在Scriptcase blank application中應用 smarty

首先在 Tools -> External Libraries 中，建立一個 smarty Library

我這個是設在 Public 中，<Create a new library>
輸入 "smarty"，然後，upload 檔案，smarty 中，我們只需要 /lib 目錄裡面的所有檔案，所以，我另外自行壓縮 zip /lib 裡面的所有檔案，然後，再來 upload ，這樣才可以建立一個目錄正確的SC Library使用的部分。

然後，在 SC 程式裡面，使用：
sc_include_library("sys", "smarty", "Smarty.class.php", true, true);

這樣可以引入smarty library

這個動作相當於：require_once('Smarty.class.php');
之後，就可以使用 smarty了
$smarty = new Smarty();

......

例如：我做了一個 blank application，在 execute中，程式如下：

// Start output buffering
ob_start();
// run code in x.php file
// ...
// echo "<html><hrad></head><body>hello world!</body></html>";
sc_include_library("sys", "smarty", "Smarty.class.php", true, true);
// NOTE: Smarty has a capital 'S'
// require_once('Smarty.class.php');
$smarty = new Smarty();
$smarty->assign('name','Ned');
//** un-comment the following line to show the debug console
//$smarty->debugging = true;
// $smarty->display('c:/temp/test.tpl');
echo $smarty->fetch('c:/temp/test.tpl');
// saving captured output to file
file_put_contents('filename.htm', ob_get_contents());
// end buffering and displaying page
ob_end_flush();

知道甚麼是 Proxy

一、 Proxy 是什麼 ?

Proxy 這字是『代理』的意思。這字最早應是出現在網路的 Firewall (防火牆)功能中。防火牆簡單的說是用來保護網路的安全，在你的內部網路與外 部網路之間建立一道像牆般的保護，使內外有所區隔，所有的進出動作都必需要 經過這道牆(基本上與萬里長城的關口是相同的)。因此對外面網路世界中的 機器來說，它們只看的到這道牆，而看不到這牆內的機器，而牆內的機器也必需 透過這道牆才能出去，因此這道做為牆的機器我們就可以稱它為一 Proxy Server『代理主機』。而相對的因為要記錄著進出資料的內容及來源目的，做這道 牆的機器就需要有極大的硬碟空間來儲存進出資料的內容及來源目的。
　　　那麼我們在 WWW 世界中所說的 Proxy 與上面 Firewall 中的 Proxy 有什麼關係呢 ? 由上面最後所述我們知道 Firewall 通常都需要一個大容量的儲存空間記錄所有訊息，今天我們就是將這功能移植到 WWW 來使用；我們設立一個 Proxy Server 來儲存經由它代理截取過的所有網站位址內容。

---

二、 設 Proxy 有什麼好處 ?

由上節所言，Proxy Server 事實上就是一台儲存容量大的機器，對於使用 WWW 設立 Proxy Server 有什麼好處呢？舉例來說，最近大家都在看 NBA 的總冠軍賽，而大家也都想去 www.nba.com 截取最新消息，數學系有人要看，他必需連到 www.nba.com 取得資料一次，而如果生科系有人也要看，他也必需到 www.nba.com 去再截取一次，如果輔大今天有卅個人要看，那就必需去 www.nba.com 截取資料卅次，這對我們對外僅有的 T1，TANet 上僅有的兩條 T1 的頻寬來說是多麼的浪費，而且你也會覺得用起來非常非常的慢。假始今天我們有一台 Proxy Server，而所有的輔大 WWW 使用者都有設定這台 Proxy Server，那麼情況就改變不同了。第一個要讀 www.nba.com 的使用者會先到這台 Proxy Server 上先找看看有沒有 www.nba.com 的最新資料，如果沒有，則由這台 Proxy Server 幫他代理到 www.nba.com 抓取一份資料之後放在 Proxy Server 上也傳送給第一位使用者。而最辛運的是第二位以後的使用者，當他要連往 www.nba.com 時，他的機器會先到 Proxy Server 上看看，結果有資料，則就直接由 Proxy Server 取回資料即可，他所用的速度是校內的網路速度，至少也有 10 Mbps， 絕對比連校外的速度快。
　　　因此設 Proxy 有什麼好處？我相信你一定很明白的了解，就是『快』。底下 附一張圖讓你更能了解 Proxy Server 的用途。

---

三、 有那些版本的 Proxy Server ?

Proxy Server 有許多版本，包含 NetScape , MicroSoft 等做瀏覽器的公司都有這方面的產品；甚至許多 HTTP Server 本身就可以做 Proxy Server 了，像 Apache HTTP Server 就可以做 Proxy Server 之用。而現在比較出名的是 Squid Proxy Server , Squid 的前身是 Harvest，在台灣許多專門的 Proxy Server 都是使用這套目前是免費的軟體，而且全世界許多國家的 Proxy Server 也都是使用該套軟體。通常 Squid Proxy Server 的專用 port 是 3128。

---

四、 Proxy Server 如何運作 ?

Proxy Server 接受使用者的 request 之後會先檢查自己的 Server 上有沒有一份 Client 端要的資料，如果沒有則代理 Client 端到目的地去截取一份除了給 Client 端之外，Proxy Server 這也存放一份。而同樣的下一個Client 端使用者來做 request 時，Proxy Server 便會一樣先在 Server 中檢查看看，如果有的話，則再檢查與目的端的資料是否相符，若相符則由 Proxy Server 直接給要求的 Client 端即可。許多人可能會問，為什麼還要向目的地再 check 一次，這樣不是浪費時間嗎？這一個手續是必要的，為什麼？也許你要去的目的地的資料在 Proxy Server 上存放了一份，但是否是最新的是無法得知的，必需做比對，比對的時間不會長，仍然是很快的，像 CNN 這種即時新聞的，廿四小時的資料都在變化，因此在部份資料上是一直在更新的，但一些 CNN 的 mark 在比對後如果是相同的就不需由美國取回了。
　　　傳統的 Proxy Server 是底下的機器先向 Proxy Server 做 request ，若 Server 中沒有就直接由 Server向目的地截取資料。這對大都數的 Proxy Server 來說好像是又太浪費一些，現在新的概念是以 Parent 及 Sibling 的概念來做。舉例來說，本中心 Server 的 Parent 是 www.twnic.net，當今天有底下的 Client 端向本中心的 Server request 之後，發現本 Server 內沒有這份資料，因此我們 Server 並不是向目的地直接取得資料，而是向本 Server 的 Parent 詢問看看是否有所需之資料，如果有則由 Parent 傳回，若無則再由我們 Server Parent 代為處理，如此更能增加處理的速度。

常常會聽到別人說，你的 Browser 要設 Proxy Server，這樣你上網的速度會比較快？到底什麼是 Proxy Server，他在Internet 裡扮演什麼樣的角色？

常常會聽到別人說，你的 Browser 要設 Proxy Server，這樣你上網的速度會比較快？到底什麼是 Proxy Server，他在Internet 裡扮演什麼樣的角色？ 

當使用者要向伺服器要求資料時，假設使用者輸入 www.todo.com.tw，向todo資訊超商索取資料時，在正常的網路流程中，當使用者的瀏覽器看到www.todo.com.tw 的domain name 時，會向DNS尋找www.todo.com.tw所對應的IP，當DNS傳回對應的 ip 後，瀏覽器會再對真正的伺服器索取資料，這看起來是沒有問題的，但如果網路塞車、網站的機器配備不好、網站的專線不夠快等不良的因素通通加在一起後，你要連接的網站就會變的很慢，所以這個時候有一個叫 Proxy Server 的東西，會把大家常常看的網頁資料暫存在一個位置，這個位置通常機器設備會很好，頻寬會很大，所以讀者讀取的速度就會很快。

我們現在來想想，當使用者設了 Proxy Server 時，瀏覽器在讀取資料時，資料應該是如何傳遞的。相同的，瀏覽器會先向DNS要ip，然後找到ip後，會先向proxy server 查詢是否有這個網站的資料，如果有的話，Proxy Server 就直接把內容傳給了使用者，如果proxy server 沒有資料的話，才會直接向網站要資料。 

所以才會有人常常說，如果你設了Proxy Server，連線的速度會更快，其實就像是你多了一顆容量很大的硬碟，放在別人家，當你需要資料時，再去那顆硬碟裡取資料，所以讀取資料會比較快。 

install nginx in custombuild

How to install Nginx Last Modified: Jul 11, 2014, 4:28 pm

Nginx is a high performance webserver as a replacement for Apache. However, the higher performance will come at the cost of a slightly reduced feature set, and requires CustomBuild 2.0, and the php mode to be php-fpm. To install Nginx: 1) You must have CustomBuild 2.0.  If you do not, upgrade to CustomBuild 2.0 If unsure of which version of CustomBuild you're using, see this guide. 2) You can either run this in step 2 of the CB2 install guide, or do it after. Run the following to set the options.conf to use Nginx and php-fpm: ./build set webserver nginx ./build set php1_mode php-fpm ./build update ./build all d ./build rewrite_confs

網站安全基礎

Note that it's ultimately the responsibility of the server admin to ensure his system is secure.  These are some basic security tips that can be done to help protect your system.  This is not an end-all guide for server security, admins must be diligent, but rather some suggestions for a start to securing your server.

1. At install time, the easiest thing to do is to mount your /tmp partition with the noexec,nosuid options, and mount the /home partition with the nosuidoption.  This is done in your /etc/fstab and requires those paths to exist as partitions, and not just as subdirectories of /.  If you're unsure, type:
   mount
   to get a listing of your partitions and their current mounting options.  Use google for more information on these mounting options. Be very careful when editing your /etc/fstab, as any errors could prevent your system from starting up.  Note that you must not have "nosuid,noexec" for / or /usr, as those partitions have suid binaries normally (su, passwd, etc).
2. After the system is installed, a good idea is to add dangerous php functions to the disable_functions list.  This prevents php scripts from running "raw" functions that could be used to execute programs on your system.  Note that some php scripts do legitimately require these functions to operate, so if your scripts don't run after enabling this function, edit your php.ini to remove the required functions from the list, and restart apache.  To add the disable_functions with custombuild, type the following then restart apache:
   cd /usr/local/directadmin/custombuild
   ./build update
   ./build secure_php
3. Do regular updates of system services, libraries and scripts.  It's important to keep your system updated once installed.   This is the responsibility of the server administrator.  There are several tools and options avaiable to help the admin do this.  For system libraries like openssl and other low level system items, this is left to the admin to do how he wish, usually package systems like yum or apt-get can do this for you.  For services and scripts that DA installs, you can use the custombuild script.   A typical update command with custombuild is:
   cd /usr/local/directadmin/custombuild
   ./build update
   ./build all d
   Note that in the custombuild directory is a file called "options.conf".  In this file is a list of all options you've got regarding what custombuild will do.   Regarding updates, ensure you have clean_old_webapps=yes present.  This removes all scripts from /var/www/html, after updating you do a new one.     The options.conf also has cron options to check for updates nightly, or even install these options nightly.  I recommend having the nightly cron check, and then a hand-on admin proceed with the update after he gets the notice.  To enable a nightly notice replace the following bold options with your relevant information:
   #Cron settings
   cron=yes
   cron_frequency=weekly
   email=email@domain.com
   notifications=yes
   da_autoupdate=yes
   updates=no
   webapps_updates=yes
   Then type:
   ./build cron
   These are the settings for getting nightly notices for updates, but it won't do the updates for you.
   After getting the notice in your inbox, you'd run the following from the custombuild directory:
   ./build update_versions
   to update just those items that require updating.  Note that doing "./build all d" can be simpler, but takes longer to run.
   If you wish to have "./build update_versions" be run automatically, change the updates=no to become updates=yes.  Just keep in mind that the server admin is still required to be fully aware of the system and it's state if he choses yes for this option.  The webapps_updates option only applies when updates=no is used.  It's there to still allow updates to the php scripts in /var/www/html, while not affecting compiled services.  Set webapps_updates=yes if updates=no and you wish to have automated updates of the webapps scripts with the cron option.  If updates=yes, then the webapps_updates value doesn't matter.  Similarly, using da_autoupdate=yes with updates=no, will update DA when cron is enabled.
   
4. If you're running php in "CLI" mode, then enabling both php SafeMode and open_basedir is wise.  Safemode is an internal form of disable_functions which also does a bit more checking.  See the documentation on Safemode for more info on this.   Open_basedir, which is enabled by default, tells php to not allow scripts to access files outside of the set list of paths.  
   To control SafeMode and Open_Basedir on your php CLI system (default), go to:
   
   Admin Level -> Php Safemode Config
5. suPhp is one option which some admin's like, other's do not.  What suPhp (php CGI) does is runs php scripts as the system user of the account, rather than the "apache" user.   This solves many issues like permission/ownership when a php script uploads files.  It also allows an admin to track down rogue scripts more easily as it's not running as a generic user.  Another benefit of suPhp is that you can chmod your php scripts to 700 instead of 755.  This makes them more secure in the case you're storing passwords in your scripts.   Drawbacks to suPhp include a slight slowdown in performance since there are a few more hoops to jump through to have php run as the user instead of "apache".  Also, the items in point 4) above have no effect since suPhp does not monitor VirtualHost php flags.  All settings must be done in php.ini files.  Note that you can have per-user php.ini files to allow per-user settings, see this link.
   
   To enable suPhp, see this guide.
6. If you don't plan on doing any remote access to mysql, then setting up mysqld to only listen on 127.0.0.1 would be a good idea.  Note you'll have to keep this in mind if your users start asking you why they can't connect to mysql from a remote location.  To set mysql to only bind to 127.0.0.1, add the following to the [mysqld] section of your /etc/my.cnf, then restart mysqld:
   bind-address = 127.0.0.1
7. One filtering option for apache is mod_security.  This is not part of our installation, but mod_security is an apache filter which checks all http requests sent by clients to ensure they're valid.  Note that if not setup correctly, it can break frontpage, or other php scripts that often have long URL requests, so proper setup and testing would be important.  Check our forum for guides on this, it's not covered by our support.
8. A firewall is always a good idea.  Many people use CSF or the block_ip scripts.
9. Set the User's domains directory to block other Users on the system from seeing in:
   http://help.directadmin.com/item.php?id=254
10. Setup your named.conf to not allow recursion.  This should be done by default now, but check anyway with this guide.
11. Prevent Users from using weak passwords by enabling difficult password enforcement.
12. Prevent Users from creating subdomains belonging to other Users with this option.
13. If you're using DirectAdmin with SSL, it's a good idea to force all SSL connections to use TLS instead of other older SSL protocols.
14. To add another layer of security with the permissions of the perl binary, using a trick similar to step 9, run the following:
    chgrp apache /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
    chmod 705 /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python
    what this will do is tell the system that any user in group "apache" is not allowed to execute /usr/bin/perl.  If you did implement step 9 you could in theory use "access" instead of "apache" for the chgrp value, to also prevent other system account from running it, but apache is the main one.   This technique can be applies to other binaries as well, like wget, fetch, etc.. anything you don't want the "apache" user from running.  Keep in mind that using suPhp (step 5) essentially negates this issue since php scripts run as the user instead.  Note that this is another layer of security, so using it anyway wouldn't hurt anything, in the event that an apache exploit happens independant of php completely.
    Do not block the apache group from running /usr/bin/perl if you are using mod_ruid2
15. Brute Force Login Attempts are more common, so it's best not to have direct ssh logins for common accounts like root or admin.  Generally, it's safe to use a hidden "su" user first, then login to root or other accounts once connected.  Disable any accounts (root, admin, etc) that don't need direct access by editing the /etc/ssh/sshd_config.   Always test changes before logging out else you may lock yourself out from the box.
    
    Also, DirectAdmin has a Brute Force attack detection system for the services, as well as an IP blocker for DA itself.
    More info on that here: http://help.directadmin.com/item.php?id=404
16. Force email logins to use a secure connection:
    http://www.directadmin.com/forum/showthread.php?t=43500
17. Disable 1.2.3.4/~username access, (UserDir on apache):
    cd /usr/local/directadmin/custombuild
    ./build set userdir_access no
    ./build rewrite_confs

For a default CustomBuild 2.0 install with apache, mod_php, and mod_ruid2, start with steps:
2, 3, 8, 11, 13, 15=8, 17, (optionally #1)

租用 Dedicated Server筆記

租用了一台專用主機

紀錄一下筆記：

-- 被安裝好的主機是 Centos 7.0
--起初想要自己加設 centos-webpanel，結果失敗，不行
在 wget centos-webpanel.com  的安裝檔時，一直下載不到 ,.... time out
我在其他 vps就很順利
很奇怪？！

-- 後來要求安裝 DirectAdmin，並移動我的 wordpress網站，他們服務人員就幫我安裝了
幫我設好了

-- 我在自己手動修改 wordpress 的 wp-config 檔、資料庫mysql重建、備份復原
這裡也搞了好久！不熟悉，所以邊研究、邊做

-- 終於可以跑起來 wordpress 網站了，可是我自己用Codecharge寫的php程式，產生 http error 500的錯誤，懷疑是 php 7.2.18的關係

-- 為了試試看，只好再研究，如何降級 php 7.2.18 => 5.6.36

-- 發信給主機服務，他回答說可以參考
https://help.directadmin.com/item.php?id=345
https://www.vultr.com/docs/using-multiple-php-versions-on-directadmin

-- 此時我才知道， DirectAdmin Server 有一個 custombuild 這種東西
好像 DA主機上的軟體、Apache, mysql, php 等，都是由這個軟體來管理的。
難怪之前用 yum 都沒有！

參考資料：

cd /usr/local/directadmin/custombuild
vi options.conf

修改参数 php1_release=的值，例如　php1_release=5.5 ，然后保存，再执行

./build clean
./build update
./build php n

等待完成后，就可以执行php -v查看php的版本了。
注意: 由于是重新执行编译安装，有可能需要较长时间，建议在执行所有命令前，先结合使用screen场景命令。以免中途断开造成失败。

--照這個做：

Using Multiple PHP Versions on DirectAdmin

Published on: Tue, Oct 18, 2016 at 6:41 pm EST

Linux Guides Server Apps System Admin

DirectAdmin has support for running two PHP versions alongside each other. Currently, the most popular combination is PHP 5.6 and 7.0. This way, you can support both legacy software as well as very new and up-to-date software.

In this tutorial, we will be using CustomBuild to run two PHP versions.

Prior to following this tutorial, you will need to make sure you are running CustomBuild 2.0. If this is not the case, please verify and update if needed. A step-by-step guide of how to do this can be found here.

Note: PHP 7 is only supported by DirectAdmin 1.50.1 and newer.

Step 1: Altering the CustomBuild configuration

There are two ways to alter the CustomBuild configuration: directly modifying the options.conf file or using the command line. In this guide, we will be using the command line.

In order to set the two PHP versions 5.6 and 7.0, first navigate to the CustomBuild folder:

cd /usr/local/directadmin/custombuild

Step 2: Setting the PHP versions

Next, run the following commands in order to set the versions:

./build set php1_mode php-fpm
./build set php2_mode php-fpm
./build set php1_release 7.0
./build set php2_release 5.6

Note: Using the above example, both PHP versions will be run in php-fpm mode. This is required if you are using an Nginx and Apache reverse proxy. If you are not using a reverse proxy, you can change the PHP mode if needed.

Using PHP versions older than 5.6 is strongly discouraged as they have all reached their end of life (EOL), thus and no longer updated or maintained. As such, it is recommended that you use PHP 7 whenever possible, and use 5.6 purely for being able to temporarily support legacy applications.

Open the options.conf file:

cd /usr/local/directadmin/custombuild
vi options.conf

Verify the first few lines match or occur at least once throughout the file:

php1_release=7.0
php1_mode=php-fpm
php2_release=5.6
php2_mode=php-fpm

If not, please rerun the commands above.

Step 3: Recompiling PHP

Recompile PHP and rewrite the configurations:

./build php n
./build rewrite_confs

This can take a long time, please don't interrupt the process. It is perhaps best if you ran the commands in a screen session, and detach while the process is running in case your SSH session gets disconnected or interrupted.

Step 4: Setting the PHP versions

You are now able to select a PHP version per virtual host (website). All websites currently running on your DirectAdmin server will use the value set for php1_release. In order to alter the PHP version per website, navigate to the User Level, select the domain name, click "Domain Setup" under "Your Account", click the domain name and scroll down. As demonstrated in the screenshot below, you will now be able to choose a PHP version. Note that after changing the version, it can take up to 1 minute to process the changes. A scheduled restart of the web server is added to the DirectAdmin task queue.

Thank you for reading our guide. You now have a DirectAdmin server running two PHP versions!

======================

結果：

我的 cd /usr/local/directadmin/custombuild

vi options.conf

php1_release=7.2
php1_mode=mod_php
php2_release=5.6
php2_mode=php-fpm

[root@server custombuild]# ./build php n
....... 跑很久.....
[root@server custombuild]# ./build rewrite_confs
Your license OS (CentOS 6) does not match the OS installed (CentOS 7).
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using 162.210.98.121 for your server IP
**************************************

Apache 2.4.27 and higher will not negotiate http2 with mpm_prefork. Please do not use mod_php or disable http2 in the directadmin.conf
http://www.apache.org/dist/httpd/CHANGES_2.4.27

**************************************
Restarting apache.

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

--- 研究  nginx + apache 組合，

26. How do I switch to nginx+apache combination? (nginx running in front of apache)

Code:

cd /usr/local/directadmin/custombuild
./build update
./build set webserver nginx_apache
./build nginx_apache
./build rewrite_confs

-- 查 custombuild version

cd /usr/local/directadmin/custombuild
./build version

-- 重启APACHE

service httpd restart

成功了！

TO DO:

What is screen 場景命令？

Linux 不熟，有好多東西在研究！

SPAM fighting tools in DirectAdmin

https://help.directadmin.com/item.php?id=577

哇！被稱為面板之神，方便到了極點？！http://www.baddb.com/51.html

DirectAdmin面板之神插件custombuild（2.0）

 2017年3月5日  0条评论  926次阅读  0人点赞

• 官方说明http://forum.directadmin.com/showthread.php?t=44743
• 目前的版本是 custombuild v2.0.0　，安装directadmin后默认其实已经自带安装了custombuild功能，但是仅为指令化方式使用。
• custombuild帮助directadmin使用者以最简单的方式安装和生产调整环境版本，几乎囊括所有主要的主流程序以及版本，方便到了极点。

可以在安装有directadmin面板的环境中执行以下命令行来查看是否安装有custombuild及custombuild的具体版本

custombuild版本检测:

/usr/local/directadmin/custombuild/build version

如果使用的还是v1.*版本，可以按照directadmin官方文档进行升级到 custombuild v2.0
具体参考文档 https://help.directadmin.com/item.php?id=555