CentOS

  • CentOS 安装 PHP7

    2016-11-24 18:23:38 4701 1 技术文章
    yum --enablerepo=remi-php70 install php-opcache php-mbstring php-mysql php-gd php-xml php-json php-devel php-pear ImageMagick-devel
    
  • 在 RedHat 或 CentOS 安装 Sphinx 安装包

    2016-06-24 16:02:58 2207 0 未分类
  • CentOS 7 搭建 IPSec/IKEv2 VPN 服务器

    2015-10-08 09:25:00 2297 0 技术文章

    GitHub 地址

    https://github.com/jiangxi14520/one-key-ikev2-vpn

    wget --no-check-certificate https://raw.githubusercontent.com/quericy/one-key-ikev2-vpn/master/one-key-ikev2.sh
    
    chmod +x one-key-ikev2.sh
    bash one-key-ikev2.sh
    

    如果使用 firewalld

    vim /etc/firewalld/zones/public.xml
    

    执行以下命令

    firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="esp" accept' # ESP (the encrypted data packets)
    firewall-cmd --zone=dmz --permanent --add-rich-rule='rule protocol value="ah" accept' # AH (authenticated headers)
    firewall-cmd --zone=dmz --permanent --add-port=500/udp #IKE  (security associations)
    firewall-cmd --zone=dmz --permanent --add-port=4500/udp # IKE NAT Traversal (IPsec between natted devices)
    firewall-cmd --permanent --add-service="ipsec"
    firewall-cmd --zone=dmz --permanent --add-masquerade
    firewall-cmd --permanent --set-default-zone=dmz
    firewall-cmd --reload
    firewall-cmd --list-all
    
    vim /etc/sysctl.conf
    

    添加以下内容:

    # VPN
    net.ipv4.ip_forward = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.send_redirects = 0
    

    使之生效:

    sysctl -p
    
    <?xml version="1.0" encoding="utf-8"?>
    <zone>
      <short>Public</short>
      <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
      <service name="dhcpv6-client"/>
      <service name="ssh"/>
      <port protocol="tcp" port="80"/>
      <port protocol="udp" port="500"/>
      <port protocol="tcp" port="500"/>
      <port protocol="udp" port="4500"/>
      <port protocol="udp" port="1701"/>
      <port protocol="tcp" port="1723"/>
      <masquerade/>
    </zone>
    

    Mac 上配置

    进入钥匙串管理,选择登录,然后将证书拖进去。

    不被信任解决方法,右键->属性,选择总是被信任

  • CentOS 服务器搭建 Shadowsockets 教程

    2014-06-20 15:25:00 2815 0 技术文章
    yum install python-setuptools m2crypto supervisor
    easy_install pip
    pip install shadowsocks
    
    /usr/bin/python /usr/bin/ssserver -p 443 -k yourpassword -m aes-256-cfb --user nobody -d start