1、Nginx删除过旧日志
#!/bin/bash
# 设置日志文件存放目录
logs_path="/usr/local/nginx/logs"
backup_path="/root/logs"
today=$(date +"%Y%m%d")
# 获取nginx主进程的PID
pid_number=$(ps -ef | grep nginx | grep master | head -1 | awk '{print $2}')
if [ ! -d "$backup_path" ]; then
mkdir -p "$backup_path"
fi
# 检查是否有access和error日志
if [ ! $(ls $logs_path | grep -E "access|error" | wc -l) -gt 0 ]; then
echo "nginx 日志为空"
exit 1
fi
# 移动旧日志并重命名
for log_file in $(ls $logs_path | grep -E "access|error"); do
log_name=$(echo $log_file | cut -d'.' -f1)
mv "$logs_path/$log_name.log" "$backup_path/${log_name}_$today.log"
done
# 向nginx主进程发送信号重新打开日志
if [ -n "$pid_number" ]; then
kill -USR1 $pid_number
echo "已向nginx主进程发送USR1信号,重新打开日志文件"
else
echo "无法找到nginx主进程PID,未能发送USR1信号"
fi
# 删除超过指定时间的日志文件,单位:天
find $backup_path -name "*.log" -type f -mtime +7 -exec rm -f {} \;
echo "已删除超过7天的旧日志文件"
0 0 * * * sh /root/logs/nginx.sh
2、Mysql 备份
mysqldump工具
#!/bin/bash -e
# 定义备份相关变量
backup_dir="/data/db_backup"
current_date=$(date +%Y%m%d%H%M%S)
backup_file="backup_${current_date}.sql.gz"
retain_backups=30 # 要保留的最近备份数量(大于30)
# 定义MySQL连接参数
mysql_user="root"
mysql_password="Txhy2020"
# 检查MySQL服务状态
if ! systemctl is-active --quiet mysqld; then
echo "MySQL服务未运行!"
exit 1
fi
# 确保备份目录存在
mkdir -p "$backup_dir" || { echo "创建备份目录失败!"; exit 1; }
# 执行全库备份并压缩
backup_command="/usr/local/mysql/bin/mysqldump --user=$mysql_user --password=$mysql_password --all-databases | gzip > $backup_dir/$backup_file"
eval "$backup_command"
# 检查备份是否成功
if [[ $? -eq 0 ]]; then
echo "MySQL数据库成功备份至:$backup_dir/$backup_file"
else
echo "MySQL备份失败!"
exit 1
fi
# 获取当前备份目录下所有文件,并按时间戳排序
backups=($(find "$backup_dir" -type f -name 'backup_*.sql.gz' -printf '%T@ %p\n' | sort -n | cut -d' ' -f2-))
# 保留最近N个备份,删除其余旧备份
if [[ ${#backups[@]} -gt $retain_backups ]]; then
for (( i=0; i<${#backups[@]}-$retain_backups; i++ )); do
rm "${backups[i]}"
done
fi
备份文件解压命令
gunzip -q backup_20231111111111.sql.gz
xtrabackup工具
备份用户:backupuser
用户权限:reload,lock tables,replication client,create tablespace,process,super
#!/bin/bash
# 设置变量
BEGINTIME=$(date +"%Y-%m-%d %H:%M:%S")
format_time=$(date +"%Y-%m-%d_%H:%M:%S")
week=$(date +%Y-%m-%d)
backupbin="/usr/bin"
backdir="/database/detect/backup/"
redun="/database/detect/redundancy/"
file_cnf="/etc/my_detect.cnf"
user_name="backupuser"
password="backup@che123"
socket="/tmp/mysql_detect.sock"
out_log="$backdir/xtrabackup_log_$format_time"
time_cost="$backdir/xtrabackup_time.txt"
DEL_UNTIL_DATE=$(date --date='7 day ago' +%Y-%m-%d)
# 创建冗余备份目录
if [ ! -d "$redun" ]; then
mkdir -p "$redun"
fi
# 删除旧的冗余备份文件
if [ -d "$backdir/incr5" ]; then
tar -czvf "${redun}/redundency_${week}.tar.gz" "$backdir" >/dev/null 2>&1
rm -rf "$backdir"/*
mkdir -p "$backdir"
chown -R mysql.mysql "$backdir"
rm -f "${redun}"/*${DEL_UNTIL_DATE}.tar.gz >/dev/null 2>&1
fi
# 备份数据
for i in {0..5}
do
if [ ! -d "$backdir/incr$i" ]; then
if [ $i -eq 0 ]; then
type="full"
incremental_param=""
incremental_basedir=""
else
type="incremental"
incremental_param="--incremental"
incremental_basedir="--incremental-basedir=$backdir/incr$(($i-1))"
fi
echo "#####start $i $type backup at $BEGINTIME to directory incr$i" >>$time_cost
$backupbin/innobackupex --defaults-file=$file_cnf --no-timestamp --user=$user_name --password=$password --socket=$socket $incremental_param $incremental_basedir $backdir/incr$i 1> $out_log 2>&1
break
fi
done
# 统计备份时间
ENDTIME=$(date +"%Y-%m-%d %H:%M:%S")
begin_data=$(date -d "$BEGINTIME" +%s)
end_data=$(date -d "$ENDTIME" +%s)
spendtime=$((end_data - begin_data))
echo "it takes $spendtime sec for packing the data directory" >>$time_cost
crontab -e
12 3 * * * sh /usr/local/xtrabackup.sh
3、Dos 攻击防范(自动屏蔽攻击 IP)
#!/bin/bash
DATE=$(date +%d/%b/%Y:%H:%M)
LOG_FILE=/usr/local/nginx/logs/access.log
DROP_IP_LOG=/tmp/drop_ip.log
BLOCKED_IP_LOG=/tmp/blocked_ip.log
BLOCK_TIME=3600 # 屏蔽 IP 的时间长度,单位为秒
readarray -t ABNORMAL_IP < <(tail -n5000 "$LOG_FILE" | grep "$DATE" | awk -F '[ :]+' '{ip=$9; a[ip]++} END{for (i in a) if(a[i]>10) print i}')
# 删除已经过期的被屏蔽 IP
while read -r line; do
IP=$(echo "$line" | awk '{print $2}')
BLOCKED_TIME=$(date -d $(echo "$line" | awk '{print $1}') +%s)
CURRENT_TIME=$(date +%s)
if ((CURRENT_TIME - BLOCKED_TIME > BLOCK_TIME)); then
iptables -D INPUT -s "$IP" -j DROP
sed -i "/$IP/d" "$BLOCKED_IP_LOG"
fi
done < "$BLOCKED_IP_LOG"
# 屏蔽异常 IP
for IP in "${ABNORMAL_IP[@]}"; do
if ! iptables -vnL | grep -q "$IP"; then
iptables -I INPUT -s "$IP" -j DROP
echo "$(date +'%F_%T') $IP" >> "$DROP_IP_LOG"
echo "$(date +'%F_%T') $IP" >> "$BLOCKED_IP_LOG"
fi
done
注意:Nginx的日志格式中应该以匹配到IP为准,例如一下格式,$9为IP地址。
log_format json '{"@timestamp": "$time_iso8601", '
'"connection": "$connection", '
'"remote_addr": "$remote_addr", '
'"remote_user": "$remote_user", '
'"request_method": "$request_method", '
'"request_uri": "$request_uri", '
'"server_protocol": "$server_protocol", '
'"status": "$status", '
'"body_bytes_sent": "$body_bytes_sent", '
'"http_referer": "$http_referer", '
'"http_user_agent": "$http_user_agent", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"request_time": "$request_time"}';
4、Nginx编译安装
#!/usr/bin/env bash
#
# Name: nginx_install.sh
NGINX_VERSION=${NGINX_VERSION:-'1.20.1'}
DOWNLOAD_DIR=${DOWNLOAD_DIR:-'/usr/local/src'}
INSTALL_PATH=${INSTALL_PATH:-'/usr/local/nginx'}
NGINX_USER=${NGINX_USER:-'nginx'}
NGINX_DEPEND=${NGINX_DEPEND:-'gcc pcre-devel zlib-devel openssl-devel libxml2-devel libxslt-devel gd-devel GeoIP-devel jemalloc-devel libatomic_ops-devel perl-devel perl-ExtUtils-Embed libunwind-devel gperftools pcre openssl libxml2'}
NGINX_DOWN_URL=${NGINX_DOWN_URL:-"http://nginx.org/download/nginx-"${NGINX_VERSION}".tar.gz"}
NGINX_FILE="${DOWNLOAD_DIR}/nginx-${NGINX_VERSION}.tar.gz"
COMPILE_OPTIONS="--prefix=$INSTALL_PATH \
--user=$NGINX_USER --group=$NGINX_USER \
--conf-path=$INSTALL_PATH/conf/nginx.conf \
--pid-path=$INSTALL_PATH/logs/nginx.pid \
--http-log-path=$INSTALL_PATH/logs/access.log \
--error-log-path=$INSTALL_PATH/logs/error.log \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre-jit \
--with-http_perl_module=dynamic \
--with-pcre \
--with-google_perftools_module \
--with-debug \
--http-client-body-temp-path=/var/tmp/client \
--http-fastcgi-temp-path=/var/tmp/fastcgi \
--http-proxy-temp-path=/var/tmp/proxy \
--http-scgi-temp-path=/var/tmp/scgi \
--http-uwsgi-temp-path=/var/tmp/uwsgi \
--with-http_gzip_static_module"
RED=$(tput setaf 1) # ('\033[31m')
GREEN=$(tput setaf 2) # ('\033[32m')
YELLOW=$(tput setaf 3) # ('\033[33m')
RESET=$(tput sgr0) # ('\033[00m')
log::error () {
printf "${RED}[ERROR]${RESET} %b\n" "$@"
}
log::warning () {
printf "${YELLOW}[WARNGIN]${RESET} %b\n" "$@"
}
log::info () {
printf "${GREEN}[INFO]${RESET} %b\n" "$@"
}
check_if_running_as_root ()
{
if [[ "$UID" -ne '0' ]]; then
log::warning "The user currently executing this script is not root."
read -r -p "Are you sure you want to continue? [y/n] " enter_information
if [[ "${enter_information:0:1}" = 'y' ]]; then
log::info "Continuing the installation with current user..."
else
log::info "Not running with root, exiting..."
exit 1
fi
fi
}
print_variables ()
{
log::info "Use the command \"export variable=value\" change variable."
echo
echo NGINX_VERSION=\""${NGINX_VERSION}"\"
echo DOWNLOAD_DIR=\""${DOWNLOAD_DIR}"\"
echo NGINX_USER=\""${NGINX_USER}"\"
echo NGINX_DEPEND=\""${NGINX_DEPEND}"\"
echo NGINX_DOWN_URL=\""${NGINX_DOWN_URL}"\"
echo
}
print_help ()
{
echo "Usage: $0 [OPTION]..."
echo
echo " -f, --file[=FILE] specify the file, the download step will be skipped"
echo " -v, --variable display the variable values used when this script runs"
echo " -h, --help display this help and exit"
echo " --remove remove the nginx software and its services"
echo " --skip-depend skip dependency installation at execution time"
echo " --skip-download skip downloading the nginx installation package"
echo
}
install_software ()
{
PACKAGE_NAME=$1
PACKAGE_MANAGEMENT_INSTALL="yum -y install"
if ${PACKAGE_MANAGEMENT_INSTALL} "${PACKAGE_NAME}"; then
log::info "${PACKAGE_NAME} is installed"
else
log::error "Installation of ${PACKAGE_NAME} failed, please check your network."
exit 1
fi
}
unzip_nginx ()
{
if tar zxf "$1" -C "$DOWNLOAD_DIR"; then
log::info "Unzip the Nginx installation file successfully"
NGINX_FILE_PREPARATION='yes'
else
log::error "Unzipping Nginx installation files failed."
exit 1
fi
}
download_nginx ()
{
NGINX_FILE="${DOWNLOAD_DIR}/nginx-${NGINX_VERSION}.tar.gz"
if [[ "${NGINX_FILE_PREPARATION}" != 'yes' ]]; then
if curl -o "${NGINX_FILE}" http://nginx.org/download/nginx-"${NGINX_VERSION}".tar.gz; then
log::info "Download nginx-${NGINX_VERSION}.tar.gz successfully."
unzip_nginx "${NGINX_FILE}"
else
log::error "Download nginx-${NGINX_VERSION}.tar.gz failed."
exit 1
fi
fi
}
create_nginx_user ()
{
USER=$1
if id "$1" &> /dev/null; then
log::warning "$1 user already exists."
else
useradd -s /sbin/nologin -M "$1"
log::info "$1 user create successful."
fi
}
install_nginx ()
{
cd "${DOWNLOAD_DIR}/nginx-$NGINX_VERSION" || exit 1
if ./configure ${COMPILE_OPTIONS}; then
log::info "Configure Nginx-${NGINX_VERSION} successful."
if make;then
log::info "Make Nginx-${NGINX_VERSION} successful."
if make install;then
log::info "Make Install Nginx-${NGINX_VERSION} successful."
else
log::error "Make Install Nginx-${NGINX_VERSION} failed."
exit 1
fi
else
log::warning "Make Nginx-${NGINX_VERSION} failed."
exit 1
fi
else
log::error "Configure Nginx-${NGINX_VERSION} failed."
exit 1
fi
}
install_service ()
{
cat <<EOF | tee /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=$INSTALL_PATH/logs/nginx.pid
ExecStartPre=$INSTALL_PATH/sbin/nginx -t -c $INSTALL_PATH/conf/nginx.conf
ExecStart=$INSTALL_PATH/sbin/nginx -c $INSTALL_PATH/conf/nginx.conf
ExecReload=$INSTALL_PATH/sbin/nginx -s reload
ExecStop=$INSTALL_PATH/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
chmod +x /usr/lib/systemd/system/nginx.service
systemctl daemon-reload
log::info "Create nginx service file."
}
remove_nginx () {
systemctl stop nginx
systemctl disable nginx
rm -f /usr/lib/systemd/system/nginx.service
rm -f /usr/local/sbin/nginx
rm -f /etc/nginx
rm -rf $INSTALL_PATH
log::info "Nginx and its services have been removed successfully."
}
script_parameters ()
{
while [[ "$#" -gt '0' ]]; do
case "$1" in
'-h' | '--help')
print_help
exit 0
;;
'-v' | '--variable')
print_variables
exit 0
;;
'--remove')
remove_nginx
exit 0
;;
'-f' | '--file' | '--file'*)
if [[ "$1" = '-f' || "$1" = '--file' ]] ; then
[[ -z "$2" ]] && log::error 'FILE=? File not specified' && exit 1
[[ ! -f "$2" ]] && log::error 'FILE=? File not specified' && exit 1
unzip_nginx "$2"
shift
elif [[ "$1" =~ --file=([^ ].*) ]]; then
[[ ! -f "${BASH_REMATCH[1]}" ]] && log::error 'FILE=? File not specified' && exit 1
unzip_nginx "${BASH_REMATCH[1]}"
else
log::error 'FILE=? File not specified'
exit 1
fi
;;
'--skip-depend')
SKIP_DEPEND='yes'
;;
'--skip-download')
NGINX_FILE_PREPARATION='yes'
;;
*)
log::error "$1 invalid parameter"
print_help
exit 1
;;
esac
shift
done
}
main ()
{
check_if_running_as_root
script_parameters "$@"
if [[ "${SKIP_DEPEND}" != 'yes' ]]; then
read -r -a DEPEND <<< "${NGINX_DEPEND}"
DEPEND=($NGINX_DEPEND)
for i in "${DEPEND[@]}";do
install_software "$i"
done
fi
download_nginx
create_nginx_user ${NGINX_USER}
install_nginx
install_service
ln -s $INSTALL_PATH/conf/ /etc/nginx
ln -s $INSTALL_PATH/sbin/nginx /usr/local/sbin/
log::info "Install Nginx-${NGINX_VERSION} successful."
}
main "$@"
评论区