通常 A 机器和 B 机器已经在 ~/.ssh/config 中定义并建立了信任关系,因此我们可以直接使用主机别名,而不需要使用 user@B_machine 的方式。
sync_files.sh 脚本
#!/bin/bash
# 定义源和目标目录
SOURCE_DIR="/data/files/"
DEST_DIR="B_machine:~/backups/A_machine/data/files"
# 执行 rsync 命令
rsync -av --exclude='tmp/' "$SOURCE_DIR" "$DEST_DIR"
确保脚本有执行权限:
chmod +x sync_files.sh
使用 cron 设置每五分钟执行一次该脚本:
crontab -e
添加:
*/5 * * * * /path/to/sync_files.sh
在 Linux 系统上,/var/log/journal 目录通常用来存储系统日志。如果这个目录占用了过多的空间,可以通过以下几种方法来管理和限制日志的大小:
journald 配置你可以通过修改 journald 的配置文件来设置日志的最大大小和保留时间:
打开终端。
编辑 journald 配置文件:
sudo nano /etc/systemd/journald.conf
在文件中添加或修改以下配置项:
[Journal]
SystemMaxUse=500M
SystemKeepFree=100M
SystemMaxFileSize=50M
SystemMaxFiles=10
这些选项的含义如下:
SystemMaxUse:限制日志的总大小。SystemKeepFree:保留的磁盘空间。SystemMaxFileSize:每个日志文件的最大大小。SystemMaxFiles:最大日志文件数。保存文件并退出编辑器。
重新启动 journald 服务以应用更改:
sudo systemctl restart systemd-journald
如果你想立即释放一些空间,可以手动清理旧的日志文件:
sudo journalctl --vacuum-size=500M
这条命令会将日志文件的总大小限制在 500MB。
你可以使用 cron 任务来定期清理日志。例如,可以设置一个每天执行的任务来保持日志的大小在一个合理的范围内。
打开 cron 编辑器:
crontab -e
添加以下行以每天清理日志:
0 0 * * * /usr/bin/journalctl --vacuum-time=7d
这样设置后,系统将每天清理超过 7 天的日志。
Running a small VPS with limited memory can be frustrating, especially when processes get killed due to low memory. A quick and easy way to help prevent this is by setting up a swap file.
This script will
/etc/fstab to make it permanent.The script uses scp to copy a temporary script to the remote machine and ssh to execute it. Here’s the full script:
#!/bin/bash
# Check if machine name is provided
if [ -z "$1" ]; then
echo "Usage: $0 <machine-name>"
exit 1
fi
REMOTE_MACHINE=$1
SWAPFILE=/swapfile
SIZE=2048
# Generate remote script content
REMOTE_SCRIPT=$(cat <<EOF
#!/bin/bash
if swapon --show | grep -q "$SWAPFILE"; then
echo "Swap is already enabled on $SWAPFILE"
exit 0
fi
sudo dd if=/dev/zero of=$SWAPFILE bs=1M count=$SIZE
sudo chmod 600 $SWAPFILE
sudo mkswap $SWAPFILE
sudo swapon $SWAPFILE
if ! grep -q "$SWAPFILE" /etc/fstab; then
echo "$SWAPFILE none swap sw 0 0" | sudo tee -a /etc/fstab
fi
free -h
EOF
)
# Save remote script locally
echo "$REMOTE_SCRIPT" > /tmp/create_swap.sh
# Copy script to remote machine and execute it
scp /tmp/create_swap.sh $REMOTE_MACHINE:/tmp/
ssh $REMOTE_MACHINE "bash /tmp/create_swap.sh"
# Cleanup
ssh $REMOTE_MACHINE "rm /tmp/create_swap.sh"
swapon --show on the remote machine./swapfile), sets the right permissions, and adds it to /etc/fstab so it’s automatically enabled after a reboot.Save the script as create_swap.sh and make it executable:
chmod +x create_swap.sh
Run the script with the remote machine name:
./create_swap.sh <remote-machine>
And that's it! The script takes care of everything for you, ensuring your VPS has a swap file ready to handle memory spikes.
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT false
RUN apk add --no-cache icu-libs tzdata
By the way, my devops colleague told me if you can, changing the windows time zone id with its standard equivalent is the more preferred way. He said "its not good to set that environment variable to false"
In the realm of modern web development, the HTTPS protocol stands as a cornerstone of security. While Let's Encrypt provides SSL certificates at no cost, their certificate chains don't always play well with older Android versions, such as Android 5. This guide delves into the art of generating Android 5-compatible certificates and automating their renewal.
Step 1: Install Certbot and Nginx
Before embarking on this quest, ensure that your Ubuntu host has Certbot and Nginx installed.
sudo apt-get update
sudo apt-get install certbot nginx
Step 2: Download ISRG Root X1 Certificate
From the Let's Encrypt website, procure the latest ISRG Root X1 certificate and store it in a designated directory.
sudo wget -O /etc/letsencrypt/isrgrootx1.pem https://letsencrypt.org/certs/isrgrootx1.pem
Step 3: Craft the Automation Script
Forge a script named "update-certificates.sh" that automatically generates an Android 5-compatible certificate chain and reloads Nginx's configuration whenever Certbot renews the certificate.
#!/bin/bash
DOMAIN="yourdomain.com"
CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
FULLCHAIN="$CERT_DIR/fullchain.pem"
PRIVKEY="$CERT_DIR/privkey.pem"
ANDROID_FULLCHAIN="$CERT_DIR/fullchain-android.pem"
ISRG_ROOT="/etc/letsencrypt/isrgrootx1.pem"
# Generate Android5-compatible certificate chain
sudo cat $FULLCHAIN $ISRG_ROOT | sudo tee $ANDROID_FULLCHAIN > /dev/null
# Reload Nginx configuration
sudo systemctl reload nginx
Remember to replace "yourdomain.com" with your actual domain name and verify the paths are correct.
Step 4: Grant Script Execution Privileges
sudo chmod +x /path/to/update-certificates.sh
Step 5: Configure Certbot Renewal Hook
Certbot allows running custom hook scripts upon certificate renewal. Configure the aforementioned script as Certbot's "--deploy-hook" hook.
Edit Certbot's renewal configuration file (usually located at /etc/letsencrypt/renewal/yourdomain.com.conf):
renew_hook = /path/to/update-certificates.sh
Alternatively, configure it using Certbot's command-line option:
sudo certbot renew --deploy-hook /path/to/update-certificates.sh
Step 6: Set Up Automatic Renewal
Certbot by default sets up a cron job or systemd timer to automatically renew certificates. Verify this using the following command:
sudo systemctl list-timers | grep certbot
If no automatic renewal task exists, add a cron job manually:
sudo crontab -e
In the crontab file, add the following line to perform a renewal check daily:
0 2 * * * /usr/bin/certbot renew --deploy-hook /path/to/update-certificates.sh
Conclusion
By following these steps, you can ensure that HTTPS certificates generated using Let's Encrypt are compatible with Android 5 and automate certificate renewal. This eliminates the need to manually renew certificates every three months, significantly streamlining website maintenance.