原文:https://wiki.ubuntu.com/Lighttpd%2BPHP
This is a how-to to on installing and setting up lighttpd and PHP on Maverick. Lighttpd or “lighty” is a webserver with a very low use of resources.
Install the packages we need: (this may not be all, but these two will automatically download the rest as dependencies)
sudo apt-get install lighttpd php5-cgi
Enable the fastcgi module and the php configuration with
sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php
Reload the lighttpd daemon
sudo service lighttpd force-reload
To test if it’s working create the file /var/www/index.php with the following contents:
<?php phpinfo(); ?>
and check out http://localhost/index.php in your browser.
我的Vyatta运行一直很好,用ROS和Cisco做Tunnel连接到Vyatta跑OSPF用来翻墙,效果一直不错。可是当使用Windows连接vpn时,经常打开网页超时,但ping各处均正常,所以怀疑是MTU或MSS的问题。
经过几番周折,发现网页超时时,Vyatta日志内出现大量异常:
Jan 12 21:02:39 Xirang kernel: [4838172.516489] pptp2: ppp: compressor dropped pkt
然后学习了一下,出现这个问题是因为,Windows VPN客户端的MPPE(Microsoft point-to-point Encryption)加密需要占用4个字节长度,原始报文加上MPPE报文头开销会超过Linux服务端pptp接口MTU,最终导致报文过大被丢弃。
所以解决问题的本质就是增加Linux服务端pptp接口MTU。
解决办法有三种:
- 编辑pptpd源码,增加MTU;
- 使用脚本,在pptp接口连接up以后增加MTU;
- 不使用MPPE加密;
第一种虽然从根本上解决了问题,但是由于水平问题放弃了;第三种由于取消了传输加密,心理上觉得不安全,也放弃了;
从网上找到了第二种解决办法,如下:
创建脚本(下载):/etc/ppp/ip-up.d/mppefixmtu.sh
#!/bin/sh
CURRENT_MTU=”`ip link show $1 | grep -Po ‘(?<=mtu )([0-9]+)’`”
FIXED_MTU=”`expr $CURRENT_MTU + 4`”
ip link set $1 mtu $FIXED_MTU
确保脚本具有可执行权限
chmod 755 /etc/ppp/ip-up.d/mppefixmtu.sh
这样MTU加上4以后就可以兼容Windows的MPPE了。
参考原文:https://wiki.archlinux.org/index.php/PPTP_server
vyatta@kmipv6:~$ show configuration
interfaces {
ethernet eth0 {
address 192.168.0.254/24
description LAN
hw-id 00:15:17:4a:21:1d
}
ethernet eth1 {
address 220.163.111.154/24
description WAN
hw-id 00:13:72:2e:a3:2c
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 220.163.111.153 {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name dhcpserver {
authoritative disable
subnet 192.168.0.0/24 {
default-router 192.168.0.254
dns-server 222.172.200.68
dns-server 61.166.150.123
start 192.168.0.1 {
stop 192.168.0.250
}
}
}
}
https
nat {
rule 1 {
destination {
}
outbound-interface eth1
protocol all
source {
address 192.168.0.0/24
}
type masquerade
}
rule 100 {
destination {
address 220.163.111.154
port 80
}
inbound-interface eth1
inside-address {
address 192.168.0.150
}
protocol tcp
source {
address 0.0.0.0/0
}
type destination
}
}
ssh {
allow-root true
protocol-version all
}
telnet {
allow-root false
}
}
system {
gateway-address 220.163.111.153
host-name kmipv6
login {
user root {
authentication {
encrypted-password ****************
}
}
user vyatta {
authentication {
encrypted-password ****************
}
}
}
name-server 222.172.200.68
name-server 61.166.150.123
ntp-server 69.59.150.135
package {
auto-sync 1
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
}
vpn {
ipsec {
ipsec-interfaces {
interface eth1
}
nat-networks {
allowed-network 192.168.0.0/24 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username vpn {
password ****************
}
}
mode local
}
client-ip-pool {
start 192.168.0.211
stop 192.168.0.220
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
}
outside-address 220.163.111.154
outside-nexthop 220.163.111.153
}
}
pptp {
remote-access {
authentication {
local-users {
username vpn {
password ****************
}
}
mode local
}
client-ip-pool {
start 192.168.0.201
stop 192.168.0.210
}
outside-address 220.163.111.154
}
}
}
