Ubuntu 配置PPTP Server

1,安装pptpd

sudo apt-get install pptpd

2,配置虚拟ip,编辑 /etc/pptpd.conf

localip 192.168.0.1
remoteip 192.168.0.200-210,192.168.0.245

3,设置dns,编辑 /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4

4,添加用户,编辑 /etc/ppp/chap-secrets

#帐号    服务器    密码    IP地址
user    pptpd    123456  *

5,重启pptpd

# service pptpd restart

6,配置NAT流量转发,编辑/etc/sysctl.conf

net.ipv4.ip_forward=1 //注释去掉

7,使得配置立即生效

sudo sysctl –p

8,向iptables添加NAT规则

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/iptables-rules-for-me

9,新建 /etc/network/if-pre-up.d/iptables,添加内容

#!/bin/sh
iptables-restore < /etc/iptables-rules-for-me

Deploy production server on Ubuntu 14.04

Overview

  1. Setup deploy user
  2. Install Ruby
  3. Install MySQL
  4. Install Redis
  5. Install RabbitMQ
  6. Install Bitcoind
  7. Install Nginx with Passenger
  8. Install JavaScript Runtime
  9. Install ImageMagick
  10. Configure Peatio

1. Setup deploy user

Create (if it doesn’t exist) deploy user, and assign it to the sudo group:

sudo adduser deploy
sudo usermod -a -G sudo deploy

Re-login as deploy user

2. Install Ruby

Make sure your system is up-to-date.

sudo apt-get update
sudo apt-get upgrade

Installing rbenv using a Installer

sudo apt-get install git-core curl zlib1g-dev build-essential \
                     libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 \
                     libxml2-dev libxslt1-dev libcurl4-openssl-dev \
                     python-software-properties libffi-dev

cd
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

Install Ruby through rbenv:

rbenv install 2.2.1
rbenv global 2.2.1

Install bundler

echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
rbenv rehash

3. Install MySQL

sudo apt-get install mysql-server  mysql-client  libmysqlclient-dev

4. Install Redis

Be sure to install the latest stable Redis, as the package in the distro may be a bit old:

sudo apt-add-repository -y ppa:rwky/redis
sudo apt-get update
sudo apt-get install redis-server

5. Install RabbitMQ

Please follow instructions here: https://www.rabbitmq.com/install-debian.html

curl http://www.rabbitmq.com/rabbitmq-signing-key-public.asc | sudo apt-key add -
sudo apt-add-repository 'deb http://www.rabbitmq.com/debian/ testing main'
sudo apt-get update
sudo apt-get install rabbitmq-server

sudo rabbitmq-plugins enable rabbitmq_management
sudo service rabbitmq-server restart
wget http://localhost:15672/cli/rabbitmqadmin
chmod +x rabbitmqadmin
sudo mv rabbitmqadmin /usr/local/sbin

6. Install Bitcoind

sudo add-apt-repository ppa:bitcoin/bitcoin
sudo apt-get update
sudo apt-get install bitcoind

Configure

mkdir -p ~/.bitcoin
touch ~/.bitcoin/bitcoin.conf
vim ~/.bitcoin/bitcoin.conf

Insert the following lines into the bitcoin.conf, and replce with your username and password.

server=1
daemon=1

# If run on the test network instead of the real bitcoin network
testnet=1

# You must set rpcuser and rpcpassword to secure the JSON-RPC api
# Please make rpcpassword to something secure, `5gKAgrJv8CQr2CGUhjVbBFLSj29HnE6YGXvfykHJzS3k` for example.
# Listen for JSON-RPC connections on <port> (default: 8332 or testnet: 18332)
rpcuser=INVENT_A_UNIQUE_USERNAME
rpcpassword=INVENT_A_UNIQUE_PASSWORD
rpcport=18332

# Notify when receiving coins
walletnotify=/usr/local/sbin/rabbitmqadmin publish routing_key=peatio.deposit.coin payload='{"txid":"%s", "channel_key":"satoshi"}'

Start bitcoin

bitcoind

7. Installing Nginx & Passenger

Install Phusion’s PGP key to verify packages

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7

Add HTTPS support to APT

sudo apt-get install apt-transport-https ca-certificates

Add the passenger repository. Note that this only works for Ubuntu 14.04. For other versions of Ubuntu, you have to add the appropriate repository according to Section 2.3.1 of this link.

sudo add-apt-repository 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main'
sudo apt-get update

Install nginx and passenger

sudo apt-get install nginx-extras passenger

Next, we need to update the Nginx configuration to point Passenger to the version of Ruby that we’re using. You’ll want to open up /etc/nginx/nginx.conf in your favorite editor,

sudo vim /etc/nginx/nginx.conf

find the following lines, and uncomment them:

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

update the second line to read:

passenger_ruby /home/deploy/.rbenv/shims/ruby;

8. Install JavaScript Runtime

A JavaScript Runtime is needed for Asset Pipeline to work. Any runtime will do but Node.js is recommended.

curl -sL https://deb.nodesource.com/setup | sudo bash -
sudo apt-get install nodejs

9. Install ImageMagick

sudo apt-get -y install imagemagick gsfonts

10. Setup production environment variable

echo "export RAILS_ENV=production" >> ~/.bashrc
source ~/.bashrc
Clone the Source
mkdir -p ~/peatio
git clone git://github.com/peatio/peatio.git ~/peatio/current
cd peatio/current

# Install dependency gems
bundle install --without development test --path vendor/bundle
Configure Peatio

Prepare configure files

bin/init_config

Setup Pusher

  • Peatio depends on Pusher. A development key/secret pair for development/test is provided in config/application.yml(uncomment to use). PLEASE USE IT IN DEVELOPMENT/TEST ENVIRONMENT ONLY!

More details to visit pusher official website

# uncomment Pusher related settings
vim config/application.yml

Setup bitcoind rpc endpoint

# replace username:password and port with the one you set in
# username and password should only contain letters and numbers, do not use email as username
# bitcoin.conf in previous step
vim config/currencies.yml

Config database settings

vim config/database.yml

# Initialize the database and load the seed data
bundle exec rake db:setup

Precompile assets

bundle exec rake assets:precompile

Run Daemons

# start all daemons
bundle exec rake daemons:start

# or start daemon one by one
bundle exec rake daemon:matching:start
...

# Daemon trade_executor can be run concurrently, e.g. below
# line will start four trade executors, each with its own logfile.
# Default to 1.
TRADE_EXECUTOR=4 rake daemon:trade_executor:start

# You can do the same when you start all daemons:
TRADE_EXECUTOR=4 rake daemons:start

When daemons don’t work, check log/#{daemon name}.rb.output or log/peatio:amqp:#{daemon name}.output for more information (suffix is ‘.output’, not ‘.log’).

SSL Certificate setting

For security reason, you must setup SSL Certificate for production environment, if your SSL Certificated is been configured, please change the following line at config/environments/production.rb

config.force_ssl = true

Passenger:

sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /home/deploy/peatio/current/config/nginx.conf /etc/nginx/conf.d/peatio.conf
sudo service nginx restart

Liability Proof

# Add this rake task to your crontab so it runs regularly
RAILS_ENV=production rake solvency:liability_proof

负载均衡slb下后端服务器无法访问负载IP的问题

在阿里云SLB的一台后端服务器,今天部署了脚本,访问一直是 curl: (7) couldn’t connect to host

看了安全策略和防火墙都没问题。诡异的要死。后来问了阿里客服才知道。监听时默认的是四层协议,是不支持后端ECS服务器做为客户端访问SLB的,要想访问,只能将监听修改为七层https或者http

这里要注意下,修改是看不到这个选项的。需要删除原监听端口,再新添加前端协议时选择 http 或者 https。

 

TrustAsia DV SSL CA 在curl下失败的问题

阿里云的CA免费证书到期了,却无法购买。阿里云真是坑人。去新浪云申请了TrustAsia的免费证书,下发访问没啥问题。但是一天后发现 curl访问出现如下错误:

SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

郁闷,然后去腾讯云又重新申请了,也是TrustAsia的免费DV,下发后验证通过,curl访问也通过了。真是无语了。。。

SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /home/cert/2018/2_yourdomain.cn.crt
SSLCertificateKeyFile /home/cert/2018/3_yourdomain.cn.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /home/cert/2018/1_root_bundle.crt