lizongbo at 618119.com 工作,生活,Android,前端,Linode,Ubuntu,nginx,java,apache,tomcat,Resin,mina,Hessian,XMPP,RPC

2010年11月4日

linode上配置resin的CGIservlet来支持perl运行awstats7.0

Filed under: Linux,nginx,Resin — 标签:, , , , , — lizongbo @ 00:19

linode上配置resin的CGIservlet来支持perl运行awstats7.0
在网上搜索了linode的vps上安装配置nginx来支持awstats的相关文章,感觉比较麻烦,而我的linode vps上因为部署了Resin4.0.12,因此我选择通过resin的CGIservlet来运行awstats.

1.如果是windows操作系统,需要下载安装最新的ActivePerl:
http://downloads.activestate.com/ActivePerl/releases/5.12.2.1202/ActivePerl-5.12.2.1202-MSWin32-x86-293621.msi
来源:http://www.activestate.com/activeperl/downloads

2.下载最新的AWStats:
AWStats 6.9正式版是2008年底发布的,因此下载7.0beta版来:
http://awstats.sourceforge.net/files/awstats-7.0.tar.gz
来源: http://awstats.sourceforge.net/

3.下载准备插件
GeoLiteCity.dat
http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
来源:http://www.maxmind.com/app/geolitecity
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
来源:http://www.maxmind.com/app/geolitecountry
http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
来源:http://www.maxmind.com/app/asnum
http://www.ieasy.org/download/qqwry.pl
http://www.ieasy.org/download/qqhostinfo.pm
来源:http://www.ieasy.org/reload/cat2/awstats_qqhosti.html
geoip插件的依赖库:http://geolite.maxmind.com/download/geoip/api/pureperl/Geo-IP-PurePerl-1.25.tar.gz
来源:http://www.maxmind.com/app/perl

4.将下载的awstats-7.0.tar.gz!/awstats-7.0/wwwroot/解压成/usr/local/app/resin/webapps/awstats/

建立 /usr/local/app/resin/webapps/awstats/WEB-INF/resin-web.xml,内容如下:

<web-app xmlns=”http://caucho.com/ns/resin”
xmlns:resin=”urn:java:com.caucho.resin”>

<servlet >
<servlet-name>cgi</servlet-name>
<servlet-class>com.caucho.servlets.CGIServlet</servlet-class>
<!–下面三个是可配置的参数,参考:http://www.caucho.com/resin-javadoc/com/caucho/servlets/CGIServlet.html
<init>
<executable>C:\\Perl\\bin\\perl</executable>
<ignoreExitCode>false</ignoreExitCode>
<stderrIsException>true</stderrIsException>
</init>
–>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>*.pl</url-pattern>
</servlet-mapping>

<session-config>
<use-persistent-store/>
</session-config>
<!–
– Security configuration
–>
<resin:BasicLogin realmName=”awstats statistics”/>
<resin:Deny>
<url-pattern>*.conf</url-pattern>
<url-pattern>*.pm</url-pattern>
<url-pattern>*.txt</url-pattern>
</resin:Deny>

<resin:Allow url-pattern=”/*”>
<resin:IfUserInRole role=”awstats_role”/>
</resin:Allow>

<resin:XmlAuthenticator password-digest=”none”>
<resin:user name=”awstats” password=”awstats” group=”awstats_role”/>
</resin:XmlAuthenticator>

</web-app>

5.安装Geo-IP-PurePerl组件:
root@lizongbo.com:/usr/local/app# wget http://geolite.maxmind.com/download/geoip/api/pureperl/Geo-IP-PurePerl-1.25.tar.gz
root@lizongbo.com:/usr/local/app# tar -zxvf Geo-IP-PurePerl-1.25.tar.gz
root@lizongbo.com:/usr/local/app# cd Geo-IP-PurePerl-1.25
root@lizongbo.com:/usr/local/app/Geo-IP-PurePerl-1.25# perl Makefile.PL
root@lizongbo.com:/usr/local/app/Geo-IP-PurePerl-1.25# make
root@lizongbo.com:/usr/local/app/Geo-IP-PurePerl-1.25# make test
root@lizongbo.com:/usr/local/app/Geo-IP-PurePerl-1.25# make install

6.在/usr/local/app/resin/webapps/awstats/cgi-bin/下面建立awstats.localhost.conf配置,内容如下:

Include=”awstats.model.conf”
LogFile=”/usr/local/app/resin/log/access.log.%yyyy%MM%dd”
SiteDomain=”localhost”
LoadPlugin=”decodeutfkeys”
LoadPlugin=”hashfiles”
LoadPlugin=”tooltips”
LoadPlugin=”geoip_city_maxmind GEOIP_STANDARD  /usr/local/app/resin/webapps/awst
ats/cgi-bin/plugins/GeoLiteCity.dat”
LoadPlugin=”geoip GEOIP_STANDARD /usr/local/app/resin/webapps/awstats/cgi-bin/pl
ugins/GeoIP.dat”
LoadPlugin=”geoip_asn_maxmind  GEOIP_STANDARD  /usr/local/app/resin/webapps/awst
ats/cgi-bin/plugins/GeoIPASNum.dat”
LoadPlugin=”qqhostinfo”

LogFormat=1
HostAliases=”localhost lizongbo.com 127.0.0.1 REGEX[^[a-zA-Z0-9]+\.lizongbo\.com$]”

DirIcons=”/awstats/icon”
DNSLookup=1
DirData=”.”
DirCgi=”/cgi-bin”

AllowToUpdateStatsFromBrowser=1

7.下载纯真ip库:
http://update.cz88.net/soft/ip_setup.exe
来源:http://www.cz88.net/fox/
运行ip_setup.exe安装之后,找到C:\Program Files\cz88.net\ip下面的qqwry.dat,上传到服务器的/usr/local/app/resin/webapps/awstats/cgi-bin/plugins。
root@lizongbo.com:/usr/local/app/resin/webapps/awstats/cgi-bin/plugins# cp /usr/local/app/geoip/qqwry.dat  ./
由于linux下区分文件名大小写,所以必须将ip库文件名改成QQWry.Dat.
root@lizongbo.com:/usr/local/app/resin/webapps/awstats/cgi-bin/plugins# mv qqwry.dat  QQWry.Dat
参考:http://www.ieasy.org/reload/cat2/awstats_qqhosti.html
root@lizongbo.com:/usr/local/app/resin/webapps/awstats/cgi-bin/plugins# vi qqwry.pl
然后在  my $ipfile=”./QQWry.Dat”;
下面再插入下面一行:
my $ipfile=”${DIR}/plugins/QQWry.Dat”;

8.在命令行上测试一下:
root@lizongbo.com:/usr/local/app/resin/log# /usr/bin/perl /usr/local/app/resin/webapps/awstats/cgi-bin/awstats.pl -config=localhost -output
<html><body>
<br /><span style=”color: #880000″>
Error: Plugin load for plugin ‘decodeutfkeys’ failed with return code: Error: Can’t locate URI/Escape.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /usr/local/app/resin/webapps/awstats/cgi-bin/lib /usr/local/app/resin/webapps/awstats/cgi-bin/plugins) at (eval 3) line 1.

</span><br />
<br /><b>Setup (‘/usr/local/app/resin/webapps/awstats/cgi-bin/awstats.localhost.conf’ file, web server or permissions) may be wrong.</b><br />
Check config file, permissions and AWStats documentation (in ‘docs’ directory).
</body></html>

根据错误信息提示,需要安装URI组件,于是下载: http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/URI-1.56.tar.gz
来源:http://search.cpan.org/dist/URI/

root@lizongbo.com:/usr/local/app# wget http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/URI-1.56.tar.gz
root@lizongbo.com:/usr/local/app# tar -zxvf URI-1.56.tar.gz
root@lizongbo.com:/usr/local/app# cd URI-1.56
root@lizongbo.com:/usr/local/app/URI-1.56# perl Makefile.PL
root@lizongbo.com:/usr/local/app/URI-1.56# make
root@lizongbo.com:/usr/local/app/URI-1.56# make test
root@lizongbo.com:/usr/local/app/URI-1.56# make install

root@lizongbo.com:/usr/local/app/resin/webapps/awstats/cgi-bin/plugins# ls -alh *.dat
-rw-r–r– 1 root root 1.1M Oct 30 10:40 GeoIP.dat
-rw-r–r– 1 root root 3.5M Oct 30 10:40 GeoIPASNum.dat
-rw-r–r– 1 root root  30M Oct 30 10:40 GeoLiteCity.dat
-rw-r–r– 1 root root 8.1M Oct 30 10:40 qqwry.dat

9.在浏览器中访问:http://lizongbo.com/awstats/cgi-bin/awstats.pl?config=localhost
输入用户名awstats,密码:awstats,即可查看统计结果。

Windows的resin上运行awstats还需要安装perl插件:

开始菜单–>ActivePerl 5.12.2 Build 1202–>Perl Package Manager (实际命令是:C:\Perl\bin\wperl.exe -x ppm.bat)
输入URI,搜索到插件,然后选中点右键:Install URI 1.56。

windows下resin-web.xml里的cgi配置是:
<init>
<executable>C:\\Perl\\bin\\perl</executable>
<ignoreExitCode>true</ignoreExitCode>
</init>
否则会出下面的错误信息:
java.io.IOException: Cannot run program “/usr/bin/perl” (in directory “D:\3gdev\Java\resin-4.0.10\webapps\awstats\cgi-bin”):
CreateProcess error=3, ???????
at java.lang.ProcessBuilder.start(ProcessBuilder.java:459)
at java.lang.Runtime.exec(Runtime.java:593)
at com.caucho.servlets.CGIServlet.service(CGIServlet.java:211)
at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:109)
at com.caucho.server.security.SecurityFilterChain.doFilter(SecurityFilterChain.java:131)
at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:183)
at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:92)
at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:286)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:789)
at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:662)
at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:625)
at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:576)
at com.caucho.network.listen.TcpSocketLink$AcceptTask.doTask(TcpSocketLink.java:1159)
at com.caucho.network.listen.TcpSocketLink$ConnectionReadTask.runThread(TcpSocketLink.java:1092)
at com.caucho.network.listen.TcpSocketLink$AcceptTask.run(TcpSocketLink.java:1126)
at com.caucho.env.thread.ResinThread.runTasks(ResinThread.java:170)
at com.caucho.env.thread.ResinThread.run(ResinThread.java:126)
不过我配置之后通过浏览器访问时还是出现了下面的出错信息:
javax.servlet.ServletException: CGI execution failed.  Exit code -1072365564
at com.caucho.servlets.CGIServlet.service(CGIServlet.java:296)
at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:109)
at com.caucho.server.security.SecurityFilterChain.doFilter(SecurityFilterChain.java:131)
at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:183)
at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:92)
at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:286)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:789)
at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:662)
at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:625)
at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:576)
at com.caucho.network.listen.TcpSocketLink$AcceptTask.doTask(TcpSocketLink.java:1159)
at com.caucho.network.listen.TcpSocketLink$ConnectionReadTask.runThread(TcpSocketLink.java:1092)
at com.caucho.network.listen.TcpSocketLink$AcceptTask.run(TcpSocketLink.java:1126)
at com.caucho.env.thread.ResinThread.runTasks(ResinThread.java:170)
at com.caucho.env.thread.ResinThread.run(ResinThread.java:126)

-1072365564 就是 cgi perl 0xc0150004,可惜在网上搜索了很久,也没找到有用的信息。
儿通过dos夏的命令行运行却是能正常执行的。

相关参考:http://blog.chinaunix.net/u/31550/showart_317525.html

在Tomcat中通过cgi安装配置awstats:

http://618119.com/archives/2007/12/07/41.html

2010年11月2日

Ubuntu10.04上编译安装php5.3.3和wordpress3.0.1

Filed under: Linux,mysql,nginx — 标签:, , , , , — lizongbo @ 20:46

Ubuntu10.04上编译安装php5.3.3和wordpress3.0.1

1.先下载php5.3.3的源代码:
root@618119.com:/usr/local/app# wget http://cn2.php.net/get/php-5.3.3.tar.gz/from/am.php.net/mirror
来源:http://www.php.net/downloads.php

2.解压php的源代码:
root@618119.com:/usr/local/app# tar -zxvf php-5.3.3.tar.gz

3.进入php源码目录:
准备编译:

./configure –prefix=/usr/local/app/php –enable-fastcgi –with-mysql=/usr/local/app/mysql –enable-zend-multibyte –with-config-file-path=/usr/local/app/php/conf –enable-discard-path –enable-force-cgi-redirect

提示:
configure: error: xml2-config not found. Please check your libxml2 installation

root@618119.com:/usr/local/app/php-5.3.3# sudo apt-get install libxml2-dev

4.make编译安装
root@618119.com:/usr/local/app/php-5.3.3# make
root@618119.com:/usr/local/app/php-5.3.3# make install

5.参考http://wiki.nginx.org/PHPFcgiExample 建立php-fcgi服务,
root@618119.com:/etc/init.d# vi php-fcgi
root@618119.com:/etc/init.d# chmod +x php-fcgi
root@618119.com:/etc/init.d# sudo /usr/sbin/update-rc.d -f php-fcgi defaults

php-fcgi的脚本如下:
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# more /etc/init.d/php-fcgi
#!/bin/bash
BIND=127.0.0.1:9000
USER=root
PHP_FCGI_CHILDREN=15
PHP_FCGI_MAX_REQUESTS=1000

PHP_CGI=/usr/local/app/php/bin/php-cgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS=”- USER=$USER PATH=/usr/local/app/php/bin PHP_FCGI_CHILDREN=$PHP_FC
GI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND”
RETVAL=0

start() {
echo -n “Starting PHP FastCGI: ”
start-stop-daemon –quiet –start –background –chuid “$USER” –exec /usr
/bin/env — $PHP_CGI_ARGS
RETVAL=$?
echo “$PHP_CGI_NAME.”
}
stop() {
echo -n “Stopping PHP FastCGI: ”
killall -q -w -u $USER $PHP_CGI
RETVAL=$?
echo “$PHP_CGI_NAME.”
}

case “$1” in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo “Usage: php-fastcgi {start|stop|restart}”
exit 1
;;
esac
exit $RETVAL

配置blog域名的虚拟主机:
root@618119.com:/usr/local/app/nginx# mkdir vhost
root@618119.com:/usr/local/app/nginx# cd vhost/
root@618119.com:/usr/local/app/nginx/vhost# mkdir blog.618119.com
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# cd blog.618119.com/

下载wordpress最新3.0.1版程序
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# wget http://wordpress.org/latest.tar.gz
来源: http://wordpress.org/download/
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# tar -zxvf latest.tar.gz
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# cp -r ./wordpress/* ./
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# rm -rf wordpress/
下载wordpress的中文语言包:
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# wget http://wpcn.googlecode.com/files/WordPress.v3.0.1.Simp.Chinese.Pack.Only.v1-wpcng.tar.gz
来源:http://code.google.com/p/wpcn/downloads/list
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# tar -zxvf WordPress.v3.0.1.Simp.Chinese.Pack.Only.v1-wpcng.tar.gz
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# cp -r ./wordpress/* ./
root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# rm -rf wordpress/

root@618119.com:/usr/local/app/nginx/vhost/blog.618119.com# vi ./wp-config.php

define (‘WPLANG’, ‘zh_CN’);

nginx.conf配置:

server {
server_name  blog.618119.com;
location / {
root   vhost/blog.618119.com;
index  index.html index.htm index.php;
}
}

参考:http://wiki.nginx.org/PHPFcgiExample

root@618119.com:/etc/init.d# service php-fcgi start

root@618119.com:/usr/local/app/nginx/conf# /usr/local/app/nginx/sbin/nginx -s reload

2010年10月27日

在Ubuntu Server 10.04上通过源代码编译安装OpenVPN 2.1.3

Filed under: Linux — 标签:, , , , — lizongbo @ 22:13

在Ubuntu Server 10.04上通过源代码编译安装OpenVPN 2.1.3
Linux是在linode.com购买的vps
1.下载OpenVPN稳定版本2.1.3的源码:
root@618119.com:/usr/local/app# wget http://openvpn.net/release/openvpn-2.1.3.tar.gz
来源:
http://openvpn.net/index.php/open-source/downloads.html
2.解压源代码:
root@618119.com:/usr/local/app# tar -zxvf openvpn-2.1.3.tar.gz
3.编译前先检查配置:
root@618119.com:/usr/local/app/openvpn-2.1.3# ./configure –prefix=/usr/local/app/openvpn
系统提示:
LZO library available from http://www.oberhumer.com/opensource/lzo/
configure: error: Or try ./configure –disable-lzo
4.安装liblzo2-dev库
root@618119.com:/usr/local/app/openvpn-2.1.3# apt-get install liblzo2-dev
由于在安装nginx时是用openssl源代码进行编译的,这里使用Openssl最新版的源代码进行编译:
(openssl源码下载参考: http://618119.com/archives/2010/10/22/174.html)
5,再次配置:
root@618119.com:/usr/local/app/openvpn-2.1.3# ./configure –prefix=/usr/local/app/openvpn –with-ssl-lib=/usr/local/app/openssl-1.0.0a –with-ssl-headers=/usr/local/app/openssl-1.0.0a/include
6.编译并安装
root@618119.com:/usr/local/app/openvpn-2.1.3# make
root@618119.com:/usr/local/app/openvpn-2.1.3# make install
7.准备生成根证书信息:
root@618119.com:/usr/local/app/openvpn-2.1.3# cd easy-rsa/2.0/
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# vi ./vars
涉及编辑修改的内容为:
export KEY_COUNTRY=”CN”
export KEY_PROVINCE=”Guangdong”
export KEY_CITY=”Shenzhen”
export KEY_ORG=”*.618119.com”
export KEY_EMAIL=”lizongbo@gmail.com

8.开始准备生成根证书:
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/local/app/openvpn-2.1.3/easy-rsa/2.0/keys
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./clean-all
Please source the vars script first (i.e. “source ./vars”)
Make sure you have edited it to reflect your configuration.
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/local/app/openvpn-2.1.3/easy-rsa/2.0/keys
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./clean-all

root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./build-ca
Generating a 1024 bit RSA private key
…..++++++
………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Guangdong]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [*.618119.com]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [*.618119.com CA]:
Name []:
Email Address [lizongbo@gmail.com]:

9.生成OpenVPN服务器证书:
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./build-key-server openvpn.618119.com
Generating a 1024 bit RSA private key
…………..++++++
……………………………………….++++++
writing new private key to ‘openvpn.618119.com.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Guangdong]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [*.618119.com]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [openvpn.618119.com]:
Name []:
Email Address [lizongbo@gmail.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:618119.com
An optional company name []:
Using configuration from /usr/local/app/openvpn-2.1.3/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           :PRINTABLE:’CN’
stateOrProvinceName   :PRINTABLE:’Guangdong’
localityName          :PRINTABLE:’Shenzhen’
organizationName      :T61STRING:’*.618119.com’
commonName            :PRINTABLE:’openvpn.618119.com’
emailAddress          :IA5STRING:’lizongbo@gmail.com
Certificate is to be certified until Oct 21 05:49:51 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
10.生成OpenVPN客户端证书:

root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./build-key vpnclient.618119.com
Generating a 1024 bit RSA private key
…………………………..++++++
……………++++++
writing new private key to ‘vpnclient.618119.com.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Guangdong]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [*.618119.com]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [vpnclient.618119.com]:
Name []:
Email Address [lizongbo@gmail.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:618119.com
An optional company name []:
Using configuration from /usr/local/app/openvpn-2.1.3/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           :PRINTABLE:’CN’
stateOrProvinceName   :PRINTABLE:’Guangdong’
localityName          :PRINTABLE:’Shenzhen’
organizationName      :T61STRING:’*.618119.com’
commonName            :PRINTABLE:’vpnclient.618119.com’
emailAddress          :IA5STRING:’lizongbo@gmail.com
Certificate is to be certified until Oct 21 05:53:31 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

11.生成dh(Diffie-Hellman)文件:
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# ./build-dh

12.创建配置文件目录和日志目录:
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# mkdir /usr/local/app/openvpn/conf
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# mkdir /usr/local/app/openvpn/conf/keys
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# mkdir /usr/local/app/openvpn/log
13.将生成的key文件目录复制到/usr/local/app/openvpn/conf
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# cp /usr/local/app/openvpn-2.1.3/easy-rsa/2.0/keys/* /usr/local/app/openvpn/conf/keys
14.从例子文件中复制服务器配置文件。
root@618119.com:/usr/local/app/openvpn-2.1.3/easy-rsa/2.0# cp /usr/local/app/openvpn-2.1.3/sample-config-files/server.conf   /usr/local/app/openvpn/conf/

15.通过vi编辑配置文件/usr/local/app/openvpn/conf/server.conf,以下是修改了默认值或取消注释的配置项
port 11194 #将默认端口1194改成了11194

proto tcp  #使用过程中发现udp协议连接不稳定,查无法定位原因,于是改用TCP协议来尝试
;proto udp

ca /usr/local/app/openvpn/conf/keys/ca.crt
cert /usr/local/app/openvpn/conf/keys/server.crt
key /usr/local/app/openvpn/conf/keys/server.key
dh /usr/local/app/openvpn/conf/keys/dh1024.pem

ifconfig-pool-persist /usr/local/app/openvpn/conf/ipp.txt

push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”

user nobody
group nobody #也可以使用系统已有的nogroup组,如果使用nobody则需要groupadd命令进行添加,

status /usr/local/app/openvpn/log/openvpn-status.log
log         /usr/local/app/openvpn/log/openvpn.log
log-append  /usr/local/app/openvpn/log/openvpn-append.log

verb 5

15.指定配置文件来启动OpenVPN:
root@618119.com:/etc/openvpn# /usr/local/app/openvpn/sbin/openvpn –config /usr/local/app/openvpn/conf/server.conf
启动之后发现OpenVPN进程不存在。
root@618119.com:/usr/local/app/openvpn/log# tail *.log
查看日志看到下面这样的错误信息:
Sun Oct 24 07:10:38 2010 us=152299 failed to find GID for group nobody
Sun Oct 24 07:10:38 2010 us=152331 Exiting
16.运行下面的命令:
root@618119.com:/usr/local/app/openvpn/log# groupadd nobody

17.再次启动openvpn,程序启动成功.
root@618119.com:/etc/openvpn# /usr/local/app/openvpn/sbin/openvpn –config /usr/local/app/openvpn/conf/server.conf

18.在Ubunut Linux服务器上配置数据转发:

root@618119.com:~# sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root@618119.com:~# sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

19.配置Ubuntu Linux上的OpenVPN客户端:
client.conf的配置如下:
client
remote *.*.*.* 11194 #指定端口,使用11194.
ca /usr/local/appr/openvpn/conf/keys/ca.crt
cert /usr/local/appr/openvpn/conf/keys/vpnclient.618119.com.crt
key /usr/local/appr/openvpn/conf/keys/vpnclient.618119.com.key
reneg-sec 0
comp-lzo yes
dev tun
proto tcp ##协议由udp改用tcp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user openvpn
group openvpn

20.在网络连接中进行连接。
openvpn连接上之后,再在本地浏览器访问http://www.youtube.com/http://twitter.com/,均可正常访问了。

WSun Oct 24 10:56:38 2010 us=259482 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
连接出错,可能是网络原因,可以多连几次。

21.window上使用OpenVPN,先下载windows客户端:
http://openvpn.net/release/openvpn-2.1.3-install.exe
安装之后在本地

22.将证书等文件在本地准备好,,然后客户端配置文件C:\Program Files\OpenVPN\bin\client.ovpn
———————————————————-client
remote *.*.*.* 11194
ca I:\\temp\\keys\\ca.crt
cert I:\\temp\\keys\\vpnclient.618119.com.crt
key I:\\temp\\keys\\vpnclient.618119.com.key
reneg-sec 0
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user openvpn
group openvpn

———————————————————-

23.在dos窗口下执行程序进行连接:

C:\Program Files\OpenVPN\bin>openvpn client.ovpn
Wed Oct 27 22:11:02 2010 NOTE: –user option is not implemented on Windows
Wed Oct 27 22:11:02 2010 NOTE: –group option is not implemented on Windows
Wed Oct 27 22:11:02 2010 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] bui
lt on Aug 20 2010
Wed Oct 27 22:11:02 2010 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 27 22:11:02 2010 NOTE: the current –script-security setting may allow t
his configuration to call user-defined scripts
Wed Oct 27 22:11:02 2010 LZO compression initialized
Wed Oct 27 22:11:02 2010 UDPv4 link local: [undef]
Wed Oct 27 22:11:02 2010 UDPv4 link remote: *.*.*.*:11194
Wed Oct 27 22:11:30 2010 [_.618119.com] Peer Connection Initiated with 173.25
5.196.174:11194
Wed Oct 27 22:11:37 2010 TAP-WIN32 device [本地连接 2] opened: \\.\Global\{FF3AE
A0C-A0ED-4068-882D-4C98D2CB50A9}.tap
Wed Oct 27 22:11:37 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
0.8.0.10/255.255.255.252 on interface {FF3AEA0C-A0ED-4068-882D-4C98D2CB50A9} [DH
CP-serv: 10.8.0.9, lease-time: 31536000]
Wed Oct 27 22:11:37 2010 Successful ARP Flush on interface [131077] {FF3AEA0C-A0
ED-4068-882D-4C98D2CB50A9}
Wed Oct 27 22:11:42 2010 Initialization Sequence Completed

相关参考文章:
1.openvpn官方文档:
http://openvpn.net/index.php/open-source/documentation/howto.html#install
2.Ubuntu Server 安装 OpenVPN Server:
http://www.douhua.im/2010/01/06/ubuntu-server-install-openvpn-server/
3.安装配置OpenVPN:
http://pityonline.info/?p=1054
4.Ubuntu 安装 openvpn:
http://space.itpub.net/7201003/viewspace-312657
5.出错信息:UDPv4 [ECONNREFUSED]: Connection refused (code=111)
http://readthefuckingmanual.net/error/383/

http://www.imped.net/oss/misc/openvpn-2.0-howto-edit.html

http://blog.darkices.com/archive/openvpn-server-side-dns-hijacking-to-solve-the-problem-of-pollution-dns.html
http://omobox.com/memo/tunnelier-instead-of-myentunnel.html

http://blog.darkices.com/archive/build-ssh-proxy-on-vps.html#comment-275

检查tun是否开启的命令:
dmesg|grep tun
或者:ls -l /dev/net/tun

参考:http://www.hostloc.com/thread-6106-5-589.html

« Newer PostsOlder Posts »

Powered by WordPress