------------------------"
echo "2023-10-7 v1.8.4"
echo "LDNMP建站添加halo博客网站搭建"
echo "------------------------"
echo "2023-10-12 v1.8.5"
echo "LDNMP建站添加优化LDNMP环境选项可以开启高性能模式大幅提升网站性能应对高并发"
echo "------------------------"
echo "2023-10-14 v1.8.6"
echo "面板工具增加了测速流量监控面板的安装"
echo "------------------------"
echo "2023-10-16 v1.8.7"
echo "系统工具中添加开启BBR3加速功能"
echo "------------------------"
echo "2023-10-18 v1.8.8"
echo "系统工具中优化BBR3加速安装流程可根据CPU型号自行安装适合的内核版本"
echo "------------------------"
echo "2023-10-19 v1.8.9"
echo "系统工具中BBRv3功能增加了更新内核和卸载内核功能"
echo "------------------------"
echo "2023-10-21 v1.9"
echo "开放端口相关优化"
echo "解决部分系统SSH端口切换后重启失联的问题"
echo "------------------------"
echo "2023-10-26 v1.9.1"
echo "LNMP建站管理中添加了站点缓存清理功能"
echo "面板工具中卸载对应应用时添加了应用目录一并删除,删除更彻底!"
echo "------------------------"
echo "2023-10-28 v1.9.2"
echo "系统工具中修复了虚拟内存大小重启后还原的问题"
echo "------------------------"
echo "2023-11-07 v1.9.3"
echo "面板工具中增加AdGuardHome去广告软件安装和管理"
echo "------------------------"
echo "2023-11-08 v1.9.4"
echo "系统工具添加了防火墙高级管理功能可以开关端口可以IP黑白名单"
echo "未来会上线地域黑白名单等高级功能"
echo "------------------------"
echo "2023-11-09 v1.9.5"
echo "系统工具中防火墙添加udp控制"
echo "------------------------"
echo "2023-11-10 v1.9.6"
echo "测试脚本合集增加了缝合怪一条龙测试"
echo "系统信息查询中添加了系统运行时长显示"
echo "------------------------"
echo "2023-11-10 v1.9.7"
echo "LDNMP建站增加typecho轻量博客的搭建"
echo "------------------------"
echo "2023-11-16 v1.9.8"
echo "面板工具中增加了在线office办公软件安装"
echo "------------------------"
echo "2023-11-21 v1.9.9"
echo "面板工具中增加了雷池WAF防火墙程序安装"
echo "------------------------"
echo "2023-11-28 v2.0"
echo "LDNMP建站中增加仅安装nginx的选项专门服务于站点重定向和站点反向代理"
echo "精简无用的代码,优化执行效率"
echo "------------------------"
echo "2023-11-29 v2.0.1"
echo "LDNMP建站改用cerbot申请证书更稳定更快速。弃用acme"
echo "------------------------"
echo "2023-11-30 v2.0.2"
echo "面板工具修复QB无法登录问题"
echo "面板工具修复RocketChat进入后无限加载问题"
echo "系统工具中添加修改主机名功能"
echo "系统工具中添加服务器重启功能"
echo "------------------------"
echo "2023-12-04 v2.0.3"
echo "LDNMP建站过程中增加了nginx自我检测修复功能"
echo "系统工具添加更新源切换功能,请先在测试环境使用"
echo "LDNMP建站增加自定义上传静态html界面功能"
echo "------------------------"
echo "2023-12-05 v2.0.4"
echo "LDNMP建站中仅安装nginx功能添加安装成功提示更优雅直观"
echo "LDNMP建站中仅安装nginx功能支持自动更新nginx版本"
echo "优化代码细节,定义调用函数,脚本执行更简洁,提升效率"
echo "------------------------"
echo "2023-12-07 v2.0.5"
echo "LDNMP在站点数据管理中增加查看站点分析报告功能可以对网站流量进行监控与分析"
echo "主菜单添加手动更新脚本功能"
echo "------------------------"
echo "2023-12-08 v2.0.6"
echo "主菜单中更新日志和脚本更新合并,更新时可以看到更新日志,更直觉"
echo "面板工具中新增了docker管理面板portainer的安装"
echo "面板工具中新增了VScode网页版的安装"
echo "------------------------"
echo "2023-12-15 v2.0.7"
echo "系统工具中添加了定时任务的管理功能"
echo "------------------------"
echo "2023-12-16 v2.0.8"
echo "大量安装软件的代码整合更简单快速安装各类软件包"
echo "优化选项4中的常用工具安装及使用体验已安装可以提示使用方法"
echo "选项4中新增多款实用工具如btop现代化监控工具安装即用q退出"
echo "------------------------"
echo "2023-12-18 v2.0.9"
echo "优化安装代码,全局调用,安装智能检测,安装软件更快"
echo "------------------------"
echo "2023-12-19 v2.1"
echo "选项4中,新增自定义安装卸载指定的工具"
echo "优化了清理逻辑,清理系统更快更干净"
echo "优化了卸载软件包的逻辑,根据系统执行卸载,更智能"
echo "优化主菜单到二级菜单的交互,二级菜单更沉浸,二级菜单箭头引导调整"
echo "------------------------"
echo "2023-12-20 v2.1.1"
echo "史诗级代码精简屎山大扫除脚本运行更快速脚本大小缩减20%"
echo "LDNMP安装环境时增加端口检测功能端口被占用会无法安装"
echo "面板工具中添加Uptime Kuma监控工具的安装"
echo "面板工具中添加Memos网页备忘录的安装"
echo "------------------------"
echo "2023-12-23 v2.1.2"
echo "面板工具中添加潘多拉GPT镜像站安装"
echo "------------------------"
echo "2023-12-26 v2.1.3"
echo "选项4常用工具中添加跑火车屏保俄罗斯方块贪吃蛇太空入侵者三款小游戏"
echo "------------------------"
echo "2023-12-30 v2.1.4"
echo "LDNMP增加了防止源站IP泄露机制保护源站IP与证书潜在安全隐患"
echo "------------------------"
echo "2024-01-04 v2.1.5"
echo "脚本添加了启动快捷键命令行输入k可以快速启动科技lion脚本工具"
echo "------------------------"
echo "2024-01-04 v2.1.6"
echo "脚本添加了启动快捷键命令行输入k可以快速启动科技lion脚本工具"
echo "面板工具1panel增加了已安装状态支持查看面板信息修改用户密码支持卸载面板"
echo "------------------------"
echo "2024-01-06 v2.1.7"
echo "面板工具增加了nextcloud网盘的搭建"
echo "------------------------"
echo "2024-01-09 v2.1.8"
echo "LDNMP建站增加对ipv6的建站支持解析v6地址建站据说提升站点安全性性能也有提升"
echo "------------------------"
echo "2024-01-10 v2.1.9"
echo "面板工具增加QD-Today定时任务管理框架的安装"
echo "------------------------"
echo "2024-01-12 v2.2"
echo "面板工具增加了Dockge容器堆栈管理面板的安装"
echo "面板工具增加了LibreSpeed轻量级测速工具的安装"
echo "优化了脚本快捷启动输入k快速启动脚本支持任何目录下使用"
echo "------------------------"
echo "2024-01-16 v2.2.1"
echo "主菜单添加14选项VPS集群控制系统可以一键操控所有VPS执行任务。"
echo "VPS集群控制属于测试版本请用闲置机器开始体验有任何问题欢迎留言反馈"
echo "------------------------"
echo "2024-01-17 v2.2.2"
echo "面板工具增加了搜索聚合网站的安装"
echo "优化了集群控制体验,集群环境备份还原卸载等功能上线"
echo "------------------------"
echo "2024-01-18 v2.2.3"
echo "面板工具增加了私有相册系统的安装"
echo "------------------------"
echo "2024-01-21 v2.2.4"
echo "面板工具增加了PDF工具大全应用的安装"
echo "------------------------"
echo "2024-01-23 v2.2.5"
echo "优化了LDNMP建站配置时进度条体验让读条不至于卡在一个地方很久。拆分配置环节让体验更加顺畅"
echo "------------------------"
echo "2024-01-25 v2.2.6"
echo "精简了LDNMP建站镜像大小采用官方alpine精简镜像包更快更轻更安全"
echo "脚本适配alpine系统"
echo "系统工具中重装系统选项升级增加了Debian11 Debian10 ubuntu22.04 centos7 alpine3.19 windows11的安装选项"
echo "------------------------"
echo "2024-01-30 v2.2.7"
echo "LDNMP建站更新halo2的安装版本到2.11"
echo "修复alpine系统下虚拟内存重启后失效的问题"
echo "优化alpine系统下docker安装体验安装docker应用时自动识别安装docker环境"
echo "修复alpine系统下CPU占用显示异常的问题"
echo "------------------------"
echo "2024-02-1 v2.2.8"
echo "主菜单临时增加p选项与幻兽帕鲁开服脚本联动"
echo "------------------------"
echo "2024-02-5 v2.2.9"
echo "修改主机名支持alpine系统"
echo "------------------------"
echo "2024-02-8 v2.3"
echo "面板工具增加了drawio在线绘图工具的安装"
echo "------------------------"
echo "2024-02-21 v2.3.1"
echo "主菜单选项12我的工作区增加至10个更利于多线程后台任务"
echo "------------------------"
echo "2024-02-26 v2.3.2"
echo "系统工具中的选项8中一键重装系统的体验进行优化重装时展示系统重装后的用户名密码和端口号"
echo "一键重装系统增加了更多Windows版本重装 11 10 2019 2022"
echo "一键重装系统增加了更多版本重装"
echo "一键重装Windows系统默认为中文版了"
echo "主菜单选项5的BBR管理适配了alpine的新界面"
echo "------------------------"
echo "2024-03-06 v2.3.3"
echo "系统工具中新增了host解析设置功能"
echo "优化了alpine系统的主机名修改逻辑"
echo "------------------------"
echo "2024-03-11 v2.3.4"
echo "系统工具中新增fail2banSSH防御程序防止你的SSH被暴力破解"
echo "------------------------"
echo "2024-03-20 v2.3.5"
echo "面板工具加入了PVE开小鸡的面板感谢oneclickvirt大佬的一键安装脚本"
echo "------------------------"
echo "2024-03-29 v2.3.6"
echo "LDNMP安装环境时提前设置1G虚拟内存提升建站环境安装速度和稳定性"
echo "------------------------"
echo "2024-04-01 v2.3.7"
echo "LDNMP改进了防御能力可以拦截404攻击守护网站安全。脚本进入选择10再选择35站点防御防御原来这么简单"
echo "------------------------"
echo "2024-04-02 v2.3.8"
echo "LDNMP站点防御接入cf添加了cloudflare模式添加了参数配置选项"
echo "------------------------"
echo "2024-04-07 v2.3.9"
echo "LDNMP申请域名证书解决证书链不完整的问题谢谢wuying2021分支提供思路已整合至主线版本"
echo "------------------------"
echo "2024-04-12 v2.4"
echo "面板工具中添加了24选项 webtop远程桌面程序alpine中文可视化桌面系统很好用"
echo "------------------------"
echo "2024-04-14 v2.4.1"
echo "面板工具中添加Sun-Panel导航面板的安装"
echo "LDNMP建站中halo镜像版本更新到最新版本"
echo "测试脚本合集中追加了两项nxtrace快速回程测试脚本 nxtrace指定IP回程测试脚本"
echo "测试脚本合集中追加了两项ludashi2020的三网线路测试"
echo "测试脚本合集界面重构,分类更清晰,方便未来扩展使用"
echo "------------------------"
echo "2024-04-18 v2.4.2"
echo "使用docker容器方式部署fail2ban防暴力破解程序ssh和nginx都能防御"
echo "优化了重启服务器的逻辑,增加了确认提示。"
echo "增加了dnf包管理的适配"
echo "安装BBRV3,cpu测速时将自动分配1024M的虚拟内存。"
echo "------------------------"
echo "2024-04-23 v2.4.3"
echo "面板工具中添加了34选项一个文件共享平台可以传文件传图片做分享链接用"
echo "------------------------"
echo "2024-04-26 v2.4.4"
echo "面板工具中添加了33选项一个极简朋友圈网页程序高仿微信朋友圈"
echo "------------------------"
echo "2024-04-29 v2.4.5"
echo "系统工具中添加了限流关机功能,到达限定流量后自动关机,针对小流量怕反撸的机型而设计!"
echo "------------------------"
echo "2024-04-30 v2.4.6"
echo "LDNMP建站分类调整将不需要安装PHP就能搭建的应用移至nginx区块中"
echo "LDNMP建站如果没装环境直接部署网站会弹出检测提示要求先装环境再建站"
echo "缩小脚本体积降了5kb整合了一些老大难代码模块化更顺畅小巧"
echo "------------------------"
echo "2024-05-04 v2.4.7"
echo "面板工具新增36选项加入了对AI聚合聊天网站的安装"
echo "------------------------"
echo "2024-05-05 v2.4.8"
echo "LDNMP增加了自定义PHP动态站点功能你可以上传自己的PHP项目"
echo "LDNMP站点管理中增加了编辑查看全局和站点配置"
echo "------------------------"
echo "2024-05-09 v2.4.9"
echo "LDNMP静态站点动态站点自定义搭建优化支持远程下载源码手动上传源码"
echo "修改主机名大小写Y的支持"
echo "检测脚本添加了xykt大佬的IP质量体检脚本非常美观实用的脚本"
echo "------------------------"
echo "2024-05-09 v2.4.10"
echo "更新脚本逻辑进行优化,可选择是否更新,并且显示当前和最新的版本号,更智能!"
echo "------------------------"
echo "2024-05-09 v2.5"
echo "重构并定义脚本中出现的红绿蓝黄灰白文字颜色,创建未来统一灵活调用文字颜色"
echo "面板工具中添加了MYIP工具箱面板可以查看当前使用的IP信息与状态"
echo "------------------------"
echo "2024-05-11 v2.5.1"
echo "对docker环境检测进行优化应用部署将会更稳定"
echo "对一些提示的文字颜色进行了优化,对一些警示文字进行红色黄色标注"
echo "------------------------"

154
upgrade_openssh9.8p1.sh Normal file
View File

@@ -0,0 +1,154 @@
#!/bin/bash
# 设置OpenSSH的版本号
OPENSSH_VERSION="9.8p1"
# 检测系统类型
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
else
echo "无法检测操作系统类型。"
exit 1
fi
# 等待并检查锁文件
wait_for_lock() {
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
echo "等待dpkg锁释放..."
sleep 1
done
}
# 修复dpkg中断问题
fix_dpkg() {
DEBIAN_FRONTEND=noninteractive dpkg --configure -a
}
# 安装依赖包
install_dependencies() {
case $OS in
ubuntu|debian)
wait_for_lock
fix_dpkg
DEBIAN_FRONTEND=noninteractive apt update
DEBIAN_FRONTEND=noninteractive apt install -y build-essential zlib1g-dev libssl-dev libpam0g-dev wget ntpdate -o Dpkg::Options::="--force-confnew"
;;
centos|rhel|fedora)
yum install -y epel-release
yum groupinstall -y "Development Tools"
yum install -y zlib-devel openssl-devel pam-devel wget ntpdate
;;
alpine)
apk add build-base zlib-dev openssl-dev pam-dev wget ntpdate
;;
*)
echo "不支持的操作系统:$OS"
exit 1
;;
esac
}
# 下载、编译和安装OpenSSH
install_openssh() {
wget --no-check-certificate https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${OPENSSH_VERSION}.tar.gz
tar -xzf openssh-${OPENSSH_VERSION}.tar.gz
cd openssh-${OPENSSH_VERSION}
./configure
make
make install
}
# 重启SSH服务
restart_ssh() {
case $OS in
ubuntu|debian)
systemctl restart ssh
;;
centos|rhel|fedora)
systemctl restart sshd
;;
alpine)
rc-service sshd restart
;;
*)
echo "不支持的操作系统:$OS"
exit 1
;;
esac
}
# 设置路径优先级
set_path_priority() {
NEW_SSH_PATH=$(which sshd) # 假设新版本的sshd和ssh在同一个目录
NEW_SSH_DIR=$(dirname "$NEW_SSH_PATH")
if [[ ":$PATH:" != *":$NEW_SSH_DIR:"* ]]; then
export PATH="$NEW_SSH_DIR:$PATH"
echo "export PATH=\"$NEW_SSH_DIR:\$PATH\"" >> ~/.bashrc
fi
}
# 验证更新
verify_installation() {
echo "SSH版本信息"
ssh -V
sshd -V
}
# 清理下载的文件
clean_up() {
cd ..
rm -rf openssh-${OPENSSH_VERSION}*
}
# 标题
check_openssh_test() {
echo "SSH高危漏洞修复工具"
echo "--------------------------"
}
# 检查OpenSSH版本
check_openssh_version() {
current_version=$(ssh -V 2>&1 | awk '{print $1}' | cut -d_ -f2 | cut -d'p' -f1)
# 版本范围
min_version=8.5
max_version=9.7
if awk -v ver="$current_version" -v min="$min_version" -v max="$max_version" 'BEGIN{if(ver>=min && ver<=max) exit 0; else exit 1}'; then
check_openssh_test
echo "SSH版本: $current_version 在8.5到9.7之间,需要修复。"
read -p "确定继续吗?(Y/N): " choice
case "$choice" in
[Yy])
install_dependencies
install_openssh
restart_ssh
set_path_priority
verify_installation
clean_up
;;
[Nn])
echo "已取消"
exit 1
;;
*)
echo "无效的选择,请输入 Y 或 N。"
exit 1
;;
esac
else
check_openssh_test
echo "SSH版本: $current_version 不在8.5到9.7之间,无需修复。"
exit 1
fi
}
check_openssh_version

490
www-1.conf Normal file
View File

@@ -0,0 +1,490 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or NONE) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 3
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 3
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 5
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 20s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

490
www.conf Normal file
View File

@@ -0,0 +1,490 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or NONE) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 50
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 10
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 20s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M